From pinar at pardus.org.tr Sat Jul 5 08:07:26 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Sat, 5 Jul 2008 08:07:26 +0300 Subject: [Pardus-security] vlc: integer overflow Message-ID: <20080705080726.a11ea572.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-2 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-05 Severity: 1 Type: Local, Remote ------------------------------------------------------------------------ Summary ======= VLC Media Player WAV Processing Integer Overflow Description =========== A vulnerability has been identified in VLC Media Player, which could be exploited by attackers to cause a denial of service or compromise an affected system. This issue is caused by an integer overflow error in the "Open()" [modules/demux/wav.c] function when processing a WAV file with an overly large "fmt" chunk, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands by tricking a user into opening a specially crafted file. Affected packages: For Pardus 2007: vlc, all before 0.8.6h-18-19 vlc-firefox, all before 0.8.6h-18-11 For Pardus 2008: vlc, all before 0.8.6h-18-5 vlc-firefox, all before 0.8.6h-18-5 Resolution ========== There are update(s) for For, vlc, vlc-firefox. You can update them via Package Manager or with a single command from console: pisi up For vlc vlc-firefox References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2430 ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Tue Jul 8 11:54:16 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Tue, 8 Jul 2008 11:54:16 +0300 Subject: [Pardus-security] [PLSA 2008-3] libprce: buffer overflow Message-ID: <20080708115416.3006e11f.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-3 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-08 Severity: 1 Type: Local ------------------------------------------------------------------------ Summary ======= This update fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Description =========== Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 (and before) allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. Affected packages: For Pardus 2007, libpcre, all before 7.6-13-7 For Pardus 2008, libpcre, all before 7.6-13-3 Resolution ========== There are update(s) for libpcre. You can update them via Package Manager or with a single command from console: pisi up libpcre References ========== * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2371 ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Thu Jul 10 07:36:29 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Thu, 10 Jul 2008 07:36:29 +0300 Subject: [Pardus-security] [PLSA 2008-4] libpoppler: uninitialized pointer Message-ID: <20080710073629.edbcc757.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-4 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-10 Severity: 1 Type: Remote ------------------------------------------------------------------------ Summary ======= The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. Description =========== The poppler PDF rendering library suffers a memory management bug which leads to arbitrary code execution. The vulnerability is present in the Page class constructor/destructor. The pageWidgets object is not initialized in the Page constructor if specific conditions are met, but it is deleted afterwards in the destructor regardless of its initialization. Specific PDF files can be crafted which allocate arbitrary memory to trigger the vulnerability. Affected packages: poppler-glib-0.8.3-6-6, all before (2008) poppler-qt4-0.8.3-6-6, all before (2008) poppler-qt-0.8.3-6-6, all before (2008) poppler-0.8.3-24-5, all before (2008) Resolution ========== There are update(s) for poppler-glib-0.8.3-6-6, poppler-qt4-0.8.3-6-6, poppler-qt-0.8.3-6-6, poppler-0.8.3-24-5. You can update them via Package Manager or with a single command from console: pisi up poppler-glib-0.8.3-6-6 poppler-qt4-0.8.3-6-6 poppler-qt-0.8.3-6-6 poppler-0.8.3-24-5 References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950 * http://www.securityfocus.com/archive/1/archive/1/493980/100/0/threaded * http://www.ocert.org/advisories/ocert-2008-007.html ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Thu Jul 10 07:37:45 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Thu, 10 Jul 2008 07:37:45 +0300 Subject: [Pardus-security] [PLSA 2008-5] pidgin: multiple integer overflows Message-ID: <20080710073745.f71a0878.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-5 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-10 Severity: 1 Type: Local ------------------------------------------------------------------------ Summary ======= An integer overflow in Pidgin's MSN protocol handler could allow malformed SLP message to cause an integer overflow, which could result in arbitrary code execution. Description =========== This flaw is only exploitable by individuals who can message a user, which is controlled by the Pidgin privacy setting. The default setting is to only allow messages from users in the buddy list. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 allow remote attackers to execute arbitrary code via a malformed SLP message, a different vulnerability than CVE-2008-2955. Affected packages: Pardus 2007: pidgin, all before 2.4.3-20-13 Pardus 2008: pidgin, all before 2.4.3-20-2 Resolution ========== There are update(s) for pidgin. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up pidgin Pardus 2007: pisi up pidgin References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927 * http://www.openwall.com/lists/oss-security/2008/07/04/1 * http://www.openwall.com/lists/oss-security/2008/07/03/6 * https://bugzilla.redhat.com/show_bug.cgi?id=453764 ------------------------------------------------------------------------ -- P?nar Yanarda? From ekin at pardus.org.tr Thu Jul 10 09:17:08 2008 From: ekin at pardus.org.tr (Ekin =?iso-8859-9?q?Mero=F0lu?=) Date: Thu, 10 Jul 2008 09:17:08 +0300 Subject: [Pardus-security] [PLSA 2008-6] bind: DNS cache poisoning Message-ID: <200807100917.08867.ekin@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-6 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-10 Severity: 1 Type: Local ------------------------------------------------------------------------ Summary ======= Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. Description =========== The domain name system (DNS) service does not use sufficiently random UDP sockets to process queries. A remote user can send specially crafted DNS queries and responses to the target service to spoof responses and insert records into the DNS cache. This may cause traffic to be redirected to arbitrary IP addresses specified by the remote user. The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability." Affected packages: Pardus (2008): bind, all before 9.4.2_p1-17-3 bind-tools, all before 9.4.2_p1-17-3 Pardus (2007): bind, all before 9.4.2_p1-17-9 bind-tools, all before 9.4.2_p1-17-14 Resolution ========== There are update(s) for bind, bind-tools. You can update them via Package Manager or with a single command from console: Pardus (2007): pisi up bind bind-tools Pardus (2008): pisi up bind bind-tools References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 * http://www.kb.cert.org/vuls/id/800113 * http://securitytracker.com/alerts/2008/Jul/1020438.html ------------------------------------------------------------------------ From pinar at pardus.org.tr Fri Jul 11 22:12:32 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Fri, 11 Jul 2008 22:12:32 +0300 Subject: [Pardus-security] [PLSA 2008-7] Firefox: Multiple vulnerabilities Message-ID: <20080711221232.39242c2d.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-7 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-11 Severity: 5 Type: Remote ------------------------------------------------------------------------ Summary ======= Various flaws were discovered in the browser engine due to CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810 and CVE-2008-2811. Description =========== CVE-2008-2798: Vulnerability that allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. CVE-2008-2800: Vulnerability that allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest. CVE-2008-2801: Vulnerability by not properly implementing JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. CVE-2008-2802: Vulnerability that allows remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." CVE-2008-2803: Vulnerability caused by The mozIJSSubScriptLoader.LoadScript function which does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. CVE-2008-2805: Vulnerability that allows remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. CVE-2008-2806: Vulnerability that allows remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. CVE-2008-2807: Vulnerability by not properly handling an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file. CVE-2008-2808: Vulnerability by not properly escaping HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. CVE-2008-2809: Vulnerability when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. CVE-2008-2810: Vulnerability by not properly identifying the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. CVE-2008-2811: Vulnerability of the block reflow implementation which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. Affected packages: Pardus 2007: firefox, all before 2.0.0.15-77-69 firefox-devel, all before 2.0.0.15-77-42 Resolution ========== There are update(s) for firefox, firefox-devel. You can update them via Package Manager or with a single command from console: pisi up firefox firefox-devel References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811 ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Fri Jul 11 22:13:40 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Fri, 11 Jul 2008 22:13:40 +0300 Subject: [Pardus-security] [PLSA 2008-8] Wireshark: Denial of Service Message-ID: <20080711221340.3e31cbb6.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-8 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-11 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to an error when reassembling packets and can be exploited to cause the application to crash when processing a series of malformed packets that are either captured off the wire or loaded via a capture file. Affected packages: Pardus 2008: wireshark, all before 1.0.2-21-3 Pardus 2007: wireshark, all before 1.0.2-21-17 Resolution ========== There are update(s) for wireshark. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up wireshark Pardus 2007: pisi up wireshark References ========== * http://www.wireshark.org/security/wnpa-sec-2008-04.html ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Fri Jul 11 22:14:31 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Fri, 11 Jul 2008 22:14:31 +0300 Subject: [Pardus-security] [PLSA 2008-9] Linux-uvc: Buffer overflow Message-ID: <20080711221431.f4ed0df5.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-9 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-11 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Buffer overflow in format descriptor parsing. Description =========== Buffer overflow vulnerability in format descriptor parsing in Linux-uvc. Affected packages: Pardus 2008: linux-uvc, all before 0.0_225-31-23 Pardus 2007: linux-uvc, all before 0.0_181-23-35 Resolution ========== There are update(s) for linux-uvc. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up linux-uvc Pardus 2007: pisi up linux-uvc References ========== * http://svn.berlios.de/viewcvs/linux-uvc?rev=220&view=rev ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Sat Jul 19 10:55:16 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Sat, 19 Jul 2008 10:55:16 +0300 Subject: [Pardus-security] [PLSA 2008-10] Yacc: Denial of Service Message-ID: <20080719105516.27978676.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-10 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-19 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A security issue has been reported in Berkley Yacc, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The security issue is caused due to an error in the generated "yyparse()" function and can be exploited to cause an out-of-bounds memory read when reducing a parsed rule with an empty right hand side. Affected packages: Pardus 2008: yacc, all before 1.9.1-3-3 Pardus 2007: yacc, all before 1.9.1-3-5 Resolution ========== There are update(s) for yacc. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up yacc Pardus 2007: pisi up yacc References ========== * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3196 * http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2 ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Sat Jul 19 11:01:36 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Sat, 19 Jul 2008 11:01:36 +0300 Subject: [Pardus-security] [PLSA 2008-11] OpenLDAP: Denial of Service Message-ID: <20080719110136.bba4d349.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-11 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-19 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= There is a vulnerability ibn OpenLDAP which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== liblber/io.c in OpenLDAP 2.3.41, 2.3.42, and possibly other versions after 2.1.20 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which trigger an assertion error. Affected packages: Pardus 2008: openldap-client, all before 2.3.43-21-4 openldap-server, all before 2.3.43-21-4 openldap-slurpd, all before 2.3.43-21-4 Pardus 2007: openldap-client, all before 2.3.43-21-17 openldap-server, all before 2.3.43-21-17 openldap-slurpd, all before 2.3.43-21-17 Resolution ========== There are update(s) for openldap-client, openldap-server, openldap-slurpd. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up openldap-client openldap-server openldap-slurpd Pardus 2007: pisi up openldap-client openldap-server openldap-slurpd References ========== * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2952 * http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580 ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Sat Jul 19 11:09:12 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Sat, 19 Jul 2008 11:09:12 +0300 Subject: [Pardus-security] [PLSA 2008-12] Firefox: Multiple Vulnerabilities Message-ID: <20080719110912.ed670187.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-12 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-19 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox. Description =========== Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox. Affected packages: Pardus 2008: firefox, all before 3.0.1-83-9 firefox-devel, all before 3.0.1-83-9 Pardus 2007: firefox, all before 2.0.0.16-78-70 firefox-devel, all before 2.0.0.16-78-43 Resolution ========== There are update(s) for firefox, firefox-devel. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up firefox firefox-devel Pardus 2007: pisi up firefox firefox-devel References ========== * http://www.mozilla.org/security/announce/2008/mfsa2008-34.html * http://www.mozilla.org/security/announce/2008/mfsa2008-35.html ------------------------------------------------------------------------ -- P?nar Yanarda? From pinar at pardus.org.tr Sat Jul 26 18:01:50 2008 From: pinar at pardus.org.tr (=?ISO-8859-9?Q?P=FDnar_Yanarda=F0?=) Date: Sat, 26 Jul 2008 18:01:50 +0300 Subject: [Pardus-security] [PLSA 2008-13] ClamAV: Denial of Service Message-ID: <20080726180150.985975c5.pinar@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-13 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-07-26 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to a boundary error in libclamav/petite.c. This can be exploited to trigger an out-of-bounds read via a specially crafted Petite packed executable. The vulnerability is confirmed in versions 0.93 and 0.93.1. Prior versions may also be affected. Affected packages: Pardus 2007: clamav, all before 0.93.3-29-28 Resolution ========== There are update(s) for clamav. You can update them via Package Manager or with a single command from console: pisi up clamav References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713 * http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886 ------------------------------------------------------------------------ -- P?nar Yanarda?