[Bug 236948] New: CVE-2007-1745: clamav < 0.90.2 chm unpack issue
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236948
Summary: CVE-2007-1745: clamav < 0.90.2 chm unpack issue
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: clamav
AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1745
"The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus
(ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and
attack vectors involving a crafted CHM file, a different vulnerability than
CVE-2007-0897. NOTE: some of these details are obtained from third party
information."
CVE-2007-1997 appears to be somewhat related and is said to affect 0.9x versions
before 0.90.2 only, however for this CVE I didn't find anything that would say
0.88.7 currently in FE5 and FE6 wouldn't be affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years
[Bug 235912] New: CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235912
Summary: CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: wordpress
AssignedTo: jwb(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1893
"WordPress 2.1.2, and probably earlier, allows remote authenticated users with
the contributor role to bypass intended access restrictions and invoke the
publish_posts functionality, which can be used to "publish a previously saved
post.""
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1897
"SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably
earlier, allows remote authenticated users to execute arbitrary SQL commands via
a string parameter value in an XML RPC mt.setPostCategories method call, related
to the post_id variable."
All active FE releases have 2.1.3-RC2 which seems affected. 2.1.3 final is said
to fix these issues.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years
[Bug 236489] CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236489
matthias(a)rpmforge.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From matthias(a)rpmforge.net 2007-04-16 07:24 EST -------
Since 1.4.15 doesn't seem to break any configuration syntax (I've tested an
update on a few servers, some with complex setups), I've decided to update all
currently supported branches to 1.4.15, which contains these fixes.
Note that the CVE-2007-1869 bug was already fixed in the devel and EL-5
branches, but they hadn't yet been rebuilt.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years
[Bug 232103] New: CVE-2007-1429: moodle 1.7.1 remote file inclusion
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232103
Summary: CVE-2007-1429: moodle 1.7.1 remote file inclusion
Product: Fedora Extras
Version: devel
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: moodle
AssignedTo: mmcgrath(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1429
"Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote
attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1)
admin/utfdbmigrate.php or (2) filter.php."
Reported against 1.7.1 which is not currently in any FE repo; reporting here in
order to track/ask for confirmation whether 1.6.x in FC-5 and FC-6, and 1.7 in
devel are affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years