September 2006 - security - Fedora Mailing-Lists

[Bug 192830] New: CVE-2006-2453 Additional dia format string flaws

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830 Summary: CVE-2006-2453 Additional dia format string flaws Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: dia AssignedTo: j.w.r.degoede(a)hhs.nl ReportedBy: bressers(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com A number of additional format string issues were discovered by Hans de Goede and has been assigned the CVE id CVE-2006-2453. The fix is attachment 129852 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

15 years, 9 months

1
13
0 / 0

[Bug 208299] New: CVE-2006-4976: php-adodb information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208299 Summary: CVE-2006-4976: php-adodb information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4976 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: php-adodb AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com CVE-2006-4976: The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for [...] There's not much information about this issue (?) available at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 4 months

1
2
0 / 0

[Bug 198106] New: CVE-2006-3458: Zope local information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106 Summary: CVE-2006-3458: Zope local information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://www.zope.org/Products/Zope/Hotfix-2006-07- 05/Hotfix-20060705/README.txt OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: zope AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text". http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/READM... Based on the version numbers, all FC-3+ appear to be vulnerable. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 6 months

1
10
0 / 0

[Bug 206516] New: CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206516 Summary: CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: normal Component: moodle AssignedTo: imlinux(a)gmail.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Moodle 1.6.1 and earlier are reportedly vulnerable to: - cross site scripting (CVE-2006-4784) - SQL injection (CVE-2006-4785) - sensitive information disclosure (CVE-2006-4786) FE-4, FE-5 and devel apparently affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 7 months

1
9
0 / 0

How to use Xinet to start another services which are not running.

by duytan dao

Hi experts! I have some questions need to answer, I hope there is someone will spend a little time to anwser my questions. 1. If Services which was demanded (requested daemons), is not running, It will start or restart by Xinetd ? 2. Does Xinetd have ability to start or restart another services(daemon) which terminated or not running. ? Could you help me? Waiting for your reply, Best regards ! Dao Duy Tan Information Systems - Faculty of Information Technology Hanoi University of Technology High Performance Computing Center Office : 306 Hitech - Hanoi University of Technology Office number: 84-04-8682355 Handphone :84-912972799 --------------------------------- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail.

16 years, 8 months

1
0
0 / 0

Re: FC6

by Mark Cox

On Sat, 23 Sep 2006, Jesse Keating wrote: > For lack of a better process, I'd say each known (public) issue gets a > bugzilla and blocks FC6Blocker . Here is what I've marked FC6Blocker today. Seems sensible to get these fixed before we release especially as the issues are all old. CVE-2006-4624 VULNERABLE (mailman, fixed 2.1.9rc1) bz#206607 [FC6Blocker] CVE-2006-4226 VULNERABLE (mysql, fixed 5.0.25,5.1.12) bz#203428 [FC6Blocker] CVE-2006-4227 VULNERABLE (mysql, fixed 5.0.25,5.1.12) bz#203434 [FC6Blocker] CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) bz#202675 [FC6Blocker] CVE-2006-3636 VULNERABLE (mailman, fixed 2.1.9) bz#206607 [FC6Blocker] CVE-2006-2941 VULNERABLE (mailman, fixed 2.1.9) bz#206607 [FC6Blocker] The following were vulnerable in Test3 but are fixed in dist-fc6 as of today: CVE-2006-4790 VULNERABLE (gnutls, fixed 1.4.4) [backported to 1.4.1-2 in rawhide] CVE-2006-4571 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide] CVE-2006-4571 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide] CVE-2006-4570 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide] CVE-2006-4569 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide] CVE-2006-4568 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide] CVE-2006-4567 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide] CVE-2006-4567 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide] CVE-2006-4566 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide] CVE-2006-4566 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide] CVE-2006-4565 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide] CVE-2006-4565 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide] CVE-2006-4538 VULNERABLE (kernel, fixed after 2.6.18-rc6) CVE-2006-4340 VULNERABLE (nss, fixed 3.11.3) bz#206608 [in rawhide] CVE-2006-4338 VULNERABLE (gzip) [in rawhide] CVE-2006-4337 VULNERABLE (gzip) [in rawhide] CVE-2006-4336 VULNERABLE (gzip) [in rawhide] CVE-2006-4335 VULNERABLE (gzip) [in rawhide] CVE-2006-4334 VULNERABLE (gzip) [in rawhide] CVE-2006-4253 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide] CVE-2006-4253 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide] CVE-2006-3740 VULNERABLE (libXfont, fixed 1.2.2) bz#206609 [in rawhide] CVE-2006-3739 VULNERABLE (libXfont, fixed 1.2.2) bz#206609 [in rawhide] Which leaves the following which are the issues that are not fixed upstream for whatever reason: CVE-2006-4561 VULNERABLE (firefox) CVE-2006-4261 VULNERABLE (firefox) CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236 CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 CVE-2005-4809 VULNERABLE (firefox) CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442

16 years, 8 months

1
0
0 / 0

[Bug 206514] New: CVE-2006-4743: wordpress information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206514 Summary: CVE-2006-4743: wordpress information disclosure Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wordpress AssignedTo: jwb(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Another information (path?) disclosure vulnerability reported against wordpress: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4743 It is not clear to me whether this is an actual security issue in the FE (4, 5, devel) package, but it should be investigated. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 8 months

1
2
0 / 0

[Bug 206510] New: CVE-2006-2658: xsp directory traversal vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206510 Summary: CVE-2006-2658: xsp directory traversal vulnerability Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xsp AssignedTo: paul(a)all-the-johnsons.co.uk ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com xsp/mod_mono has reportedly a directory traversal vulnerability, see http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2658 Information about this is pretty scarce, but it should be investigated whether this applies to the FE xsp/mod_mono packages in addition to SuSE products. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 8 months

1
3
0 / 0

[Bug 201688] Clam AntiVirus Win32-UPX Heap Overflow

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Clam AntiVirus Win32-UPX Heap Overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201688 ------- Additional Comments From lkundrak(a)skosi.org 2006-09-14 11:18 EST ------- CVE-2006-4018 This is already fixed in 0.88.4. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 8 months

1
0
0 / 0

Red Hat and NIST colloboration on security

by Rahul Sundaram

Hi http://www.irishdev.com/NewsArticle.aspx?id=3797 Is this work being done on Fedora too for both core and extras? Rahul

16 years, 8 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security September 2006