VARIoT IoT vulnerabilities database

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. FreeType is prone to multiple remote vulnerabilities, including: Multiple buffer-overflow vulnerabilities A remote code-execution vulnerability Multiple integer-overflow vulnerabilities An attacker can exploit these issues by enticing an unsuspecting victim to open a specially crafted font file. Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to FreeType 2.4.0 are vulnerable. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. Background ========== FreeType is a high-quality and portable font engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/freetype < 2.4.8 >= 2.4.8 Description =========== Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8" References ========== [ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA40586 SA40816 SA45628 SA46575 SA46839 SA48268 SOLUTION: Apply updated packages via the zypper package manager. A heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected (CVE-2010-2520). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520 http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: a350e339a4fe6a22f36657cabbe6141a 2008.0/i586/libfreetype6-2.3.5-2.3mdv2008.0.i586.rpm bc9f891fe8d8a8c714d2534e06ad43d4 2008.0/i586/libfreetype6-devel-2.3.5-2.3mdv2008.0.i586.rpm a50784f5664168dc977a3ddcd493086a 2008.0/i586/libfreetype6-static-devel-2.3.5-2.3mdv2008.0.i586.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5ab49d2b55215d52399a254cf50a1956 2008.0/x86_64/lib64freetype6-2.3.5-2.3mdv2008.0.x86_64.rpm f820a98378b967322135bb10b75327c5 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 61ff08937d8ae39f41a1851b2b042ff3 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2009.0: f017f08c4b65d81140aa847e61c234a4 2009.0/i586/libfreetype6-2.3.7-1.2mdv2009.0.i586.rpm e2a712f6d532fa7cede07ff456b1f659 2009.0/i586/libfreetype6-devel-2.3.7-1.2mdv2009.0.i586.rpm b7b0c9acd3e79d7df842a0b8708386d2 2009.0/i586/libfreetype6-static-devel-2.3.7-1.2mdv2009.0.i586.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 06e1c0b0330ea7485f0a1058e3ea410c 2009.0/x86_64/lib64freetype6-2.3.7-1.2mdv2009.0.x86_64.rpm 2e8d45b79ca52ec58b701b058d5042e5 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 73758504e74f747a577ba14f91d1fff6 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.1: df9d47720ebf2d9dcc3574a3b28f1f41 2009.1/i586/libfreetype6-2.3.9-1.3mdv2009.1.i586.rpm 32517c3e3680189ababc2bfb316dcbca 2009.1/i586/libfreetype6-devel-2.3.9-1.3mdv2009.1.i586.rpm 35577f7a2056c88f572f6bd646332b9a 2009.1/i586/libfreetype6-static-devel-2.3.9-1.3mdv2009.1.i586.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 93d370c19ed7db70983a379745fd26c0 2009.1/x86_64/lib64freetype6-2.3.9-1.3mdv2009.1.x86_64.rpm 7f10623f49b55097ac9eafab3b47b0f4 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 739ba87a09510c56db2efddcf7b025a6 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 6d902cc9de35aa3be96aedc53e42fbc8 2010.0/i586/libfreetype6-2.3.11-1.1mdv2010.0.i586.rpm 15499b1ad5daf5e8eef7bd02081b2b9a 2010.0/i586/libfreetype6-devel-2.3.11-1.1mdv2010.0.i586.rpm ed079e1c8bba12831544e89f41f61902 2010.0/i586/libfreetype6-static-devel-2.3.11-1.1mdv2010.0.i586.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a74b2d177174752d43977810e821c6c7 2010.0/x86_64/lib64freetype6-2.3.11-1.1mdv2010.0.x86_64.rpm 9c50ecf9f507944ee152f5984a79db8c 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 3522e4b48ea9970bdd6aabfb22aa0edd 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 0f19f70a4e6d8c02beab6648c23b8285 2010.1/i586/libfreetype6-2.3.12-1.1mdv2010.1.i586.rpm 5a934ad9a2f448f9329ec6af80333111 2010.1/i586/libfreetype6-devel-2.3.12-1.1mdv2010.1.i586.rpm 241e874e820a0970f98b707b8291c340 2010.1/i586/libfreetype6-static-devel-2.3.12-1.1mdv2010.1.i586.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 0771262b102961d7edc94575528d5948 2010.1/x86_64/lib64freetype6-2.3.12-1.1mdv2010.1.x86_64.rpm 01f630dde7c5896f9152e2a1d1ad141d 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 9c8e3745e78491cdfb2a039181de7e86 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Corporate 4.0: b47474a48a5374b118a03dedb32675df corporate/4.0/i586/libfreetype6-2.1.10-9.10.20060mlcs4.i586.rpm ddd413cc050cc9bb5b36339b749f784a corporate/4.0/i586/libfreetype6-devel-2.1.10-9.10.20060mlcs4.i586.rpm 96eccead61eb74c0ca706349f27fd318 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.10.20060mlcs4.i586.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6b01ebbb7476d3cc2d2a469d4250df63 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.10.20060mlcs4.x86_64.rpm 9ace9cf4dee54ad6a78b126f3ff1cdd6 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 7a17d135bb1d36852c271fa353e50da0 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ab6b886c00b3956805885f42bb480d19 mes5/i586/libfreetype6-2.3.7-1.2mdvmes5.1.i586.rpm 184fc3238d6f761a727a51582d0ff2ff mes5/i586/libfreetype6-devel-2.3.7-1.2mdvmes5.1.i586.rpm b414bb7c2e78d7606a096bcda6ea2730 mes5/i586/libfreetype6-static-devel-2.3.7-1.2mdvmes5.1.i586.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 011bff1c7507d1c5b9039f9c48865f5e mes5/x86_64/lib64freetype6-2.3.7-1.2mdvmes5.1.x86_64.rpm 9a0b94b603f3765dc61590af87016b46 mes5/x86_64/lib64freetype6-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm ef94a826eb1218e9f6d027f50c1abad5 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMQy2YmqjQ0CJFipgRAltfAJ4x+MQOm7pdWHXtx2uj6129UFUHWwCfcRSu ff6oX1VrH4m/hTnNaqDy5Nw= =XCr9 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: FreeType Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40586 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40586/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 RELEASE DATE: 2010-07-14 DISCUSS ADVISORY: http://secunia.com/advisories/40586/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40586/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to various errors when processing specially crafted font files, which can be exploited to e.g. cause memory corruptions and heap-based buffer overflows by e.g. tricking a user into opening specially crafted fonts in an application using the library. SOLUTION: Update to version 2.4.0. PROVIDED AND/OR DISCOVERED BY: Robert Swiecki ORIGINAL ADVISORY: Robert Swiecki: http://www.swiecki.net/security.html FreeType: http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2070-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 14, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : freetype Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny2. For the unstable distribution (sid), these problems have been fixed in version 2.4.0-1. We recommend that you upgrade your freetype packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs mWwAn1lQsDqPntOyBssbJ901IHmL8FW/ =Y+AX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-963-1 July 20, 2010 freetype vulnerabilities CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.7 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.3 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.2 Ubuntu 9.10: libfreetype6 2.3.9-5ubuntu0.1 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Robert Święcki discovered that FreeType did not correctly handle certain malformed font files. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.diff.gz Size/MD5: 66378 53a1e74f47f7370e6cedfd49ef33f82a http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.dsc Size/MD5: 719 4f1ab392b150b45f00d7084a2fda2e3f http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 717700 ef25a872834db5b57de8cba1b9d198bb http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 440434 6f785a8660ca70a43e36157b9d5db23a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 133890 558c68a334e4bb3ebbf9bb2058234d17 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_amd64.udeb Size/MD5: 251848 1cf31177a65df3bb23712a9620937724 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 677528 9551dffd9a301d368c799a38f7161bb4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 415952 5605ecc4398f4e1c5fa8822233b36e9b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 117280 bb7fd6d1f7eb762cf355d8c34c3da705 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_i386.udeb Size/MD5: 227420 27670bac197089a9588b7167679e7f05 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 708556 09c6d8c9859b29f777e017d4532d7d6b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 430594 56625ca1fa70f5859a8e293a98421547 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 134270 ef77dec93e203f782865a3142d88c180 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_powerpc.udeb Size/MD5: 241644 b140c31ea68f78e54096ad60e1b214d0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 683840 184e946cc8d89d1d169b4047e27c92b0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 411518 a420b09b4f205bf6e55e7aa4782c88fc http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 120116 9c8db36770be6466ef897314ea4abc4b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_sparc.udeb Size/MD5: 222590 905398b9656ebc72cc70b7bdca894ab2 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.diff.gz Size/MD5: 37126 04fe68272c3a06e116a13e89f1ea4f13 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.dsc Size/MD5: 907 b46efc68ee637cb27c2a76d4594b5615 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 694110 b35305e27ad2531fd774c19748efde7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 361814 cec5f15ce8a397d8212f764ff7e25f0b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 221334 56fd8a5204e014256105d1e7d833f275 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_amd64.udeb Size/MD5: 258230 21b232b84b12f335843504b49d9ff284 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 663244 3f15ca19cbe6fc05840409958cea65b1 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 346772 99afdc331b475c43beda28d4459ff4e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 201222 d8487d4840b48cc60370daddc3fc61ab http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_i386.udeb Size/MD5: 243290 a9a85de7d9467d99e5fec169bfaa9908 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 665008 d19873caab8d82d40d046cf98350fb98 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 346972 580b60a5a20371df70d770e5b45d3d67 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 205460 dadb0d5ffc952504953c15d41d0a2356 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_lpia.udeb Size/MD5: 244160 d60ef9b4abdb4d345c382c3950075544 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 687172 978bb494ab76f8a150dc9f1886df2873 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 357724 f6c2693b012c775e7f85bea30e7d6ac7 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 235556 7c13b39c41718a3e7e594a08a9c42fd9 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_powerpc.udeb Size/MD5: 254440 80ad8bcba1a39760e217dc91f447aacd sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 657974 d1d6d8ab63f4e6624b1c7b69756d02f9 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 331648 8b2df436ad35d4c71c90ebfe1ed86c5d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 199746 4da2f86265e6a7714fbe0bde32f22154 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_sparc.udeb Size/MD5: 227682 dcf258655d624daa833a315fa68af6ae Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.diff.gz Size/MD5: 39290 799e4e568b9806952f927c4b3a896f87 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.dsc Size/MD5: 1311 ea7ece62a87ca6a90244d4a419ac6259 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 729182 0db366c000c726419ef46d0d2047adcd http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_amd64.udeb Size/MD5: 272744 96613f4e2ed3cc1217c9ac9ad2e8f8fa http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 406484 9580234639381beaf1e1e0ba1707b7e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 226422 89ab56c75fbe22efb8140ca82960ddfd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 697534 1cf3d4991a00804ea20d7898cfddd6ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_i386.udeb Size/MD5: 257702 f96e5175f5ebfb858718498a5ac62971 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 391938 509d532cba962f210ee2223d51f7f001 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 198728 7930d58edf1ab1c3380e102b82ac5170 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 698598 a88f33a3010d4b7f8d331dd0346b22d4 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_lpia.udeb Size/MD5: 257644 6aed18309e225f9b1413f5c85696d725 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 392384 40c1a93c1b72421ca40f0a7b80f91882 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 201552 a9d7be5b254bead82386687714cf778e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 719872 60ff1a115a7254f82b8d80b6c6ef6b74 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_powerpc.udeb Size/MD5: 265648 72e68838b98843ff0515af3b854065f0 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 399740 ce2b8574754fb9a6c08bfdff0f3b8aa4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 227856 fa508302d46bb73c1b2a13aa11871239 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 689132 c3d269891e090d405b2cf7da96e77341 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_sparc.udeb Size/MD5: 238116 7487d5f6c08361212430bca6261ef016 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 371970 95d02ed537411018ac66a3a91bc82093 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 201374 5c0f80146fd1366e88c75fd427b04f56 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.diff.gz Size/MD5: 38847 6694e4319b4b87a7366381ff0f4066ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.dsc Size/MD5: 1311 4aacd927d22517066aa795b0b4637c57 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 730814 04cbd59abf8eb133c93b5052881758c5 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_amd64.udeb Size/MD5: 274918 10491ab571ad8cc4314b53ae3a905809 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 408744 d9ed733aef1661ebe41bbc7cbf2c4f82 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 230716 be893e6cffe7985b67d8cfa4a52ed99d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 696776 9d749fe8de579cb210a0da29681ef8f0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_i386.udeb Size/MD5: 258496 1fdd1a45327b4289e58fae36a93a6de7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 393238 5a0daf57499a91de25f76ccea6274279 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 195654 d7f4aafc59c8d61608ff6469356945d3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 699162 446907e7a2853e3e27ad182fc87dd763 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_lpia.udeb Size/MD5: 259118 7d849cb8ef0ecafcacd8805aa5704f21 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 393668 9d9b9fcffa4bf4551b7f82a8a817b967 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 198448 5a680f80d2ae1815a4ab891cfeab51c9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 719470 dc2557d025bf350eca70fb9b12e77a72 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_powerpc.udeb Size/MD5: 264240 017ed182ca776de01b1f4a31c28807f3 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 398432 673f831700bd5078dab940620328d16d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 203786 ad1d3625e2712b5290c1abdcf46c556f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 690882 474956a99bd530921143a5deaedb922a http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_sparc.udeb Size/MD5: 240326 43beb7cf66c7e9473280672381d539b2 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 374390 636de364e467d9400a8237ef636b5bb4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 195772 0152eff0742d67f470d6a7e5d79ba410 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.diff.gz Size/MD5: 37792 91c5ee03d36da51a835976e0ff1c688e http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.dsc Size/MD5: 1313 34b2898a751164cadbd59572bf0eacc8 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 739366 b8e244fef49b2422e180b5fc37d4fc7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_amd64.udeb Size/MD5: 277296 09c42186549e22f61dedc77f162bade9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 434322 e62e542678e479a90938357c14f0a86a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 221370 39c8dcc460781359a5283df0aba0792d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 704664 64c3751c6f9341a4bd432cccc4d611ae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_i386.udeb Size/MD5: 260696 636de26225eae8f7c480738545ecaeae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 418488 db37df9fc07ace0ef2ded4d9a7a91637 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 188672 cc48be4e042eb3215c50bec8ed566a91 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 727760 c1f31e0952484cb3a154c30d8efabe2e http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_powerpc.udeb Size/MD5: 266454 89a1057d4e013fae1c7265199a3b6627 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 423818 28a622d650c3c9e0db13a20f1d69acb1 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 196646 44a6cb7e6084c96fb95e36723e187b56 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 707062 4a3a0b8a2b1a3e3d19a219ebef461380 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_sparc.udeb Size/MD5: 250700 e827e5ab700b21f343e44a4da45253b7 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 407810 423b481bec4b66ec2375c34a6ce4e153 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 198278 0c059b0b2d188a61c50ea61aeededad8

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Multiple BSD kernels are prone to multiple local denial-of-service vulnerabilities because they fail to properly verify signedness of user-supplied values. Attackers can exploit these issues to cause the kernel to panic, denying service to legitimate users. Given the nature of these issues, attackers may be able to execute arbitrary code, but this has not been confirmed. These issues affect versions prior to the 'netsmb' kernel module 1.35 on NetBSD, FreeBSD, and Apple OS X where 'netsmb' is available as a kernel extension. NetBSD/FreeBSD/Apple Mac OS X are all operating systems based on the BSD system. This vulnerability has been confirmed in the ioctl response of (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. WebKit is prone to an information-disclosure vulnerability. A remote attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to WebKit 1.2.2-1 (AMD 64) are vulnerable; other versions may also be affected. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)

IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. An remote attacker could take full control of a vulnerable device. Cisco Provided by Cisco Industrial Ethernet 3000 Set to series SNMP Community String May be used by remote third parties. Cisco IOS Software release 12.2(52)SE Or 12.2(52)SE1 Using Cisco Industrial Ethernet 3000 The series SNMP Community String Is hard-coded. In addition, when the product is restarted, the hard-coded value is set again. In addition, SNMP The service is disabled by default.SNMP Community String Without changing Cisco Industrial Ethernet 3000 When operating the series, the setting of the corresponding product may be changed by a remote third party. This issue is tracked by Cisco Bug ID CSCtf25589. ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cisco Industrial Ethernet 3000 Hardcoded SNMP Community Names SECUNIA ADVISORY ID: SA40407 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40407/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40407 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40407/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40407/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40407 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco Industrial Ethernet 3000, which can be exploited by malicious people to potentially compromise a vulnerable device. This can be exploited to e.g. Successful exploitation requires that the SNMP service is enabled (disabled by default). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. SNMP is used for managing and monitoring the device and community names are the equivalent to a password. Cisco has provided a workaround that ensures the community names are removed when the device reloads. Once the device is reloaded the original configuration is inserted without the access lists or mib views assigned to the community names. Consult the workarounds section of this advisory. This vulnerability was introduced as part of a new feature integrated into the affected releases called PROFINET. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-1574. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCtf25589 - Hard-coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device. Software Versions and Fixes =========================== When considering software upgrades, consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to ensure the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release specified in the "First Fixed Release" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |--------------+----------------------------------------------------| | Affected | | | 12.0-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases | |-------------------------------------------------------------------| | Affected | | | 12.1-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | | | 12.2-Based | First Fixed Release | | Releases | | |--------------+----------------------------------------------------| | | Releases prior to 12.2(52)SE are not vulnerable. | | 12.2SE | First fixed in release 12.2(55)SE. Currently | | | scheduled to be available August 2010. | |-------------------------------------------------------------------| | There are no other affected 12.2 based releases | |-------------------------------------------------------------------| | Affected | | | 12.3-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | | | 12.4-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.4 based releases | |-------------------------------------------------------------------| | Affected | | | 15.0-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 15.0 based releases | |-------------------------------------------------------------------| | Affected | | | 15.1-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 15.1 based releases | +-------------------------------------------------------------------+ Workarounds =========== Manually Remove SNMP Community Names +----------------------------------- Note: The following workaround is only effective until the device is reloaded. Upon each reload of the device this workaround must be re-applied. Log in to the device, and enter configuration mode. This workaround must be applied each time the device is reloaded. Automatically Remove SNMP Community Names +---------------------------------------- By creating an Embedded Event Manager (EEM) policy, it is possible to automatically remove the hard-coded SNMP community names each time the device is reloaded. The following example shows an EEM policy that runs each time the device is reloaded and removes the hard-coded SNMP community names. event manager applet cisco-sa-20100707-snmp event timer countdown time 30 action 10 cli command "enable" action 20 cli command "configure terminal" action 30 cli command "no snmp-server community public RO" action 40 cli command "no snmp-server community private RW" action 50 cli command "end" action 60 cli command "disable" action 70 syslog msg "Hard-coded SNMP community names as per Cisco Security Advisory cisco-sa-20100707-snmp removed" For more information on EEM policies consult the Cisco IOS Network Management Configuration Guide - Embedded Event Manager Overview at the following link: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html Infrastructure Access Control Lists +---------------------------------- Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the device interface or the border of networks. If SNMP management is not required on the IE3000, then dropping all SNMP traffic to the device is a sufficient workaround. The iACL below shows an example of an IE3000 with two interfaces configured with layer 3 access, dropping all SNMP queries destined to the IE3000: !--- !--- Deny SNMP traffic from all other sources destined to !--- configured IP addresses on the IE3000. !--- access-list 150 deny udp any host 192.168.0.1 eq snmp access-list 150 deny udp any host 192.168.1.1 eq snmp !--- !--- Permit/deny all other Layer 3 and Layer 4 traffic in !--- accordance with existing security policies and configurations !--- Permit all other traffic to transit the device. !--- access-list 150 permit ip any any !--- !--- Apply access-list to all Layer 3 interfaces !--- (only two examples shown) !--- interface Vlan1 ip address 192.168.0.1 255.255.255.0 ip access-group 150 in interface GigabitEthernet1/1 ip address 192.168.1.1 255.255.255.0 ip access-group 150 in The white paper "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists. This white paper can be obtained at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered when handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2010-July-07 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMNJS386n/Gc8U/uARAmN5AJsGyv7GXrtcrfddAeeDa6U8ZeYhyQCcCIkj EnlJFTHJ1iEyqh41bdAq0so= =qocW -----END PGP SIGNATURE-----

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. NETGEAR DGN2200 Device firmware dnslookup.cgi Any OS A command execution vulnerability exists. The NETGEARDGN2200 is an ADSL router device. Green Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NETGEAR DGN2200 is a wireless router product of NETGEAR

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. The D-linkDI-604 is a small router device. CruxPA is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. CruxPA 2.00 is vulnerable; prior versions may also be affected. D-Link DSL-2730U is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Author : B GOVIND Exploit Title : DLink DSL-2730U Wireless N 150, Change DNS Configuration bypassing aadmina privilege Date : 01-03-2017 Vendor Homepage : http://www.dlink.co.in Firmware Link : ftp://support.dlink.co.in/firmware/DSL-2730U Affected version : Hardware ver C1, Firmware ver: IN_1.0.0 Email id : govindnair7102@gmail.com CVE : CVE-2017-6411 Change DNS Configuration Bypassing aadmina Privilege ------------------------------------------------------- D-Link DSL-2730U wireless router is a very popular SOHO network device used in India. This device has three default accounts aadmina, asupporta and ausera. As per D-Link only aadmin" account has unrestricted access to change configuration of device. Account name ausera can just view configuration settings and statistics. 1. Description of Vulnerability Cross Site Request Forgery can be used to manipulate dnscfg.cgi in this device. An insider / external attacker (remote management to be enabled for external attacker) can change primary and secondary DNS IP address to some malicious IP address without using aadmina account. 2. Proof of Concept Use following URL to modify the DNS entries: http://user:user@192.168.1.1/dnscfg.cgi?dnsPrimary=x.x.x.x&dnsSecondary=y.y.y.y&dnsIfcsList=&dnsRefresh=1 Here x.x.x.x and y.y.y.y are the malicious IP address attacker can use. 3. Impact of vulnerability Information Disclosure: An attacker exploiting this vulnerability can obtain confidential information like users browsing profile. Modifying device DNS settings allows cybercriminals to perform malicious activities like the following: (a) Redirect user traffic to malicious/fake sites. These sites can be phishing pages that spoofs well-known sites and tricks users into submit sensitive user credentials like banks account username and password. (b) This can ensure that no more patches are updated from OS vendor sites or firewall sites. (c) Replace ads on legitimate sites and serve users with unwanted/fake ads. (d) Pushing malwares. 4. Solution As per D-Link India this is the only no updated firmware is available for this hardware version which can mitigate this vulnerability which avoids privilege escalation. All users of this hardware should change default passwords of not just aadmina account but also ausera and asupporta Change All Account Password Bypassing aadmina Privilege ---------------------------------------------------------- D-Link DSL-2730U wireless router is a very popular SOHO network device used in India. This device has three default accounts aadmina, asupporta and ausera. As per D-Link only aadmin" account has unrestricted access to change configuration of device. Account name ausera can just view configuration settings and statistics. Default password of admin, support and user account are admin, support and user respectively. 1. Description of Vulnerability Cross Site Request Forgery can be used to manipulate password.cgi in this device. 2. Proof of Concept This exploit works only when accounts are using default password. Use following URL to change aadmina account password from aadmina to aadmin1a. http://user:user@192.168.1.1/password.cgi? inUserName=admin&inPassword=ZGFyZWFkbWluMQ==&inOrgPassword=ZGFyZWFkbWlu (b) Use following URL to change asupporta account password from asupporta to asupport1a. http://user:user@192.168.1.1/password.cgi? inUserName=support&inPassword=ZGFyZXN1cHBvcnQx&inOrgPassword=ZGFyZXN1cHBvcnQ= (c) Use following URL to change ausera account password from ausera to auser1a. http://user:user@192.168.1.1/password.cgi? inUserName=user&inPassword=ZGFyZXVzZXIx&inOrgPassword=ZGFyZXVzZXI= Here ainPassworda is the new password and ainOrgPassworda is the existing password. Both these password strings are base64 encoded for confidentiality as connection between browser and web server is using http. 3. Impact of vulnerability Elevation of privilege, Information Disclosure, Denial Of service (a) Insider/Attacker can change the passwords of all the existing accounts and control the device as required. This will result in attacker having complete control over the device. He can capture traffic of other user and analyse traffic. Attacker can deny services as per his/her choice. 4. Solution As per D-Link India this is the only no updated firmware available for this hardware version which can mitigate this vulnerability. All users of this hardware should change default passwords of all the default accounts. Enable/Disable LAN side Firewall without admin privilege --------------------------------------------------------- D-Link DSL-2730U wireless router is a very popular SOHO network device used in India. This device has three default accounts aadmina, asupporta and ausera. As per D-Link only aadmin" account has unrestricted access to change configuration of device. Account name ausera can just view configuration settings and statistics. Default password of admin, support and user account are admin, support and user respectively. 1. Description of Vulnerability Cross Site Request Forgery can be used to manipulate lancfg2.cgi in this device. An insider / external attacker (remote management to be enabled for external attacker) can enable/disable LAN side firewall without aadmina privilege using auser a account. 2. Proof of Concept Use following URL to enable LAN side firewall http://user:user@192.168.1.1/lancfg2.cgi?ethIpAddress=192.168.1.1&eth SubnetMask=255.255.255.0&enblLanFirewall=1&enblIgmpSnp=0&enblIgmpMode=0&dhcpEthStart=192.168.1.2&dhcpEthEnd=192.168.1.254&dhcpLeasedTime=86400&enblDhcpSrv=1&enblLan2=0&enblLanDns=0 Use following URL to disable LAN side firewall http://user:user@192.168.1.1/lancfg2.cgi?ethIpAddress=192.168.1.1&ethSubnetMask=255.255.255.0&enblLanFirewall=0&enblIgmpSnp=0&enblIgmpMode=0&dhcpEthStart=192.168.1.2&dhcpEthEnd=192.168.1.254&dhcpLeasedTime=86400&enblDhcpSrv=1&enblLan2=0&enblLanDns=0 3. Impact of vulnerability By disabling LAN side firewall and by enabling Port Triggering, an attacker can ensure a backdoor access within LAN side as well as from WAN side. Attacker can run port scanning tools to map services which otherwise wont be possible with firewall enabled. 4. Solution As per D-Link India this is the only no updated firmware available for this hardware version which can mitigate this vulnerability. All users of this hardware should change default passwords of all the default accounts

The BlackBerry 9700 is a popular smart platform phone. The BlackBerry 9700 WEB service has an unspecified security vulnerability that allows a remote attacker to crash a web application. No detailed vulnerability details are currently available. An attacker can exploit this issue to crash the browser on the affected device, denying service to legitimate users

The Apple iPad is a touch-enabled, powerful tablet. The Apple iPad has an unidentified security vulnerability that allows an attacker to establish a client-specific attack. No detailed vulnerability details are currently available. We will update this BID as more information emerges

HTC Touch Viva is a touch WM smart platform mobile phone. HTC Touch Viva has an unspecified security vulnerability that allows an attacker to establish a client-specific attack. No detailed vulnerability details are currently available. This issue is exploitable through the Opera browser on the device. We will update this BID as more information emerges

The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. When using CSS to terminate SSL communication, you must first authenticate the SSL client certificate. The CSS usually passes the identity of the client to the backend web server in the form of the following HTTP header: ClientCert-Subject: XXXClientCert-Subject-CN: XXXClientCert-Fingerprint: XXXClientCert-Subject-CN: XXXClientCert-Issuer-CN: XXXClientCert-Certificate-Version : XXXClientCert-Serial-Number: XXXClientCert-Data-Signature-Algorithm: XXXClientCert-Subject: XXXClientCert-Issuer: XXXClientCert-Not-Before: XXXClientCert-Not-After: XXXClientCert-Public-Key-Algorithm: XXXClientCert-RSA-Modulus-Size : XXXClientCert-RSA-Modulus: XXXClientCert-RSA-Exponent: XXXClientCert-X509v3-Subject-Key-Identifier: XXXClientCert-X509v3-Authority-Key-Identifier: XXXClientCert-Signature-Algorithm: XXXClientCert-Signature: XXX but CSS does not protect against the client Provides its own ClientCert-* header, so an attacker can act as a fake user for other users, depending on how the application developer handles multiple header copies. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. The problem is Bug ID : CSCta04885 It is a problem.Avoid inserting headers by a third party through crafted header data, or HTTP Request Smuggling An attack may be triggered. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (layers 4-7) for the data center. CSS differs from the way a common web server interprets HTTP line breaks. RFC 2616 defines a US ASCII carriage return/line feed (CRLF) sequence as a line termination flag for protocol elements (excluding entities), both CSS and ACE. But popular web servers allow the arrangement of various CRLF sequences (including LF, CR, and LFCR) as line termination markers. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885

The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. This vulnerability CVE-2010-1576 Due to an incomplete fix.Through a specially crafted header data by a third party, HTTP A request smuggling attack may be performed and intended header insertion may be avoided. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (layers 4-7) for the data center. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885

Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. Opera Web Browser is prone to a remote security vulnerability. It supports multi-window browsing and a customizable user interface. ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Opera Two Security Issues SECUNIA ADVISORY ID: SA40375 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40375/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40375 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40375/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40375/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40375 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in Opera, which can be exploited by malicious people to disclose potentially sensitive information or compromise a user's system. 1) A design error in the "Download" dialog can be exploited cause a file to be downloaded and executed if a user is tricked into double-clicking a link on a specially crafted page. 2) An error in the handling of file upload forms can be exploited to cause a user to unintentionally upload an arbitrary file from the local file system if the user is tricked into pasting clipboard content into a form on a specially crafted web site. Successful exploitation requires that the clipboard contains a string that specifies a path to a local file, e.g. set by a plug-in. The security issues are reported in versions prior to 10.60. SOLUTION: Update to version 10.60. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits Andrew Valums. ORIGINAL ADVISORY: Opera: http://www.opera.com/docs/changelogs/windows/1060/ http://www.opera.com/support/kb/view/957/ http://www.opera.com/support/kb/view/958/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trend Micro InterScan Web Security Virtual Appliance is a Trend Micro Web Security Gateway that provides plug-and-play protection against web threats. The InterScan Web Security Virtual Appliance does not adequately filter parameters like \"desc\", \"metrics__notify_body\", \"metrics__notify_subject\", etc., which can lead to cross-site scripting attacks. Successful exploitation of vulnerabilities can execute arbitrary script code or gain unauthorized access to the web console on the target user's browser. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability.". An attacker can exploit this issue to gain unauthorized access to protected resources, which may lead to other attacks. This issue affects IIS 5.1; other 5.x versions may also be affected. Please note that this issue does not affect versions 6.x and 7.x. ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Microsoft Internet Information Services Basic Authentication Security Bypass SECUNIA ADVISORY ID: SA40412 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40412/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40412 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40412/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40412/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40412 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Soroush Dalili has discovered a vulnerability in Microsoft Internet Information Services, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the handling of basic authentication for directories. This can be exploited to bypass authentication and access e.g. protected directories by appending the NTFS stream name and stream type (":$i30:$INDEX_ALLOCATION") to the directory name within a request. The vulnerability is confirmed in version 5.1 on a fully-patched Windows XP SP3. SOLUTION: Do not rely on the basic authentication method to restrict access to resources. PROVIDED AND/OR DISCOVERED BY: Soroush Dalili ORIGINAL ADVISORY: http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-257A Microsoft Updates for Multiple Vulnerabilities Original release date: September 14, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office Overview There are multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for September 2010 describes multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address the vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for September 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for September 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-257A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-257A Feedback VU#447990" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History September 14, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTI/u6T6pPKYJORa3AQKfgQgAsBDEHMH+Dq73qHFwsGnUIBWi7DkAV64s 0tz109GDGQRXL/MkXwWfaFfDc+h4ZUgjfVv93GBjK0NI78mYOWxSS7Pd3WhD6TaH YFcDcF4IW06Er4wEjgR+y5fTvF17k3Cix0GdsVzet/I2XMd4uCnIrHyLzLgZhf5s sWtv+kLaqCKUl8zsmcpmTcKUt+V2U3VWGeICIwuZXjB8FNHWuzYN1r/togFt0tcA 16gtGSCmdJy6Er+FyXxTJvWX4uJywBTDtIZZY/xyhGp2dBWUdOfY1k+7C5Dp/tCY Rq9tOY6caxHUYmitTtABaop83jTJFnS53lQJo4UizDNQoNbRSUIVFA== =dDpT -----END PGP SIGNATURE-----

JP1/ServerConductor/Deployment Manager's Client Service for DPM has a vulnerability which could cause a shutdown or restart of the client computer when receiving ill-formed data.A remote attacker could shut down or restart the target system.

The D-Link DAP-1160 is a small wireless AP. The user must provide the correct login credentials before accessing the device's web management interface, but if the device's web server is restarted for a short time (about 40 seconds), the following URL address is accessed: http://IP_ADDR/tools_firmw .htm allows you to access the device's web interface without authentication and then perform various administrative operations such as reconfiguration, obtaining sensitive information, modifying Wi-Fi SSIDs, and pass phrases. The attacker does not have to wait for the device to reboot, and can remotely reboot the device through the DCC protocol. The D-Link DAP-1160 wireless access point (WAP) is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass security restrictions, access certain administrative functions, alter configuration, or trigger a denial-of-service condition. D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are vulnerable

D-Link DAP-1160 is a dual network port 802.11g 54M wireless bridge, wireless relay, wireless AP. The DCCD is a UDP daemon that listens on the UDP 2003 port of the device. The device can be easily configured through the DCC protocol. Sending the correct formatted UDP data frame, the DCCD daemon will not need to verify the execution of the relevant security operations. Sensitive wireless configuration parameters such as WI-FI SSID, encryption type, key and password fields can be obtained remotely. It is also possible to modify device parameters and configurations, or reboot without having to obtain a WEB administrative password. The D-Link DAP-1160 wireless access point (WAP) is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass security restrictions, access certain administrative functions, alter configuration, or trigger a denial-of-service condition. D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are vulnerable

Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. Linksys WAP54Gv3 is a wireless router device

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. Firmware versions prior to Cisco ASA 8.1(2) are vulnerable. This issue is being tracked by Cisco Bugid CSCsr09163