[Bug 231734] New: CVE-2007-1246: xine-lib buffer overflow
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734
Summary: CVE-2007-1246: xine-lib buffer overflow
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: xine-lib
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list@redhat.com,ville.skytta(a)iki.fi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246
Originally reported against MPlayer, but it turns out xine-lib is vulnerable
too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still
at 1.1.2, probably already lacking "several bug and security fixes" as put by
upstream in the 1.1.3 release announcement. No FC5 system here to test with, so
leaving up to Aurelien to decide whether to update while at it or just to
possibly apply the patch for this issue from FC6+ (if it applies, unchecked).
------- Additional Comments From ville.skytta(a)iki.fi 2007-03-10 17:29 EST -------
Created an attachment (id=149781)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=view)
Fix from upstream CVS
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 10 months
[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Login attempts as root may go unnoticed
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449
tibbs(a)math.uh.edu changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |CLOSED
Resolution| |CURRENTRELEASE
Fixed In Version| |2.6-4
------- Additional Comments From tibbs(a)math.uh.edu 2007-04-24 18:21 EST -------
I did some testing and let the new version stew on my servers overnight. Since
that went OK, I pushed and built for F7, FC6, FC5, EL5 and EL4.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years
[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Login attempts as root may go unnoticed
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449
------- Additional Comments From jonathan.underwood(a)gmail.com 2007-04-23 12:28 EST -------
(In reply to comment #4)
> Any clue as to what this looks like for an IPv6 denial?
Um, no. Seems irrelevant though, this fix is as IPV6 safe as the rest of
DenyHosts - basically it brings REGEX7 into alignment with the other REGEXs - if
this is broken for IPV6, then all the others are too. I don't have any way to
test this I'm afraid.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years