From pinar at pardus.org.tr Mon Sep 1 04:14:09 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 01 Sep 2008 04:14:09 +0300 Subject: [Pardus-security] [PLSA 2008-34] GNU ed: Heap Overflow Message-ID: <48BB41E1.90300@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-34 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-01 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability was reported in GNU ed. A remote user can cause arbitrary code to be executed on the target user's system. Description =========== A remote user can create a specially crafted file that, when processed by the target user, will trigger a heap overflow and potentially execute arbitrary code on the target system. The code will run with the privileges of the target user. The vulnerability resides in strip_escapes() in signal.c. Note: This vulnerability found by Alfredo Ortega from Core Security Technologies. Affected packages: Pardus 2008: ed, all before 1.0-9-2 Pardus 2007: ed, all before 1.0-7-8 Resolution ========== There are update(s) for ed. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ed Pardus 2007: pisi up ed References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8092 * http://www.securitytracker.com/alerts/2008/Aug/1020734.html * http://lists.gnu.org/archive/html/bug-ed/2008-06/msg00000.html ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Sep 1 04:22:30 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 01 Sep 2008 04:22:30 +0300 Subject: [Pardus-security] [PLSA 2008-35] Ruby: Denial of Service Message-ID: <48BB43D6.9090207@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-35 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-01 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to an error in the REXML library when processing recursively nested XML entities. This can be exploited to cause a DoS via a specially crafted XML document. Note: This vulnerability found by Luka Treiber and Mitja Kolsek of ACROS Security. Affected packages: Pardus 2008: ruby, all before 1.8.7_p72-17-5 ruby-mode, all before 1.8.7_p72-17-5 Pardus 2007: ruby, all before 1.8.7_p72-17-14 ruby-mode, all before 1.8.7_p72-17-5 Resolution ========== There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ruby ruby-mode Pardus 2007: pisi up ruby ruby-mode References ========== * http://security.pardus.org.tr/en/2008-35 * http://bugs.pardus.org.tr/show_bug.cgi?id=8044 * http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3790 * http://secunia.com/advisories/31602 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Fri Sep 5 16:49:30 2008 From: pinar at pardus.org.tr (Pardus Security Team) Date: Fri, 05 Sep 2008 16:49:30 +0300 Subject: [Pardus-security] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities Message-ID: <48C138EA.6080708@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-36 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-05 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= There are multiple vulnerabilities detected in ffmpeg. Please update your packages to the latest versions. Description =========== * Free in avcodec_close() avctx->rc_eq. Fix a memory leak. * Buffer overflow in /libavcodec/dca.c. (patch by Alexander E. Patrakov) * Prevent dts generation code to be executed when delay is> MAX_REORDER_DELAY, this fixes overflow in AVStream->pts_buffer. (in libavformat/utils.c()) * Tcp/udp memory leak Affected packages: Pardus 2008: mplayer, all before 0.0_20080825-92-11 ffmpeg, all before 0.4.9_20080825-46-14 Resolution ========== There are update(s) for mplayer, ffmpeg. You can update them via Package Manager or with a single command from console: pisi up mplayer ffmpeg References ========== * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html ------------------------------------------------------------------------ From pinar at pardus.org.tr Sat Sep 6 04:13:06 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:13:06 +0300 Subject: [Pardus-security] [PLSA 2008-41] Emacs: Malicious code execution Message-ID: <48C1D922.6090301@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-41 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= Romain Francoise has found a security risk in a feature of GNU Emacs related to how Emacs interacts with Python. Description =========== The vulnerability may allow an attacker to run malicious code if the user runs the Emacs command `run-python' while the current directory is world-writable, or if the user toggles `eldoc-mode' and visits a Python source file in a world-writable directory. Affected packages: Pardus 2008: emacs, all before 23.0.60_20080624-22-6 Pardus 2007: emacs, all before 22.1-17-17 Resolution ========== There are update(s) for emacs. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up emacs Pardus 2007: pisi up emacs References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8128 * http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html * http://www.opensubscriber.com/message/emacs-diffs at gnu.org/9983157.html ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Sat Sep 6 04:16:47 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:16:47 +0300 Subject: [Pardus-security] [Stable] [PLSA 2008-37] Django: Cross Site Scripting Message-ID: <48C1D9FF.80308@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-37security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. Description =========== The vulnerability is caused due to the Django administration application not performing any validity checks to verify requests when re-authenticating the user. This can be exploited to delete and edit data when a not logged-in user e.g. visits a malicious web site and is then enticed to log in to the application. Affected packages: Pardus 2008: Django, all before 1.0-15-2 Pardus 2007: Django, all before 0.96.3-15-11 Resolution ========== There are update(s) for Django. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up Django Pardus 2007: pisi up Django References ========== *http://bugs.pardus.org.tr/show_bug.cgi?id=8116 *http://www.djangoproject.com/weblog/2008/sep/02/security *http://secunia.com/advisories/31729 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://liste.pardus.org.tr/pardus-security/attachments/20080906/349df629/attachment.htm From pinar at pardus.org.tr Sat Sep 6 04:17:28 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:17:28 +0300 Subject: [Pardus-security] [PLSA 2008-38] Wireshark: Denial of Service Message-ID: <48C1DA28.1020800@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-38security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== 1) Various errors within epan/dissectors/packet-ncp2222.inc can be exploited to cause e.g. a crash or an infinite loop via specially crafted NCP packets. 2) An error while uncompressing zlib-compressed packet data can be exploited to cause a crash via specially crafted packets. Affected packages: Pardus 2008: wireshark, all before 1.0.3-22-4 Pardus 2007: wireshark, all before 1.0.3-22-18 Resolution ========== There are update(s) for wireshark. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up wireshark Pardus 2007: pisi up wireshark References ========== *http://bugs.pardus.org.tr/show_bug.cgi?id=8119 *http://www.wireshark.org/security/wnpa-sec-2008-05.html *http://secunia.com/advisories/31674 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://liste.pardus.org.tr/pardus-security/attachments/20080906/632fbb60/attachment.htm From pinar at pardus.org.tr Sat Sep 6 04:18:35 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:18:35 +0300 Subject: [Pardus-security] [PLSA 2008-39] Clamav: Multiple Vulnerabilities Message-ID: <48C1DA6B.60405@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-39security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= There has been discovered multiple vulnerabilities in Clamav including a DoS (Denial of Service) vulnerability and memory leaks. Description =========== The first vulnerability is caused due to an error in libclamav/chmunpack.c when processing malformed CHM files. This can be exploited to cause an invalid memory access via a specially crafted CHM file. Others as follow: * Out-of-memory null dereference (bb#1141) CVE-2008-3912 * Possible invalid memory access (bb#1089) CVE-2008-1389 * Error path memory leaks CVE-2008-3913 * Fd leaks (bb#1141) CVE-2008-3914 Affected packages: Pardus 2008: clamav, all before 0.93.3-28-2 Pardus 2007: clamav, all before 0.93.3-30-29 Resolution ========== There are update(s) for clamav. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up clamav Pardus 2007: pisi up clamav References ========== *http://bugs.pardus.org.tr/show_bug.cgi?id=8110 *http://int21.de/cve/CVE-2008-1389-clamav-chd.html *http://secunia.com/advisories/31725 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://liste.pardus.org.tr/pardus-security/attachments/20080906/c0ee1a1c/attachment.htm From pinar at pardus.org.tr Sat Sep 6 04:19:28 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:19:28 +0300 Subject: [Pardus-security] [PLSA 2008-40] Postfix: Denial of Service Message-ID: <48C1DAA0.6010008@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-40security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 1 Type: Local ------------------------------------------------------------------------ Summary ======= A security issue has been reported in Postfix, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Description =========== The security issue is caused due to Postfix leaking the epoll file descriptor when executing non-Postfix commands, which can be exploited to cause a DoS. The security issue only affects Postfix 2.4 or later in combination with epoll (e.g. Linux 2.6). Affected packages: Pardus 2008: postfix, all before 2.5.4-21-5 Resolution ========== There are update(s) for postfix. You can update them via Package Manager or with a single command from console: pisi up postfix References ========== *http://bugs.pardus.org.tr/show_bug.cgi?id=8114 *http://www.postfix.org/announcements/20080902.html *http://secunia.com/advisories/31716/ ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://liste.pardus.org.tr/pardus-security/attachments/20080906/4fb3ec1a/attachment.htm From pinar at pardus.org.tr Mon Sep 29 13:19:39 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 29 Sep 2008 13:19:39 +0300 Subject: [Pardus-security] [PLSA 2008-42] jasper: Multiple Vulnerabilities Message-ID: <48E0ABBB.6060208@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-42 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-29 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= Marc Espie and Christian Weisgerber have discoverd several integer overflows in libjasper. Description =========== CVE-2008-3520: - patches change all occurrences of malloc(a*b) with jas_alloc2(a,b). Hard to tell whether any are actually exploitable. Some seem to multiply a value from the file with the size of a structure indeed. The ones that multiply two variables seem to be harmless due to 16 or only 8 bit values. I talked to Marc Espie but he is not interested in investigating it further. So unless someone wants to spend a lot of time analyzing the context of every multiplication patching all such places seems to be a logical defensive measurement. CVE-2008-3521: - tmp race in jas_stream_tmpfile(), jas_stream.c CVE-2008-3522: - vsprintf buffer overflow in jas_stream_printf(), jas_stream.c. Potentially dangerous. Called from mif_hdr_put() where it's not obvious to me whether there is a limit on the passed string. Affected packages: Pardus 2008: jasper, all before 1.900.1-6-3 Resolution ========== There are update(s) for jasper. You can update them via Package Manager or with a single command from console: pisi up jasper References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3521 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 * http://bugs.gentoo.org/show_bug.cgi?id=222819 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Sep 29 13:35:19 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 29 Sep 2008 13:35:19 +0300 Subject: [Pardus-security] [PLSA 2008-43] Mysql: Denial of Service Message-ID: <48E0AF67.3020701@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-43 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-29 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement. Affected packages: Pardus 2008: mysql-server, all before 5.0.51b-35 mysql-client, all before 5.0.51b-35 mysql-lib, all before 5.0.51b-35 mysql-man-pages, all before 5.0.51b-35 Resolution ========== There are update(s) for mysql-server, mysql-client, mysql-lib, mysql-man-pages. You can update them via Package Manager or with a single command from console: pisi up mysql-server mysql-client mysql-lib mysql-man-pages References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8150 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3963 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Sep 29 13:41:29 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 29 Sep 2008 13:41:29 +0300 Subject: [Pardus-security] [PLSA 2008-44] Faad2: Heap Overflow Message-ID: <48E0B0D9.8050503@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-44 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-29 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Faad2, which potentially can be exploited by malicious people to compromise a user's system. Description =========== Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. Affected packages: Pardus 2008: faad2, all before 2.6.1-11-2 Pardus 2007: faad2, all before 2.6.1-10-7 Resolution ========== There are update(s) for faad2. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up faad2 Pardus 2007: pisi up faad2 References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8261 * http://www.audiocoding.com ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Sep 29 13:50:44 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 29 Sep 2008 13:50:44 +0300 Subject: [Pardus-security] [PLSA 2008-45] Firefox: Multiple Vulnerabilities Message-ID: <48E0B304.4010606@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-45 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-29 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Description =========== 1) An error in the JavaScript move and resize functionality can be exploited to trick the user into clicking an unintended button and e.g. download a malicious file. 2) Multiple errors can be exploited to pollute "XPCNativeWrappers" and run arbitrary script code with Chrome privileges. 3) Multiple errors in "XSLT" and "document.loadBindingDocument()" while creating documents can be exploited to run arbitrary script code with Chrome privileges. 4) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory. 5) Two errors in the image rendering implementation can be exploited to cause a crash. 6) An error in the graphics rendering engine can be exploited to cause a crash. 7) An error in the processing of BOM characters included in JavaScript code can be exploited to potentially bypass script filters and facilitate cross-site scripting attacks. 8) Multiple errors in the implementation of the "resource:" protocol can be exploited to perform directory traversal attacks and disclose sensitive information. Successful exploitation of vulnerabilities #4-#6 may allow execution of arbitrary code. Affected packages: Pardus 2008: firefox, all before 3.0.3-87-14 firefox-devel, all before 3.0.3-87-14 Pardus 2007: firefox, all before 2.0.0.17-79-71 firefox-devel, all before 2.0.0.17-79-44 Resolution ========== There are update(s) for firefox, firefox-devel. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up firefox firefox-devel Pardus 2007: pisi up firefox firefox-devel References ========== * http://www.mozilla.org/security/announce/2008/mfsa2008-40.html * http://www.mozilla.org/security/announce/2008/mfsa2008-41.html * http://www.mozilla.org/security/announce/2008/mfsa2008-42.html * http://www.mozilla.org/security/announce/2008/mfsa2008-43.html * http://www.mozilla.org/security/announce/2008/mfsa2008-44.html * http://secunia.com/Advisories/32011/ ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Sep 29 14:10:00 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 29 Sep 2008 14:10:00 +0300 Subject: [Pardus-security] [PLSA 2008-46] Thunderbird: Multiple Vulnerabilities Message-ID: <48E0B788.4000409@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-46 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-29 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Description =========== 1) Several vulnerabilities can be exploited to bypass certain security restrictions, disclose sensitive information, or to potentially compromise a user's system. 2) A boundary error exists in the processing of canceled newsgroup messages. This can be exploited to cause a heap-based buffer overflow via a newsgroup message having a specially crafted header. Successful exploitation may allow execution of arbitrary code. Affected packages: Pardus 2008: thunderbird, all before 2.0.0.17-39-4 Resolution ========== There are update(s) for thunderbird. You can update them via Package Manager or with a single command from console: pisi up thunderbird References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8278 * http://www.mozilla.org/security/announce/2008/mfsa2008-38.html * http://www.mozilla.org/security/announce/2008/mfsa2008-41.html * http://www.mozilla.org/security/announce/2008/mfsa2008-42.html * http://www.mozilla.org/security/announce/2008/mfsa2008-43.html * http://www.mozilla.org/security/announce/2008/mfsa2008-44.html ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr