From ismail at pardus.org.tr Thu May 10 15:15:15 2007 From: ismail at pardus.org.tr (Ismail =?utf-8?q?D=C3=B6nmez?=) Date: Thu, 10 May 2007 15:15:15 +0300 Subject: [Pardus-security] [PLSA 2007-83] mysql: Denial of Service Message-ID: <200705101515.19538.ismail@pardus.org.tr> -------------------------------------------------------------------------------------- Pardus Linux Security Advisory 2007-83 security at pardus.org.tr -------------------------------------------------------------------------------------- Date: 2007-05-10 Severity: 5 Type: Local -------------------------------------------------------------------------------------- Summary ======= Denial of Service is possible via a crafted query. Description =========== Neil Kettle discovered that using a specially crafted SELECT query its possible to crash mysql server resulting in a denial of service attack. Affected packages: mysql-server, all before 5.0.40-24 mysql-lib, all before 5.0.40-24 mysql-client, all before 5.0.40-24 Resolution ========== There are update(s) for mysql-server, mysql-lib, mysql-client. You can update them via Package Manager or with a single command from console: pisi up mysql-server mysql-lib mysql-client References ========== * http://bugs.mysql.com/bug.php?id=27513 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583 -------------------------------------------------------------------------------------- -------------- sonraki b?l?m -------------- Yaz??? olmayan bir eklenti temizlendi... ???sim: kullan???lam???yor T???r: application/pgp-signature Boyut: 189 bayt Tan???m: This is a digitally signed message part. Url: http://liste.uludag.org.tr/pardus-security/attachments/20070510/a99e3828/attachment.pgp From ismail at pardus.org.tr Tue May 15 02:00:28 2007 From: ismail at pardus.org.tr (Ismail =?utf-8?q?D=C3=B6nmez?=) Date: Tue, 15 May 2007 02:00:28 +0300 Subject: [Pardus-security] [PLSA 2007-84] samba: Multiple vulnerabilities Message-ID: <200705150200.32756.ismail@pardus.org.tr> --------------------------------------------------------------------------------------- Pardus Linux Security Advisory 2007-84 security at pardus.org.tr --------------------------------------------------------------------------------------- Date: 2007-05-15 Severity: 5 Type: Remote --------------------------------------------------------------------------------------- Summary ======= Multiple vulnerabilities exist in Samba that allows remote code execution and privilege escalation. Description =========== Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. Samba doesn't filter commands that are passed to /bin/sh which allows remote command injection attacks. A bug in the local SID/Name translation routines may allow to use SMB/CIFS commands as root. Affected packages: samba, all before 3.0.25-19 samba-python, all before 3.0.25-19 Resolution ========== There are update(s) for samba, samba-python. You can update them via Package Manager or with a single command from console: pisi up samba samba-python References ========== * http://www.samba.org/samba/security/CVE-2007-2444.html * http://www.samba.org/samba/security/CVE-2007-2446.html * http://www.samba.org/samba/security/CVE-2007-2447.html --------------------------------------------------------------------------------------- -------------- sonraki b?l?m -------------- Yaz??? olmayan bir eklenti temizlendi... ???sim: kullan???lam???yor T???r: application/pgp-signature Boyut: 189 bayt Tan???m: This is a digitally signed message part. Url: http://liste.uludag.org.tr/pipermail/pardus-security/attachments/20070515/cdf8c7d4/attachment.pgp From ismail at pardus.org.tr Fri May 25 00:44:50 2007 From: ismail at pardus.org.tr (Ismail =?utf-8?q?D=C3=B6nmez?=) Date: Fri, 25 May 2007 00:44:50 +0300 Subject: [Pardus-security] [PLSA 2007-104] file: Integer overflow Message-ID: <200705250044.51071.ismail@pardus.org.tr> --------------------------------------------------------------------------------------- Pardus Linux Security Advisory 2007-104 security at pardus.org.tr --------------------------------------------------------------------------------------- Date: 2007-05-25 Severity: 5 Type: Local --------------------------------------------------------------------------------------- Summary ======= file has an integer overflow which can be used to execute arbitrary code. Description =========== Colin Percival discovered that the fix for CVE-2007-1536 created an integer overflow flaw in file which can be used to execute arbitrary code. Affected packages: file, all before 4.20-9 Resolution ========== There are update(s) for file. You can update them via Package Manager or with a single command from console: pisi up file References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 --------------------------------------------------------------------------------------- -------------- sonraki b?l?m -------------- Yaz??? olmayan bir eklenti temizlendi... ???sim: kullan???lam???yor T???r: application/pgp-signature Boyut: 189 bayt Tan???m: This is a digitally signed message part. Url: http://liste.uludag.org.tr/pipermail/pardus-security/attachments/20070525/16d902fd/attachment.pgp From ismail at pardus.org.tr Fri May 25 02:10:59 2007 From: ismail at pardus.org.tr (Ismail =?utf-8?q?D=C3=B6nmez?=) Date: Fri, 25 May 2007 02:10:59 +0300 Subject: [Pardus-security] test Message-ID: <200705250210.59645.ismail@pardus.org.tr> ignore this. -- Perfect is the enemy of good From ismail at pardus.org.tr Fri May 25 02:13:02 2007 From: ismail at pardus.org.tr (Ismail =?utf-8?q?D=C3=B6nmez?=) Date: Fri, 25 May 2007 02:13:02 +0300 Subject: [Pardus-security] [PLSA 2007-104] file: Integer overflow (Updated) Message-ID: <200705250213.03014.ismail@pardus.org.tr> --------------------------------------------------------------------------------------- Pardus Linux Security Advisory 2007-104 ?? ?? ?? ?? ?? security at pardus.org.tr --------------------------------------------------------------------------------------- ?? ?? ?? Date: 2007-05-25 ?? Severity: 5 ?? ?? ?? Type: Local --------------------------------------------------------------------------------------- Summary ======= Previous update failed to fix the problem. Original advisory follows. file has an integer overflow which can be ??used ??to ??execute ??arbitrary code. Description =========== Colin Percival discovered that the fix ??for ??CVE-2007-1536 ??created ??an integer overflow flaw in file which can be used to execute arbitrary code. Affected packages: ?? ?? file, all before 4.20-9-10 Resolution ========== There are update(s) for file. You can update them via Package Manager or with a single command from console: ?? ?? pisi up file References ========== ?? * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 ?? * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 --------------------------------------------------------------------------------------- -------------- sonraki b?l?m -------------- Yaz??? olmayan bir eklenti temizlendi... ???sim: kullan???lam???yor T???r: application/pgp-signature Boyut: 189 bayt Tan???m: This is a digitally signed message part. Url: http://liste.uludag.org.tr/pipermail/pardus-security/attachments/20070525/cdd05ae2/attachment.pgp