November 2007 - security - Fedora Mailing-Lists

by Lubomir Kundrak

Whis will be needed for OVAL parsing tool (ovaldi), would anyone find a couple of spare minutes and do a review? https://bugzilla.redhat.com/show_bug.cgi?id=xalan-c-review Thanks, -- Lubomir Kundrak (Red Hat Security Response Team)

15 years, 2 months

1
0
0 / 0

[Bug 194511] CVE-2006-2894 arbitrary file read vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability Alias: CVE-2006-2894 https://bugzilla.redhat.com/show_bug.cgi?id=194511 lkundrak(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Fixed In Version|1.0.2-1 |seamonkey-1.1.6-1.fc8 Resolution| |CURRENTRELEASE ------- Additional Comments From lkundrak(a)redhat.com 2007-11-09 07:19 EST ------- Fixed with seamonkey-1.1.6-1.fc8 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

15 years, 2 months

1
0
0 / 0

[Bug 194511] CVE-2006-2894 arbitrary file read vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability Alias: CVE-2006-2894 https://bugzilla.redhat.com/show_bug.cgi?id=194511 lkundrak(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lkundrak(a)redhat.com Alias| |CVE-2006-2894 Status|CLOSED |ASSIGNED Resolution|INSUFFICIENT_DATA | Version|fc5 |devel ------- Additional Comments From lkundrak(a)redhat.com 2007-11-02 13:31 EST ------- Matej: Please never close bugs with "Security" keyword unless you are condfident they are fixed. The sample exploit from https://bugzilla.mozilla.org/show_bug.cgi?id=258875 works with seamonkey-1.1.3-8.fc8, though the upstream bug was recently closed. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

15 years, 3 months

1
0
0 / 0

[Bug 237882] New: CVE-2007-2245: phpMyAdmin < 2.10.1 XSS vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237882 Summary: CVE-2007-2245: phpMyAdmin < 2.10.1 XSS vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: phpMyAdmin AssignedTo: mmcgrath(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com,redhat- bugzilla(a)linuxnetz.de http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2245 "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

15 years, 3 months

1
3
0 / 0

[Bug 245219] New: clamav < 0.90.3 multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219 Summary: clamav < 0.90.3 multiple vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3023 "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3024 "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3122 "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3123 "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow." Not checked whether 0.88.x in FC-6 and earlier are affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

15 years, 3 months

1
5
0 / 0

[Bug 230927] New: CVE-2007-1103: tor information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230927 Summary: CVE-2007-1103: tor information disclosure Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: low Priority: medium Component: tor AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1103 "Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations." All <= 0.1.1.26 versions reportedly affected. Upstream statement: http://blogs.law.harvard.edu/anonymous/2007/02/26/the-rumors-of-our-demise/ -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

15 years, 3 months

1
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security November 2007