security July 2006

security@lists.fedoraproject.org

11 participants
33 discussions

[Bug 192830] New: CVE-2006-2453 Additional dia format string flaws
by Red Hat Bugzilla 30 Aug '07

30 Aug '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830 Summary: CVE-2006-2453 Additional dia format string flaws Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: dia AssignedTo: j.w.r.degoede(a)hhs.nl ReportedBy: bressers(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com A number of additional format string issues were discovered by Hans de Goede and has been assigned the CVE id CVE-2006-2453. The fix is attachment 129852 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 13

[Bug 198106] New: CVE-2006-3458: Zope local information disclosure
by Red Hat Bugzilla 23 Nov '06

23 Nov '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106 Summary: CVE-2006-3458: Zope local information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://www.zope.org/Products/Zope/Hotfix-2006-07- 05/Hotfix-20060705/README.txt OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: zope AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text". http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.… Based on the version numbers, all FC-3+ appear to be vulnerable. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 10

[Bug 200455] New: Seamonkey multiple vulnerabilities: CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807
by Red Hat Bugzilla 07 Aug '06

07 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200455 Summary: Seamonkey multiple vulnerabilities: CVE-2006-3677, CVE- 2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807 Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: high Component: seamonkey AssignedTo: kengert(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Arbitrary code execution: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3807 Denial of service: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3804 All these are reported against seamonkey < 1.0.3. FE[45] and devel affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

[Bug 200545] New: CVE-2006-3913, freeciv: server buffer overflow issues
by Red Hat Bugzilla 07 Aug '06

07 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545 Summary: CVE-2006-3913, freeciv: server buffer overflow issues Product: Fedora Extras Version: fc5 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: freeciv AssignedTo: bdpepple(a)ameritech.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com CVE-2006-3913, http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913 : Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. All FE-[345] and devel are probably affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

[Bug 200795] New: xboard: world writable chess.png
by Red Hat Bugzilla 04 Aug '06

04 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200795 Summary: xboard: world writable chess.png Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xboard AssignedTo: kaboom(a)oobleck.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com /usr/share/pixmaps/chess.png is world writable apparently due to bad umask setting in the FE build system; its maintainers have been notified. FE5 and devel are affected and this should be fixed in the package anyway, a fix is to use "install -pm 644" instead of cp to install the file. In the FE4 package the file is 664, not world writable, but I'd recommend fixing this in it too. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 2

[Bug 200794] New: zope: world writable files
by Red Hat Bugzilla 04 Aug '06

04 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794 Summary: zope: world writable files Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: urgent Component: zope AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com The following files in zope are world writable apparently due to bad umask setting in the FE build system; its maintainers have been notified. /usr/lib/zope/skel/etc/logrotate.conf.in /usr/share/doc/zope-2.8.3/README.Fedora /var/lib/zope/etc/logrotate.conf FE[345] and devel are affected and this should be fixed in the package anyway, a fix is to use "install -pm 644" instead of cp when copying files around. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

[Bug 200793] New: gallery2: world writable .htaccess
by Red Hat Bugzilla 02 Aug '06

02 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200793 Summary: gallery2: world writable .htaccess Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: high Component: gallery2 AssignedTo: jwb(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com /usr/share/gallery2/.htaccess is world writable apparently due to bad umask setting in the FE build system; its maintainers have been notified. FE[45] and devel are affected and this should be fixed in the package anyway, a fix is to use "install -pm 644" instead of cp to install the file. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 1

Extras errata
by Josh Bressers 31 Jul '06

31 Jul '06

Hi everyone, I finally checked in an extras errata generation system. It's rather trivial. I've been sitting on this for a few weeks and just haven't had time to clean it up enough to commit it. The bits are here: http://cvs.fedora.redhat.com/viewcvs/fedora-security/extras-errata/?root=fe… If you have the fedora-security CVS repository checked out you should just have to do a cvs up to get it. The readme file has some details on how things work. In a nutshell you just have to run the errata-gen command, which places an advisory into the errata directory for you. Then just edit away. Now we have to think about how editing should be handled. I'm thinking at least one other team member should approve an errata before it gets mailed. Thoughts? -- JB

3 4

[Bug 200323] New: CVE-2006-3816, krusader: cleartext passwords in bookmarks file
by Red Hat Bugzilla 31 Jul '06

31 Jul '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200323 Summary: CVE-2006-3816, krusader: cleartext passwords in bookmarks file Product: Fedora Extras Version: fc5 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3816 OS/Version: Linux Status: NEW Severity: high Priority: normal Component: krusader AssignedTo: mgarski(a)post.pl ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3816 http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965 Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. FE[345] and devel affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 3

[Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
by Red Hat Bugzilla 30 Jul '06

30 Jul '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 kengert(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kengert(a)redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security July 2006