September 2007 - security [ARCHIVED]

fedora-security/audit fc6,1.266,1.267 fc7,1.116,1.117

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12697 Modified Files: fc6 fc7 Log Message: elinks Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.266 retrieving revision 1.267 diff -u -r1.266 -r1.267 --- fc6 21 Sep 2007 14:29:48 -0000 1.266 +++ fc6 21 Sep 2007 21:28:10 -0000 1.267 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC6 as of 20070916 +CVE-2007-5034 VULNERABLE (elinks) #297611 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561 CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.116 retrieving revision 1.117 diff -u -r1.116 -r1.117 --- fc7 21 Sep 2007 14:29:48 -0000 1.116 +++ fc7 21 Sep 2007 21:28:10 -0000 1.117 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +CVE-2007-5034 VULNERABLE (elinks) #297981 GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771 GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc6,1.265,1.266 fc7,1.115,1.116

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3532/audit Modified Files: fc6 fc7 Log Message: update on some older kde issues Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.265 retrieving revision 1.266 diff -u -r1.265 -r1.266 --- fc6 21 Sep 2007 06:43:46 -0000 1.265 +++ fc6 21 Sep 2007 14:29:48 -0000 1.266 @@ -133,6 +133,7 @@ CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577] +CVE-2007-1308 version (kdelibs) CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.115 retrieving revision 1.116 diff -u -r1.115 -r1.116 --- fc7 21 Sep 2007 07:40:08 -0000 1.115 +++ fc7 21 Sep 2007 14:29:48 -0000 1.116 @@ -285,8 +285,8 @@ CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1583 version (php, fixed 5.2.2) -CVE-2007-1565 ignore (konqueror) client crash -CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] +CVE-2007-1565 ignore (konqueror) client crash, duplicate of CVE-2007-1308 +CVE-2007-1564 version (kdelibs) affects konqueror CVE-2007-1562 version (mozilla) #241840 CVE-2007-1560 version (squid, fixed 2.6.STABLE12) CVE-2007-1558 version (balsa) [since FEDORA-2007-1447] @@ -339,6 +339,7 @@ *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 +CVE-2007-1308 version (kdelibs) CVE-2007-1287 ignore (php) See NVD CVE-2007-1286 version (php, PHP4 only) CVE-2007-1285 version (php, 5.2.2) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc7,1.114,1.115

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4085/audit Modified Files: fc7 Log Message: inotify-tools buffer overflow Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.114 retrieving revision 1.115 diff -u -r1.114 -r1.115 --- fc7 21 Sep 2007 06:43:46 -0000 1.114 +++ fc7 21 Sep 2007 07:40:08 -0000 1.115 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771 GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc6,1.264,1.265 fc7,1.113,1.114

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29230/audit Modified Files: fc6 fc7 Log Message: kdm vulnerability Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.264 retrieving revision 1.265 diff -u -r1.264 -r1.265 --- fc6 20 Sep 2007 08:53:35 -0000 1.264 +++ fc6 21 Sep 2007 06:43:46 -0000 1.265 @@ -23,6 +23,7 @@ CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) +CVE-2007-4569 VULNERABLE (kdebase) #299741 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.113 retrieving revision 1.114 diff -u -r1.113 -r1.114 --- fc7 20 Sep 2007 09:28:51 -0000 1.113 +++ fc7 21 Sep 2007 06:43:46 -0000 1.114 @@ -37,6 +37,7 @@ CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] +CVE-2007-4569 VULNERABLE (kdebase) #299731 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc7,1.112,1.113

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4025 Modified Files: fc7 Log Message: Libsndfile got a CVE add balsa Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.112 retrieving revision 1.113 diff -u -r1.112 -r1.113 --- fc7 20 Sep 2007 08:53:35 -0000 1.112 +++ fc7 20 Sep 2007 09:28:51 -0000 1.113 @@ -8,9 +8,10 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 -GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221 +GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-4974 VULNERABLE (libsndfile) #296221 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc6,1.263,1.264 fc7,1.111,1.112

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29356/audit Modified Files: fc6 fc7 Log Message: ekiga / opal tracking bugs. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.263 retrieving revision 1.264 diff -u -r1.263 -r1.264 --- fc6 19 Sep 2007 15:39:17 -0000 1.263 +++ fc6 20 Sep 2007 08:53:35 -0000 1.264 @@ -8,8 +8,8 @@ # Up to date FC6 as of 20070916 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow -CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 -CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561 +CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) CVE-2007-4752 VULNERABLE (openssh) #280471 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.111 retrieving revision 1.112 diff -u -r1.111 -r1.112 --- fc7 19 Sep 2007 15:39:17 -0000 1.111 +++ fc7 20 Sep 2007 08:53:35 -0000 1.112 @@ -12,7 +12,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow -CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc6,1.262,1.263 fc7,1.110,1.111

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24650/audit Modified Files: fc6 fc7 Log Message: Few more issues. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.262 retrieving revision 1.263 diff -u -r1.262 -r1.263 --- fc6 19 Sep 2007 13:24:50 -0000 1.262 +++ fc6 19 Sep 2007 15:39:17 -0000 1.263 @@ -7,7 +7,10 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC6 as of 20070916 -CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) +CVE-2007-4965 VULNERABLE (python) imageop module heap overflow +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 +CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 +CVE-2007-4829 VULNERABLE (perl-Archive-Tar) CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] @@ -21,6 +24,8 @@ CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] +CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal +CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.110 retrieving revision 1.111 diff -u -r1.110 -r1.111 --- fc7 19 Sep 2007 13:24:50 -0000 1.110 +++ fc7 19 Sep 2007 15:39:17 -0000 1.111 @@ -11,11 +11,14 @@ GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-4897 version (ekiga, version 2.0.9 ?) +CVE-2007-4965 VULNERABLE (python) imageop module heap overflow +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 +CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4840 ignore (php) +CVE-2007-4829 VULNERABLE (perl-Archive-Tar) CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) in updates-testing CVE-2007-4752 VULNERABLE (openssh) #280461 @@ -36,7 +39,7 @@ CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal -CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852] +CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

RE: Separate list for commits

by Dan Davis

Lubomir Kundrak wrote: > Well, that sounds fair, but be warned, that the audit files are specially for our > track and doesn't have to be 100% reliable. Watching the package announce list > for [SECURITY] things can be always relied on, though it will have some latency > compared to this, as packagers need time to roll updates. Anyways, knowing about > the vulnerability and not having the updated package avaliable is not always usable. I'll be subscribing to the package announce list, and maybe using the commit log less. > So you are for separating the lists. Is the only issue the name of the list? In > that case, the CVS logs traditionally go to -commits mailing lists. I assume it > won't be much of an issue for you to subscribe to that one and unsubscribe this > one eventually, if you're not interested in discussions, just in raw audit data. Not really hard to resubscribe -- I just viewed the discussion as my opportunity to find out what is the best way to keep up to date on Fedora security issues.

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc6,1.261,1.262 fc7,1.109,1.110

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4111 Modified Files: fc6 fc7 Log Message: wpa_supplicant was no problem. added libsndfile. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.261 retrieving revision 1.262 diff -u -r1.261 -r1.262 --- fc6 18 Sep 2007 15:43:23 -0000 1.261 +++ fc6 19 Sep 2007 13:24:50 -0000 1.262 @@ -7,7 +7,6 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC6 as of 20070916 -GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) CVE-2007-4752 VULNERABLE (openssh) #280471 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.109 retrieving revision 1.110 diff -u -r1.109 -r1.110 --- fc7 18 Sep 2007 15:43:23 -0000 1.109 +++ fc7 19 Sep 2007 13:24:50 -0000 1.110 @@ -8,9 +8,9 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 version (ekiga, version 2.0.9 ?) CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

Re: Separate list for commits

by Dan Davis

I subscribe to this list so I can get alerted to new CVE related bugs. While the audit files change log was hard to understand at first, I can now easily scan for packages my server relies on, and run yum to get new packages if something is fixed. Is there a better way for me to learn about vulnerabilities? If this is the preferred way, then it would be nice to keep the commit log on this list, so I don't have to subscribe to both. I'd also argue that if this is the preferred way, then a new list for security discussions would be a better way to change things. -----Original Message----- From: fedora-security-list-bounces(a)redhat.com [mailto:fedora-security-list-bounces@redhat.com] On Behalf Of fedora-security-list-request(a)redhat.com Sent: Tuesday, September 18, 2007 12:00 PM To: fedora-security-list(a)redhat.com Subject: Fedora-security-list Digest, Vol 19, Issue 15 Send Fedora-security-list mailing list submissions to fedora-security-list(a)redhat.com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/fedora-security-list or, via email, send a message with subject or body 'help' to fedora-security-list-request(a)redhat.com You can reach the person managing the list at fedora-security-list-owner(a)redhat.com When replying, please edit your Subject line so it is more specific than "Re: Contents of Fedora-security-list digest..." Today's Topics: 1. Re: Separate list for commits (Kevin Fenzi) 2. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities (bugzilla(a)redhat.com) 3. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities (bugzilla(a)redhat.com) 4. Re: Separate list for commits (Lubomir Kundrak) 5. Re: Separate list for commits (Eugene Teo) 6. [RFC] Tracking bugs for Fedora; managing security flaws in multiple supported releases (Lubomir Kundrak) 7. fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109 (Tomas Hoger (thoger)) ---------------------------------------------------------------------- Message: 1 Date: Mon, 17 Sep 2007 15:22:35 -0600 From: Kevin Fenzi <kevin(a)tummy.com> Subject: Re: Separate list for commits To: fedora-security-list(a)redhat.com Message-ID: <20070917152235.22da91ac(a)ghistelwchlohm.scrye.com> Keywords: Debian-sarge Content-Type: text/plain; charset="us-ascii" On Mon, 17 Sep 2007 17:27:47 +0200 Lubomir Kundrak <lkundrak(a)redhat.com> wrote: > Hi all, > > Wit the volume of the commit messagaes and bugzilla mails this list > became less suited for discussions. Would anyone mind creating another > list, say fedora-security-commits-list, where would that sort of mails > go? I filter such emails into another box, so discussion shows up just fine here. Perhaps we could use mailman "Topics" support better here? ie, make all bugzilla and commits emails have their own topic. If you just subscribe you get everything, but if you don't want everything you can change your topics so you don't get the things you don't want? Or for that matter, perhaps we could just get the regular commits list to have a security topic for people who only want security commits? Just a thought. > Regards, kevin

16 years, 7 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] September 2007