-
Posts
2022 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Everything posted by aru
-
Mandriva Security Advisories MDKA-2005:041 : freetype2 Updated freetype2 packages fix subpixel rendering bug October 6th, 2005 Updated freetype2 packages fix an invalid subpixel rendering (for LCD screens) with Bitstream Vera font problem.The Bitstream Vera font is the font used by default. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKA-2005:041 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:171 : kernel Updated kernel packages fix multiple vulnerabilities October 3rd, 2005 A number of vulnerabilities in the 2.6 Linux kernel have been corrected with these updated packages: An array index overflow in the xfrm_sk_policy_insert function could allow a local user to cause a Denial of Service (oops or deadlock) and possibly execute arbitrary code (CAN-2005-2456). The zlib routines in the Linux 2.6 kernel before 2.6.12.5 allowed a remote attacker to cause a DoS (crash) via a compressed file with "improper tables" (CAN-2005-2458). The huft_build function in the zlib routines in Linux 2.6 kernels prior to 2.6.12.5 returned the wrong value, allowing remote attackers to cause a DoS (crash) via a certain compressed file (CAN-2005-2459). A stack-based buffer overflow in the sendmsg function call in Linux 2.6 kernels prior to 2.6.13.1 allow local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread (CAN-2005-2490). xattr.c in the ext2 and ext3 file system code in the 2.6 Linux kernel did not properly compare the name_index fields when sharing xattr blocks which would prevent default ACLs from being applied (CAN-2005-2801). The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 when running on 64-bit processors allowed remote attackers to cause a DoS (kernel panic) via certain attacks such as SSH brute force (CAN-2005-2872). The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 did not properly perform certain time tests when the jiffies value is greater than LONG_MAX which could cause ipt_recent netfilter rules to block too early (CAN-2005-2873). The updated packages have been patched to address these issues and all users are urged to upgrade immediately. Updated kernels for Mandrivalinux 10.1 and later will be made available soon. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:171 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:170 : mozilla Updated mozilla packages fix multiple vulnerabilities September 26th, 2005 A number of vulnerabilities have been discovered in Mozilla that have been corrected in version 1.7.12: A bug in the way Mozilla processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CAN-2005-2701). A bug in the way Mozilla handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CAN-2005-2702). A bug in the way Mozilla makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CAN-2005-2703). A bug in the way Mozilla implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CAN-2005-2704). An integer overflow in Mozilla's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CAN-2005-2705). A bug in the way Mozilla displays about: pages could be used to execute JavaScript with chrome privileges (CAN-2005-2706). A bug in the way Mozilla opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CAN-2005-2707). The updated packages have been patched to address these issues and all users are urged to upgrade immediately. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:170 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707 http://www.mozilla.org/security/announce/mfsa2005-58.html Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:169 : mozilla-firefox Updated mozilla-firefox packages fix multiple vulnerabilities September 26th, 2005 A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CAN-2005-2701). A bug in the way Firefox handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CAN-2005-2702). A bug in the way Firefox makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CAN-2005-2703). A bug in the way Firefox implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CAN-2005-2704). An integer overflow in Firefox's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CAN-2005-2705). A bug in the way Firefox displays about: pages could be used to execute JavaScript with chrome privileges (CAN-2005-2706). A bug in the way Firefox opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CAN-2005-2707). A bug in the way Firefox proceesed URLs on the command line could be used to execute arbitary commands as the user running Firefox; this could be abused by clicking on a supplied link, such as from an instant messaging client (CAN-2005-2968). The updated packages have been patched to address these issues and all users are urged to upgrade immediately. The released versions of Mandriva GNU/Linux affected are: 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:169 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968 http://www.mozilla.org/security/announce/mfsa2005-58.html Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:168 : masqmail Updated masqmail packages fix vulnerabilities September 20th, 2005 Jens Steube discovered two vulnerabilities in masqmail: When sending failed mail messages, the address was not properly sanitized which could allow a local attacker to execute arbitrary commands as the mail user (CAN-2005-2662). When opening the log file, masqmail did not relinquish privileges, which could allow a local attacker to overwrite arbitrary files via a symlink attack (CAN-2005-2663). The updated packages have been patched to address these issues. The released versions of Mandriva GNU/Linux affected are: MNF2.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:168 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2663 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:167 : util-linux Updated util-linux packages fix umount vulnerability September 20th, 2005 David Watson disovered that the umount utility, when using the "-r" cpmmand, could remove some restrictive mount options such as "nosuid". IF /etc/fstab contained user-mountable removable devices that specified nosuid, a local attacker could exploit this flaw to execute arbitrary programs with root privileges by calling "umount -r" on a removable device. The updated packages have been patched to ensure that "-r" can only be called by the root user. The released versions of Mandriva GNU/Linux affected are: 10.0 10.1 CS2.1 CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:167 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2876 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:166 : clamav Updated clamv packages fix vulnerabilities September 20th, 2005 A vulnerability was discovered in ClamAV versions prior to 0.87.A buffer overflow could occure when processing malformed UPX-packed executables.As well, it could be sent into an infinite loop when processing specially-crafted FSG-packed executables. ClamAV version 0.87 is provided with this update which isn't vulnerable to these issues. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:166 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:165 : cups Updated cups packages fix vulnerability September 19th, 2005 A vulnerability in CUPS would treat a Location directive in cupsd.conf as case-sensitive, allowing attackers to bypass intended ACLs via a printer name containing uppercase or lowecase letters that are different from that which was specified in the Location directive. This issue only affects versions of CUPS prior to 1.1.21rc1. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.0 CS2.1 CS3.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:165 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2154 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:138-1 : cups Updated cups packages fix vulnerability September 19th, 2005 A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields.As a result, this could cause the pdtops filter to crash. Update: The patch to correct this problem was not properly applied to the Mandriva 10.1 packages.This update properly patches the packages. The released versions of Mandriva GNU/Linux affected are: 10.1 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:138-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKA-2005:040 : drakbt Updated drakbt packages provide updated URLs September 19th, 2005 Updated drakbt packages are available to reflect the new URLs for the Mandriva domain names. The released versions of Mandriva GNU/Linux affected are: 10.1 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKA-2005:040 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:164 : XFree86 Updated XFree86/x.org packages fix vulnerability September 13th, 2005 A vulnerability was discovered in the pixmap allocation handling of the X server that can lead to local privilege escalation.By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap, leading to a buffer overflow which could then be exploited to execute arbitrary code with full root privileges. The updated packages have been patched to address these issues. The released versions of Mandriva GNU/Linux affected are: 10.0 10.1 CS2.1 CS3.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:164 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:163 : MySQL Updated MySQL packages fix vulnerability September 12th, 2005 A stack-based buffer overflow was discovered in the init_syms function in MySQL that allows authenticated users that can create user-defined functions to execute arbitrary code via a long function_name field. The updated packages have been patched to address these issues. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:163 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2558 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:162 : squid Updated squid packages fix vulnerabilities September 12th, 2005 Two vulnerabilities were recently discovered in squid: The first is a DoS possible via certain aborted requests that trigger an assertion error related to "STOP_PENDING" (CAN-2005-2794). The second is a DoS caused by certain crafted requests and SSL timeouts (CAN-2005-2796). The updated packages have been patched to address these issues. The released versions of Mandriva GNU/Linux affected are: 10.1 CS2.1 CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:162 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:161 : apache2 Updated apache2 packages to address multiple vulnerabilities September 8th, 2005 A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient" directive. This flaw occurs if a virtual host is configured using "SSLVerifyClient optional" and a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. (CAN-2005-2700) A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CAN-2005-2728) The updated packages have been patched to address these issues. The released versions of Mandriva GNU/Linux affected are: 10.0 10.1 CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:161 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:160 : kdebase Updated kdebase packages fix potential local root vulnerability September 6th, 2005 Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in someconfigurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to bewriteable for a user that is allowed to invoke kcheckpass. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:160 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494 http://www.kde.org/info/security/advisory-20050905-1.txt Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:159 : kdeedu Updated kdeedu packages fix tempfile vulnerability September 6th, 2005 Ben Burton notified the KDE security team about several tempfilehandling related vulnerabilities in langen2kvtml, a conversion scriptfor kvoctrain. This vulnerability was initially discovered by JavierFernández-Sanguino Peña. The script uses known filenames in /tmp which allow an local attackerto overwrite files writeable by the user (manually) invoking theconversion script. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:159 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2101 http://www.kde.org/info/security/advisory-20050815-1.txt Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:158 : mplayer Updated mplayer packages fix vulnerabilities September 6th, 2005 Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via a video file with an audio header containing a large value in a strf chunk. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:158 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718 http://www.sven-tantau.de/public_files/mpl...er_20050824.txt Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:157 : smb4k Updated smb4k packages fix vulnerabilities September 6th, 2005 A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE. Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:157 Other references: http://smb4k.berlios.de Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:156 : ntp Updated ntp packages fix small security-related issue. September 6th, 2005 When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:156 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2496 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:155 : apache2 Updated apache2 packages fix integer overflow vulnerability August 29th, 2005 Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The apache2 packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. 10.1 and 10.2/LE2005 are already built againstthe system pcre. The released versions of Mandriva GNU/Linux affected are: 10.0 CS3.0 MNF2.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:155 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:154 : python Updated python packages fix integer overflow vulnerability August 26th, 2005 Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The python packages use a private copy of pcre code. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.0 10.1 CS2.1 CS3.0 MNF2.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:154 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:153 : gnumeric Updated gnumeric packages fix integer overflow vulnerability August 26th, 2005 Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The gnumeric packages use a private copy of pcre code. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:153 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:127-1 : mozilla-thunderbird Updated mozilla-thunderbird packages fix multiple vulnerabilities August 26th, 2005 A number of vulnerabilities were reported and fixed in Thunderbird 1.0.5 and Mozilla 1.7.9.The following vulnerabilities have been backported and patched for this update: The native implementations of InstallTrigger and other XPInstall- related javascript objects did not properly validate that they were called on instances of the correct type.By passing other objects, even raw numbers, the javascript interpreter would jump to the wrong place in memory.Although no proof of concept has been developed we believe this could be exploited (MFSA 2005-40). moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like clicking on a link or open the context menu.The common cause in each case was privileged UI code ("chrome") being overly trusting of DOM nodes from the content window.Scripts in the web page can override properties and methods of DOM nodes and shadow the native values, unless steps are taken to get the true underlying values (MFSA 2005-41). Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional variant of MFSA 2005-41 (MFSA 2005-44). In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events genenerated by web content. The problems ranged from minor annoyances like switching tabs or entering full-screen mode, to avariant on MFSA 2005-34 Synthetic events are now prevented from reaching the browser UI entirely rather than depend on each potentially spoofed function to protect itself from untrusted events (MFSA 2005-45). Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them.In the Thunderbird and Mozilla Suite mail clients Javascript is disabled by default for protection against denial-of-service attacks and worms; this vulnerability could be used to bypass that protection (MFSA 2005-46). When InstallVersion.compareTo() is passed an object rather than a string it assumed the object was another InstallVersion without verifying it. When passed a different kind of object the browser would generally crash with an access violation.shutdown has demonstrated that different javascript objects can be passed on some OS versions to get control over the instruction pointer. We assume this could be developed further to run arbitrary machine code if the attacker can get exploit code loaded at a predictable address (MFSA 2005-50). A child frame can call top.focus() even if the framing page comes from a different origin and has overridden the focus() routine. The call is made in the context of the child frame. The attacker would look for a target site with a framed page that makes this call but doesn't verify that its parent comes from the same site. The attacker could steal cookies and passwords from the framed page, or take actions on behalf of a signed-in user. This attack would work only against sites that use frames in this manner (MFSA 2005-52). Parts of the browser UI relied too much on DOM node names without taking different namespaces into account and verifying that nodes really were of the expected type. An XHTML document could be used to create fakeelements, for example, with content-defined properties that the browser would access as if they were the trusted built-in properties of the expected HTML elements.The severity of the vulnerability would depend on what the attacker could convince the victim to do, but could result in executing user-supplied script with elevated "chrome" privileges. This could be used to install malicious software on the victim's machine (MFSA 2005-55). Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object.This could be used to execute code with enhanced privileges (MFSA 2005-56). The updated packages have been patched to address these issue. Update: There was a slight regression in the handling of "right-click" menus in the packages previously released that is corrected with this new update. The released versions of Mandriva GNU/Linux affected are: 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:127-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270 http://www.mozilla.org/security/announce/mfsa2005-40.html http://www.mozilla.org/security/announce/mfsa2005-41.html http://www.mozilla.org/security/announce/mfsa2005-44.html http://www.mozilla.org/security/announce/mfsa2005-45.html http://www.mozilla.org/security/announce/mfsa2005-46.html http://www.mozilla.org/security/announce/mfsa2005-50.html http://www.mozilla.org/security/announce/mfsa2005-52.html http://www.mozilla.org/security/announce/mfsa2005-55.html http://www.mozilla.org/security/announce/mfsa2005-56.html http://secunia.com/advisories/15549/ Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:152 : php Updated php packages fix integer overflow vulnerability August 25th, 2005 Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The php packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.0 10.1 CS2.1 CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:152 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)
-
Mandriva Security Advisories MDKSA-2005:151 : pcre Updated pcre packages fix integer overflow vulnerability August 25th, 2005 Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.0 10.1 CS2.1 CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:151 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $)