Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=0ff2bf22cfffc29b97b479516b2e42a927215a01
commit 0ff2bf22cfffc29b97b479516b2e42a927215a01 Author: Miklos Vajna <vmik...@frugalware.org> Date: Tue Mar 9 00:24:08 2010 +0100 FSA637-xar diff --git a/frugalware/xml/security-1.1.xml b/frugalware/xml/security-1.1.xml new file mode 100644 index 0000000..1c72fa6 --- /dev/null +++ b/frugalware/xml/security-1.1.xml @@ -0,0 +1,297 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE fsas [ +<!ELEMENT fsas (fsa)*> +<!ELEMENT fsa (id , date , author?, package, vulnerable , unaffected , bts , cve , desc)> +<!-- must be an integer --> +<!ELEMENT id (#PCDATA)> +<!-- in YYYY-MM-DD format --> +<!ELEMENT date (#PCDATA)> +<!-- your nick, then the From header will be something like "nick <nore...@frugalware.org>" --> +<!ELEMENT author (#PCDATA)> +<!-- package name, without group, version, etc --> +<!ELEMENT package (#PCDATA)> +<!-- the old version --> +<!ELEMENT vulnerable (#PCDATA)> +<!-- the new (backported) version --> +<!ELEMENT unaffected (#PCDATA)> +<!-- bts url --> +<!ELEMENT bts (#PCDATA)> +<!-- cve url --> +<!ELEMENT cve (#PCDATA)> +<!-- description, can be more than one line --> +<!ELEMENT desc (#PCDATA)> +]> + +<!-- If you modify this file, be sure it's still valid - read /hooks/README! --> + +<fsas> + <fsa> + <id>636</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>wireshark</package> + <vulnerable>1.2.5-1getorin1</vulnerable> + <unaffected>1.2.6-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4087</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0304</cve> + <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. +The vulnerabilities are caused due to errors within the LWRES dissector, which can be exploited to cause e.g. a stack-based buffer overflow via a specially crafted network packet or by tricking a user into loading a specially crafted capture file. +Successful exploitation allows execution of arbitrary code.</desc> + </fsa> + <fsa> + <id>635</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>wireshark</package> + <vulnerable>1.2.3-1getorin1</vulnerable> + <unaffected>1.2.5-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4064</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4378</cve> + <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. + 1) A boundary error in the Daintree SNA file parser can be exploited to cause a buffer overflow via a specially crafted capture file. + Successful exploitation may allow execution of arbitrary code. + 2) An error in the IPMI dissector on Windows can be exploited to cause a crash. + 3) An error in the SMB and SMB2 dissectors can be exploited to cause a crash.</desc> + </fsa> + <fsa> + <id>634</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>drupal</package> + <vulnerable>5.20-1getorin1</vulnerable> + <unaffected>5.21-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4052</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4369</cve> + <desc>A vulnerability has been reported in Drupal Core, which can be exploited by malicious users to conduct script insertion attacks. + Input passed to the "Category" input field of the Contact module's administration form is not properly sanitised before being displayed to the user.</desc> + </fsa> + <fsa> + <id>633</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>wordpress</package> + <vulnerable>2.8.5-1getorin1</vulnerable> + <unaffected>2.8.6-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4043</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3890 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3891</cve> + <desc>A security issue and a vulnerability have been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system. + 1) The security issue is caused due to the wp_check_filetype() function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. + Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for media files with an e.g. "gif", "jpg", "png", "tif", "wmv" extension. + 2) Input passed via certain parameters to press-this.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.</desc> + </fsa> + <fsa> + <id>632</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>wireshark</package> + <vulnerable>1.2.2-1getorin1</vulnerable> + <unaffected>1.2.3-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4026</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3549 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3550 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3551</cve> + <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). + 1) An alignment error within the "dissect_paltalk()" function in epan/dissectors/packet-paltalk.c of the Paltalk dissector can be exploited to cause a crash. + Note: Successful exploitation requires that Wireshark is running on an alignment sensitive architecture. + 2) A NULL pointer dereference error within the DCERPC/NT dissector when can be exploited to cause a crash. + 3) An off-by-one error within the "dissect_negprot_response()" function in epan/dissectors/packet-smb.c of the SMB dissector can be exploited to cause a crash. + 4) An error within the RADIUS dissector can be exploited to cause a crash.</desc> + </fsa> + <fsa> + <id>631</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>drupal6-link</package> + <vulnerable>6.x_2.6-1</vulnerable> + <unaffected>6.x_2.8-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4025</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3915</cve> + <desc>See FSA630 for details.</desc> + </fsa> + <fsa> + <id>630</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>drupal-link</package> + <vulnerable>5.x_2.5-1</vulnerable> + <unaffected>5.x_2.6-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4024</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3915</cve> + <desc>A vulnerability has been reported in the Link module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. + Input passed via the link title parameter, when using the "Separate title and URL" format, is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.</desc> + </fsa> + <fsa> + <id>629</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>wordpress</package> + <vulnerable>2.8.4-1</vulnerable> + <unaffected>2.8.5-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4007</bts> + <cve>No CVE, see http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/.</cve> + <desc>A vulnerability has been reported in WordPress, which can be exploited by malicious people to cause a DoS (Denial of Service). + The vulnerability is caused due to the wp-trackback.php script letting users pass multiple source character encodings to the "mb_convert_encoding()" function, which can be used to cause a high CPU load, potentially resulting in a DoS.</desc> + </fsa> + <fsa> + <id>628</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>drupal6-webform</package> + <vulnerable>6.x_2.7-1</vulnerable> + <unaffected>6.x_2.8-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4001</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4532 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4533</cve> + <desc>See FSA627 for details.</desc> + </fsa> + <fsa> + <id>627</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>drupal-webform</package> + <vulnerable>5.x_2.7-1</vulnerable> + <unaffected>5.x_2.8-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4000</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=4532 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4533</cve> + <desc>Some vulnerabilities have been reported in the Webform module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information. + 1) Input passed to field labels while creating new webforms is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. + Successful exploitation of this vulnerability requires permissions to create webforms. + 2) An error in the handling of cached pages can be exploited to disclose session variables when caching is enabled.</desc> + </fsa> + <fsa> + <id>626</id> + <date>2010-03-01</date> + <author>Miklos Vajna</author> + <package>phpmyadmin</package> + <vulnerable>3.2.0.1-1</vulnerable> + <unaffected>3.2.2.1-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3996</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3696 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3697</cve> + <desc>Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. + 1) Input used as the MySQL table name is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. + 2) Input passed to various parameters of the PDF schema generator feature is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.</desc> + </fsa> + <fsa> + <id>625</id> + <date>2009-12-09</date> + <author>Miklos Vajna</author> + <package>kernel</package> + <vulnerable>2.6.30-3</vulnerable> + <unaffected>2.6.30-4getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4047</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1298</cve> + <desc>This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (immediate OOPS and hang, complete loss of response, even of console). + The vulnerability is caused due to an error within the "ip_defrag()" function in net/ipv4/ip_fragment.c, which may be exploited to cause a NULL pointer dereference by sending overly large packets to a vulnerable system.</desc> + </fsa> + <fsa> + <id>624</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>drupal6-commentrss</package> + <vulnerable>6.x_2.1-1</vulnerable> + <unaffected>6.x_2.2-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3950</bts> + <cve>No CVE references, see http://drupal.org/node/579290.</cve> + <desc>See FSA623 for more info.</desc> + </fsa> + <fsa> + <id>623</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>drupal-commentrss</package> + <vulnerable>5.x_2.1-1</vulnerable> + <unaffected>5.x_2.2-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3949</bts> + <cve>No CVE references, see http://drupal.org/node/579280.</cve> + <desc>A vulnerability has been reported in the Comment RSS module for Drupal, which can be exploited to disclose potentially sensitive information. + The vulnerability is caused due to the module not properly respecting access restrictions when adding the link to a node, which can be exploited to disclose potentially sensitive information.</desc> + </fsa> + <fsa> + <id>622</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>drupal6</package> + <vulnerable>6.13-1</vulnerable> + <unaffected>6.14-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3948</bts> + <cve>No CVE references, see http://drupal.org/node/579476.</cve> + <desc>See FSA621 for more info.</desc> + </fsa> + <fsa> + <id>621</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>drupal</package> + <vulnerable>5.19-1</vulnerable> + <unaffected>5.20-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3947</bts> + <cve>No CVE references, see http://drupal.org/node/579484.</cve> + <desc>Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to hijack accounts and compromise a vulnerable system, and by malicious people to conduct cross-site request forgery attacks. + 1) The OpenID module allows users to perform certain actions via HTTP requests without performing any validation checks to verify the requests. This can be exploited to e.g. add OpenID identities to existing accounts. + 2) An unspecified error within the OpenID Authentication 2.0 implementation can be exploited to hijack another user's account if the same OpenID 2.0 provider is used. + 3) An error within the File API when processing certain file extensions can be exploited to e.g. upload files which can be executed by the web server. + Note: Successful exploitation requires that the web server is configured to ignore Drupal's ".htaccess" file.</desc> + </fsa> + <fsa> + <id>620</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>drupal-date</package> + <vulnerable>5.x_2.7-1</vulnerable> + <unaffected>5.x_2.8-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3951</bts> + <cve>No CVE references, see http://drupal.org/node/579144.</cve> + <desc>A vulnerability has been reported in the Date module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. + Certain unspecified input is not properly sanitised before being displayed in the page title. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. + Successful exploitation requires privileges to post date content.</desc> + </fsa> + <fsa> + <id>619</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>horde-webmail</package> + <vulnerable>1.2.3-1</vulnerable> + <unaffected>1.2.4-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3958</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3236</cve> + <desc>Some vulnerabilities have been reported in Horde Groupware and Horde Groupware Webmail Edition, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and by malicious users to compromise a vulnerable system. + 1) Two vulnerabilities can be exploited to conduct cross-site scripting or script insertion attacks. + 2) An error within the form library of the Horde Application Framework when handling image form fields can be exploited to overwrite arbitrary local files.</desc> + </fsa> + <fsa> + <id>618</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>wireshark</package> + <vulnerable>1.2.1-1</vulnerable> + <unaffected>1.2.2-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3957</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3243</cve> + <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). + 1) An error in the "OpcUa" dissector can be exploited to exhaust CPU and memory resources via a specially crafted "Service CallRequest" packet. + 2) An assertion error in the "GSM A RR" dissector can be exploited to cause a crash. + 3) An error in the TLS dissector can be exploited to cause a crash on certain platforms (e.g. Windows) via specially crafted TLS 1.2 network packets.</desc> + </fsa> + <fsa> + <id>617</id> + <date>2009-09-27</date> + <author>Miklos Vajna</author> + <package>drupal6-devel</package> + <vulnerable>6.x_1.17-1</vulnerable> + <unaffected>6.x_1.18-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/3964</bts> + <cve>No CVE references, see http://drupal.org/node/585952.</cve> + <desc>A vulnerability has been reported in the Devel module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. + The variable editor does not properly sanitise the variable name before displaying it to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.</desc> + </fsa> +</fsas> diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 1c72fa6..bc82f35 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,272 +26,14 @@ <fsas> <fsa> - <id>636</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>wireshark</package> - <vulnerable>1.2.5-1getorin1</vulnerable> - <unaffected>1.2.6-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4087</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0304</cve> - <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. -The vulnerabilities are caused due to errors within the LWRES dissector, which can be exploited to cause e.g. a stack-based buffer overflow via a specially crafted network packet or by tricking a user into loading a specially crafted capture file. -Successful exploitation allows execution of arbitrary code.</desc> - </fsa> - <fsa> - <id>635</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>wireshark</package> - <vulnerable>1.2.3-1getorin1</vulnerable> - <unaffected>1.2.5-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4064</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4378</cve> - <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. - 1) A boundary error in the Daintree SNA file parser can be exploited to cause a buffer overflow via a specially crafted capture file. - Successful exploitation may allow execution of arbitrary code. - 2) An error in the IPMI dissector on Windows can be exploited to cause a crash. - 3) An error in the SMB and SMB2 dissectors can be exploited to cause a crash.</desc> - </fsa> - <fsa> - <id>634</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>drupal</package> - <vulnerable>5.20-1getorin1</vulnerable> - <unaffected>5.21-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4052</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4369</cve> - <desc>A vulnerability has been reported in Drupal Core, which can be exploited by malicious users to conduct script insertion attacks. - Input passed to the "Category" input field of the Contact module's administration form is not properly sanitised before being displayed to the user.</desc> - </fsa> - <fsa> - <id>633</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>wordpress</package> - <vulnerable>2.8.5-1getorin1</vulnerable> - <unaffected>2.8.6-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4043</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3890 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3891</cve> - <desc>A security issue and a vulnerability have been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system. - 1) The security issue is caused due to the wp_check_filetype() function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. - Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for media files with an e.g. "gif", "jpg", "png", "tif", "wmv" extension. - 2) Input passed via certain parameters to press-this.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.</desc> - </fsa> - <fsa> - <id>632</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>wireshark</package> - <vulnerable>1.2.2-1getorin1</vulnerable> - <unaffected>1.2.3-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4026</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3549 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3550 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3551</cve> - <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). - 1) An alignment error within the "dissect_paltalk()" function in epan/dissectors/packet-paltalk.c of the Paltalk dissector can be exploited to cause a crash. - Note: Successful exploitation requires that Wireshark is running on an alignment sensitive architecture. - 2) A NULL pointer dereference error within the DCERPC/NT dissector when can be exploited to cause a crash. - 3) An off-by-one error within the "dissect_negprot_response()" function in epan/dissectors/packet-smb.c of the SMB dissector can be exploited to cause a crash. - 4) An error within the RADIUS dissector can be exploited to cause a crash.</desc> - </fsa> - <fsa> - <id>631</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>drupal6-link</package> - <vulnerable>6.x_2.6-1</vulnerable> - <unaffected>6.x_2.8-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4025</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3915</cve> - <desc>See FSA630 for details.</desc> - </fsa> - <fsa> - <id>630</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>drupal-link</package> - <vulnerable>5.x_2.5-1</vulnerable> - <unaffected>5.x_2.6-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4024</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3915</cve> - <desc>A vulnerability has been reported in the Link module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. - Input passed via the link title parameter, when using the "Separate title and URL" format, is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.</desc> - </fsa> - <fsa> - <id>629</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>wordpress</package> - <vulnerable>2.8.4-1</vulnerable> - <unaffected>2.8.5-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4007</bts> - <cve>No CVE, see http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/.</cve> - <desc>A vulnerability has been reported in WordPress, which can be exploited by malicious people to cause a DoS (Denial of Service). - The vulnerability is caused due to the wp-trackback.php script letting users pass multiple source character encodings to the "mb_convert_encoding()" function, which can be used to cause a high CPU load, potentially resulting in a DoS.</desc> - </fsa> - <fsa> - <id>628</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>drupal6-webform</package> - <vulnerable>6.x_2.7-1</vulnerable> - <unaffected>6.x_2.8-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4001</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4532 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4533</cve> - <desc>See FSA627 for details.</desc> - </fsa> - <fsa> - <id>627</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>drupal-webform</package> - <vulnerable>5.x_2.7-1</vulnerable> - <unaffected>5.x_2.8-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4000</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=4532 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4533</cve> - <desc>Some vulnerabilities have been reported in the Webform module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information. - 1) Input passed to field labels while creating new webforms is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. - Successful exploitation of this vulnerability requires permissions to create webforms. - 2) An error in the handling of cached pages can be exploited to disclose session variables when caching is enabled.</desc> - </fsa> - <fsa> - <id>626</id> - <date>2010-03-01</date> - <author>Miklos Vajna</author> - <package>phpmyadmin</package> - <vulnerable>3.2.0.1-1</vulnerable> - <unaffected>3.2.2.1-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3996</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3696 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3697</cve> - <desc>Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. - 1) Input used as the MySQL table name is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. - 2) Input passed to various parameters of the PDF schema generator feature is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.</desc> - </fsa> - <fsa> - <id>625</id> - <date>2009-12-09</date> - <author>Miklos Vajna</author> - <package>kernel</package> - <vulnerable>2.6.30-3</vulnerable> - <unaffected>2.6.30-4getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4047</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1298</cve> - <desc>This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (immediate OOPS and hang, complete loss of response, even of console). - The vulnerability is caused due to an error within the "ip_defrag()" function in net/ipv4/ip_fragment.c, which may be exploited to cause a NULL pointer dereference by sending overly large packets to a vulnerable system.</desc> - </fsa> - <fsa> - <id>624</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>drupal6-commentrss</package> - <vulnerable>6.x_2.1-1</vulnerable> - <unaffected>6.x_2.2-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3950</bts> - <cve>No CVE references, see http://drupal.org/node/579290.</cve> - <desc>See FSA623 for more info.</desc> - </fsa> - <fsa> - <id>623</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>drupal-commentrss</package> - <vulnerable>5.x_2.1-1</vulnerable> - <unaffected>5.x_2.2-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3949</bts> - <cve>No CVE references, see http://drupal.org/node/579280.</cve> - <desc>A vulnerability has been reported in the Comment RSS module for Drupal, which can be exploited to disclose potentially sensitive information. - The vulnerability is caused due to the module not properly respecting access restrictions when adding the link to a node, which can be exploited to disclose potentially sensitive information.</desc> - </fsa> - <fsa> - <id>622</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>drupal6</package> - <vulnerable>6.13-1</vulnerable> - <unaffected>6.14-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3948</bts> - <cve>No CVE references, see http://drupal.org/node/579476.</cve> - <desc>See FSA621 for more info.</desc> - </fsa> - <fsa> - <id>621</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>drupal</package> - <vulnerable>5.19-1</vulnerable> - <unaffected>5.20-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3947</bts> - <cve>No CVE references, see http://drupal.org/node/579484.</cve> - <desc>Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to hijack accounts and compromise a vulnerable system, and by malicious people to conduct cross-site request forgery attacks. - 1) The OpenID module allows users to perform certain actions via HTTP requests without performing any validation checks to verify the requests. This can be exploited to e.g. add OpenID identities to existing accounts. - 2) An unspecified error within the OpenID Authentication 2.0 implementation can be exploited to hijack another user's account if the same OpenID 2.0 provider is used. - 3) An error within the File API when processing certain file extensions can be exploited to e.g. upload files which can be executed by the web server. - Note: Successful exploitation requires that the web server is configured to ignore Drupal's ".htaccess" file.</desc> - </fsa> - <fsa> - <id>620</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>drupal-date</package> - <vulnerable>5.x_2.7-1</vulnerable> - <unaffected>5.x_2.8-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3951</bts> - <cve>No CVE references, see http://drupal.org/node/579144.</cve> - <desc>A vulnerability has been reported in the Date module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. - Certain unspecified input is not properly sanitised before being displayed in the page title. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. - Successful exploitation requires privileges to post date content.</desc> - </fsa> - <fsa> - <id>619</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>horde-webmail</package> - <vulnerable>1.2.3-1</vulnerable> - <unaffected>1.2.4-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3958</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3236</cve> - <desc>Some vulnerabilities have been reported in Horde Groupware and Horde Groupware Webmail Edition, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and by malicious users to compromise a vulnerable system. - 1) Two vulnerabilities can be exploited to conduct cross-site scripting or script insertion attacks. - 2) An error within the form library of the Horde Application Framework when handling image form fields can be exploited to overwrite arbitrary local files.</desc> - </fsa> - <fsa> - <id>618</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>wireshark</package> - <vulnerable>1.2.1-1</vulnerable> - <unaffected>1.2.2-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3957</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3243</cve> - <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). - 1) An error in the "OpcUa" dissector can be exploited to exhaust CPU and memory resources via a specially crafted "Service CallRequest" packet. - 2) An assertion error in the "GSM A RR" dissector can be exploited to cause a crash. - 3) An error in the TLS dissector can be exploited to cause a crash on certain platforms (e.g. Windows) via specially crafted TLS 1.2 network packets.</desc> - </fsa> - <fsa> - <id>617</id> - <date>2009-09-27</date> - <author>Miklos Vajna</author> - <package>drupal6-devel</package> - <vulnerable>6.x_1.17-1</vulnerable> - <unaffected>6.x_1.18-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/3964</bts> - <cve>No CVE references, see http://drupal.org/node/585952.</cve> - <desc>A vulnerability has been reported in the Devel module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. - The variable editor does not properly sanitise the variable name before displaying it to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.</desc> + <id>637</id> + <date>2010-03-09</date> + <author>Miklos Vajna</author> + <package>xar</package> + <vulnerable>1.5.2-1</vulnerable> + <unaffected>1.5.2-2locris1</unaffected> + <bts>http://bugs.frugalware.org/task/4128</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0055</cve> + <desc>Braden Thomas from Apple has discovered a signature verification bypass issue in xar. The issue is that xar_open assumes that the checksum is stored at offset 0, but xar_signature_copy_signed_data uses xar property "checksum/offset" to find the offset to the checksum when validating the signature. As a result, a modified xar archive can pass signature validation by putting the checksum for the modified TOC at offset 0, pointing "checksum/offset" at the non-modified checksum at a higher offset, and using the original non-modified signature.</desc> </fsa> </fsas> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git