security [ARCHIVED] October 2007

security@lists.fedoraproject.org

4 participants
15 discussions

[Bug 245219] New: clamav < 0.90.3 multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219 Summary: clamav < 0.90.3 multiple vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3023 "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3024 "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3122 "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3123 "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow." Not checked whether 0.88.x in FC-6 and earlier are affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 5 months

1
5
0 / 0

[Bug 230927] New: CVE-2007-1103: tor information disclosure

by Red Hat Bugzilla

16 years, 5 months

1
1
0 / 0

[Bug 237449] CVE-2007-5715 Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5715 Login attempts as root may go unnoticed Alias: CVE-2007-5715 https://bugzilla.redhat.com/show_bug.cgi?id=237449 bugzilla(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora thoger(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2007-5715 Summary|Login attempts as root may |CVE-2007-5715 Login attempts |go unnoticed |as root may go unnoticed ------- Additional Comments From thoger(a)redhat.com 2007-10-31 09:20 EST ------- CVE id CVE-2007-5715 was assigned to this old issue. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 5 months

1
0
0 / 0

security livecd

by Luke Macken

I was wondering if anyone was against having the Security LiveCD[0] become an official project of the Security SIG? I've done a bunch of work on it recently, and turned it into a minimal openbox-based distro. See my blog[1] post for more details/screenshots. luke [0]: http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD [1]: http://lewk.org/blog/securitylivecd

16 years, 6 months

2
2
0 / 0

Separate list for commits

by Lubomir Kundrak

Hi all, Wit the volume of the commit messagaes and bugzilla mails this list became less suited for discussions. Would anyone mind creating another list, say fedora-security-commits-list, where would that sort of mails go? Regards, -- Lubomir Kundrak (Security Response Team) Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic Registered in Brno under #CZ27690016

16 years, 6 months

4
6
0 / 0

← Newer
1
2
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] October 2007