l have to
maintain their own patch set over GRUB code base (situation might be
better if we could coordinate better than in GRUB Legacy case in case
this happens).
For now, I'm going to import the patch into package proposed to Fedora
and am wishing the GRUB upstream good luck in becoming a
mail client's memory if you keep it running, etc.).
That's the basic principle:
*Never* let anyone who you do not trust use your desktop. Log off or
lock screen when you leave the terminal.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Wow, you really consider is a security issue? When a user does a
mistake?
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
the time the attack
took place).
Do you have a public IP address and do you run any network servers? Do
you happen to run any other network clients apart from Web browser, such
as BitTorrent client or maybe an Instant Messenger?
Thanks,
--
Lubomir Kundrak (Red Hat Security Response Team
name */
1319 sprintf (lock,"%s/.%lx.%lx",closedBox ? "" : tmpdir,
1320(unsigned long) sbuf->st_dev,(unsigned long) sbuf->st_ino);
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "u
ug in only appending one rather than two bytes for this
> particular Unicode, UCS-16, string).
Thus -- this needs voluntary cooperation of user who already has root
provileges (mount a smb share) and can cause a harmless oops triggerable
only at mount time.
Regards,
--
Lubomir Kundrak (Red H
echo /etc/pm/sleep.d/$base
69 fi
70 elif [ -x "/usr/lib/pm-utils/sleep.d/$base" ]; then
71 echo /usr/lib/pm-utils/sleep.d/$base
72 fi
73 done
Thanks,
--
Lubomir Kundrak (Red Hat Security Response
Please note that Red Hat believes that the attached patch is not
completly correct. See the Red Hat bugzilla entry for justification and
another patch:
https://bugzilla.redhat.com/show_bug.cgi?id=350271
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL
Whoops, I am terribly sorry for the noise. In fact I did not notice that
this is a different patch from proposed upstream one and is likely to be
correct.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubs
Andres: Do you have a core dump? Are you able to produce a reasonable
backtrace? Could you please how to reproduce the problem in more detail?
Thanks,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe"
Hi,
Here is the diff of changes we did to fix this for Fedora: [1].
Hopefully that will be useful also for you.
[1]
http://cvs.fedora.redhat.com/viewcvs/rpms/centericq/devel/centericq-4.21.0-overflows.patch?root=extras
Regards,
--
.''`. Lubomir Kundrak (Red Hat Security Res
t;exploit" which means that he has to compromise an account using another
vulnerability. In that case he has also numerous others way to stole
that user's privilegies by tricking the user using sudo or anything
similar. (Trojans, etc.)
--
Lubomir Kundrak (Red Hat Security Response Team
Arnfinn, it seems like many spamds spawned, but did not finish. Could
you please check what are they doing -- i.e. which message are they
trying to check and whether the hang can be reproduced with that
message?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trou
The return value of strxfrm() is never meant to
be displayed to the user.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
/source/xref/isdn4k-utils-CVS-2003-09-23/capi20/convert.c#957
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Here's a patch for two of the issues fixed by the new release. Anyone
isolated a patch for CVE-2007-0494?
--
Lubomir Kundrak (Red Hat Security Response Team)
$ FILES="
lib/dns/include/dns/validator
This issue is already assigned a CVE-2005-2395.
The upstream BTS entry is
https://bugzilla.mozilla.org/show_bug.cgi?id=281851
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
seeing this.
Did you manage to get any more information concerning this?
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
This is a documented behavior. --force-local should be used in case user
wants to unpack local file whose name contains a colon character.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
This also affects AbiWord package. In contrast to what CVE candidate
CVE-2006-4513 text says, this does _not_ affect KOffice's KWord.
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
Package: abiword
Version: 2.2.7-3sarge2
Tags: security, upstream
Severity: grave
Abiword likely uses version of VW library (see #396256) vulnerable to
two integer overflow conditions. See CVE text for more details.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513
--
Lubomir Kundrak
21 matches
Mail list logo
