July 2007 - security [ARCHIVED] - Fedora Mailing-Lists

[Bug 243592] New: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243592 Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities Product: Fedora Extras Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: cacti AssignedTo: mmcgrath(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3112 "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3113 "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter." The patch linked to in the reports applies to 0.8.6j too. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 7 months

1
6
0 / 0

[Bug 240396] New: CVE-2007-2654: xfsdump file permissions issue

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396 Summary: CVE-2007-2654: xfsdump file permissions issue Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: xfsdump AssignedTo: cattelan(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2654 "xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems." Patch from SUSE update attached. ------- Additional Comments From ville.skytta(a)iki.fi 2007-05-17 03:49 EST ------- Created an attachment (id=154896) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154896&action=view) Patch from SUSE update -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 7 months

1
4
0 / 0

[Bug 235013] New: CVE-2007-1804: pulseaudio 0.9.5 DoS

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235013 Summary: CVE-2007-1804: pulseaudio 0.9.5 DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: pulseaudio AssignedTo: drzeus-bugzilla(a)drzeus.cx ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1804 "PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file." FC5, FC6, devel have 0.9.5 at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 7 months

1
4
0 / 0

[Bug 192830] New: CVE-2006-2453 Additional dia format string flaws

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830 Summary: CVE-2006-2453 Additional dia format string flaws Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: dia AssignedTo: j.w.r.degoede(a)hhs.nl ReportedBy: bressers(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com A number of additional format string issues were discovered by Hans de Goede and has been assigned the CVE id CVE-2006-2453. The fix is attachment 129852 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 8 months

1
13
0 / 0

[Bug 215136] New: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215136 Summary: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5864 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: gv AssignedTo: orion(a)cora.nwra.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5864 "Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 8 months

1
5
0 / 0

[Bug 241799] New: CVE-2007-2894: bochs guest OS local user DoS

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 Summary: CVE-2007-2894: bochs guest OS local user DoS Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: bochs AssignedTo: j.w.r.degoede(a)hhs.nl ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894 "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 8 months

1
9
0 / 0

[Bug 244502] New: CVE-2007-3165: tor < 0.1.2.14 information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244502 Summary: CVE-2007-3165: tor < 0.1.2.14 information disclosure Product: Fedora Extras Version: f7 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3165 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: tor AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3165 "Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 8 months

1
5
0 / 0

fedora-security/audit fc7,1.53,1.54 fe6,1.130,1.131

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31866 Modified Files: fc7 fe6 Log Message: lighttpd updated Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- fc7 27 Jul 2007 12:57:04 -0000 1.53 +++ fc7 27 Jul 2007 15:56:53 -0000 1.54 @@ -4,14 +4,14 @@ *CVE are items that need verification for Fedora 7 -CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 -CVE-2007-3946 VULNERABLE (lighttpd) #249162 -CVE-2007-3947 VULNERABLE (lighttpd) #249162 -CVE-2007-3948 VULNERABLE (lighttpd) #249162 -CVE-2007-3949 VULNERABLE (lighttpd) #249162 -CVE-2007-3950 VULNERABLE (lighttpd) #249162 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-4029 VULNERABLE (libvorbis) #245991 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.130 retrieving revision 1.131 diff -u -r1.130 -r1.131 --- fe6 21 Jul 2007 19:27:14 -0000 1.130 +++ fe6 27 Jul 2007 15:56:53 -0000 1.131 @@ -2,7 +2,11 @@ ** are items that need attention -CVE-NOID VULNERABLE (lighttpd) #249162 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.225,1.226 fc7,1.52,1.53

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22578 Modified Files: fc6 fc7 Log Message: libvorbis, tor Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.225 retrieving revision 1.226 diff -u -r1.225 -r1.226 --- fc6 21 Jul 2007 19:27:14 -0000 1.225 +++ fc6 27 Jul 2007 12:57:04 -0000 1.226 @@ -3,6 +3,7 @@ ** are items that need attention +CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-2007-4168 VULNERABLE (libexif) #243892 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 @@ -16,6 +17,7 @@ CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 CVE-2007-3126 ignore (gimp) just a crash +CVE-2007-3106 VULNERABLE (libvorbis) #245991 *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5?) [since ?] *CVE-2007-2874 (wpa_supplicant) #242455 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.52 retrieving revision 1.53 diff -u -r1.52 -r1.53 --- fc7 25 Jul 2007 13:09:29 -0000 1.52 +++ fc7 27 Jul 2007 12:57:04 -0000 1.53 @@ -4,6 +4,8 @@ *CVE are items that need verification for Fedora 7 +CVE-2007-4029 VULNERABLE (libvorbis) #245991 +CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 CVE-2007-3946 VULNERABLE (lighttpd) #249162 CVE-2007-3947 VULNERABLE (lighttpd) #249162 CVE-2007-3948 VULNERABLE (lighttpd) #249162 @@ -49,6 +51,7 @@ CVE-2007-3239 ** (wordpress) #245211 CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3106 VULNERABLE (libvorbis) #245991 CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

[Bug 249162] New: lighttpd 1.4.15 multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249162 Summary: lighttpd 1.4.15 multiple vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: lighttpd AssignedTo: matthias(a)rpmforge.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://www.vuxml.org/freebsd/fc9c217e-3791-11dc-bb1a-000fea449b8a.html "Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service)." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 9 months

1
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] July 2007