From meltem at pardus.org.tr Mon Sep 5 14:51:19 2011 From: meltem at pardus.org.tr (Meltem =?utf-8?q?Parmaks=C4=B1z?=) Date: Mon, 5 Sep 2011 14:51:19 +0300 Subject: [Pardus-security] [PLSA 2011-108] libsoup: Directory Traversal Message-ID: <201109051451.19377.meltem@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-108 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in libsoup. Description =========== CVE-2011-2524: SoupServer from libsoup did not properly parse '..' in URLs passed to it. This could allow for some services that use SoupServer to expose unintended files (such as http://localhost/..%2f..%2f..%2fetc/passwd) when it is used to export part of the local filesystem. Affected packages: Pardus 2009: libsoup, all before 2.28.2-15-7 Pardus 2011: libsoup, all before 2.32.2-20-p11 Resolution ========== There are update(s) for libsoup. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up libsoup Pardus 2011: pisi up libsoup References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18868 ------------------------------------------------------------------------ From meltem at pardus.org.tr Mon Sep 5 14:52:46 2011 From: meltem at pardus.org.tr (Meltem =?utf-8?q?Parmaks=C4=B1z?=) Date: Mon, 5 Sep 2011 14:52:46 +0300 Subject: [Pardus-security] [PLSA 2011-109] Subversion: Multible Vulnerabilities Message-ID: <201109051452.47049.meltem@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-109 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilties have been fixed in subversion. Description =========== CVE-2011-1752 : The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. CVE-2011-1783 : The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. CVE-2011-1921 : The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. Affected packages: Pardus 2009: subversion, all before 1.6.15-62-22 Pardus 2011: subversion, all before 1.6.17-68-p11 Resolution ========== There are update(s) for subversion. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up subversion Pardus 2011: pisi up subversion References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18846 ------------------------------------------------------------------------ From meltem at pardus.org.tr Mon Sep 5 14:53:34 2011 From: meltem at pardus.org.tr (Meltem =?utf-8?q?Parmaks=C4=B1z?=) Date: Mon, 5 Sep 2011 14:53:34 +0300 Subject: [Pardus-security] [PLSA 2011-110] Samba: Multiple Vulnerabilities Message-ID: <201109051453.34267.meltem@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-110 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in samba. Description =========== CVE-2011-2522: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. CVE-2011-2694 : Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). Affected packages: Pardus 2009: samba, all before 3.3.16-56-17 Pardus 2011: samba, all before 3.5.10-68-p11 Resolution ========== There are update(s) for samba. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up samba Pardus 2011: pisi up samba References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18842 ------------------------------------------------------------------------ From meltem at pardus.org.tr Mon Sep 5 14:54:27 2011 From: meltem at pardus.org.tr (Meltem =?utf-8?q?Parmaks=C4=B1z?=) Date: Mon, 5 Sep 2011 14:54:27 +0300 Subject: [Pardus-security] [PLSA 2011-111] pidgin: Multiple Vulnerabilities Message-ID: <201109051454.27926.meltem@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-111 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in pidgin. Description =========== CVE-2011-3184: The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. CVE-2011-2943: The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. Affected packages: Pardus 2009: pidgin, all before 2.10.0-48-22 Pardus 2011: pidgin, all before 2.7.10-48-p11 Resolution ========== There are update(s) for pidgin. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up pidgin Pardus 2011: pisi up pidgin References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=19000 * http://bugs.pardus.org.tr/show_bug.cgi?id=19007 ------------------------------------------------------------------------ From meltem at pardus.org.tr Mon Sep 5 14:55:36 2011 From: meltem at pardus.org.tr (Meltem =?utf-8?q?Parmaks=C4=B1z?=) Date: Mon, 5 Sep 2011 14:55:36 +0300 Subject: [Pardus-security] [PLSA 2011-112] libmodplug: Multiple Vulnerabilities Message-ID: <201109051455.36673.meltem@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-112 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in libmodplug. Description =========== CVE-2011-2911: An integer overflow error exists within the "CSoundFile::ReadWav()" function (src/load_wav.cpp) when processing certain WAV files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted WAV file. CVE-2011-2912: Boundary errors within the "CSoundFile::ReadS3M()" function (src/load_s3m.cpp) when processing S3M files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted S3M file. CVE-2011-2913: An off-by-one error within the "CSoundFile::ReadAMS()" function (src/load_ams.cpp) can be exploited to cause a stack corruption by tricking a user into opening a specially crafted AMS file. CVE-2011-2914: An off-by-one error within the "CSoundFile::ReadDSM()" function (src/load_dms.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted DSM file. CVE-2011-2915: An off-by-one error within the "CSoundFile::ReadAMS2()" function (src/load_ams.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted AMS file. Affected packages: Pardus 2009: libmodplug, all before 0.8.7-7-7 Pardus 2011: libmodplug, all before 0.8.8.1-7 Resolution ========== There are update(s) for libmodplug. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up libmodplug Pardus 2011: pisi up libmodplug References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18917 ------------------------------------------------------------------------ From meltem at pardus.org.tr Mon Sep 5 14:57:03 2011 From: meltem at pardus.org.tr (Meltem =?utf-8?q?Parmaks=C4=B1z?=) Date: Mon, 5 Sep 2011 14:57:03 +0300 Subject: [Pardus-security] [PLSA 2011-113] dhcp: Multiple vulnerabilities Message-ID: <201109051457.03959.meltem@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-113 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in dhcp. Description =========== CVE-2011-2748: The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. CVE-2011-2749: The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. Affected packages: Pardus 2009: dhcp, all before 4.2.1_p1-27-10 Pardus 2011: dhcp, all before 4.2.1_p1-31-p11 Resolution ========== There are update(s) for dhcp. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up dhcp Pardus 2011: pisi up dhcp References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=19010 ------------------------------------------------------------------------