better than in GRUB Legacy case in case
this happens).
For now, I'm going to import the patch into package proposed to Fedora
and am wishing the GRUB upstream good luck in becoming a good Free
Software Community citizen :)
Thanks,
--
Lubomir Kundrak (Red Hat Security Response Team)
client's memory if you keep it running, etc.).
That's the basic principle:
*Never* let anyone who you do not trust use your desktop. Log off or
lock screen when you leave the terminal.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
Wow, you really consider is a security issue? When a user does a
mistake?
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
the attack
took place).
Do you have a public IP address and do you run any network servers? Do
you happen to run any other network clients apart from Web browser, such
as BitTorrent client or maybe an Instant Messenger?
Thanks,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE
*/
1319 sprintf (lock,%s/.%lx.%lx,closedBox ? : tmpdir,
1320(unsigned long) sbuf-st_dev,(unsigned long) sbuf-st_ino);
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
for this
particular Unicode, UCS-16, string).
Thus -- this needs voluntary cooperation of user who already has root
provileges (mount a smb share) and can cause a harmless oops triggerable
only at mount time.
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL
elif [ -x /usr/lib/pm-utils/sleep.d/$base ]; then
71 echo /usr/lib/pm-utils/sleep.d/$base
72 fi
73 done
Thanks,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
Whoops, I am terribly sorry for the noise. In fact I did not notice that
this is a different patch from proposed upstream one and is likely to be
correct.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
Please note that Red Hat believes that the attached patch is not
completly correct. See the Red Hat bugzilla entry for justification and
another patch:
https://bugzilla.redhat.com/show_bug.cgi?id=350271
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL
Andres: Do you have a core dump? Are you able to produce a reasonable
backtrace? Could you please how to reproduce the problem in more detail?
Thanks,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
Hi,
Here is the diff of changes we did to fix this for Fedora: [1].
Hopefully that will be useful also for you.
[1]
http://cvs.fedora.redhat.com/viewcvs/rpms/centericq/devel/centericq-4.21.0-overflows.patch?root=extras
Regards,
--
.''`. Lubomir Kundrak (Red Hat Security Response Team
to compromise an account using another
vulnerability. In that case he has also numerous others way to stole
that user's privilegies by tricking the user using sudo or anything
similar. (Trojans, etc.)
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL
Arnfinn, it seems like many spamds spawned, but did not finish. Could
you please check what are they doing -- i.e. which message are they
trying to check and whether the hang can be reproduced with that
message?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
of strxfrm() is never meant to
be displayed to the user.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
/source/xref/isdn4k-utils-CVS-2003-09-23/capi20/convert.c#957
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Here's a patch for two of the issues fixed by the new release. Anyone
isolated a patch for CVE-2007-0494?
--
Lubomir Kundrak (Red Hat Security Response Team)
$ FILES=
lib/dns/include/dns/validator.h
lib/dns
This issue is already assigned a CVE-2005-2395.
The upstream BTS entry is
https://bugzilla.mozilla.org/show_bug.cgi?id=281851
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
manage to get any more information concerning this?
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
This is a documented behavior. --force-local should be used in case user
wants to unpack local file whose name contains a colon character.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
Package: abiword
Version: 2.2.7-3sarge2
Tags: security, upstream
Severity: grave
Abiword likely uses version of VW library (see #396256) vulnerable to
two integer overflow conditions. See CVE text for more details.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513
--
Lubomir Kundrak
This also affects AbiWord package. In contrast to what CVE candidate
CVE-2006-4513 text says, this does _not_ affect KOffice's KWord.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
21 matches
Mail list logo