[Full-disclosure] FLEA-2008-0008-1 firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2008-0008-1 Published: 2008-05-08 Rating: Moderate Updated Versions: firefox=/[EMAIL PROTECTED]:1-devel//2/2.0.0.14-0.1-1 group-world=/[EMAIL PROTECTED]:devel//2/2.0.1-0.7-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 Description: A flaw has been found in previous versions of firefox's JavaScript garbage collector. This issue is known to cause a Denial-of-Service via maliciously-crafted web pages, and is suspected of allowing arbitrary code execution on the target machine by an attacker. Note: this update is only available on the Foresight Linux 2 branch. - --- Copyright 2008 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iQIcBAEBAgAGBQJII1YDAAoJENfwEn07iAtZbnoP+wbYMYIRpsw43K5RjOmcO3KL mcEMmv2V0b2CiItfD24bzu9hy/mtoSV/AtSKYsAvAtC7pgPk6iS/Zgbl58vvaP3G drccYZhQ2TXfw/zOLJDmn7u4X4Glj9E7bGEW9BYlEQjZlJqBuXvJN2CkJYoxW1FA lI82rvuSQ26o4y5beOm9zbo5KpiRlQnKFIuhPQQSbVrPQpF9nWb0/hE0GZCPEl79 tqElCS8bOC1oOijIilXHl5SF7c81/EvGhpr4WdgrrXuYsPd1fo/uDNqqZgbYf+Ow gZ0p1qGEKmJ451YOrITMEVDntbwlB4p5D+fjjLgOCjW6lwTcwnfzsspBN0Yxcl19 Lduog7rWBl5nUiZJ50UQF0R6zPuNWDFufkqeQX2mgYrg/75m4e5SQZ17gIoiI2hq 0xY0s6mE1CXhUocNBJ/cJLtdolePpbXPg2s1MyTWjvRHdOm3Z/fHmH5vtwh2kW+k npUXQynGZggQe81Ck49gVrndjTejV4EpIgjWFa+Zvpjxy18A9oX9DDJGD1JMHk8L 7sj35uFZIm1gbAoNYF8vtzcR1FwVKPbRhN6d71MFBhAQMftBKNb6yNzb5t9jketp tWQ2tAWGBZDtLXW9HIjFwUVcMaY/5H/us1NF7QBHtMh6k/JdGNV3D+y9xKkEcYwy jBBOUHMe7CbyklLje4St =YNzE -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2008-0003-1 nss_ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2008-0003-1 Published: 2008-02-11 Rating: Minor Updated Versions: nss_ldap=/[EMAIL PROTECTED]:devel//1/239-9.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.2-0.7-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794 http://wiki.rpath.com/Advisories:rPSA-2007-0255 Description: Previous versions of nss_ldap contain a race condition that can allow nss_ldap to return the wrong information, allowing for the possibility of improper information disclosure. - --- Copyright 2008 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (GNU/Linux) iQIcBAEBAgAGBQJHsVi/AAoJENfwEn07iAtZLs0QAM1moc22EEiI9KjFJF1IuBb9 0liRnLyVsWBHzYOqAIlvPFhzUfMvODJs+9L1UnwKEXidkBUWcwLh6a6A6Um5cQWv r6f+R/HHutcWuVfOv5W0rv6j16sdvpbIxiB3mgEiHR3hP8HGHcN9e5xAPVRqT1eF z0DlEsZrp++fhLMn7vU3dRN0sUFr3S2WqJvQnZbKADGLXQs2lBqE4nLqPOL/UqAK IkFjJL0A7A5JeI3npqHQIRpCNhYWmZCvi/ulzFvMQmXOJ47K/hfESJoanG95aVPb z4w3eammw27HMakYD+YFhrx80TlAKX5VRC4vhzDoqe8Fs5g9gPp9JmOclh7/+EHE /ENu1H0haVROOZofgWr9YHXCXEiV2WOuVdSoo6DYGqnWasEV0cBVGJZChz/Ho2KK tfFhs7BHjd0Z12SZFwbgkzsnkcvgn/3yG2YlbT67Sbfpo4gxplRL9JlNP1rH/2kP or8V7l1Id/BgtLdash9Q9WcnpQAAnCq+jEiz5nA7PWURw7QNjv3ssy6Akg5kfkEZ V05vs1RNGbJefq2mcKcxLwRLHhPFRiGQMfS5a0+Ta/wD0Xz8qrYuISb38TBerrEA ZCbvVyecuzXodT4DFVIwwEQaLj9jYjJB8xYYSrCbPjIUJmU956+Nf2XzlXLCFekG A3nNY7P+qVgGGxUnbfKq =CK6W -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2008-0005-1 e2fsprogs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2008-0005-1 Published: 2008-02-11 Rating: Minor Updated Versions: e2fsprogs=/[EMAIL PROTECTED]:devel//1/1.37-3.3-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.2-0.7-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497 http://wiki.rpath.com/Advisories:rPSA-2007-0262 Description: Previous versions of the e2fsprogs package are vulnerable to multiple integer overflows which may be exploited via specially-crafted filesystems. The workaround for is to not run fsck on a filesystem to which an untrusted user has the ability to directly modify filesystem metadata. This is most commonly an issue when using a virtualization solution in which the root user for the guest OS is not trusted, and can convince the host's root user to run fsck on the guests's filesystem. Foresight Linux neither enables nor supports any form of virtualization in the default install. - --- Copyright 2008 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (GNU/Linux) iQIcBAEBAgAGBQJHsV2RAAoJENfwEn07iAtZhb0P/RnKJzBXlNtpyaN5BgvaslbP 2asNCwET0Xn4VdwTdX/bDfMIYiRskTezYoApYUspmoVdPupMg41IXu9UmE3rQVtP GzYsbznEjuOeBJlF5LTfkvS1qnJJaok/If3ISPlqXkC+r9N59+3hJE3CwjGTKzZx 9+KocNTpPbhUXqp2PCg7dGiB3pSZ3lUTAcFotBQTBdEIfMXNOm9GvjM5fF2oKglb 8StmutCZ5KbrO8OXwSJfocHzLKNmyJDaQ9lBuqwmIVE/0KNDiaYB4IxlsmomoPjg uXSbhVK+fpzAeX8JqgRl3QCNZvXGeUvzaANDdmmjhVnc9UBXy5dvh4GVBx+TIQWl gQ3fBmTramU1OIYP3ip80aV9SLE+BDWOa0Nz6hNL5ed9MiaeYq1CE+x5HwSr7+Se QOP+RH7tiCaGOkQuvdYEqRkvwQ2+nNKkQGnM3O3JPRVnblTKoEgpWLEcPGAl+Znr fYQdy5ufUffuX/bBitt3e9zObBwx1ziYXzZVXfEsTmTWlzeETNDPQdzhD0yRwHvZ xGbBAQgaTr5+ikFGi4VZFTCv5pf5ljdMP5h36zL9oWsZFMA8MLJf8QRaNN8rOl0X ojGSoBKPzGNkFu+PB8/17dcf24f0oD1Osd18vRw96fSppMfW0BK+Dc5gjW5ek7KK sIytgbLlNi76mHUJVv48 =0Zx9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2008-0006-1 Published: 2008-02-11 Rating: Minor Updated Versions: tetex=/[EMAIL PROTECTED]:devel//1/2.0.2-28.10-1 tetex-dvips=/[EMAIL PROTECTED]:devel//1/2.0.2-28.10-1 tetex-fonts=/[EMAIL PROTECTED]:devel//1/2.0.2-28.10-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.2-0.7-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937 http://wiki.rpath.com/Advisories:rPSA-2007-0266 http://wiki.rpath.com/Advisories:rPSA-2008-0007 Description: Previous versions of the tetex package are vulnerable to multiple issues, the worst of which is believed to allow arbitrary code execution via user-assisted vectors when dvips or dviljk are run of specially-crafted files, or when loading malformed font data using t1lib. - --- Copyright 2008 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (GNU/Linux) iQIcBAEBAgAGBQJHsV9PAAoJENfwEn07iAtZaNEP/idwWWS0EW4imxnW6kRj0Dcd ihqHIYPBVdghJdyexfC2lP3dfz+ziToL2m8sSjmwzNexDGD6M3CbCB1LdT9rUDdb hckY5yihRq6FfrjURUKn7WxmbSCggEHU8+dHG8lE+U12APk7XO+MsT/KYnZkdJgG l6cUECXPC8cGbsdZ5EzmQ5PIUpr+HJfMBUzYGzOwVZMpOnsxHOkxztEjOzo3utyt ard9palh4g8Li+je9geqc+6f06vk0ElaLXqgx1IinduqAf4fWBbfzQLopJXSvVNo h9xZIdH3t6KLjt2p3OS50IuJnKfImgACpaWVajEg06MGTrbsLz1sopU6G7QpJ6+9 ZmnLe/HPx5KdLP0niQmrVPrVimXU/fh5VhWLE1/U9j4FmhmCS5d9bESHSmWWXA8w FC48wKsO4fcoC8oL7UpFRONyj6sN8KfBC7GvG39Am2vZwCGewOeY3HJoQLYQfLpR XA1VkqDMR4PuYqexpsVY1FQpaS0jRIcSE+hPmzS3/DNt0ELJfyrTxeHW/AvN2xhY qRWXE+wsH0WYQGY29QaV9spseAxtEHVcA8FIW+W99y5Op6+c3ZDuVTCCkUUvHizt bdB0tDLe5KieweePJAmOwU6jI7t0qszPuMvus8Jh65u3hv50QtnKiOUA+c9XiAVq xqSHbBU+v9rq4+WMOzUS =HmPT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2008-0002-1 python
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2008-0002-1 Published: 2008-02-11 Rating: Moderate Updated Versions: python=/[EMAIL PROTECTED]:devel//1/2.4.1-20.14-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.2-0.7-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://wiki.rpath.com/Advisories:rPSA-2007-0254 Description: Previous versions of the python package contain an integer overflow in the imageop module which could cause a denial-of-service (crash) or possibly leak sensitive information. - --- Copyright 2008 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (GNU/Linux) iQIcBAEBAgAGBQJHsVTzAAoJENfwEn07iAtZAJMP/iIwYdwlC/4w16qafgY15yP0 Lz5dpm0AkpQKH19kZge0QPSSrXw1NRm8b91LueymKTfoDKF1vQmgPXY/5jBtL9Ih hDdZNjTDKPUUnd5cDWQTdQDhijDJYJiKwV0Q/4ghs7bznhDQJxp6IYQtfN68WHTR +E7OnxjnMtJM0l1DWdso7QWwFDyOhuKMybUaZ94X07jxQgtsUBBdup+rwCnttUpc N+d+LZMRgCb+hG5SeHHO70mALoCxGnGL+DW9+IQxSktTuPUWqgJKeMwGwESwrRC0 WdPCuadBWsPwQnJHBLFqyXUpDeWSTrxOUjWXc/AUaStB6KcaDQuAHhxZ1/ABHMvO K3dzeqjYj3VM75hsMb29V4LZOSWrRHGm0gosebg6falLHnX8C3JFXU43vLZSUsoI 0n4elsOY3v/f2+4oTmUTyl12k7/gAYARkJWgsdfaTV0vwSdyP6c1bKJrc/re1N+W FMhjcgw+wnAlhHJusJSndQZrzftk+8uqB6rK7d/DKW9b20nMKrK9S/9WqYumdK2z wowlcQeAM1NCPVFs73j83N1p+QVp14V2sIwX5DtYNDmzE5ysPM1cxgJr9iOOGZA2 Q+avB/VPDMyrVie6p+tLMEnTD1hJSNGRx8cSEBbOTVJh56kqGSoBDA6m+PZ+N6v/ zvKe15bOM2+24hraTpgI =I4q4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2008-0004-1 rsync
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2008-0004-1 Published: 2008-02-11 Rating: Minor Updated Versions: rsync=/[EMAIL PROTECTED]:devel//1/2.6.8-1.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.2-0.7-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6200 http://wiki.rpath.com/Advisories:rPSA-2007-0257 Description: Previous versions of the rsync package contain vulnerabilities in the rsync server, potentially allowing users to bypass security restrictions. Foresight Linux does not, by default, configure the rsync server to run. - --- Copyright 2008 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (GNU/Linux) iQIcBAEBAgAGBQJHsVn6AAoJENfwEn07iAtZwnQQAMRLbul3XUwMcqr3bDA6hNib TeQIap7FSWZeRGv1aRgkjlSiwP9l6QO4vQVvEVybaNCBfDu+lPWmgZXptA+48X/V rR2kPo/JehB16nAd2lP1KDphLbP7m4MyIN02XLXs3l97ZGINYsUpBC6k7/pRXJk2 IxNDtGxqF0Q1Xt+GqRsBmZpTmjGAFWKRJtnYrT137OdxZSdFx9y+6smSthbNmsSC j+04lahec/22lWxzD0jzkWOMJGuO6GNi2IKH4X1Bkgqy1IwA2d06viG0l2P6tSRe kpC0j86DdmC/mPOZWcZQT69blUkhGaCmGjFwQnF+shLHOprCxAdA5wIJTvR1M6/E AsOdqQLvLHzyRbxvmw7VwW613NGW5+LJlxA1Z7UTiZ/hoYBMisbehTNWS/HhfQP+ EhLO2cwK5r7uvTMWBCyq+2/EKAXeLvwGRsWu7ZSLjVmfPPEj8KUC0ZxlHTVQPkyd 8abhgPMPi88VBJFtzVmtszlywMjEkOpFcFsLmI1e/0pClyZiAfWYe4VyXyvKraWS eJi5sPKcH8fvSG+XwRZYwji3kXe9u0SVWaquLDYakEa2qCfufUNuln7YYRsDEAHf kOTJCvrpkh4HtaZYVUmW8vnxuuaXs+ijdvFwHdCEnWA5ivESlufLpstSTJJKPNQY pFkqrZGJmVzKi525BCCf =65R6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0065-1 libpng
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0065-1 Published: 2007-11-11 Rating: Minor Updated Versions: libpng=/[EMAIL PROTECTED]:devel//1/1.2.22-1-0.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 Description: Previous versions of the libpng package can cause applications to crash when loading malformed PNG files. It is not currently known that this vulnerability can be exploited to execute malicious code. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRzfbdNfwEn07iAtZAQJorQ//XpFcKedmytQceCut4A3lgvjh/FXUHlkh wvU6CWI8B9jvDkmd5xH+kGsq+nsYe9VO7kcGDh634FqrAeCVuFFZED7p/IP1hQRC jn7FZQV3vxS+R/iV22iySXKHy1309rOJVR6b2r/TwS0C0wer47CZZhTcnoGV0+TC O13gl9MR1O0PsPnIEEU4Xts9mEGfELtnEDfvTxWFKGgzpIGxSXeL1xqFX1KjdjWb HN8GuWDbjOjmawoj/S7nMX92nts65+IjaVEBbXyNz9K6Te8/BDqJM5XyLnAodoSI +cJUp7qvr84uYQ602/QAsWkWKA7KHuh7E6/VZOvSp/9Y2H2zCHb+s8O6AvXHgo1z iDkHLT9mSxh2LuykXt+f7WI1ltrPSKyOsckvh4hoiu234Cn9wbE8H/l6/0MtWrRZ /e19dkcCJB3cKbBvc2mtzBIzhLMZ9JMCdduDLLvFAacRcjviNQCX+mu/OK6/fP9Y 1MzYD2C+s1wHnVL7nn5XU8+wByenTYlVy2v/azMuhNK1FTS0roYlnnvVThhQfTcg E/ujxxpwFR5fS9SKP0zMzwOaA0eOQZ/fEHSdWD22cYhMIG7vUFiJ1i0cdRp0aETb eV+LWSKB3i6fkFPYjDS6Dr4KCvsLbXiitDhfbzPVuuPsWkSLOvoIJb/skKoPGRGm zh3T+TIN1mA= =X58H -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0066-1 ImageMagick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0066-1 Published: 2007-11-11 Rating: Moderate Updated Versions: ImageMagick=/[EMAIL PROTECTED]:1-devel//1/6.3.6.9-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988 Description: Previous versions of the ImageMagick package are vulnerable to multiple attacks whereby an attacker might be able to execute arbitrary code by coercing the user into opening specially-crafted files with ImageMagick. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRzfcadfwEn07iAtZAQJrlA/8DY4HtEoTS1Iy45KtUA01LwEFDAMXdXmY WqVDVS/zQ6UIFwafRZKSPyK4eNOAqmHg/N5IoWjckXv3KU8kFNkl8zgsQy7+FiRN ZUReSeQDS3B/r4SDpkgnI3UnDkC0Y1vpsYLDz2gWSq3+Sq6c9c4lSZyUtS52w1zG 6wETgXmwZWVyV/vyEZ2PRk974YPrDB8iildAR6T3HIMBi+tnndIFa9iMe6tBiQvK UAzCZmHeQB0U9MTSdG/hPhEP7gNRpoeFqzCxtjiyxx2oM8D2UCBExmLUuhi3kZ0L 1sxLY9QTa1mYmx1TND2ZNVc8AKpXO6FGnUcKe7eJ+rVsUSzgZd67cnLiW6PX/zfa lDz6sTSB637/sq0vhi72CAs8j6A5GV3jcCaHFjJZtDBFMlemid0a2VO2sM8eP4UH 5n/uzRntt2OMKy/yjhbVXzO1SG1thQH7ql/z6SyM8GKD7d6qZ+Hekq9iJKL8RR3W H6lXkEYEIDm4mQrJCreQA8UXpLvc/b628SY+oHAaYv6VcDVahlBweEV8o7nMmgUy LPFYJw62IDOCjThgFEJLfpdGZA/37OpOrPnfoGtR7Rl/MkR+nwsTsvo4j1cHB+pP yGncgeCR39u+aeStQcAfrM+dPFGgb/cDNbByEHqulCq3SGNx1MTgCSoGPteBq8UU 2Vx4mW75h3I= =2VH9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0067-1 pidgin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0067-1 Published: 2007-11-11 Rating: Minor Updated Versions: pidgin=/[EMAIL PROTECTED]:1-devel//1/2.2.2-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4999 http://www.pidgin.im/news/security/?id=24 Description: Previous versions of pidgin are vulnerable to a denial-of-service when pidgin has been configured to use HTML logging. Logging is not enabled by default, so the default install of Foresight Linux is not vulnerable to this issue. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRzfdX9fwEn07iAtZAQKuWxAAwT3oV9yX5ux93HpFgVDjQI6KJ3g2sFJ/ NiLGdQHbnxEqtry/T0vgalw8Rsh/HNcd8jEAEBxe+wHZKjY0CiaTDmA5/76UItWq hov1gc+0KNeWF0aUn/3qDfvrSFzpaa9s/1WM4yEsQNAKSz5X78m5QS0QnEBI+4lA HTPbKjQp/tsEpZxt3/1JFIEZwlKDgyJoq/JyH2JE0l+kYVFQ4hXeRWwJbGFx1jTJ iwLOzgBxpJ8pn+iZJtaHif/CO1JsdVZ6n5T6k+n/r9kc3Hs5yqLaUeLaREQyUi+P U5Y6tu27OU0CJ7SZITMtsqRbIibzvVQuQvZQvIYruyIjeukGeaTgcOj0QzycF5Wl jqby6cf1fwdHLXXxdkyYiK+2eklrBLJG0Sbxlt4l9v3eL8lUAlSHTfHSwn4sKxg9 OYBgixcrU0zxcKDlai/EiXmHElorXtCaIYlDaIeunK5uF/VyBOgMhUvlMmkXHWY9 I+a8kn6ita/ulDUKJBaCmgm36MsS9ChfCSMErZQTxNbTFhPUS1jOj8rErE4hgGgo AHXDzlbeB1YhpsuKlIAelZFOjCNaaNy4H52tQlK+m7WUdXbwz34JrL6GB2GuR4ir 2+0kjjLszBki0sosjl3/yuE0uKpB1Xch4yr/KjhmqtMvnRAEElWe8QMc8t1kVeoi aOljymBtaXU= =bzoP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0068-1 ruby
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0068-1 Published: 2007-11-11 Rating: Minor Updated Versions: ruby=/[EMAIL PROTECTED]:devel//1/1.8.6_p110-1-0.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162 Description: Previous versions of the ruby package include a library, Net::HTTPS, which does not properly verify the CN (common name) field in ssl certificates, making it easier to perform a man-in-the-middle attack. It is believed that Foresight Linux does not include any programs which rely on this feature of the Net::HTTPS library, and so is not affected by default. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRzffzNfwEn07iAtZAQLx/g/8DQHUZnmhYJCYAgiUQsN5PGTbBEWpZdN4 VxaCBPxhZL378cl4r/eBc4+CH/nni+dOlea/MVRMhKYxtERt5LnM79fa2ur2uIdk Vt8QKACYe52OltlPw3kAgdDeVVlWZnyYl2V9Py+dMgwRdrcWiyv0RAuc8FQYUc7w z2ROUIyPXlVU0a2/LTvkIyQigfugQVSlRtmTqVDZIeAYn1W4u8u8nw3MjcX4Vz+H 78IEB82yxuTzKBwj+tXldZmb4iecVYiAFYddPQNjcYMEZBPaysQCp9dE/aPE3Odq ncKBqNTsnbWJxICLlxMFx0O/iF/dBHQVgd5KhXcdgQZPIPzc7FdJW3AjNv4YSIcW V3CTt8WHbUDn1b9XKHMQ0sCOkOsrPgWwuJk2POYjfJWAvY8HcSid0RTbBylEsNIj D0aVRY7ykhn36xTmRtrCqlIJZ6vBCWgnhMKdTZ16dcN2YzyzapflQZ0AD1D0p3xQ OWjVMgotP8ZNotNsVLctigyC836Bpqu2XrKFY5lSvRcrS8TcHr/JeSwSdnEjjwTO 8Mai0QNYYa3cULXpRQSFbt8q1A3UZ3QZMGE+EvUAhYTsxRAnPgAjsS31v/qLIfe7 SIzIJwIHLrZTk/SMz6bFC9BjJ1ybUR1RA47pCmNOkVjQaudttqRJiLq1TtXh/I/Q V1w0i/aDmGc= =Dd9Q -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0064-1 pcre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0064-1 Published: 2007-11-11 Rating: Moderate Updated Versions: pcre=conary.rpath.com at rpl:1/7.4-0.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768 Description: Previous versions of the pcre package contain multiple vulnerabilities which may allow an attacker to execute arbitrary code. The pcre library and utilities are not known to be exposed via any privileged or remote interfaces within Foresight Linux by default, but many applications linked to the pcre library are routinely exposed to untrusted data. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRzfaAtfwEn07iAtZAQL4mQ//bynB+4Aj7mzUQGP57+uL1Lz2vRnzDneF DX60BQ1yAlFAxkXVJWDw2xiOVvqzN5urnXsKhmUej6+TPHmNnYOXKsJ5s6Aq2z2r zKaSOlQEAwNMQZ9LxkRoAOe4im7paLpkSlOIFDy3XG33R9zfDAT+ifsmWETCmzue MD0WuXgC5h3/TipNnxtyAm/q8ImLKV2Xng/GEAPSTzcAcqojUXyKgSyTr14dQ66/ yIE2q4NcAVyJ/H6LQQmmqcAtXxBvLw55jMtiSOXdjEHpkwM/6+d2YAPAwaDBowfr tD90tVi7h+pX8Zph7mG0QFSW3qfNSDhDZEvxq7LMTwnMQ/cID6E5O+ZTw3cdkp2R b97iPJGZcodI6RoO+XHCWqaSrtFuMeuTL4sKoYsYY7iCc0ebht/67aTaOKK0yrrw e2locTPIOIZ2u9yqfjZPH5Vwf+zoDuyVWBPHWx1i3MC0O/Zu1//dgqqZDY/eGFBe db3EHUqr1qJsCjZPG136jhtCuJMflAJM2cGdDDcy5ojVNPy/Vt019PAVRYOjnVpU kM0/qKkZzg0c4Yx1UM63fA1JfXRlOiZ9UY0zaOU8F+a5d7A+s8V5HcfrFt2WbLNg 1uRlVmkWj7vMU4JJzl3EUqtPwUq8zWaj34id+w3SobKbIopCc98ZDOgUuCNLGvSe Kpr7fv9nBtc= =RTMx -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0069-1 perl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0069-1 Published: 2007-11-11 Rating: Minor Updated Versions: perl=/[EMAIL PROTECTED]:devel//1/5.8.7-8.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 Description: Previous versions of the perl package contain a buffer overflow in the regular expression parsing code which could allow an attacker to execute arbitrary code via a program which uses perl to parse untrusted input as a regular expression. Foresight Linux does not include any such program by default. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRzfiXtfwEn07iAtZAQJZvBAAkyoO3qAWS0vWHBFkQgiCl9vf2The5zoW 5B++Z19q8v1QriFmCoa5FfaLrHHajxt5FzjA4gnxM25YBYrM98XTwj567woz62EX dPxYsNaiR3+nKpnygPwRpbhO4s//KLvPlfGWG3Z37fTUigGcNJEerpFLu0io+ESK qR8gG28zQV0mwvccY/r83KA+vx0mhG7zl9ZrsKzHc/W+dXLrnqxsBNnPtPz0Xvth W2g40wrUJ267f8ZhWigrwxCquJg6X4XBUU2ge0PFveI+AySbxsYhxO8mBF41ZWS4 0yW+9f8X+2cVjiwTv6evShkAm0opW45dETOgL9mKXd0A30tDVXmqlEv2I3dQnWZO fQ1rx+AdTVZ7ZTkrXJ1FvZHMzQ+nMbQOGLg/cuF4uEgnkBDr1qCkPxzM7VtsG5WG IkAIPGqyGrdDfXVdu1hWf3VJYcMl98Ybp34xeWGz5nvO8myvbCZdzWoCcaIHKVsM elgqAEgQQpZ96yIfjLZ9dVivE5sMOTdJQvuhDMunrtOZP3/o+kDNRWIrTIZjYiRg /14fwuOeQxIHqvC1gKCdQFAZ+JcyzCD9ET71oAfXsc6RKTz4xAUrcdLEXbd2Ge2i /+QBMeeGb+tCI+RqREVYuMrtLMap4A3aNPiH9EjFMeGBM7oExU9nmgD1kreEE0Rf i5g5bQ987vM= =p0Vt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0063-1 perl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0063-1 Published: 2007-11-09 Rating: Minor Updated Versions: perl=/[EMAIL PROTECTED]:devel//1/5.8.7-8.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.2-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 Description: Previous versions of the perl package contain weaknesses when evaluating regular expressions. If a system is serving a perl-based web application that evaluates remote input as a regular expression, an attacker may be be able to exploit these weaknesses to execute arbitrary, attacker-provided code on the system, potentially elevating this to a remote, deterministic unauthorized access vulnerability. Foresight Linux does not, by default, enable or contain any such services. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRzVJ3tfwEn07iAtZAQLGlQ//ZaOxxdDrbgVBDfnrRZ2E8AAY4wlT2x2w iI1ATK2PyHKRaMk+8hOskweQjxlQc3C4An6ff/wBCPpIzdG3rufsZCQ5YLwUVX0G InY9wFWKcE7LqUjp8l+lnBQyXf7po/LLppgwOR6ccMIxI44JbL/jcxfOT9EbO1bU fvEpzfokfH08j07wwX3ReNWA6xyO2SuWTiXSchUNGnYqNZeOJ115SdPKQC8I8jvi qhw/HLH96FCK19sigW+ELCcuWHdCKvUYVcSYTwXK/zGcMyr9IV4mgJiF0of7l7il ADYMYfT28JpkpdNXuOasfE8s7MNlEQ8wVqbbZt40je0OaoTTc/eslqf3JOlyvKZW 8b/WtYgZ1asgEHp3puTcl6e1EYpdf+Yg61RLVZiZ6W4UpFFgut97jp90yY3cR3C2 4v3C5978JQPGKMFhdB93YNE60fh3KdDWPutR34VwFEuhf50vRkND9++5uhmymtLG 0+vz/7QxoM3fTUuCUZLoPH+qJUYo+HwuasPmWUEyKpqrOT0eBnmZKh33/WHl3uo5 apyD9GgFl8bZjuVsTzirXh0JrLUNj4QWb22snEp9ZU/5uoJ0IaqWX++9jQGoJ+7V VIlfXilU0r8UeorVRuv3+HXDbHRbLnpuVhHTMq6Q1E4brux0Y8NOMxNdJq2UHuFU UVdaBJzKoMw= =Vbpl -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0062-1 firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0062-1 Published: 2007-10-28 Rating: Major Updated Versions: firefox=/[EMAIL PROTECTED]:1-devel//1/2.0.0.8-2-1[ group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.1-11 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340 Description: Previous versions of the firefox package are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code as the user running firefox. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRyUnPdfwEn07iAtZAQJUKxAAtcaZZt3wFSB7Re2fwCH+EIWaU00Hm8fl p88xRZhTYVavaltaOiCv1khnbuIYzAO4PJTgspqh0McjUqEQcDJctgeqalxp2G2s 1LWrPdS8HAcDyrH8wuGbDBbH9w+zZfl4cegW92iJtqefS7SZNX6G6NPkwVbftuUl XO7Ox0G/oG46/U541yXNOfK61uKhYH9ID8cX/5Z3C7Sm8yze+v2URXSbqgqmIbN9 OjkbkBw4cqv+KUl/9eJ0IhB+aiGXMMExqeyt1VDsN3UtH/eeRIHue8FKZsGDlJBH UlfUhgyZUSFOURGPp58pNW7ohm4yEf9Zz0kWcOxNHYerh0cX9XBc22djdBVr+FwS VxpC6ncrDzej39JAABkFfLPtq7aKaaBm4DATdauxtbcPnkFMsPOm0RYkb5jy2eCT M19zYOMFHzC0I14G3eyA1X/MJpc9x6DrZem4KtqMTBEGAUdAJxQZUzmr5M0WW2rI qFwiNA+Ol6ogS4NfDXCiC9AVCNEmmzDxvIK/jKSf9f82MuURZaopvouxfG81qBeI Q+Kdm1gRUlYPNTDSC1Bg7svCvQTDyFV2MLnjEaj8o5rFPbhd00J54u3RUz+DGhOx sqwLEKPnN1m5bZVJTW14CAWMCCBwKwqYmwytiVX6tqZkxUZGWk8eWA5MyloXNKAW +6KZ+wCr0Rg= =b9pq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0061-1 sun-jre sun-jdk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0061-1 Published: 2007-10-26 Rating: Moderate Updated Versions: sun-jre=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/6u3-1.2-1 sun-jdk=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/6u3-1.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.1-11 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274 Description: Previous versions of Sun's Java implementation are vulnerable to multiple issues which allow attackers to break the security model of the Java Virtual Machine and run arbitrary code as the user running Java (most often a non-root user in a browser setting) via multiple vectors. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRyUk89fwEn07iAtZAQLLeBAAiiKJuQYc0Wf3EEOlpf12QEQLIutDhzNw sRi+uPwhglDezX5ND6he3mnb4FVWvBCwId0/gcU+UqGDJ6q1+b7kwwBtLYbI3VKl W/6/bRwHZgA87B35R9gWOmV9s/a6CcdHe46bqqTEfNIdP7f2DwkTOncSS+fp+hlK beYhRO6nNbINh9nTvBKuZlY5BiKUtpHJ6frSlLEcwwyfFRz+ewohqJsXQeHivJuX FBA1k83cu3qZNKQu6x/6XQav1CTo/w0oS0+zdry4XTPM4z73mVA/Cae/IzDSzYPX AX6IYa4cAr1HFL9e89nM1/jH7RX/tkaZQJYzPvp93tmTagj+10C6m0BkVyRC2B8/ ZwkqHxxNv26vIUDbaPieyl48ihoRWRB8Ok00ibyfxMnlgVUqfodY21/GO5Y/0VgY jd96GvT+W71Ae7N0ZzEvK3YB+rbqRUBmdppZKD6lNjeIFF2eTXBiRhrCHMqSJCzW f9WdBUnCNl7apb8m2l3xSeJEi8Vzj57586EoAUmeXjhRE6uQvmMDH2CKVDU6VR+i Iy3ZDI/pC+SUm9/z12GTX38rbwceMCE4d9Lo3G0pnTtf3C0SC6x1bret6hSFcGp4 L5jjOgDV19F/nYN2SC0jk+2LSMoiWbqZUPdUaTgsBoLYR8dUMfK71F3KfoARiKVE vGYpqbHQMDc= =PEfc -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0060-1 initscripts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0060-1 Published: 2007-10-26 Rating: Trivial Updated Versions: initscripts=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/8.33-2.9-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.1-10 References: https://issues.rpath.com/browse/RPL-1825 Description: Previous versions of the initscripts package do not set sufficiently restrictive permissions on the /var/log/btmp file, leading to an information exposure issue in which users' passwords may be revealed to unprivileged users in cases when the passwords have been inadvertently entered as usernames at some login prompts. Because sshd detects the incorrect permissions on /var/log/btmp and thus does not log failed authentications (instead issuing a warning about the file permissions to /var/log/secure), and gdm does not log the user name, this vulnerability is generally limited to failed logins at the system text console or over a local serial port. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iQIVAwUBRyGm4tfwEn07iAtZAQKJTg/+N7ZMGHsvcbaYFUG+OBZUm0BORGj1UzYP U2zkGY5XdBVIeDXeNOT4HJdOkMzORC7M4az6EEzqa9UU9TBOkcRZMvz9gF/bu14O KqTfB5QhHkvQzpB9/ExMgnvayvugwtDMnQq1KuDSyKsCKHyc4spp3vdH9F5KylZz EHKJYmNaJKwU8Sbs9UhLKcgNb+Lxd+SfQlYSABfd3tXWcDkQgJaaTzMvskDu5w/i NTGB33MnCwJIoIjYWEndD+aitRrq/yAE5bVq7cS0vQWpi/yvv85HSbruMAmXqlTz Q1mL8kud7K2a0Nh2d1yr4TYYndArP6W6J9/lLh0ev/b3kMq0S5KmZDvKTEdymMAJ sZueikAVpnIfKUFao4zlnSLyS716FHCgnoizp0pJ5HI4MbGQnhIdZz/YWymUiADE THGcP8rbX2bR7pKeXcvF0M4hWZ5tiXGXXjvRUFCmvRZLCVnbqVCqoW4m5UpQixa0 NxsVUG34XMXfb8hcmPt1UviQeKCbrJelsU+NFQCLpEqZfg6Bme+Kez/x7U9xXxON NfbxN4t4fwZTmHnv/rG6j/cr1/1IsABC8bzWWCZhdJ56j/CC41Y/Gz1BpM18Y9e/ nT1Xuejgge3rlO/w+mhVr27ZUX7Zzx0G/G8PkyQptylX4bHrx4iqNa5h/x6A6mtS Cz27HdtuXqg= =/cpa -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0057-1 pidgin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0057-1 Published: 2007-10-02 Rating: Minor Updated Versions: pidgin=/[EMAIL PROTECTED]:1-devel//1/2.2.1-1-0.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.0-0.5-8 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4996 http://www.pidgin.im/news/security/?id=23 Description: Previous versions of the pidgin package are vulnerable to a Denial of Service (crash) caused by a user not on the target's buddy list sending a nudge, a feature of the MSN protocol. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRwNQXtfwEn07iAtZAQIz5w/+JeDrbpAETc1uvaeBZKTYgaas5vxaxbqV AgcUkpxCbCSGCq6A3ama2WRZ46ecXqcOXLZJO0DU8KA6zMbe/fHbu57W3wkBOgJY rBo3eopPwN3nw9bL/L/rrZ1OAY3vPzwg91OK7xxIfbD0pQSxcvNX7QuexgfWe/+I /q21WHa5ccdbcGcnUKWsJpr8F9km+30iVQ4Gx5qZ/HG4oli2w5kh1IuKTt5TrC0H O0Lpru6lWS8vPsBwdKZrzqAp1YplVrpAC4oIRSloksirS+ticsj28IpaEEDicWWv a0g+3o1MzYu57nKfGSG1DkRRXc0CredREXzDSYR63kjZPeyfDr5QNhuzXgDXFK8Z jZLwFEzUFWbmtWkOnaTzfnWkqZZQepCp7XBBbrFScReys5ip1MthFyAAxWye0QPJ N0sJ8I49sWoo2MY97bKRy0lExTB7a5F5PJBsjVHvX4ip2isSEz0Nh8fswT1z75g/ Jfx53rqHEkWKER/b9VtjHwZN9OpOUMpYln+INH6yLbiEIRwRGBrpDZwOjJHWAjOh mUXNvb2Wo2m42X7AsELveoWtYpvjak+W8h3CUN/C20KQMI631cG8UyuRC+6sGUw4 SRXPaTLMVVX7+yilaaxQhmo+ZGb3k8ZF9E4F7XH5FAcLL8D0DwURm3H4eIoIWCjA 1S+p9aiiyl4= =EHgc -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0058-1 openssl openssl-scripts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0058-1 Published: 2007-10-03 Rating: Severe Updated Versions: openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.10-1 openssl-scripts=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.10-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.0-0.5-10 References: https://issues.rpath.com/browse/RPL-1769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 Description: Previous versions of the openssl package are vulnerable to a buffer overflow, possibly enabling remote attackers to execute arbitrary code through applications that use the openssl libraries. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRwQeF9fwEn07iAtZAQLCAg/6AzU69utnr7GUyJceZb+mzj/bVlyCaNYz xrf81c/Te11IBAHimIxZkeaScxl+TDMfNswdvKbgDXJ4dIEVLil+85l68ocKfU/R 6CgPRv0QHtCtKVsHVn3VvMRO2oBqaW5rBw+ah3+4RUHUVuJDZeOhiu7QaTDMvNtf 7GMIjnSaBAhEpQwbW0IVpweu5s6PbNCzkiQ+a8C8LTgrJTNJca0JptHMTjgl3zqw XMTlX64+yOCPLTONkW3fRssDTzVaWuYuE2WDUEzoI3Scvh2eBnqeeteh6C2uqmR2 TJ8BQml4weT+UCB+i7j+LB57ubiAufbz1O9MCX4u47jZDzlyjV7KsLuCyV75+y52 76fPlUl4YWEiHpK8SXk7MH7DGSFPCs6mr/R87Xs6Hfe3UM1NmHbJZWPwN0u/hUHv EYnDu2fpV0QDlaoAg2sFH9sI3lrR0oPuRKi2F0l1wp0T3prsbfxFmk+M2N6ghK4G IQNy4SQkaLtkLr6GgrLsUByZVcXCRyMr92gM4m7DuoZ+Pq6fkhrTvakoNnQaPo95 6yjm0tSa6cCTwEjhZlHIaOEUP3zZg2ytfMEVmS02nmk08p4m1D0VI2R223BenaRB VYOWEt2nKr1PZExcj8+RsAEeu054PlCwj6si2A2VHj2i4hstGKyDGUGQbCb4IcaG LNPwikMuZ7A= =Jy0b -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0056-1 openoffice.org
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0056-1 Published: 2007-09-18 Rating: Moderate Updated Versions: openoffice.org=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/2.3.0-0.0.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.0-0.2-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2834 http://www.openoffice.org/security/cves/CVE-2007-2834.html Description: Previous versions of openoffice.org allow unauthorized arbitrary code execution when a user opens a malformed TIFF image. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRvChbNfwEn07iAtZAQK77Q/8Cbu1b451obRbAHesCUw6mGXp9hpNEHBO 12Y/wFITRnQlzfWeM8c9LYPBowyGxGuy81G/4FezQf0JlFUOUqPkIob5nivWTuXF YG9i4Xte8vdGplrYxBaxWTK+EHLhTy/Acf0vOKwKmPd7Fdeiuhn9viNu4mOylqGo wCoeBufVLc8gewas/ty3ylEyZspua+SJGGzGYEVby5OkjmZvPzYvpozMHjvQo11z SRFqVCHeYx8mQolBB8VcWBdmR4V+5k5TZB/pG0ayPlhVR260U7mQL0ED52UgcW2S ctNIjQD+Fjo/gLOoVswskAyUKyZlNmOtK3BaLEALFePG7IwLD8/UcHxO+WWLGpTl wJRPvSbP7Aeb3lqkX9eGszK7r70TVWQAew7tZUYQjzqmqaxQ4Cos9zZqduLbCAcL W1AtKg5f/zdEOtEhmd12t6z7MKpug4sWdYaVC4X2+pN7fT6aSAvnTb1durRh9lwK a4eKM7MGuuRM1CnuOB3/D82Q1QinZ6XYX8n41eAztTAGkUf8EIzAGodRQrAMjAwr 0w2zG7o5j8+lTOz/JQh9nHHnGlC/Xo0Iee+/y92RoRHRp0d116bRKfn8rptoIOcL xQx8Dc/3VTCbG2fCPy7LI1FpflggNFzrSKysAuq/T7eZymkdD6vSTcVCsaFvthCr UpfS/27AcJQ= =htKi -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0054-1 lighttpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0054-1 Published: 2007-09-17 Rating: Major Updated Versions: lighttpd=/[EMAIL PROTECTED]:devel//1/1.4.18-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.19-4 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727 https://issues.rpath.com/browse/RPL-1715 Description: Previous versions of the lighttpd package are vulnerable to a remote Arbitrary Code Execution attack due to a header overflow in the mod_fastcgi extension. Note that the Foresight System Manager (aka rAPA or rAA), the only user of lighttpd on a default Foresight install, does not enable the mod_fastcgi extension, and so is not vulnerable to this attack. - --- Copyright 2007 Foresight Linux Project Portions copyright 2007 rPath Inc This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRu7eD9fwEn07iAtZAQLaRg/+Ph4t3CYvrhSUihfUx68jWfEWAQH4hKdZ h8NmwTIr6I3f439WitqtiVudOzB4kNvp58fNYIWhcQAqM5Y6PEkldPpTSRHi0IsB Ate4EG6/DXYoE8Vdc42LPtZlKjllhPEJ4tPoZt++kLUN4EI9O69+sp1Lz70G+UXf 6//65iGthmR7tWkD+eXIt1tCwm5w5ucvIaKkD5V8Mq4SejuUQ8cWmgH/qTfYMfKY G/CZQlzQieCL9oj5XeJ1l27heMAdHwg4eXQIhjDMUZgCgK81NsAZG43Fy38Q7/sZ btE90sFPWDFn+dDqUSzFN8ONcHe1sDE2Y92rTVrc/h1z261O1VMY+8m9eI7+B90C Zrb0wbkrYncv9/PZ+DSIShhalAnvvzv7DGOuUP956BppXs4vNJM79xuiVSteT1I8 JdB+Ht76TfCL+r56b/liizGoVB9uhjDQG/eUPK+B2rztrcwVc8RfmpbcRC5hQ3dI qQN/XlRVhmK8RBArTSdwSbuyd8G85DVhW4NsKR7/5TI6IxOZI0Zo0YEyh0GbyRwq juHergQLbsWF+sY2s8l7a9W+stHifMgAg1C94Zk02vLZ4qVb3H1zwWpUNYWY8T7m 3Gz0A7qFkuknvFDvpBuGuP2j8Rp4tOtPJLf7i55FIwtY5hsgVR47332WAhrSQ1HX j4MJjoUCOaU= =2uni -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0055-1 Published: 2007-09-17 Rating: Minor Updated Versions: openssh=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/4.7p1-0.1.1-1 openssh-client=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/4.7p1-0.1.1-1 openssh-server=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/4.7p1-0.1.1-1 gnome-ssh-askpass=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/4.7p1-0.1.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.19-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 https://issues.rpath.com/browse/RPL-1706 http://www.openssh.com/txt/release-4.7 Description: Previous versions of openssh could use a trusted X11 cookie if creation of an untrusted cookie failed, a minor privilege escalation attack. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRu7eIdfwEn07iAtZAQI1mA//QD4v/aBMlEBccfwRbnfqwLPqHIFw/am+ 9x5FhyCcp7n/t6vgwt4sYw8LOhUD2HdmRv5dL9zQ5KRB11Ed7nMwBrUje15+tu3h TkE/NOZxkWUFrrJ6EpFFHkCAhz9zyCvV0HtVkPi+yHYL5N+VYU5Ez/EcB98hXNaG EWlLwMT1WU230CwP3mb82Tjwah2aLJAVK/jDoieaxfMr0KinBaK9e55sjBuuTrE2 zhvkzlO8MKsL3IHZaK4RtKL6OCBp0aFbzCJTuHnSwkjyrNmQOHft4+szP6GeBEIx 2/A1P/lD78TZHekIRCl+L3FnH9Fe8/SNzFne2FkBYr4EC+7D7iDNkRQaC2gUKOqw GiweNrUyjfHarJceLxleovfjPY+3eaeAg1gXWaJQe6VmJUksDYHS9gpG+SXuPFkD WxxKYea1ncql8o98MfogzTzD+gfHJcpmuHn4rPmZ43Q49gxasmqtpbF86+yG7TPg U/emWMBCCL933nesi6o03Sfchk9P90bN1oWJ2jqI1UnoShsBlQ9X3wDoYjJ9saxD +N9nRTLuNbBZ+47EP3iRdP6nztFNt/2dDN/b4kFUxg5hxFErSPSOp1jQYdBoKxM7 ymh7ttgTIY0gyT7IgV/CDe0h/3CU2J1NdVqoEiRS1BGBfD3OPv8n/+vN0sz9vjks wApKQskb83w= =m8I5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0052-1 gd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0052-1 Published: 2007-09-06 Rating: Moderate Updated Versions: gd=/[EMAIL PROTECTED]:devel//1/2.0.33-4.5-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.17-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478 https://issues.rpath.com/browse/RPL-1643 Description: Previous versions of the gd package are vulnerable to multiple attacks in which an attacker may cause unbounded CPU consumption or application crashes (Denial of Service), possibly leading to the execution of malicious code (Unauthorized Access). These attacks are generally limited to uses of the gd library to load existing images rather than generate new images. - --- Copyright 2007 Foresight Linux Project Portions copyright 2007 rPath Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRuC5bNfwEn07iAtZAQLWeRAAmA76x+kZUN6WmiEQbF5ZgLzXtBTsQsCo jaa2kSr193lueTuZnSJGmhCLpDRp+dcXJT9hWdp74WtlBERM4EPHpFOqZR4JMM6h tZlHF1DIP1WuaqssUureSqdMnK2RW1iyfzATMYq3snlN1FWlS4MtwrOL7lYCpgux YOJ29kEm6GU3U81mMDixOhRsGjQMqjai/Usf/qz5ipmVlh3wk5btSBzGipVuYOss XnxIP4p+17Hqx26EHXTSDlCvsYaewSL7+fnSfGH4xs9Wyi6gN0/yzbu76g0a2jIX gl/ND1wAL8dWKCRMTG8WVxj4XQbV9HlirRzIsCQenpJ2HAaNcFYXkntAdCmiph1l qU6vtEdy0bZGiKVzvM5pG0S/Gzl06eSNkj+AjK1Joqn4PprYAcOPng1QnCXdLdWG sd2z320NH0wN1AJfBu1fFfwmoy8CJHkoRbjLjQEvPOG6dnpuNa4KC4e80Ps/PgdM zJH/xXzFLpHD6VtdQ/lArMqcc7ur1NPKLbedPMZuMWR3HGC7HrMXxe/t1uftQmzh DPm1T30PqoHdH3/SKghG/Rocu/G56Cfbua63aN1JzON+T13zikOuLLFXAHBOEV75 XZ9P4A6M+2M5JvoXksBvz18sMVXYKW651CviaOR90rC+h86HAZEdWA4GShAJi9Fx xjGTZrUYpfs= =Jfx/ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0051-1 star
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0051-1 Published: 2007-09-06 Rating: Severe Updated Versions: star=/[EMAIL PROTECTED]:devel//1/1.5a60-4.3-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.17-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4134 https://issues.rpath.com/browse/RPL-1631 https://issues.rpath.com/browse/RPL-1669 Description: Previous versions of star, an archival program, are vulnerable to an attack in which unpacking an intentionally-malformed tar archive can overwrite arbitrary files to which the user running tar has write access. If unpacked by a superuser, this can lead to arbitrary code execution at root permission levels. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRuCz1NfwEn07iAtZAQI7mRAAhIkKbD3WYxgDhfrJd77Xp10B/WGEhTyl +Yi7tNvWgVYgtpclEqdirkdNChi99/zxWl/MzAbzyZ1Or8izGEhllq6V/p4pEw8m r2QmLtweljmdpcu1sSUBXZfsPwOqPIxK4IyXZC6+z5z7tWBGK9m3VPHKPiBN/BTS m2xy+Udia0H3hILNWHsDYxV6fdeUzYCiBmrgw0+fM5zrkqodM9eHACQZaDS9mbh9 Fgo9XtxsXLoscEEyDyp4HPe1P9ENCaxqFG1AW6EEdvWv1i3F2qazp8CDzoKEfGTC DM0K+in+j5CHWvHVfiZcEdQTB+j3Rkor+XLi5MBiZ0ivbrowcBo7KbNtHpUNiqlg QsLvPRkRUoIIgfcp/ythmUWW2CaaOTZEs30hHZRVI1vf5MIjfKcePQu5XQssNty5 bp/9jKdby3NTe2fkw1vtQqU/2us+cRhxjTQHGs+otpduO7iwQtlWd51ouVdq8a/Q RKrJk2OqQAG1YIXslTSWkQPpZzFMG3YXvb5CYg/jQnVW/VjLKyFIU5Tbn6+iZvFI iLJ7WDm3jY3gSvHVecj8Sltl/BxCPf4EHypkQKzE+khvPVkuNVCmnDOexQ8QzH/r P4W9amhDwuC9PIoSeR7GDbPcziBBFXA2a6JenWL0pp7QUbxZoY8CfeX05s9iGSPu x+kduCNICvg= =cMlR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0053-1 fetchmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0053-1 Published: 2007-09-06 Rating: Minor Updated Versions: fetchmail=/conary.rpath.com at rpl:devel//1/6.3.8-0.3-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.17-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565 https://issues.rpath.com/browse/RPL-1690 Description: Previous versions of the fetchmail package may crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a possible Denial of Service. - --- Copyright 2007 Foresight Linux Project Portions copyright 2007 rPath Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRuDWPNfwEn07iAtZAQIlYQ//eNpt5WTbtnpYTwEHYeDhY6B4EoJAWlRJ z1d4MS9dfDwicZkQqnAaAShEhOinFTPQ/urjXhmqoFm2OER9wnc0A+8EUGfwrU3A m/zLnfiSfiFI1u2Lu1An3jei3Xy/P2LDtlTZYPMYiQUO+hp+oMq9bE5WdbiQ9VwG NBXuimkBHYxpidKvB1a6wm3NhzjkVaSC5xU6T1bYCZu/v55SvFFwFY/80YDCubQz Tf3Bwp4UEYZ2qyGpt3360UFZOVg9hjDqQF3x80LZQdfAI+R7sM/MUjSsdbtfhWS/ I7kMYvtibCme4qz5AuADUL9hZEGjNH8xBxWliA39QRZSkKzO4WFJkDUON6qdo1U3 PulzseBSiIehpuXMP+si4m2GA8fZUQhmDNEXxrjbtZ/8sPT6h8KA6bMgx5phjS5z +B3b9BxODPokLjfFHdOXd2i07xshqB0f1FsMQpPAEjIJEsl2h1HAM0xI9+Eno5Vx SOrDNg65NpmYyJMGQVVnyCUbAjXpFQGH3F4fiolDu8pUrOJo4afvIO1CbsAiH6dE 8U1dtiwl0HusQWreXiAiYYwFwjSJiFcY7/eKMWmGePAn0tjMP1QI3Ak4OBRaSxr4 okvRQy0QvroyUJ0bUDL0XWBqU1zs+QuTPuS/TgjOA+pCQXQ9NjX+wUKRE9jYWPZo CHylL0pscqI= =Dh1w -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0050-1 krb5 krb5-workstation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0050-1 Published: 2007-09-06 Rating: Critical Updated Versions: krb5=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1 krb5-workstation=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.17-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743 https://issues.rpath.com/browse/RPL-1696 Description: Previous versions of the krb5 package are vulnerable to an unauthenticated remote arbitrary code execution attack against the kadmind server. Foresight Linux systems are not automatically configured with kadmind enabled. Systems configured as kerberos administrative servers are vulnerable. 6 September 2007 Update: CVE-2007-4743 was also assigned to this vulnerability due to a problem with the originally published patch (for CVE-2007-3999), which did not fully correct the vulnerability. The update provided for rPath Linux used the revised patch, which fully corrected the vulnerability. Note: Foresight Linux is not vulnerable to CVE-2007-4000 (which was announced coincident with CVE-2007-3999); it does not apply to the version of kerberos included in Foresight Linux. Copyright 2007 rPath, Inc. Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG4K06Wu/kq4lN9jkRAuKbAJ9qblGHisp1f4DiM/IKvUQybqgsIACcChnD Y7j17yIX+GQpE7EqnTDGPmU= =MAO3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0050-1 krb5 krb5-workstation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0050-1 Published: 2007-09-06 Rating: Critical Updated Versions: krb5=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1 krb5-workstation=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.17-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743 https://issues.rpath.com/browse/RPL-1696 Description: Previous versions of the krb5 package are vulnerable to an unauthenticated remote arbitrary code execution attack against the kadmind server. Foresight Linux systems are not automatically configured with kadmind enabled. Systems configured as kerberos administrative servers are vulnerable. 6 September 2007 Update: CVE-2007-4743 was also assigned to this vulnerability due to a problem with the originally published patch (for CVE-2007-3999), which did not fully correct the vulnerability. The update provided for rPath Linux used the revised patch, which fully corrected the vulnerability. Note: Foresight Linux is not vulnerable to CVE-2007-4000 (which was announced coincident with CVE-2007-3999); it does not apply to the version of kerberos included in Foresight Linux. Copyright 2007 rPath, Inc. Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG4K4LWu/kq4lN9jkRAl1zAJ44a1AngaYyWlv9mPITGnsNSYJyPACdEVzK EdHwXvfT1cW5CVzitF2IDGU= =pz+K -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0049-1 tar
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0049-1 Published: 2007-08-27 Rating: Severe Updated Versions: tar=/[EMAIL PROTECTED]:devel//1/1.15.1-7.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.10-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131 https://issues.rpath.com/browse/RPL-1631 Description: Previous versions of the tar package are vulnerable to an attack in which unpacking an intentionally-malformed tar archive can overwrite arbitrary files to which the user running tar has write access. If the attacking user knows the name of a vulnerable binary file and overwrites it, this allows the attacker to place arbitrary code on the system which is likely to be run. If root is running tar, this includes any file on the system, which would elevate this to an indirect non-deterministic remote root unauthorized access vulnerability. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG0scsWu/kq4lN9jkRAg1QAKCLUKCja3x6mYE2UPg4gx/UhV7HKACfVam/ pqYxERJoh5zq9L/zVehiNw4= =IbBY -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0048-1 xterm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0048-1 Published: 2007-08-23 Rating: Major Updated Versions: xterm=/conary.rpath.com at rpl:devel//1/202-5.3-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.9-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2797 https://issues.rpath.com/browse/RPL-1396 Description: Previous versions of the xterm package assigned incorrect ownership and write permissions to pseudo-terminal devices, permitting local users to direct output to other users' xterm sessions. Due to xterm's extensive internal processing of escape sequences, this also permits unauthorized modification of xterm session behavior. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGzfWHWu/kq4lN9jkRAlZFAJ9pyQULDqdu4x51tDaRVCzssmhdsQCfT+8R 5B3Hu3cP4l51t3T/4f1LBGQ= =dmAN -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0047-1 rsync
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0047-1 Published: 2007-08-23 Rating: Major Updated Versions: rsync=/conary.rpath.com at rpl:devel//1/2.6.8-1.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.9-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 https://issues.rpath.com/browse/RPL-1647 Description: Previous versions of the rsync package contain multiple buffer-overflow vulnerabilities, possibly allowing remote attackers to execute arbitrary code using maliciously crafted directory names. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGzfObWu/kq4lN9jkRAhwqAJ4gsPTh6KGzZS/KSHUT6PyOjPxz1gCfZwuu Ag9iWD7wwgY3wbHY7f7NDLo= =kxOQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0046-1 cups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0046-1 Published: 2007-08-14 Rating: Major Updated Versions: cups=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/1.2.12-0.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.8-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 https://issues.foresightlinux.org/browse/FL-471 https://issues.rpath.com/browse/RPL-1596 https://issues.rpath.com/browse/RPL-1604 Description: Previous versions of the cups package are vulnerable to an int overflow in included xpdf code, which can be exploited via a specially-crafted PDF file to execute arbitrary code. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGxEgWWu/kq4lN9jkRApuYAJ0RI6vX98gwIfG97BFV3Za2sbkjtgCePZNo 82BDXAmioNAnPzINzAGo7EQ= =Dyo+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0044-1 Published: 2007-08-14 Rating: Major Updated Versions: tetex=/[EMAIL PROTECTED]:devel//1/2.0.2-28.7-1[desktop is: x86] tetex-dvips=/[EMAIL PROTECTED]:devel//1/2.0.2-28.7-1[desktop is: x86] tetex-fonts=/[EMAIL PROTECTED]:devel//1/2.0.2-28.7-1[desktop is: x86] group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.8-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 https://issues.foresightlinux.org/browse/FL-471 https://issues.rpath.com/browse/RPL-1596 https://issues.rpath.com/browse/RPL-1604 Description: Previous versions of the tetex package are vulnerable to an int overflow in included xpdf code, which can be exploited via a specially-crafted PDF file to execute arbitrary code. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRsIG09fwEn07iAtZAQKFRw/9HOvYe6J2uongwNtmIN7H0D+3g5Tmtc8j g75EVNYMU8F/uNT5/i1P5oJgWNf0Vr/3FgjsK36vngeXft7szRMQmhG0NEz2/QM5 KHxg32M7gREJnkfpGFZI4ny01VQqBgCTpMnBbed5fEhLmc+cDk+CeqEK3fiqmfsM bwO2XdY2DmnH77rtPUjb9thFWu381b9Yx1BtnSGggsmwM+Ft8uPaCHqR9hKf4eyW oT3iQNb1N//NbSoZ3rGUioDPZHDzCp48XNMlZG85CWMwz3hfFBezRiiJOpaKW2am QGYBg/e0Lds8hKPoP+OAI+HrB24QkjLYYOxQKDjOlHrnGTpIePbL60eguvOG6Oiz Z3HtMaXCy67x8sAQReXFSx/QnsW6fzRQ9TZOSw6tO/91uuDKW34eAlpXB/f1Bhex tO5DlAsV9Ghlc0WF0SOC6UJW620JVAq2JrWMY6lpueLf4qO4OYiLde2ErB9gHB24 FYyGM+TgC6twg+gN3fwzf2Xd4xkkX0mFjuNoFTVT+UMe4DQA1CYbZMXGAtX7j+Ni jLhym0LEpvP0EDzBvtPms+N1F2F5w1s6hiarrfrBV5JLVPFjMDZS+dKnd841Wtaa J7ZpYyJt5RAqJsCfEu4XuTo71Rm+oFsAyxjMSAV6vZ+BYRw31i7nBItuTOMi0Meh IzTcy+F5PfU= =L7pD -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0045-1 poppler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0045-1 Published: 2007-08-14 Rating: Major Updated Versions: poppler=/[EMAIL PROTECTED]:1-devel//1/0.5.9-2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.8-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 https://issues.foresightlinux.org/browse/FL-471 https://issues.rpath.com/browse/RPL-1596 https://issues.rpath.com/browse/RPL-1604 Description: Previous versions of the poppler package are vulnerable to an int overflow in included xpdf code, which can be exploited via a specially-crafted PDF file to execute arbitrary code. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGwhD8Wu/kq4lN9jkRAvHNAJ9iYd8RqwK0Ye4cW1h2GN5BbpMzKwCfYtpE 2s2b1KnweHoHWxA+FgW0II4= =1+kr -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0046-1 cups
___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0043-1 openssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0043-1 Published: 2007-08-13 Rating: Minor Updated Versions: openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.7-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.8-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 https://issues.rpath.com/browse/RPL-1613 Description: Previous versions of the openssl package are vulnerable to an attack in which a local attacker may be able to discover another user's RSA private key by watching another running process using that key. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRsDDltfwEn07iAtZAQLb0A//cKD0kUP69zgiADeYxDsBySibTVWZKMlr TIswDYVjZOnetLkcczltSQPC3OO2edFLR0YY2skO6JHvl6ZwlvleGL4xkgiZDdAd 8pySO38NjNGO8g4SLhPJQBN2Z18AlQ1vnM0lo7bJoDkucuMnPHApWP+4gsrNfQ18 TjFKTpld/SAh3tDHqnnGZzHxMplyXXFtXSu/CsZUoC/zM4cVhV+/jx2u++JpfFAG AiR5fzDIGt3YxJz9TtAPpxOwuoTD4jSGfssC678GzYTExwxPQaCiT3fGW30dAVNR JzxmVFfP5KNi9mTsKc3RyiyLL9/iVI/GTgk5nAi5urh6yv5an+aYrtVuzdY3lviq il1yYdie2F8oupinFiSEWVQny894BViNXQIPv9I4qCI+R50De+cBtfiY9yvJcLtL 70TY1/Bb4ti+nRoyZQqFked9QikKOsY9MdrRIDw8jjcueDV9Vzuy+nj3ZiUJvkt8 HaxVl/SjLAfOZJqhoYn58vn/n0uttQuvHX6t8VRukUhnevgAe5HhpEBSnnSrWiCN tleloatNKcuPjbsLCMYCKQ4Z7epQmZ75j9zkZBw15jXGxZGO75oRzPwBQPiSUGC9 pKWw23LCWLHVbWqFI7D3baeaegNdzXItdaD9U2GI8hTij7sm6kN+XbCaKWbkWZGX 4wPk6X8Wi10= =CxqX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0043-1 openssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0043-1 Published: 2007-08-13 Rating: Minor Updated Versions: openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.7-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.8-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 https://issues.rpath.com/browse/RPL-1613 Description: Previous versions of the openssl package are vulnerable to an attack in which a local attacker may be able to discover another user's RSA private key by watching another running process using that key. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRsDDd9fwEn07iAtZAQLm7Q//Xy1zO5mDN+a92Qvug+G3XZgE8PSVB80G jXwk7KpA9mF56XA4JvsurQN2OOIUd4bMvdLs5yN13cD4qnmDC3q53QAKR5b6SKr8 x9QpA52TUOF/1BRMD8yCgkiGH7xr+i5TZrActxjWgmZPV2F3AF30p7RqGJcbVBYv WrzTDQr1mY/4fGVUOfKlEJta4wD0G0jqmsRVEsEEuzqxvn7RUo7kmDUCjOJEKfcc eBzg1/gG0BNEps9tQ3hq1gpJXQeum6jW7MYkEtt9BmjBsoDseVlz2YbtypFVh6QM W8YB/G7FGIN7rAP46TQUNxnlJlmppS9ZgYNXNYP/+Lhs7TELOM3X7MtO0RhfhnJB ai9TJ/ROkey7H+UREE6300yChgioDN4mPoJNTGSDRKxCrv0htqIiUGIhXfLQMSI9 ham0LvDTCMx2ooGlfmmBHMM1FF6iyuPZ+vt9gW9cfSPAFFG35iCsYj9ZwXyKGnkO 61JQsvOncoN99zb2myImZo5ZX7xw3ifJfz764PCOYI/6kZNan1OA/vnYnkjvv4iI Scx5OnTdh2rxqWqzD1AjamYW5eICo13/l0leQiHV1FutIIODVqoZQpDL6V3D0Muc clhRxGsvRnjHdFumTbQy+2yN7Bo9KuSmJrrmy1BM+Pj4AUkMK52a2pQQL3ERXRwa gTfqIhF6bu0= =r8iP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0040-1 thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0040-1 Published: 2007-08-03 Rating: Moderate Updated Versions: thunderbird=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/2.0.0.6-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.7-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3845 Description: Previous versions of the thunderbird package are vulnerable to a flaw in handling of about:blank windows. A malicious web server could exploit this to steal sensitive information or modify contents of other open web pages. In addition, a malicious web server could execute helpers with arbitrary arguments due to thunderbird's mishandling of certain types of characters when launching external programs. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRrM2GdfwEn07iAtZAQKMQw//ZCzpqwmRoEl/UvYJPJrvEjs7aQ13ew31 8e80dUPLrjQYAVUrJL+pYvPEYTMrluJlUbE2pjbeEHLViTJR9oQdrMqfW9+NAcgV 90lLV3xHl2CZ6NLnlmmtPfedtmBQkn4D7JSQvOpoWjrQNcwMQO3U39pJ8y/lqo7y Y7fNb3RI2+DpcShLXEeFTFYQMedbZdphWF3msSp6NXUwnRJ4E8uIl+g2viWGVCtY pkYXIFiEYOfU6ec73sXm/qLZbP7qmaAYClwm8ZgBt90eyi7nd8TXdgrEY6Q9EhkP KDTdxV7a5aai+sBSZ4HembmdP9tieXAQVYDMP5XkOXFH5mSKETvKkeupHf5apLLh mWVSFlHd0+Wuqhk/OKjFXurpI7ANat0lpcp1aMGT7pE/v3SpbfqTNvHutiUXLYib HqYKTueZuHkFYrGkAuXCgPmZH0Dfav4s6P3dtia6JSXsPIwpYMcqDjU4sCn1+dy0 kSKZQL2nbZAwK3BzbubCaoGbunnPHLjIKsneRxMpeMSSPv+Uh/fvle/g5/eNz2u9 MqJYMxSB0iQzPaKzL68+BaFwU6gmWi2/14AoAIO5bSqk+2k5XJkcLDAulqw2tMwj Vthr9PJOEBb43sEZVkZqOPV9DTqoVXiPFM3rrGFGXAQXKkL1hvne5a/0Aui3/+0b dPDEmDhtT28= =nmAP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0041-1 gdm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0041-1 Published: 2007-08-03 Rating: Moderate Updated Versions: gdm=/[EMAIL PROTECTED]:1-devel//1/2.18.4-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.7-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3381 Description: Previous versions of the gdm package are vulnerable to a local Denial of Service whereby a system user can crash the gdm daemon by sending specially-crafted as a GDM socket command. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRrM7C9fwEn07iAtZAQJQbg//TtMTm0AqWHKjhUgmxYcqt9CDsGffBdoA 8o43oH1zQzytzPj1WdCZo1IeR0OF80V6Kz2a/4FucN6rBo/sltrsciyKUVkgjQwn vio/S0uLlvsuKEGhpDgzCY6ruo0vqWtfdBPjxUX5NasVbIIzJQPEhtu1UK7bUX/b /zjUpPrsYwy/0eOKpxtKs8AWY28JjvZmCEokzSQLIlfFcwvoMZMwyyWSjyG9EzN8 h9GZI9GlUsMRbgpaG+ek/9XwGe2iFwz4aCS3o0GZHwkpCrM1yn6Q+6rTDidIVjL2 EtBss5Wtc3VO58dlP6FJLhJyO2ECsVRCIW7SxGyt+dyYE5jwco7h0TSkdWu9+1n0 9ANhUGhWnx0ABlGph7M+rBbjGR3TV1zCHb4h8M24zbNeSmnKmdoyT2xNcs48u2nt g/4STGKn8f+auJUV+op0szS2nPo2dhGUpdNCCdsu5Ktn/7EfmlAos1cdlUlfC8sG hMzvBuLmrXmydKD3T1ELneCggettOvvDxcUSXf5l8sbtK220xFi308ayLKTvsbdd YQ/faoIk2rGcRys9BLxlttTGx0FLaPWttKpAkjS9k81B2EMnl1Cf3y0EaNk2QBqQ D4GQ0s69QNMO3yYFHUVhw12MDbwgCaQB8UNo1XijM/BVGctdAnxSgt7whmaQaBEW rMkOMpBZen0= =p+NM -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0042-1 qt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0042-1 Published: 2007-08-03 Rating: Moderate Updated Versions: qt=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/3.3.8_r653471-0.2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.7-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 https://issues.rpath.com/browse/RPL-1597 Description: Previous versions of the qt package are vulnerable to user-assisted format-string attacks, possibly leading to arbitrary code execution in applications that use the QTextEdit widget. Note that while Foresight ships qt for compatibility with third-party applications, Foresight Linux does not include any components which use qt, so a default install is not exposed to this issue. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRrN9T9fwEn07iAtZAQLt8A//b51gbd6pWS2ahCaTc8RdQTDSOHrcflx0 eDb+o0u7aNnwX9A5s1Vo4vciW3uCWf2MZBaiCLQ856RhOmRq+9CFvh6rc2pz2bhH 3sA3sL1DLPqkRuKLGx/ajFSdlrxCwoRUXcB6h4wVCmPJI5SK3cLehFrRyHbB6AY/ 7jU6SnH2lJt6bm13RLHLD+q919FT8uA7lZFvPSKh5QyaXjG5F6Y4K86aF9elArn9 TVTvMWQaeCQktxhFDA3eJtGNE/5cu0p/nQF4D5I3XbncBgaNtrha5YSzfpYOy1M1 xSeAOUkXnkWv+lKhezqD+SeCL+zgzQjx8pjtjZi3ysXxWzrXnIz7Od41GqWvsEBk rHk2oRGKKCmt8obvEtp0kB7jviJ2NVk0LOZNTGL+jU07EMCpJyPsK8SbtpW4TZUF LHp1i6qiqU882DvwKIwxhKBj1qtiduhcWrRCsnxemMv/7P0N4XaRIAAkNHYYgwOW eGbjG1medzeeHOXKQeqgcoERFPm6CJ0//R7vtPHJCLZfBBGLQ65lB6JS2KIw2vSd krvDPlD8uoLYLsOd+OzC3nfUjmWvLiEM2UaxCQpcZwRWQy0PAVlA+jdQOrhjTgDx v4ZrGQaOeKE841hFKYnOxv9KRfoaQQVrtn4Yvbouo6gbSOUYxmHm1pNCLy3I4szz M6zK/5R1OUg= =LBqs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0038-1 gimp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0038-1 Published: 2007-08-01 Rating: Minor Updated Versions: gimp=/[EMAIL PROTECTED]:1-devel//1/2.3.19-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 http://issues.foresightlinux.org/browse/FL-457 Description: Previous versions of the gimp package are vulnerable to multiple user-assisted buffer-overflow attacks in which gimp may execute arbitrary code contained in maliciously-crafted image files of type DICOM, PNM, PSD, PSP, XBM, and XWD. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRrDRbdfwEn07iAtZAQLrXhAAn9MZ07vse3YuoZNFI0M/cxDUZLmnISRS m0C8Ww/gf3NiBexbJa8IJyCAfBX2wIQz5/JzmJ2At+XMoAQbVL92Nf3nnVup8FEh a9TeWgKojyPyInP3yhEdRuc7jDvWOtpq0BivNlFH10uV1xNVtDhde33Gn5O8eY9U DGsyUHikQUczVLUsJSYkXQgiJzBkp4mEIEm2HAZqyrT3hpNMI6mCmk1hXulVD/TN KjWAIYNN7UOGzpeY3cqMPo90hOiwGjbOOxk/jrKhbPEI56j9fTQkCxZWAqTKBk6g spDLyk7pjSSDpCMUDBvecNJFc5pMzPtcJV3qNWLDFZCfde+OLSgYDm6V8n+n4EM1 5UPHX0bErEAlqYkO+Cc2iCC5meLAWKAUIbN7Gkdmqka54Asjkm4aTLSj64iy5J0u zEStenwW8YsvuONzT/+PhiGYC1l6VktQ309jzJwUosWvALh0tBrSFp9HZELoAdA8 RhFSERgxcL7/pfygUzhcpGUWYALyy+17Rb/J9nz1ZOk8UpiWKR0CkcPqkRRUbZ4H VEmAEZgF8BHLwzi9aRPLuoV90TIDxY5l2gpeLS29FtPpF7FYpAZRUPFG0JwkaSql 6JWyKES2jLjQgcIB5J8uNSoy+q/DXw7UWhWdPWmgs1OXb6Lt70Lbbj5GPbzCUYhG 6h0lzqKuQck= =bZ7V -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0039-1 firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0039-1 Published: 2007-08-01 Rating: Moderate Updated Versions: firefox=/[EMAIL PROTECTED]:1-devel//1/2.0.0.6-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.7-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3845 https://issues.rpath.com/browse/RPL-1600 Description: Previous versions of the firefox package are vulnerable to a flaw in handling of about:blank windows. A malicious web server could exploit this to steal sensitive information or modify contents of other open web pages. In addition, a malicious web server could execute helpers with arbitrary arguments due to firefox's mishandling of certain types of characters when launching external programs. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRrDY+NfwEn07iAtZAQJvFQ/+MnWWYwJMIfW9l2jOzLBIdOXtJJfVI+sw hRlf9Dj6bamB0vj1ntL4YPw6V2SQFKXkw92QFJwiyFcbC9l7np73eTNwJskR4VKb 5g8hKTdOjTEaU+VoJkUDSi/JA6RwRGJKn08+/ih7CuLkE8loYmFYbMiR+MxpbHoP u82IAbYKTD4WqMbXuy34MImedvVWby3GxHI01RgqGtDhN9BwvRzmYrip04QUFJwJ QP8xSlfNBkaL0e/7nTDmdWbAqhOYXPdxjQPG0cM9mp6omMnM0SIJ7Fm5UDGe69rb zQm9DFUiCJnyQC8ra40dvdloxmk2en/ZXFgh4rE+Ghw+U7U1/IciWMdboUhdc+QV NI3L/oyXkqSODIOBPehpUfpmg7aVuTXtrjlYugyR4NG5mx5XyQ6CaiZnhZy4c13V QznFZQ8ZJuA960z+jfEsO4y2K8hsQ0z3iFesHW/CiUM1qWKIEKwGV0Uw0m2mWBUF 0ik23yeCzfwm+gJGt4GVqFMK4CjbuVZrT0IsCn3daefiyxFAabNLQJ6XeQB9KwJI Jm6Nj5gPls1Vvip8VOu8QWoUkk9GkGQD1yX3YeyYRCrYAELhCZmbgrJz/NHnnDEF sk9ofgcFvqliOIrgzdFDmEJTP01O/d/TFOSiu+LX82dllRowIfcJLvW2ZvH2AvVN BBO5x3kCehA= =2vlo -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0036-1 vim vim-minimal gvim
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0036-1 Published: 2007-07-30 Rating: Moderate Updated Versions: vim=/[EMAIL PROTECTED]:1-devel//1/7.1.044-1-1 vim-minimal=/[EMAIL PROTECTED]:1-devel//1/7.1.044-1-1 gvim=/[EMAIL PROTECTED]:1-devel//1/7.1.044-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953 https://issues.rpath.com/browse/RPL-1595 Description: Previous versions of the vim package are vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRq4WkNfwEn07iAtZAQIdHA//RuhxXhkOlpo5yMN4jBOC9nq91pe+oB1q NxZLgzaarAJYOj3Cx8KS/M/slDhnePAIxZBl14TVr2SKtHHiNMEA788lkq0Dlw1u j1GpCff0S5lR0BwpvhEQOA8nMCCS91Jb3sXFom5Z7d9qSZ5Ne4Iwq9fk/h6TRgFk 3I0HVMXPRY2AVxAF1OU3/aPiYDqr/fJyurRaYrkHSzMu9eUm6qZ9aBgzJ3SB0CDR 6IvwsBInhs9jRSqX0gK8TGsg53dxDZ9nbTEM+GstUqWYO21kTutSjcKGq1SKlW9z Db+t4OBtl6i20K5Qpk1cfEmJPBUmDg6yXVeWt1iKIy9dv9NHHvz4LSmsMmSpdbqn LyWwTP0BfEV5hHGwwDy8IJx66IRImnOTjRUiuOIMq/+B9jnQZCoZk/9XhxmNeElT dCfRnfFNeM4/Vp+i3d2E7yvkjSZlG5XVLA5Ha+VARrWti/6J/RWXcYRwvhO+QNHz 7Wm5Q8Tza/1is0EmhnejhYolMU3FiPGOnTj5KC92vn2wF1OiS400NKdSbGX8qogi ihp15IOl4SiPRuUZRM2HA5Ru4MLK5A2G7R8NgWc0CUmGfuzeqCCTFu7c72qcT5AW gb4YKlAvwEeyA+bxZKhOgo5Nir1A4rbTPkMaIXrORyC5RZASdoEiQeUPMFkEmlEH bJlpkcoT2+c= =rMyd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0037-1 unrar
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0037-1 Published: 2007-07-30 Rating: Minor Updated Versions: unrar=/[EMAIL PROTECTED]:devel//1/3.7.6-2.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.7-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3726 https://issues.rpath.com/browse/CONTRIB-55 Description: Previous versions of the unrar package are vulnerable to an integer signedness error which could lead to a Denial of Service (crash). - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRq6SydfwEn07iAtZAQLxzw/5AQC2KrWeYNiuWn/rbvnHWSUGprhriYus VHA/JMaBU0S8Oyp7c6Q8/Hriep2BDu/YhDOlgsjuUltu0dXzHUeiPSRjMZte4mmI q+0K1mr+iHnE65MHyREfhlOxqSgN4HORxGB/G8SY22nn2jAtz+V8xgztYrO5fvvI tIfQNNckl8/EV8pWZVqaFUfTOuG0uPX7f+nUgLeS+HsiTsnYymxufADZNnQ6tkrg NlWY15B3ETze8ovi1I8PbkTw4qo+jyLBwp3YETvu3zKYrv2dm+7nXi364Oi0af2S vySWBvLsDdTJVRJKPCfCudfmKrycy/EIJMFebGyP/MPoHFFsSokDPsFbrh8Gpdi2 mgEkXXWw5DUPF0hTVfJ9uaKraNUnd7eAkA7E1NkX3+r90InouJBslUx5U7BVIoKJ 8gdc27zq0D/pj14zSVxp02AMkKUlSl2BYFtPRPE1ScDSmSvzGiBE4j0tVFqnC6VK glZScxBhL3AR08z/v+v/9/dkGX20YfsfZSQC1/20E4lTDsFby6h0IraT7/EDyHH1 LrT3vB3QnWsSjd7+N/n2eP5ZXmAqh97Ry67CEEY7HpseCm/BWqwsvab+8J6O3vKz uejVu2DjkfzV9xkiIzUW3/SGkNFDTVPGF/Vwx9+LYxtSxlu7mr00kktfID+OgKMV IN6Mjjy2BNs= =97/m -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0035-1: libvorbis
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0035-1 Published: 2007-07-27 Rating: Moderate Updated Versions: libvorbis=/[EMAIL PROTECTED]:devel//1/1.2.0-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-4 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029 https://issues.rpath.com/browse/RPL-1590 Description: Previous versions of the libvorbis package contain multiple vulnerabilities, including a heap overwrite, read violations, and a function pointer overwrite. An attacker may exploit these vulnerabilities to cause a denial of service and, possibly, to execute arbitrary code. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRqooW9fwEn07iAtZAQL2Ew//QVcLFaPMOPAIdgIVDvZqjb12ZRJW6xBN YHkqYSBpzXl3DWlppCUXy8eXNnybGs7i4TPBdVqmefuzTdQgHWsIQABttYpp0Bje HWcfN0v36jPJyBfs2c1ROvAp1fCYxtS/nHeDXS9Dzdyoz55Bh2cQmH2GsXQHJCxt kGKI1z6zY5A7mLuCZ4cDUtnycdMnt4+tFsnaQLP8zSUBjNTGMs9QP0MferKifdAK dOvCR9dkkBBKH3P0INfRAoEixwF/GDAgdJPDD1fAb1NUg5SRbJHPg3L7ytGZMJk1 OwebA/ZNhjdK65D5rXzI3GoOu4E4qBIarhoTYK+1ue5jHKk47/ftymdaKLYZFyLM zLD71WXeBsDlJFMCeWCc6m7cs0XabZXN9OPr9yf5IGhHBvcLnLSAMFBrd6yYNaHZ lNLJFCRo9QcPgvVNLfFszmDNFwdOfi/CSn6z8ebYSneKHG7n/xpMmrw/bYfd66bf 3qGhQQ5qXGvJPVCHoa/+5u6DhHnN9lMQEu0aYK49GNreO9GLYvVd6AngJP2HSlI0 E+8Z3hQrZ1ON+RqOu8UUBcFTtBrymN3kh6cYVvjTvTBHWJ2RMhVRiQ7T6vNGFoLc 0ZmvcgXvwPMgPq3xfpOjLYGQK7OWAn9fAn0Wi7/2NUYuAR11/g3eHx68BNflmLQF H7caj5TkXvI= =hgn8 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0034-1:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0034-1 Published: 2007-07-26 Rating: Major Updated Versions: lighttpd=/[EMAIL PROTECTED]:devel//1/1.4.15-0.3-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-2 References: https://issues.rpath.com/browse/RPL-1550 https://issues.rpath.com/browse/RPL-1554 Description: Previous versions of the lighttpd package are vulnerable to multiple attacks, among which remote attackers may circumvent access-control settings or crash the server by issuing various malformed or malicious requests. It has not been determined that these vulnerabilities can be exploited to execute malicious code. lighttpd is configured to be the default web server for the Foresight System Manager. If a malicious user were to cause a Denial of Service via the above attack vectors, the system would no longer be configurable or updateable via the System Manager. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRqjDLNfwEn07iAtZAQJ/GBAAhfGTlgT8142XQZNzLd2LcWBDHdRJBUZE ciGE5gcXsD+d/ixh592s+ET4eP9NkjrMKgH42fqW/KN9vEJ5WhZ/0s3dGojiGBEs FsxU+DFWAa7ACLUt83Izm39HBrHtanzwrHHddkXIkF04Dcv12HoK/1g4imTLFQ9p 3NICH6n/S8G4idpIotbxVvBa+AU7rM/x0m/Ekits8fDybSrFYhLyyWVELWUUB8ww sxxnCmUfCTw6t4YgTud8BEuEf2zaGNPKybfydCVKpk6YtDzepuS+bDsblDmStA7f O8pcwz20s8hIspchf9hAeGjsuLYW+oteEuLWcbYmbTd6nNUzk+rh62CwZrrsrsJQ Ws0vb7fC8wbKlVwUuA746vM0JxPl5b3VeqDSRvc8olRnzx72f4LyGYSsoENxTgv+ toI9RSkAt1/Hl8gcika1tpQ+s8Rex90sBlT47W7kIaD2WP2OqmvR5hpPqusqLA/l mwi+f0tE/kTAL4vFXOH5+GSTA9q+x6pg0JNhCh/V97Z9RWmVenRoLtxbuznsryez td+l7fCpkk5950sBWnHCRTdPlrGrumgu9sx7/ZpSYdizqSnSXj8Jex/f2oS6KNG6 8O8BSbdcg5579k7zMzmRC+6IMWlloJToEZ8lbE230JKiXaeVIojprA/i0kRtFzv6 kbnZjntvOCg= =N9w3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0033-1: firefox thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0033-1 Published: 2007-07-24 Rating: Major Updated Versions: firefox=/[EMAIL PROTECTED]:1-devel//1/2.0.0.5-1-1 thunderbird=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/2.0.0.5-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738 https://issues.rpath.com/browse/RPL-1561 Description: Previous versions of the firefox and thunderbird packages are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code or commands as the user running the vulnerable application. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRqYu9tfwEn07iAtZAQLDlQ/8CxsUkYf1amtYqX4XGoXbG3Vt0V/M1TLn xYRAy9tT7FtoMpppQBVoGrvR/Y3jnE1n7OptmO713LgjWuYvL88Krj3DAZMqXwZM iv4gzZ61MMuZbNm5oYQ9r1uHjiDGrHJdAgVRyfqy5i3KXzT810oZ10Ckp1qinzJG 0Uh111gG/jYsG5tnk7gbipInJtaJoMmyR8seheB3LMgA40lNTJGEyZM8m83dwvVE Pk5aYnWyAHyVLqX4oV8j2bB3qOKAHjuR4T4bKx4CzUZR/9B3wwTx1ovhEGtTOvWT 3jgGmA/74psloP9eh7S1F7G9nVk3mtfmH3ozaFGWQKzyPuy/PVxiExiPU5UpfSW2 WA29R1iUcjialQ4eDdyDWAAUls3FaqRKLYTsJLSGdlQAvqnTudHXXpi+TandpBWC fjVt1d7AIUh+sUPvon6X+K8oemjPn0s7u4hc28iwHUASi+VtSSffY87ZvTW+/xmM PDdCmFsRy4kWhZxxMIG3su73RSOFTzHFrEOgsGFUXvo22o0Qn3EzrSSfxg7W+CqZ +QVOqlmJvI5HYGKM4vb/1+gof4MwV2592xXlbXSfhtp/HlFvCSsXAO6rqxO6beA6 YsG4jsb7hjAQrXxAFvwcc0gdLMNdYOeBneeMboAeyx9kcaPJKIl4tVq7i+H516CS vfEOMgi0ofY= =B1vH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0032-1: flashplayer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0032-1 Published: 2007-07-20 Rating: Major Updated Versions: flashplayer=/[EMAIL PROTECTED]:1/9.0.48.0-2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.5-2 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456 Description: Previous versions of the flashplayer package are vulnerable to a buffer overflow attack caused by an input validation error. An attacker may use malformed or malicious SWF or FLV files to execute arbitrary code as the user of the flashplayer application. Because most flash content is provided by web-pages, this is effectively a remote vulnerability, but can be mitigated if the user disables flash in the browser. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRqERutfwEn07iAtZAQK5WQ/+KSqalewj1At/YxQ8gTKsyNniLoNN0y2b TuXu11U/shpwaLSluxm5lz+dOZKX3lAjcyrQhNHijj+IilIr9ZaIvM/ai59/KZJi 2+Ap/kpsjxSsJ09zrNpJjr0rKdMKEhlfmQXXK7rDkirgJO353uE32VPszhZPqOjB wSOIE6NF+E/W/r+aOvFM/IN1FQGiuhtlj2S2ewiOS9qDgkAytMgOmIHGpp+580GJ 8YEGsig6g5ouINW3yoH6Ld49dQzkSPzPQPkts934lQtoZjmFM5UQ9QPDXMSsHx3w 3HOH+xLzITEdppPoTIFLel0krCdJaKV7e2AEs5UOJr+GLjkDeGC7gEY/sM8sRnAI Fm6Pt2iWmOKnNTcdZArjGRm9iYh5IwkUqJS7vZeEEpW5int/fmbC+qxJO9g3R07d UPWUj2+AZ4J9TDoYw0TfE5j/vlPQsqcGgon0VJEOXU3M6T04PEVr4EQc0mbL9ZHk B+Z6cnMhfKFvtZ9hPMzM6uW7qxRnoDY3RKNw4wzFFDhLLIny538JVHyDMyJ1O4iB P14IBDbRLEbemsVlSTM3UCGQFdgO12iuDLVR8HogzOqBgPJzfmthklpeu4VMVrtv Q5IpDNb2oUp7mUW1CfVF8xOdV/XZ6nWqhRac5eecWRCtHUqQZp1W3UEkhAgrurrj dO6uUKwdvtg= =d29Z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0031-1: xfs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0031-1 Published: 2007-07-12 Rating: Minor Updated Versions: xfs=/[EMAIL PROTECTED]:1-devel//1/1.0.4-2 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.4-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3103 https://issues.rpath.com/browse/RPL-1485 Description: Previous versions of the xfs package was vulnerable to a temporary-file creation race condition which a local user could exploit to gain elevated permissions. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRpZ8NNfwEn07iAtZAQLMaw//ZLXWosf2WRLH1a3ELsI73XvVgpcSzl5O 2T31EMoTqKX5j9D8uXdhPeAAC2Ipe0GWVMTujwxgiec2ZmZd3P4onaM1iai6trAm PmtIRuNm7q0l3DdFsp9lo+z5otDcQn/B85BFnJ27bck4kdCTwRrcB9lPtcjVCIqL No6GYSat+tWtccfgJIKnXRziu83WKhLFurI7xoWV8g9k7CdhFOE1qhvv/ytQnB34 va1EAr1teqOW7WlcbUAGmPMHuggTrKeu/CBD83tGnnbGQKlUq9HKIGMLUWHE44xY 2aeCwPDXSxmTMvdtqlfxQzh0VPWfT+HOl5MaqhDg18tA5WHADME3JIO76Dvb4sHB iQc4wtEzihP2pnve2pGId9rbC7oRRKTOGZzS790TGch6ElkjVXd9+rtsD34VODJp NrSUquDnGGGj7hPC/Mp512JcTwwffal6azwaQSgW5MWKvEIhmw9i8xo2m5C05xZA 8LLj9ckwfH7em0w4VJ757SKJ4D1AKmMxvyxiNwEs0ZUBr4zvoKV/tHZUu1rEgow8 +DsEJKdfKb53wERtQA1WpGZe+VcJbM7yq0oy1ZZkYNxoZjZqCyE1PE4kXqtvfzpk Fk2alSmk7aKeZ5GBz9Fzr54rBeei6rBRHtE5SKCR/lXZU8K3sB9q0byR950/w8JD hfnXKo3J1eQ= =Q7Si -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0030-1: avahi avahi-glib avahi-sharp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0030-1 Published: 2007-06-28 Rating: Minor Updated Versions: avahi=/[EMAIL PROTECTED]:1-devel//1/0.6.20-1-1 avahi-glib=/[EMAIL PROTECTED]:1-devel//1/0.6.20-1-1 avahi-sharp=/[EMAIL PROTECTED]:1-devel//1/0.6.20-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.1-0.2-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3372 http://avahi.org/milestone/Avahi%200.6.20 Description: Previous versions of the avahi package were vulnerable to a local Denial of Service caused by an erroneous assert(). - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRoPGstfwEn07iAtZAQJwpA//b20ymfToo6rabln+sbDmizm2yspZTmFa 6BbiKCeZVdOT3YuZBHXpM4kSnXZ9MWmvavJWDmW/VtWkrTUqyhJMhix9q9NVhl9G XZzZ96H9uaLFJFh3AdFNu9fiLnuluHk4mvj8Rm70vjcB4oJ5TX8TKm/5IpgWchYj QgI0bG9NZTdVPSH66Il1yW9iD9jvga/RYzdtNIRAryuXfjFEfK2raaNI1YTgt+h+ lDMcyCn+25ww0iu16Mbp08/Qv/4NxXXrBHbOkWBaJmFpjpUOhKn2pbyVShzM00He k32BR0aeal7tClnT7NrgtXblBQEWy1rRxcyeHloxsntV+/37pKfQ9r67h8WiWMO4 Lmr7E2s6aqWwI3xEWv+6gi+nfeTHwgvsvIVbl3/NiyJmqQrB+Y/z/CLPBHLwoeKF z8qpuuZIocxYjCdl50+w4RO2o90B7JvSlS01ijwnPhlCA3zuumsM+Y0bufRME7Ik iYrRylwDC8xx8j7XaS6bTexQXjlQ14YQJHp95YcMUo2aPOxG4vB4YGrsIuqPPQGM fcI1KcI+5A22TF2rEflbOlKRok9dzBv2nL1gAEGO43MVWP8t9ywiamwbVC8PN+vj HdldvBZnOc3+qKzGMikiD8lSXiuiS0eDHZ9bE4tLelPRP9ip2i6ZRYzsmxOj/GhA 8NZLVtTXfs0= =Aw5C -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0029-1: krb5 krb5-workstation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0029-1 Published: 2007-06-27 Rating: Critical Updated Versions: krb5=/[EMAIL PROTECTED]:devel//1/1.4.1-7.7-1 krb5-workstation=/[EMAIL PROTECTED]:devel//1/1.4.1-7.7-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.1-0.2-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt https://issues.rpath.com/browse/RPL-1499 Description: Previous versions of the krb5 package are vulnerable to three attacks. Two (MITKRB5-SA-2007-004: CVE-2007-2442 and CVE-2007-2443) are likely limited in practice on Foresight Linux to denial of service, but the third (MITKRB5-SA-2007-005: CVE-2007-2798) is believed to allow a remote arbitrary code execution attack against kadmind servers. Foresight Linux systems are not automatically configured with kadmind enabled. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRoMAZtfwEn07iAtZAQIVWhAAlbOiMLhjLd8e4TqjCx/UXPby0jEBzO5P wMX+mJlGUHnX4FfvYqlNgpPnPL6DdfymieE6AnTxs85/Gsuli2aGLN09gPpG5UW1 MxF2pM3pbYGc5DmLZrWJadmx/q+BQTZ3NHBOi/hYnoMLO3ppnuEhIQYyQkMRJlel UEob7/KYflIZp1QjLcDvbG3Vag+AwGMCybSRMWTP+Mfo+SaXQSbCbumpF8JYBd12 SQjQCrj+hLTyet0DaDqqDj97xUh7F1Nxm7wL3HSxPTBQf6vNKvkcIkACtQVADy4H q5MKJS+oRtVoILdJduhjmaPpEp6XxhAMinPvWdZ3XKOExTae4OvreAOP2hR2aySx V60CZgNR3dsd7FIc+BRY8uIS31yjM+lcHPI8tsvd55cSgdNQ63umw6mleusMgLHY PCkzG+2xEnwQYY6GGXHbhBZsxuRR6JzjKmLWzf5suOJBMLFoKoDYD2ThqodcwX1u XfEgLFI5bTTiU8y8F5XVsjC00IoV+n/aiQ3dtcr1o9REB/Ht99+1+OwUvAGr5hwy qRAoDmkKz4rCXzUB9HHkGyNuv8CIdgpWdsCSbV9RNaqVLbQpf4yokxHWif7KrB/5 BzuK3wg+rorWy1ZYcJo0Zf9ewYRGXQtJ6qhX1Kko+P+hdQ4T/OYCqSf1Lts2X99d 2HzaipeRrok= =aRLv -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0028-1: libexif
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0028-1 Published: 2007-06-22 Rating: Moderate Updated Versions: libexif=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/0.6.16-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.1-0.1-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168 Description: Previous versions of the libexif package are vulnerable to an int overflow which could allow a specially-crafted EXIF file to execute arbitrary code on the target system. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQIVAwUBRnweLdfwEn07iAtZAQLgbg/+PFvCmjYWWZpNSrC3/mVb0+3uzGv73VYr SgT0LPp6y9e9cqorey441ojE/0XX+BZ3sgE1FC7PPlKIoNy9sFz12kJXFnV+sNOG RU3Tm0G/ivJZ7GR8Kvjk95YxnWFFFSxRg+iL4+hjtz0OcrRhF6CZ24Ib3Gpv7VDs 8XxtMtVD9bR+vhe+Ji4Gy/m6ObH+woI+RwLtJKc4uQhhlP+SdGitNNOjdWNzusLn BGaBBg0zvpcMCklXY24A8AIbaIg1Rf/tgXJe7nn5xTPqsu+8ZtBGKns4KingAPob L8ybyubRJhU7vsDfv8cdsXgXskgAL2LC/RedX1q2PWnDgwAs/blNMGzI2bl2CdBe 2Df9Exk2E8JHT97gUD7bI7lIJnuWnkkW2e9yMOSLB2hdcUSlWxEPLS+OrTCFNFWc 7Pe8lQ5hiubjBnk1FKDNjMz8UILIqeGPNwQYjsccGnRB/naamAmzy7d8Qhw3P/5q 943jVC7Ci5pGUi/p4ft5eNX4vOkZRUeDOWV1eILjmZlEu0tTDQ4beCNSUsnEtCp9 N/ru5Th8DGxGMbiTL+wnAtcC8kN1HLuk4rOONOuNHBUCBdpsLBNNO/LHQkE8M95T aDePbu63+HAoaGwAOTlt/U5Nx+uS+B2SwuG1ypTbyRtr05YXgJytERBuNILlUGcF VZH0By4mOcc= =wHz4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0028-1: libexif
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0028-1 Published: 2007-06-22 Rating: Moderate Updated Versions: libexif=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/0.6.16-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.1-0.1-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168 Description: Previous versions of the libexif package are vulnerable to an int overflow which could allow a specially-crafted EXIF file to execute arbitrary code on the target system. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRnwbC9fwEn07iAtZAQKQOBAAqUaml9axC50rzgCIIbZbdxTLdYPT18QG 6yl0/ntsWZMX02gIvtmlc1BFRXE7HbiSlKyseEDtXQAG1QzhhwcAPvTj8np/lYEG FKhw7DwexuERkuPXdOdObLI5oaAoe6v7nZxzHC41mNZWWgpKzMQZwQjvwrO2NPHO mBOM8e7fNFFhNckdf3lIzZbZRwrNObb9WL3BBhs/9ikUSkDi29Rb/BiONOWsKWvK qs4xvKRBsA626Ux0Jhqfb4O8jB49f0SiKU4jpThyMMA7jt2pYJaiIwGSncscFble +8if/FSUnFbqr6fdSPKDywNkcmWtIFFOi/TYkWZU+Gz8tr2iWEKSmZQI5D5EYTji UW5cNJVLBxgGwyGCHFLPRMn6Nz/8V6f8LqCcC07kKJrAD1A9Wc+XEJpovay36wjm 4HBEASvnJqr/nlpAVFr6rcqeFBaSTUhLE+/Du6G+xfAd7lpLpfGP5AJlLDUHY1tK NCOUOwodWPiA/R+FASs07haysILd8hAtEZ3aYwW0amgd2osupobtzFBp7mkZhwDr cqwO1AS4KycGfqOPnvWYPL5RG7P3Iohboyg9TFIcl/vEVB2q+cCG20FzC5eigroe z52OIVxFE9/jmJhIjJPRlyC9t+/QfNK94w3BCYPKCEbHZoJP12Lo+qelbuM0gE4K sHnsx6sI0Ic= =Gv8n -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0028-1: libexif
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0028-1 Published: 2007-06-22 Rating: Moderate Updated Versions: libexif=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/0.6.16-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.1-0.1-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168 Description: Previous versions of the libexif package are vulnerable to an int overflow which could allow a specially-crafted EXIF file to execute arbitrary code on the target system. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRnwLCdfwEn07iAtZAQJIiQ/+K+VOeSKwp0Mm7VCN2OUTCXVJ+ZNHA9Oa Ou8osSS7JKffFwvqOZu8OfEnrhYT+8oxQtkrXI+90TnQQNzbZYdlhHcVTFlXs1uM bDhAk9IpkSPMFptP8Z1S7bq+sVAcygU+o0pNQx3pe5xkNrGexwg/wXDHwjY3SJ4+ OcunQH6KYXT0lNzHOg42jb/B5PjVkF+3EW3GF/3nPIgnI/WI4pQ0YaUGNF3G328J WODqLoJFIMrJb2Yxo1hNiGl2iEw+/wzQRdGkVed2ERcp+2T2epzvdphkBd+3wdJv T04HbB6tVTxWaFPEwODtRZreco2Y2OWy3j5UobWQYt6Uu+/P/YEUxk15DCS5/XEC iPuHUBsweUZtbbG6P8YWZ76HlfhKjM69kuRIeAidPqdqCbQxMisiuccDZxUpPvrP NqQ0eZGI/2gGJpUaau71lhszSPGHPryiwQoFc+FdHJw9sycu5048MIPLkk78WDo7 Dp+BJIvbbJLVNllpVV7SNto5v9sEimGJ3KPZEXBjfT6Ke7q1G4wpsSTgxcW/OxaB GgQ2tnJy9NswPWE43Z438sbWHOCRLI9qliyYRVPTc1oD5PDCNCwt6sgNkaemicym LFnKjsxgsNIT5SF6fLI1kLHfDtGYQRrv8JHI/3To3Ex8ev8IRrX7Z8Jbuvbz7VNk tbiFxAvFJSI= =LLn3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0027-1: thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0027-1 Published: 2007-06-20 Rating: Major Updated Versions: thunderbird=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/2.0.0.4-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.6-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 https://issues.rpath.com/browse/RPL-1425 Description: Previous versions of the thunderbird package are vulnerable to multiple vulnerabilities in the layout and javascript engines which are known to cause a denial-of-service (crash) and could potentially be exploited to execute arbitrary attacker-provided code. In addition, a man-in-the-middle attack which could be used to steal the first 3 characters of a passphrase when using APOP has been fixed. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRnlMkdfwEn07iAtZAQLXaRAAxjFW1+ns4U7DnZERyAdyWFVMILwe3aGW TjZzpo9SR1T3cGXTCxRgLci/cmS/mHi1Pob7IDXau2/45rYe32AKMf+4hKOyaOyR Aqc6EmZfYa4smBTtULJiFVPvEmeZU+wBk481XZyjOuug/iCa0oRdo+z6sG5doLXZ c57jAeoZm+DNrXV1Q3DVL/rE2TLd5KIjctxLysgBrnzdLw5wdv7xSho6+NJjGXe0 LqPY7BPdoAiMLUGTFc/BWAv0YZ1L7k60QpexRlgVvXAJLiirElKCDe0KYv9jIFxb TJRHrNKAWafyHThYRnKzf/qC2yLy1qBqfbnnwTtJjhAHO/FbpHsMYBeU1H+gFeJM f8cOEJCpypax85lQkFK9uB+WkeNN04gM+zZHzdiwBfhAJnDOAbL19C/W/EHvhmjM NMDnPtIsU7xsLo4W8GhZkq8MZ3pULiVK+fdm2VnqQ8keuTCj5e7hp8ra3aKtuF1C JCISzrrTvw1FC+g1D1HxoUun6/zkGx2zIPPzkK4MBH5kwAvqADhfCx5hqTJrmGri ET5S0n1UqrJ8rSa8Mmb/mHGaSPPRRE/h10fKkZWgknbjhQpLDTsPGWLMN15GtdyC 6lMX4ykpcUXdUBWop7HVerPk2x3i91VGS0ymPHLana5CKw3fZFpAmGyQzgKdctks yXSZXBFca08= =CjxU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0026-1: evolution-data-server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0026-1 Published: 2007-06-18 Rating: Major Updated Versions: evolution-data-server=/[EMAIL PROTECTED]:1-devel//1/1.10.2-2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.6-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 https://issues.rpath.com/browse/RPL-1220 https://issues.rpath.com/browse/RPL-1460 Description: Previous versions of the evolution-data-server package are vulnerable to multiple attacks of varying severity, the most severe of which allows a compromised or malicious IMAP server to execute arbitrary code as the connecting user. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRnc7gNfwEn07iAtZAQIWCw/+PY01+X8vNjMKJJV1njlW+bx4fp0ZV33c VbINOzIzy3PGmA+CSCvAzEefaejghwC1qYvhVfYq12S/Fwj6ZxV8OfudwWX9wqML b1XyUDKIr48MD1ykrI9un+gQtDtmHIiM99rIQLF0h4RTb1p77mIidoUGQfVDWaJg YnUYb98DsBhwE1Nr7XQGESLJ9JB1HN5G7D+seWdVXAXZ7BOUjVWV2NfkVINDG+dy KJi8R4vxM9Dy7QXWEj7fcCIJlxN/eLvKDjbCi2bXLw9lnH+a57EiLzQ2EbGTQNrO aqiC/s9pOGIfufHgFQik+S0UsbNULJ1HneB7CcyVLaM8g5e0s/3hkZZCldLfDHcT G+v/ZUhtfjFhazuzCxVsVozjQA/Vyu7lCtQgPu9DbY/TUwdGayTuVZNR6AKhczEN fu3TR4IwuF2F1WOy3tZ2ENJ7YMlEBNhkdA9McqF7bcBogs5qw8814gzFJZSV5tS1 ttTUDnv2f5eUxGlFB5jy5GZovdGRH8Syqq6O4OQrJA3pLk1BV9g7ENfpx5n29wpr rCO6IYvW+mAACBHUNxkkc9Ml8DpQJGvjuJoRTAfn7Rr17LpdN+r61etAE15sERR+ OkocGnYnMfBFwEwDHfZHCJM+IecNcFl7E7/GMfIxjhPNf6qrd6+Z6faMCnZ5khJ9 YdWl6q+NYJo= =FXIn -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0025-1: openoffice.org
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0025-1 Published: 2007-06-13 Rating: Moderate Updated Versions: openoffice.org=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/2.2.1-0.0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.5-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 Description: Previous versions of the freetype package were vulnerable to an issue whereby a specially crafted ttf file could execute arbitrary code at the permission level of the use running freetype. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRnA5bNfwEn07iAtZAQIjIw//a0WXqXkj46WNXxcAUr4W0B9gf+loi7qy jPwrlnczW3i192uWyUgTqmMuRCGq1XMEcU1ilohXP08n4lwvIHisoLQw4ISfFdDX oZjwVZT7YJfmVpp8NsB0p/yeDPJa1wV2542uMsia0epFM1kd23s4p2nYqP6dczJT VLj52z0xusDjuKi21QWI8kmguGNyuzLQs9BnEDrRaGtV01j7ywpKooDoeAfKzbDB GzBVCf8Uw1OCT938rQMFsQgJJGGHjmreOIdfxH9OAC3d142vh9O1yXeldbTgbjZu DoOHESiCLfExVJy8VDsvHf+H1MdD5jsbF/2OaXYghfNyFrIN0Vq5ZRVvfDjxfYNi lhBZVNLuX9MDj6dtCXn3BYk0YW+X9uyrmv1S4El2z0ISnb5uU/hCDrjFVtURWt9B s6KXq7iKcXkZrqPUWKcHA43hBkChOeAu5tSYr7uhKOncc8DmxsV+1M5EFKsvRd6D AhbVU9CJvZ5gwM7Yypg1uX/BzenYX6AAEsULiykDGpg9IBB8faKRZX6hjkUrDKty RGZBy+RAM4zmnp0tUyBWVNbvvKgCSVJg8Gm9GLq8Fmc7YkckRXSKB1YEmmSU0fgU MVX5FqIoUM/CYaif7k/h4JFbdZ3kj+cYIDoPAAzg4cpYMO1O9QwFrvbdFWf1UyWy Ct58vi8LW4s= =Nunk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0021-2: madwifi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0021-2 Published: 2007-05-24 Updated: 21007-06-06 The previously released version of madwifi which fixes this security issue erroneously did not contain the kernel modules necessary for madwifi to properly function Rating: Major Updated Versions: madwifi=/[EMAIL PROTECTED]:devel//fl:desktop//[EMAIL PROTECTED]:1-devel//1/0.9.3.1-0.0.1.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.1-6 References: http://secunia.com/advisories/25339/ Description: Previous versions of the madwifi kernel module were vulnerable to three issues whereby malicious remote users can cause a crash via specially formed packets sent to the vulnerable system. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRmbtidfwEn07iAtZAQJEoBAAlll6KJAXOLCJXs+UF48xasfRdaXiP9px KCd0ljj5qgq9DJoewOoyeuuoXUfZxy9tUG35kvUwyUwGDt3CwZ6ISQPG8qRmtqLO xcxNh42NPQ6R9A+cJGJLSo63YcQDeUaaVGKUfyWDH1PXphcYRsIGyjaiMuEC10GZ UIzsSSfsuar4bKShkAIp7y4np5gc7h97WLR3lawBNtIqXmnjK46FjKF0GBpdMeml nC2ZBB/8LDeSR5ESOb30sKMYL/d/It2v2/DyS29tToVr1uyFIjHGyQBAidUIS7+K PpRW6l/XRJyemqgflXjjAvU/IW71JdwNbQEbZ8HaHKeR7ax5DOJRE64u6s8vVBEG fbqfCWYasPiYCyeTyjVyZT5XTvhlpnu/25PN7/XIfH4Jjvi+xvXFT8bbzOwCJ03s xK1MZ9s6c0Hv5N1fYkHv72A6LuxUsgzjGCIh/HrdU0BZnKMlQUZohPC1LiSZoIXg 6PfkoNFmcOQocOLmB9hR8Xuk61EHLMnIUh1Lx2vor+bV5izgMixCFiVUyJxFU7ZR oCXmye72hIB09ZNjU1TWBzA1R3AKV5L7Tdch09lA7JATMYNQGd1cnbI3wxdV5cOI mlbpVS/RZLw26bMpGitSDgSJ5/+X0m83AkZt8EOrWpRqlQhGEL0ySAOwQQmEyTTO CDKh1RKmlFs= =85g3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0023-1: firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0023-1 Published: 2007-05-31 Rating: Major Updated Versions: firefox=/[EMAIL PROTECTED]:1-devel//1/2.0.0.4-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.1-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871 https://issues.rpath.com/browse/RPL-1425 Description: Previous versions of the firefox package are vulnerable to several types of attacks, one of which is understood to potentially allow compromised or malicious sites to run arbitrary code as the user running the vulnerable application. A number of cross-site-scripting bugs have also been corrected. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGXx1K0e1Yawpq2XMRAoelAKCk33IUSF6C57DbPhaxbGZzBHZ8OQCcDQ0z AudB9mK058R4FGSVKvmnGdQ= =SUV2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0020-1: freetype
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0020-1 Published: 2007-05-21 Rating: Moderate Updated Versions: freetype=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/2.3.4-0.0.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.2-0.9-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 https://issues.rpath.com/browse/RPL-1390 Description: Previous versions of the freetype package were vulnerable to an issue whereby a specially crafted ttf file could execute arbitrary code at the permission level of the use running freetype. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGVOQM0e1Yawpq2XMRAnNxAJoDOx4XRU3wxiZBOlfdyAZ7apNGHQCgr95M fI0WnsEw5rvfIY+lGJ4OgtA= =ELOg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0019-1: python
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0019-1 Published: 2007-05-21 Rating: Minor Updated Versions: python=/[EMAIL PROTECTED]:devel//1/2.4.1-20.9-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.2-0.9-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 https://issues.rpath.com/browse/RPL-1358 Description: Previous versions of the python package have a weakness that can expose memory contents, leading to potential information exposure. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGUbGy0e1Yawpq2XMRAvKyAKDLFePcWlOMz3AEe/R/oV1wZhdEHwCdEjzL SXytdXcBJaU2wnOMqt33TMQ= =Vd7e -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0018-1: libpng
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0018-1 Published: 2007-05-17 Rating: Minor Updated Versions: libpng=/[EMAIL PROTECTED]:devel//1/1.2.18-1-0.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.2-0.9-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 http://lwn.net/Articles/232675/ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 https://issues.rpath.com/browse/RPL-1381 Description: Previous versions of the libpng package can cause applications to crash when loading malformed PNG files. It is not currently known whether this vulnerability can be exploited to execute malicious code. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGTNq/0e1Yawpq2XMRAvLkAKDK8z7aVQH/B3Of5oMXWtgNOqnhYgCgmVe7 X/56HurpxqxSKcypAlL441o= =2dEu -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0016-1: kernel
Foresight Linux Essential Advisory: 2007-0016-1 Published: 2007-05-08 Rating: Minor Updated Versions: kernel=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1/2.6.20.11-1-0.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.1-0.21-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 http://lwn.net/Articles/232675/ Description: Previous versions of the Linux kernel are vulnerable to a local user Denial of Service attack in which local users can trigger a kernel stack overflow using the netlink layer, and to one remote Denial of Service attack in which if IPv6 routing has been configured, a remote user can cause the system to use all available network bandwidth by sending a specially-crafted IPv6 packet. In addition, several non-security issues have been resolved that caused some systems to have difficulty booting: attempting to initialize the Intel random number generator caused some recent systems to hang during boot, and NUMA capability was also causing some systems to hang during boot and so has been disabled on x86, where it is generally not needed. A system reboot is required to resolve these issues. Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0014-1: vim
Foresight Linux Essential Advisory: 2007-0014-1 Published: 2007-04-30 Rating: Minor Updated Versions: gvim=/[EMAIL PROTECTED]:1-devel//1/7.0.235-1-1 vim=/[EMAIL PROTECTED]:1-devel//1/7.0.235-1-1 vim-minimal=/[EMAIL PROTECTED]:1-devel//1/7.0.235-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.1-0.3-2 References: https://issues.rpath.com/browse/RPL-1320 http://marc.info/?t=11776259931r=1w=2 Description: Previous versions of the vim package allowed two functions, feedkeys() and writefile(), to be used in the sandbox. Functions executed via modelines in files being edited are verified by the sandbox; a user who is coerced into opening a specially-crafted file could cause the system to execute arbitrary shell code supplied by the attacker. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0015-1: gimp
Foresight Linux Essential Advisory: 2007-0015-1 Published: 2007-04-30 Rating: Minor Updated Versions: gimp=/[EMAIL PROTECTED]:1-devel//1/2.3.16-2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.1-0.3-3 References: https://issues.rpath.com/browse/RPL-1318 http://secunia.com/advisories/25012/ http://milw0rm.com/exploits/3801 Description: Previous versions of the gimp package allowed user-complicit arbitrary code execution at the permission level of the user running gimp (usually non-root) via a specially crafted .RAS file. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0013-1: xine-lib
Foresight Linux Essential Advisory: 2007-0013-1 Published: 2007-04-23 Rating: Moderate Updated Versions: xine-lib=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/1.1.6-1.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.1-0.2-2 References: https://issues.foresightlinux.org/browse/FL-266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 Description: Previous versions of the xine-lib package were vulnerable to a buffer overflow which could be exploited to execute arbitrary code on the target machine. This can be exploited by a remote user only in a locally-assisted fashion - by enticing the user to open a specially crafted file. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0012-1: madwifi
Foresight Linux Essential Advisory: 2007-0012-1 Published: 2007-04-22 Rating: Moderate Updated Versions: madwifi=/[EMAIL PROTECTED]:devel//fl:desktop//[EMAIL PROTECTED]:1-devel//1/0.9.3-0.0.0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.1-0.2-1 References: https://issues.foresightlinux.org/browse/FL-263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180 Description: Previous versions of the madwifi package were vulnerable to a number of Denial-of-Service issues, at least two of which can be exploited to cause a system crash (kernel oops). In addition, previous versions could be made to send unencrypted information before authentication finishes when using WPA, an information leak. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0011-1: lighttpd
Foresight Linux Essential Advisory: 2007-0011-1 Published: 2007-04-20 Rating: Moderate Updated Versions: lighttpd=/[EMAIL PROTECTED]:devel//1/1.4.15-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.1-0.1-3 References: https://issues.rpath.com/browse/RPL-1218 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1870 Description: Previous versions of the lighttpd package are vulnerable to two denial of service attacks. One is a remote denial of service that can cause lighttpd to consume all available CPU time and stop serving requests, and the other is a denial of service attack which generally requires a local user to create a file with an mtime of 0; the lighttpd daemon will crash when attempting to serve that file. This crash does not enable any arbitrary or directed code execution; however, since the rAA service (Foresight System Manager) uses lighttpd by default, and rAA is configured to start by default, all Foresight systems are vulnerable to this DoS by default. Once lighttpd has been crashed or made to stop serving requests, subsequent updates using the Foresight System Manager (rAA) will not occur. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0009-1: xorg-x11 freetype
Foresight Linux Essential Advisory: 2007-0009-1 Published: 2007-04-05 Rating: Major Updated Versions: xorg-server=/[EMAIL PROTECTED]:1-devel//1/1.2.0-3-1 libX11=/[EMAIL PROTECTED]:1-devel//1/1.1.1-2 libXfont=/[EMAIL PROTECTED]:1-devel//1/1.2.8-2 freetype=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/2.3.3-0.0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.13-2 References: http://issues.foresightlinux.org/browse/FL-223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 Description: Previous versions of the freetype and xorg-x11 packages are vulnerable to several attacks in which a program run by an authenticated user can easily crash the X server (Denial of Service) and possibly also cause the X server to execute arbitrary malicious code as the root user. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0006-1: ImageMagick
Foresight Linux Essential Advisory: 2007-0006-1 Published: 2007-04-03 Rating: Minor Updated Versions: ImageMagick=/[EMAIL PROTECTED]:1-devel//1/6.3.3.5-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-5[ References: https://issues.foresightlinux.org/browse/FL-222 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1719 Description: Previous versions of the ImageMagick package were vulnerable to buffer overflows in the code which parses DCM and XWD files, which could allow an attacker to execute arbitrary code at the permission level of the user running ImageMagick (usually non-root). The attacker would have to convince a user to open the file in ImageMagick. While these file formats are not common, it is possible to disguise the file such that it appears to be a file of another, more common, type. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0006-2: ImageMagick
Foresight Linux Essential Advisory: 2007-0006-2 Published: 2007-04-03 Updated: 2007-04-03 Fix typo in updated group-dist version Rating: Minor Updated Versions: ImageMagick=/[EMAIL PROTECTED]:1-devel//1/6.3.3.5-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-5 References: https://issues.foresightlinux.org/browse/FL-222 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1719 Description: Previous versions of the ImageMagick package were vulnerable to buffer overflows in the code which parses DCM and XWD files, which could allow an attacker to execute arbitrary code at the permission level of the user running ImageMagick (usually non-root). The attacker would have to convince a user to open the file in ImageMagick. While these file formats are not common, it is possible to disguise the file such that it appears to be a file of another, more common, type. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0007-1: nas
Foresight Linux Essential Advisory: 2007-0007-1 Published: 2007-04-03 Rating: Informational Updated Versions: nas=/[EMAIL PROTECTED]:devel/1.8b-1-2 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.12-1 References: https://issues.rpath.com/browse/RPL-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1545 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1547 Description: Previous versions of the nas package were vulnerable to a number of buffer overflows, NULL and invalid pointers, and an int overflow. Foresight Linux is not vulnerable to any of these by default, as Foresight does not ship the initscript which starts the nas daemon. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0004-1: openoffice.org
Foresight Linux Essential Advisory: 2007-0004-1 Published: 2007-03-29 Rating: Moderate Updated Versions: openoffice.org=/[EMAIL PROTECTED]:devel//1//[EMAIL PROTECTED]:1-devel//1/2.2.0-0.0.5-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-2 References: https://issues.foresightlinux.org/browse/FL-211 http://www.openoffice.org/security/CVE-2007-0239.html http://www.openoffice.org/security/CVE-2007-0238.html http://www.openoffice.org/security/CVE-2007-2.html Description: Previous versions of openoffice.org were vulnerable to multiple issues which could be exploited to execute arbitrary code at the permission level of the user running openoffice (usually non-root). Attack vectors include coercing a user into opening a URL which contains an exploit, coercing the user into opening a vulnerable WordPerfect file (via bundled libwpd), and coercing a user into opening a vulnerable StarCalc document. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0005-1: slocate
Foresight Linux Essential Advisory: 2007-0005-1 Published: 2007-03-29 Rating: Minor Updated Versions: slocate=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/3.1-8.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-3 References: https://issues.foresightlinux.org/browse/FL-211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0227 Description: Previous versions of the slocate package were vulnerable to an information-disclosure vulnerability. Slocate did not properly manage database entries that specify names of files in protected directories. Thus, for example, a user could see via slocate the names of files in a directory chmodded 711. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0003-1: cups
Foresight Linux Essential Advisory: 2007-0003-1 Published: 2007-03-25 Rating: Minor Updated Versions: cups=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/1.2.10-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.10-2 References: https://issues.foresightlinux.org/browse/FL-205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720 Description: Previous versions of the cups package could be forced to hang via a client partially negotiating an ssl connection. In this state, cups would not allow other connections to be made, a denial of service. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0002-1: inkscape
Foresight Linux Essential Advisory: 2007-0002-1 Published: 2007-03-24 Rating: Major Updated Versions: inkscape=/[EMAIL PROTECTED]:1-devel//1/0.45.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.8-4 References: https://issues.foresightlinux.org/browse/FL-199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1464 Description: Previous versions of the inkscape package are vulnerable to attacks which would allow unauthorized system access at the permission level of the user running inkscape (usually non-root). One attack vector is by coercing a user into opening a specially crafted URI, while the other requires that the user be logged into a malicious jabber server using the client provided in inkscape. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0001-1: firefox
Foresight Linux Essential Advisory: 2007-0001-1 Published: 2007-03-22 Rating: Minor Updated Versions: firefox=/[EMAIL PROTECTED]:1-devel//1/2.0.0.3-1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.8-2 References: http://www.mozilla.org/security/announce/2007/mfsa2007-11.html Description: Previous versions of the Firefox package were vulnerable to an information disclosure issue. Firefox's handling of PASV FTP connections could allow a specially crafted server to perform rudimentary port scanning on the client machine, giving the FTP server information about the client's system. In and of itself, this is not going to cause a remote code exploit, but could aid a malicious individual in other attacks. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
