From pinar at pardus.org.tr Tue Dec 2 09:08:46 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 02 Dec 2008 09:08:46 +0200 Subject: [Pardus-security] [PLSA 2008-77] ffmpeg: Multiple DoS Vulnerabilities Message-ID: <4934DEFE.8080204@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-77 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-02 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service) Description =========== 1. An endless loop vulnerability when opening corrupt FLV files (issue 699). -- fixed in r15738 2. A divided by zero vulnerability in sub_packet_size. -- fixed in r15739 Affected packages: Pardus 2008: ffmpeg, all before 0.4.9_20080909-48-16 Resolution ========== There are update(s) for ffmpeg. You can update them via Package Manager or with a single command from console: pisi up ffmpeg References ========== * http://svn.pardus.org.tr/pardus/devel/applications/multimedia/ffmpeg/ * http://bugs.pardus.org.tr/show_bug.cgi?id=8734 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 2 09:09:17 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 02 Dec 2008 09:09:17 +0200 Subject: [Pardus-security] [PLSA 2008-78] mplayer: multiple denial of service vulnerabilities Message-ID: <4934DF1D.9000608@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-78 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-02 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service) Description =========== 1. An endless loop vulnerability when opening corrupt FLV files (issue 699). -- fixed in r15738 2. A divided by zero vulnerability in sub_packet_size. -- fixed in r15739 Affected packages: Pardus 2008: mplayer, all before 0.0_20081015-99-16 Resolution ========== There are update(s) for mplayer. You can update them via Package Manager or with a single command from console: pisi up mplayer References ========== * http://svn.pardus.org.tr/pardus/devel/applications/multimedia/ffmpeg/ * http://bugs.pardus.org.tr/show_bug.cgi?id=8734 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Dec 5 10:09:04 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Fri, 05 Dec 2008 10:09:04 +0200 Subject: [Pardus-security] [PLSA 2008-76] wireshark: Denial of Service Message-ID: <4938E1A0.9050309@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-76 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-05 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to an error in the SMTP dissector and can be exploited to trigger the execution of an infinite loop via a large SMTP packet. Affected packages: Pardus 2008: wireshark, all before 1.0.5_pre1-24-6 Pardus 2007: wireshark, all before 1.0.5_pre1-24-20 Resolution ========== There are update(s) for wireshark. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up wireshark Pardus 2007: pisi up wireshark References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8717 * http://anonsvn.wireshark.org/viewvc?view=rev&revision=24989 * http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Dec 5 10:17:55 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Fri, 05 Dec 2008 10:17:55 +0200 Subject: [Pardus-security] [PLSA 2008-79] cups: Buffer Overflow Message-ID: <4938E3B3.7030405@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-79 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-05 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= There is a potential integer overflow in the validation code that could render the whole validation useless. Description =========== IInteger overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. Affected packages: Pardus 2008: cups, all before 1.3.9-55-8 Resolution ========== There are update(s) for cups. You can update them via Package Manager or with a single command from console: pisi up cups References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8761 * http://www.cups.org/str.php?L2974 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 23 04:46:00 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 23 Dec 2008 04:46:00 +0200 Subject: [Pardus-security] [PLSA 2008-81] Php: Multiple Vulnerabilities Message-ID: <495050E8.2050302@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-81 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-23 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Description =========== 1) An input validation error exists within the "ZipArchive::extractTo()" function when extracting ZIP archives. This can be exploited to extract files to arbitrary locations outside the specified directory via directory traversal sequences in a specially crafted ZIP archive. 2) An error in the included PCRE library can be exploited to cause a buffer overflow. 3) The problem is that the "BG(page_uid)" and "BG(page_gid)" variables are not initialized. No further information is currently available. 4) The problem is that the "php_value" order is incorrect for Apache configurations. No further information is currently available. 5) An error in the GD library can be exploited to cause a crash via a specially crafted font file. NOTE: Additionally a potential buffer overflow in the "memnstr()" function and crashes in the FastCGI functionality and the IMAP toolkit have been fixed. Affected packages: Pardus 2008: php-common, all before 5.2.8-67-7 php-cli-5.2.8, all before 67-7 mod_php, all before 5.2.8-67-7 Pardus 2007: php-common, all before 5.2.8-60-29 php-cli, all before 5.2.8-60-38 mod_php, all before 5.2.8-60-61 Resolution ========== There are update(s) for php-common, php-cli-5.2.8, mod_php, php-cli. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up php-common php-cli-5.2.8 mod_php Pardus 2007: pisi up php-common php-cli mod_php References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8784 * http://secunia.com/Advisories/32964 ----------------------------------------------------------------------- -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 23 04:53:34 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 23 Dec 2008 04:53:34 +0200 Subject: [Pardus-security] [PLSA 2008-82] Avahi: Denial of Service Vulnerability Message-ID: <495052AE.10202@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-82 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-23 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to an error when processing multicast DNS (mDNS) data and can be exploited to terminate the application via an UDP packet having a source port equal to zero. Affected packages: Pardus 2008: avahi, all before 0.6.23-12-7 Resolution ========== There are update(s) for avahi. You can update them via Package Manager or with a single command from console: pisi up avahi References ========== * http://avahi.org/milestone/Avahi%200.6.24 * http://git.0pointer.de/?p=avahi.git;a=commitdiff;h=3093047f1aa36bed8a37fa79004bf0ee287929f4 * http://secunia.com/Advisories/33153 ----------------------------------------------------------------------- -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 23 04:57:59 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 23 Dec 2008 04:57:59 +0200 Subject: [Pardus-security] [PLSA 2008-83] Sun-JDK: Multiple Vulnerabilities Message-ID: <495053B7.2020707@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-83 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-23 Severity: 5 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system. Description =========== 1) Java Runtime Environment (JRE) creates temporary files with insufficiently random names. This can be exploited to write arbitrary JAR files and perform restricted actions on the affected system. 2) An error exists in the Java AWT library when processing image models. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Raster" image model used in a "ConvolveOp" operation. 3) An error in Java Web Start when processing certain GIF header values can be exploited to cause a memory corruption via a specially crafted splash logo. 4) An integer overflow error in the processing of TrueType fonts can be exploited to cause a heap-based buffer overflow. 5) An error in the JRE can be exploited to establish network connections to arbitrary hosts. 6) An error when launching Java Web Start applications can be exploited by an untrusted application to e.g. read, write, or execute local files with the privileges of the user running the application. 7) An error can be exploited by an untrusted Java Web Start application to obtain the current username and the location of the Java Web Start cache. 8) An error in Java Web Start can be exploited to modify system properties (e.g. java.home, java.ext.dirs, and user.home) via specially crafted JNLP files. 9) An error in Java Web Start and Java Plug-in can be exploited to hijack HTTP sessions. 10) An error in the JRE applet class loading functionality can be exploited to read arbitrary files and establish network connections to arbitrary hosts. 11) An error in the Java Web Start BasicService can be exploited to open arbitrary local files in the user's browser. 12) The problem is that the "Java Update" mechanism does not check the digital signature of the downloaded update package. This be exploited to execute arbitrary code via e.g. a MitM (Man-in-the-Middle) or DNS spoofing attack. 13) A boundary error exists when processing the "Main-Class" manifest entry of a JAR file. This can be exploited to cause a stack-based buffer overflow via a specially crafted JAR file. 14) An error when deserializing calendar objects can be exploited by an untrusted Java applet to e.g. read, write, or execute local files. 15) An integer overflow error in JRE can be exploited to cause a heap-based buffer overflow via a specially crafted Pack200 compressed JAR file. 16) The UTF-8 decoder accepts encodings longer than the "shortest" form. This can potentially be exploited to trick applications using the decoder into accepting invalid sequences and e.g. disclose sensitive information via specially crafted URIs. 17) An error in the JRE can be exploited to list the contents of the user's home directory. 18) An error when processing RSA public keys can be exploited to consume large amounts of CPU. 19) An error in the JRE Kerberos authentication mechanism can be exploited to potentially exhaust operating system resources. 20) Multiple errors in the JAX-WS and JAXB JRE packages can be exploited by an untrusted Java applet to e.g. read, write, or execute local files. 21) An error when processing ZIP files can be exploited to disclose arbitrary memory locations from the host process. 22) An error can be exploited by malicious code loaded from the local filesystem to gain network access to the local host. 23) A boundary error in the processing of TrueType fonts can be exploited to cause a heap-based buffer overflow. Affected packages: Pardus 2008: sun-jdk, all before 1.6.0_p11-17-4 sun-jdk-demo, all before 1.6.0_p11-17-1 sun-jdk-doc, all before 1.6.0_p11-17-1 sun-jdk-samples, all before 1.6.0_p11-17-1 sun-jre, all before 1.6.0_p11-17-4 Resolution ========== There are update(s) for sun-jdk, sun-jdk-demo, sun-jdk-doc, sun-jdk-samples, sun-jre. You can update them via Package Manager or with a single command from console: pisi up sun-jdk sun-jdk-demo sun-jdk-doc sun-jdk-samples sun-jre References ========== * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246346-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246366-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1 * http://secunia.com/Advisories/32991/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 23 05:01:42 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 23 Dec 2008 05:01:42 +0200 Subject: [Pardus-security] [PLSA 2008-84] Firefox: Multiple Vulnerabilities Message-ID: <49505496.1080308@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-84 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-23 Severity: 5 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. Description =========== 1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code. 2) An error when processing the "persist" XUL attribute can be exploited to bypass cookie settings and uniquely identify a user in subsequent browsing sessions. 3) Multiple errors can be exploited to bypass the same-origin policy, disclose sensitive information, and execute JavaScript code with chrome privileges. Affected packages: Pardus 2008: firefox, all before 3.0.5-93-19 firefox-devel, all before 3.0.5-93-19 Pardus 2007: firefox, all before 2.0.0.19-81-73 firefox-devel, all before 2.0.0.19-81-46 Resolution ========== There are update(s) for firefox, firefox-devel. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up firefox firefox-devel Pardus 2007: pisi up firefox firefox-devel References ========== * http://www.mozilla.org/security/announce/2008/mfsa2008-60.html * http://www.mozilla.org/security/announce/2008/mfsa2008-63.html * http://www.mozilla.org/security/announce/2008/mfsa2008-64.html * http://www.mozilla.org/security/announce/2008/mfsa2008-65.html * http://www.mozilla.org/security/announce/2008/mfsa2008-66.html * http://www.mozilla.org/security/announce/2008/mfsa2008-67.html * http://www.mozilla.org/security/announce/2008/mfsa2008-68.html * http://www.mozilla.org/security/announce/2008/mfsa2008-69.html * http://secunia.com/Advisories/33203/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 23 05:06:02 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 23 Dec 2008 05:06:02 +0200 Subject: [Pardus-security] [PLSA 2008-85] Thunderbird: Multiple Vulnerabilities Message-ID: <4950559A.1000204@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-85 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-23 Severity: 5 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. Description =========== 1) Multiple errors in the layout engine can be exploited to corrupt memory and potentially execute arbitrary code. 2) An error in the processing of XBL bindings can be exploited to bypass the same-origin policy and read data from a target document in another domain. Successful exploitation of this vulnerability requires that the target document contains a "" element and that the "id" of the read binding is known. 3) An error in the feed preview functionality can be exploited to execute arbitrary JavaScript code with chrome privileges. This is related to vulnerability #3 in: SA31984 4) An error exists when processing "XMLHttpRequest" requests to a web server which redirects the browser via a 302 HTTP status code. This can be exploited to bypass the same-origin policy and disclose sensitive information from another domain. 5) An error exists when processing JavaScript URLs redirecting the browser to another domain returning non-JavaScript data. This can be exploited to disclose sensitive information from the other domain via a "window.onerror" event handler. 6) An error when processing URLs starting with whitespace or certain control characters can be exploited to output a malformed URL when rendering a hyperlink. 7) An error in the CSS parser when processing "\0" sequences can be exploited to potentially bypass third party script sanitation routines. 8) An error when processing an XBL binding attached to an unloaded document can be exploited to bypass the same-origin policy and execute arbitrary JavaScript code in a different domain. 9) Two errors can be exploited to pollute "XPCNativeWrappers" and execute arbitrary JavaScript code with chrome privileges. 10) Several errors in the session restore feature can be exploited to execute arbitrary JavaScript code in a different domain or with chrome privileges. Affected packages: Pardus 2008: thunderbird, all before 2.0.0.19-41-7 Resolution ========== There are update(s) for thunderbird. You can update them via Package Manager or with a single command from console: pisi up thunderbird References ========== * http://secunia.com/Advisories/33205/ * http://www.mozilla.org/security/announce/2008/mfsa2008-60.html * http://www.mozilla.org/security/announce/2008/mfsa2008-61.html * http://www.mozilla.org/security/announce/2008/mfsa2008-62.html * http://www.mozilla.org/security/announce/2008/mfsa2008-64.html * http://www.mozilla.org/security/announce/2008/mfsa2008-65.html * http://www.mozilla.org/security/announce/2008/mfsa2008-66.html * http://www.mozilla.org/security/announce/2008/mfsa2008-67.html * http://www.mozilla.org/security/announce/2008/mfsa2008-68.html * http://www.mozilla.org/security/announce/2008/mfsa2008-69.html ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 23 05:09:51 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 23 Dec 2008 05:09:51 +0200 Subject: [Pardus-security] [PLSA 2008-86] Flashplugin: System access Vulnerability Message-ID: <4950567F.4060001@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-86 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-23 Severity: 5 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Adobe Flash Player, which potentially can be exploited by malicious people to compromise a user's system. Description =========== The vulnerability is caused due to an unspecified error when processing SWF files and can potentially be exploited to execute arbitrary code. Affected packages: Pardus 2008: flashplugin, all before 10.0.15.3-19-4 Pardus 2007: macromedia-flash, all before 9.0.152.0-11-10 Resolution ========== There are update(s) for flashplugin, macromedia-flash. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up flashplugin Pardus 2007: pisi up macromedia-flash References ========== * http://www.adobe.com/support/security/bulletins/apsb08-24.html * http://secunia.com/Advisories/33221/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Dec 23 05:12:14 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 23 Dec 2008 05:12:14 +0200 Subject: [Pardus-security] [PLSA 2008-88] Git: Privilege Escalation Message-ID: <4950570E.60307@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-88 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-23 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= A security issue has been reported in GIT, which can be exploited by malicious, local users to gain escalated privileges. Description =========== The security issue is caused due to the "gitweb" implementation improperly verifying repository configuration variables. This can be exploited to execute arbitrary commands with the privileges of the "gitweb" user via a specially crafted "diff.external" configuration variable. Affected packages: Pardus 2008: git, all before 1.6.0.6-74-11 git-emacs, all before 1.6.0.6-74-11 gitweb, all before 1.6.0.6-74-11 Resolution ========== There are update(s) for git, git-emacs, gitweb. You can update them via Package Manager or with a single command from console: pisi up git git-emacs gitweb References ========== * http://article.gmane.org/gmane.comp.version-control.git/103 * http://secunia.com/Advisories/33270/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Dec 24 08:17:58 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Wed, 24 Dec 2008 08:17:58 +0200 Subject: [Pardus-security] [PLSA 2008-87] Mplayer: Buffer Overflow Message-ID: <4951D416.20901@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-87 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-24 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer allows remote attackers to execute arbitrary code via a malformed TwinVQ file. Description =========== Successful exploitation may allow execution of arbitrary code. Affected packages: Pardus 2008: mplayer, all before 0.0_20081015-101-18 Pardus 2007: mplayer, all before 0.0_20080322-85-61 Resolution ========== There are update(s) for mplayer. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up mplayer Pardus 2007: pisi up mplayer References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8879 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616 * http://trapkit.de/advisories/TKADV2008-014.txt ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Dec 24 08:18:52 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Wed, 24 Dec 2008 08:18:52 +0200 Subject: [Pardus-security] [PLSA 2008-89] Perl: Symlink Attack Message-ID: <4951D44C.7060109@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-89 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-24 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack. Description =========== NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. Affected packages: Pardus 2008: perl-doc, all before 5.10.0-21-5 perl, all before 5.10.0-21-5 Pardus 2007: perl-doc, all before 5.8.8-19-12 perl, all before 5.8.8-19-12 libperl, all before 5.8.8-19-12 Resolution ========== There are update(s) for perl-doc, perl, libperl. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up perl-doc perl Pardus 2007: pisi up perl-doc perl libperl References ========== * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5302 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5303 * http://bugs.pardus.org.tr/show_bug.cgi?id=8773 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Sat Dec 27 23:54:48 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Sat, 27 Dec 2008 23:54:48 +0200 Subject: [Pardus-security] [PLSA 2008-90] Qemu: Denial of Service Message-ID: <4956A428.2010201@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-90 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-27 Severity: 1 Type: Local ------------------------------------------------------------------------ Summary ======= A security issue has been reported in QEMU, which can be exploited by malicious users to cause a DoS (Denial of Service). Description =========== The security issue is caused due to an infinite loop within the "protocol_client_msg()" function in vnc.c when processing certain "SetEncodings" messages. This can be exploited to cause a high CPU load by sending specially crafted messages to a vulnerable host. Affected packages: Pardus 2008: qemu, all before 0.9.1-12-3 Resolution ========== There are update(s) for qemu. You can update them via Package Manager or with a single command from console: pisi up qemu References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8884 * http://www.coresecurity.com/content/vnc-remote-dos * http://secunia.com/Advisories/33293/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Sun Dec 28 00:06:18 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Sun, 28 Dec 2008 00:06:18 +0200 Subject: [Pardus-security] [PLSA 2008-91] Samba: Denial of Service Message-ID: <4956A6DA.1040301@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-91 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-28 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability found in Samba that can potentially leak arbitrary memory contents to malicious clients. Description =========== smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. Affected packages: Pardus 2008: samba, all before 3.2.6-37-6 Resolution ========== There are update(s) for samba. You can update them via Package Manager or with a single command from console: pisi up samba References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8890 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4314 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr