security October 2006

security@lists.fedoraproject.org

4 participants
18 discussions

[Bug 192830] New: CVE-2006-2453 Additional dia format string flaws
by Red Hat Bugzilla 30 Aug '07

30 Aug '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830 Summary: CVE-2006-2453 Additional dia format string flaws Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: dia AssignedTo: j.w.r.degoede(a)hhs.nl ReportedBy: bressers(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com A number of additional format string issues were discovered by Hans de Goede and has been assigned the CVE id CVE-2006-2453. The fix is attachment 129852 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 13

[Bug 209167] New: seamonkey < 1.0.5 multiple vulnerabilities
by Red Hat Bugzilla 10 Apr '07

10 Apr '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 Summary: seamonkey < 1.0.5 multiple vulnerabilities Product: Fedora Extras Version: fc4 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: seamonkey AssignedTo: kengert(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com seamonkey 1.0.4 in FE4 is probably affected by CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570 and CVE-2006-4571. According to upstream, these are fixed in 1.0.5 (FE5+) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 13

[Bug 212699] New: CVE-2006-5602: xsupplicant < 1.2.6 memory leaks
by Red Hat Bugzilla 17 Jan '07

17 Jan '07

1 2

[Bug 208299] New: CVE-2006-4976: php-adodb information disclosure
by Red Hat Bugzilla 11 Jan '07

11 Jan '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208299 Summary: CVE-2006-4976: php-adodb information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4976 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: php-adodb AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com CVE-2006-4976: The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for [...] There's not much information about this issue (?) available at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 2

[Bug 212698] New: CVE-2006-4513: multiple integer overflows in wv < 1.2.3
by Red Hat Bugzilla 08 Jan '07

08 Jan '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698 Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: abiword AssignedTo: uwog(a)uwog.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com +++ This bug was initially created as a clone of Bug #212696 +++ Multiple integer overflows in wv < 1.2.3: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 abiword uses an internal copy of wv, which seems to be 1.0.3 as of abiword 2.4.5, so it may be affected. Additionally, would it be possible to change abiword to use the system installed wv instead of the internal one? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 6

[Bug 210825] New: RSA signature forgery issues in BouncyCastle < 1.34
by Red Hat Bugzilla 13 Dec '06

13 Dec '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210825 Summary: RSA signature forgery issues in BouncyCastle < 1.34 Product: Fedora Core Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: java-1.4.2-gcj-compat AssignedTo: fitzsim(a)redhat.com ReportedBy: ville.skytta(a)iki.fi CC: fedora-security-list(a)redhat.com >From BouncyCastle 1.34 release notes: Security Advisory If you are using RSA with a public exponent of three you must upgrade to this release if you want to avoid recent forgery attacks that have been described against specific implementations of the RSA signature algorithm. java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 2

[Bug 198106] New: CVE-2006-3458: Zope local information disclosure
by Red Hat Bugzilla 23 Nov '06

23 Nov '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106 Summary: CVE-2006-3458: Zope local information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://www.zope.org/Products/Zope/Hotfix-2006-07- 05/Hotfix-20060705/README.txt OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: zope AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text". http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.… Based on the version numbers, all FC-3+ appear to be vulnerable. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 10

[Bug 212700] New: CVE-2006-5601: xsupplicant < 1.2.8 (?) stack smashing vulnerability
by Red Hat Bugzilla 21 Nov '06

21 Nov '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212700 Summary: CVE-2006-5601: xsupplicant < 1.2.8 (?) stack smashing vulnerability Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601 OS/Version: Linux Status: NEW Severity: high Priority: normal Component: xsupplicant AssignedTo: tcallawa(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601 http://open1x.sourceforge.net/ "7 Oct 2006 -- Xsupplicant 1.2.8 is now available for download. This release has several bug fixes in it, including a fix to a stack smash that could potentially lead to a remote root exploit." Seems to affect all FE versions. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

[Bug 212355] New: CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities
by Red Hat Bugzilla 10 Nov '06

10 Nov '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212355 Summary: CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: bugzilla AssignedTo: jwb(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com According to CVE descriptions, Bugzilla in FE-4 and later is vulnerable to: CVE-2006-5453 (unauthorized write access) CVE-2006-5454 (unauthorized information access) CVE-2006-5455 (unauthorized write access) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 7

[Bug 212696] New: CVE-2006-4513: multiple integer overflows in wv < 1.2.3
by Red Hat Bugzilla 29 Oct '06

29 Oct '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696 Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wv AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Multiple integer overflows in wv < 1.2.3: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 All FE versions seem affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 5

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security October 2006