security June 2008

security@lists.fedoraproject.org

1 participants
3 discussions

[Bug 240397] New: CVE-2007-2721: jasper DoS, heap corruption
by Red Hat Bugzilla 08 Sep '08

08 Sep '08

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397 Summary: CVE-2007-2721: jasper DoS, heap corruption Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: jasper AssignedTo: rdieter(a)math.unl.edu ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2721 "The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert." Appears to affect 1.900.1 too. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 3

[Bug 237533] New: CVE-2007-2165: proftpd auth bypass vulnerability
by Red Hat Bugzilla 30 Jul '08

30 Jul '08

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533 Summary: CVE-2007-2165: proftpd auth bypass vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: high Component: proftpd AssignedTo: matthias(a)rpmforge.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2165 http://bugs.proftpd.org/show_bug.cgi?id=2922 "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 19

ARP handler Inspection tool released
by Andrea Di Pasquale 02 Jun '08

02 Jun '08

ArpON (Arp handler inspectiON) is a portable Arp handler. It Detects and Blocks all ARP Poisoning/Spoofing attacks with Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approach on switched/hubbed LAN with/without DHCP protocol. Important to note, it doesn't compromise the ARP protocol performances. I need testing and code revision, thank you. The link to project's documentation is: http://arpon.sourceforge.net/about.html The link to the project is: http://arpon.sourceforge.net

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security June 2008