LWN.net Logo

LWN.net Weekly Edition for March 13, 2008

Emacs chooses Bazaar

By Jake Edge
March 12, 2008

The Emacs development process is undergoing some changes; Richard Stallman has handed off project maintenance duties, while a change in the version control system (VCS) seems to be in the offing. Some of the modernization suggestions made by Eric Raymond last December are taking root. Stallman has not completely stepped away from Emacs development—it's doubtful anyone expected him to—but his approach on how to choose a VCS for Emacs is raising a few eyebrows.

Currently, Emacs is tracked with CVS, but a distributed VCS (DVCS) is definitely planned down the road—how far is unclear at this point. In earlier discussions, Stallman was particularly interested in the offline capabilities of DVCS; being able to do commits, diffs, and see revision history while unconnected to the internet is a useful feature for him. Many other Emacs developers see a DVCS as a major upgrade to the development process, the question then becomes which DVCS to use.

The main contenders are git, Mercurial (aka hg), or Bazaar (aka bzr); there are other options, of course, but they were quickly eliminated due to speed or feature set issues. There was some hope that a comparative VCS study that Raymond was working on would help lead the project to the proper choice, but the study has been delayed—a major release of Wesnoth is underway which has taken Raymond from that task.

There were some discussions of the merits of the various systems but, in the meantime, Bazaar joined the GNU project which changed the equation somewhat. Stallman announced:

We should use Bzr because that is becoming a GNU package. GNU packages should show loyalty to each other when possible, and in this case it is possible.

As might be expected, short-circuiting a technical discussion for a political expedient is not met with universal approval. Juanma Barranquero sums up his (and others') objections:

What I'm trying to say is: I won't discuss which dVCS we choose (unless it makes Windows development a PITA). But I agree with Jeremy Maitin-Shepard that the cause of free software is strengthened by us selecting among the free alternatives the one that best serves our technical, not political, needs.

There is a certain irony in noting that one of the perceived weaknesses of git was its poor support for Windows development. It is certainly understandable, but the idea that one of the flagship GNU projects would make a decision based on tool availability for a proprietary operating system gives one pause. That isn't one of Stallman's requirements of course, he sees the decision as essentially a choice amongst equals:

We already know the most important thing about what we will find from a careful study of git, mercurial and Bzr. We will find that each has its advantages and disadvantages -- but none of them conclusive. Each will be preferred by some people, but any one of them would work out well enough.

As Thomas Lord (author of another GNU VCS, arch), points out, there is a cost to agonizing over a choice like this:

Probably so but any group of smart people could easily spend a year arguing about it. Not even a year arguing about which system is best but a year arguing just about what "best" means in this context.

Over-optimizing a choice like that can be a *huge* resource suck and projects and groups fail all the time because of falling into such traps.

No technical barriers to using Bazaar have been raised, it is, as Stallman asserts, a fairly arbitrary choice. Unsurprisingly, Stallman chooses the one that serves his agenda. The new maintainers, Stefan Monnier and Chong Yidong, presumably agree with that agenda, in any case they have not indicated any resistance to the choice.

So it seems that Emacs will be moving to Bazaar. Jason Earl has been pulling the CVS history into a Bazaar repository that should be available soon. The import process seems to be taking a fair amount of time—something on the order of a week—which is hopefully not indicative of the operational speed of Bazaar. Assuming the conversion works and developers can get their work done using it, this would be a pretty high-profile project to use it. Other GNU software may follow suit, which could be a big boost to the visibility of Bazaar; precisely what Stallman was aiming for.

Comments (45 posted)

Some topics related to MP3 players

By Jonathan Corbet
March 12, 2008
In many parts of the world, the U.S. is looked upon as a place with particularly poor taste in "intellectual property" legislation; the DMCA and software patents are often held up as examples. DMCA-like laws have since spread to other parts of the planet, which, for some reason, has not made people living there any more appreciative of the American legal regime. But it is often pointed out that software patents remain an almost entirely American problem; people in other parts of the world (Europe, say) need not worry about them.

If only it were so. On March 5, German police raided a booth at the CeBit conference in Hannover. That booth, run by Meizu, contained an iPhone-clone product, but nobody cared about that. Instead, the contraband which absolutely had to be suppressed was a music player for which Sisvel (an Italian company which has done this kind of thing before) had not been paid royalties on its MP3 patents. The player, as it happens, did not even have MP3 playback capability, but that didn't seem to matter. The police duly cleared the booth of all mention of the offending device and saved another day for free enterprise.

This is a pure software patent action, and the U.S. has no part in it. Software patents are truly a global problem. (Police raids raise the stakes in interesting way, though; even in the U.S., things usually start with a polite letter from a lawyer first). Anybody who wonders why companies like Red Hat exercise great care around software patents (and MP3 patents in particular) need only look at episodes like this. The selling of enterprise Linux products is likely to be distinctly harder if your prospective customers see your conference booth being forcibly shut down by the authorities.

Meanwhile, it occurred to your editor, while thinking about music players, that little has been said about the Rockbox project on LWN in recent times. Rockbox, remember, is a GPL-licensed firmware which runs on a wide variety of music players. It offers a wider range of features, has more codecs, is more customizable, and has better accessibility support than the stock firmware on any of these devices. And it's free software.

Since LWN last looked at this project, the Rockbox developers have added a number of new features and new platforms. The abandoned 3.0 release has never happened; the Rockbox developers appear to have given up on the idea of formal releases for now. The daily snapshots generally work quite well, though, and there are lots of satisfied Rockbox users out there.

Despite the fact that Rockbox supports a lot of players, absolutely none of the supported platforms are currently in production. So anybody looking to buy a player which can run Rockbox must go digging around on auction sites. The only problem is: it's not clear how many more such users may arrive in the future. Despite the fact that Rockbox supports a lot of players, absolutely none of the supported platforms are currently in production. So anybody looking to buy a player which can run Rockbox must go digging around on auction sites. Many Rockbox users do exactly that, but many more potential users would rather not get their devices that way.

Rockbox ports to current devices are underway, but the developers are fighting an uphill battle. Manufacturers tend to be uncooperative when it comes to releasing hardware information, so a certain amount of reverse engineering is required. And, by the time that work is done, the manufacturers have moved on to a new product. Music players are consumer electronics devices, and, like most such devices, their product lifetime tends to be quite short. So developers on a project like Rockbox will forever be trying to catch up.

Your editor, meanwhile, still lugs around his ancient iRiver H340. People look at it strangely, as if they expect there to be a hatch on the back so that the user can occasionally add another shovel full of coal. But it works beautifully with Rockbox, and a replacement looks hard to find. Your editor wishes that at least one manufacturer would realize that it could provide better functionality at a lower cost by designing its players to run Rockbox from the beginning. Perhaps the project needs better advocacy within the player industry.

There is another approach which could be considered here. The OpenMoko project is trying to rearrange the mobile telephone market by offering a completely open product. Surely a music player, being a much simpler device, would be amenable to the same treatment? As it turns out, there are a couple groups of people trying to jump start just this kind of effort. They have a prototype design, and a competing design as well. Both look like they could produce a respectable player at a reasonable cost - a player designed to run free software from the outset.

Designing a device which can run Rockbox and produce decent audio (and video) output is not that hard, given the components which are available. Turning it into a product which is small and sleek enough that people want to buy it seems likely to be harder. Getting a full device manufactured at a reasonable cost may be the hardest of all; that requires significant up-front money and a distribution channel which can sell enough units to make the whole thing cost-effective. There's also the little issue of those MP3 patents to take care of.

There is no real sign that the Rockbox player developers are thinking on this level at this time. One of the prototype designs carries a Creative Commons noncommercial license in an attempt to prevent others from thinking that way. So the resulting hardware may end up being little more than a kit for especially dedicated hobbyists. Unless somebody picks up the ball and tries to commercialize a product like this, Rockbox may be stuck in its role as the software of choice for last year's players. The good news in all this is that Linux-based tablet devices seem likely to become cheaper, more abundant, and more compact. Since these devices can make fine media players, we may eventually get our completely open gadget via that path. Modulo patent problems, of course.

Comments (23 posted)

Still waiting for Flash

By Jonathan Corbet
March 11, 2008
Those of us who were using Linux full-time around the turn of the century will remember that the state of web browsing on Linux was a little scary then. The only real option available was the binary-only Netscape 4 client; it was buggy and old. It really seemed like the web was going to move forward without Linux, and that there was not a whole lot we could do about it.

Things have improved somewhat on that front; we now have a few top-quality web browsers to choose between. At the same time, though, one might be forgiven for thinking that we are heading back into a similar situation, but involving Flash this time around. For all practical purposes, there is only one viable option for Flash on Linux: the binary-only plugin provided by Adobe. But that plugin is not just proprietary software; it also is somewhat old and buggy, and there is nothing we can do to fix it. For an increasing part of the web experience, we still have a second-rate, proprietary platform.

When one thinks of Flash, naturally, one thinks of video sites like YouTube. But there is more to the Flash experience than silly videos and obnoxious advertising. Some parts of Google are heavily into flash, as can be seen from that company's finance sites or analytics offerings. Your editor's children will attest that there's no end of game sites which require Flash, and for which the Linux plugin fails to work properly. Looking for any way to reduce the total amount of time spent in airplane seats, your editor recently investigated "around the world" tickets; that search ended up at this travel planning site which, of course, requires Flash. And so on. Like it or not, Flash is the language in which an increasing number of interactive sites are being coded, and Linux does not have proper support for it.

With this in mind, your editor decided to give the recently-announced Gnash 0.8.2 release a try. This release was billed as the first beta version of Gnash, so there was reason to hope that it would be something close to a true solution to the Flash problem. In reality, Gnash is a step in the right direction, but the Flash issue will be with us for some time yet.

For now, the acid test for a Flash player would appear to be YouTube, so that is the first place your editor went. The experience there was mixed. It is, in fact, possible to watch YouTube videos using the Gnash Firefox plugin. Hearing them is another matter, though; they all played silently. It would not be surprising to learn that getting audio is a matter of filling in a missing codec - but would sure be nice if the software were to say something to that effect. Pausing and playing the video worked, but skipping around in it did not. Playing videos from other sites was uniformly unsuccessful.

The "around the world" calculator appeared to load properly, but then took off as if somebody were punching all of its buttons at once. Charts on Google sites are uniformly blank. Some flash games mostly worked, others showed more input-related confusion. Few of them were truly playable. On the other hand, Flash "intros" and advertisements mostly work as intended - just what your editor wanted.

So Gnash is not really there yet. In truth, this software is not in a condition where the use of the term "beta" makes sense; there is a lot of work yet to be done. There are few of us clamoring for support for more obnoxious advertising - especially among the LWN readership, as your plentiful emails over the last couple of months have made clear. What we want is working support for the useful Flash applications out there - and there are a few of those at this point. Gnash does not, currently, provide that support. (Your editor also tried out Swfdec 0.6.0, with generally worse results).

That said, it is clear that a lot of work has been done to get Gnash to this point. Your editor has no real way to judge how much more is required to get full support for even Flash version 7; chances are it is not a small job. Needless to say, support for newer versions of Flash will require even more work. But there now appears to be a solid platform upon which that work can be done, and that is an important start. Gnash has the look of a project which has overcome some of the biggest initial hurdles and is now setting a pace to finish the job. With luck, it will have reached the point where the fact that it almost works will inspire new developers to come in and fill in the remaining pieces.

Adobe has the ability to make this job a lot easier. Your editor has heard, informally, that the company has taken a less hostile position toward the Gnash developers than it had in the past, but it certainly is still not helping them. The Flash specifications are not available to anybody trying to create a Flash player, and, unsurprisingly, the Flash EULA forbids any sort of reverse engineering. That EULA, incidentally, also forbids running Adobe's player on any "non-PC device," including tablets and phones. That restriction suggests that Adobe sees business opportunities in the lack of a free Flash player for such systems and intends to ensure that this scarcity continues. So, despite the occasionally friendly noises Adobe has been making toward the Linux community, we should not expect a great deal of help from that direction.

Someday, people will figure out that closed standards (like Flash) are best avoided. Meanwhile, Flash is a fact of life that we will need to deal with. It appears that we are getting closer to being able to deal with it - but we are not there yet.

Comments (49 posted)

Page editor: Jonathan Corbet

Security

Extended Validation certificates and cross-site scripting

By Jake Edge
March 12, 2008

Cross-site scripting (XSS) is a frequent topic on security forums because it is a common web application flaw that can lead to variety of unpleasant surprises. One of the more frequently seen abuses of an XSS flaw is in the aid of a phishing attack. With the advent of Extended Validation (EV) certificates coupled with the accompanying browser UI changes, some XSS attacks will become much more powerful.

By now, most users are familiar with SSL certificates, which are used to authenticate one or both sides of an HTTPS connection to the other. EV certificates are a step up from a more pedestrian SSL certificate as the recipient must undergo more scrutiny from the certificate authority (CA) before being granted one. We covered EV certificates in more detail in November 2006, but they are just now starting to be installed more widely.

Netcraft reported the problem a few weeks ago with regard to sourceforge.net. Sourceforge is one of the 4,000 or so sites with an EV certificate, but it also has an XSS problem. So anyone using the site for XSS purposes now gets the benefit of the higher trust that is supposed to be embodied in an EV certificate.

Browser vendors are being encouraged to highlight the EV certificates in their UI so as to give users more confidence in those sites. The most recent Firefox 3 betas as well as IE7 are highlighting the site name in green in the address bar to denote this higher trust. Unfortunately, the extra validation does not extend to testing the site for XSS flaws, which could leave users easily fooled.

A phishing attack could use an XSS flaw in a search box or error message, for example, to add content to the appearance of a site. That content is really coming from the XSS attack but it would appear under the "green means go" address bar for the EV certificate-protected site. That content could include a login screen that sent the credentials elsewhere or a cookie stealing attack for session hijacking. For any site with sensitive information, XSS attacks are already a problem, EV certificates just add another mechanism for exploiting the user's trust.

Much like the padlock icon that appeared many years ago to denote a "secure" (really, just encrypted) connection, this new green address bar indicator is somewhat difficult to explain. Based on the vetting process for EV certificates, there should be a real entity behind an EV certificate—or at least there was one at the time of issuance—but it is by no means an endorsement of the security of everything on a web page that has one. It is, like the original padlock, more nuanced than that.

Unfortunately, users are not good at security nuances. They want yes or no answers to "Is this site safe?"; that answer is nearly always "maybe" or perhaps "probably". At one time, the padlock icon was seen as a "yes" answer; now the green address bar may take its place. Somehow users need to be taught to look beyond simple answers and websites need to clean up their act so that their users are not scammed.

The number of sites with XSS problems is staggering (a look at xssed.com is instructive) and new ones crop up all the time. In many ways, XSS is an attack against users rather than directly against a site. This may make it less of a priority to fix than a direct attack, like a SQL injection, might be. That is very unfortunate for their users, especially if they have a shiny new EV certificate.

Comments (10 posted)

Removing the updated vulnerability listings

The LWN Security page has lots of useful information, but sometimes it seems to stretch on for a long ways. A lot of that length is contained in the "Updated vulnerabilities" section and we are starting to wonder if that really adds that much to the page. It is collected automatically from our daily security updates, so removing it won't help us kick out the weekly edition any faster, but it might make reading the page, especially in the "one big page" format, somewhat easier. If we removed that section, the information will still appear in the daily summaries, of course, and be available by searching our database. Before we do that, though, we'd like to hear from our readers regarding their thoughts on the matter. Please comment if you have thoughts one way or the other.

Comments (46 posted)

New vulnerabilities

java: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2008-1185 CVE-2008-1186 CVE-2008-1187 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196
Created:March 7, 2008 Updated:July 16, 2008
Description: From the Red Hat advisory:

Flaws in the JRE allowed an untrusted application or applet to elevate its privileges. This could be exploited by a remote attacker to access local files or execute local applications accessible to the user running the JRE (CVE-2008-1185, CVE-2008-1186)

A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). An untrusted JNLP application could access local files or execute local applications accessible to the user running the JRE. (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)

A flaw was found in the Java Plug-in. A remote attacker could bypass the same origin policy, executing arbitrary code with the permissions of the user running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possible execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193)

A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local network connections by the use of Java APIs. A remote attacker could use these flaws to acesss local network services. (CVE-2008-1195)

Alerts:
Red Hat RHSA-2008:0555-01 2008-07-14
Red Hat RHSA-2008:0267-01 2008-05-19
Red Hat RHSA-2008:0244-01 2008-04-28
Red Hat RHSA-2008:0243-01 2008-04-28
rPath rPSA-2008-0128-2 2008-03-27
Red Hat RHSA-2008:0245-01 2008-04-28
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
SuSE SUSE-SA:2008:019 2008-04-04
Red Hat RHSA-2008:0210-01 2008-04-03
SuSE SUSE-SA:2008:018 2008-04-02
Mandriva MDVSA-2008:080 2007-03-28
rPath rPSA-2008-0128-1 2008-03-27
Ubuntu USN-592-1 2008-03-26
Red Hat RHSA-2008:0186-01 2008-03-06

Comments (none posted)

joomla: multiple vulnerabilities

Package(s):joomla CVE #(s):CVE-2007-6642 CVE-2007-6643 CVE-2007-6644 CVE-2007-6645
Created:March 6, 2008 Updated:March 12, 2008
Description: The Joomla PHP-based content management system has the following vulnerabilities: There are multiple cross-site request forgery vulnerabilities. There is one cross-site scripting vulnerability. There is a vulnerability where remote authenticated administrators can promote arbitrary users to the administrator group, violating the intended security model. There is a registered user privilege escalation vulnerability.
Alerts:
Mandriva MDVSA-2008:060 2007-03-05

Comments (none posted)

kronolith: privilege escalation and more?

Package(s):kronolith CVE #(s):
Created:March 10, 2008 Updated:March 12, 2008
Description:

The Fedora advisory is light on details:

Fix privilege escalation in Horde API. Fix missing ownership validation on share changes.

Alerts:
Fedora FEDORA-2008-2221 2008-03-07
Fedora FEDORA-2008-2212 2008-03-06

Comments (none posted)

libnet-dns-perl: denial of service

Package(s):libnet-dns-perl CVE #(s):CVE-2007-6341 CVE-2007-3409
Created:March 12, 2008 Updated:March 27, 2008
Description: The libnet-dns-perl package can crash when decoding malformed A records, creating a denial of service vulnerability. Also, the domain name expander can be sent into an infinite loop, also a denial of service problem.
Alerts:
Ubuntu USN-594-1 2008-03-26
Mandriva MDVSA-2008:073 2007-03-20
Debian DSA-1515-1 2008-03-11

Comments (none posted)

lighttpd: cgi source disclosure

Package(s):lighttpd CVE #(s):CVE-2008-1111
Created:March 7, 2008 Updated:April 4, 2008
Description: lighttpd before 1.4.18 is vulnerable to cgi source disclosure.
Alerts:
SuSE SUSE-SR:2008:008 2008-04-04
Fedora FEDORA-2008-2262 2008-03-06
rPath rPSA-2008-0106-1 2008-03-12
Debian DSA-1513-1 2008-03-06
Fedora FEDORA-2008-2278 2008-03-06

Comments (none posted)

MediaWiki: cross-site scripting

Package(s):mediawiki CVE #(s):CVE-2008-0460
Created:March 7, 2008 Updated:December 24, 2008
Description: From the CVE entry: Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Alerts:
Fedora FEDORA-2008-11688 2008-12-24
Fedora FEDORA-2008-2288 2008-03-06
Fedora FEDORA-2008-2245 2008-03-06

Comments (none posted)

moin: multiple vulnerabilities

Package(s):moin CVE #(s):CVE-2007-2637 CVE-2008-0782 CVE-2008-1098 CVE-2008-1099
Created:March 10, 2008 Updated:January 30, 2009
Description:

From the Debian advisory:

CVE-2007-2637: Access control lists for calendars and includes were insufficiently enforced, which could lead to information disclosure.

CVE-2008-0782: A directory traversal vulnerability in cookie handling could lead to local denial of service by overwriting files.

CVE-2008-1098: Cross-site-scripting vulnerabilities have been discovered in the GUI editor formatter and the code to delete pages.

CVE-2008-1099: The macro code validates access control lists insufficiently, which could lead to information disclosure.

Alerts:
Ubuntu USN-716-1 2009-01-30
Fedora FEDORA-2008-3328 2008-04-29
Fedora FEDORA-2008-3301 2008-04-29
Gentoo 200803-27 2008-03-18
Debian DSA-1514-1 2008-03-09

Comments (none posted)

nx: multiple vulnerabilites

Package(s):nx CVE #(s):
Created:March 7, 2008 Updated:March 12, 2008
Description: There are multiple vulnerabilities in nx before 3.1.0.
Alerts:
Fedora FEDORA-2008-2258 2008-03-06

Comments (none posted)

pdflib: multiple buffer overflows

Package(s):pdflib CVE #(s):CVE-2007-6561
Created:March 11, 2008 Updated:March 12, 2008
Description: From the CVE entry: Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
Alerts:
Gentoo 200803-17 2008-03-10

Comments (none posted)

phpmyadmin: sql injection

Package(s):phpmyadmin CVE #(s):CVE-2008-1149
Created:March 10, 2008 Updated:February 2, 2009
Description:

From the Gentoo advisory:

Richard Cunningham reported that phpMyAdmin uses the $_REQUEST variable of $_GET and $_POST as a source for its parameters.

An attacker could entice a user to visit a malicious web application that sets an "sql_query" cookie and is hosted on the same domain as phpMyAdmin, and thereby conduct SQL injection attacks with the privileges of the user authenticating in phpMyAdmin afterwards.

Alerts:
SuSE SUSE-SR:2008:026 2008-11-24
SuSE SUSE-SR:2009:003 2009-02-02
Mandriva MDVSA-2008:131 2008-07-04
Debian DSA-1557-1 2008-04-24
Gentoo 200803-15 2008-03-09

Comments (none posted)

SynCE: several vulnerabilities

Package(s):synce-sync-engine CVE #(s):CVE-2007-6703 CVE-2008-1136
Created:March 7, 2008 Updated:March 12, 2008
Description: Red Hat bug #436023: "Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors."

Red Hat bug #436024: "The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679."

Alerts:
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06
Fedora FEDORA-2008-0680 2008-03-06

Comments (none posted)

vlc: multiple vulnerabilities

Package(s):vlc CVE #(s):CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2007-6684 CVE-2008-0295 CVE-2008-0296 CVE-2008-0984
Created:March 10, 2008 Updated:April 23, 2008
Description:

From the Gentoo advisory:

* Michal Luczaj and Luigi Auriemma reported that VLC contains boundary errors when handling subtitles in the ParseMicroDvd(), ParseSSA(), and ParseVplayer() functions in the modules/demux/subtitle.c file, allowing for a stack-based buffer overflow (CVE-2007-6681).

* The web interface listening on port 8080/tcp contains a format string error in the httpd_FileCallBack() function in the network/httpd.c file (CVE-2007-6682).

* The browser plugin possibly contains an argument injection vulnerability (CVE-2007-6683).

* The RSTP module triggers a NULL pointer dereference when processing a request without a "Transport" parameter (CVE-2007-6684).

* Luigi Auriemma and Remi Denis-Courmont found a boundary error in the modules/access/rtsp/real_sdpplin.c file when processing SDP data for RTSP sessions (CVE-2008-0295) and a vulnerability in the libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a heap-based buffer overflow.

* Felipe Manzano and Anibal Sacco (Core Security Technologies) discovered an arbitrary memory overwrite vulnerability in VLC's MPEG-4 file format parser (CVE-2008-0984).

Alerts:
Debian DSA-1543-1 2008-04-09
Gentoo 200803-13 2008-03-07

Comments (none posted)

vobcopy: insecure temp file

Package(s):vobcopy CVE #(s):CVE-2007-5718
Created:March 6, 2008 Updated:March 12, 2008
Description: From the Gentoo alert: Joey Hess reported that vobcopy appends data to the file "/tmp/vobcopy.bla" in an insecure manner. A local attacker could exploit this vulnerability to conduct symlink attacks and append data to arbitrary files with the privileges of the user running Vobcopy.
Alerts:
Gentoo 200803-11 2008-03-05

Comments (none posted)

Updated vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2006-5857 CVE-2007-0045 CVE-2007-0046
Created:January 11, 2007 Updated:October 26, 2009
Description: Adobes acrobat reader has the following vulnerabilities:

The Adobe Reader Plugin has a cross site scripting vulnerability that can be triggered by processes malformed URLs. Arbitrary JavaScript can be served by a malicious web server, leading to a cross-site scripting attack.

Maliciously crafted PDF files can be used to trigger two vulnerabilities, if an attacker can trick a user into viewing the files, arbitrary code can be executed with the user's privileges.

Alerts:
SuSE SUSE-SA:2009:049 2009-10-26
Gentoo 200910-03 2009-10-25
Red Hat RHSA-2007:0021-01 2007-01-22
Gentoo 200701-16 2007-01-22
SuSE SUSE-SA:2007:011 2007-01-22
Red Hat RHSA-2007:0017-01 2007-01-11

Comments (1 posted)

am-utils: overwrite arbitrary files

Package(s):am-utils CVE #(s):
Created:February 29, 2008 Updated:March 5, 2008
Description: The am-utils package could be vulnerable to an attack in which one local user can modify the contents of arbitrary files to which other local users running expn have write access.
Alerts:
rPath rPSA-2008-0088-1 2008-02-28

Comments (none posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

apache: several vulnerabilities

Package(s):apache CVE #(s):CVE-2007-5000 CVE-2007-6388 CVE-2008-0005
Created:January 15, 2008 Updated:July 29, 2008
Description: A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000)

A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388)

A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005)

Alerts:
Slackware SSA:2008-210-02 2008-07-29
rPath rPSA-2008-0035-1 2008-07-16
SuSE SUSE-SA:2008:021 2008-04-04
Fedora FEDORA-2008-1711 2008-02-15
Gentoo 200803-19 2008-03-11
Fedora FEDORA-2008-1695 2008-02-15
Slackware SSA:2008-045-02 2008-02-15
Slackware SSA:2008-045-01 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0009-01 2008-01-21
Mandriva MDVSA-2008:016 2007-01-16
Mandriva MDVSA-2008:015 2008-01-16
Mandriva MDVSA-2008:014 2008-01-16
Red Hat RHSA-2008:0008-01 2008-01-15
Red Hat RHSA-2008:0007-01 2008-01-15
Red Hat RHSA-2008:0006-01 2008-01-15
Red Hat RHSA-2008:0005-01 2008-01-15
Red Hat RHSA-2008:0004-01 2008-01-15

Comments (1 posted)

asterisk: possible SQL injection

Package(s):asterisk CVE #(s):CVE-2007-6170
Created:December 3, 2007 Updated:April 15, 2008
Description: Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitizing of call-related data, which may lead to SQL injection.
Alerts:
Gentoo 200804-13 2008-04-14
SuSE SUSE-SR:2008:005 2008-03-06
Debian DSA-1417-1 2007-12-02

Comments (none posted)

audacity: insecure tmpfile handling

Package(s):audacity CVE #(s):CVE-2007-6061
Created:March 3, 2008 Updated:May 12, 2008
Description: From the Gentoo advisory:

Viktor Griph reported that the "AudacityApp::OnInit()" method in file src/AudacityApp.cpp does not handle temporary files properly.

A local attacker could exploit this vulnerability to conduct symlink attacks to delete arbitrary files and directories with the privileges of the user running Audacity.

Alerts:
Fedora FEDORA-2008-3456 2008-05-09
Fedora FEDORA-2008-3511 2008-05-09
Mandriva MDVSA-2008:074 2007-03-20
Gentoo 200803-03 2008-03-02

Comments (none posted)

avahi: denial of service

Package(s):avahi CVE #(s):CVE-2007-3372
Created:June 28, 2007 Updated:December 23, 2008
Description: Avahi is vulnerable to a local denial of service that can be caused by making an erroneous call to the assert() function.
Alerts:
Debian DSA-1690-1 2008-12-22
Ubuntu USN-696-1 2008-12-18
Mandriva MDKSA-2007:185 2007-09-17
Foresight FLEA-2007-0030-1 2007-06-28

Comments (none posted)

bind: insecure permissions

Package(s):bind CVE #(s):CVE-2007-6283
Created:December 21, 2007 Updated:July 10, 2008
Description: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Alerts:
Fedora FEDORA-2008-6281 2008-07-09
Red Hat RHSA-2008:0300-02 2008-05-21
Fedora FEDORA-2008-0903 2008-01-22
Fedora FEDORA-2007-4655 2007-12-20
Fedora FEDORA-2007-4658 2007-12-20

Comments (1 posted)

bind: off-by-one error

Package(s):bind CVE #(s):CVE-2008-0122
Created:January 22, 2008 Updated:July 10, 2008
Description: Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3, and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Alerts:
Fedora FEDORA-2008-6281 2008-07-09
Red Hat RHSA-2008:0300-02 2008-05-21
SuSE SUSE-SR:2008:006 2008-03-14
rPath rPSA-2008-0029-1 2008-01-24
Fedora FEDORA-2008-0904 2008-01-22
Fedora FEDORA-2008-0903 2008-01-22

Comments (none posted)

boost: denial of service

Package(s):boost CVE #(s):CVE-2008-0171 CVE-2008-0172
Created:January 17, 2008 Updated:March 22, 2012
Description: From the Ubuntu alert: Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.
Alerts:
Gentoo 200802-08 2008-02-14
SuSE SUSE-SR:2008:006 2008-03-14
Fedora FEDORA-2008-0754 2008-03-13
rPath rPSA-2008-0063-1 2008-02-13
Mandriva MDVSA-2008:032 2007-02-01
Fedora FEDORA-2008-0880 2008-01-22
Ubuntu USN-570-1 2008-01-16
Red Hat RHSA-2012:0305-03 2012-02-21
Oracle ELSA-2012-0305 2012-03-07
Scientific Linux SL-boos-20120321 2012-03-21

Comments (none posted)

cacti: multiple vulnerabilities

Package(s):cacti CVE #(s):CVE-2008-0783 CVE-2008-0784 CVE-2008-0785 CVE-2008-0786
Created:February 28, 2008 Updated:July 16, 2008
Description: From the Mandriva alert: A number of vulnerabilities were found in the Cacti program, including XSS vulnerabilities, SQL injection vulnerabilities, CRLF injection vulnerabilities, and information disclosure vulnerabilities.
Alerts:
Debian DSA-1569-3 2008-07-15
Debian DSA-1569-2 2008-05-06
Debian DSA-1569-1 2008-05-05
Gentoo 200803-18 2008-03-10
SuSE SUSE-SR:2008:005 2008-03-06
Mandriva MDVSA-2008:052 2008-02-27

Comments (none posted)

cacti: denial of service

Package(s):cacti CVE #(s):CVE-2007-3112 CVE-2007-3113
Created:September 18, 2007 Updated:December 16, 2009
Description: A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
Alerts:
Debian DSA-1954-1 2009-12-16
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2007-3683 2007-11-22
Fedora FEDORA-2007-2199 2007-09-18
Mandriva MDKSA-2007:184 2007-09-17

Comments (none posted)

cairo: integer overflow

Package(s):Cairo CVE #(s):CVE-2007-5503
Created:November 29, 2007 Updated:April 10, 2008
Description: Cairo has an integer overflow vulnerability in the PNG image processing code. If a user processes a specially crafted PNG image with an application that is linked against cairo, arbitrary code can be executed with the user's privileges.
Alerts:
Debian DSA-1542-1 2008-04-09
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:019 2007-01-21
Fedora FEDORA-2007-3818 2008-01-16
rPath rPSA-2008-0015-1 2008-01-15
Ubuntu USN-550-3 2007-12-13
Ubuntu USN-550-2 2007-12-10
Gentoo 200712-04 2007-12-09
Ubuntu USN-550-1 2007-12-03
Slackware SSA:2007-337-01 2007-12-04
Red Hat RHSA-2007:1078-02 2007-11-29
Gentoo 201209-25 2012-09-29

Comments (none posted)

clamav: arbitrary code execution

Package(s):clamav CVE #(s):CVE-2008-0318
Created:February 13, 2008 Updated:April 18, 2008
Description:

From the CVE:

Integer overflow in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

Alerts:
Mandriva MDVSA-2008:088 2007-04-17
SuSE SUSE-SR:2008:004 2008-02-22
Gentoo 200802-09 2008-02-21
Debian DSA-1497-1 2008-02-16
Fedora FEDORA-2008-1625 2008-02-13
Fedora FEDORA-2008-1608 2008-02-13

Comments (1 posted)

clamav: arbitrary file overwrite

Package(s):clamav CVE #(s):CVE-2007-6595
Created:February 18, 2008 Updated:August 8, 2008
Description:

From the CVE entry: ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files in the cli_gentempfd function in libclamav/others.c or on (2) .ascii files in sigtool, when utf16-decode is enabled.

Alerts:
Gentoo 200808-07 2008-08-08
SuSE SUSE-SA:2008:024 2008-04-24
Mandriva MDVSA-2008:088 2007-04-17
Debian DSA-1497-1 2008-02-16

Comments (4 posted)

clamav: heap corruption

Package(s):clamav CVE #(s):CVE-2008-0728
Created:February 22, 2008 Updated:April 18, 2008
Description: From the CVE entry: libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
Alerts:
Mandriva MDVSA-2008:088 2007-04-17
Gentoo 200802-09 2008-02-21
SuSE SUSE-SR:2008:004 2008-02-22

Comments (none posted)

clamav: integer overflow and off-by-one

Package(s):clamav CVE #(s):CVE-2007-6335 CVE-2007-6336
Created:December 19, 2007 Updated:July 17, 2008
Description: ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code.
Alerts:
Fedora FEDORA-2008-6422 2008-07-17
Fedora FEDORA-2008-1625 2008-02-13
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-0115 2008-01-22
Fedora FEDORA-2008-0170 2008-01-22
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:003 2007-01-08
Debian DSA-1435-1 2007-12-19
Gentoo 200712-20 2007-12-29

Comments (none posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:March 17, 2010
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
CentOS CESA-2010:0145 2010-03-17
Red Hat RHSA-2010:0145-01 2010-03-15
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

vixie-cron: privilege escalation

Package(s):cron CVE #(s):CVE-2006-2607
Created:May 31, 2006 Updated:June 1, 2009
Description: The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Alerts:
Ubuntu USN-778-1 2009-06-01
Red Hat RHSA-2006:0539-01 2006-07-12
Gentoo 200606-07 2006-06-09
SuSE SUSE-SA:2006:027 2006-05-31
rPath rPSA-2006-0082-1 2006-05-25

Comments (1 posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2006-4262
Created:October 2, 2006 Updated:June 16, 2009
Description: Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
Alerts:
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200610-08 2006-10-20
Debian DSA-1186-1 2006-09-30

Comments (none posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:
CentOS CESA-2009:1102 2009-06-19
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1102-01 2009-06-15
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200606-10 2006-06-11
Debian DSA-1064-1 2006-05-19

Comments (1 posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2008-0882
Created:February 22, 2008 Updated:April 3, 2008
Description: From the Red Hat advisory: A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash.
Alerts:
Ubuntu USN-598-1 2008-04-02
Gentoo 200804-01 2008-04-01
Debian DSA-1530-1 2008-03-25
Mandriva MDVSA-2008:050 2008-02-26
Fedora FEDORA-2008-1976 2008-02-25
Fedora FEDORA-2008-1901 2008-02-25
SuSE SUSE-SA:2008:012 2008-03-06
Red Hat RHSA-2008:0157-01 2008-02-21

Comments (none posted)

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CVE-2008-0596 CVE-2008-0597
Created:February 25, 2008 Updated:March 6, 2008
Description:

From the Red Hat advisory:

A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597)

A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596)

These issues were found during the investigation of CVE-2008-0882.

Alerts:
Mandriva MDVSA-2008:050 2008-02-26
SuSE SUSE-SA:2008:012 2008-03-06
rPath rPSA-2008-0091-1 2008-02-29
Red Hat RHSA-2008:0161-01 2008-02-25
Red Hat RHSA-2008:0153-01 2008-02-25

Comments (none posted)

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CVE-2007-5849 CVE-2007-6358 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Created:December 19, 2007 Updated:October 16, 2008
Description: The cups 1.3.5 release fixes a number of vulnerabilities in the PDF filters. Additionally, there is a buffer overflow in the SNMP code and a temporary file vulnerability.
Alerts:
Fedora FEDORA-2008-8801 2008-10-16
Debian DSA-1537-1 2008-04-02
Mandriva MDVSA-2008:036 2007-02-06
Debian DSA-1480-1 2008-02-05
SuSE SUSE-SR:2008:002 2008-01-25
SuSE SUSE-SA:2008:002 2008-01-10
Ubuntu USN-563-1 2008-01-09
Debian DSA-1437-1 2007-12-26
Gentoo 200712-14 2007-12-18

Comments (none posted)

dbus: privilege escalation

Package(s):dbus CVE #(s):CVE-2008-0595
Created:February 28, 2008 Updated:October 14, 2008
Description: From the Red Hat alert: Havoc Pennington discovered a flaw in the way the dbus-daemon applies its security policy. A user with the ability to connect to the dbus-daemon may be able to execute certain method calls they should normally not have permission to access.
Alerts:
Ubuntu USN-653-1 2008-10-14
Debian DSA-1599-1 2008-06-26
rPath rPSA-2008-0099-1 2008-03-07
Fedora FEDORA-2008-2043 2008-02-28
Red Hat RHSA-2008:0159-01 2008-02-27
SuSE SUSE-SR:2008:006 2008-03-14
Mandriva MDVSA-2008:054 2007-02-28
Fedora FEDORA-2008-2070 2008-02-28
openSUSE openSUSE-SU-2012:1418-1 2012-10-31

Comments (none posted)

debian-goodies: privilege escalation

Package(s):debian-goodies CVE #(s):CVE-2007-3912
Created:October 5, 2007 Updated:March 24, 2008
Description: Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.
Alerts:
Debian DSA-1527-1 2008-03-24
Ubuntu USN-526-1 2007-10-04

Comments (none posted)

Django: denial of service

Package(s):Django CVE #(s):CVE-2007-5712
Created:November 12, 2007 Updated:September 22, 2008
Description:

From the CVE notice:

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

Alerts:
Debian DSA-1640-1 2008-09-20
Fedora FEDORA-2007-2788 2007-11-09
Fedora FEDORA-2007-3157 2007-11-09

Comments (none posted)

dovecot: privilege escalation

Package(s):dovecot CVE #(s):CVE-2007-4211
Created:August 15, 2007 Updated:May 21, 2008
Description: From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions."
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Fedora FEDORA-2007-664 2007-08-20
rPath rPSA-2007-0161-1 2007-08-14

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Debian DSA-1359-1 2007-08-28
Ubuntu USN-487-1 2007-07-17
Fedora FEDORA-2007-493 2007-05-07

Comments (none posted)

dovecot: multiple vulnerabilities

Package(s):dovecot CVE #(s):CVE-2007-6598
Created:January 3, 2008 Updated:October 7, 2008
Description: Dovecot has multiple vulnerabilities including an issue involving the confusion between LDAP-authenticated logins across users with the same password and a denial of service involving a connecting user.
Alerts:
SuSE SUSE-SR:2008:020 2008-10-07
Red Hat RHSA-2008:0297-02 2008-05-21
Ubuntu USN-567-1 2008-01-10
Debian DSA-1457-1 2008-01-09
rPath rPSA-2008-0001-1 2008-01-03

Comments (none posted)

eggdrop: stack-based buffer overflow

Package(s):eggdrop CVE #(s):CVE-2007-2807
Created:September 7, 2007 Updated:December 8, 2009
Description: A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
Alerts:
Mandriva MDVSA-2009:126-1 2009-12-08
Debian DSA-1826-1 2009-07-04
Mandriva MDVSA-2009:126 2009-06-01
Fedora FEDORA-2009-5572 2009-05-28
Fedora FEDORA-2009-5568 2009-05-28
Debian DSA-1448-1 2008-01-05
Fedora FEDORA-2007-4325 2007-12-10
Fedora FEDORA-2007-4305 2007-12-10
Gentoo 200709-07 2007-09-15
Mandriva MDKSA-2007:175 2007-09-06

Comments (none posted)

elinks: code execution

Package(s):elinks CVE #(s):CVE-2007-2027
Created:May 7, 2007 Updated:October 30, 2009
Description: Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
Alerts:
Red Hat RHSA-2009:1471-01 2009-10-01
CentOS CESA-2009:1471 2009-10-06
CentOS CESA-2009:1471 2009-10-30
Gentoo 200706-03 2007-06-06
Ubuntu USN-457-1 2007-05-07
Oracle ELSA-2013-0250 2013-02-11

Comments (none posted)

elinks: arbitrary file access

Package(s):elinks CVE #(s):CVE-2006-5925
Created:November 16, 2006 Updated:October 22, 2009
Description: The elinks text-mode browser has an arbitrary file access vulnerability in the Elinks SMB protocol handler. If a user can be tricked into visiting a specially crafted web page, arbitrary files may be read or written with the user's permissions.
Alerts:
Ubuntu USN-851-1 2009-10-21
Gentoo 200701-27 2007-01-30
OpenPKG OpenPKG-SA-2006.043 2006-12-26
Debian DSA-1240-1 2006-12-21
Gentoo 200612-16 2006-12-14
Debian DSA-1228-1 2006-12-05
Debian DSA-1226-1 2006-12-03
Fedora FEDORA-2006-1278 2006-11-21
Fedora FEDORA-2006-1277 2006-11-21
Mandriva MDKSA-2006:216 2006-11-20
Red Hat RHSA-2006:0742-01 2006-11-15

Comments (none posted)

emacs: buffer overflow

Package(s):emacs CVE #(s):CVE-2007-6109
Created:December 10, 2007 Updated:May 6, 2008
Description:

From the National Vulnerability Database:

Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.

Alerts:
Ubuntu USN-607-1 2008-05-06
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:034 2007-02-04
Gentoo 200712-03 2007-12-09

Comments (none posted)

evolution: format string vulnerability

Package(s):evolution CVE #(s):CVE-2008-0072
Created:March 5, 2008 Updated:May 28, 2008
Description: The encrypted mail display code in evolution suffers from a format string vulnerability which could be exploited by way of a specially crafted email message.
Alerts:
rPath rPSA-2008-0105-1 2008-05-28
Mandriva MDVSA-2008:063 2007-03-06
Fedora FEDORA-2008-2292 2008-03-06
Fedora FEDORA-2008-2290 2008-03-06
Gentoo 200803-12 2008-03-05
SuSE SUSE-SA:2008:014 2008-03-14
Ubuntu USN-583-1 2008-03-05
Debian DSA-1512-1 2008-03-05
Red Hat RHSA-2008:0178-01 2008-03-05
Red Hat RHSA-2008:0177-01 2008-03-05

Comments (none posted)

pop mail man-in-the-middle attacks

Package(s):evolution thunderbird mutt fetchmail CVE #(s):CVE-2007-1558
Created:May 8, 2007 Updated:July 3, 2009
Description: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.
Alerts:
CentOS CESA-2009:1140 2009-07-02
Red Hat RHSA-2009:1140-02 2009-07-02
Fedora FEDORA-2007-1447 2007-08-06
rPath rPSA-2007-0127-1 2007-06-19
Foresight FLEA-2007-0026-1 2007-06-18
rPath rPSA-2007-0122-1 2007-06-14
Red Hat RHSA-2007:0385-01 2007-06-07
rPath rPSA-2007-0114-1 2007-06-04
Mandriva MDKSA-2007:113 2007-06-04
Red Hat RHSA-2007:0386-01 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-550 2007-05-31
Fedora FEDORA-2007-551 2007-05-31
Red Hat RHSA-2007:0401-01 2007-05-30
Fedora FEDORA-2007-539 2007-05-30
Fedora FEDORA-2007-540 2007-05-30
Red Hat RHSA-2007:0344-01 2007-05-30
Mandriva MDKSA-2007:107 2007-05-19
Mandriva MDKSA-2007:105 2007-05-17
Red Hat RHSA-2007:0353-01 2007-05-17
Fedora FEDORA-2007-484 2007-05-07
Fedora FEDORA-2007-485 2007-05-07

Comments (none posted)

exiftags: multiple vulnerabilities

Package(s):exiftags CVE #(s):CVE-2007-6354 CVE-2007-6355 CVE-2007-6356
Created:December 31, 2007 Updated:April 1, 2008
Description: From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356).
Alerts:
Debian DSA-1533-2 2008-04-01
Debian DSA-1533-1 2008-03-27
Gentoo 200712-17 2007-12-29

Comments (none posted)

exiv2: integer overflow

Package(s):exiv2 CVE #(s):CVE-2007-6353
Created:December 21, 2007 Updated:October 15, 2008
Description: Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Alerts:
Ubuntu USN-655-1 2008-10-15
Mandriva MDVSA-2008:119 2007-06-19
Debian DSA-1474-1 2008-01-23
Mandriva MDVSA-2008:006 2007-01-10
SuSE SUSE-SR:2008:001 2008-01-09
Gentoo 200712-16 2007-12-29
Fedora FEDORA-2007-4591 2007-12-20
Fedora FEDORA-2007-4551 2007-12-20

Comments (none posted)

fetchmail: denial of service

Package(s):fetchmail CVE #(s):CVE-2007-4565
Created:September 5, 2007 Updated:October 30, 2009
Description: fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Alerts:
CentOS CESA-2009:1427 2009-09-08
Red Hat RHSA-2009:1427-01 2009-09-08
CentOS CESA-2009:1427 2009-10-30
Ubuntu USN-520-1 2007-09-26
Debian DSA-1377-2 2007-09-21
Debian DSA-1377 2007-09-21
Mandriva MDKSA-2007:179 2007-09-11
Foresight FLEA-2007-0053-1 2007-09-06
rPath rPSA-2007-0178-1 2007-09-05
Fedora FEDORA-2007-1983 2007-09-04
Fedora FEDORA-2007-689 2007-09-04

Comments (none posted)

firebird: multiple vulnerabilities

Package(s):firebird CVE #(s):CVE-2008-0387 CVE-2008-0467
Created:March 3, 2008 Updated:March 27, 2008
Description: From the Gentoo advisory:

Firebird does not properly handle certain types of XDR requests, resulting in an integer overflow (CVE-2008-0387). Furthermore, it is vulnerable to a buffer overflow when processing usernames (CVE-2008-0467).

A remote attacker could send specially crafted XDR requests or an overly long username to the vulnerable server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application.

Alerts:
Debian DSA-1529-1 2008-03-24
Gentoo 200803-02 2008-03-02

Comments (none posted)

firebird: buffer overflow

Package(s):firebird CVE #(s):CVE-2007-3181
Created:July 2, 2007 Updated:March 27, 2008
Description: The Firebird DBMS has a buffer overflow vulnerability involving the processing of connect requests with an overly large p_cnct_count value. Remote attackers can send a specially crafted request to the server in order to potentially execute arbitrary code with the permissions of the Firebird user.
Alerts:
Debian DSA-1529-1 2008-03-24
Gentoo 200707-01 2007-07-01

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2008-0414 CVE-2008-0416 CVE-2008-0420 CVE-2008-0594
Created:February 8, 2008 Updated:May 21, 2008
Description: From the Ubuntu advisory:
Flaws were discovered in the file upload form control. A malicious website could force arbitrary files from the user's computer to be uploaded without consent. (CVE-2008-0414)

Various flaws were discovered in character encoding handling. If a user were ticked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)

Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420)

Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog wasn't displayed under certain circumstances. A malicious website could exploit this to conduct phishing attacks against the user. (CVE-2008-0594)

Alerts:
Gentoo 200805-18 2008-05-20
Ubuntu USN-592-1 2008-03-26
Debian DSA-1485-2 2008-03-17
Debian DSA-1506-2 2008-03-20
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Ubuntu USN-582-1 2008-02-29
Fedora FEDORA-2008-2060 2008-02-28
Fedora FEDORA-2008-2118 2008-02-28
Debian DSA-1506-1 2008-02-24
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Ubuntu USN-582-2 2008-03-06
Red Hat RHSA-2008:0105-02 2008-02-27
Mandriva MDVSA-2008:048 2007-02-22
SuSE SUSE-SA:2008:008 2008-02-15
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1459 2008-02-13
Fedora FEDORA-2008-1669 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Foresight FLEA-2008-0001-1 2008-02-11
rPath rPSA-2008-0051-1 2008-02-08
Debian DSA-1489-1 2008-02-10
Debian DSA-1485-1 2008-02-10
Debian DSA-1484-1 2008-02-10
Ubuntu USN-576-1 2008-02-08

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox seamonkey thunderbird CVE #(s):CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593
Created:February 8, 2008 Updated:May 21, 2008
Description: From the Red Hat advisory:
Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)

A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418)

A flaw was found in the way Firefox saves certain text files. If a website offers a file of type "plain/text", rather than "text/plain", Firefox will not show future "text/plain" content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592)

Alerts:
Gentoo 200805-18 2008-05-20
Fedora FEDORA-2008-2830 2008-04-01
Fedora FEDORA-2008-2812 2008-04-01
Debian DSA-1506-2 2008-03-20
Debian DSA-1485-2 2008-03-17
rPath rPSA-2008-0093-1 2008-02-29
Mandriva MDVSA-2008:048 2007-02-22
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Mandriva MDVSA-2008:062 2007-03-06
Slackware SSA:2008-061-01 2008-03-03
Fedora FEDORA-2008-2118 2008-02-28
Debian DSA-1506-1 2008-02-24
SuSE SUSE-SA:2008:008 2008-02-15
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Ubuntu USN-582-2 2008-03-06
Ubuntu USN-582-1 2008-02-29
Fedora FEDORA-2008-2060 2008-02-28
Red Hat RHSA-2008:0105-02 2008-02-27
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1459 2008-02-13
Fedora FEDORA-2008-1669 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Foresight FLEA-2008-0001-1 2008-02-11
rPath rPSA-2008-0051-1 2008-02-08
Debian DSA-1489-1 2008-02-10
Debian DSA-1485-1 2008-02-10
Debian DSA-1484-1 2008-02-10
Ubuntu USN-576-1 2008-02-08
Red Hat RHSA-2008:0105-01 2008-02-07
Red Hat RHSA-2008:0104-01 2008-02-07
Red Hat RHSA-2008:0103-01 2008-02-07

Comments (2 posted)

firefox, thunderbird, seamonkey: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2007-3738 CVE-2007-3656 CVE-2007-3670 CVE-2007-3285 CVE-2007-3737 CVE-2007-3089 CVE-2007-3736 CVE-2007-3734 CVE-2007-3735
Created:July 18, 2007 Updated:May 12, 2008
Description: shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code. (CVE-2007-3738)

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing++). (CVE-2007-3656)

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. (CVE-2007-3670)

Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally. (CVE-2007-3285)

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges. (CVE-2007-3737)

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the window is loading. (CVE-2007-3089)

Mozilla contributor moz_bug_r_a4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. (CVE-2007-3736)

As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
Ubuntu USN-503-1 2007-08-24
Slackware SSA:2007-222-04 2007-08-13
SuSE SUSE-SA:2007:049 2007-08-02
Slackware SSA:2007-205-02 2007-07-25
Slackware SSA:2007-205-01 2007-07-25
Foresight FLEA-2007-0033-1 2007-07-24
Debian DSA-1339-1 2007-07-23
Debian DSA-1338-1 2007-07-23
Fedora FEDORA-2007-1181 2007-07-20
Fedora FEDORA-2007-1180 2007-07-20
Debian DSA-1337-1 2007-07-22
Fedora FEDORA-2007-642 2007-07-20
Fedora FEDORA-2007-641 2007-07-20
rPath rPSA-2007-0148-1 2007-07-20
Ubuntu USN-490-1 2007-07-19
Slackware SSA:2007-200-01 2007-07-20
Fedora FEDORA-2007-1159 2007-07-19
Fedora FEDORA-2007-1157 2007-07-19
Fedora FEDORA-2007-1155 2007-07-19
Red Hat RHSA-2007:0724-01 2007-07-18
Red Hat RHSA-2007:0723-01 2007-07-18
Red Hat RHSA-2007:0722-01 2007-07-18
Fedora FEDORA-2007-1143 2007-07-18
Fedora FEDORA-2007-1144 2007-07-18
Fedora FEDORA-2007-1142 2007-07-18
Fedora FEDORA-2007-1138 2007-07-18

Comments (none posted)

flash-plugin: lots of problems

Package(s):flash-plugin CVE #(s):CVE-2007-5275 CVE-2007-4324 CVE-2007-4768 CVE-2007-6242 CVE-2007-6243 CVE-2007-6244 CVE-2007-6245 CVE-2007-6246
Created:December 19, 2007 Updated:November 14, 2008
Description: A vast number of vulnerabilities exists in the proprietary Flash plugin for Firefox.
Alerts:
SuSE SUSE-SR:2008:025 2008-11-14
Red Hat RHSA-2008:0980-02 2008-11-12
Red Hat RHSA-2008:0945-01 2008-10-28
Gentoo 200804-21 2008-04-18
SuSE SUSE-SA:2008:022 2008-04-11
Red Hat RHSA-2008:0221-01 2008-04-08
Gentoo 200801-07:02 2008-01-20
Red Hat RHSA-2007:1126-01 2007-12-18
SuSE SUSE-SA:2007:069 2007-12-21

Comments (3 posted)

freetype: arbitrary code execution

Package(s):freetype CVE #(s):CVE-2007-2754
Created:May 24, 2007 Updated:June 1, 2010
Description: The Freetype font rendering library versions 2.3.4 and below has an integer sign error. Remote attackers may be able to create a specially crafted TrueType Font file with a negative n_points value that will cause an integer overflow and heap-based buffer overflow, allowing the execution of arbitrary code.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Debian DSA-1334 2007-07-18
SuSE SUSE-SA:2007:041 2007-07-04
Fedora FEDORA-2007-561 2007-06-18
Mandriva MDKSA-2007:121 2007-06-13
Foresight FLEA-2007-0025-1 2007-06-13
Red Hat RHSA-2007:0403-01 2007-06-11
Debian DSA-1302-1 2007-06-10
Fedora FEDORA-2007-0033 2007-06-01
Ubuntu USN-466-1 2007-05-30
Gentoo 200705-22 2007-05-30
Trustix TSLSA-2007-0019 2007-05-25
rPath rPSA-2007-0108-1 2007-05-23
Foresight FLEA-2007-0020-1 2007-05-21
OpenPKG OpenPKG-SA-2007.018 2007-05-24

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:June 1, 2010
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:November 18, 2009
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Debian DSA-1936-1 2009-11-17
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gd: multiple vulnerabilities

Package(s):gd CVE #(s):CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Created:August 6, 2007 Updated:November 6, 2009
Description: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478)

Alerts:
Ubuntu USN-854-1 2009-11-05
Debian DSA-1613-1 2008-07-22
Red Hat RHSA-2008:0146-01 2008-02-28
SuSE SUSE-SR:2007:015 2007-08-03
Fedora FEDORA-2007-692 2007-09-18
Fedora FEDORA-2007-2055 2007-09-07
Foresight FLEA-2007-0052-1 2007-09-06
rPath rPSA-2007-0176-1 2007-09-05
Trustix TSLSA-2007-0024 2007-08-10
Gentoo 200708-05 2007-08-09
Mandriva MDKSA-2007:153 2007-08-03

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:February 5, 2009
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Fedora FEDORA-2009-1189 2009-01-29
Fedora FEDORA-2009-1187 2009-01-29
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

ghostscript: buffer overflow

Package(s):ghostscript gs CVE #(s):CVE-2008-0411
Created:February 27, 2008 Updated:April 10, 2008
Description: The Ghostscript color-space handling code suffers from a buffer overflow which may be exploitable by way of a specially-crafted postscript file.
Alerts:
Ubuntu USN-599-1 2008-04-09
Fedora FEDORA-2008-2084 2008-03-06
rPath rPSA-2008-0082-1 2008-02-28
Debian DSA-1510-1 2008-02-27
Gentoo 200803-14 2008-03-08
Slackware SSA:2008-062-01 2008-03-03
Mandriva MDVSA-2008:055 2007-02-28
Red Hat RHSA-2008:0155-01 2008-02-27
Fedora FEDORA-2008-1998 2008-03-03
SuSE SUSE-SA:2008:010 2008-02-28
Debian DSA-1510-1 2008-02-27

Comments (none posted)

gnome-screensaver: keyboard lock bypass

Package(s):gnome-screensaver CVE #(s):CVE-2007-3920
Created:October 24, 2007 Updated:October 15, 2009
Description: From the Ubuntu advisory:

Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.

Alerts:
SuSE SUSE-SA:2008:027 2008-06-13
Red Hat RHSA-2008:0485-02 2008-05-21
Fedora FEDORA-2008-0956 2008-01-24
Fedora FEDORA-2008-0930 2008-01-24
Ubuntu USN-537-2 2007-11-02
Ubuntu USN-537-1 2007-10-23

Comments (none posted)

openssh: inappropriate use of trusted cookies

Package(s):gnome-ssh-askpass openssh CVE #(s):CVE-2007-4752
Created:September 11, 2007 Updated:August 25, 2008
Description: OpenSSH in versions prior 4.7 could use a trusted X11 cookie if the creation of an untrusted cookie failed.
Alerts:
CentOS CESA-2008:0855 2008-08-22
Red Hat RHSA-2008:0855-01 2008-08-22
Debian DSA-1576-1 2008-05-14
Ubuntu USN-566-1 2008-01-09
Mandriva MDKSA-2007:236 2007-12-04
Gentoo 200711-02 2007-11-01
Fedora FEDORA-2007-715 2007-10-15
Foresight FLEA-2007-0055-1 2007-09-17
Slackware SSA:2007-255-01 2007-09-13
rPath rPSA-2007-0181-1 2007-09-10

Comments (none posted)

gnumeric: arbitrary code execution

Package(s):gnumeric CVE #(s):CVE-2008-0668
Created:February 13, 2008 Updated:August 8, 2008
Description:

From the CVE:

The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.

Alerts:
SuSE SUSE-SR:2008:016 2008-08-08
Ubuntu USN-604-1 2008-04-22
Debian DSA-1546-1 2008-04-10
Gentoo 200802-05 2008-02-12
Mandriva MDVSA-2008:056 2007-02-28

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:November 19, 2008
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora FEDORA-2008-9604 2008-11-19
Fedora FEDORA-2008-9521 2008-11-19
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:January 20, 2010
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Debian DSA-1974-1 2010-01-20
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

horde3: remote email deletion

Package(s):horde3 CVE #(s):CVE-2007-6018
Created:January 21, 2008 Updated:March 24, 2009
Description:

From the Debian advisory:

Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client.

Alerts:
SuSE SUSE-SR:2009:007 2009-03-24
Fedora FEDORA-2008-2087 2008-02-28
Fedora FEDORA-2008-2040 2008-02-28
Fedora FEDORA-2008-2087 2008-02-28
Fedora FEDORA-2008-2040 2008-02-28
Fedora FEDORA-2008-2087 2008-02-28
Fedora FEDORA-2008-2040 2008-02-28
Gentoo 200802-03 2008-02-11
Debian DSA-1470-1 2008-01-20

Comments (none posted)

horde-kronolith: local file inclusion

Package(s):horde-kronolith CVE #(s):CVE-2006-6175
Created:January 17, 2007 Updated:March 7, 2008
Description: Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:
Gentoo 200701-11 2007-01-16

Comments (none posted)

httpd: cross-site scripting, denial of service

Package(s):httpd CVE #(s):CVE-2007-6421 CVE-2007-6422
Created:January 15, 2008 Updated:April 4, 2008
Description: A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, a cross-site scripting attack against an authorized user was possible. (CVE-2007-6421)

A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-6422)

Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Gentoo 200803-19 2008-03-11
Fedora FEDORA-2008-1695 2008-02-15
Fedora FEDORA-2008-1711 2008-02-15
Slackware SSA:2008-045-01 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0009-01 2008-01-21
Red Hat RHSA-2008:0008-01 2008-01-15

Comments (1 posted)

icu: arbitrary code execution

Package(s):icu CVE #(s):CVE-2007-4770 CVE-2007-4771
Created:January 25, 2008 Updated:May 15, 2008
Description: From the Red Hat advisory: Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application.
Alerts:
Gentoo 200805-16 2008-05-14
SuSE SUSE-SA:2008:023 2008-04-18
Ubuntu USN-591-1 2008-03-24
Debian DSA-1511-1 2008-03-03
Gentoo 200803-20 2008-03-11
SuSE SUSE-SR:2008:005 2008-03-06
rPath rPSA-2008-0043-1 2008-02-06
Mandriva MDVSA-2008:026 2008-01-25
Fedora FEDORA-2008-1036 2008-01-27
Fedora FEDORA-2008-1076 2008-01-27
Red Hat RHSA-2008:0090-01 2008-01-25

Comments (none posted)

imagemagick: multiple vulnerabilities

Package(s):imagemagick CVE #(s):CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988
Created:October 4, 2007 Updated:August 11, 2009
Description: The ImageMagick image decoders have multiple vulnerabilities. If a user can be tricked into processing a specially crafted DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with the user's privileges.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0145-01 2008-04-16
Red Hat RHSA-2008:0165-01 2008-04-16
Mandriva MDVSA-2008:035 2007-02-05
Foresight FLEA-2007-0066-1 2007-11-11
Gentoo 200710-27 2007-10-24
rPath rPSA-2007-0220-1 2007-10-18
Ubuntu USN-523-1 2007-10-03
Oracle ELSA-2012-0301 2012-03-07

Comments (none posted)

ImageMagick: integer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1797
Created:April 4, 2007 Updated:August 11, 2009
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0165-01 2008-04-16
Red Hat RHSA-2008:0145-01 2008-04-16
Fedora FEDORA-2007-1340 2007-07-30
Mandriva MDKSA-2007:147 2007-07-20
Ubuntu USN-481-1 2007-07-10
Gentoo 200705-13 2007-05-10
Fedora FEDORA-2007-414 2007-04-17
Fedora FEDORA-2007-413 2007-04-05
rPath rPSA-2007-0064-1 2007-04-04

Comments (none posted)

jasper: denial of service

Package(s):jasper CVE #(s):CVE-2007-2721
Created:June 1, 2007 Updated:April 19, 2010
Description: The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files.
Alerts:
Debian DSA-2036-1 2010-04-17
Mandriva MDVSA-2009:142-1 2009-12-03
Mandriva MDVSA-2009:164 2009-07-28
Mandriva MDVSA-2009:142 2009-06-26
CentOS CESA-2009:0012 2009-02-11
Red Hat RHSA-2009:0012-01 2009-02-11
Mandriva MDKSA-2007:209 2007-11-05
Mandriva MDKSA-2007:208 2007-11-05
Ubuntu USN-501-2 2007-10-22
Ubuntu USN-501-1 2007-08-20
Mandriva MDKSA-2007:129 2007-06-19
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

java: multiple vulnerabilities

Package(s):java CVE #(s):CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:January 18, 2007 Updated:June 4, 2010
Description: java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:
Pardus 2010-67 2010-06-04
Gentoo 200705-20 2007-05-26
Red Hat RHSA-2007:0073-01 2007-02-09
Red Hat RHSA-2007:0072-01 2007-02-08
Red Hat RHSA-2007:0062-02 2007-02-07
Gentoo 200701-15 2007-01-22
SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-3503 CVE-2007-3655 CVE-2007-3698 CVE-2007-3922
Created:August 6, 2007 Updated:June 24, 2008
Description: The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service. (CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922)

Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
SuSE SUSE-SA:2007:056 2007-10-18
Red Hat RHSA-2007:0956-01 2007-10-16
Slackware SSA:2007-243-01 2007-08-31
Red Hat RHSA-2007:0829-01 2007-08-07
Red Hat RHSA-2007:0818-01 2007-08-06

Comments (none posted)

java: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2008-0657
Created:February 12, 2008 Updated:April 25, 2008
Description: Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
Alerts:
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0210-01 2008-04-03
Red Hat RHSA-2008:0156-02 2008-03-05
Red Hat RHSA-2008:0123-01 2008-02-12

Comments (none posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-5232 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274
Created:October 12, 2007 Updated:April 25, 2008
Description: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. (CVE-2007-5232)

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." (CVE-2007-5238)

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. (CVE-2007-5239)

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. (CVE-2007-5240)

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5273)

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274)

Alerts:
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0100-01 2008-03-11
Red Hat RHSA-2008:0156-02 2008-03-05
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1041-01 2007-11-26
Foresight FLEA-2007-0061-1 2007-10-26
SuSE SUSE-SA:2007:055 2007-10-17
Red Hat RHSA-2007:0963-01 2007-10-12

Comments (1 posted)

JRockit: multiple vulnerabilities

Package(s):jrockit-jdk-bin CVE #(s):CVE-2007-2788 CVE-2007-4381 CVE-2007-3716 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3503 CVE-2007-3698 CVE-2007-3922
Created:September 24, 2007 Updated:June 24, 2008
Description: An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities.
Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0100-01 2008-03-11
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
Gentoo 200709-15 2007-09-23

Comments (none posted)

kazehakase: multiple vulnerabilities

Package(s):kazehakase CVE #(s):
Created:January 31, 2008 Updated:April 23, 2008
Description: The kazehakase web browser is vulnerable to buffer overflows and memory corruption in PCRE. If a remote attacker can convince a user to open specially crafted bookmarks, it can lead to the execution of arbitrary code, denial of service or arbitrary information disclosure.
Alerts:
Gentoo 200801-18 2008-01-30

Comments (none posted)

kdebase: denial of service

Package(s):kdebase CVE #(s):CVE-2007-5963
Created:December 18, 2007 Updated:January 19, 2009
Description: The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits.
Alerts:
Mandriva MDVSA-2009:017 2009-01-16
rPath rPSA-2007-0268-1 2007-12-17

Comments (none posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:September 21, 2010
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (1 posted)

kernel: out-of-bounds access

Package(s):kernel CVE #(s):CVE-2007-4573
Created:September 25, 2007 Updated:December 6, 2010
Description: The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
Alerts:
Mandriva MDVSA-2010:247 2010-12-03
Mandriva MDVSA-2010:188 2010-09-23
Mandriva MDVSA-2010:198 2010-10-07
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Mandriva MDVSA-2008:008 2008-01-11
SuSE SUSE-SA:2007:064 2007-12-04
SuSE SUSE-SA:2007:053 2007-10-12
Mandriva MDKSA-2007:195 2007-10-15
Mandriva MDKSA-2007:196 2007-10-15
Debian DSA-1381-2 2007-10-12
Debian DSA-1381-1 2007-10-02
Debian DSA-1378-2 2007-09-28
Debian DSA-1378-1 2007-09-27
Red Hat RHSA-2007:0938-01 2007-09-27
Red Hat RHSA-2007:0937-01 2007-09-27
Red Hat RHSA-2007:0936-01 2007-09-27
Ubuntu USN-518-1 2007-09-25
rPath rPSA-2007-0198-1 2007-09-24
Fedora FEDORA-2007-712 2007-09-24
Fedora FEDORA-2007-2298 2007-09-25

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-4130 CVE-2007-6694
Created:February 1, 2008 Updated:June 20, 2008
Description: From the Red Hat advisory: A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash).
Alerts:
Ubuntu USN-618-1 2008-06-19
Ubuntu USN-614-1 2008-06-03
Debian DSA-1565-1 2008-05-01
Debian DSA-1503-2 2008-03-06
Red Hat RHSA-2008:0154-01 2008-03-05
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Red Hat RHSA-2008:0055-01 2008-01-31

Comments (none posted)

kernel: ALSA returns incorrect write size

Package(s):kernel CVE #(s):CVE-2007-4571
Created:September 28, 2007 Updated:June 20, 2008
Description: The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Alerts:
Ubuntu USN-618-1 2008-06-19
Debian DSA-1505 2008-02-22
Debian DSA-1479 2008-01-29
Red Hat RHSA-2007:0993-01 2007-11-29
Red Hat RHSA-2007:0939-01 2007-11-01
SuSE SUSE-SA:2007:053 2007-10-12
Fedora FEDORA-2007-714 2007-10-08
Fedora FEDORA-2007-2349 2007-09-28
rPath rPSA-2007-0202-1 2007-09-27

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-3731
Created:March 3, 2008 Updated:March 5, 2008
Description: From the rPath advisory:

Previous versions of the Linux kernel package contain a vulnerability in the ptrace system call which allows local users to cause a Denial of Service.

Alerts:
rPath rPSA-2008-0094-1 2008-02-29

Comments (none posted)

kernel: insufficient range checks

Package(s):kernel CVE #(s):CVE-2008-0007
Created:February 8, 2008 Updated:January 8, 2009
Description: From the SUSE advisory: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory.
Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:174 2008-08-19
Ubuntu USN-618-1 2008-06-19
Mandriva MDVSA-2008:112 2007-06-12
CentOS CESA-2008:0237 2008-05-09
CentOS CESA-2008:0233 2008-05-09
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0233-01 2008-05-07
Red Hat RHSA-2008:0237-01 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1565-1 2008-05-01
SuSE SUSE-SA:2008:017 2008-03-28
Mandriva MDVSA-2008:072 2008-03-20
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Mandriva MDVSA-2008:044 2008-02-12
rPath rPSA-2008-0048-1 2008-02-08
SuSE SUSE-SA:2008:006 2008-02-07

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-6921
Created:March 5, 2008 Updated:March 5, 2008
Description: From the Red Hat advisory: a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service.
Alerts:
Red Hat RHSA-2008:0154-01 2008-03-05

Comments (none posted)

kernel: information disclosure

Package(s):kernel CVE #(s):CVE-2007-6207
Created:March 5, 2008 Updated:March 5, 2008
Description: From the Red Hat advisory: a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users.
Alerts:
Red Hat RHSA-2008:0154-01 2008-03-05

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:January 5, 2009
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: remote denial of service

Package(s):kernel CVE #(s):CVE-2006-6058 CVE-2007-4997
Created:November 9, 2007 Updated:June 13, 2008
Description: The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

Alerts:
Mandriva MDVSA-2008:112 2007-06-12
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Mandriva MDVSA-2008:008 2008-01-11
Debian DSA-1436-1 2007-12-20
Debian DSA-1428-2 2007-12-11
SuSE SUSE-SA:2007:064 2007-12-04
Red Hat RHSA-2007:1104-01 2007-12-19
Ubuntu USN-558-1 2007-12-19
Debian DSA-1428-1 2007-12-10
Red Hat RHSA-2007:0993-01 2007-11-29
Mandriva MDKSA-2007:232 2007-11-28
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21
Mandriva MDKSA-2007:226 2007-11-19
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:059 2007-11-09

Comments (1 posted)

kernel: local filesystem corruption

Package(s):kernel CVE #(s):CVE-2008-0001
Created:January 17, 2008 Updated:June 13, 2008
Description: From the mitre.org CVE description: VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions.
Alerts:
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:013 2008-03-06
Ubuntu USN-578-1 2008-02-14
Mandriva MDVSA-2008:044 2008-02-12
Fedora FEDORA-2008-0984 2008-02-05
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Debian DSA-1479 2008-01-29
Fedora FEDORA-2008-0958 2008-01-29
Fedora FEDORA-2008-0748 2008-01-24
Red Hat RHSA-2008:0089-01 2008-01-23
rPath rPSA-2008-0021-1 2008-01-17

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-1353 CVE-2007-2451 CVE-2007-2453
Created:June 11, 2007 Updated:March 6, 2008
Description: Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)

Alerts:
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0488-01 2007-06-25
Debian DSA-1356-1 2007-08-15
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Mandriva MDKSA-2007:171 2007-08-28
Red Hat RHSA-2007:0671-01 2007-08-16
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Fedora FEDORA-2007-600 2007-06-25
Fedora FEDORA-2007-599 2007-06-21
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0376-01 2007-06-14
Fedora FEDORA-2007-0409 2007-06-13
Ubuntu USN-470-1 2007-06-08

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5823 CVE-2006-6054 CVE-2007-1592
Created:June 12, 2007 Updated:March 21, 2011
Description: A flaw in the cramfs file system allows invalid compressed data to cause memory corruption (CVE-2006-5823)

A flaw in the ext2 file system allows an invalid inode size to cause a denial of service (system hang) (CVE-2006-6054)

A flaw in IPV6 flow label handling allows a local user to cause a denial of service (crash) (CVE-2007-1592)

Alerts:
Mandriva MDVSA-2011:051 2011-03-18
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0347-01 2007-05-16
SuSE SUSE-SA:2007:043 2007-07-09
Debian DSA-1304-1 2007-06-16
rPath rPSA-2007-0124-1 2007-06-14
Red Hat RHSA-2007:0436-01 2007-06-11

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5500
Created:November 28, 2007 Updated:July 8, 2008
Description: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
Alerts:
SuSE SUSE-SA:2008:032 2008-07-07
SuSE SUSE-SA:2008:030 2008-06-20
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:013 2008-03-06
Ubuntu USN-578-1 2008-02-14
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Mandriva MDVSA-2008:008 2008-01-11
Ubuntu USN-558-1 2007-12-19
Debian DSA-1428-2 2007-12-11
Debian DSA-1428-1 2007-12-10
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5501
Created:November 28, 2007 Updated:March 7, 2008
Description: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
Alerts:
SuSE SUSE-SA:2008:013 2008-03-06
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Ubuntu USN-558-1 2007-12-19
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-2935 CVE-2006-4145 CVE-2006-3745
Created:September 1, 2006 Updated:July 30, 2008
Description: Previous versions of the kernel package are subject to several vulnerabilities. Certain malformed UDF filesystems can cause the system to crash (denial of service). Malformed CDROM firmware or USB storage devices (such as USB keys) could cause system crash (denial of service), and if they were intentionally malformed, can cause arbitrary code to run with elevated privileges. In addition, the SCTP protocol is subject to a remote system crash (denial of service) attack.
Alerts:
Red Hat RHSA-2008:0665-01 2008-07-24
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2006:064 2006-11-10
Red Hat RHSA-2006:0710-01 2006-10-19
SuSE SUSE-SA:2006:057 2006-09-28
Trustix TSLSA-2006-0051 2006-09-15
Ubuntu USN-346-2 2006-09-14
Ubuntu USN-346-1 2006-09-14
rPath rPSA-2006-0162-1 2006-08-31

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-2172 CVE-2007-3739 CVE-2007-4308
Created:December 3, 2007 Updated:January 8, 2009
Description: A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. (CVE-2007-3739)

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. (CVE-2007-4308)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2008:006 2008-02-07
SuSE SUSE-SA:2007:064 2007-12-04
Red Hat RHSA-2007:1049-01 2007-12-03

Comments (none posted)

kernel: buffer overflows

Package(s):kernel CVE #(s):CVE-2007-5904
Created:December 3, 2007 Updated:June 20, 2008
Description: Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
Alerts:
SuSE SUSE-SA:2008:030 2008-06-20
Ubuntu USN-618-1 2008-06-19
SuSE SUSE-SA:2008:017 2008-03-28
Red Hat RHSA-2008:0167-01 2008-03-14
SuSE SUSE-SA:2008:013 2008-03-06
rPath rPSA-2008-0048-1 2008-02-08
Red Hat RHSA-2008:0089-01 2008-01-23
Debian DSA-1428-2 2007-12-11
SuSE SUSE-SA:2007:064 2007-12-04
SuSE SUSE-SA:2007:063 2007-12-03

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:January 5, 2007 Updated:January 8, 2009
Description: A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function.

The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2007:035 2007-06-14
SuSE SUSE-SA:2007:053 2007-10-12
Ubuntu USN-416-2 2007-03-01
Ubuntu USN-416-1 2007-02-01
rPath rPSA-2007-0031-1 2007-02-09
Mandriva MDKSA-2007:040 2007-02-07
Red Hat RHSA-2007:0014-01 2007-01-30
Mandriva MDKSA-2007:025 2007-01-23
Fedora FEDORA-2007-058 2007-01-18
Mandriva MDKSA-2007:012 2006-01-12
Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3851 CVE-2007-3848 CVE-2007-3105
Created:August 17, 2007 Updated:January 8, 2009
Description: The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851)

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. (CVE-2007-3105)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:105 2007-05-21
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
SuSE SUSE-SA:2008:006 2008-02-07
Red Hat RHSA-2007:1049-01 2007-12-03
SuSE SUSE-SA:2007:053 2007-10-12
Debian DSA-1356-1 2007-08-15
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0939-01 2007-11-01
Red Hat RHSA-2007:0940-01 2007-10-22
Red Hat RHSA-2007:0705-01 2007-09-13
SuSE SUSE-SA:2007:051 2007-09-06
Fedora FEDORA-2007-679 2007-09-04
Ubuntu USN-510-1 2007-08-31
Debian DSA-1363-1 2007-08-31
Ubuntu USN-508-1 2007-08-31
Ubuntu USN-509-1 2007-08-31
Fedora FEDORA-2007-1785 2007-08-23
rPath rPSA-2007-0164-1 2007-08-16

Comments (1 posted)

kernel: denial of service vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-4133 CVE-2007-5093
Created:January 12, 2008 Updated:November 20, 2008
Description: The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.

The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 relies on user space to close the device, which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.

Alerts:
CentOS CESA-2008:0972 2008-11-20
Red Hat RHSA-2008:0972-01 2008-11-19
CentOS CESA-2008:0275 2008-05-21
Mandriva MDVSA-2008:105 2007-05-21
Red Hat RHSA-2008:0275-01 2008-05-20
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
Ubuntu USN-574-1 2008-02-04
Mandriva MDVSA-2008:008 2008-01-11

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3104 CVE-2007-3740 CVE-2007-3843 CVE-2007-6063
Created:December 4, 2007 Updated:January 8, 2009
Description: The sysfs_readdir function in the Linux kernel 2.6 allows local users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. (CVE-2007-3104)

The CIFS filesystem, when Unix extension support is enabled, did not honor the umask of a process, which allowed local users to gain privileges.(CVE-2007-3740)

The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. (CVE-2007-6063)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
CentOS CESA-2008:0973 2008-12-17
Red Hat RHSA-2008:0973-03 2008-12-16
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:112 2007-06-12
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Red Hat RHSA-2008:0154-01 2008-03-05
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Red Hat RHSA-2008:0089-01 2008-01-23
Mandriva MDVSA-2008:008 2008-01-11
Debian DSA-1436-1 2007-12-20
Debian DSA-1428-2 2007-12-11
Debian DSA-1428-1 2007-12-10
SuSE SUSE-SA:2007:064 2007-12-04

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5966
Created:December 19, 2007 Updated:February 3, 2010
Description: A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used.
Alerts:
Red Hat RHSA-2010:0079-01 2010-02-02
CentOS CESA-2009:1193 2009-08-05
Red Hat RHSA-2009:1193-01 2009-08-04
Red Hat RHSA-2008:0585-01 2008-08-26
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Debian DSA-1436-1 2007-12-20
rPath rPSA-2007-0269-1 2007-12-18

Comments (none posted)

kernel: arbitrary code execution

Package(s):kernel-source-2.4.27 CVE #(s):CVE-2004-2731
Created:February 25, 2008 Updated:March 6, 2008
Description:

From the Debian advisory:

CVE-2004-2731: infamous41md reported multiple integer overflows in the Sbus PROM driver that would allow for a DoS (Denial of Service) attack by a local user, and possibly the execution of arbitrary code.

Alerts:
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22

Comments (none posted)

kernel: memory corruption

Package(s):kernel-source-2.4.27 CVE #(s):CVE-2006-5753
Created:February 25, 2008 Updated:March 6, 2008
Description:

From the Debian advisory:

CVE-2006-5753: Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad.

Alerts:
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06

Comments (none posted)

kernel: denial of service

Package(s):kernel-source-2.4.27 CVE #(s):CVE-2006-6053
Created:February 25, 2008 Updated:March 6, 2008
Description:

From the Debian advisory:

CVE-2006-6053: LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem.

Alerts:
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06

Comments (none posted)

kernel: denial of service

Package(s):kernel-source-2.4.27 CVE #(s):CVE-2007-2525
Created:February 25, 2008 Updated:March 6, 2008
Description:

From the Debian advisory:

CVE-2007-2525: Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory.

Alerts:
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22

Comments (none posted)

kernel: reduction in random entropy

Package(s):kernel-source-2.4.27 CVE #(s):CVE-2007-4311
Created:February 25, 2008 Updated:March 6, 2008
Description:

From the Debian advisory:

CVE-2007-4311: PaX team discovered an issue in the random driver where a defect in the reseeding code leads to a reduction in entropy.

Alerts:
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
Created:June 27, 2007 Updated:March 24, 2008
Description: David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2442).

David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2443).

Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code (CVE-2007-2798).

Alerts:
Gentoo 200707-11 2007-07-25
SuSE SUSE-SA:2007:038 2007-07-03
Trustix TSLSA-2007-0021 2007-06-29
Fedora FEDORA-2007-0740 2007-06-27
Debian DSA-1323-1 2007-06-28
rPath rPSA-2007-0135-1 2007-06-27
Foresight FLEA-2007-0029-1 2007-06-27
Fedora FEDORA-2007-621 2007-06-28
Fedora FEDORA-2007-620 2007-06-28
Ubuntu USN-477-1 2007-06-26
Red Hat RHSA-2007:0562-01 2007-06-26
Red Hat RHSA-2007:0384-01 2007-06-26
Mandriva MDKSA-2007:137 2007-06-26

Comments (none posted)

krb5: uninitialized pointers

Package(s):krb5 CVE #(s):CVE-2006-6143 CVE-2006-3084
Created:January 10, 2007 Updated:July 7, 2010
Description: The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
Gentoo 200701-21 2007-01-24
Ubuntu USN-408-1 2007-01-15
rPath rPSA-2007-0006-1 2007-01-11
Mandriva MDKSA-2007:008 2006-01-10
SuSE SUSE-SA:2007:004 2007-01-10
OpenPKG OpenPKG-SA-2007.006 2007-01-10
Fedora FEDORA-2007-033 2007-01-09
Fedora FEDORA-2007-034 2007-01-09

Comments (1 posted)

krb5: local privilege escalation

Package(s):krb5 CVE #(s):CVE-2006-3083
Created:August 9, 2006 Updated:July 7, 2010
Description: Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
SuSE SUSE-SR:2006:022 2006-09-08
Gentoo 200608-21 2006-08-23
Ubuntu USN-334-1 2006-08-16
Fedora FEDORA-2006-905 2006-08-09
Mandriva MDKSA-2006:139 2006-09-09
Gentoo 200608-15 2006-08-10
rPath rPSA-2006-0150-1 2006-08-09
Red Hat RHSA-2006:0612-01 2006-08-08
Debian DSA-1146-1 2006-08-09

Comments (none posted)

krb5: buffer overflow, uninitialized pointer

Package(s):krb5 CVE #(s):CVE-2007-3999 CVE-2007-4000
Created:September 4, 2007 Updated:March 24, 2008
Description: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Alerts:
Fedora FEDORA-2008-1017 2008-03-06
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1387 2007-10-15
Gentoo 200710-01 2007-10-04
Red Hat RHSA-2007:0951-01 2007-10-02
Red Hat RHSA-2007:0913-01 2007-09-19
Trustix TSLSA-2007-0026 2007-09-17
Mandriva MDKSA-2007:181 2007-09-12
Gentoo 200709-01 2007-09-11
Ubuntu USN-511-2 2007-09-07
Mandriva MDKSA-2007:174-1 2007-09-07
Fedora FEDORA-2007-694 2007-09-07
Fedora FEDORA-2007-2066 2007-09-07
Debian DSA-1367-2 2007-09-06
Foresight FLEA-2007-0050-1 2007-09-06
Mandriva MDKSA-2007:174 2007-09-06
Red Hat RHSA-2007:0892-01 2007-09-07
rPath rPSA-2007-0179-1 2007-09-06
Ubuntu USN-511-1 2007-09-04
Fedora FEDORA-2007-2017 2007-09-04
Fedora FEDORA-2007-690 2007-09-04
Debian DSA-1368-1 2007-09-04
Debian DSA-1367-1 2007-09-04
Red Hat RHSA-2007:0858-01 2007-09-04

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
Created:April 3, 2007 Updated:March 24, 2008
Description: A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001

Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. MIT krb5 Security Advisory 2007-002

A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. MIT krb5 Security Advisory 2007-003

Alerts:
Mandriva MDKSA-2007:077-1 2007-04-10
Foresight FLEA-2007-0008-1 2007-04-05
SuSE SUSE-SA:2007:025 2007-04-05
Mandriva MDKSA-2007:077 2006-04-04
rPath rPSA-2007-0063-1 2007-04-04
Ubuntu USN-449-1 2007-04-04
Gentoo 200704-02 2007-04-03
Fedora FEDORA-2007-409 2007-04-03
Fedora FEDORA-2007-408 2007-04-03
Debian DSA-1276-1 2007-04-03
Red Hat RHSA-2007:0095-01 2007-04-03

Comments (none posted)

lcms: stack-based buffer overflow

Package(s):lcms CVE #(s):CVE-2007-2741
Created:November 23, 2007 Updated:October 14, 2008
Description: Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Alerts:
Ubuntu USN-652-1 2008-10-14
Mandriva MDKSA-2007:238 2007-12-06
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

lftp: shell command execution

Package(s):lftp CVE #(s):CVE-2007-2348
Created:May 4, 2007 Updated:September 16, 2009
Description: mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Alerts:
CentOS CESA-2009:1278 2009-09-15
Red Hat RHSA-2009:1278-02 2009-09-02
rPath rPSA-2007-0085-1 2007-05-03

Comments (none posted)

libcdio: arbitrary code execution

Package(s):libcdio CVE #(s):CVE-2007-6613
Created:January 21, 2008 Updated:March 7, 2008
Description:

From the Gentoo advisory:

Devon Miller reported a boundary error in the "print_iso9660_recurse()" function in files cd-info.c and iso-info.c when processing long filenames within Joliet images.

A remote attacker could entice a user to open a specially crafted ISO image in the cd-info and iso-info applications, resulting in the execution of arbitrary code with the privileges of the user running the application. Applications linking against shared libraries of libcdio are not affected.

Alerts:
Ubuntu USN-580-1 2008-02-20
SuSE SUSE-SR:2008:005 2008-03-06
Mandriva MDVSA-2008:037 2007-02-07
Gentoo 200801-08 2008-01-20

Comments (1 posted)

libexif: integer overflow

Package(s):libexif CVE #(s):CVE-2007-6352
Created:December 19, 2007 Updated:October 15, 2008
Description: From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash.
Alerts:
Ubuntu USN-654-1 2008-10-14
Debian DSA-1487-1 2008-02-08
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:005 2007-01-09
rPath rPSA-2008-0006-1 2008-01-04
Fedora FEDORA-2007-4667 2007-12-20
Gentoo 200712-15 2007-12-29
Fedora FEDORA-2007-4608 2007-12-20
Red Hat RHSA-2007:1165-01 2007-12-19
Red Hat RHSA-2007:1166-01 2007-12-19

Comments (none posted)

libexif: denial of service

Package(s):libexif CVE #(s):CVE-2007-6351
Created:December 19, 2007 Updated:October 15, 2008
Description: From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to crash.
Alerts:
Ubuntu USN-654-1 2008-10-14
Debian DSA-1487-1 2008-02-08
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:005 2007-01-09
rPath rPSA-2008-0006-1 2008-01-04
Gentoo 200712-15 2007-12-29
Fedora FEDORA-2007-4667 2007-12-20
Red Hat RHSA-2007:1165-01 2007-12-19
Fedora FEDORA-2007-4608 2007-12-20

Comments (none posted)

libgd2: buffer overflow

Package(s):libgd2 CVE #(s):CVE-2007-3996
Created:December 19, 2007 Updated:October 13, 2009
Description: The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code.
Alerts:
Mandriva MDVSA-2009:264 2009-10-09
Ubuntu USN-720-1 2009-02-12
Debian DSA-1613-1 2008-07-22
SuSE SUSE-SA:2008:004 2008-01-29
Red Hat RHSA-2007:0891-01 2007-10-25
Red Hat RHSA-2007:0917-01 2007-10-23
Ubuntu USN-557-1 2007-12-18

Comments (none posted)

libmodplug: boundary errors

Package(s):libmodplug CVE #(s):CVE-2006-4192
Created:December 11, 2006 Updated:May 4, 2011
Description: Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the "CSoundFile::ReadSample()" function in sndfile.cpp. A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:
CentOS CESA-2011:0477 2011-05-04
Red Hat RHSA-2011:0477-01 2011-05-02
Ubuntu USN-521-1 2007-09-27
Mandriva MDKSA-2007:001 2007-01-02
Gentoo 200612-04 2006-12-10

Comments (none posted)

libphp-phpmailer: command execution

Package(s):libphp-phpmailer CVE #(s):CVE-2007-3215
Created:June 20, 2007 Updated:June 25, 2009
Description: libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks.
Alerts:
Ubuntu USN-791-1 2009-06-24
Debian DSA-1315-1 2007-06-19

Comments (none posted)

libpng: several vulnerabilities

Package(s):libpng CVE #(s):CVE-2007-5266 CVE-2007-5267 CVE-2007-5268 CVE-2007-5269
Created:October 19, 2007 Updated:March 23, 2009
Description: Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. (CVE-2007-5269)

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. (CVE-2007-5268)

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. (CVE-2007-5267)

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. (CVE-2007-5266)

Alerts:
Debian DSA-1750-1 2009-03-22
Ubuntu USN-730-1 2009-03-06
Fedora FEDORA-2008-3979 2008-05-28
SuSE SUSE-SR:2007:025 2007-12-05
Slackware SSA:2007-325-01 2007-11-21
Slackware SSA:2007-325-01a 2007-11-22
Mandriva MDKSA-2007:217 2007-11-13
Foresight FLEA-2007-0065-1 2007-11-11
Gentoo 200711-08 2007-11-07
Fedora FEDORA-2007-734 2007-11-05
Ubuntu USN-538-1 2007-10-25
Red Hat RHSA-2007:0992-01 2007-10-23
Fedora FEDORA-2007-2521 2007-10-24
Fedora FEDORA-2007-2666 2007-10-24
rPath rPSA-2007-0219-1 2007-10-18
Oracle ELSA-2012-0317 2012-02-21
Gentoo 201209-25 2012-09-29

Comments (none posted)

libpng: denial of service

Package(s):libpng CVE #(s):CVE-2007-2445
Created:May 17, 2007 Updated:March 23, 2009
Description: Libpng can be crashed when processing malformed PNG files. It may also be possible to exploit this vulnerability to execute arbitrary code.
Alerts:
Debian DSA-1750-1 2009-03-22
Debian DSA-1613-1 2008-07-22
Fedora FEDORA-2008-3979 2008-05-28
Ubuntu USN-472-1 2007-06-11
Mandriva MDKSA-2007:116 2007-06-05
Gentoo 200705-24 2007-05-31
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-529 2007-05-24
Fedora FEDORA-2007-528 2007-05-24
Red Hat RHSA-2007:0356-01 2007-05-17
OpenPKG OpenPKG-SA-2007.013 2007-05-18
Foresight FLEA-2007-0018-1 2007-05-17
Slackware SSA:2007-136-01 2007-05-17
rPath rPSA-2007-0102-1 2007-05-16
Oracle ELSA-2012-0317 2012-02-21

Comments (none posted)

libpng: buffer overflow

Package(s):libpng CVE #(s):CVE-2006-3334
Created:July 19, 2006 Updated:December 15, 2008
Description: In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:
Gentoo 200812-15 2008-12-14
Mandriva MDKSA-2006:213 2006-11-16
rPath rPSA-2006-0133-1 2006-07-19
Gentoo 200607-06 2006-07-19

Comments (none posted)

libpng: heap based buffer overflow

Package(s):libpng CVE #(s):CVE-2006-0481
Created:February 13, 2006 Updated:December 15, 2008
Description: A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim.
Alerts:
Gentoo 200812-15 2008-12-14
Red Hat RHSA-2006:0205-01 2006-02-13

Comments (1 posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
CentOS CESA-2008:0848 2008-08-30
Red Hat RHSA-2008:0848-01 2008-08-28
Fedora FEDORA-2006-952 2006-09-05
SuSE SUSE-SA:2006:044 2006-08-01
Gentoo 200607-03 2006-07-09
SuSE SUSE-SR:2006:014 2006-06-20
Trustix TSLSA-2006-0036 2006-06-16
Mandriva MDKSA-2006:102 2006-06-14

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:August 19, 2009
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

liferea: weak permissions

Package(s):liferea CVE #(s):CVE-2007-5751
Created:November 2, 2007 Updated:December 22, 2008
Description: Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-3249 2008-04-22
Fedora FEDORA-2008-3283 2008-04-22
Fedora FEDORA-2008-2682 2008-03-26
Fedora FEDORA-2008-2662 2008-03-26
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2007-3701 2007-11-29
Fedora FEDORA-2007-3733 2007-11-29
Fedora FEDORA-2007-2853 2007-11-06
Fedora FEDORA-2007-2725 2007-11-01

Comments (1 posted)

lighttpd: denial of service

Package(s):lighttpd CVE #(s):CVE-2008-0983
Created:February 29, 2008 Updated:July 15, 2008
Description: From the CVE entry: lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Alerts:
Debian DSA-1609-1 2008-07-15
SuSE SUSE-SR:2008:008 2008-04-04
rPath rPSA-2008-0084-1 2008-02-28
Fedora FEDORA-2008-2262 2008-03-06
Fedora FEDORA-2008-2278 2008-03-06
Gentoo 200803-10 2008-03-05

Comments (none posted)

lighttpd: denial of service

Package(s):lighttpd CVE #(s):CVE-2007-3946 CVE-2007-3947 CVE-2007-3948 CVE-2007-3949 CVE-2007-3950
Created:July 19, 2007 Updated:July 15, 2008
Description: The lighttpd web server has multiple vulnerabilities involving a remote access-control setting circumvention that is performed by the sending of malformed requests. This can be used to crash the server and cause a denial of service.
Alerts:
Debian DSA-1609-1 2008-07-15
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1362 2007-08-29
Gentoo 200708-11 2007-08-16
Fedora FEDORA-2007-1299 2007-07-26
Foresight FLEA-2007-0034-1 2007-07-26
rPath rPSA-2007-0145-1 2007-07-19

Comments (none posted)

kernel: several vulnerabilities

Package(s):linux-2.6 CVE #(s):CVE-2007-2878 CVE-2007-6151
Created:January 29, 2008 Updated:January 8, 2009
Description: From the Debian advisory: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data.
Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
SuSE SUSE-SA:2008:032 2008-07-07
Mandriva MDVSA-2008:112 2007-06-12
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Mandriva MDVSA-2008:086 2008-04-15
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:007 2008-02-12
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Debian DSA-1479 2008-01-29

Comments (none posted)

kernel: local root privilege escalation

Package(s):linux-2.6 CVE #(s):CVE-2008-0010 CVE-2008-0600
Created:February 11, 2008 Updated:June 23, 2008
Description:

From the Debian advisory:

The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges (CVE-2008-0010, CVE-2008-0600).

Alerts:
SuSE SUSE-SA:2008:030 2008-06-20
Fedora FEDORA-2008-4043 2008-05-17
Fedora FEDORA-2008-3873 2008-05-14
SuSE SUSE-SA:2008:013 2008-03-06
Ubuntu USN-577-1 2008-02-12
Slackware SSA:2008-042-01 2008-02-13
rPath rPSA-2008-0052-1 2008-02-12
Red Hat RHSA-2008:0129-01 2008-02-12
Fedora FEDORA-2008-1433 2008-02-13
Fedora FEDORA-2008-1629 2008-02-13
Debian DSA-1494-2 2008-02-12
SuSE SUSE-SA:2008:007 2008-02-12
Mandriva MDVSA-2008:044 2008-02-12
Mandriva MDVSA-2008:043 2007-02-11
Debian DSA-1494-1 2008-02-11
Fedora FEDORA-2008-1423 2008-02-11
Fedora FEDORA-2008-1422 2008-02-11

Comments (1 posted)

kernel: information leak, denial of service

Package(s):linux-2.6 CVE #(s):CVE-2007-6206 CVE-2007-6417
Created:December 21, 2007 Updated:September 1, 2010
Description: Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417)

Alerts:
SUSE SUSE-SA:2010:036 2010-09-01
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0885 2008-09-25
Red Hat RHSA-2008:0885-01 2008-09-24
SuSE SUSE-SA:2008:032 2008-07-07
SuSE SUSE-SA:2008:030 2008-06-20
Mandriva MDVSA-2008:112 2007-06-12
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Mandriva MDVSA-2008:086 2008-04-15
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:007 2008-02-12
Mandriva MDVSA-2008:044 2008-02-12
rPath rPSA-2008-0048-1 2008-02-08
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Red Hat RHSA-2008:0089-01 2008-01-23
Debian DSA-1436-1 2007-12-20

Comments (none posted)

vmware-player-kernel: several vulnerabilities

Package(s):linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 CVE #(s):CVE-2007-0061 CVE-2007-0062 CVE-2007-0063 CVE-2007-4496 CVE-2007-4497
Created:November 16, 2007 Updated:March 13, 2009
Description: Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)

Rafal Wojtczvk discovered multiple memory corruption issues in VMWare Player. Attackers with administrative privileges in a guest operating system could cause a denial of service or possibly execute arbitrary code on the host operating system. (CVE-2007-4496, CVE-2007-4497)

Alerts:
rPath rPSA-2009-0041-1 2009-03-12
SuSE SUSE-SR:2009:005 2009-03-02
Gentoo 200808-05 2008-08-06
Gentoo 200711-23 2007-11-18
Ubuntu USN-543-1 2007-11-15

Comments (none posted)

lynx: arbitrary command execution

Package(s):lynx CVE #(s):CVE-2005-2929
Created:November 14, 2005 Updated:September 14, 2009
Description: An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx.
Alerts:
Gentoo 200909-15 2009-09-12
Fedora-Legacy FLSA:152832 2005-12-17
OpenPKG OpenPKG-SA-2005.026 2005-12-03
Fedora FEDORA-2005-1079 2005-11-14
Fedora FEDORA-2005-1078 2005-11-14
Gentoo 200511-09 2005-11-13
Mandriva MDKSA-2005:211 2005-11-12
Red Hat RHSA-2005:839-01 2005-11-11

Comments (none posted)

mailman: cross-site scripting

Package(s):mailman CVE #(s):CVE-2008-0564
Created:February 13, 2008 Updated:April 15, 2011
Description:

From the Red Hat bugzilla entry:

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.

Alerts:
CentOS CESA-2011:0307 2011-04-14
CentOS CESA-2011:0307 2011-03-02
Red Hat RHSA-2011:0307-01 2011-03-01
SuSE SUSE-SR:2008:017 2008-08-29
Ubuntu USN-586-1 2008-03-15
Fedora FEDORA-2008-1334 2008-02-13
Fedora FEDORA-2008-1356 2008-02-13
rPath rPSA-2008-0056-1 2008-02-15
Mandriva MDVSA-2008:061 2007-03-06

Comments (none posted)

mapserver: multiple cross-site scripting vulnerabilities

Package(s):mapserver CVE #(s):CVE-2007-4542 CVE-2007-4629
Created:September 5, 2007 Updated:April 7, 2008
Description:

CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.

Alerts:
Debian DSA-1539-1 2008-04-04
Fedora FEDORA-2007-2018 2007-09-04

Comments (none posted)

mod_jk: proxy bypass

Package(s):mod_jk CVE #(s):CVE-2007-1860
Created:May 30, 2007 Updated:March 7, 2008
Description: From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside Apache httpd and forwarded the encoded URL to Tomcat, which itself did a second decoding. If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content."
Alerts:
SuSE SUSE-SR:2008:005 2008-03-06
Gentoo 200708-15 2007-08-19
Debian DSA-1312-1 2007-06-18
Red Hat RHSA-2007:0380-01 2007-05-30
Red Hat RHSA-2007:0379-01 2007-05-30

Comments (none posted)

moin: arbitrary JavaScript execution

Package(s):moin CVE #(s):CVE-2007-2423
Created:May 8, 2007 Updated:March 10, 2008
Description: A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
Alerts:
Debian DSA-1514-1 2008-03-09
Ubuntu USN-458-1 2007-05-07

Comments (none posted)

moin: multiple XSS vulnerabilities

Package(s):moin CVE #(s):CVE-2008-0780 CVE-2008-0781
Created:February 21, 2008 Updated:June 18, 2009
Description: moin has cross site scripting vulnerabilities in the login action and the AttachFile action.
Alerts:
Fedora FEDORA-2009-6557 2009-06-18
Fedora FEDORA-2009-6559 2009-06-18
Fedora FEDORA-2009-3868 2009-04-21
Fedora FEDORA-2009-3845 2009-04-21
Ubuntu USN-716-1 2009-01-30
Gentoo 200803-27 2008-03-18
Debian DSA-1514-1 2008-03-09
Fedora FEDORA-2008-1880 2008-02-21
Fedora FEDORA-2008-1905 2008-02-21

Comments (none posted)

mono: arbitrary code execution via integer overflow

Package(s):mono CVE #(s):CVE-2007-5197
Created:November 6, 2007 Updated:December 7, 2009
Description:

From the Debian advisory: An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.

Alerts:
Mandriva MDVSA-2009:322 2009-12-07
Fedora FEDORA-2007-745 2007-11-15
Ubuntu USN-553-1 2007-12-04
Mandriva MDKSA-2007:218 2007-11-14
Fedora FEDORA-2007-3130 2007-11-09
Gentoo 200711-10 2007-11-07
Fedora FEDORA-2007-2969 2007-11-08
Debian DSA-1397-1 2007-11-03

Comments (none posted)

moodle: cross-site scripting

Package(s):moodle CVE #(s):CVE-2008-0123
Created:January 16, 2008 Updated:November 12, 2008
Description: Moodle suffers from a cross-site scripting vulnerability which is only open during the install process.
Alerts:
Fedora FEDORA-2008-9502 2008-11-08
SuSE SUSE-SR:2008:003 2008-02-07
Fedora FEDORA-2008-0627 2008-01-15

Comments (none posted)

moodle: cross-site scripting

Package(s):moodle CVE #(s):CVE-2007-3555
Created:August 7, 2007 Updated:December 22, 2008
Description: A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter.
Alerts:
Debian DSA-1691-1 2008-12-22
Fedora FEDORA-2008-0610 2008-01-15
Fedora FEDORA-2007-1445 2007-08-06

Comments (none posted)

mozilla: multiple vulnerabilities

Package(s):mozilla CVE #(s):
Created:February 13, 2008 Updated:July 29, 2008
Description:
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
  Upgraded to firefox-2.0.0.12.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabil...
  (* Security fix *)
patches/packages/seamonkey-1.1.8-i486-1_slack12.0.tgz:
  Upgraded to seamonkey-1.1.8.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabil...
  (* Security fix *)
+--------------------------+
Alerts:
Slackware SSA:2008-210-05 2008-07-29
Slackware SSA:2008-043-01 2008-02-13

Comments (none posted)

mplayer: buffer overflow

Package(s):mplayer CVE #(s):CVE-2007-1246
Created:March 8, 2007 Updated:April 1, 2008
Description: MPlayer versions up to 1.0rc1 have a buffer overflow in the loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function. user-assisted remote attackers can use this to create a buffer overflow and possibly execute arbitrary code.
Alerts:
Debian DSA-1536-1 2008-03-31
Gentoo 200705-21 2007-05-30
Foresight FLEA-2007-0013-1 2007-04-23
Slackware SSA:2007-109-02 2007-04-20
Gentoo 200704-09 2007-04-14
Ubuntu USN-433-1 2007-03-09
Mandriva MDKSA-2007:057 2007-03-08
Mandriva MDKSA-2007:055 2007-03-08

Comments (none posted)

mplayer: multiple vulnerabilities

Package(s):mplayer CVE #(s):CVE-2008-0485 CVE-2008-0486 CVE-2008-0629 CVE-2008-0630
Created:February 13, 2008 Updated:August 7, 2008
Description:

From the Debian advisory:

Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0485: Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.

CVE-2008-0486: Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.

CVE-2008-0629: Adam Bozanich discovered a buffer overflow in the CDDB access code.

CVE-2008-0630: Adam Bozanich discovered a buffer overflow in URL parsing.

Alerts:
Ubuntu USN-635-1 2008-08-06
Debian DSA-1536-1 2008-03-31
Gentoo 200802-12 2008-02-26
Mandriva MDVSA-2008:045 2007-02-14
SuSE SUSE-SR:2008:006 2008-03-14
Gentoo 200803-16 2008-03-10
Mandriva MDVSA-2008:046-1 2007-02-20
Mandriva MDVSA-2008:046 2007-02-15
Fedora FEDORA-2008-1543 2008-02-13
Fedora FEDORA-2008-1581 2008-02-13
Debian DSA-1496-1 2008-02-12

Comments (none posted)

mt-daapd: multiple vulnerabilities

Package(s):mt-daapd CVE #(s):CVE-2007-5825 CVE-2007-5824
Created:December 31, 2007 Updated:September 1, 2008
Description: From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824).
Alerts:
Debian DSA-1597-2 2008-08-30
Debian DSA-1597-1 2008-06-12
Gentoo 200712-18 2007-12-29

Comments (none posted)

mysql: denial of service

Package(s):mysql CVE #(s):CVE-2007-1420
Created:March 22, 2007 Updated:May 21, 2008
Description: MySQL subselect queries using "ORDER BY" can be used by an attacker with access to a MySQL instance in order to create an intermittent denial of service.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Mandriva MDKSA-2007:139 2007-07-04
rPath rPSA-2007-0107-1 2007-05-23
Gentoo 200705-11 2007-05-08
Ubuntu USN-440-1 2007-03-21

Comments (none posted)

mysql: format string bug

Package(s):mysql CVE #(s):CVE-2006-3469
Created:July 21, 2006 Updated:July 30, 2008
Description: Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Slackware SSA:2006-211-01 2006-07-31
Ubuntu USN-321-1 2006-07-21

Comments (none posted)

MySQL: privilege violations

Package(s):mysql CVE #(s):CVE-2006-4031 CVE-2006-4226
Created:August 25, 2006 Updated:July 30, 2008
Description: MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031).

MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Red Hat RHSA-2007:0152-01 2007-04-03
Red Hat RHSA-2007:0083-01 2007-02-19
Fedora FEDORA-2006-1298 2006-11-27
Fedora FEDORA-2006-1297 2006-11-27
Ubuntu USN-338-1 2006-09-05
Mandriva MDKSA-2006:149 2006-08-24

Comments (none posted)

mysql: privilege escalation

Package(s):mysql CVE #(s):CVE-2007-6303
Created:December 19, 2007 Updated:April 7, 2008
Description: From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Alerts:
Gentoo 200804-04 2008-04-06
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:017 2008-01-19
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4465 2007-12-15
Fedora FEDORA-2007-4471 2007-12-15

Comments (none posted)

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-274-2 2006-05-15
Ubuntu USN-274-1 2006-04-27
Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

MySQL: privilege escalation

Package(s):MySQL CVE #(s):CVE-2007-3781 CVE-2007-5969
Created:December 11, 2007 Updated:May 21, 2008
Description: MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781)

Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Gentoo 200804-04 2008-04-06
SuSE SUSE-SR:2008:003 2008-02-07
rPath rPSA-2008-0018-1 2008-01-17
Debian DSA-1451-1 2008-01-06
Ubuntu USN-559-1 2007-12-21
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4471 2007-12-15
Fedora FEDORA-2007-4465 2007-12-15
Red Hat RHSA-2007:1155-01 2007-12-18
Mandriva MDKSA-2007:243 2007-12-10

Comments (none posted)

mysql-dfsg: multiple vulnerabilities

Package(s):mysql-dfsg CVE #(s):CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3782
Created:November 27, 2007 Updated:July 30, 2008
Description: The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691)

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (CVE-2007-2692)

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. (CVE-2007-3782)

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:028 2007-01-29
Debian DSA-1413-1 2007-11-26

Comments (none posted)

mysql: denial of service

Package(s):mysql-dfsg-5.0 CVE #(s):CVE-2007-6304
Created:December 21, 2007 Updated:April 7, 2008
Description: Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service.
Alerts:
Gentoo 200804-04 2008-04-06
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:028 2007-01-29
Mandriva MDVSA-2008:017 2008-01-19
Debian DSA-1451-1 2008-01-06
Ubuntu USN-559-1 2007-12-21

Comments (none posted)

mysql: buffer overflows

Package(s):mysql-dfsg-5.0 CVE #(s):CVE-2008-0226 CVE-2008-0227
Created:January 29, 2008 Updated:July 21, 2008
Description: From the Debian advisory: Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code.
Alerts:
Mandriva MDVSA-2008:150 2007-07-19
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
rPath rPSA-2008-0040-1 2008-02-05
Debian DSA-1478-1 2008-01-28

Comments (none posted)

nagios: cross-site scripting

Package(s):nagios CVE #(s):CVE-2007-5624
Created:December 7, 2007 Updated:September 14, 2009
Description: Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
Alerts:
Debian DSA-1883-2 2009-09-14
Debian DSA-1883-1 2009-09-10
SuSE SUSE-SR:2008:011 2008-05-09
Mandriva MDVSA-2008:067 2008-03-18
Fedora FEDORA-2007-4145 2007-12-06
Fedora FEDORA-2007-4123 2007-12-06

Comments (none posted)

nagios-plugins: buffer overflow

Package(s):nagios-plugins CVE #(s):CVE-2007-5198
Created:October 23, 2007 Updated:April 17, 2008
Description: Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10 allows remote web servers to execute arbitrary code via long Location header responses (redirects).
Alerts:
Fedora FEDORA-2008-3061 2008-04-17
Fedora FEDORA-2008-3098 2008-04-17
Fedora FEDORA-2008-3146 2008-04-17
Mandriva MDVSA-2008:067 2008-03-18
Debian DSA-1495-2 2008-02-17
Debian DSA-1495-1 2008-02-12
SuSE SUSE-SR:2007:025 2007-12-05
Ubuntu USN-532-1 2007-10-22

Comments (none posted)

nagios-plugins: check_snmp buffer overflow

Package(s):nagios-plugins CVE #(s):CVE-2007-5623
Created:November 2, 2007 Updated:April 17, 2008
Description: Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
Alerts:
Fedora FEDORA-2008-3061 2008-04-17
Fedora FEDORA-2008-3146 2008-04-17
Mandriva MDVSA-2008:067 2008-03-18
Debian DSA-1495-2 2008-02-17
Debian DSA-1495-1 2008-02-12
SuSE SUSE-SR:2007:025 2007-12-05
Gentoo 200711-11 2007-11-08
Fedora FEDORA-2007-2876 2007-11-06
Fedora FEDORA-2007-2713 2007-11-01

Comments (none posted)

nbd: arbitrary code execution

Package(s):nbd CVE #(s):CVE-2005-3534
Created:January 6, 2006 Updated:March 7, 2011
Description: Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Alerts:
SuSE SUSE-SR:2006:001 2006-01-13
Ubuntu USN-237-1 2006-01-06

Comments (none posted)

ncompress: buffer underflow

Package(s):ncompress CVE #(s):CVE-2006-1168
Created:August 10, 2006 Updated:February 21, 2012
Description: The ncompress compression utility has a missing boundary check. A local user can use a maliciously created file to cause a a .bss buffer underflow.
Alerts:
Gentoo 200610-03 2006-10-06
Red Hat RHSA-2006:0663-01 2006-09-12
Mandriva MDKSA-2006:140 2006-08-09
Debian DSA-1149-1 2006-08-10
Red Hat RHSA-2012:0308-03 2012-02-21
Scientific Linux SL-busy-20120321 2012-03-21
Red Hat RHSA-2012:0810-04 2012-06-20
Scientific Linux SL-busy-20120709 2012-07-09
Mageia MGASA-2012-0171 2012-07-19
Mandriva MDVSA-2012:129 2012-08-10
Mandriva MDVSA-2012:129-1 2012-08-10

Comments (none posted)

netpbm: buffer overflow

Package(s):netpbm CVE #(s):CVE-2008-0554
Created:February 8, 2008 Updated:November 7, 2008
Description: From the Mandriva advisory: A buffer overflow in the giftopnm utility in netpbm prior to version 10.27 could allow attackers to have an unknown impact via a specially crafted GIF file.
Alerts:
Ubuntu USN-665-1 2008-11-06
Debian DSA-1579-1 2008-05-18
Red Hat RHSA-2008:0131-01 2008-02-28
Debian DSA-1493-1 2008-02-10
Mandriva MDVSA-2008:039 2008-02-07

Comments (none posted)

nginx: cross site scripting

Package(s):nginx CVE #(s):
Created:July 20, 2007 Updated:September 14, 2009
Description: Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. The "msie_refresh" directive could allow cross site scripting.
Alerts:
Fedora FEDORA-2007-1158 2007-07-19

Comments (none posted)

nss_ldap: credential or other information disclosure

Package(s):nss_ldap CVE #(s):CVE-2007-5794
Created:November 26, 2007 Updated:July 30, 2008
Description:

From the Gentoo advisory:

Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process.

Alerts:
Red Hat RHSA-2008:0715-01 2008-07-24
Red Hat RHSA-2008:0389-02 2008-05-21
Mandriva MDVSA-2008:049 2007-02-25
Foresight FLEA-2008-0003-1 2008-02-11
SuSE SUSE-SR:2008:003 2008-02-07
Debian DSA-1430-1 2007-12-11
rPath rPSA-2007-0255-1 2007-11-30
Gentoo 200711-33 2007-11-25

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2008-0658
Created:February 13, 2008 Updated:July 3, 2008
Description:

From the rPath advisory:

Previous versions of the openldap package are vulnerable to a Denial of Service attack in which authenticated users can crash the slapd server.

Alerts:
Fedora FEDORA-2008-6029 2008-07-03
SuSE SUSE-SR:2008:010 2008-04-25
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Mandriva MDVSA-2008:058 2007-03-05
Fedora FEDORA-2008-1568 2008-02-13
Fedora FEDORA-2008-1616 2008-02-13
rPath rPSA-2008-0059-1 2008-02-12
Ubuntu USN-584-1 2008-03-05
Red Hat RHSA-2008:0110-01 2008-02-21

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-6698
Created:February 8, 2008 Updated:April 25, 2008
Description: From the CVE entry: The BDB backend for slapd in OpenLDAP before 2.3.36, allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
Alerts:
SuSE SUSE-SR:2008:010 2008-04-25
Debian DSA-1541-1 2008-04-08
Mandriva MDVSA-2008:058 2007-03-05
Fedora FEDORA-2008-1616 2008-02-13
rPath rPSA-2008-0059-1 2008-02-12
Ubuntu USN-584-1 2008-03-05
Red Hat RHSA-2008:0110-01 2008-02-21
Fedora FEDORA-2008-1307 2008-02-05

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5707
Created:November 8, 2007 Updated:April 9, 2008
Description: The OpenLDAP Lightweight Directory Access Protocol suite has a problem with handling of malformed objectClasses LDAP attributes by the slapd daemon. Both local and remote attackers can use this to crash slapd, causing a denial of service.
Alerts:
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Ubuntu USN-551-1 2007-12-04
Fedora FEDORA-2007-3124 2007-11-20
SuSE SUSE-SR:2007:024 2007-11-22
Red Hat RHSA-2007:1038-01 2007-11-15
Fedora FEDORA-2007-741 2007-11-15
Fedora FEDORA-2007-2796 2007-11-09
Mandriva MDKSA-2007:215 2007-11-08
Red Hat RHSA-2007:1037-01 2007-11-08

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5708
Created:November 23, 2007 Updated:April 9, 2008
Description: slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
Alerts:
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Mandriva MDVSA-2008:058 2007-03-05
Ubuntu USN-551-1 2007-12-04
Fedora FEDORA-2007-3124 2007-11-20
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

OpenOffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-0245
Created:June 13, 2007 Updated:June 12, 2008
Description: A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
rPath rPSA-2007-0160-1 2007-08-14
Ubuntu USN-482-1 2007-07-10
Mandriva MDKSA-2007:144 2007-07-10
Gentoo 200707-02 2007-07-02
SuSE SUSE-SA:2007:037 2007-06-28
Fedora FEDORA-2007-606 2007-06-25
Fedora FEDORA-2007-0410 2007-06-13
Fedora FEDORA-2007-572 2007-06-12
Red Hat RHSA-2007:0406-01 2007-06-13
Debian DSA-1307-1 2007-06-12

Comments (none posted)

openoffice.org: arbitrary code execution via TIFF images

Package(s):openoffice.org CVE #(s):CVE-2007-2834
Created:September 17, 2007 Updated:June 12, 2008
Description: A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
Gentoo 200710-24 2007-10-23
Ubuntu USN-524-1 2007-10-04
Fedora FEDORA-2007-2372 2007-10-03
SuSE SUSE-SA:2007:052 2007-09-21
Mandriva MDKSA-2007:186 2007-09-17
rPath rPSA-2007-0189-1 2007-09-18
Foresight FLEA-2007-0056-1 2007-09-18
Fedora FEDORA-2007-700 2007-09-18
Red Hat RHSA-2007:0848-01 2007-09-18
Debian DSA-1375-1 2007-09-17

Comments (none posted)

openoffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-4575
Created:December 5, 2007 Updated:September 10, 2008
Description:

From the OpenOffice advisory:

A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.

Alerts:
Fedora FEDORA-2008-7531 2008-09-05
Fedora FEDORA-2008-5247 2008-06-11
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
Ubuntu USN-609-1 2008-05-06
Mandriva MDVSA-2008:095 2008-05-02
Fedora FEDORA-2008-3251 2008-04-22
Red Hat RHSA-2008:0158-01 2008-03-24
Gentoo 200712-25 2007-12-30
SuSE SUSE-SA:2007:067 2007-12-11
Fedora FEDORA-2007-4172 2007-12-06
Red Hat RHSA-2007:1090-01 2007-12-05
Fedora FEDORA-2007-762 2007-12-07
Fedora FEDORA-2007-4120 2007-12-06
Red Hat RHSA-2007:1048-01 2007-12-05
Debian DSA-1419-1 2007-12-05

Comments (none posted)

openssh: remote denial of service

Package(s):openssh CVE #(s):CVE-2006-4924 CVE-2006-5051
Created:September 27, 2006 Updated:September 17, 2008
Description: Openssh 4.4 fixes some security issues, including a pre-authentication denial of service, an unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.
Alerts:
Debian DSA-1638-1 2008-09-16
Debian DSA-1212-1 2006-11-15
Fedora FEDORA-2006-1011 2006-10-03
Debian DSA-1189-1 2006-10-04
Mandriva MDKSA-2006:179 2006-10-03
Ubuntu USN-355-1 2006-10-02
OpenPKG OpenPKG-SA-2006.022 2006-10-01
Slackware SSA:2006-272-02 2006-09-29
Red Hat RHSA-2006:0698-01 2006-09-28
Red Hat RHSA-2006:0697-01 2006-09-28
Gentoo 200609-17:02 2006-09-27
rPath rPSA-2006-0174-1 2006-09-27
Gentoo 200609-17 2006-09-27

Comments (none posted)

openssl: off-by-one error

Package(s):openssl CVE #(s):CVE-2007-4995
Created:October 23, 2007 Updated:May 13, 2008
Description: Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f and 0.9.7 allows remote attackers to execute arbitrary code via unspecified vectors.
Alerts:
Debian DSA-1571-1 2008-05-13
Mandriva MDKSA-2007:237 2007-12-04
Gentoo 200710-30:02 2007-10-27
Ubuntu USN-534-1 2007-10-22

Comments (none posted)

openssl: off-by-one error

Package(s):openssl CVE #(s):CVE-2007-5135
Created:October 3, 2007 Updated:July 31, 2008
Description: From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.
Alerts:
rPath rPSA-2008-0241-1 2008-07-30
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2007:1003-02 2007-11-15
Red Hat RHSA-2007:0813-01 2007-10-22
Fedora FEDORA-2007-2530 2007-10-18
Fedora FEDORA-2007-725 2007-10-15
SuSE SUSE-SR:2007:020 2007-10-12
Red Hat RHSA-2007:0964-01 2007-10-12
Debian DSA-1379-2 2007-10-10
Gentoo 200710-06 2007-10-07
Mandriva MDKSA-2007:193 2007-10-04
rPath rPSA-2007-0206-1 2007-10-03
Foresight FLEA-2007-0058-1 2007-10-03
Debian DSA-1379 2007-10-02

Comments (none posted)

openssl: private key attack

Package(s):openssl CVE #(s):CVE-2007-3108
Created:August 7, 2007 Updated:May 13, 2008
Description: OpenSSL could allow a local user in certain circumstances to divulge information about private keys being used.
Alerts:
Debian DSA-1571-1 2008-05-13
Red Hat RHSA-2007:1003-02 2007-11-15
Ubuntu USN-522-1 2007-09-29
rPath rPSA-2007-0199-1 2007-09-25
Fedora FEDORA-2007-661 2007-08-13
Foresight FLEA-2007-0043-1 2007-08-13
rPath rPSA-2007-0155-1 2007-08-10
Fedora FEDORA-2007-1444 2007-08-06

Comments (none posted)

opera: several vulnerabilities

Package(s):opera CVE #(s):CVE-2008-1080 CVE-2008-1081 CVE-2008-1082
Created:February 29, 2008 Updated:March 5, 2008
Description: Opera version 9.26 fixes: an issue where simulated text inputs could trick users into uploading arbitrary files, image properties can no longer be used to execute scripts, and an issue where the representation of DOM attribute values could allow cross site scripting.
Alerts:
Gentoo 200803-09 2008-03-04
SuSE SUSE-SA:2008:011 2008-02-29

Comments (none posted)

pcre: CVE consolidation

Package(s):pcre CVE #(s):CVE-2005-4872 CVE-2006-7227 CVE-2006-7224
Created:November 15, 2007 Updated:May 13, 2008
Description: PCRE has flaws in the way it handles malformed regular expressions. If an application linked against PCRE, such as Konqueror, encounters a maliciously created regular expression, it may be possible to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227 have been combined into CVE-2006-7224.
Alerts:
Gentoo 200805-11 2008-05-12
Debian DSA-1570-1 2008-05-06
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
Gentoo 200711-30 2007-11-20
SuSE SUSE-SA:2007:062 2007-11-23
Red Hat RHSA-2007:1052-02 2007-11-15

Comments (5 posted)

pcre: two arbitrary code execution vulnerabilities

Package(s):pcre CVE #(s):CVE-2007-1659 CVE-2007-1660
Created:November 6, 2007 Updated:July 16, 2008
Description: Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2007-1659, CVE-2007-1660)
Alerts:
Red Hat RHSA-2008:0546-01 2008-07-16
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
SuSE SUSE-SR:2007:025 2007-12-05
Red Hat RHSA-2007:1065-01 2007-11-29
Red Hat RHSA-2007:1068-01 2007-11-29
Red Hat RHSA-2007:1063-01 2007-11-29
Gentoo 200711-30 2007-11-20
Ubuntu USN-547-1 2007-11-27
SuSE SUSE-SA:2007:062 2007-11-23
Foresight FLEA-2007-0064-1 2007-11-11
Mandriva MDKSA-2007:213 2007-11-08
Mandriva MDKSA-2007:212 2007-11-08
Mandriva MDKSA-2007:211 2007-11-08
rPath rPSA-2007-0231-1 2007-11-06
Debian DSA-1399-1 2007-11-05
Red Hat RHSA-2007:0968-01 2007-11-05
Red Hat RHSA-2007:0967-01 2007-11-05

Comments (none posted)

pcre: buffer overflows in library

Package(s):pcre CVE #(s):CVE-2006-7228 CVE-2006-7230 CVE-2007-1661 CVE-2007-4766 CVE-2007-4767
Created:November 23, 2007 Updated:July 16, 2008
Description: Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application.
Alerts:
Red Hat RHSA-2008:0546-01 2008-07-16
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Gentoo 200802-10 2008-02-23
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
Mandriva MDVSA-2008:012 2008-01-14
Red Hat RHSA-2007:1077-01 2007-12-10
Debian DSA-1399-1 2007-11-05
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1065-01 2007-11-29
Red Hat RHSA-2007:1068-01 2007-11-29
Red Hat RHSA-2007:1063-01 2007-11-29
Red Hat RHSA-2007:1059-01 2007-11-29
Ubuntu USN-547-1 2007-11-27
SuSE SUSE-SA:2007:062 2007-11-23
Gentoo 200711-30 2007-11-20

Comments (1 posted)

pcre: buffer overflow

Package(s):pcre CVE #(s):CVE-2008-0674
Created:February 19, 2008 Updated:November 17, 2008
Description: A buffer overflow caused by a character class containing a very large number of characters with codepoints greater than 255 (in UTF-8 mode) may affect usages of pcre, when regular expressions from untrusted sources are compiled.
Alerts:
Gentoo 200811-05 2008-11-16
rPath rPSA-2008-0176-1 2008-05-23
Gentoo 200803-24:02 2008-03-17
Fedora FEDORA-2008-1842 2008-03-06
rPath rPSA-2008-0086-1 2008-02-28
Mandriva MDVSA-2008:053 2007-02-28
Debian DSA-1499-1 2008-02-19
SuSE SUSE-SR:2008:004 2008-02-22
Ubuntu USN-581-1 2008-02-21
Fedora FEDORA-2008-1783 2008-02-19

Comments (none posted)

pcre: buffer overflows

Package(s):pcre3 CVE #(s):CVE-2007-1662 CVE-2007-4768
Created:November 27, 2007 Updated:May 7, 2008
Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. (CVE-2007-1662)

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. (CVE-2007-4768)

Alerts:
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Debian DSA-1399-1 2007-11-05
Gentoo 200711-30 2007-11-20
Ubuntu USN-547-1 2007-11-27

Comments (none posted)

peercast: buffer overflow

Package(s):peercast CVE #(s):CVE-2007-6454
Created:December 28, 2007 Updated:May 21, 2008
Description: A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Alerts:
Debian DSA-1583-1 2008-05-20
Gentoo 200801-22:02 2008-01-30
Debian DSA-1441-1 2007-12-28

Comments (none posted)

perl-Net-DNS: predictable id sequence

Package(s):perl-Net-DNS CVE #(s):CVE-2007-3377
Created:June 26, 2007 Updated:March 12, 2008
Description: Net::DNS before 0.60 uses an id sequence that is predictable and the same in all child processes.
Alerts:
Debian DSA-1515-1 2008-03-11
SuSE SUSE-SR:2007:017 2007-08-17
Gentoo 200708-06 2007-08-11
rPath rPSA-2007-0142-1 2007-07-17
Ubuntu USN-483-1 2007-07-11
Mandriva MDKSA-2007:146 2007-07-12
Red Hat RHSA-2007:0675-01 2007-07-12
Red Hat RHSA-2007:0674-01 2007-07-12
Fedora FEDORA-2007-609 2007-07-02
Fedora FEDORA-2007-612 2007-07-02
Fedora FEDORA-2007-0668 2007-06-25

Comments (none posted)

php: several vulnerabilities

Package(s):php CVE #(s):CVE-2006-4481 CVE-2006-4484 CVE-2006-4485
Created:September 8, 2006 Updated:June 13, 2008
Description: The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

Alerts:
SuSE SUSE-SR:2008:013 2008-06-13
Mandriva MDVSA-2008:077 2007-03-26
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2008:0146-01 2008-02-28
Fedora FEDORA-2008-1643 2008-02-13
Foresight FLEA-2008-0007-1 2008-02-11
Fedora FEDORA-2008-1122 2008-02-05
Fedora FEDORA-2008-1131 2008-02-05
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:038 2007-02-07
rPath rPSA-2008-0046-1 2008-02-06
Gentoo 200802-01 2008-02-06
rPath rPSA-2006-0182-1 2006-10-05
SuSE SUSE-SA:2006:052 2006-09-21
Red Hat RHSA-2006:0669-01 2006-09-21
Mandriva MDKSA-2006:162 2006-09-07

Comments (1 posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-3799 CVE-2007-3998 CVE-2007-4659 CVE-2007-4658 CVE-2007-4670 CVE-2007-4661
Created:October 23, 2007 Updated:May 19, 2008
Description: From the Red Hat advisory:

Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996)

A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799)

A flaw was found in handling of dynamic changes to global variables. A script which used certain functions which change global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-4659)

An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_split function with a user-supplied third argument. (CVE-2007-4661)

Alerts:
Debian DSA-1578-1 2008-05-17
SuSE SUSE-SR:2007:015 2007-08-03
SuSE SUSE-SA:2008:004 2008-01-29
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29
Red Hat RHSA-2007:0891-01 2007-10-25
rPath rPSA-2007-0221-1 2007-10-24
Red Hat RHSA-2007:0917-01 2007-10-23

Comments (none posted)

php: buffer overflows

Package(s):php CVE #(s):CVE-2006-5465
Created:November 3, 2006 Updated:January 18, 2010
Description: The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used)
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
SuSE SUSE-SA:2006:067 2006-11-15
rPath rPSA-2006-0205-1 2006-11-09
Red Hat RHSA-2006:0731-01 2006-11-10
Red Hat RHSA-2006:0730-01 2006-11-06
Debian DSA-1206-1 2006-11-06
Fedora FEDORA-2006-1169 2006-11-06
Fedora FEDORA-2006-1168 2006-11-06
Slackware SSA:2006-307-01 2006-11-06
OpenPKG OpenPKG-SA-2006.028 2006-11-06
Ubuntu USN-375-1 2006-11-02
Mandriva MDKSA-2006:196 2006-11-02

Comments (none posted)

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-4657 CVE-2007-4660 CVE-2007-4662
Created:November 30, 2007 Updated:July 4, 2008
Description: Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. (CVE-2007-4657)

Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. (CVE-2007-4660)

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. (CVE-2007-4662)

Alerts:
Mandriva MDVSA-2008:125 2008-07-03
Mandriva MDVSA-2008:126 2007-07-03
Debian DSA-1578-1 2008-05-17
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29

Comments (none posted)

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-4783 CVE-2007-4840 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900
Created:November 20, 2007 Updated:January 18, 2010
Description: The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
Ubuntu USN-720-1 2009-02-12
Ubuntu USN-628-1 2008-07-23
CentOS CESA-2008:0545 2008-07-16
CentOS CESA-2008:0544 2008-07-16
Red Hat RHSA-2008:0545-01 2008-07-16
Red Hat RHSA-2008:0546-01 2008-07-16
Red Hat RHSA-2008:0544-01 2008-07-16
Red Hat RHSA-2008:0582-01 2008-07-22
Mandriva MDVSA-2008:127 2008-07-03
Mandriva MDVSA-2008:125 2008-07-03
Mandriva MDVSA-2008:126 2007-07-03
Red Hat RHSA-2008:0505-01 2008-07-02
Fedora FEDORA-2008-3606 2008-06-20
Fedora FEDORA-2008-3864 2008-06-20
SuSE SUSE-SA:2008:004 2008-01-29
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
rPath rPSA-2007-0242-1 2007-11-19
Ubuntu USN-549-1 2007-11-29

Comments (none posted)

phpmyadmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245
Created:September 10, 2007 Updated:March 19, 2009
Description: Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1325: The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.

CVE-2007-1395: Incomplete blacklist vulnerability in index.php allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

CVE-2007-2245: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVE-2006-6942: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

CVE-2006-6944: phpMyAdmin allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

Alerts:
Gentoo 200903-32 2009-03-18
Mandriva MDKSA-2007:199 2007-10-17
Debian DSA-1370-2 2007-09-10
Debian DSA-1370-1 2007-09-09

Comments (none posted)

phpMyAdmin: cross-site scripting vulnerabilities

Package(s):phpMyAdmin CVE #(s):CVE-2007-5386 CVE-2007-5589
Created:November 2, 2007 Updated:March 14, 2008
Description: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

Alerts:
SuSE SUSE-SR:2008:006 2008-03-14
Fedora FEDORA-2007-3639 2007-11-22
Fedora FEDORA-2007-3666 2007-11-22
Debian DSA-1403-1 2007-11-08
Fedora FEDORA-2007-2738 2007-11-01

Comments (none posted)

phpMyAdmin: information disclosure

Package(s):phpMyAdmin CVE #(s):CVE-2007-0095
Created:December 11, 2007 Updated:September 25, 2008
Description: phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
Alerts:
Fedora FEDORA-2008-8286 2008-09-24
Fedora FEDORA-2008-8269 2008-09-24
Fedora FEDORA-2008-6502 2008-07-17
Fedora FEDORA-2008-6450 2008-07-17
Fedora FEDORA-2008-2229 2008-03-03
Fedora FEDORA-2008-2189 2008-03-03
Fedora FEDORA-2007-4298 2007-12-10
Fedora FEDORA-2007-4334 2007-12-10

Comments (none posted)

phpMyAdmin: SQL injection

Package(s):phpMyAdmin CVE #(s):CVE-2007-5976 CVE-2007-5977
Created:November 22, 2007 Updated:March 19, 2009
Description: phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.

db_create.php also has a related cross-site scripting vulnerability. Remote authenticated users can inject arbitrary web scripts or HTML using a hex-encoded IMG element in the db parameter in a POST request.

Alerts:
Gentoo 200903-32 2009-03-18
Mandriva MDKSA-2007:229 2007-11-20
Fedora FEDORA-2007-3639 2007-11-22
Fedora FEDORA-2007-3636 2007-11-22
Fedora FEDORA-2007-3666 2007-11-22
Fedora FEDORA-2007-3627 2007-11-22

Comments (none posted)

phpPgAdmin: cross-site scripting

Package(s):phppgadmin CVE #(s):CVE-2007-2865 CVE-2007-5728
Created:June 18, 2007 Updated:January 21, 2009
Description: A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Alerts:
Debian DSA-1693-1 2008-12-27
Debian DSA-1693-2 2009-01-21
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-1013 2007-07-11
Fedora FEDORA-2007-0469 2007-06-16

Comments (none posted)

PostgreSQL: multiple vulnerabilities

Package(s):postgresql CVE #(s):CVE-2007-6600 CVE-2007-4772 CVE-2007-6067 CVE-2007-4769 CVE-2007-6601
Created:January 9, 2008 Updated:January 17, 2013
Description: Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information.
Alerts:
Mandriva MDVSA-2009:251-1 2009-12-08
Red Hat RHSA-2009:1461-01 2009-09-23
CentOS CESA-2009:1485 2009-10-07
Fedora FEDORA-2009-9473 2009-09-11
Fedora FEDORA-2009-9474 2009-09-11
Red Hat RHSA-2009:1484-01 2009-10-07
Red Hat RHSA-2009:1485-01 2009-10-07
CentOS CESA-2009:1484 2009-10-09
CentOS CESA-2009:1484 2009-10-30
Mandriva MDVSA-2008:059 2007-03-05
Red Hat RHSA-2008:0134-01 2008-02-21
Red Hat RHSA-2008:0040-01 2008-02-01
Gentoo 200801-15 2008-01-29
rPath rPSA-2008-0016-1 2008-01-15
Ubuntu USN-568-1 2008-01-14
Debian DSA-1463-1 2008-01-14
Debian DSA-1460-1 2008-01-13
Fedora FEDORA-2008-0552 2008-01-11
Fedora FEDORA-2008-0478 2008-01-11
Red Hat RHSA-2008:0039-01 2008-01-11
Red Hat RHSA-2008:0038-01 2008-01-11
Mandriva MDVSA-2008:004 2008-01-09
Oracle ELSA-2013-0122 2013-01-12
Scientific Linux SL-tcl-20130116 2013-01-16
CentOS CESA-2013:0122 2013-01-09

Comments (none posted)

pulseaudio: denial of service

Package(s):pulseaudio CVE #(s):CVE-2007-1804
Created:May 30, 2007 Updated:March 10, 2008
Description: The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker.
Alerts:
Mandriva MDVSA-2008:065 2007-03-09
Ubuntu USN-465-1 2007-05-25

Comments (none posted)

python: information disclosure

Package(s):python CVE #(s):CVE-2007-2052
Created:May 9, 2007 Updated:July 30, 2009
Description: Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Debian DSA-1620-1 2008-07-27
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1077-01 2007-12-10
Foresight FLEA-2007-0019-1 2007-05-21
rPath rPSA-2007-0104-1 2007-05-17
Mandriva MDKSA-2007:099 2007-05-08

Comments (none posted)

python: integer overflows

Package(s):python CVE #(s):CVE-2007-4965
Created:October 30, 2007 Updated:July 30, 2009
Description: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Mandriva MDVSA-2009:036 2009-02-12
Mandriva MDVSA-2008:164 2008-08-07
Mandriva MDVSA-2008:163 2007-08-07
Debian DSA-1620-1 2008-07-27
Gentoo 200807-01 2008-07-01
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Foresight FLEA-2008-0002-1 2008-02-11
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:013 2007-01-14
Mandriva MDVSA-2008:012 2008-01-14
Red Hat RHSA-2007:1076-02 2007-12-10
rPath rPSA-2007-0254-1 2007-11-30
Gentoo 200711-07 2007-11-07
Fedora FEDORA-2007-2663 2007-10-29

Comments (none posted)

qemu: multiple vulnerabilities

Package(s):qemu CVE #(s):CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
Created:May 1, 2007 Updated:January 19, 2009
Description: Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.
Alerts:
Fedora FEDORA-2008-11705 2008-12-24
Fedora FEDORA-2008-10000 2008-11-22
Fedora FEDORA-2008-9556 2008-11-12
SuSE SUSE-SR:2009:002 2009-01-19
Mandriva MDVSA-2008:162 2008-08-07
Fedora FEDORA-2008-4386 2008-05-28
Fedora FEDORA-2008-4604 2008-05-28
Fedora FEDORA-2007-713 2007-10-08
Debian DSA-1384-1 2007-10-05
Fedora FEDORA-2007-2270 2007-10-03
Red Hat RHSA-2007:0323-01 2007-10-02
Debian-Testing DTSA-38-1 2007-05-26
Debian DSA-1284-1 2007-05-01

Comments (none posted)

qemu: insufficient block device address range checking

Package(s):qemu, zen CVE #(s):CVE-2008-0928
Created:February 29, 2008 Updated:October 7, 2009
Description: From Debian Security: Ian Jackson discovered that accesses beyond end of qemu emulated disk devices can result in accesses to emulator's virtual memory space accesses and thus can allow user with sufficient privilege in guest (root, as this would need modification to kernel's driver) to break out of VM.
Alerts:
Mandriva MDVSA-2009:257 2009-10-05
Debian DSA-1799-1 2009-05-11
Mandriva MDVSA-2009:016 2009-01-16
Mandriva MDVSA-2008:162 2008-08-07
CentOS CESA-2008:0194 2008-05-16
Red Hat RHSA-2008:0194-01 2008-05-13
Fedora FEDORA-2008-2083 2008-02-28
Fedora FEDORA-2008-2057 2008-02-28

Comments (none posted)

quagga: denial of service

Package(s):quagga CVE #(s):CVE-2007-4826
Created:September 14, 2007 Updated:October 25, 2010
Description: The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute.
Alerts:
CentOS CESA-2010:0785 2010-10-25
CentOS CESA-2010:0785 2010-10-20
Red Hat RHSA-2010:0785-01 2010-10-20
Debian DSA-1379-1 2007-10-01
Trustix TSLSA-2007-0028 2007-09-21
Fedora FEDORA-2007-2196 2007-09-18
Ubuntu USN-512-1 2007-09-15
Mandriva MDKSA-2007:182 2007-09-13
Oracle ELSA-2012-1258 2012-09-13

Comments (none posted)

quake: buffer overflow

Package(s):quake3-bin CVE #(s):CVE-2006-2236
Created:May 10, 2006 Updated:January 12, 2009
Description: Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server.
Alerts:
Gentoo 200901-06 2009-01-11
Gentoo 200605-12 2006-05-10

Comments (none posted)

rails: multiple vulnerabilities

Package(s):rails CVE #(s):CVE-2007-5380 CVE-2007-3227 CVE-2007-5379
Created:November 15, 2007 Updated:December 21, 2009
Description: Ruby on Rails has the following vulnerabilities: ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.

The session_id can be set from the URL from the session management.

The to_json() function does not properly sanitize input before it is returned to the user.

Alerts:
Gentoo 200912-02 2009-12-20
SuSE SUSE-SR:2007:025 2007-12-05
SuSE SUSE-SR:2007:024 2007-11-22
Gentoo 200711-17 2007-11-14

Comments (none posted)

rsync: restricted file access

Package(s):rsync CVE #(s):CVE-2007-6199 CVE-2007-6200
Created:December 5, 2007 Updated:September 23, 2011
Description:

From the CVE entry:

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

Alerts:
CentOS CESA-2011:0999 2011-09-22
Red Hat RHSA-2011:0999-01 2011-07-21
Foresight FLEA-2008-0004-1 2008-02-11
Mandriva MDVSA-2008:011 2007-01-11
SuSE SUSE-SR:2008:001 2008-01-09
rPath rPSA-2007-0257-1 2007-12-04

Comments (none posted)

ruby: insufficient SSL certificate validation

Package(s):ruby CVE #(s):CVE-2007-5162 CVE-2007-5770
Created:October 8, 2007 Updated:October 10, 2008
Description: The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
Alerts:
Fedora FEDORA-2008-6094 2008-07-04
Fedora FEDORA-2008-6033 2008-07-03
Ubuntu USN-596-1 2008-03-26
Fedora FEDORA-2008-2443 2008-03-13
Fedora FEDORA-2008-2458 2008-03-13
Mandriva MDVSA-2008:029 2007-01-31
Debian DSA-1411-1 2007-11-24
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1412-1 2007-11-24
Debian DSA-1410-1 2007-11-24
Red Hat RHSA-2007:0961-01 2007-11-13
Red Hat RHSA-2007:0965-01 2007-11-13
Foresight FLEA-2007-0068-1 2007-11-11
Fedora FEDORA-2007-2812 2007-11-06
Fedora FEDORA-2007-738 2007-11-05
Fedora FEDORA-2007-2685 2007-10-29
Fedora FEDORA-2007-2406 2007-10-08
Fedora FEDORA-2007-718 2007-10-08

Comments (none posted)

ruby-gnome2: format string vulnerability

Package(s):ruby-gnome2 CVE #(s):CVE-2007-6183
Created:December 7, 2007 Updated:December 22, 2008
Description: A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-3249 2008-04-22
Fedora FEDORA-2008-3283 2008-04-22
Fedora FEDORA-2008-2682 2008-03-26
Fedora FEDORA-2008-2662 2008-03-26
Fedora FEDORA-2008-1535 2008-02-13
Mandriva MDVSA-2008:033 2007-02-01
Debian DSA-1431-1 2007-12-11
Gentoo 200712-09 2007-12-09
Fedora FEDORA-2007-4216 2007-12-06
Fedora FEDORA-2007-4229 2007-12-06

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-4572
Created:November 15, 2007 Updated:December 3, 2008
Description: The Samba user authentication is vulnerable to a heap-based buffer overflow. Remote unauthenticated users can use this to crash the Samba server and cause a denial of service.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Ubuntu USN-617-2 2008-06-30
Ubuntu USN-617-1 2008-06-17
Red Hat RHSA-2007:1114-01 2007-12-10
Fedora FEDORA-2007-760 2007-12-03
Debian DSA-1409-3 2007-11-29
Gentoo 200711-29 2007-11-20
Mandriva MDKSA-2007:224-2 2007-11-23
Debian DSA-1409-1 2007-11-22
Mandriva MDKSA-2007:224-1 2007-11-21
Ubuntu USN-544-2 2007-11-16
Fedora FEDORA-2007-3403 2007-11-16
Fedora FEDORA-2007-3402 2007-11-16
SuSE SUSE-SA:2007:065 2007-12-05
Mandriva MDKSA-2007:224-3 2007-11-29
Debian DSA-1409-2 2007-11-26
Fedora FEDORA-2007-751 2007-11-21
Slackware SSA:2007-320-01 2007-11-19
rPath rPSA-2007-0241-1 2007-11-16
Mandriva MDKSA-2007:224 2007-11-17
Ubuntu USN-544-1 2007-11-16
Red Hat RHSA-2007:1017-01 2007-11-15
Red Hat RHSA-2007:1016-01 2007-11-15
Red Hat RHSA-2007:1013-01 2007-11-15

Comments (none posted)

samba: stack-based buffer overflow

Package(s):samba CVE #(s):CVE-2007-6015
Created:December 11, 2007 Updated:December 3, 2008
Description: A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Ubuntu USN-556-1 2007-12-18
SuSE SUSE-SA:2007:068 2007-12-12
Mandriva MDKSA-2007:244 2007-12-11
Red Hat RHSA-2007:1117-01 2007-12-10
Red Hat RHSA-2007:1114-01 2007-12-10
Slackware SSA:2007-344-01 2007-12-11
Fedora FEDORA-2007-4275 2007-12-10
Fedora FEDORA-2007-4269 2007-12-10
Gentoo 200712-10 2007-12-10
rPath rPSA-2007-0261-1 2007-12-10
Debian DSA-1427-1 2007-12-10

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-5398
Created:November 15, 2007 Updated:December 3, 2008
Description: Samba's mechanism for creating NetBIOS replies is vulnerable to a buffer overflow. Samba servers that are configured to run as a WINS server can be crashed by a remote unauthenticated user, execution of arbitrary code may also be possible.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Gentoo 200711-29 2007-11-20
Mandriva MDKSA-2007:224-2 2007-11-23
Debian DSA-1409-2 2007-11-26
Debian DSA-1409-1 2007-11-22
Fedora FEDORA-2007-751 2007-11-21
Ubuntu USN-544-2 2007-11-16
Mandriva MDKSA-2007:224 2007-11-17
Fedora FEDORA-2007-3403 2007-11-16
Fedora FEDORA-2007-3402 2007-11-16
Red Hat RHSA-2007:1013-01 2007-11-15
Gentoo GLSA 200711-29:02 2007-11-20
SuSE SUSE-SA:2007:065 2007-12-05
Mandriva MDKSA-2007:224-3 2007-11-29
Debian DSA-1409-3 2007-11-29
Mandriva MDKSA-2007:224-1 2007-11-21
Slackware SSA:2007-320-01 2007-11-19
rPath rPSA-2007-0241-1 2007-11-16
Ubuntu USN-544-1 2007-11-16
Red Hat RHSA-2007:1017-01 2007-11-15
Red Hat RHSA-2007:1016-01 2007-11-15

Comments (none posted)

SDL_image: buffer overflows

Package(s):SDL_image CVE #(s):CVE-2007-6697 CVE-2008-0544
Created:February 8, 2008 Updated:March 27, 2008
Description: From the Mandriva advisory: The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code.
Alerts:
Ubuntu USN-595-1 2008-03-26
Debian DSA-1493-2 2008-03-16
rPath rPSA-2008-0061-1 2008-02-13
Debian DSA-1493-1 2008-02-10
Mandriva MDVSA-2008:040 2007-02-07

Comments (none posted)

slocate: information disclosure

Package(s):slocate CVE #(s):CVE-2007-0227
Created:February 22, 2007 Updated:September 4, 2012
Description: The slocate permission checking code has a local information disclosure vulnerability. During the reporting of matching files, slocate does not respect the parent directory's read permissions, resulting in hidden filenames being viewable by other local users.
Alerts:
Foresight FLEA-2007-0005-1 2007-03-29
Ubuntu USN-425-1 2007-02-22
Slackware SSA:2012-244-05 2012-08-31

Comments (none posted)

squid: denial of service

Package(s):squid CVE #(s):CVE-2007-6239
Created:December 18, 2007 Updated:March 25, 2009
Description: A flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial of service.
Alerts:
Gentoo 200903-38 2009-03-24
Debian DSA-1646-2 2008-10-11
Debian DSA-1646-1 2008-10-07
Mandriva MDVSA-2008:134 2007-07-04
Ubuntu USN-601-1 2008-04-14
Red Hat RHSA-2008:0214-01 2008-04-08
Debian DSA-1482-1 2008-02-05
Ubuntu USN-565-1 2008-01-09
Gentoo 200801-05 2008-01-09
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:002 2007-01-04
Fedora FEDORA-2007-4170 2007-12-15
Fedora FEDORA-2007-4161 2007-12-15
Red Hat RHSA-2007:1130-01 2007-12-18

Comments (none posted)

streamripper: buffer overflow

Package(s):streamripper CVE #(s):CVE-2007-4337
Created:September 14, 2007 Updated:December 9, 2008
Description: Chris Rohlf discovered several boundary errors in the httplib_parse_sc_header() function when processing HTTP headers.
Alerts:
Debian DSA-1683-1 2008-12-08
Gentoo 200709-03 2007-09-13

Comments (none posted)

subversion: possible information leak

Package(s):subversion CVE #(s):CVE-2007-2448
Created:October 30, 2007 Updated:February 1, 2011
Description: Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Alerts:
Ubuntu USN-1053-1 2011-02-01
rPath rPSA-2007-0264-1 2007-12-12
Fedora FEDORA-2007-2635 2007-10-29

Comments (none posted)

Sun JDK/JRE: multiple vulnerabilities

Package(s):Sun JDK/JRE CVE #(s):CVE-2007-2435 CVE-2007-2788 CVE-2007-2789
Created:June 1, 2007 Updated:April 18, 2008
Description: An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files.
Alerts:
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2007:1086-01 2007-12-12
Red Hat RHSA-2007:0817-01 2007-08-06
SuSE SUSE-SA:2007:045 2007-07-18
Gentoo 200706-08 2007-06-26
Gentoo 200705-23 2007-05-31

Comments (none posted)

sysstat: insecure temporary files

Package(s):sysstat CVE #(s):CVE-2007-3852
Created:August 20, 2007 Updated:September 23, 2011
Description: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Alerts:
CentOS CESA-2011:1005 2011-09-22
Scientific Linux SL-syss-20110721 2011-07-21
Red Hat RHSA-2011:1005-01 2011-07-21
Fedora FEDORA-2007-675 2007-08-27
Fedora FEDORA-2007-1697 2007-08-20

Comments (1 posted)

tar: buffer overflow

Package(s):tar CVE #(s):CVE-2007-4476
Created:October 16, 2007 Updated:March 17, 2010
Description: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Alerts:
CentOS CESA-2010:0141 2010-03-16
CentOS CESA-2010:0144 2010-03-16
Red Hat RHSA-2010:0144-01 2010-03-15
Red Hat RHSA-2010:0141-01 2010-03-15
Ubuntu USN-650-1 2008-10-02
Ubuntu USN-709-1 2009-01-15
Debian DSA-1566-1 2008-05-02
Debian DSA-1438-1 2007-12-28
Mandriva MDKSA-2007:233 2007-11-28
Gentoo 200711-18 2007-11-14
Fedora FEDORA-2007-2827 2007-11-06
Fedora FEDORA-2007-2800 2007-11-06
Fedora FEDORA-2007-2744 2007-11-05
Fedora FEDORA-2007-742 2007-11-05
Fedora FEDORA-2007-735 2007-11-05
Fedora FEDORA-2007-2673 2007-10-29
rPath rPSA-2007-0222-1 2007-10-23
Mandriva MDKSA-2007:197 2007-10-15

Comments (none posted)

tetex: buffer overflow

Package(s):tetex CVE #(s):CVE-2007-0650
Created:May 8, 2007 Updated:May 13, 2008
Description: A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
Alerts:
Gentoo 200805-13 2008-05-12
Gentoo 200709-17 2007-09-27
Mandriva MDKSA-2007:109 2007-05-23
rPath rPSA-2007-0092-1 2007-05-07

Comments (1 posted)

teTeX: multiple vulnerabilities

Package(s):tetex CVE #(s):CVE-2007-5937 CVE-2007-5936 CVE-2007-5935
Created:November 19, 2007 Updated:May 10, 2010
Description:

From the Gentoo advisory:

Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats (CVE-2007-5937, CVE-2007-5936). Bastien Roucaries reported that the "dvips" application is vulnerable to two stack-based buffer overflows when processing DVI documents with long \href{} URIs (CVE-2007-5935). teTeX also includes code from Xpdf that is vulnerable to a memory corruption and two heap-based buffer overflows (GLSA 200711-22); and it contains code from T1Lib that is vulnerable to a buffer overflow when processing an overly long font filename (GLSA 200710-12).

Alerts:
CentOS CESA-2010:0399 2010-05-08
CentOS CESA-2010:0401 2010-05-08
Red Hat RHSA-2010:0401-01 2010-05-06
Red Hat RHSA-2010:0399-01 2010-05-06
SuSE SUSE-SR:2008:011 2008-05-09
Foresight FLEA-2008-0006-1 2008-02-11
SuSE SUSE-SR:2008:001 2008-01-09
rPath rPSA-2007-0266-1 2007-12-17
Ubuntu USN-554-1 2007-12-06
Fedora FEDORA-2007-3308 2007-11-20
Fedora FEDORA-2007-3390 2007-11-20
Mandriva MDKSA-2007:230 2007-11-20
Gentoo 200711-26 2007-11-18

Comments (none posted)

thunderbird: heap overflow

Package(s):thunderbird seamonkey CVE #(s):CVE-2008-0304
Created:February 29, 2008 Updated:January 8, 2009
Description: Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow vulnerability in Mozilla mail code which could potentially allow an attacker to run arbitrary code. The vulnerability is caused by allocating a buffer that can be three bytes too small in certain cases when viewing an email message with an external MIME body.
Alerts:
Debian DSA-1697-1 2009-01-07
Ubuntu USN-629-1 2008-07-25
Debian DSA-1621-1 2008-07-27
Gentoo 200805-18 2008-05-20
Fedora FEDORA-2008-2118 2008-02-28
Mandriva MDVSA-2008:062 2007-03-06
Slackware SSA:2008-061-01 2008-03-03
Ubuntu USN-582-2 2008-03-06
Ubuntu USN-582-1 2008-02-29
Fedora FEDORA-2008-2060 2008-02-28

Comments (none posted)

tk: buffer overflow

Package(s):tk CVE #(s):CVE-2008-0553
Created:February 8, 2008 Updated:November 6, 2008
Description: From the Mandriva advisory: The ReadImage() function in Tk did not check CodeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact.
Alerts:
Ubuntu USN-664-1 2008-11-06
Debian DSA-1598-1 2008-06-19
SuSE SUSE-SR:2008:013 2008-06-13
Fedora FEDORA-2008-3621 2008-05-13
Fedora FEDORA-2008-3545 2008-05-09
SuSE SUSE-SR:2008:008 2008-04-04
rPath rPSA-2008-0054-1 2008-02-12
Red Hat RHSA-2008:0135-02 2008-02-22
Red Hat RHSA-2008:0136-01 2008-02-21
Red Hat RHSA-2008:0135-01 2008-02-21
Red Hat RHSA-2008:0134-01 2008-02-21
Debian DSA-1491-1 2008-02-10
Debian DSA-1490-1 2008-02-10
Fedora FEDORA-2008-1122 2008-02-05
Fedora FEDORA-2008-1131 2008-02-05
Fedora FEDORA-2008-1384 2008-02-05
Fedora FEDORA-2008-1323 2008-02-05
Mandriva MDVSA-2008:041 2007-02-07

Comments (none posted)

Tk: buffer overflow

Package(s):tk8.3 CVE #(s):CVE-2007-5378
Created:November 28, 2007 Updated:March 17, 2009
Description: The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5.
Alerts:
Debian DSA-1743-1 2009-03-17
Red Hat RHSA-2008:0134-01 2008-02-21
Red Hat RHSA-2008:0135-02 2008-02-22
Red Hat RHSA-2008:0135-01 2008-02-21
Debian DSA-1415-1 2007-11-27
Debian DSA-1416-1 2007-11-27

Comments (none posted)

tk: denial of service

Package(s):tk8.3 tk8.4 CVE #(s):CVE-2007-5137
Created:October 12, 2007 Updated:March 17, 2009
Description: It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
Alerts:
Debian DSA-1743-1 2009-03-17
Red Hat RHSA-2008:0136-01 2008-02-21
Fedora FEDORA-2008-1131 2008-02-05
Fedora FEDORA-2007-728 2007-10-17
Mandriva MDKSA-2007:200 2007-10-18
Fedora FEDORA-2007-2564 2007-10-18
Ubuntu USN-529-1 2007-10-11

Comments (none posted)

tomboy: execution of arbitrary code

Package(s):tomboy CVE #(s):CVE-2005-4790
Created:November 9, 2007 Updated:February 22, 2011
Description: Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LD_LIBRARY_PATH" environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application.

Note that the tomboy vulnerability was added in 2007.

Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-2682 2008-03-26
Mandriva MDVSA-2008:064 2007-03-07
Fedora FEDORA-2008-1535 2008-02-13
Gentoo 200801-14 2008-01-27
Ubuntu USN-560-1 2008-01-07
Fedora FEDORA-2007-3792 2007-11-26
Fedora FEDORA-2007-3798 2007-11-26
Fedora FEDORA-2007-3253 2007-11-13
Fedora FEDORA-2007-3011 2007-11-09
Gentoo 200711-12 2007-11-08

Comments (none posted)

tomcat: cross-site scripting

Package(s):tomcat CVE #(s):CVE-2007-2449 CVE-2007-2450
Created:July 17, 2007 Updated:February 17, 2009
Description: Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the 'examples' web application not be installed on a production system.

The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
SuSE SUSE-SR:2008:007 2008-03-28
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1468-1 2008-01-20
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3474 2007-11-17
Fedora FEDORA-2007-3456 2007-11-17
Red Hat RHSA-2007:0569-01 2007-07-17

Comments (1 posted)

tomcat: multiple vulnerabilities

Package(s):tomcat CVE #(s):CVE-2007-3382 CVE-2007-3385 CVE-2007-3386
Created:September 26, 2007 Updated:September 13, 2010
Description: Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).

Alerts:
Mandriva MDVSA-2010:176 2010-09-12
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
Red Hat RHSA-2008:0195-01 2008-04-28
SuSE SUSE-SR:2008:005 2008-03-06
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1447-1 2008-01-03
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3456 2007-11-17
Fedora FEDORA-2007-3474 2007-11-17
Red Hat RHSA-2007:0950-01 2007-11-05
Red Hat RHSA-2007:0876-01 2007-10-11
Red Hat RHSA-2007:0871-01 2007-09-26

Comments (none posted)

tomcat: arbitrary file disclosure via path traversal

Package(s):tomcat5 CVE #(s):CVE-2007-5461
Created:November 19, 2007 Updated:February 17, 2009
Description:

From the CVE entry:

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Red Hat RHSA-2008:0862-02 2008-10-02
Fedora FEDORA-2008-8130 2008-09-16
Red Hat RHSA-2008:0195-01 2008-04-28
Gentoo 200804-10 2008-04-10
Red Hat RHSA-2008:0042-01 2008-03-11
SuSE SUSE-SR:2008:005 2008-03-06
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1447-1 2008-01-03
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3456 2007-11-17
Fedora FEDORA-2007-3474 2007-11-17

Comments (none posted)

tomcat: multiple vulnerabilities

Package(s):tomcat5 CVE #(s):CVE-2007-5342 CVE-2007-5333 CVE-2007-6286 CVE-2007-1355 CVE-2007-1358 CVE-2008-0002
Created:February 13, 2008 Updated:September 13, 2010
Description: Refer to the CVE entries for more information.
Alerts:
Mandriva MDVSA-2010:176 2010-09-12
CentOS CESA-2009:1164 2009-07-29
Red Hat RHSA-2009:1563-01 2009-11-09
Red Hat RHSA-2009:1164-01 2009-07-21
Red Hat RHSA-2009:1562-01 2009-11-09
SuSE SUSE-SR:2009:004 2009-02-17
Red Hat RHSA-2008:0862-02 2008-10-02
Mandriva MDVSA-2009:018 2009-01-16
Fedora FEDORA-2008-8130 2008-09-16
Mandriva MDVSA-2008:188 2008-09-05
Red Hat RHSA-2008:0195-01 2008-04-28
Gentoo 200804-10 2008-04-10
Red Hat RHSA-2008:0042-01 2008-03-11
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13

Comments (none posted)

tomcat: information disclosure

Package(s):tomcat5.5 CVE #(s):CVE-2008-0128
Created:January 21, 2008 Updated:March 7, 2008
Description:

From the Debian advisory:

Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure.

Alerts:
SuSE SUSE-SR:2008:005 2008-03-06
Debian DSA-1468-1 2008-01-20

Comments (none posted)

tshark, wireshark: multiple vulnerabilities

Package(s):tshark,wireshark CVE #(s):CVE-2008-1070 CVE-2008-1071 CVE-2008-1072
Created:March 3, 2008 Updated:October 2, 2008
Description: From the rPath advisory:

Previous versions of the wireshark package are vulnerable to multiple types of Denial of Service attacks, including crashes and excessive memory consumption. It has not been determined that these vulnerabilities can be exploited to execute malicious code.

Alerts:
Red Hat RHSA-2008:0890-01 2008-10-01
CentOS CESA-2008:0890 2008-10-01
rPath rPSA-2008-0212-1 2008-07-03
Fedora FEDORA-2008-3040 2008-04-08
Fedora FEDORA-2008-2941 2008-04-08
Gentoo 200803-32 2008-03-24
rPath rPSA-2008-0092-1 2008-02-29
SuSE SUSE-SR:2008:005 2008-03-06
Mandriva MDVSA-2008:057 2007-03-03

Comments (none posted)

viewvc: multiple access violations

Package(s):viewvc CVE #(s):
Created:March 3, 2008 Updated:March 5, 2008
Description: From the Fedora advisory:

These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path parameters

Alerts:
Fedora FEDORA-2008-2159 2008-03-01
Fedora FEDORA-2008-2143 2008-03-01

Comments (none posted)

vim: arbitrary code execution

Package(s):vim CVE #(s):CVE-2007-2953
Created:July 30, 2007 Updated:November 27, 2008
Description: vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted.
Alerts:
CentOS CESA-2008:0580 2008-11-26
CentOS CESA-2008:0617 2008-11-25
Red Hat RHSA-2008:0617-01 2008-11-25
Red Hat RHSA-2008:0580-01 2008-11-25
Debian DSA-1364-2 2007-09-19
Debian DSA-1364-1 2007-09-01
Ubuntu USN-505-1 2007-08-28
Mandriva MDKSA-2007:168 2007-08-21
rPath rPSA-2007-0151-1 2007-07-31
Foresight FLEA-2007-0036-1 2007-07-30

Comments (none posted)

vlc: several vulnerabilities

Package(s):vlc CVE #(s):CVE-2007-3316 CVE-2007-3467 CVE-2007-3468
Created:July 10, 2007 Updated:March 10, 2008
Description: Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code.
Alerts:
Gentoo 200803-13 2008-03-07
Gentoo 200707-12 2007-07-28
Debian DSA-1332-1 2007-07-09

Comments (none posted)

wml: multiple file overwrite vulnerabilities

Package(s):wml CVE #(s):CVE-2008-0665 CVE-2008-0666
Created:February 11, 2008 Updated:April 28, 2008
Description:

From the Debian advisory:

Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML generation toolkit, creates insecure temporary files in the eperl and ipp backends and in the wmg.cgi script, which could lead to local denial of service by overwriting files.

Alerts:
Debian DSA-1492-2 2008-04-27
Mandriva MDVSA-2008:076 2007-03-26
Gentoo 200803-23 2008-03-15
Debian DSA-1492-1 2008-02-10

Comments (none posted)

wordpress: remote editing via unknown vectors

Package(s):wordpress CVE #(s):CVE-2008-0664
Created:February 13, 2008 Updated:July 4, 2008
Description:

From the CVE:

The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.

Alerts:
Debian DSA-1601-1 2008-07-04
Fedora FEDORA-2008-1559 2008-02-13
Fedora FEDORA-2008-1512 2008-02-13

Comments (none posted)

xdg-utils: arbitrary command execution

Package(s):xdg-utils CVE #(s):CVE-2008-0386
Created:January 31, 2008 Updated:February 3, 2009
Description: From the Gentoo alert: Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell scripts do not properly sanitize their input before processing it. A remote attacker could entice a user to open a specially crafted link with a vulnerable application using Xdg-Utils (e.g. an email client), resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:
Slackware SSA:2009-033-01 2009-02-03
SuSE SUSE-SR:2008:004 2008-02-22
Mandriva MDVSA-2008:031 2007-02-01
Gentoo 200801-21 2008-01-30

Comments (1 posted)

xen-utils: insecure temp files

Package(s):xen-utils CVE #(s):CVE-2007-3919
Created:October 25, 2007 Updated:May 16, 2008
Description: The xen-utils collection of XEN administrative tools uses temporary files insecurely. Local users can use this to truncate arbitrary files.
Alerts:
CentOS CESA-2008:0194 2008-05-16
Red Hat RHSA-2008:0194-01 2008-05-13
Fedora FEDORA-2007-737 2007-11-05
Debian DSA-1395-1 2007-10-25

Comments (none posted)

XFree86 X.org: integer overflows

Package(s):xfree86 x.org CVE #(s):CVE-2007-1003 CVE-2007-1667 CVE-2007-1351 CVE-2007-1352
Created:April 3, 2007 Updated:August 11, 2009
Description: iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

Alerts:
Debian DSA-1858-1 2009-08-10
SuSE SUSE-SR:2008:008 2008-04-04
Debian DSA-1454-1 2008-01-07
Debian DSA-1294-1 2007-05-17
Gentoo 200705-10 2007-05-08
Gentoo 200705-06 2007-05-05
Gentoo 200705-02 2007-05-01
Ubuntu USN-453-2 2007-04-26
SuSE SUSE-SA:2007:027 2007-04-20
Slackware SSA:2007-109-01 2007-04-20
Ubuntu USN-453-1 2007-04-18
Red Hat RHSA-2007:0157-01 2007-04-16
Red Hat RHSA-2007:0150-01 2007-04-16
Mandriva MDKSA-2007:079-1 2007-04-11
Mandriva MDKSA-2007:080-1 2007-04-10
Mandriva MDKSA-2007:081-1 2007-04-10
Fedora FEDORA-2007-427 2007-04-10
Fedora FEDORA-2007-426 2007-04-10
Fedora FEDORA-2007-425 2007-04-10
Fedora FEDORA-2007-424 2007-04-10
Fedora FEDORA-2007-423 2007-04-09
Fedora FEDORA-2007-422 2007-04-09
Foresight FLEA-2007-0009-1 2007-04-05
Mandriva MDKSA-2007:080 2007-04-04
Mandriva MDKSA-2007:081 2007-04-04
Mandriva MDKSA-2007:079 2007-04-04
rPath rPSA-2007-0065-1 2007-04-04
Ubuntu USN-448-1 2007-04-03
Red Hat RHSA-2007:0132-01 2007-04-03
Red Hat RHSA-2007:0127-01 2007-04-03
Red Hat RHSA-2007:0126-01 2007-04-03
Red Hat RHSA-2007:0125-01 2007-04-03

Comments (none posted)

xine-lib: arbitrary code execution

Package(s):xine-lib CVE #(s):CVE-2007-1387
Created:March 13, 2007 Updated:April 1, 2008
Description: Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
Alerts:
Debian DSA-1536-1 2008-03-31
Mandriva MDKSA-2007:062 2007-03-13
Mandriva MDKSA-2007:061 2007-03-13
Ubuntu USN-435-1 2007-03-12

Comments (none posted)

xine-lib: buffer overflow

Package(s):xine-lib CVE #(s):CVE-2008-0225
Created:January 16, 2008 Updated:August 7, 2008
Description: xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information.
Alerts:
Ubuntu USN-635-1 2008-08-06
Mandriva MDVSA-2008:045 2007-02-14
Gentoo 200801-12 2008-01-27
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:020 2007-01-22
Debian DSA-1472-1 2008-01-21
Fedora FEDORA-2008-0718 2008-01-15

Comments (none posted)

xine-lib: buffer overflows

Package(s):xine-lib CVE #(s):CVE-2008-0238
Created:January 23, 2008 Updated:August 7, 2008
Description: From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function.
Alerts:
Ubuntu USN-635-1 2008-08-06
Mandriva MDVSA-2008:045 2007-02-14
Fedora FEDORA-2008-1047 2008-01-29
Fedora FEDORA-2008-1043 2008-01-29
Gentoo 200801-12 2008-01-27
Mandriva MDVSA-2008:020 2007-01-22

Comments (none posted)

xmms: BMP handling vulnerability

Package(s):xmms CVE #(s):CVE-2007-0653 CVE-2007-0654
Created:March 28, 2007 Updated:July 26, 2011
Description: xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
Alerts:
Fedora FEDORA-2011-9421 2011-07-16
Fedora FEDORA-2011-9413 2011-07-16
Debian DSA-1277-1 2007-04-04
Mandriva MDKSA-2007:071 2007-03-29
Ubuntu USN-445-1 2007-03-27

Comments (none posted)

Xorg: multiple vulnerabilities

Package(s):Xorg CVE #(s):CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006
Created:January 17, 2008 Updated:April 4, 2008
Description: From the X.org security advisory: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows.
Alerts:
SuSE SUSE-SR:2008:008 2008-04-04
Gentoo GLSA 200801-09:03 2008-01-20
SuSE SUSE-SR:2008:003 2008-02-07
rPath rPSA-2008-0032-1 2008-01-30
Mandriva MDVSA-2008:025 2007-01-23
Mandriva MDVSA-2008:024 2007-01-23
Mandriva MDVSA-2008:023 2007-01-23
Mandriva MDVSA-2008:022 2008-01-23
Mandriva MDVSA-2008:021 2008-01-23
Fedora FEDORA-2008-0891 2008-01-22
Fedora FEDORA-2008-0831 2008-01-22
Fedora FEDORA-2008-0794 2008-01-22
Fedora FEDORA-2008-0760 2008-01-22
Debian DSA-1466-3 2008-01-21
Ubuntu USN-571-2 2008-01-19
Gentoo 200801-09 2008-01-20
Debian DSA-1466-2 2008-01-19
Ubuntu USN-571-1 2008-01-18
Red Hat RHSA-2008:0029-01 2008-01-18
Red Hat RHSA-2008:0064-01 2008-01-17
Red Hat RHSA-2008:0031-01 2008-01-17
Red Hat RHSA-2008:0030-01 2008-01-17
Debian DSA-1466-1 2008-01-17
SuSE SUSE-SA:2008:003 2008-01-17

Comments (none posted)

X.org: temp file vulnerability

Package(s):X.org CVE #(s):CVE-2007-3103
Created:July 12, 2007 Updated:July 2, 2009
Description: The X.Org X11 xfs font server has a temp file vulnerability in the startup script. A local user can modify the permissions of the script in order to elevate their local privileges.
Alerts:
Fedora FEDORA-2009-3651 2009-04-14
Fedora FEDORA-2009-3666 2009-04-14
Debian DSA-1342-1 2007-07-30
rPath rPSA-2007-0141-1 2007-07-17
Foresight FLEA-2007-0031-1 2007-07-12
Red Hat RHSA-2007:0520-01 2007-07-12
Red Hat RHSA-2007:0519-01 2007-07-12

Comments (none posted)

xulrunner, firefox, thunderbird: multiple vulnerabilities

Package(s):xulrunner, firefox, thunderbird CVE #(s):CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894
Created:October 22, 2007 Updated:May 12, 2008
Description: From the Debian advisory:

CVE-2007-1095: Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing.

CVE-2007-2292: Stefano Di Paola discovered that insufficient validation of user names used in Digest authentication on a web site allows HTTP response splitting attacks.

CVE-2007-3511: It was discovered that insecure focus handling of the file upload control can lead to information disclosure. This is a variant of CVE-2006-2894.

CVE-2007-5334: Eli Friedman discovered that web pages written in Xul markup can hide the titlebar of windows, which can lead to spoofing attacks.

CVE-2007-5337: Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI schemes may lead to information disclosure. This vulnerability is only exploitable if Gnome-VFS support is present on the system.

CVE-2007-5338: "moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers could be bypassed, which might allow privilege escalation.

CVE-2007-5339: L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code.

CVE-2007-5340: Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
SuSE SUSE-SR:2008:002 2008-01-25
Slackware SSA:2007-324-01 2007-11-21
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Gentoo 200711-24 2007-11-18
Fedora FEDORA-2007-3256 2007-11-13
Fedora FEDORA-2007-3184 2007-11-12
Gentoo 200711-14 2007-11-12
Fedora FEDORA-2007-2795 2007-11-06
Debian DSA-1401-1 2007-11-05
rPath rPSA-2007-0225-2 2007-10-26
Fedora FEDORA-2007-2679 2007-10-29
Fedora FEDORA-2007-2697 2007-10-29
Fedora FEDORA-2007-2697 2007-10-29
Fedora FEDORA-2007-2686 2007-10-29
rPath rPSA-2007-0225-1 2007-10-26
Foresight FLEA-2007-0062-1 2007-10-28
Debian DSA-1396-1 2007-10-27
Slackware SSA:2007-297-01 2007-10-26
SuSE SUSE-SA:2007:057 2007-10-25
Ubuntu USN-536-1 2007-10-23
Mandriva MDKSA-2007:202 2007-10-23
Fedora FEDORA-2007-2664 2007-10-24
Fedora FEDORA-2007-2601 2007-10-24
Ubuntu USN-535-1 2007-10-23
Debian DSA-1392-1 2007-10-20

Comments (1 posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 development kernel is 2.6.25-rc5, released on March 9. Linus says: "So the size of the -rc patches is finally starting to shrink, but we still have way too many outstanding regression reports." See the announcement for the short-form changelog, or the long-form changelog for all the details.

The flow of patches into the mainline git repository continues; they are mostly fixes, but, since the 2.6.25-rc5 release, Linus has also merged drivers for JMicron jmb38x MemoryStick host controllers, Varitronix VL-PS-COG-T350MCQB-01 displays, and RouterBoard 500 PATA Compact Flash controllers and removed the x86 quicklist feature.

The current -mm tree is 2.6.25-rc5-mm1. Recent changes to -mm include a number of memory policy changes, a rework of the signal delivery code, the simple tracing infrastructure, and a lot of cleanup patches.

There have been no stable kernel releases over the last week.

Comments (none posted)

Kernel development news

Quotes of the week

Things are going much much more smoothly now than they were in 2.6.24-rcX and 2.6.23-rcX. Tree integration problems are negligible and build errors are far fewer and runtime problems seem to be less too. Fingers crossed.
-- Andrew Morton

That is not particularly important, because Linux isn't a GNU package. If it were a GNU package, I would write to its maintainers to suggest using Bzr.
-- Richard Stallman

Comments (16 posted)

A better DMA memory allocator

By Jonathan Corbet
March 10, 2008
As any device driver author knows, hardware can be a pain sometimes. In the early days of Linux, peripherals attached to the ISA bus inflicted their particular variety of pain by being unable to use more than 24 bits to access memory. What that meant, in practical terms, was that ISA devices could not perform DMA operations on memory above 16MB. The PCI bus lifted that restriction, but, for some time, there were quite a few "PCI" devices that were minimally modified ISA peripherals; many of those retained the 16MB limit.

To handle the needs of these devices, Linux has long maintained the DMA memory zone. Drivers which need to allocate memory from that zone would specify GFP_DMA in their allocation requests. The memory management code takes special care to keep memory in that zone available so that DMA requests can be satisfied. In this way, the system can provide reasonable assurance that memory will be available to perform DMA in ways which meet the special needs of this particularly challenged hardware.

The only problem is that there aren't a whole lot of devices out there which still have the old 24-bit addressing limitation. So the DMA zone tends to sit idle. Meanwhile, there are devices with other sorts of limitations. Many peripherals only handle 32-bit addresses, so their DMA buffers must be allocated in the bottom 4GB of memory. There is a subset, however, with stranger limitations - 30 or 31-bit addresses, for example. The kernel's DMA library provides a way for drivers to disclose that sort of embarrassing limitation, but the memory management code does not really help the DMA layer make allocations which satisfy those constraints. So drivers for such devices must use the DMA zone (which may not be present on all architectures), or hope that normal zone memory fits the bill.

Andi Kleen has set out to clean up this situation with a new DMA memory allocator. His solution is to take a chunk of memory out of the kernel's buddy allocator entirely and manage it in an entirely different way, forming a reserve pool for DMA allocations. The result is a bit of a departure from normal Linux memory management algorithms, but it may well be better suited to the task at hand.

The new "mask" allocator grabs a configurable chunk of low memory at boot time. Allocations from this region are made with a separate set of calls, with the core API being:

    struct page *alloc_pages_mask(gfp_t gfp, unsigned size, u64 mask);
    void __free_pages_mask(struct page *page, unsigned size);

    void *get_pages_mask(gfp_t gfp, unsigned size, u64 mask);
    void free_pages_mask(void *mem, unsigned size);

alloc_pages_mask() looks a lot like the longstanding alloc_pages() function, but there's some important differences. The size parameter is the desired size of the allocation, rather than the "order" value used by alloc_pages(), and mask describes the range of usable addresses for this allocation. Though mask looks like a bitmask, it is really better understood as the address value that the allocated memory should have; "holes" in the mask would make no sense.

A call to alloc_pages_mask() will first attempt to allocate the requested memory using the normal Linux memory allocator, on the assumption that the reserved DMA memory is an especially limited resource. If the allocation fails, perhaps because there's no physically-contiguous chunk of sufficient size available, then the allocator will dip into the reserved DMA pool. If the normal allocation succeeds, though, the allocated memory must still be tested against the maximum allowable address: the normal memory allocator, remember, has no support for allocating below an arbitrary address. So if the returned memory is out of bounds, it must be immediately freed and the reserved pool will be used instead.

That reserved pool is not managed like the rest of memory. Rather than the buddy lists maintained by the slab allocator, the DMA allocator has a simple bitmap describing which pages are available. It will normally cycle through the entire memory region, allocating the next available chunk of sufficient size. If that chunk is above the memory limit, though, the allocator will move back to the lower end of the reserved pool and allocate from there instead. Since DMA allocations tend to be short-lived, one would expect that a suitable block of memory would either be available or become available in the near future.

One other difference of note is that, unlike the slab allocator, the DMA allocator does not round memory allocation sizes up to the next power of two. DMA allocations can be relatively large, so that rounding can result in significant internal fragmentation and memory waste.

At the next level up, Andi has added a new form of mempool which uses the DMA allocator:

    mempool_t *mempool_create_pool_pmask(int min_nr, int size, u64 mask);

This pool will behave like normal mempools, with the exception that all allocations will be below the limit passed in as mask. These pools are used in the block layer, where memory allocations for DMA must succeed.

One might object that reserving a big chunk of low memory for this purpose reduces the total amount of memory available to the system - especially if the DMA allocator is cherry-picking normal memory whenever it can anyway. But the cost is not as bad as one might think. These patches do away with the old DMA zone, which, for all practical purposes, was already managed as a reserved (and often unused) memory area. Some 64-bit architectures also set aside a significant chunk (around 64MB) of low memory for the swiotlb - essentially a set of bounce buffers used for impedance matching between high memory (>4GB) buffers and devices which cannot handle more than 32-bit addresses. With Andi's patch set, the swiotlb, too, makes allocations from the DMA area and no longer has its own dedicated memory pool. So the total amount of memory set aside for I/O will not change very much; it could, in fact, get smaller.

For most driver authors, there will be little in the way of required changes if this patch set gets merged. The DMA layer already allows drivers to specify an address mask with dma_set_mask(); with the DMA allocator in place, that mask will be better observed. The one change which might affect a few drivers is further down the line: eventually the GFP_DMA memory allocation flag will go away. Any driver which still uses this flag should set a proper mask instead.

So far, there has been little discussion resulting from the posting of these patches. Silence does not mean assent, of course, but it would appear that there is little opposition to this set of changes.

Comments (2 posted)

How to use a terabyte of RAM

By Jonathan Corbet
March 12, 2008
We have not yet reached a point where systems - even high-end boxes - come with a terabyte of installed memory. But products like those from Violin Memory make it clear that the day is coming; one can buy a Violin box with 500GB in it now. So it seems worth asking the question: once one has spent the not inconsiderable sum to buy a box like that, what does one do with all that memory - especially now that the Firefox developers have gotten serious about fixing memory leaks?

Perhaps it's time for some wild ideas. And there is no better source for such ideas than Daniel Phillips, whose Ramback patch has stirred up a bit of discussion this week. The core idea behind Ramback is that all of that memory is turned into a ramdisk, but with a persistent device attached to it. In normal conditions, all application I/O involves only the ramdisk, and is, thus, quite fast ("Every little factor of 25 performance increase really helps."). In the background, the kernel worries about synchronizing data from the ramdisk onto permanent storage. But the synchronization process is mostly concerned with I/O performance, rather than providing guarantees about just when any given block will make it onto the disk platters.

Ramback thus differs from the normal block I/O caching done by the kernel in a number of ways. It keeps the entire device in memory, so that, in steady-state operation, applications need never encounter a disk I/O delay. Should an application call fsync(), the expected result (blocking until the data is written to physical media) will not happen. Filesystems take great care to order operations in a way that minimizes the risk of data loss in a crash; Ramback ignores all of that and writes data to physical media in whatever order it decides is best. As Daniel put it, the "most basic principle" of Ramback's design is:

[T]he backing store is not expected to represent a consistent filesystem state during normal operation. Only the ramdisk needs to maintain a consistent state, which I have taken care to ensure. You just need to believe in your battery, Linux and the hardware it runs on. Which of these do you mistrust?

Ramback does include an emergency mode which will endeavor to bring the disk up to date in a hurry should the UPS indicate that power has been lost. But that does not seem to be enough for everybody. In the resulting discussion, nobody complained about the sort of performance benefits that a tool like Ramback could provide. But there was a lot of concern about data integrity; it seems that many people distrust their battery, their hardware, and Linux. And that has led to a sort of impasse, with several developers claiming that Ramback would be too risky to use and Daniel dismissing their concerns as FUD.

FUD or not, those concerns are likely to be a difficult barrier for Ramback to overcome. Meanwhile, Daniel is looking for people to help test out the code, but that presents challenges of its own:

This driver is ready to try for a sufficiently brave developer. It will deadlock and livelock in various ways and you will have to reboot to remove it. But it can already be coaxed into running well enough for benchmarks, and when it solidifies it will be pretty darn amazing.

So far, reports from suitably courageous testers have been, well, scarce. Your editor fears that this work could suffer the same fate as many of Daniel's other patches: they can contain brilliant ideas and great coding but just don't quite survive the encounter with the real, messy world. But we need people thinking about how our systems will work in the coming years; one hopes that Daniel won't stop.

Comments (33 posted)

GCC 4.3.0 exposes a kernel bug

By Jake Edge
March 7, 2008

A change to GCC for a recent release coupled with a kernel bug has created a messy situation, with possible security implications. GCC changed some assumptions about x86 processor flags, in accordance with the ABI standard, that can lead to memory corruption for programs built with GCC 4.3.0. No one has come up with a way to exploit the flaw, at least yet, but it clearly is a problem that needs to be addressed.

The problem revolves around the x86 direction flag (DF), which governs whether block memory operations operate forward through memory or backwards. The main use for the flag is to support overlapping memory copies, where working backwards through memory may be required so that the data being copied does not get overwritten as the copy progresses. Debian hacker Aurélien Jarno reported the problem to linux-kernel on March 5th, which was found when building Steel Bank Common Lisp (SBCL) using the new compiler.

GCC's most recent release, 4.3.0, assumes that the direction flag has been cleared (i.e. memory operations go in a forward direction) at the entry of each function, as is specified by the ABI (which is, somewhat amusingly, found at sco.com [PDF]). Unfortunately, this clashes with Linux signal handlers, which get called, incorrectly, with the flag in whatever state it was in when the signal occurred. This has the effect of leaking one bit of state from the user space process that was running when the signal occurred to the signal handler, which could be in another process.

That, in itself, is a bug, seemingly with fairly minimal impact. Prior to 4.3, GCC would emit a cld (clear direction flag) opcode before doing inline string or memory operations, so those operations would start from a known state. In 4.3, GCC relies on the ABI mandate that the direction flag is cleared before entry to a function, which means that the kernel needs to arrange that before calling a signal handler. It currently doesn't, but a small patch fixes that.

The window of vulnerability is small, but was observed in SBCL. The sequence of events that would lead to memory corruption are as follows:

  • a user space program does an operation (memmove() for example) that sets DF
  • a signal occurs for some process
  • the kernel calls the signal handler
  • the signal handler does a memmove() in what it thinks is a forward direction
  • the memory is copied in the reverse direction, leading to corruption
It is hard to see how that could be turned into a security breach, but it would be a mistake to assume that it can't. Other kernel bugs, like the one that allowed the recent vmsplice() exploit, have looked liked memory corruption, but were found to be more than that. The DF issue may turn out to be harmless from a security standpoint, but it should not be assumed.

So, now the question is: what to do about it. It is clear that the kernel should not leak the DF state to signal handlers, regardless of what GCC does. It is interesting to note that this behavior is the same (DF is not cleared on entry to a signal handler) on BSD kernels, leading some to claim that it is the ABI that is incorrect and that GCC should revert to its old behavior. Solaris kernels do clear the DF before calling signal handlers. This problem has existed for 15 years; GCC has always emitted code that worked correctly on kernels that did not follow the ABI, until now.

Part of the problem is that there are an enormous number of installed kernels that are vulnerable to this problem, but only if GCC 4.3 is installed. That version of GCC is not, yet, in widespread use, so the thinking is that GCC should revert its behavior now, before it gets into distributions. As kernels with the fix become more widespread, the "proper" behavior could be restored. The GCC folks don't necessarily see it that way, so it is unclear what will happen.

While it is true that distributors can control what kernel version and GCC version they ship, those aren't the only ways that either GCC or GCC-compiled binaries get installed. It is a bit of ticking time bomb for random memory corruption at a minimum. Handling those bug reports will be very difficult and time consuming. While the new behavior of GCC is correct, and the kernel is broken, it would be very helpful to back out this change, perhaps providing the new behavior via a command-line argument for those who are sure their binaries will be running on patched kernels. Some discussion on the gcc-devel list would indicate that a GCC 4.3.0.1 or 4.3.1 may be forthcoming.

Comments (53 posted)

Patches and updates

Kernel trees

Core kernel code

Development tools

Device drivers

Documentation

Filesystems and block I/O

Memory management

Networking

Architecture-specific

Security-related

Virtualization and containers

Miscellaneous

Page editor: Jonathan Corbet

Distributions

News and Editorials

News from the Debian security team

By Jake Edge
March 12, 2008

A note from the Debian security team shows a number of new initiatives and plans. The team recently expanded by two while looking for up to two more folks to round it out. That, coupled with a number of new initiatives makes for some interesting news from the Debian security world.

Adding people to the team adds more eyes to find bugs, but, perhaps more importantly, adds more hands to actually patch the code when bugs are found. In many cases, the upstream project will fix the vulnerability in its latest release, leaving the distribution security team to backport the fix into whatever version they are shipping. This takes knowledge; one must understand the code and how to build it for Debian. They have not set the bar low for the kind of folks they are looking for:

You need to be familiar with how the wide variety Debian packages are maintained, patched and built. If you're not scared by packages generating their patch series by applying sed statements from cdbs include files before passing the patches through an awk filter to quilt until they're finally built with yada, you might be the right person.

The team is now using Request Tracker to track security bugs and updates. Two separate categories have been established, one for upstream bugs that are not yet public, the other for publicly known bugs. This allows the team to track all the bugs, but not prematurely release information about security vulnerabilities that are not yet public.

Two other changes will help with the quality of security patches. The first is a public patch review mailing list that is being formed to allow interested parties to see what patches are being proposed. Presumably this would only apply to public vulnerabilities or the list membership will need to be tightly controlled.

The other quality boosting change is to use the time between when a patch is completed and when it is has been ported and built for all of the architectures to further test the patch. The team is looking for large installations that normally install security updates in their own test environment before rolling them out to their live systems. Leveraging those test environments to further exercise the patched code can only lead to better code in the long run.

Security is an important part of any distribution, so it is nice to see these kinds of initiatives. More team members, testing, and tracking are all likely to bring about a faster and better response to security problems in the future.

Comments (none posted)

New Releases

64 Studio 2.1rc1 is out

The first release candidate of 64 Studio 2.1 has been announced. Click below for a list of known bugs and other information.

Full Story (comments: none)

Ubuntu Hardy Alpha 6 released

The sixth Alpha release of the Hardy Heron is available for testing. It can be downloaded for Ubuntu, Kubuntu, Kubuntu-KDE4, Edubuntu, Ubuntu JeOS, Xubuntu, Gobuntu and UbuntuStudio; depending on your flavor preference.

Full Story (comments: none)

Distribution News

Debian GNU/Linux

Nominations complete for Debian Project Leader Election

Three candidates for the Debian Project Leader (DPL) position have been identified. Marc 'HE' Brockschmidt, Raphaël Hertzog, and Steve McIntyre will be starting to campaign for the position. Voting begins March 30th. Click below for more information.

Full Story (comments: none)

Bits from the armel porters

Debian now support the armel architecture. "Armel supports many modern ARM instruction sets that were not possible with the old port, such as thumb, VFP and NEON. And very important for the port in general, armel is well supported upstream, while the old abi risks bitrotting."

Full Story (comments: none)

Fedora

Announcing the relaunch of the Fedora BugZappers!

The official re-launch of the Fedora Bug Triage Process has been announced. "Are you looking for a meaningful way to contribute to Fedora that does not require you to be a developer or package maintainer? Do you have a genuine desire to help people? Do you want to learn more about a particular component within Fedora? If so, then the triage team is for you!"

Full Story (comments: none)

An easy way to watch new Fedora bugs

You can now watch for Fedora bugs in your RSS reader. Locate the newest bugs for triaging by adding a feed for Fedora 7, Fedora 8 or rawhide.

Full Story (comments: none)

Fedora Bangladesh mailing list

A new Fedora Bangladesh mailing list has been created for Fedora and Red Hat Bangladeshi Users.

Full Story (comments: none)

Fedora Project Brazil Releases Online Magazine

The Brazilian branch of the Fedora Project has announced the release of the first issue of Revista Fedora Brasil (Fedora Brazil Magazine), an online magazine about Fedora made by Brazilian Ambassadors and Linux community members for those who speak Portuguese. The first edition features Fedora 8 and contains much more.

Full Story (comments: 1)

Red Hat Enterprise Linux

Red Hat's war on RHEL

This is about a month old, better late than never...Red Hat Magazine has put up a "tips and tricks article" on a question which must be on the top of everybody's list: How does one properly refer to Red Hat Enterprise Linux? They provide a couple dozen verbose alternatives, then assert: "It is never correct to abbreviate 'Red Hat Enterprise Linux' as 'RHEL'" A search for "RHEL" on redhat.com suggests that a few in-house people haven't gotten this memo yet. (Seen on 451 CAOS Theory).

Comments (23 posted)

SUSE Linux and openSUSE

Announcing the Official openSUSE Forums

The openSUSE project has announced the merger of the three largest English speaking dedicated SUSE forums, into the new official openSUSE Forums at forums.opensuse.org.

Full Story (comments: none)

Distribution Newsletters

Ubuntu Weekly Newsletter #81

The Ubuntu Weekly Newsletter for March 8, 2008 covers the release of Hardy Alpha 6, interesting Brainstorm stats, interview with Server developer Mathias Gug, and much more.

Full Story (comments: none)

PCLinuxOS Magazine Issue 19

The March 2008 edition of PCLinuxOS Magazine is out. Articles include "Dansguardian Howto", "Miro, Miro, on the wall", "KDE User Guide Chapter 1", and much more.

Comments (none posted)

OpenSUSE Weekly News/13

This week the OpenSUSE Weekly News covers the announcement of the Official openSUSE Forums, Preparing for Board elections, openSUSE User-base growing nicely, Firefox 3.0 Beta 4 Packages, New YaST/ZYpp repository layout, In Tips and Tricks: Creating a DVD from YouTube videos, and more.

Comments (none posted)

Fedora Weekly News Issue 123

The Fedora Weekly News for March 3, 2008 is out. This edition looks at Planet Fedora articles "Bonnie in Laurinburg", "RSS feeds of bugs!", "Howto: Test the WebKit engine in Fedora" and "Hints for making Evolution faster"; Fedora Marketing articles "Interview with Max Spevack and Paul Frields", "Linux Powers The Spiderwick Chronicles", "Name for Fedora Compute Grid Project", "ext4 Implementation Interview"; and several other topics.

Full Story (comments: none)

DistroWatch Weekly, Issue 243

The DistroWatch Weekly for March 10, 2008 is out. "This week belongs to the fans of GNOME. The brand new version 2.22 of the popular desktop environment is scheduled for release on Wednesday and everything suggests that we can expect another great set of improvements that will grace the upcoming releases of all major distributions. In the news section, we'll take a quick look at the new features and applications in Mandriva Linux 2008.1, follow the development of the Xfce spin of Fedora 9, pass on a request from Theo de Raadt to test the upcoming OpenBSD 4.3, and link to the freely downloadable DVD images of Yellow Dog Linux 6.0. Finally, while we all await impatiently the first beta release of Gentoo Linux 2008.0, we take a look at some of the exciting new features in the upcoming release of the Gentoo-based Sabayon Linux 3.5."

Comments (none posted)

Interviews

Developer interview: Eric Sandeen on ext4 implementation

Rodrigo Menezes talks with Eric Sandeen about the ext4 implementation in Fedora 9. "How much upstream development does Fedora drive on Ext4? Eric Sandeen: ext4 development has been a joint effort by several entities. A quick look at the linux-ext4 mailing list will show contributions from several companies and individuals, all interested in helping to develop ext4. One of my responsibilities at Red Hat is to do filesystem work for Fedora and RHEL, so I've also been doing what I can to move things along by submitting patches, testing, fixing, etc."

Comments (29 posted)

People of openSUSE: Detlef Reichelt

People of openSUSE introduce Detlef Reichelt. "When did you join the openSUSE community and what made you do that? In the year 2004 I joined the PackMan-Team. At this time I was looking for x86_64 RPMs. When I realized that there was nothing available, I rebuilt the PackMan-RPMs for x86_64."

Comments (none posted)

Page editor: Rebecca Sobol

Development

Monitor disks with the S.M.A.R.T. monitoring tools

By Forrest Cook
March 11, 2008

The S.M.A.R.T. Monitoring Tools (Smartmontools) is a cross-platform set of utilities that are able to monitor operating data from hard drives:

The smartmontools package contains two utility programs (smartctl and smartd) to control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA and SCSI hard disks. In many cases, these utilities will provide advanced warning of disk degradation and failure. It should run on any modern Darwin (Mac OSX), Linux, FreeBSD, NetBSD, OpenBSD, Solaris, OS/2, eComStation, QNX, or Windows system.

Wikipedia defines SMART as the Self-Monitoring, Analysis, and Reporting Technology: "Mechanical failures, which are usually predictable failures, account for 60 percent of drive failure. The purpose of S.M.A.R.T. is to warn a user or system administrator of impending drive failure while time remains to take preventative action — such as copying the data to a replacement device. Approximately 30% of failures can be predicted by S.M.A.R.T."

Version 5.38 of Smartmontools was recently announced. Improvements include:

  • Several Libata/Marvell driver improvements.
  • New additions to the drive database.
  • ATA-8 updates.
  • New Dragonfly support.
  • Support for the QNX operating system.
  • A new no-fork option for smartd.
  • Better support for systems with large numbers of disks.
  • Improvements to the descriptions of the SMART Attribute list.
  • A workaround for a Samsung firmware bug.
  • Improvements to the CCISS support system.
  • New selective self-test command line options.
  • Build system portability improvements.
  • Numerous bug fixes.

Building Smartmontools was straightforward. The code was downloaded and unpacked. The usual configure, make and make install steps were performed on an Ubuntu 7.04 system with no troubles. The operation instructions from the README file were followed and the software was able to discover data from the one hard drive on the test system. This example output shows the wide variety of drive information that Smartmontools can display. The drive appears to be healthy.

If you are a systems administrator who needs to keep track of hard drive reliability data, Smartmontools be able to provide some useful drive information. With the addition of a small amount of glue-logic scripting, it should not be too difficult to set up an automated drive monitoring system.

Comments (10 posted)

System Applications

Database Software

Firebird 2.1 Release Candidate 2 announced

Release Candidate 2 of the Firebird DBMS has been announced. "The Firebird Project team is happy to announce that download kits for the second (and hopefully, last) V.2.1 release candidate are now available for Windows and Linux 32-bit and 64-bit platforms. MacOSX Intel 32-bit are there, x64 still in QA, coming soon. You are invited to test it with as much rigour and vigor as you like and report your experiences (good or bad) back to the firebird-devel or the firebird-test list."

Comments (none posted)

MySQL 6.0.4 alpha has been released

Version 6.0.4 alpha of the MySQL DBMS has been announced. "MySQL 6.0.4-alpha, a new version of the MySQL database system including the Falcon transactional storage engine (now at beta stage), has been released."

Full Story (comments: none)

SE-PostgreSQL 8.3 is available

Version 8.3 of Security-Enhanced PostgreSQL (SE-PostgreSQL), a DBMS that is built on the SELinux architecture, has been announced. "The base version was upgraded to PostgreSQL 8.3.0 It enabled to share external libraries (like -contrib package) with original PostgreSQL. Cumulative bugfixes."

Full Story (comments: none)

Postgres Weekly News

The March 9, 2008 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Interoperability

Samba 3.0.28a available for download

Version 3.0.28a of Samba has been announced. "This is a bug fix release of the Samba 3.0.28 code base and is the version that servers should be run for for all current Samba 3.0 bug fixes."

Full Story (comments: none)

Networking Tools

d3vscan: Alpha 7 Release (SourceForge)

The Alpha 7 release of d3vscan has been announced. "d3vscan is a simple yet powerful[] network and bluetooth scanner which is based on PyGTK. d3vscan is a network manager which is able to uniquely identify and graphically plot network & Bluetooth devices to provide a higher degree of understanding of a particular network.d3vscan is also simple enough to be used by an average end user for free. Alpha 7 release features Map View for Bluetooth and Network modes."

Comments (none posted)

Security

conntrack-tools 0.9.6 released

Version 0.9.6 of conntrack-tools has been announced. "The netfilter project proudly presents another development release of the conntrack-tools. This release includes important improvements, new features and bugfixes".

Full Story (comments: none)

libnetfilter_conntrack 0.0.89 released

Version 0.0.89 of libnetfilter_conntrack has been announced. "libnetfilter_conntrack is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table. This release includes new features and minor fixes."

Full Story (comments: none)

libnfnetlink release 0.0.33

Version 0.0.33 of libnfnetlink has been announced. "The netfilter project proudly presents libnfnetlink 0.0.33. This release includes minor bugfixes and updates. Changelog attached. libnfnetlink is the low-level library for netfilter related kernel/userspace communication."

Full Story (comments: none)

Web Site Development

lighttpd 1.4.19 announced

Version 1.4.19 of lighttpd, a light-weight web server, has been announced. "It has been almost half a year since 1.4.18. 6months. Jan has been working on many interesting features for 1.5. [1] Currently he ports it to glib2. But back to 1.4.19. Yes again the release date was nailed down by a few security bugs. *cough* Nevertheless we got a ton of other nice bugfixes. All praise our new lighttpd hero Stefan Bühler. Big thank you from my side."

Comments (none posted)

Desktop Applications

Animation Software

Synfig 0.61.08 released

Version 0.61.08 of Synfig, a vector-based 2D animation package, has been released. "Synfig version 0.61.08 was released on March 3rd 2008. It is the result of several months of contributions by the free software community. It has security fixes, far fewer bugs, several usability enhancements, a few new features and other improvements."

Full Story (comments: none)

Synfig irregular news

The March 10, 2008 edition of the Synfig Irregular News covers the latest news from the Synfig 2D vector animation studio project.

Full Story (comments: none)

Audio Applications

Snd-ls 0.9.8.5 and San Dysth 0.1.1 announced

Version 0.9.8.5 of the Snd-ls audio editor and version 0.1.1 of San Dysth, a software synthesizer, are out.

Full Story (comments: none)

Desktop Environments

GNOME 2.22 released

GNOME 2.22 is out, right on schedule. There's a lot of new stuff in this release, including the "cheese" photo application, more 3D effects, a new virtual filesystem layer, Flash playback with swfdec, a remote desktop viewer, and much more; see the release notes for details and screenshots.

Full Story (comments: 17)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (2 posted)

KDE 4.0.2 Brings New Plasma Features (KDE.News)

KDE.News takes a look at KDE 4.0.2. "KDE 4.0.2 has, along with the bugfixes some new features in Plasma. The panel can now be configured to sit somewhere else than at the bottom and UI options for changing its size have been added. Do not let yourself be distracted by those new things, there are also plenty of bugfixes, performance improvements and translation updates in there, among which support for two new languages: Persian and Icelandic. KDE 4.0.2 is thus available in 49 whopping languages, and more are soon to come."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Educational Software

FET: 5.5.0 released (SourceForge)

Version 5.5.0 of FET has been announced. "FET is free timetabling software for schools, high-schools and universities. Scheduling is done automatically."

Comments (none posted)

Electronics

XCircuit 3.4.28 released

Stable version 3.4.28 of XCircuit, an electronic schematic capture application, is out with numerous enhancements.

Comments (none posted)

GUI Packages

FLTK 1.1.8rc2 released

Version 1.1.8rc2 of FLTK has been announced. Changes include: "documentation fixes, updated included image and compression libraries to their current releases fixed fl_read_image issue on X11."

Comments (none posted)

Interoperability

Wine 0.9.57 released

Version 0.9.57 of Wine has been announced. Changes include: Support for multiple OpenGL pixel formats. Improved support for color profiles. Many window management fixes. Better fullscreen support. Lots of bug fixes.

Comments (none posted)

Multimedia

Elisa 0.3.5 released

Version 3.5 of Elisa has been announced. "Elisa is a project to create an open source cross platform media center solution. While our primary development and deployment platform is GNU/Linux and Unix operating systems we also currently support MacOSX and also hope to support Microsoft Windows in the future. In addition to personal video recorder functionality (PVR) and Music Jukebox support, Elisa will also interoperate with devices following the DLNA standard like Intel's ViiV systems. Elisa uses Twisted and GStreamer."

Full Story (comments: none)

Office Suites

OpenOffice.org moving to LGPLv3

The OpenOffice.org project has announced that, as of the first OpenOffice.org 3.0 beta release, that software will be licensed under version 3 of the GNU LGPL. "This move forward is the natural evolutionary step to take for a codebase using a license from the FSF license family. The drafting process for the license involved substantial FOSS community input and we will benefit from this work. In particular, the new license includes additional protections for the community against software patents." The contributor agreement for OOo is also changing.

Full Story (comments: 9)

Video Applications

Dirac video codec 1.0 released

The Schrödinger project has announced the availability of the 1.0 version of the Dirac video codec. "Schrödinger core is implemented in ANSI C with further assembly level optimisations provided through the liboil optimisation library. The Schrödinger decoding and encoding components offer a stable ABI for developers which will enable easy integration of Dirac support for application and media framework developers. The Schrödinger project also includes a set of GStreamer plugins as an example of how to use the Schrödinger library in a modern multimedia framework." (thanks to Timo Jyrinki)

Comments (18 posted)

The first Gnash beta is out

Gnash 0.8.2 - deemed the first beta release - is available. "Gnash is a GPL'd SWF movie player and browser plugin for Firefox, Mozilla, and Konqueror. Gnash supports many SWF v7 features and ActionScript 2 classes. with growing support for SWF v8 and v9." There is a long list of improvements made since the alpha release; click below for details.

Full Story (comments: 21)

Web Browsers

A look at memory usage in Firefox 3

"Pavlov" has posted a detailed look at what was done to reduce memory usage in Firefox 3. "Another fantastic change from Alfred Kayser changed the way we store animated GIFs so that they take up a lot less memory. We now store the animated frames as 8bit data along with a palette rather than storing them as 32 bits per pixel. This savings can be huge for large animations. One extreme example from the bug showed us drop from using 368MB down to 108MB — savings of 260MB!"

Comments (17 posted)

Mozilla Firefox 3 Beta 4 released (MozillaZine)

MozillaZine has announced the availability of the Beta 4 release of Mozilla Firefox 3. "Mozilla Firefox 3 Beta 4 has been released for testing. The fourth beta of the next major Firefox version offers over 900 bug fixes over Beta 3, including improvements in download manager, full page zoom, better integration with Vista, Mac OS X and Linux, and significant improvements in speed and memory usage."

Comments (none posted)

Languages and Tools

C

GCC 4.3.0 Released

Version 4.3.0 of the Gnu Compiler Collection (GCC) is out. "GCC 4.3.0 is a major release, containing substantial new functionality not available in GCC 4.2.x or previous GCC releases." See the article GCC 4.3.0 exposes a kernel bug for a discussion of an issue raised by the x86 direction flag (DF).

Full Story (comments: none)

C#

MonoDevelop 1.0 released

Novell has sent out a press release on the availability of MonoDevelop 1.0 and the Mono 2.0 beta release. "MonoDevelop enables developers to quickly write desktop and ASP.NET Web applications on Linux and Mac OS X. MonoDevelop will make it easier for developers to port .NET applications created with Visual Studio to Linux and Mac OS X and to maintain a single code base for all three platforms."

Comments (3 posted)

Caml

Caml Weekly News

The March 11, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

Haskell

Haskell Weekly News

The March 09, 2008 edition of the Haskell Weekly News is online. Nearly 100 new and updated libraries and tools have been released, along with new jobs, and Haskell.org's participation in the Google Summer of Code project.

Comments (none posted)

HTML

CSSBox: 1.0 released (SourceForge)

Version 1.0 of CSSBox has been announced. The software description states: "An (X)HTML/CSS rendering engine written in pure Java. Its primary purpose is to provide a complete information about the rendered page suitable for further processing. However, it also allows displaying the rendered document. The 1.0 version of the CSSBox rendering engine has been released. It contains a new block width computation algorithm, many improvements and bugfixes."

Comments (none posted)

Java

Avian 0.0.1 announced

Version 0.0.1 of Avian has been announced, it includes major bug fixes. "Avian is a lightweight virtual machine and class library, both written from scratch to provide a useful subset of Java's features. It's well-suited to cross-platform applications which need a typesafe language but must remain small and self-contained." (Thanks to Joel Dice).

Comments (none posted)

GNU Classpath 0.97.1 released

Version 0.97.1 of GNU Classpath has been announced. "We are proud to announce the release of GNU Classpath 0.97.1, the first bugfix release for GNU Classpath 0.97. GNU Classpath, essential libraries for java, is a project to create free core class libraries for use with runtimes, compilers and tools for the java programming language."

Full Story (comments: none)

Perl

This Week on perl5-porters (use Perl)

The February 24-29, 2008 edition of This Week on perl5-porters is out with the latest Perl 5 news.

Comments (none posted)

Python

CodeInvestigator 0.7.5 announced

Version 0.7.5 of CodeInvestigator, a tracing tool for Python programs, has been announced. Changes include new Firefox support and a bug fix.

Full Story (comments: none)

Python-URL! - weekly Python news and links

The March 10, 2008 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The March 5, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Cross Compilers

SDCC 2.8.0 RC1 released

Version 2.8.0 RC1 of SDCC, the Small Device C Compiler, has been announced. This version adds many new capabilities and some bug fixes. "SDCC is a retargettable, optimizing ANSI - C compiler that targets the Intel 8051, Maxim 80DS390, Zilog Z80 and the Motorola 68HC08 based MCUs. Work is in progress on supporting the Microchip PIC16 and PIC18 series. SDCC is Free Open Source Software, distributed under GNU General Public License (GPL)."

Comments (none posted)

Editors

Komodo Edit released as free software

ActiveState has announced that its "Komodo Edit" utility is now available under any of the MPL, GPL, or LGPL. "Komodo Edit, based on the award-winning Komodo IDE, offers sophisticated support for all major scripting languages, including in-depth autocomplete and calltips, multi-language file support, syntax coloring and syntax checking, Vi emulation, and Emacs key bindings."

Comments (8 posted)

Libraries

UnitsC++: First release (SourceForge)

The first release of UnitsC++ has been announced. "UnitsC++ is a lightweight C++ library that lets you use unit objects for performing type-safe numerical calculations involving physical units. It 1) is easy to use, 2) results in very readable code, 3) is easy to change to fit your needs. UnitsC++ targets scientists and engineers writing code in C++ that performs numerical calculations."

Comments (none posted)

Version Control

GIT 1.5.4.4 released

Version 1.5.4.4 of the GIT distributed version control system is out with numerous enhancements and bug fixes.

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Top 10 Linux Desktop Hurdles (Intranet Journal)

Intranet Journal covers 10 hurdles for Linux on the desktop. "In the past, many desktop Linux users have opted to simply point to the hardware industry or Microsoft as the root cause of a lack of mainstream adoption. In reality, there are actually core issues extending beyond hardware -- and competition from the proprietary markets -- that simply must be dealt with head on. With that said, hardware compatibility and competition from closed-source vendors are valid issues, just not solid core excuses for the lack of mainstream interest. Here are the real hurdles..."

Comments (6 posted)

GNU/Linux World Domination for the Wrong Reasons (Datamation)

Over at Datamation, Bruce Byfield has a thoughtful piece about Linux and world domination. "At its most basic, free software is about helping users gain control of their computers so that they can participate unhindered in the digital conversations of the networks and the Internet. It's about installing software freely, rather than being dictated to by the manufacturer. It's about using your computer the way that you want, instead of ceding control to lock-down devices installed by software vendors without permission on your machine."

Comments (38 posted)

Trade Shows and Conferences

KDE at CeBIT 2008 (KDE.News)

KDE was present at CeBIT 2008 in Hannover. "Thanks to our great community the KDE booth was always very well staffed, both by experienced KDE contributors and our friends in the Fedora community, but also by users who volunteered and so made their first-time contributions to the KDE world. It's nice to see such enthusiastic new contributors coming to KDE!"

Comments (none posted)

MIX - Novell's de Icaza criticizes Microsoft patent deal (LinuxWorld)

Miguel de Icaza spoke out against Microsoft at the MIX 08 conference. "Open-source pioneer and Novell Vice President Miguel de Icaza Thursday for the first time publicly slammed his company's cross-patent licensing agreement with Microsoft as he defended himself against lack of patent protection for third parties that distribute his company's Moonlight project, which ports Microsoft's Silverlight technology to Linux."

Comments (76 posted)

Companies

Nero Linux moves ahead with HD DVD, Blu-ray support (BetaNews)

BetaNews covers the planned launch of Nero Linux 3.5 "During the CeBIT computer show in Hannover, Germany, Nero announced plans to launch Nero Linux 3.5, which now promises to run on Linux subnotebooks with smaller screen resolutions. Although there are several different options for Linux users wanting to create CDs or DVDs, Nero Linux is different because it offers users the ability to back up Blu-ray and HD DVD content easily. Further, the GUI in the Linux version is very similar to the one used in Windows."

Comments (none posted)

Red Hat adds top intellectual property lawyers (Linux-Watch)

Linux-Watch covers Red Hat's hiring of two intellectual property lawyers. "It's a sign of the times when a major open-source company makes a big deal of hiring not top developers, but top lawyers. On March 5, Red Hat announced that it is hiring top intellectual property attorneys Robert Tiller, as vice president and assistant general counsel, and Richard Fontana, as open-source licensing and patent counsel."

Comments (1 posted)

Wal-Mart Ends Test of Linux in Stores (Associated Press)

This press release has some mixed messages. On the one hand: "Computers that run the Linux operating system instead of Microsoft Corp.'s Windows didn't attract enough attention from Wal-Mart customers, and the chain has stopped selling them in stores, a spokeswoman said Monday." But this report goes on to say that "Walmart.com now carries an updated version, the gPC2, also for $199, without a monitor. The site also sells a tiny Linux-driven laptop, the Everex CloudBook, for $399."

Comments (26 posted)

Linux Adoption

Linux well suited to SMB market (itbusiness.ca)

IT Business Canada looks at Linux in the small-medium business (SMB) market. It is a huge market that is being targeted by many proprietary and free software vendors with Linux making some headway. "Rupani adds that other cost savings associated with open source include using Linux servers in a variety of roles such as file server and Web server. In addition, Linux servers can service a large number of users at no extra cost apart from the additional hardware."

Comments (none posted)

Linux at Work

Linux tool speeds up police computer forensics (ZDNet)

ZDNet reports on a Linux-based live CD that can analyze computers used in criminal activities. "Called Simple (Simple Image Preview Live Environment), the software allows investigators to view and acquire forensic data at the scene of the crime without compromising the integrity of data as it is collected. "It's a Linux Live CD that we have built from the ground up. We customised the kernel and the underlying operating system so that, when it runs, it's incapable of writing to the hard disk or any other storage," Peter Hannay, the software developer behind the forensic acquisition tool, told ZDNet.com.au."

Comments (14 posted)

Resources

Secure temporary files in Linux (ZDNet India)

ZDNet India has some tips on securing /tmp and friends on Linux. "One problem with directories meant to store temporary files is that they can often be targeted as places to store bots and rootkits that compromise the system. This is because in most cases, anyone (or any process) can write to these directories."

Comments (22 posted)

Miscellaneous

Negroponte Not Seeking Replacement, OLPC XO to Run Windows in 60 Days or Less (Laptop Magazine)

Laptop Magazine is reporting two interesting things about the OLPC. The first is that contrary to other reports, Nicholas Negroponte is not looking to "replace" himself, but is looking for a CEO for the company. The second is that Windows XP will be available for the XO soon. "'Microsoft and OLPC are in discussion on how to release it, as well as how to announce,' he said. Negroponte added that the Windows operating system should be available on the XO in less than 60 days." (seen on OLPC News)

Comments (8 posted)

Samba 4 hits alpha status, but 2008 release unlikely (SearchEnterpriseLinux.com)

SearchEnterpriseLinux.com looks at the Samba 4 release schedule. "Are you curious about Samba 4, the ambitious new version of the open source program that provides an interface between Linux and Unix print and file servers and Microsoft Windows clients? As of last month, version 4.0.0alpha2 is available for download, and Samba team authentication developer Andrew Bartlett is encouraging others to play around with the release and report the findings."

Comments (none posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

BusyBox settles another lawsuit

The Software Freedom Law Center has sent out a press release on the settlement of another BusyBox GPL-infringement lawsuit. "As a result of the plaintiffs agreeing to dismiss the lawsuit and reinstate High-Gain Antennas' rights to distribute BusyBox under the GPL, High-Gain Antennas has agreed to appoint an Open Source Compliance Officer within its organization to monitor and ensure GPL compliance, to publish the source code for the version of BusyBox it previously distributed on its Web site, and to undertake substantial efforts to notify previous recipients of BusyBox from High-Gain Antennas of their rights to the software under the GPL. The settlement also includes an undisclosed amount of financial consideration paid by High-Gain Antennas to the plaintiffs."

Comments (45 posted)

GNOME Foundation Annual Report for 2007

The GNOME Foundation has released an annual report as a rather slickly-produced PDF file. "We have completed our original goal. Ten years ago, GNU/Linux distributions did not include a free and usable web browser. Ten years ago, using only free software, you could not do graphic design and illustration, you could not balance your checkbook, you could not download pictures from your camera to the computer, you could not do phone calls over the Internet, you could not create a spreadsheet with pie charts, and you could not plug a USB drive into your computer and expect it to 'just work'. Okay, USB sticks didn't exist ten years ago, but you get the idea."

Full Story (comments: 23)

Google Summer of Code 2008 (MozillaZine)

MozillaZine has announced the participation of the Mozilla project in the Google Summer of Code 2008. "Gervase Markham wrote in to inform us that Mozilla intends to participate in Google Summer of Code 2008 as a mentoring organization. Gerv's weblog post calls on interested people to submit proposals at the Brainstorming page at mozilla wiki."

Comments (none posted)

New OpenOffice.org license and contributor agreement

The OpenOffice.org office suite project has announced license change and a new contributor agreement. "The license for code is changing from the early LGPL v 2.1 to 3.0 effective the Beta of OpenOffice.org 3.0. (The actual date of this beta has not been finalized.) The Joint Copyright Assignment form (JCA) is being replaced by the Sun Microsystems Inc. Contributor Agreement (SCA). This change is effective immediately with this announcement."

Full Story (comments: none)

Petition calls for Open Standards in the European Parliament

The Free Software Foundation Europe has announced a petition that calls for open standards in the European Parliament. "At a time when the EU Commission investigates the anti-competitive behaviour of a market-dominant player, the European Parliament (EP) still imposes that same specific software choice on both the European Union's citizens and its own MEPs. OpenForum Europe, The European Software Market Association, and the Free Software Foundation Europe today launched a petition to call on the EP to use Open Standards so that all citizens can participate in the democratic process."

Full Story (comments: none)

SFLC: Do not rely on Microsoft's Open Specification Promise

The Software Freedom Law Center has posted a position paper on Microsoft's recently-announced "Open Specification Promise" and how it relates to free software. "In response to these requests for clarification, we publicly conclude that the OSP provides no assurance to GPL developers and that it is unsafe to rely upon the OSP for any free software implementation, whether under the GPL or another free software license."

Comments (6 posted)

Commercial announcements

Funambol launches new Code Sniper projects

Funambol has announced new Code Sniper projects. "Code Sniper is Funambol's community program that rewards developers with monetary bounties to work on open source projects that benefit mobile users around the globe. This new slate of Code Sniper projects ranges from syncing pictures of friends on social networks to the address book on a mobile phone, to making it easy to invite your mobile contacts to join your favorite social network. All of the apps developed as part of Code Sniper are made freely available under standard open source licensing."

Comments (none posted)

Komodo IDE 4.3 features find and replace system

ActiveState has announced Komodo IDE 4.3. "After an award-winning major release a year ago, ActiveState's Komodo IDE continues its evolution with major new features and improvements in Komodo IDE 4.3, released today. The integrated development environment (IDE) for dynamic languages added powerful Find in Project and Replace in Files features, new Unit Testing integration, improved Source Code Control, and an Abbreviation feature in addition to performance improvements."

Full Story (comments: none)

Microsoft Launches Document Interoperability Initiative

Microsoft Corp. has announced their Document Interoperability Initiative. "Microsoft Corp. today announced the launch of its Document Interoperability Initiative, which is aimed at promoting user choice among document formats and expanded opportunity for developers, partners and competitors. The launch of this initiative is an important step in Microsoft's commitment to implement a set of strategic changes in its technology and business practices to expand interoperability through the implementation of its interoperability principles. The Document Interoperability Initiative focuses on bringing vendors together to promote interoperability between document format implementations through testing and refining those implementations, creation of format implementation test suites, and the creation of templates designed for optimal interoperability between different formats."

Comments (3 posted)

New Books

ScreenOS Cookbook--New from O'Reilly

O'Reilly has published the book ScreenOS Cookbook by Stefan Brunner, Vik Davar, David Delcourt, Ken Draper, Joe Kelly and Sunil Wadhwa.

Full Story (comments: none)

The Ultimate CSS Reference--New from SitePoint

SitePoint has published the book The Ultimate CSS Reference by Tommy Olssen and Paul O'Brien.

Full Story (comments: none)

Resources

Clean Room Design Practice (OpenCollector)

OpenCollector.org has announced a paper [pdf] on the clean room design practice for reverse engineering hardware. "Wade D. Peterson of Silicore (the people who created the free Wishbone SOC architecture) has written a major new paper on clean room design practice, full of detail on the legal aspects of reverse engineering and practical methods for separating copyright and patent governed aspects of a design, essential for creating open and interoperable designs."

Comments (none posted)

Contests and Awards

Stroustrup presented with Dr. Dobb's Excellence in Programming award

Bjarne Stroustrup has received a Dr. Dobb's Excellence in Programming Award. "2008-Best-selling author Bjarne Stroustrup, inventor of C++ and author of the Addison-Wesley title The C++ Programming Language, was presented with the Dr. Dobb's Journal Excellence in Programming Award at the SD West conference on Wednesday. The award acknowledges significant achievements in object-oriented programming, software architecture, and modeling."

Full Story (comments: none)

Meeting Minutes

Minutes of GNOME Summer of Code meeting

The minutes are available from the March 6, 2008 GNOME Summer of Code meeting. "Present: Adam Schreiber Buddhika Laknath Semage Christian Kellner Gabriel Burt Johannes Schmid Lucas Rocha Marco Barisione Rob Taylor Sandy Armstrong Vincent Untz".

Full Story (comments: none)

Calls for Presentations

Call for Presentations -- Flash Memory Summit 2008

A call for presentations has gone out for the Flash Memory Summit 2008. The event takes place in Santa Clara, CA on August 12-14, 2008. The submission deadline is April 25.

Comments (none posted)

LinuxWorld 2008 is looking for BOF topics and .org Exhibitors

The LinuxWorld conference is looking for Birds of a Feather (BOF) session proposals as well as free software projects to exhibit in the .org pavilion. The conference is being held August 4-7 at the Moscone Center in San Francisco. The deadline for .org pavilion applications is April 11, while BOF proposals need to be in by May 5. Click below for more information.

Full Story (comments: 1)

Upcoming Events

Global Open Source Conference announced

SDForum has announced the Global Open Source Conference, which takes place on March 24, 2008 in San Francisco, CA. "Speakers at the event will discuss the opportunities for open source software companies and developersthanks to government initiatives using open source, as well as sharinglearning lessons and successes from around the world. "Open source has quickly changed the global software industry," said Don Brown of Atlassian Software Systems, a speaker at the event. "A huge demand has arisen for open source companies worldwide as more governments enforce policies mandating open source and international markets continue to open.""

Comments (none posted)

GoOOoCon2008 / Prague

GoOOoCon 2008 will take place in Prague, Czech Republic on April 10-13, 2008. "The Novell team thought that, what with the next OOoCon being in Beijing and the cost of travel there (etc.) and of course the broad focus of that conference; that it would be good to have a very hacker-focused event in Europe. So, we're inviting all hyper-technical people (with or without long hair) to join the Novell go-oo team for part of their annual team face-to-face in Prague."

Full Story (comments: none)

KVM developer forum 2008

The KVM developer forum 2008 has been announced. "The KVM Forum 2008 will also give developers an opportunity to update the community on the work that they are doing and coordinate efforts for the betterment of KVM and Linux virtualization. Please reserve these dates, the event will take on June 11th - 13th, at Marriot Napa Valley, California, USA. For those of you who want to get there earlier, we will be holding a reception cocktail on June 10th evening time. The registration web site will be up shortly as will the call for papers".

Full Story (comments: none)

The Linux Foundation Reveals Speaker Line-up for 2nd Annual Collaboration Summit

The Linux Foundation has announced the speakers for its 2nd Annual Linux Foundation Collaboration Summit."The Collaboration Summit is designed to accelerate collaboration and problem solving in the Linux community by bringing key stakeholders together in a neutral setting. While there are a variety of industry and developer conferences, the LF Collaboration Summit is the only one to combine participation from developers, users, vendors, ISVs, attorneys and C-level executives to tackle the most pressing issues facing Linux." The summit takes place April 8 - 10, 2008 at the UT Super Computing Center in Austin, TX.

Full Story (comments: none)

PTPW 2008 :: Registrations open (usePerl)

Registration is open for PTPW 2008. "Registration and payment for the Portuguese Perl Workshop is finally open. Seats for the workshop and for the training classes are limited, so grab yours soon. Workshop seats: 100."

Comments (none posted)

PyCon 2008 begins on March 13 in Chicago

PyCon 2008 begins on March 13. "PyCon 2008 kicks off Thursday, March 13 at the Crowne Plaza Chicago O'Hare Hotel featuring talks and tutorials from Caltech, Google, Lockheed Martin, Microsoft, One Laptop per Child, Red Hat, and the University of California, Berkeley. Organized by the Python Software Foundation, and staffed entirely by volunteers, this annual community conference boasts more than double the number of tutorials compared to 2007."

Full Story (comments: none)

Mailing Lists

OLPC-Health mailing list announced

A new OLPC-Health mailing list has been created.

Full Story (comments: none)

Web sites

MacForge.net launched

MacForge.net has been launched. "MacTech(r) Magazine announced today that its MacForge(tm) Mac open source project index now has over 50,000 projects. In 2005, MacForge.net was created for not only the experienced open source user, but to introduce the Mac technical community to the wonderful array of projects available."

Full Story (comments: none)

Audio and Video programs

LCA Gaming Miniconf proceedings videos are available

Videos from the Linux.conf.au 2008 Gaming Miniconf are available. "There where loads of interesting talks, so if you where silly enough to not be there, you can now get in on the fun. Find out about a program which makes games from children's crayon drawings. Listen to how FOSS is being used to teach the next generation of game developers and find out how FOSS is being used in Australian commercial game companies. Don't forget to view the pyglet pinata session for the coolest live coding session you have ever seen (Space Invaders in under 40 minutes). Even Rusty Russell, our favourite kernel hacker turned game developer, makes an appearance with Pong Hero!"

Full Story (comments: none)

Page editor: Forrest Cook

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds