April 2007 - security [ARCHIVED] - Fedora Mailing-Lists

[Bug 231734] New: CVE-2007-1246: xine-lib buffer overflow

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 Summary: CVE-2007-1246: xine-lib buffer overflow Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xine-lib AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list@redhat.com,ville.skytta(a)iki.fi http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246 Originally reported against MPlayer, but it turns out xine-lib is vulnerable too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still at 1.1.2, probably already lacking "several bug and security fixes" as put by upstream in the 1.1.3 release announcement. No FC5 system here to test with, so leaving up to Aurelien to decide whether to update while at it or just to possibly apply the patch for this issue from FC6+ (if it applies, unchecked). ------- Additional Comments From ville.skytta(a)iki.fi 2007-03-10 17:29 EST ------- Created an attachment (id=149781) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=view) Fix from upstream CVS -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 10 months

1
2
0 / 0

[Bug 228764] New: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764 Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: normal Component: moin AssignedTo: matthias(a)rpmforge.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com CVE's against moin 1.5.7, with little useful information available at the moment: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0902 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 11 months

1
3
0 / 0

[Bug 235416] New: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235416 Summary: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: imlib AssignedTo: paul(a)city-fan.org ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1026 These two old issues appear to be still present in FE6 (1.9.13-*) and devel (1.9.15-*) imlib packages. Bug 138516 contains a test case XPM as well as a patch which should fix these issues. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 11 months

1
3
0 / 0

[Bug 237449] Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood(a)gmail.com 2007-04-25 06:15 EST ------- Splendid, thanks. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years

1
0
0 / 0

[Bug 237449] Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 tibbs(a)math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |2.6-4 ------- Additional Comments From tibbs(a)math.uh.edu 2007-04-24 18:21 EST ------- I did some testing and let the new version stew on my servers overnight. Since that went OK, I pushed and built for F7, FC6, FC5, EL5 and EL4. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years

1
0
0 / 0

[Bug 237449] Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood(a)gmail.com 2007-04-23 12:41 EST ------- OK, thanks. An update for FC6 would also be much appreciated. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years

1
0
0 / 0

[Bug 237449] Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From tibbs(a)math.uh.edu 2007-04-23 12:36 EST ------- OK, let me do a build and see if I can get this past releng for F7. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years

1
0
0 / 0

[Bug 237449] Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood(a)gmail.com 2007-04-23 12:28 EST ------- (In reply to comment #4) > Any clue as to what this looks like for an IPv6 denial? Um, no. Seems irrelevant though, this fix is as IPV6 safe as the rest of DenyHosts - basically it brings REGEX7 into alignment with the other REGEXs - if this is broken for IPV6, then all the others are too. I don't have any way to test this I'm afraid. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years

1
0
0 / 0

[Bug 237449] Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood(a)gmail.com 2007-04-23 12:25 EST ------- Created an attachment (id=153291) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=153291&action=view) Fix REGEX7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years

1
0
0 / 0

[Bug 237449] Login attempts as root may go unnoticed

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 tibbs(a)math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fedora-security- | |list(a)redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] April 2007