Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=b7103bdb54dfccc57d464664243126b4df6a4271

commit b7103bdb54dfccc57d464664243126b4df6a4271
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Sun May 3 13:27:04 2009 +0200

FSA596-udev

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index bfbbd55..f2dfd50 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,20 @@

<fsas>
<fsa>
+               <id>596</id>
+               <date>2009-05-03</date>
+               <author>Miklos Vajna</author>
+               <package>udev</package>
+               <vulnerable>139-1</vulnerable>
+               <unaffected>141-1anacreon1</unaffected>
+               <bts>http://bugs.frugalware.org/task/3745</bts>
+               <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186</cve>
+               <desc>Some vulnerabilities have been reported in udev, which 
can be exploited by malicious, local users to cause a DoS (Denial of Service) 
or gain escalated privileges.
+                       1) A vulnerability is caused due to udev not properly 
verifying the credentials of received NETLINK messages. This can be exploited 
to gain escalated privileges by sending multicast NETLINK messages.
+                       2) A vulnerability is caused due to a boundary error 
within the "util_path_encode()" function in udev/lib/libudev-util.c. This can 
be exploited to cause a crash by providing specially crafted input.</desc>
+       </fsa>
+       <fsa>
<id>595</id>
<date>2009-05-03</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to