December 2006 - security [ARCHIVED]

[Bug 219941] New: Tor < 0.1.1.26 has security problem

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219941 Summary: Tor < 0.1.1.26 has security problem Product: Fedora Extras Version: fc6 Platform: All URL: http://archives.seul.org/or/announce/Dec- 2006/msg00000.html OS/Version: Linux Status: NEW Severity: urgent Priority: urgent Component: tor AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: roozbeh(a)farsiweb.info QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Description of problem: Tor 0.1.1.26 fixes a serious privacy bug for people who use the HttpProxyAuthenticator config option: Tor would send your proxy auth directly to the directory server when you're tunnelling directory requests through Tor. Specifically, this happens when publishing or accessing hidden services, or when you have set FascistFirewall or ReachableAddresses and you're accessing a directory server that's not reachable directly. Version-Release number of selected component (if applicable): tor-0.1.1.25-1.fc6 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
1
0 / 0

[Fwd: EoC 1.2.4 -- security problem fixed, please upgrade immediately]

by Lars Wirzenius

Fedora Extras seems to include my Enemies of Carlotta mailing list manager. I've just made a new release to fix a security problem, so I'd like to suggest that you update the package. Please see attached message and http://lists.debian.org/debian-security-announce/debian-security-announce... Thanks, and sorry for the mess I created. -- If possible, use code, not comments.

17 years, 4 months

2
1
0 / 0

[Bug 210825] New: RSA signature forgery issues in BouncyCastle < 1.34

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210825 Summary: RSA signature forgery issues in BouncyCastle < 1.34 Product: Fedora Core Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: java-1.4.2-gcj-compat AssignedTo: fitzsim(a)redhat.com ReportedBy: ville.skytta(a)iki.fi CC: fedora-security-list(a)redhat.com >From BouncyCastle 1.34 release notes: Security Advisory If you are using RSA with a public exponent of three you must upgrade to this release if you want to avoid recent forgery attacks that have been described against specific implementations of the RSA signature algorithm. java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
2
0 / 0

[Bug 219095] New: CVE-2006-6406: clamav <= 0.88.6 virus detection bypass

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219095 Summary: CVE-2006-6406: clamav <= 0.88.6 virus detection bypass Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: clamav AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6406 "ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file." All FC3+ Extras repos have 0.88.6 at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
1
0 / 0

[Bug 218853] New: phpMyAdmin < 2.9.1.1 multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218853 Summary: phpMyAdmin < 2.9.1.1 multiple vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: phpMyAdmin AssignedTo: imlinux(a)gmail.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com phpMyAdmin 2.9.1.1 contains three security fixes: - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7 - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8 (also apparently http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6373) - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-9 All FC5+ currently have a pre-2.9.1 snapshot which may be vulnerable. There's also http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6374 but it's unclear to me whether that is covered by the above or applicable to 2.9.x in the first place. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
2
0 / 0

[Bug 213983] Plone Needs an Important Security Patch for CVE-2006-4249

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Plone Needs an Important Security Patch for CVE-2006-4249 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213983 ------- Additional Comments From jonathansteffan(a)gmail.com 2006-12-08 14:17 EST ------- Thanks for the added information. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
0
0 / 0

[Bug 213983] Plone Needs an Important Security Patch for CVE-2006-4249

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Plone Needs an Important Security Patch for CVE-2006-4249 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213983 ville.skytta(a)iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Plone Needs an Important |Plone Needs an Important |Security Patch |Security Patch for CVE-2006- | |4249 Keywords| |Security CC| |fedora-security- | |list(a)redhat.com ------- Additional Comments From ville.skytta(a)iki.fi 2006-12-08 14:10 EST ------- For the record, this is CVE-2006-4249 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
0
0 / 0

[Bug 218824] New: CVE-2006-6301: denyhosts 2.5 hosts.deny DoS

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218824 Summary: CVE-2006-6301: denyhosts 2.5 hosts.deny DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: denyhosts AssignedTo: tibbs(a)math.uh.edu ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6301 "DenyHosts 2.5 does not properly parse sshd logs file, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by loggig in to ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression." Based on version numbers, affects FE-3+ and EPEL-4+ -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
2
0 / 0

[Bug 218821] New: CVE-2006-6235: gnupg2 <= 2.0.1 stack overwrite vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218821 Summary: CVE-2006-6235: gnupg2 <= 2.0.1 stack overwrite vulnerability Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: gnupg2 AssignedTo: rdieter(a)math.unl.edu ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6235 "A "stack overwrite" vulnerability in GnuPG (gpg) before 1.2.1 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory." FC6+ seem to be taken care of already, FC-[345] not yet. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
2
0 / 0

[Bug 218030] koffice: update to 1.6.1

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: koffice: update to 1.6.1 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218030 rdieter(a)math.unl.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From rdieter(a)math.unl.edu 2006-12-06 10:18 EST ------- koffice-1.6.1-1.fc4 build queue'd (job id 23038) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] December 2006