From pinar at pardus.org.tr Tue Nov 4 02:13:41 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 04 Nov 2008 02:13:41 +0200 Subject: [Pardus-security] [PLSA 2008-50] Graphviz: Buffer Overflow Message-ID: <490F93B5.6010502@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-50 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-03 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= Roee Hay has discovered a vulnerability in Graphviz, which can be exploited by malicious people to compromise a user's system. Description =========== The vulnerability is caused due to a boundary error within the "push_subg()" function in lib/graph/parser.c, which can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. tricking a user into processing a specially crafted dot file. Affected packages: Pardus 2007: graphviz, all before 2.12-5-4 Pardus 2008: graphviz, all before 2.18-9-6 graphviz-docs, all before 2.18-9-3 Resolution ========== There are update(s) for graphviz, graphviz-docs. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up graphviz graphviz-docs Pardus 2007: pisi up graphviz References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8422 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555 * http://secunia.com/Advisories/32186/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 4 02:14:20 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 04 Nov 2008 02:14:20 +0200 Subject: [Pardus-security] [PLSA 2008-51] Flashplugin: Security Bypass Message-ID: <490F93DC.4090000@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-51 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-03 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and disclose potentially sensitive information. Description =========== The vulnerability is caused due to a design error and can be exploited to e.g. gain access to the system's camera and microphone by tricking the user into clicking Flash Player access control dialogs disguised as normal graphical elements. Affected packages: Pardus 2008: flashplugin, all before 10.0.12.36-17-2 Resolution ========== There are update(s) for flashplugin. You can update them via Package Manager or with a single command from console: pisi up flashplugin References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8364 * http://www.adobe.com/support/security/advisories/apsa08-08.html * http://www.adobe.com/support/security/bulletins/apsb08-18.html * http://blogs.adobe.com/psirt/2008/10/clickjacking_security_advisory.html * http://secunia.com/Advisories/32163/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 4 02:16:01 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 04 Nov 2008 02:16:01 +0200 Subject: [Pardus-security] [PLSA 2008-56] Dbus: Denial of Service Message-ID: <490F9441.7030009@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-56 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-03 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= A weakness has been reported in D-Bus, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Description =========== The weakness is caused due to an error within the "_dbus_validate_signature_with_reason()" function when validating a malformed signature. This can be exploited to terminate applications using D-Bus by tricking them into validating a specially crafted signature. Affected packages: Pardus 2008: dbus, all before 1.2.4-36-11 Resolution ========== There are update(s) for dbus. You can update them via Package Manager or with a single command from console: pisi up dbus References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8360 * http://www.freedesktop.org/wiki/Softw...0dab297a44f1d7a3b1259cfc06b583fd6a88a * http://secunia.com/Advisories/32127/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 4 02:16:47 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 04 Nov 2008 02:16:47 +0200 Subject: [Pardus-security] [PLSA 2008-59] Mplayer: Buffer overflow Message-ID: <490F946F.9020001@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-59 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-04 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= There is a buffer overflow vulnerability in the unscaled yuv2rgb converter when height is odd because it will overflow the buffer by 1 line. Description =========== This flaw might have been exploitable. Affected packages: Pardus 2008: mplayer, all before 0.0_20081015-97-15 Resolution ========== There are update(s) for mplayer. You can update them via Package Manager or with a single command from console: pisi up mplayer References ========== * http://cia.vc/stats/author/michael/.message/1ba20a ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 4 02:17:20 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 04 Nov 2008 02:17:20 +0200 Subject: [Pardus-security] [PLSA 2008-60] kernel: Denial of Service Message-ID: <490F9490.3010200@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-60 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-04 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Avoid calling a NULL function pointer in drivers/video/tvaudio.c. Description =========== Please update your system. Affected packages: Pardus 2008: kernel, all before 2.6.25.19-112-48 kernel-source, all before 2.6.25.19-112-48 kernel-headers, all before 2.6.25.19-112-48 kernel-debug, all before 2.6.25.19-112-34 kernel-debug-source, all before 2.6.25.19-112-35 Resolution ========== There are update(s) for kernel, kernel-source, kernel-headers, kernel-debug, kernel-debug-source. You can update them via Package Manager or with a single command from console: pisi up kernel kernel-source kernel-headers kernel-debug kernel-debug-source References ========== * http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.19 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 4 04:18:11 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 04 Nov 2008 04:18:11 +0200 Subject: [Pardus-security] [PLSA 2008-52] Freeradius: Privilege escalation Message-ID: <490FB0E3.1060202@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-52 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-03 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in FreeRADIUS, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Description =========== The vulnerabilities are caused due to the "dialup_admin/bin/backup_radacct", "dialup_admin/bin/clean_radacct", "dialup_admin/bin/monthly_tot_stats", "dialup_admin/bin/tot_stats", and "dialup_admin/bin/truncate_radacct" scripts handling temporary files in an insecure manner. These can be exploited via symlink attacks to e.g. overwrite arbitrary files with escalated privileges. Affected packages: Pardus 2008: freeradius, all before 2.1.1-5-4 Resolution ========== There are update(s) for freeradius. You can update them via Package Manager or with a single command from console: pisi up freeradius References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8417 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4474 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 * http://uvw.ru/report.lenny.txt * http://secunia.com/Advisories/32170 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 4 04:19:14 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 04 Nov 2008 04:19:14 +0200 Subject: [Pardus-security] [PLSA 2008-55] libsamplerate: Buffer overrun Message-ID: <490FB122.4000907@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-55 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-04 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= There is a buffer overrun in src/src_sinc.c at extreme low conversion ratios. Description =========== Credits: Russell O'Connor for reporting this flaw to libsamplerate. Affected packages: Pardus 2008: libsamplerate, all before 0.1.4-4-2 Resolution ========== There are update(s) for libsamplerate. You can update them via Package Manager or with a single command from console: pisi up libsamplerate References ========== * http://www.mega-nerd.com/SRC/ChangeLog ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Nov 5 08:35:14 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Wed, 05 Nov 2008 08:35:14 +0200 Subject: [Pardus-security] [PLSA 2008-54] Wireshark: Multiple Denial of Service Message-ID: <49113EA2.8050903@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-54 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-05 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities and a weakness have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== 1) An error within the Bluetooth ACL dissector can be exploited to cause a crash via specially crafted packets. The vulnerability is reported in versions 0.99.2 to 1.0.3. 2) An error within the Q.931 dissector can be exploited to cause a crash via specially crafted packets. The vulnerability is reported in versions 0.10.3 to 1.0.3. 3) Uninitialised data structures within the Bluetooth RFCOMM and USB dissector can be exploited to cause a crash via specially crafted packets. Affected packages: Pardus 2008: wireshark, all before 1.0.4-23-5 Resolution ========== There are update(s) for wireshark. You can update them via Package Manager or with a single command from console: pisi up wireshark References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8476 * http://www.wireshark.org/security/wnpa-sec-2008-06.html * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685 * http://secunia.com/Advisories/32355/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Nov 5 08:36:24 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Wed, 05 Nov 2008 08:36:24 +0200 Subject: [Pardus-security] [PLSA 2008-57] nfs-utils: Security Bypass Message-ID: <49113EE8.4000302@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-57 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-05 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= A security issue has been reported in nfs-utils, which can be exploited by malicious people to bypass certain security restrictions. Description =========== The security issue is caused due to the TCP wrappers implementation calling the "hosts_ctl()" function with a wrong order of arguments. This can be exploited to bypass access control rules imposed on NFS netgroups and gain access to restricted services. Affected packages: Pardus 2008: nfs-utils, all before 1.1.2-14-3 Resolution ========== There are update(s) for nfs-utils. You can update them via Package Manager or with a single command from console: pisi up nfs-utils References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8475 * http://secunia.com/advisories/32346 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Nov 5 08:37:45 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Wed, 05 Nov 2008 08:37:45 +0200 Subject: [Pardus-security] [PLSA 2008-58] GNU Enscript: Buffer Overflow Message-ID: <49113F39.4060906@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-58 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-05 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Secunia Research has discovered a vulnerability in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system. Description =========== The vulnerability is caused due to a boundary error within the "read_special_escape()" function in src/psgen.c. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file. Successful exploitation allows execution of arbitrary code, but requires that special escapes processing is enabled with the "-e" option. Affected packages: Pardus 2008: enscript, all before 1.6.4-4-2 Resolution ========== There are update(s) for enscript. You can update them via Package Manager or with a single command from console: pisi up enscript References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8483 * http://secunia.com/secunia_research/2008-41/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Nov 5 08:44:35 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Wed, 05 Nov 2008 08:44:35 +0200 Subject: [Pardus-security] [PLSA 2008-61] Ktorrent: Security Bypass Message-ID: <491140D3.1040103@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-61 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-05 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been discovered in KTorrent, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions. Description =========== 1) The web interface plugin does not properly restrict access to the torrent upload functionality. This can be exploited to upload arbitrary torrent files by sending specially crafted HTTP POST request to the affected application. 2) The web interface plugin does not properly sanitise request parameters before passing them to the PHP interpreter. This can be exploited to inject and execute arbitrary PHP code by passing specially crafted parameters to the PHP scripts of the web interface. Successful exploitation of the vulnerabilities requires that the web interface plugin is enabled (not the default setting). Affected packages: Pardus 2008: ktorrent, all before 2.2.7-30-4 Resolution ========== There are update(s) for ktorrent. You can update them via Package Manager or with a single command from console: pisi up ktorrent References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8566 * http://secunia.com/advisories/32442/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Nov 5 08:45:31 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Wed, 05 Nov 2008 08:45:31 +0200 Subject: [Pardus-security] [PLSA 2008-62] Smarty: Security Bypass Message-ID: <4911410B.1030907@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-62 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-05 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Smarty, which can be exploited by malicious people to bypass certain security restrictions. Description =========== The vulnerability is caused due to an error when processing data with embedded variables. This can be exploited to potentially execute arbitrary PHP code. Affected packages: Pardus 2008: Smarty, all before 2.6.20-6-3 Resolution ========== There are update(s) for Smarty. You can update them via Package Manager or with a single command from console: pisi up Smarty References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8567 * http://code.google.com/p/smarty-php/source/diff?spec=svn2797&r=2797&format=side&path=/trunk/libs/Smarty_Compiler.class.php * http://smarty-php.googlecode.com/svn/trunk/NEWS ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Wed Nov 5 08:46:38 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Wed, 05 Nov 2008 08:46:38 +0200 Subject: [Pardus-security] [PLSA 2008-65] net-snmp: Denial of Service Message-ID: <4911414E.2040900@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-65 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-05 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= A bug in the getbulk handling code could let anyone with even minimal access crash the agent. Description =========== The getbulk code in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via vectors related to the number of responses or repeats. Affected packages: Pardus 2008: net-snmp, all before 5.4.1-7-3 net-snmptrap, all before 5.4.1-7-3 Resolution ========== There are update(s) for net-snmp, net-snmptrap. You can update them via Package Manager or with a single command from console: pisi up net-snmp net-snmptrap References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8577 * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4309 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Nov 7 09:27:53 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Fri, 07 Nov 2008 09:27:53 +0200 Subject: [Pardus-security] PLSA 2008-63] imlib2: Multiple Vulnerabilities Message-ID: <4913EDF9.2@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-63 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-07 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities with unknown impact have been reported in imlib2. Description =========== The vulnerabilities are caused due to unspecified errors. No further information is currently available. Affected packages: Pardus 2008: imlib2, all before 1.4.2-10-3 Resolution ========== There are update(s) for imlib2. You can update them via Package Manager or with a single command from console: pisi up imlib2 References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8570 * http://sourceforge.net/project/showfiles.php?group_id=2 * http://secunia.com/advisories/32354/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Nov 7 09:29:42 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Fri, 07 Nov 2008 09:29:42 +0200 Subject: [Pardus-security] [PLSA 2008-64] Dovecot: Multiple Vulnerabilities Message-ID: <4913EE66.1020609@pardus.org.tr> Pardus Linux Security Advisory 2008-64 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-07 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= The invalid message address parsing bug is pretty important since it allows a remote user to send broken mail headers and prevent the recipient from accessing the mailbox afterwards, because the process will always just crash trying to parse the header. Description =========== This is assuming that the IMAP client uses FETCH ENVELOPE command, not all do. Affected packages: Pardus 2008: dovecot, all before 1.1.6-18-3 Resolution ========== There are update(s) for dovecot. You can update them via Package Manager or with a single command from console: pisi up dovecot References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8572 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Nov 7 09:30:48 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Fri, 07 Nov 2008 09:30:48 +0200 Subject: [Pardus-security] [PLSA 2008-66] Blender: Arbitrary Code Execution Message-ID: <4913EEA8.8050106@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-66 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-07 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. Description =========== This vulnerability provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service. Affected packages: Pardus 2008: blender, all before 2.47-14-3 Resolution ========== There are update(s) for blender. You can update them via Package Manager or with a single command from console: pisi up blender References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8579 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4863 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Nov 7 09:33:12 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Fri, 07 Nov 2008 09:33:12 +0200 Subject: [Pardus-security] [PLSA 2008-67] libcdaudio: Buffer Overflow Message-ID: <4913EF38.40800@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-67 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-07 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= A remotely exploitable heap-based buffer overflow detected in libcaudio. Description =========== Please update your system. Affected packages: Pardus 2008: libcdaudio, all before 0.99.12-2-2 Resolution ========== There are update(s) for libcdaudio. You can update them via Package Manager or with a single command from console: pisi up libcdaudio References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8587 * http://www.openwall.com/lists/oss-security/2008/11/05/1 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 11 09:01:20 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 11 Nov 2008 09:01:20 +0200 Subject: [Pardus-security] [PLSA 2008-68] ndiswrapper: Denial of Service Message-ID: <49192DC0.4070006@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-68 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-11 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. Description =========== If ndiswrapper is in use, a physically near-by attackercould generate specially crafted wireless network traffic and crash the system, leading to a denial of service. Affected packages: Pardus 2008: ndiswrapper, all before 1.53-42-25 Resolution ========== There are update(s) for ndiswrapper. You can update them via Package Manager or with a single command from console: pisi up ndiswrapper References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8569 * http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;=49945b423c2f7e33b4c579ca460df6a806ee8f9f ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 11 09:02:54 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 11 Nov 2008 09:02:54 +0200 Subject: [Pardus-security] [PLSA 2008-69] libpng: Denial of Service Message-ID: <49192E1E.5060106@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-69 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-11 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to a memory leak error within the "png_handle_tEXt()" function in pngrutil.c. This can be exploited to potentially exhaust all available memory via a specially crafted PNG image. Affected packages: Pardus 2008: libpng, all before 1.2.33-16-6 Resolution ========== There are update(s) for libpng. You can update them via Package Manager or with a single command from console: pisi up libpng References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8565 * http://secunia.com/advisories/32418/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Nov 14 10:20:25 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Fri, 14 Nov 2008 10:20:25 +0200 Subject: [Pardus-security] [PLSA 2008-70] GnuTLS: Security Bypass Message-ID: <491D34C9.4020807@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-70 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-14 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. Description =========== The vulnerability is caused due to an error when validating the X.509 certificate chain and can be exploited to spoof arbitrary names e.g. during a Man-in-the-Middle (MitM) attack. Affected packages: Pardus 2008: gnutls, all before 2.2.5-13-5 Resolution ========== There are update(s) for gnutls. You can update them via Package Manager or with a single command from console: pisi up gnutls References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8626 * http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Nov 14 10:21:19 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Fri, 14 Nov 2008 10:21:19 +0200 Subject: [Pardus-security] [PLSA 2008-71] clamAV: off-by-one buffer overflow Message-ID: <491D34FF.2040908@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-71 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-14 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Description =========== Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. The vulnerability occurs inside the get_unicode_name() function in libclamav/vba_extract.c when a specific `name' buffer is passed to it. Affected packages: Pardus 2008: clamav, all before 0.93.3-29-3 Resolution ========== There are update(s) for clamav. You can update them via Package Manager or with a single command from console: pisi up clamav References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8627 * http://marc.info/?l=bugtraq&m=122624716807236&w=4 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Nov 14 10:22:20 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Fri, 14 Nov 2008 10:22:20 +0200 Subject: [Pardus-security] [PLSA 2008-73] openoffice: multiple vulnerabilities Message-ID: <491D353C.6000007@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-73 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-14 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities and a security issue have been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user's system, and by malicious, local users to perform certain actions with escalated privileges. Description =========== 1) An error in the processing of WMF files can be exploited to cause a heap-based buffer overflow via a specially crafted StarOffice/StarSuite document. 2) Multiple integer overflows when parsing certain EMR records of EMF files can be exploited to cause heap-based buffer overflows via a specially crafted StarOffice/StarSuite document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. 3) The "senddoc" script uses temporary files in an insecure manner. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the affected script. Affected packages: Pardus 2008: openoffice, all before 2.4.1.10-62-6 openoffice-clipart, all before 2.4.1.10-62-6 openoffice-dicts, all before 2.4.1.10-62-6 openoffice-help, all before 2.4.1.10-62-6 Resolution ========== There are update(s) for openoffice, openoffice-clipart, openoffice-dicts, openoffice-help. You can update them via Package Manager or with a single command from console: pisi up openoffice openoffice-clipart openoffice-dicts openoffice-help References ========== * http://www.openoffice.org/security/cves/CVE-2008-2237.html * http://www.openoffice.org/security/cves/CVE-2008-2238.html * http://secunia.com/advisories/32419/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Nov 17 08:12:02 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 17 Nov 2008 08:12:02 +0200 Subject: [Pardus-security] [PLSA 2008-70] [UPDATED] GnuTLS: Security Bypass In-Reply-To: <491D34C9.4020807@pardus.org.tr> References: <491D34C9.4020807@pardus.org.tr> Message-ID: <49210B32.2070004@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-70 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-17 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= [UPDATED]: gnutls has been recompiled and its version number changed 2.2.5-13-5 to 2.2.5-13-6. A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. Description =========== The vulnerability is caused due to an error when validating the X.509 certificate chain and can be exploited to spoof arbitrary names e.g. during a Man-in-the-Middle (MitM) attack. Affected packages: Pardus 2008: gnutls, all before 2.2.5-13-6 Resolution ========== There are update(s) for gnutls. You can update them via Package Manager or with a single command from console: pisi up gnutls References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8626 * http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Nov 17 08:12:58 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 17 Nov 2008 08:12:58 +0200 Subject: [Pardus-security] [PLSA 2008-71] [UPDATED] clamAV: off-by-one buffer overflow In-Reply-To: <491D34FF.2040908@pardus.org.tr> References: <491D34FF.2040908@pardus.org.tr> Message-ID: <49210B6A.8060504@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-71 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-17 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= [UPDATED]: clamAV fix for Pardus 2007 is available. Please update your system. ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Description =========== Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. The vulnerability occurs inside the get_unicode_name() function in libclamav/vba_extract.c when a specific `name' buffer is passed to it. Affected packages: Pardus 2008: clamav, all before 0.93.3-29-3 Pardus 2007: clamav, all before 0.93.3-31-30 Resolution ========== There are update(s) for clamav. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up clamav Pardus 2007: pisi up clamav References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8627 * http://marc.info/?l=bugtraq&m=122624716807236&w=4 ----------------------------------------------------------------------- -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Nov 17 08:13:53 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 17 Nov 2008 08:13:53 +0200 Subject: [Pardus-security] [PLSA 2008-72] thunderbird: multiple vulnerabilities Message-ID: <49210BA1.5030802@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-72 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-17 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Description =========== 1) An error in the processing of ".url" shortcuts can be exploited to obtain sensitive information from the local cache. 2) An error in the handling of HTTP redirect requests can be exploited to bypass the same-origin policy and access sensitive information from another domain. 3) An error exists when testing if a Flash module is dynamically unloaded. This can be exploited to dereference memory no longer mapped to the Flash module via an SWF file that dynamically unloads itself from an outside JavaScript function. 4) An error when locking a non-native object can be exploited to cause a crash via a web page assigning a specially crafted value to the "window.__proto__.__proto__" object. 5) An error in the browser engine can be exploited to cause a memory corruption. 6) Two errors in the JavaScript engine can be exploited to cause memory corruptions. Successful exploitation of vulnerabilities #3-#6 may allow execution of arbitrary code. 7) An error in the browser's restore feature can be exploited to violate the same-origin policy and run arbitrary JavaScript code in the context of another site. NOTE: The vulnerability can also be exploited to execute arbitrary JavaScript code with chrome privileges. 8) An error in the processing of the "http-index-format" MIME type can be exploited to execute arbitrary code via a specially crafted 200 header line included in an HTTP index response. 9) An error in the DOM constructing code can be exploited to dereference uninitialized memory and potentially execute arbitrary code by modifying certain properties of a file input element before the element has finished initializing. 10) An error in the implementation of the "nsXMLHttpRequest::NotifyEventListeners()" method can be exploited to execute arbitrary JavaScript code in the context of another site. 11) An error when handling the "-moz-binding" CSS property can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site. 12) An error exists when parsing the default XML namespace of an E4X document. This can be exploited to inject arbitrary XML code via a specially crafted namespace containing quote characters. Affected packages: Pardus 2008: thunderbird, all before 2.0.0.18-40-6 Resolution ========== There are update(s) for thunderbird. You can update them via Package Manager or with a single command from console: pisi up thunderbird References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8639 * http://www.mozilla.org/security/announce/2008/mfsa2008-48.html * http://www.mozilla.org/security/announce/2008/mfsa2008-50.html * http://www.mozilla.org/security/announce/2008/mfsa2008-52.html * http://www.mozilla.org/security/announce/2008/mfsa2008-55.html * http://www.mozilla.org/security/announce/2008/mfsa2008-56.html * http://www.mozilla.org/security/announce/2008/mfsa2008-58.html ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Thu Nov 20 06:25:33 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Thu, 20 Nov 2008 06:25:33 +0200 Subject: [Pardus-security] [PLSA 2008-74] libxml: multiple vulnerabilties Message-ID: <4924E6BD.4020405@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-74 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-20 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= Several vulnerabilities have been discovered in libxml2. A maliciously crafted xml file could cause the application to go into an infinite loop, leading to a denial of service. Description =========== CVE-2008-4225: Missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. CVE-2008-4226: An integer overflow in the xmlSAX2Characters() function may lead to denial of service or the execution of arbitrary code. Credits: Drew Yao of Apple Product Security. Affected packages: Pardus 2008: libxml2, all before 2.6.32-12-8 Resolution ========== There are update(s) for libxml2. You can update them via Package Manager or with a single command from console: pisi up libxml2 References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8666 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 25 10:11:41 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 25 Nov 2008 10:11:41 +0200 Subject: [Pardus-security] [PLSA 2008-53] Firefox: Multiple Vulnerabilities Message-ID: <492BB33D.4020602@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-53 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-25 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Description =========== 1) An error in the processing of ".url" shortcuts can be exploited to obtain sensitive information from the local cache. 2) An error in the handling of HTTP redirect requests can be exploited to bypass the same-origin policy and access sensitive information from another domain. 3) An error exists when testing if a Flash module is dynamically unloaded. This can be exploited to dereference memory no longer mapped to the Flash module via an SWF file that dynamically unloads itself from an outside JavaScript function. 4) An error when locking a non-native object can be exploited to cause a crash via a web page assigning a specially crafted value to the "window.__proto__.__proto__" object. 5) An error in the browser engine can be exploited to cause a memory corruption. 6) Two errors in the JavaScript engine can be exploited to cause memory corruptions. Successful exploitation of vulnerabilities #3-#6 may allow execution of arbitrary code. 7) An error in the browser's restore feature can be exploited to violate the same-origin policy and run arbitrary JavaScript code in the context of another site. NOTE: The vulnerability can also be exploited to execute arbitrary JavaScript code with chrome privileges. 8) An error in the processing of the "http-index-format" MIME type can be exploited to execute arbitrary code via a specially crafted 200 header line included in an HTTP index response. 9) An error in the DOM constructing code can be exploited to dereference uninitialized memory and potentially execute arbitrary code by modifying certain properties of a file input element before the element has finished initializing. 10) An error in the implementation of the "nsXMLHttpRequest::NotifyEventListeners()" method can be exploited to execute arbitrary JavaScript code in the context of another site. 11) An error when handling the "-moz-binding" CSS property can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site. 12) An error exists when parsing the default XML namespace of an E4X document. This can be exploited to inject arbitrary XML code via a specially crafted namespace containing quote characters. Affected packages: Pardus 2008: firefox, all before 3.0.4-89-16 firefox-devel, all before 3.0.4-89-16 Pardus 2007: firefox, all before 2.0.0.18-80-72 firefox-devel, all before 2.0.0.18-80-45 Resolution ========== There are update(s) for firefox, firefox-devel. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up firefox firefox-devel Pardus 2007: pisi up firefox firefox-devel References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8375 * https://bugzilla.mozilla.org/show_bug.cgi?id=454820 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4324 * http://www.mozilla.org/security/announce/2008/mfsa2008-48.html * http://www.mozilla.org/security/announce/2008/mfsa2008-50.html * http://www.mozilla.org/security/announce/2008/mfsa2008-52.html * http://www.mozilla.org/security/announce/2008/mfsa2008-55.html * http://www.mozilla.org/security/announce/2008/mfsa2008-56.html * http://www.mozilla.org/security/announce/2008/mfsa2008-58.html ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Tue Nov 25 10:12:21 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Tue, 25 Nov 2008 10:12:21 +0200 Subject: [Pardus-security] [PLSA 2008-75] kernel: Denial of Service Message-ID: <492BB365.4080601@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-75 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-11-25 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Al ext[234] directory corruption Denial of Service vulnerability has been detected in Linux kernel. Description =========== The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service. Affected packages: Pardus 2008: kernel, all before 2.6.25.20-113-49 kernel-source, all before 2.6.25.20-113-49 kernel-headers, all before 2.6.25.20-113-49 kernel-debug, all before 2.6.25.20-113-35 kernel-debug-source, all before 2.6.25.20-113-36 Resolution ========== There are update(s) for kernel, kernel-source, kernel-headers, kernel-debug, kernel-debug-source. You can update them via Package Manager or with a single command from console: pisi up kernel kernel-source kernel-headers kernel-debug kernel-debug-source References ========== * http://lkml.org/lkml/2008/9/13/98 * http://lkml.org/lkml/2008/9/13/99 * http://lkml.org/lkml/2008/9/17/371 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3528 * http://www.openwall.com/lists/oss-security/2008/09/18/2 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr