LWN.net Logo

LWN.net Weekly Edition for October 5, 2006

Similar in spirit?

The recent discussions on the proposed version 3 of the GNU General Public License have been well documented here and elsewhere. This proposal has clearly exposed some differences of opinion within the development community, with the anti-DRM provisions being at the core of the debate. The addition of these provisions has created a fair amount of ill will against the Free Software Foundation; opposition to them appears to have created similar feelings in the opposite direction.

In theory, this disagreement should not come about. GPLv2 contains the following language:

9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

If the FSF is adhering to its part of this bargain, then anybody who bought into the "spirit" of GPLv2 should not have trouble with this revision. So, clearly, those who oppose the GPLv3 draft - many of whom have released vast amounts of code under GPLv2 - believe that the revisions are not "similar in spirit." Some have gone as far as to accuse the FSF of using its power over the GPL to push its founder's radical agenda onto the code of large numbers of unwilling developers.

That accusation is probably over the top. The FSF is, with GPLv3, attempting to respond to a number of problems as it sees them. Software patents are a clear problem, and the GPLv3 draft tries to mitigate that problem somewhat. International applicability of the license has not yet proved to be a problem in practice, but it is clearly something that reasonable lawyers can worry about. It seems worth fixing the language before some court somewhere on the planet decides that the GPLv2 incantations only work in the US. And so on.

The FSF also, clearly, sees locked-down systems as a problem. It is interesting that this has not always been the case; back in 2000, LWN took issue with an interview with Richard Stallman, where he said:

I'm less concerned with what happens with embedded systems than I am with real computers. The real reason for this is the moral issues about software freedom are much more significant for computers that users see as a computer. And so I'm not really concerned with what's running inside my microwave oven.

(This interview has disappeared off the original site, but the Wayback Machine has it).

Most TiVo owners probably see their gadget as being more like a microwave oven than a computer. It is not that TiVo has come along since then (the 2000 LWN article mentions it); what has changed is the FSF's - or, at least, Richard Stallman's - position on it.

There are few people who disagree with the idea that locked-down systems can be a problem. Beyond the fact that such devices will always deny users the full potential of the hardware, they can spy on us, deny fair use rights under copyright law, lock us out of our own data, prevent us from fixing serious problems, and so on. Locked-down systems are designed to implement the goals of somebody other than the ultimate owner of the device. Such systems are undesirable at best, and outright evil at their worst.

The disagreement is over how this problem should be addressed. The two sides, insofar as there are two clear sides, would appear to be these:

  • The anti-DRM provisions are a licensing-based response to a legal and market problem. They prohibit legitimate uses of the technology (examples could be ensuring that certified software runs on voting machines or systems - like X-ray machines - which could hurt people if the wrong software is run) while failing to solve the real problem. These provisions are trivially circumvented by putting the software in ROM, do nothing about the DRM being incorporated into all aspects of computing systems, and would primarily result in Linux being replaced with proprietary software in the embedded market. These provisions are a new restriction on how the software can be used, and, thus, are not "similar in spirit" to GPLv2.

  • The new provisions are needed to preserve the user's freedom to modify, rebuild, and replace the original software on devices that this user owns. Failure to provide encryption keys when the hardware requires them is a fundamental failure to live up to the moral requirements of using free software and, according to some, is already a violation of GPLv2. DRM is an evil which threatens to take away many of the freedoms we have worked so hard to assure for ourselves; it must be fought whenever possible and it certainly should not be supported by free software. The anti-DRM provisions simply reaffirm the freedoms we had thought the GPL already guaranteed to us, and, thus, they are very much "similar in spirit" to GPLv2.

This logjam looks hard to break. Your editor, in his infinite humility, would like to offer a couple of suggestions, however:

  • Reasonable people who believe in free software, and who have put much of their lives into the creation of that software, can support either of the two viewpoints above (or other viewpoints entirely). They are not (necessarily) free software fundamentalist radicals, corporate stooges, people on power trips, or any of those other mean and nasty things they have been called in recent times. We can discuss this issue without doubting each others' motives and without the need for personal attacks.

  • The FSF clearly has some strong feelings about what it wants to achieve with this license revision, and there are issues it does not want to back down on. There have also been signs, however, that the FSF is listening more than it has in the creation of any other license. This process is not done yet, there is no GPLv3 at this time. Continued, polite participation in the process would seem to be called for.

Finally, while your editor is standing on this nice soapbox... The anti-DRM language was very appealing when it first came out. Your editor does not much appreciate the idea of some vendor locking up his software and selling it back to him in a non-modifiable and potentially hostile form. It is a violation of the social contract (if not the legal license) under which the software was contributed.

But the attempt to address this problem in GPLv3 carries a high risk of splitting the development community while doing very little to solve the real problem. Dropping that language could help to bring the community back together behind the new license, leaving us united to fight DRM (and numerous other attacks on our freedom) in more effective ways. The FSF may want to consider whether, in the long run, its goals would be better served by a license which lacks this language. Such a license might be closer to the spirit which brought this community together in the first place.

Comments (157 posted)

Busy busy busybox

BusyBox is a set of command-line utilities developed with the goal of keeping its size as small as possible. To that end, all unnecessary options and code are ruthlessly cut out, and the entire command set is implemented by a single, multipurpose executable. BusyBox is found in a number of embedded environments; chances are it is running on your wireless router, for example. The command set has reached a level of capability that the new BusyBox maintainer believes that it is almost ready for use on desktop systems.

Yes, BusyBox has a new maintainer, as the result of another disagreement over the draft revision of the GNU General Public License (GPLv3). This episode is worth looking at, as it may be an omen of disagreements that could come up in other projects as the GPLv3 process moves forward.

Some projects reach 1.0 more quickly than others. BusyBox is one of the others. It was started by Bruce Perens in 1995, and became part of the Debian boot process. Bruce moved on to other interests shortly afterward, leaving BusyBox in an idle state, where it remained for a few years. Under the maintainership of Erik Andersen, BusyBox came back to life, and the much-delayed 1.0 release happened almost exactly two years ago - in October, 2004. Version numbers can be deceiving, however, as BusyBox had been in production use for many years prior to 1.0.

In recent years, the BusyBox maintainer has been Rob Landley, an energetic individual (at least, when sufficient caffeine is at hand) who has done a lot to push the project forward. So the task of thinking about how BusyBox and GPLv3 relate fell to him. Since BusyBox can be found in so many embedded systems, it finds itself at the core of the GPLv3 anti-DRM debate. A GPLv3-licensed BusyBox would create obvious difficulties for any vendor wishing to incorporate it into a locked-down product.

BusyBox is not a GNU project, so the Free Software Foundation does not hold its copyrights; instead, those copyrights are retained by the original authors. As Rob looked over the code, he found many contributions with the usual "or any later version" language which would allow a change to GPLv3. Others, however, had the explicit "version 2 only" language. Some, contributed by one Linus Torvalds, state that they "may be redistributed as per the Linux copyright." Some other contributions carry a BSD license - originally with the GPL-incompatible advertising clause. It was quite the mixture of licenses.

Rob was especially concerned about the version-2-only licensing, since that would obviously get in the way of any switch to GPLv3. And, in any case, he was ambivalent at best about GPLv3; it seems that the BusyBox project had developed a plan to dual-license its code under both GPL versions, allowing it to continue to be used under either license. So his question with regard to the v2-only code was:

Anybody feel like auditing all those to make sure it was unintentional and check to make sure that nobody that's contributed to any of those files since is unwilling to also have their code under v3, or should we just admit that the BusyBox license is GPLv2 only? (In which case we can take the hotplug patch...)

That led to the beginning of a long and unpleasant discussion about whether BusyBox should move to GPLv3 or not - and it quickly became clear that Rob had no interest in such a move. His reasoning is worth a read, as it includes a couple of new concerns - including the fact that a dual-licensed GPLv2/GPLv3 code base would be unable to accept contributions licensed under a single version (either version) of the license.

Enter Bruce Perens, last seen in in BusyBox circles about ten years ago. Bruce clearly feels that he still has some rights over the code:

When I created Busybox, the policy was that it could be distributed under the GPL. There was no restriction to prevent future versions of the GPL. Over time, my work has been submerged in that of other authors. But IMO it would be respectful of the original author to continue to use those license terms.

What followed was a long discussion on whether DRM differs from simply putting the code into ROM, whether the FSF is more worthy of trust than IBM, whether a move to a GPLv2-only license was possible, how much of Bruce's original contribution remains, and so on. Interested parties are encouraged to go into the BusyBox list archives and spend considerable time plowing through the postings; they do not always show the free software community at its best. The real outcomes, however, are this:

  • BusyBox will be GPLv2 only starting with the next release. It is generally accepted that stripping out the "or any later version" is legally defensible, and that the merging of other GPLv2-only code will force that issue in any case.

  • Bruce Perens wants his contributions to keep the "any later version" language, and has requested ("and required") that the copyright notices reflect this wish. Accommodating a contributor's wishes in this regard is normally done, but Rob Landley has refused to go along; his reason, in the end, boils down to "I'm mad at Bruce and don't want to."

To show that he meant it, Rob launched a project to find and excise any remaining contributions to BusyBox from Bruce. In response, Bruce has announced that he will be creating a fork of BusyBox which will be more responsive to his wishes. All of that may be moot, now that Rob has resigned from the project and handed the maintainership over to Denis Vlasenko - who plans to pursue moving Busybox onto the desktop.

All of this could be dismissed as yet another silly community soap opera - and there is truth to that view. But this is a soap opera which is likely to be rerun a number of times over the coming months. Any project which (1) uses the GPL, and (2) allows contributors to retain their copyrights is likely to have a discussion like this one. Avoiding such discussions is, perhaps, why the FSF is so insistent on obtaining copyrights for the projects it manages.

Version 2 of the GPL has brought together vast numbers of developers into a single agreement on the terms under which their code could be distributed. It may never have been possible to update the GPL without fracturing that agreement; it seems increasingly clear that the GPLv3 draft has, so far, failed in that regard. There are enough developers who see it as not being "similar in spirit" to GPLv2 to ensure that the new license, in its current form, will not be a simple drop-in replacement for its predecessor. Regardless of how one feels about the new terms in the GPLv3 draft, it is hard to see the potential for this sort of discord in the community as a good thing.

(Thanks to the several LWN readers who brought this to our attention).

Comments (279 posted)

Open source systems management software

September 29, 2006

This article was contributed by Glyn Moody

A previous LWN feature examined the rise of the open source enterprise stack - a modular collection of applications that together provide the entire spectrum of enterprise computing functions.  One component of that stack is systems management.  This area encompasses areas such as provisioning and patching of servers; configuration and management of applications running on those servers; and monitoring all elements of the computing system - hardware, software, networks and their security.

Systems management is dominated by the "Big Four": BMC's Performance Manager, CA's Unicenter, HP's OpenView and IBM's Tivoli.  Like many proprietary systems, these are monolithic in design, and attempt to provide every kind of systems management features within a single, highly-complex program.

Free software is by its very nature modular, so open source systems management programs tend to be focused on particular tasks.  This has led to a richness of the free software tools addressing this area, often with multiple solutions for a given problem.  The downside is a confusing array of possibilities, a wide range of rival approaches and some unnecessary duplication of effort.

In an attempt to bring some harmony to this coding cacophony, the Open Management Consortium (OMC) was founded in May 2006 with the following objectives:

  • Create awareness of open source management tools in the market
  • Provide education and resources to help end users make informed decisions regarding open source
  • Establish conventions and standards that enable integration and interoperability
  • Enable collaboration and coordination on common development projects
  • Promote collaborative open source systems management solutions

The founding members of the consortium are Ayamon, Emu Software, Qlusters, Symbiot, Webmin, and Zenoss.  The oldest of these is Jamie Cameron's Webmin, established in 1997, which provides an easy Web-based user interface for Unix system administration.  The project is sponsored by OpenCountry, which joined the OMC in September 2006.  The other founding members of the OMC also support free software projects, in a variety of ways.  For example, Ayamon was founded by Ethan Galstad, who is the creator and lead developer of Nagios, an open source host and service monitor that uses a plug-in architecture to provide a rich range of options.

The case of Symbiot, which provides software for network security event and risk management, is more complex.  The company was founded back in 2001, but initially sold only proprietary products.  Then, as Symbiot's founder and CEO Mike Erwin explains: "We introduced an open toolkit and visualization platform called OpenSIMS in 2005, upon which a great degree of the Symbiot software is based. OpenSIMS is an independent package, maintained by Symbiot and programmed with hooks for other common open source packages."  He says the benefits of this move flow both ways: "Open source code bases provide a method for end-users to do intelligent customization while providing the original code creators with [a] 'lighthouse' pointing them towards where the commercial space should go."

Emu Software took a similar path to openness.  It started life back in 2003 selling NetDirector as a closed source Web-based system administration platform.  "Although we always felt that we would contribute at least part of the product to the open source community," says co-founder Greg Wallace, "we concluded in late 2005 that systems management would be the next big computing market to see significant open source adoption, and we wanted to be out in front."  He believes that certain sectors lend themselves to the open source approach: those where there are "lots of users; a horizontal nature - that is, cross-industry adoption; a high incidence of user desire to customize; an initial market dominated by large incumbent vendors with integrated, and some might say over-engineered, products."

Wallace explains how the OMC is trying to bring some order to the wealth of open source systems management solutions:

The collaboration efforts that I see as being most promising are those that will reduce the complexity for users of having multiple point management solutions in their compute environments.  Having lots of point systems can be a huge headache, and it is one that some big vendors have addressed by building massive, integrated product suites.  But these suites never do everything, and once users go down that road, they can become victim to lock-in.  OMC promises a different solution: make our various systems talk to one another, and reuse as much of each other's architecture as possible.  For example, one initiative that has been discussed is the concept of an open agent that would be shared by various systems.  Were such an open agent to became ubiquitous, it would radically simplify systems management implementation, as well as make such systems far more flexible and adaptive, since users could leverage a common underlying agent architecture to turn on new management functionalities as needed.

And Erwin notes one practical benefit Symbiot has already derived since joining the consortium:

Our offerings sometimes rely on the collection or interpretation of data from other vendors. One such vendor is Nagios. Membership in the consortium has already given us great access to the key code committer (Mr. Galstad) which was invaluable in helping us set a developmental course.

Looking forward, Wallace hopes that the OMC will become "more structured, with some defined working groups and a more defined mission and by-laws.  Eventually, I'd like it to function, and be organized, like Eclipse."  Erwin believes its influence could be considerable: "In the long term, I see the OMC as being a central clearinghouse and repository for system management tools with not only the Big Four's participation, but likely guidance."

That may be some way off, but already the membership of OMC is swelling fast: just four months after its foundation, the original five members had grown to 29.  Among them is Hyperic, another major player in this space, and with an interesting history.  It was originally part of Covalent, which provides commercial support for Apache, before splitting off in March 2004.  Like Symbiot and Emu Software, it too began selling closed source products before opening up its flagship software Hyperic HQ, a suite of inventory auto-discovery, monitoring, alerting and portal tools, in July 2006.

John Mark Walker, head of community development at Hyperic, explains the move: "From Hyperic's founding, it was always our intent to open source HQ - once we felt that it had reached a level of maturity to be useful for a number people, and once we had the in-house resources to properly support our community and foster its growth."  And he points out: "The problem that existing management software strives to address - integrating with every existing and future technology in order to manage it - is only solvable through open source communities. It is impossible for a single company to keep up with all of the newly emerging software and other technologies in the data center. The problem requires the interactive, two-way communication inherent in the open source process.

Not everyone sees the OMC as the way to do this.  For example, another leading company in this area, GroundWork, prefers to do its own integration of open source systems management tools to create its GroundWork Monitor product line, which includes both closed and proprietary elements.  Although the company says it doesn't "see a particular need in being a part of the OMC at this time," it has created its own Open Source Council in August 2006, with the aim of ensuring that GroundWork "will always be comprised of the very best open source projects comprehensively integrated into a platform."  Whether within or outside the context of the OMC, integration remains the key challenge for open source management tools.

Glyn Moody writes about open source at opendotdotdot.

Comments (5 posted)

Page editor: Jonathan Corbet

Security

A look at OpenID

October 4, 2006

This article was contributed by Jake Edge.

The OpenID project is an effort to produce a decentralized, open, user-centric identity management framework. The main benefit for users will be a 'single sign on' to websites that support it. The project provides open source libraries for both websites requiring authentication (relying parties) and for the servers that provide the authentication (identity providers, IdPs). One of the main goals is to allow anyone to run a server that authenticates their own or others' identities and avoid the centralized model of other identity frameworks.

At its core, OpenID allows a user to associate a URL with his or her identity; a server can then authenticate that the user is the owner of that URL. Giving users control of their own identity makes OpenID a user-centric identity management system. To use OpenID authentication, the username is the URL and the password is stored on the identity provider. Thus, the same password is used to authenticate multiple accounts on various websites.

There are different ways to use OpenID, depending on what the user's requirements and capabilities are. In the simplest case, one can sign up for a free account at a provider like MyOpenID and it will generate a URL for you to use (the author's test account was jake.edge.myopenid.com). After that, you can submit that URL at any OpenID enabled website and authenticate it. If you have not visited the site before, you will be redirected to MyOpenID to enable that site to authenticate you. You may also need to login to MyOpenID if you have not established a session there recently. Once you have enabled authentication, you are redirected back to the original site and MyOpenID will have authenticated you. If you have a valid MyOpenID session and have previously enabled the site you are visiting, you can be authenticated behind the scenes when you provide your URL and will be able to log in without providing a password.

Another way to use a service like MyOpenID is by using a URL under your control as your identity. By putting some HTML into the HEAD section of the index document served from that URL, you can delegate the authentication to another server and gain the benefits of using your own URL without running your own OpenID server. If you do that, the URL for OpenID logins becomes the URL under your control. Over time, you could change the server that you delegate to while still retaining the identity associated with your URL. In addition, various OpenID server implementations exist for those who wish to fully control their identity and can run their own server.

OpenID implements the authentication by using (but not requiring) strong encryption on the messages that are exchanged between relying parties and identity providers (IdPs). When a user enters a URL into an OpenID login, the relying party makes a GET request to the URL and expects to find some extra OpenID specific markup in the HEAD section. It uses this markup to find the IdP and can negotiate an association between the relying party and IdP, but does not have to. The association is an agreement on cryptographic protocols to use to sign the requests and responses. A relying party can then cache that information to use when contacting that IdP for any other user that might share the server.

After that, the relying party redirects the user to the IdP which allows any IdP specific cookies to be delivered. The IdP may decide to require the user to authenticate with it, but that is outside of the scope of the OpenID specification. As described above, the IdP may also require the user to make a decision about whether to allow the relying party to authenticate them. Once that is complete, the IdP returns the user to the relying party site with an assertion about whether the authentication succeeded or failed.

The most recent OpenID specification adds some additional capabilities. A nonce (a unique identifier) value was added as an option to the success response to thwart replay attacks. Also, support for Yadis discovery was added. Yadis allows relying parties to determine what authentication protocol to use so that sites can transparently support other protocols such as LID.

From a security standpoint, there are a few different attack vectors that are described in the specification. Eavesdropping and man-in-the-middle attacks can be circumvented by using HTTPS (SSL). Unless the IdP is compromised, the identity itself is secure, though it could be spoofed on a particular site using those vectors.

OpenID simply makes the connection between a URL and an identity, it asserts that the two are associated, it does not provide any trust information about the identity. Users of OpenID will still have to prove they are not programs at registration time because nothing in the protocol prevents programs from having identities. It is a starting point, as any kind of trust system must be based on an authenticated identity. A trust layer that uses OpenID identities could provide protection against blog spam and the like. Since OpenID identities can be anonymous, this will allow for anonymous, but authenticated, users; one can verify that the identity wrote a particular message without making a connection to the real life person behind it.

There seems to be a growing number of sites that support OpenID; there is even a bounty for adding support to open source programs. Overall, it seems that OpenID provides a fairly painless route for digital identity management for both users and websites. It is probably worth a look for anyone that might be interested in such a thing.

Comments (18 posted)

New vulnerabilities

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2006-4262
Created:October 2, 2006 Updated:October 23, 2006
Description: Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
Alerts:
Gentoo 200610-08 2006-10-20
Debian DSA-1186-1 2006-09-30

Comments (none posted)

dokuwiki: input validation flaws

Package(s):dokuwiki CVE #(s):
Created:September 29, 2006 Updated:October 4, 2006
Description: Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. A remote attacker could exploit the flaws to execute arbitrary shell commands with the rights of the web server daemon or cause a denial of service.
Alerts:
Gentoo 200609-20 2006-09-28

Comments (none posted)

migrationtools: insecure temporary files

Package(s):migrationtools CVE #(s):CVE-2006-0512
Created:October 2, 2006 Updated:October 4, 2006
Description: Jason Hoover discovered that migrationtools, a collection of scripts to migrate user data to LDAP creates several temporary files insecurely, which might lead to denial of service through a symlink attack.
Alerts:
Debian DSA-1187-1 2006-09-30

Comments (none posted)

mono: symlink vulnerability

Package(s):mono CVE #(s):CVE-2006-5072
Created:October 4, 2006 Updated:December 1, 2006
Description: The mono System.CodeDom.Compiler classes suffer from a temporary file symlink vulnerability which could be used to overwrite files, or, in this case, even inject arbitrary code into a running mono application.
Alerts:
SuSE SUSE-SA:2006:073 2006-12-01
Gentoo 200611-23 2006-11-28
Mandriva MDKSA-2006:188 2006-10-27
Fedora FEDORA-2006-1012 2006-10-06
Ubuntu USN-357-1 2006-10-04

Comments (none posted)

openldap: security bypass

Package(s):openldap CVE #(s):CVE-2006-4600
Created:September 29, 2006 Updated:June 12, 2007
Description: slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
Alerts:
Red Hat RHSA-2007:0430-01 2007-06-11
Red Hat RHSA-2007:0310-02 2007-05-01
Trustix TSLSA-2006-0055 2006-10-06
rPath rPSA-2006-0176-1 2006-09-29
Mandriva MDKSA-2006:171 2006-09-28

Comments (none posted)

openssl: multiple vulnerabilities

Package(s):openssl CVE #(s):CVE-2006-2937 CVE-2006-2940 CVE-2006-3780 CVE-2006-4343 CVE-2006-3738
Created:September 28, 2006 Updated:December 12, 2006
Description: OpenSSL has a number of denial of service vulnerabilities including: two vulnerabilities involving invalid ASN.1 structures, a buffer overflow in the SSL_get_shared_ciphers() function and an SSLv2 client crash that can be caused by a malicious server.
Alerts:
Gentoo 200612-11 2006-12-11
Gentoo 200610-11 2006-10-24
Debian DSA-1195-1 2006-10-10
SuSE SUSE-SR:2006:024 2006-10-06
Ubuntu USN-353-2 2006-10-04
Mandriva MDKSA-2006:178 2006-10-02
Mandriva MDKSA-2006:177 2006-10-02
Mandriva MDKSA-2006:172-1 2006-10-02
Debian DSA-1185-2 2006-10-02
rPath rPSA-2006-0175-2 2006-09-28
Fedora FEDORA-2006-1004 2006-09-28
Trustix TSLSA-2006-0054 2006-09-29
Slackware SSA:2006-272-01 2006-09-29
rPath rPSA-2006-0175-1 2006-09-28
Red Hat RHSA-2006:0695-01 2006-09-28
Mandriva MDKSA-2006:172 2006-09-28
Debian DSA-1185-1 2006-09-28
Ubuntu USN-353-1 2006-09-28
SuSE SUSE-SA:2006:058 2006-09-28
OpenPKG OpenPKG-SA-2006.021 2006-09-28

Comments (none posted)

opera: RSA signature forgery

Package(s):opera CVE #(s):
Created:September 28, 2006 Updated:October 4, 2006
Description: The Opera browser has a problem verifying OpenSSL PKCS #1 v1.5 RSA signatures. An attacker can use this to forge certificates and appear as a valid CA.
Alerts:
Gentoo 200609-18 2006-09-28

Comments (none posted)

xine-lib: code execution

Package(s):xine-lib CVE #(s):CVE-2006-4799
Created:October 4, 2006 Updated:November 21, 2006
Description: The xine-lib package does not properly validate AVI headers, enabling an attacker to run arbitrary code via a specially crafted AVI file.
Alerts:
Debian DSA-1215-1 2006-11-20
Ubuntu USN-358-1 2006-10-04

Comments (none posted)

Updated vulnerabilities

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

bind: denial of service

Package(s):bind CVE #(s):CVE-2006-4095 CVE-2006-4096
Created:September 7, 2006 Updated:February 1, 2007
Description: Bind has two denial of service vulnerabilities.

Recursive servers queries for SIG records will trigger an assertion failure if more than one RR set is returned.

An INSIST failure can be triggered by sending a large number of recursive queries.

Alerts:
Fedora FEDORA-2007-164 2007-01-31
Gentoo 200609-11 2006-09-15
Slackware SSA:2006-257-01 2006-09-15
Fedora FEDORA-2006-966 2006-09-11
Debian DSA-1172-1 2006-09-09
Mandriva MDKSA-2006:163 2006-09-08
rPath rPSA-2006-0166-1 2006-09-08
Ubuntu USN-343-1 2006-09-07
OpenPKG OpenPKG-SA-2006.019 2006-09-07

Comments (none posted)

binutils: buffer overflow

Package(s):binutils CVE #(s):CVE-2005-4807
Created:August 17, 2006 Updated:October 19, 2006
Description: The GNU assembler (gas) in binutils is vulnerable to a buffer overflow. If a user can be tricked into assembling a specially crafted file with gcc or gas, arbitrary code can be executed with the privileges of the user.
Alerts:
Ubuntu USN-366-1 2006-10-18
Ubuntu USN-336-1 2006-08-16

Comments (3 posted)

busybox: insecure password generation

Package(s):busybox CVE #(s):CVE-2006-1058
Created:May 5, 2006 Updated:May 2, 2007
Description: The BusyBox 1.1.1 passwd command does not use a proper salt when generating passwords. This would create an instance where a brute force attack could take very little time.
Alerts:
Red Hat RHSA-2007:0244-02 2007-05-01
Fedora FEDORA-2006-511 2006-05-04
Fedora FEDORA-2006-510 2006-05-04

Comments (2 posted)

bzip2: race condition and infinite loop

Package(s):bzip2 CVE #(s):CAN-2005-0953 CAN-2005-1260
Created:May 17, 2005 Updated:January 10, 2007
Description: A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor.
Alerts:
rPath rPSA-2007-0004-1 2007-01-09
Debian DSA-741-1 2005-07-07
Red Hat RHSA-2005:474-01 2005-06-16
OpenPKG OpenPKG-SA-2005.008 2005-06-10
SuSE SUSE-SR:2005:015 2005-06-07
Debian DSA-730-1 2005-05-27
Mandriva MDKSA-2005:091 2005-05-18
Ubuntu USN-127-1 2005-05-17

Comments (2 posted)

capi4hylafax: missing input sanitizing

Package(s):capi4hylafax CVE #(s):CVE-2006-3126
Created:September 1, 2006 Updated:October 18, 2006
Description: Lionel Elie Mamane discovered a security vulnerability in capi4hylafax, tools for faxing over a CAPI 2.0 device, that allows remote attackers to execute arbitrary commands on the fax receiving system.
Alerts:
Gentoo 200610-05 2006-10-17
Debian DSA-1165-1 2006-09-01

Comments (none posted)

cheesetracker: buffer overflow

Package(s):cheesetracker CVE #(s):CVE-2006-3814
Created:September 4, 2006 Updated:October 27, 2006
Description: Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitrary code.
Alerts:
Gentoo 200610-13 2006-10-26
Debian DSA-1166-2 2006-10-13
Debian DSA-1166-1 2006-09-03

Comments (1 posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:May 8, 2007
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Package(s):cyrus-sasl CVE #(s):CVE-2006-1721
Created:April 21, 2006 Updated:September 4, 2007
Description: Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
Alerts:
Red Hat RHSA-2007:0878-01 2007-09-04
Red Hat RHSA-2007:0795-01 2007-09-04
SuSE SUSE-SA:2006:025 2006-05-05
Fedora FEDORA-2006-515 2006-05-04
Debian DSA-1042-1 2006-04-25
Mandriva MDKSA-2006:073 2006-04-24
Ubuntu USN-272-1 2006-04-24
Gentoo 200604-09 2006-04-21

Comments (none posted)

ffmpeg: buffer overflows

Package(s):ffmpeg CVE #(s):CVE-2006-4799 CVE-2006-4800
Created:September 14, 2006 Updated:May 28, 2007
Description: the AVI processing code in FFmpeg has a number of buffer overflow vulnerabilities. If an attacker can trick a user into loading a specially crafted crafted AVI, arbitrary code can be executed with the user's privileges.
Alerts:
Gentoo 200609-09 2006-09-13

Comments (2 posted)

flash-plugin: arbitrary code execution

Package(s):flash-plugin CVE #(s):CVE-2006-3311 CVE-2006-3587 CVE-2006-3588
Created:September 13, 2006 Updated:October 5, 2006
Description: Security issues were discovered in the Adobe Flash Player. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious Adobe Flash file.
Alerts:
Gentoo 200610-02 2006-10-04
SuSE SUSE-SA:2006:053 2006-09-21
Red Hat RHSA-2006:0674-01 2006-09-12

Comments (none posted)

freeradius: several vulnerabilities

Package(s):freeradius CVE #(s):CVE-2005-4745 CVE-2005-4746
Created:August 8, 2006 Updated:April 24, 2007
Description: Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.
Alerts:
Mandriva MDKSA-2007:092 2007-04-23
Debian DSA-1145-1 2006-08-08

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:October 10, 2007
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gdb: buffer overflow

Package(s):gdb CVE #(s):CVE-2006-4146
Created:September 15, 2006 Updated:June 12, 2007
Description: A buffer overflow in dwarfread.c and dwarf2read.c debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
Alerts:
Red Hat RHSA-2007:0469-01 2007-06-11
Red Hat RHSA-2007:0229-02 2007-05-01
Ubuntu USN-356-1 2006-10-02
Fedora FEDORA-2006-975 2006-09-14

Comments (none posted)

gdm: improper file permissions

Package(s):gdm CVE #(s):CVE-2006-1057
Created:April 19, 2006 Updated:May 2, 2007
Description: The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem.
Alerts:
Red Hat RHSA-2007:0286-02 2007-05-01
Mandriva MDKSA-2006:083 2006-05-09
Ubuntu USN-278-1 2006-05-03
Debian DSA-1040-1 2006-04-24
Fedora FEDORA-2006-338 2006-04-19

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:June 1, 2007
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

gzip: arbitrary command execution

Package(s):gzip CVE #(s):CAN-2005-0758
Created:August 1, 2005 Updated:January 9, 2007
Description: zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if zgrep is run in an untrusted directory with specially crafted file names.
Alerts:
OpenPKG OpenPKG-SA-2007.002 2007-01-08
Mandriva MDKSA-2006:027 2006-01-30
Mandriva MDKSA-2006:026 2006-01-30
Fedora-Legacy FLSA:158801 2005-11-14
Fedora-Legacy FLSA:157696 2005-08-10
Ubuntu USN-161-1 2005-08-04
Ubuntu USN-158-1 2005-08-01

Comments (2 posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:November 27, 2006
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:December 3, 2007
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service by memory consumption

Package(s):kernel CVE #(s):CVE-2006-2936
Created:July 17, 2006 Updated:November 14, 2007
Description: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the driver can handle, which causes the data to be queued.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Mandriva MDKSA-2006:151 2006-08-25
Mandriva MDKSA-2006:150 2006-08-25
Ubuntu USN-331-1 2006-08-03
rPath rPSA-2006-0130-1 2006-07-17

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-2935 CVE-2006-4145 CVE-2006-3745
Created:September 1, 2006 Updated:July 30, 2008
Description: Previous versions of the kernel package are subject to several vulnerabilities. Certain malformed UDF filesystems can cause the system to crash (denial of service). Malformed CDROM firmware or USB storage devices (such as USB keys) could cause system crash (denial of service), and if they were intentionally malformed, can cause arbitrary code to run with elevated privileges. In addition, the SCTP protocol is subject to a remote system crash (denial of service) attack.
Alerts:
Red Hat RHSA-2008:0665-01 2008-07-24
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2006:064 2006-11-10
Red Hat RHSA-2006:0710-01 2006-10-19
SuSE SUSE-SA:2006:057 2006-09-28
Trustix TSLSA-2006-0051 2006-09-15
Ubuntu USN-346-2 2006-09-14
Ubuntu USN-346-1 2006-09-14
rPath rPSA-2006-0162-1 2006-08-31

Comments (none posted)

libgadu: memory alignment bug

Package(s):libgadu CVE #(s):CAN-2005-2370
Created:July 29, 2005 Updated:June 25, 2007
Description: Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.
Alerts:
Debian DSA-813-1 2005-09-15
Red Hat RHSA-2005:627-01 2005-08-09
Debian DSA-769-1 2005-07-29

Comments (none posted)

libgd2: denial of service

Package(s):libgd2 CVE #(s):CVE-2006-2906
Created:June 14, 2006 Updated:January 16, 2007
Description: Certain GIF images can cause libgd2 to go into an infinite loop, adversely affecting the performance of image processing applications.
Alerts:
rPath rPSA-2007-0008-1 2007-01-15
Debian DSA-1117-1 2006-07-21
Mandriva MDKSA-2006:113 2006-06-27
Mandriva MDKSA-2006:112 2006-06-27
Ubuntu USN-298-1 2006-06-13

Comments (none posted)

libmms: buffer overflows

Package(s):libmms CVE #(s):CVE-2006-2200
Created:July 6, 2006 Updated:December 25, 2006
Description: Several buffer overflows were found in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could overwrite an arbitrary memory portion with zeros, thereby crashing the program.
Alerts:
Slackware SSA:2006-357-05 2006-12-25
Gentoo 200607-07 2006-07-20
Mandriva MDKSA-2006:121 2006-07-12
Mandriva MDKSA-2006:117-1 2006-07-12
Ubuntu USN-315-1 2006-07-12
Mandriva MDKSA-2006:117 2006-07-06
Ubuntu USN-309-1 2006-07-05

Comments (none posted)

libmusicbrainz: buffer overflows

Package(s):libmusicbrainz-2.0 CVE #(s):CVE-2006-4197
Created:August 30, 2006 Updated:October 23, 2006
Description: Several buffer overflows have been discovered in the libmusicbrainz CD index library.
Alerts:
Gentoo 200610-09 2006-10-22
Ubuntu USN-363-1 2006-10-11
Mandriva MDKSA-2006:157-1 2006-09-28
rPath rPSA-2006-0161-1 2006-08-30
Mandriva MDKSA-2006:157 2006-08-30
Debian DSA-1162-1 2006-08-30

Comments (none posted)

libpam-ldap: authentication bypass

Package(s):libpam-ldap CVE #(s):CAN-2005-2641
Created:August 25, 2005 Updated:October 6, 2006
Description: libpam-ldap, the PAM LDAP interface, has a vulnerability in which it fails to authenticate with an LDAP server which is not configured properly, allowing an authentication bypass.
Alerts:
rPath rPSA-2006-0183-1 2006-10-05
Mandriva MDKSA-2005:190 2005-10-20
Gentoo 200508-22 2005-08-31
Debian DSA-785-1 2005-08-25

Comments (none posted)

libpng: buffer overflow

Package(s):libpng CVE #(s):CVE-2006-3334
Created:July 19, 2006 Updated:November 17, 2006
Description: In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:
Mandriva MDKSA-2006:213 2006-11-16
rPath rPSA-2006-0133-1 2006-07-19
Gentoo 200607-06 2006-07-19

Comments (none posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
Fedora FEDORA-2006-952 2006-09-05
SuSE SUSE-SA:2006:044 2006-08-01
Gentoo 200607-03 2006-07-09
SuSE SUSE-SR:2006:014 2006-06-20
Trustix TSLSA-2006-0036 2006-06-16
Mandriva MDKSA-2006:102 2006-06-14
Red Hat RHSA-2008:0848-01 2008-08-28
CentOS CESA-2008:0848 2008-08-30

Comments (none posted)

libvncserver: authentication bypass

Package(s):libvncserver CVE #(s):CVE-2006-2450
Created:August 4, 2006 Updated:March 19, 2007
Description: LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the server.
Alerts:
Gentoo 200703-19 2007-03-18
Gentoo 200608-12 2006-08-07
Gentoo 200608-05 2006-08-04

Comments (none posted)

libwmf: integer overflow

Package(s):libwmf CVE #(s):CVE-2006-3376
Created:July 13, 2006 Updated:November 6, 2006
Description: libwmf, a library that is used for processing Windows MetaFile vector graphics files, has an integer overflow vulnerability.
Alerts:
OpenPKG OpenPKG-SA-2006.031 2006-11-06
Debian DSA-1194-1 2006-10-09
Gentoo 200608-17 2006-08-10
Ubuntu USN-333-1 2006-08-09
Mandriva MDKSA-2006:132 2006-07-28
Fedora FEDORA-2006-831 2006-07-18
Fedora FEDORA-2006-832 2006-07-18
Fedora FEDORA-2006-805 2006-07-12
Fedora FEDORA-2006-804 2006-07-12

Comments (none posted)

mailman: several vulnerabilities

Package(s):mailman CVE #(s):CVE-2006-2941 CVE-2006-3636
Created:September 8, 2006 Updated:October 23, 2006
Description: A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941)

Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636)

Alerts:
Fedora FEDORA-2006-1013 2006-10-23
Debian DSA-1188-1 2006-10-04
Gentoo 200609-12 2006-09-19
Mandriva MDKSA-2006:165 2006-09-18
Ubuntu USN-345-1 2006-09-13
rPath rPSA-2006-0165-1 2006-09-08
Red Hat RHSA-2006:0600-01 2006-09-06

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):mozilla firefox thunderbird CVE #(s):CVE-2006-4565 CVE-2006-4566 CVE-2006-4571 CVE-2006-4253 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569
Created:September 15, 2006 Updated:November 14, 2006
Description: Two flaws were found in the way Firefox/Thunderbird processed certain regular expressions. A malicious web page/HTML email could crash the browser or possibly execute arbitrary code as the user running Firefox/Thunderbird. (CVE-2006-4565, CVE-2006-4566)

A number of flaws were found in Firefox/Thunderbird. A malicious web page/HTML email could crash the browser or possibly execute arbitrary code as the user running Firefox/Thunderbird. (CVE-2006-4571)

A flaw was found in the handling of JavaScript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox/Thunderbird. (CVE-2006-4253)

A flaw was found in the Firefox/Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate. (CVE-2006-4567)

Firefox did not properly prevent a frame in one domain from injecting content into a sub-frame that belongs to another domain, which facilitates website spoofing and other attacks (CVE-2006-4568)

Firefox did not load manually opened, blocked popups in the right domain context, which could lead to cross-site scripting attacks. In order to exploit this issue an attacker would need to find a site which would frame their malicious page and convince the user to manually open a blocked popup. (CVE-2006-4569)

Alerts:
Debian DSA-1210-1 2006-11-14
Gentoo 200610-04 2006-10-16
Ubuntu USN-361-1 2006-10-10
Debian DSA-1192-1 2006-10-06
Gentoo 200610-01 2006-10-04
Debian DSA-1191-1 2006-10-05
Ubuntu USN-354-1 2006-10-02
Gentoo 200609-19 2006-09-28
Mandriva MDKSA-2006:169 2006-09-22
Ubuntu USN-352-1 2006-09-25
Ubuntu USN-351-1 2006-09-22
SuSE SUSE-SA:2006:054 2006-09-22
Ubuntu USN-350-1 2006-09-21
Mandriva MDKSA-2006:168 2006-09-20
Red Hat RHSA-2006:0677-01 2006-09-15
Red Hat RHSA-2006:0676-01 2006-09-15
Red Hat RHSA-2006:0675-01 2006-09-15
rPath rPSA-2006-0169-1 2006-09-15
Slackware SSA:2006-257-03 2006-09-15
Fedora FEDORA-2006-977 2006-09-14
Fedora FEDORA-2006-976 2006-09-14

Comments (none posted)

mutt: IMAP namespace buffer overflow

Package(s):mutt CVE #(s):CVE-2006-3242
Created:June 28, 2006 Updated:October 24, 2006
Description: TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user. See this Secunia advisory for more information.
Alerts:
Fedora FEDORA-2006-1061 2006-10-24
Slackware SSA:2006-207-01 2006-07-27
OpenPKG OpenPKG-SA-2006.013 2006-07-15
SuSE SUSE-SR:2006:016 2006-07-14
Red Hat RHSA-2006:0577-01 2006-07-12
Debian DSA-1108-1 2006-07-11
Fedora FEDORA-2006-761 2006-06-29
Fedora FEDORA-2006-760 2006-06-29
Trustix TSLSA-2006-0038 2006-06-30</