From eren at pardus.org.tr Tue Feb 2 21:32:35 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 2 Feb 2010 21:32:35 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-23] Samba: Privilege Escalation
Message-ID: <20100202193235.E040DA7AB26@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-23 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-02
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been fixed in Samba, which can be exploited by
malicious, local users to disclose potentially sensitive information and
potentially gain escalated privileges.
Description
===========
Ronald Volgers discovered that the mount.cifs utility, when installed as
a setuid program, suffered from a race condition when verifying user
permissions. A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation.
Affected packages:
Pardus 2009:
samba, all before 3.3.10-50-11
Resolution
==========
There are update(s) for samba. You can update them via Package Manager
or with a single command from console:
pisi up samba
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12143
* https://bugzilla.samba.org/show_bug.cgi?id=6853
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3297
------------------------------------------------------------------------
From eren at pardus.org.tr Tue Feb 2 21:32:36 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 2 Feb 2010 21:32:36 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-24] Postgresql: Buffer Overflow
Message-ID: <20100202193236.1FDF3A7AB26@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-24 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-02
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability has been fixed in Postgresql, which can be exploited by
malicious people to cause denial of service via application crash.
Description
===========
The vulnerability is caused from the implementation of substring()
function. When it is called with negative length number, it is possible
to cause application crash which results in dropping all active database
connections.
Affected packages:
Pardus 2009:
postgresql-server, all before 8.3.9-25-8
Resolution
==========
There are update(s) for postgresql-server. You can update them via
Package Manager or with a single command from console:
pisi up postgresql-server
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12165
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0442
* http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0442
------------------------------------------------------------------------
From eren at pardus.org.tr Tue Feb 2 21:32:36 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 2 Feb 2010 21:32:36 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-25] Kernel: Multiple Vulnerabilities
Message-ID: <20100202193236.53696A7AB26@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-25 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-02
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in kernel, which can be
exploited by malicious people to cause denial of service.
Description
===========
CVE-2009-4537:
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel
handles Ethernet frames that exceed the MTU by processing certain
trailing payload data as if it were a complete frame, which allows
remote attackers to bypass packet filters via a large packet with a
crafted payload. NOTE: this vulnerability exists because of an incorrect
fix for CVE-2009-1385.
CVE-2010-0291:
The Linux kernel is exposed to multiple denial of service issues when
mapping memory addresses. These issues occur in multiple architectures,
affecting the "mmap" subsystem. Multiple patches affecting approximately
58 source files have been rolled into one release to address assorted
problems. Because of the complexity of these issues and their
interrelated nature, one CVE identifier has been assigned
Affected packages:
Pardus 2009:
kernel, all before 2.6.31.11-130-42
kernel-pae, all before 2.6.31.11-130-23
Resolution
==========
There are update(s) for kernel, kernel-pae. You can update them via
Package Manager or with a single command from console:
pisi up kernel kernel-pae
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12116
* http://bugs.pardus.org.tr/show_bug.cgi?id=12090
------------------------------------------------------------------------
From eren at pardus.org.tr Tue Feb 2 21:32:36 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 2 Feb 2010 21:32:36 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-26] Wireshark: Buffer Overflow
Message-ID: <20100202193236.879A1A7AB26@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-26 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-02
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in Wireshark, which can be
exploited by malicious people to cause a denial of service.
Description
===========
Buffer overflows in LWRES dissector allow remote attackers to cause a
denial of service via specifically crafted packet.
Affected packages:
Pardus 2009:
wireshark, all before 1.2.6-33-9
Resolution
==========
There are update(s) for wireshark. You can update them via Package
Manager or with a single command from console:
pisi up wireshark
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12168
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0304
* http://www.wireshark.org/security/wnpa-sec-2010-02.html
------------------------------------------------------------------------
From eren at pardus.org.tr Tue Feb 2 21:32:36 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 2 Feb 2010 21:32:36 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-27] Fuse: Privilege Escalation
Message-ID: <20100202193236.BBA16A7AB26@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-27 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-02
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been fixed in Fuse, which can be exploited by
malicious, local users to disclose potentially sensitive information and
potentially gain escalated privileges.
Description
===========
Ronald Volgers discovered that FUSE did not correctly check mount
locations. A local attacker, with access to use FUSE, could unmount
arbitrary locations, leading to a denial of service.
Affected packages:
Pardus 2009:
fuse, all before 2.8.2-21-7
Resolution
==========
There are update(s) for fuse. You can update them via Package Manager or
with a single command from console:
pisi up fuse
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12148
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3297
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3297
------------------------------------------------------------------------
From eren at pardus.org.tr Tue Feb 2 23:05:10 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 2 Feb 2010 23:05:10 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-28] Kernel: Denial of Service
Message-ID: <20100202210510.6B71CA7AB11@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-28 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-02
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
A vulnerability has been fixed in kernel, which can be used by malicious
to cause denial of service. NOTE: This advisory is a correction for
PLSA-2010-25. It wrongly stated that map/mmap issues affected Pardus.
However, it is not known whether these issues are real security issues,
so patches for these issues were not applied. These issues will be
investigated further.
Description
===========
CVE-2009-4537:
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel
handles Ethernet frames that exceed the MTU by processing certain
trailing payload data as if it were a complete frame, which allows
remote attackers to bypass packet filters via a large packet with a
crafted payload. NOTE: this vulnerability exists because of an incorrect
fix for CVE-2009-1385. This flaw could also possibly be used to trigger
a remote denial of service.
Affected packages:
Pardus 2009:
kernel, all before 2.6.31.11-130-42
kernel-pae, all before 2.6.31.11-130-23
Resolution
==========
There are update(s) for kernel, kernel-pae. You can update them via
Package Manager or with a single command from console:
pisi up kernel kernel-pae
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12090
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 4 16:01:42 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 4 Feb 2010 16:01:42 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-18] [UPDATE] Sqlite: Information
Disclosure
Message-ID: <20100204140142.7DFB1A7AB3B@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-18 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-04
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability has been found in sqlite, which can be exploited by
malicious people to gather deleted information on sqlite database.
[UPDATE] The issue is fixed in Pardus 2008
Description
===========
Sqlite leaves a trace on the disk when using DELETE query. Although the
deleted information cannot be seen with sqlite query, it can be seen
with a text editor.
This applies to all applications which use sqlite. For example, when
Firefox clear private data feature is used, the deleted history data can
be seen in "~/.mozilla/*.default/places.sqlite" with a text editor.
Affected packages:
Pardus 2009:
sqlite, all before 3.6.20-21-9
Pardus 2008:
sqlite, all before 3.5.9-17-5
Resolution
==========
There are update(s) for sqlite. You can update them via Package Manager
or with a single command from console:
Pardus 2008:
pisi up sqlite
Pardus 2009:
pisi up sqlite
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12137
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566326
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 4 16:01:42 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 4 Feb 2010 16:01:42 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-19] [UPDATE] Ruby:Terminal Escape
Sequences Weakness
Message-ID: <20100204140142.B1FB6A7AB3B@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-19 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-04
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
A weakness has been reported in Ruby, which can be exploited by
malicious people to manipulate certain data. [UPDATE] The issue is fixed
in Pardus 2008
Description
===========
WEBrick 1.3.1 in Ruby writes data to a log file without sanitizing
non-printable characters, which might allow remote attackers to modify a
window's title, or possibly execute arbitrary commands or overwrite
files, via an HTTP request containing an escape sequence for a terminal
emulator.
Affected packages:
Pardus 2009:
ruby, all before 1.8.7_p249-22-5
Pardus 2008:
ruby, all before 1.8.7_p249-20-8
Resolution
==========
There are update(s) for ruby. You can update them via Package Manager or
with a single command from console:
Pardus 2008:
pisi up ruby
Pardus 2009:
pisi up ruby
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12138
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4492
* http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection
* http://www.securityfocus.com/bid/37710
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 4 16:01:42 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 4 Feb 2010 16:01:42 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-20] [UPDATE] Nss: TLS Implementation
MITM Attack
Message-ID: <20100204140142.E5960A7AB3B@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-20 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-04
Severity: 4
Type: Remote
------------------------------------------------------------------------
Summary
=======
A serious vulnerability was found in TLS/SSLv3 protocol as implemented
in nss, which can be used by man-in-the-middle attackers to send
arbitrary requests to the server as if legitimate user. [UPDATE] The
issue is fixed in Pardus 2008
Description
===========
The TLS/SSLv3 protocol as implemented in nss prior to this update was
not able to associate already sent data to a renegotiated connection.
This allowed man-in-the-middle attackers to inject HTTP requests in a
HTTPS session without being noticed. For example Apache's mod_ssl was
vulnerable to this kind of attack because it uses openssl.
NOTE: This is the same as PLSA-2009-191.With this update,renegotiation
is completely disabled.
Affected packages:
Pardus 2009:
nss, all before 3.12.5.0-29-8
Resolution
==========
There are update(s) for nss. You can update them via Package Manager or
with a single command from console:
pisi up nss
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12147
* http://bugs.pardus.org.tr/show_bug.cgi?id=11515
* https://developer.mozilla.org/NSS_3.12.5_release_notes
* https://bugzilla.mozilla.org/show_bug.cgi?id=526689
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 4 16:01:43 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 4 Feb 2010 16:01:43 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-22] [UPDATE] Sun Java: Multiple
Vulnerabilities
Message-ID: <20100204140143.25983A7AB3B@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-22 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-04
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been reported in Sun Java, which can be
exploited by malicious people to disclose sensitive information, bypass
certain security restrictions, cause a DoS (Denial of Service), or
compromise a user's system. [UPDATE] The issue is fixed in Pardus 2008
Description
===========
New version of Sun Java fixes several vulnerabilities in the Sun Java 6
Runtime Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the
References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729,
CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,
CVE-2009-3869, CVE-2009-3871,CVE-2009-3872, CVE-2009-3873,
CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,
CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
Affected packages:
Pardus 2009:
sun-jdk, all before 1.6.0_p17-21-5
sun-jre, all before 1.6.0_p17-21-5
Pardus 2008:
sun-jdk, all before 1.6.0_p17-20-7
sun-jre, all before 1.6.0_p17-20-7
Resolution
==========
There are update(s) for sun-jdk, sun-jre. You can update them via
Package Manager or with a single command from console:
Pardus 2008:
pisi up sun-jdk sun-jre
Pardus 2009:
pisi up sun-jdk sun-jre
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=11946
* http://java.sun.com/javase/6/webnotes/6u17.html
------------------------------------------------------------------------
From eren at pardus.org.tr Tue Feb 9 22:56:09 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 9 Feb 2010 22:56:09 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-29] MySQL: Privilege Check Bypass
Message-ID: <20100209205609.47163A7ACF1@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-29 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-09
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been fixed in MySQL, which can be exploited by
malicious, local users to bypass certain security restrictions.
Description
===========
sql/sql_table.cc in MySQL, when the data home directory contains a
symlink to a different filesystem, allows remote authenticated users to
bypass intended access restrictions by calling CREATE TABLE with a (1)
DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a
subdirectory that requires following this symlink.
Affected packages:
Pardus 2009:
mysql-server, all before 5.1.41-46-9
Resolution
==========
There are update(s) for mysql-server. You can update them via Package
Manager or with a single command from console:
pisi up mysql-server
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12211
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
------------------------------------------------------------------------
From eren at pardus.org.tr Tue Feb 9 22:56:09 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Tue, 9 Feb 2010 22:56:09 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-30] Thunderbird: Multiple
Vulnerabilities
Message-ID: <20100209205609.7AB29A7ACF1@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-30 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-09
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in Thunderbird.
Description
===========
MFSA 2009-67 Integer overflow, crash in libtheora video library:
Security researcher Dan Kaminsky reported an integer overflow in the
Theora video library. A video's dimensions were being multiplied
together and used in particular memory allocations. When the video
dimensions were sufficiently large, the multiplication could overflow a
32-bit integer resulting in too small a memory buffer being allocated
for the video. An attacker could use a specially crafted video to write
data past the bounds of this buffer, causing a crash and potentially
running arbitrary code on a victim's computer.
MFSA 2009-66 Memory safety fixes in liboggplay media library:
Mozilla discovered several bugs in liboggplay which posed potential
memory safety issues. The bugs which were fixed could potentially be
used by an attacker to crash a victim's browser and execute arbitrary
code on their computer.
MFSA 2009-65 Crashes with evidence of memory corruption:
Mozilla developers and community members identified and fixed several
stability bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these crashes showed evidence of memory
corruption under certain circumstances and we presume that with enough
effort at least some of these could be exploited to run arbitrary code.
Affected packages:
Pardus 2009:
thunderbird, all before 3.0.1-51-8
Resolution
==========
There are update(s) for thunderbird. You can update them via Package
Manager or with a single command from console:
pisi up thunderbird
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12146
* http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
------------------------------------------------------------------------
From eren at pardus.org.tr Wed Feb 10 21:25:15 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Wed, 10 Feb 2010 21:25:15 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-23] [UPDATE] Samba: Privilege
Escalation
Message-ID: <20100210192515.906A2A7ABF7@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-23 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-10
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been fixed in Samba, which can be exploited by
malicious, local users to disclose potentially sensitive information and
potentially gain escalated privileges. [UPDATE] The issue is fixed in
Pardus 2008
Description
===========
Ronald Volgers discovered that the mount.cifs utility, when installed as
a setuid program, suffered from a race condition when verifying user
permissions. A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation.
Affected packages:
Pardus 2009:
samba, all before 3.3.10-50-11
Pardus 2008:
samba, all before 3.2.15-46-15
Resolution
==========
There are update(s) for samba. You can update them via Package Manager
or with a single command from console:
Pardus 2008:
pisi up samba
Pardus 2009:
pisi up samba
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12143
* https://bugzilla.samba.org/show_bug.cgi?id=6853
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3297
------------------------------------------------------------------------
From eren at pardus.org.tr Wed Feb 10 21:25:15 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Wed, 10 Feb 2010 21:25:15 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-24] [UPDATE] Postgresql: Buffer
Overflow
Message-ID: <20100210192515.C41A8A7ABF7@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-24 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-10
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability has been fixed in Postgresql, which can be exploited by
malicious people to cause denial of service via application crash.
[UPDATE] The issue is fixed in Pardus 2008
Description
===========
The vulnerability is caused from the implementation of substring()
function. When it is called with negative length number, it is possible
to cause application crash which results in dropping all active database
connections.
Affected packages:
Pardus 2009:
postgresql-server, all before 8.3.9-25-8
Pardus 2008:
postgresql-server, all before 8.1.19-23-5
Resolution
==========
There are update(s) for postgresql-server. You can update them via
Package Manager or with a single command from console:
Pardus 2008:
pisi up postgresql-server
Pardus 2009:
pisi up postgresql-server
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12165
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0442
* http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0442
------------------------------------------------------------------------
From eren at pardus.org.tr Wed Feb 10 21:25:16 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Wed, 10 Feb 2010 21:25:16 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-26] [UPDATE] Wireshark: Buffer Overflow
Message-ID: <20100210192516.0E806A7ABF7@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-26 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-10
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in Wireshark, which can be
exploited by malicious people to cause a denial of service. [UPDATE] The
issue is fixed in Pardus 2008
Description
===========
Buffer overflows in LWRES dissector allow remote attackers to cause a
denial of service via specifically crafted packet.
Affected packages:
Pardus 2009:
wireshark, all before 1.2.6-33-9
Pardus 2008:
wireshark, all before 1.2.6-34-16
Resolution
==========
There are update(s) for wireshark. You can update them via Package
Manager or with a single command from console:
Pardus 2008:
pisi up wireshark
Pardus 2009:
pisi up wireshark
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12168
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0304
* http://www.wireshark.org/security/wnpa-sec-2010-02.html
------------------------------------------------------------------------
From eren at pardus.org.tr Wed Feb 10 21:25:16 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Wed, 10 Feb 2010 21:25:16 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-27] [UPDATE] Fuse: Privilege Escalation
Message-ID: <20100210192516.42BB7A7ABF8@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-27 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-10
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been fixed in Fuse, which can be exploited by
malicious, local users to disclose potentially sensitive information and
potentially gain escalated privileges. [UPDATE] The issue is fixed in
Pardus 2008
Description
===========
Ronald Volgers discovered that FUSE did not correctly check mount
locations. A local attacker, with access to use FUSE, could unmount
arbitrary locations, leading to a denial of service.
Affected packages:
Pardus 2009:
fuse, all before 2.8.2-21-7
Pardus 2008:
fuse, all before 2.7.4-17-6
Resolution
==========
There are update(s) for fuse. You can update them via Package Manager or
with a single command from console:
Pardus 2008:
pisi up fuse
Pardus 2009:
pisi up fuse
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12148
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3297
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3297
------------------------------------------------------------------------
From eren at pardus.org.tr Sun Feb 14 14:18:36 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Sun, 14 Feb 2010 14:18:36 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-31] Sun-Java: Insecure Directory
Permissions
Message-ID: <20100214121836.3DD2BA7AB99@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-31 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-14
Severity: 5
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability has been fixed in Sun-java, which can be exploited by
malicious people to execute arbitrary code via changing sun java
binaries.
Description
===========
The vulnerability is caused from package.py, postInstall script of
sun-java package. It tries to create /opt/sun-jdk/jre/.systemPrefs
directory with "os.makedirs()" function, however default permission of
the directories created by os.makedirs() is 0777. This allows anyone to
replace sun java binaries, which can be used to execute arbitrary code.
NOTE: This vulnerability is Pardus specific.
Affected packages:
Pardus 2009:
sun-jdk, all before 1.6.0_p18-24-9
sun-jre, all before 1.6.0_p18-24-9
Resolution
==========
There are update(s) for sun-jdk, sun-jre. You can update them via
Package Manager or with a single command from console:
pisi up sun-jdk sun-jre
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12209
------------------------------------------------------------------------
From eren at pardus.org.tr Sun Feb 14 14:18:36 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Sun, 14 Feb 2010 14:18:36 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-32] Samba: Insecure wide links Default
Configuration Weakness
Message-ID: <20100214121836.716D3A7AB99@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-32 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-14
Severity: 4
Type: Remote
------------------------------------------------------------------------
Summary
=======
Kingcope has discovered a weakness in Samba, which can be exploited by
malicious people to bypass certain security restrictions and disclose
sensitive information.
Description
===========
The weakness is caused due to the insecure "wide links" option being
enabled by default, which allows the creation of symlinks to directories
placed outside a writable share. This can be exploited to gain read and
write access to restricted directories with the privileges of the e.g.
guest account user via directory traversal attacks.
Successful exploitation without authentication requires that a public
writable share is exported and that the option "wide links" is set to
"yes" (default).
Affected packages:
Pardus 2009:
samba, all before 3.3.10-51-12
Resolution
==========
There are update(s) for samba. You can update them via Package Manager
or with a single command from console:
pisi up samba
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12228
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568493
* http://marc.info/?l=samba-technical&m=126539387432412&w=2
------------------------------------------------------------------------
From eren at pardus.org.tr Sun Feb 14 14:18:36 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Sun, 14 Feb 2010 14:18:36 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-33] Qemu: Multiple Vulnerabilities
Message-ID: <20100214121836.A5898A7AB99@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-33 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-14
Severity: 4
Type: Local
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in Qemu, which can be exploited
by malicious people to cause denial of service (application crash) or
potentially compromise a vulnerable system.
Description
===========
CVE-2010-0297:
When using certain USB in the guest system the qemu process crashs when
a usb control request is greater than 1024 bytes.
CVE-2009-3616:
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
QEMU might allow guest OS users to execute arbitrary code on the host OS
by establishing a connection from a VNC client and then (1)
disconnecting during data transfer, (2) sending a message using
incorrect integer data types, or (3) using the Fuzzy Screen Mode
protocol, related to double free vulnerabilities.
Affected packages:
Pardus 2009:
qemu, all before 0.10.5-17-5
Resolution
==========
There are update(s) for qemu. You can update them via Package Manager or
with a single command from console:
pisi up qemu
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12222
* http://bugs.pardus.org.tr/show_bug.cgi?id=12221
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 25 06:47:55 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 25 Feb 2010 06:47:55 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-34] Pidgin: Multiple Vulnerabilities
Message-ID: <20100225044755.3E0DCA7AB4C@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-34 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-25
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in Pidgin, which can be used by
malicious people to cause denial of service.
Description
===========
CVE-2010-0420 - "Finch XMPP MUC Crash":
Discovered by Sadrul Habib Chowdhury last week. In an XMPP MUC, if
someone changes the nick to '
' (using '/nick
' for example),
then libpurple ends up having two users with username '\n' in the room,
and finch crashes in this situation. We do not believe there is
a possibility of remote code execution. I believe this commit fixes the
problem, and there is a patch attached
to add an extra safety check to Finch:
http://developer.pidgin.im/viewmtn/revision/info/0085c32abf29d034d30feef1ffb1d483e316a9a8
CVE-2010-0423 - "Smiley Denial of Service":
Pidgin becomes unresponsive and consumes lots of CPU when receiving an
IM containing many smileys. This is a remote denial of service
attack, but is not exploitable in any other way. It was reported to us
by Andrea Barisani of ocert. I did revise the previous patch
Affected packages:
Pardus 2009:
pidgin, all before 2.6.6-38-12
Resolution
==========
There are update(s) for pidgin. You can update them via Package Manager
or with a single command from console:
pisi up pidgin
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12323
* http://developer.pidgin.im/wiki/ChangeLog
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 25 06:47:55 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 25 Feb 2010 06:47:55 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-35] Kernel: Multiple Vulnerabilities
Message-ID: <20100225044755.7F908A7AB4C@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-35 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-25
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in kernel, which can be
exploited by malicious people to cause denial of service, or possibly
arbitrary code execution.
Description
===========
CVE-2010-0410:
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows
local users to cause a denial of service (memory consumption and system
crash) by sending the kernel many NETLINK_CONNECTOR messages.
CVE-2010-0415:
The do_pages_move function in mm/migrate.c in the Linux kernel does not
validate node values, which allows local users to read arbitrary kernel
memory locations, cause a denial of service (OOPS), and possibly have
unspecified other impact by specifying a node that is not part of the
kernel's node set
CVE-2009-4538:
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel
does not properly check the size of an Ethernet frame that exceeds the
MTU, which allows remote attackers to have an unspecified impact via
crafted packets, a related issue to CVE-2009-4537.
Affected packages:
Pardus 2009:
kernel, all before 2.6.31.11-130-43
kernel-pae, all before 2.6.31.11-130-24
Resolution
==========
There are update(s) for kernel, kernel-pae. You can update them via
Package Manager or with a single command from console:
pisi up kernel kernel-pae
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12090
* http://bugs.pardus.org.tr/show_bug.cgi?id=12210
* http://bugs.pardus.org.tr/show_bug.cgi?id=12243
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 25 06:47:55 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 25 Feb 2010 06:47:55 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-36] Alsa: Denial of Service
Message-ID: <20100225044755.B9721A7AB4C@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-36 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-25
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability has been fixed in Kernel, which can be exploited by
malicious people to crash kernel due to divide by zero in
azx_position_ok
Description
===========
Using mp3blaster-3.2.5 (latest version) to play MP3 audio, the reporter
was able to crash the kernel by stopping and restarting playback using
the "5" key
repeatedly. This happens as a normal user, not only as root. Kernel
backtrace points to azx_position_ok() dividing by zero, so he wrote a
tiny patch to
investigate which reported via printk() values of pos and
azx_dev->period_bytes; on crash, both were 0. The offending operation
does: if (pos % azx_dev->period_bytes > azx_dev->period_bytes / 2) which
obviously is the source of the crash.
Affected packages:
Pardus 2009:
module-alsa-driver, all before 1.0.22_20100222-57-33
module-pae-alsa-driver, all before 1.0.22_20100222-57-15
Resolution
==========
There are update(s) for module-alsa-driver, module-pae-alsa-driver. You
can update them via Package Manager or with a single command from
console:
pisi up module-alsa-driver module-pae-alsa-driver
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12341
* https://bugzilla.redhat.com/show_bug.cgi?id=567168
* http://lkml.org/lkml/2010/2/6/40
------------------------------------------------------------------------
From eren at pardus.org.tr Thu Feb 25 06:47:55 2010
From: eren at pardus.org.tr (Eren Turkay)
Date: Thu, 25 Feb 2010 06:47:55 +0200 (EET)
Subject: [Pardus-security] [PLSA 2010-37] Flashplugin: Multiple
Vulnerabilities
Message-ID: <20100225044755.F4055A7AB4C@lider.pardus.org.tr>
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-37 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-25
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in Flashplugin, which can be
used by malicious people to possibly 1) cause denial of service 2) make
cross domain requests
Description
===========
CVE-2010-0186:
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 and
Adobe AIR before 1.5.3.9130 allows remote attackers to bypass intended
sandbox
restrictions and make cross-domain requests via unspecified vectors.
CVE-2010-0187:
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130
allow remote attackers to cause a denial of service (application crash)
via a
modified SWF file.
Affected packages:
Pardus 2009:
flashplugin, all before 10.0.45.2-25-6
Resolution
==========
There are update(s) for flashplugin. You can update them via Package
Manager or with a single command from console:
pisi up flashplugin
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12309
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
------------------------------------------------------------------------