February 2007 - security [ARCHIVED]

[Bug 229991] New: CVE-2007-1049: wordpress < 2.1.1 XSS

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 Summary: CVE-2007-1049: wordpress < 2.1.1 XSS Product: Fedora Extras Version: devel Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1049 OS/Version: Linux Status: NEW Severity: medium Priority: normal Component: wordpress AssignedTo: jwb(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1049 "Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable." FE5+ apparently affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 1 month

1
9
0 / 0

[Bug 228138] New: CVE-2006-6979: amarok shell escaping issue

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228138 Summary: CVE-2006-6979: amarok shell escaping issue Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: amarok AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6979 "The ruby handlers in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters." Not clear to me which, if any, versions of amarok in FE or upstream are affected. The referenced bugs.kde.org entry is open and there are no comments at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 1 month

1
2
0 / 0

firefox 1.5.0.10 update timeframe?

by Matthew Miller

As I'm sure everyone knows, the Red Hat Enterprise Linux errata for this is already out, and marked as critical. No sign of a corresponding update for any of the supported Fedora versions. Please let's not have this be another one of those cases where Fedora's Firefox is vulnerable for weeks. It is, frankly, embarrassing. -- Matthew Miller mattdm(a)mattdm.org <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>

17 years, 2 months

3
8
0 / 0

[Bug 229202] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229202 ------- Additional Comments From enrico.scholz(a)informatik.tu-chemnitz.de 2007-02-25 09:12 EST ------- I took it from the Debian changelog | [CVE-2007-0899] Possible heap overflow in libclamav/fsg.c I do not have more details. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

[Bug 229202] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229202 ------- Additional Comments From ville.skytta(a)iki.fi 2007-02-25 08:41 EST ------- Enrico, there are references and patches related to CVE-2007-0899 in the 0.88.7-2 update, however I'm not able to find any real info about that CVE anywhere; in MITRE it's just reserved, and in NVD it's empty. Any links to publicized info about the issue? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

[Bug 229202] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229202 ------- Additional Comments From tibbs(a)math.uh.edu 2007-02-23 10:21 EST ------- Why? Maintenance is not about always pushing out the absolute latest version. If you have a compelling argument to make regarding why all machines should get 0.90 then please make it. If you have questions about why 0.90 is not appropriate to push out to all machines then please ask them. The bottom line is that it is the maintainer's decision. You can always grab the devel SRPM or check the source out from CVS and build it yourself if you disagree. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

[Bug 229202] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229202 ------- Additional Comments From abuse(a)basmevissen.nl 2007-02-23 03:48 EST ------- Hmmm, I regard this as quite lousy... -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

[Bug 229205] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229205 enrico.scholz(a)informatik.tu-chemnitz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.88.7-2 ------- Additional Comments From enrico.scholz(a)informatik.tu-chemnitz.de 2007-02-22 05:18 EST ------- thx, should be fixed by current release -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

[Bug 229202] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229202 enrico.scholz(a)informatik.tu-chemnitz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.88.7-2 ------- Additional Comments From enrico.scholz(a)informatik.tu-chemnitz.de 2007-02-22 05:17 EST ------- CVEs should be fixed by 0.88.7-2; freshclam warning is only a warning and I do not plan to update version FC-5/6 to 0.90 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

[Bug 229202] 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229202 ------- Additional Comments From abuse(a)basmevissen.nl 2007-02-22 04:05 EST ------- This update will also fix the following warning in the logs: Last Status: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.88.7 Recommended version: 0.90 DON'T PANIC! Read http://www.clamav.net/faq.html main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) daily.cvd updated (version: 2623, sigs: 9598, f-level: 13, builder: ccordes) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 10, recommended = 13 DON'T PANIC! Read http://www.clamav.net/faq.html Database updated (93549 signatures) from db.NL.clamav.net (IP: 145.58.27.1 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] February 2007