Fedora Essential and Critical Security Patch Updates - Page 775
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/
This update fixes several security issues: CVE-2009-0163, CVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166. PDF files are now converted to PostScript using the poppler package's "pdftops" program. NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add "ServerAlias hostname" to cupsd.conf for each such name. The special line "ServerAlias *" disables checking (but this allows DNS rebinding attacks).
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/
Update moin to 1.6.4. Fix the following CVEs: CVE-2008-0781 (again), CVE-2008-3381, CVE-2009-0260, CVE-2009-0312. Fix AttachFile escaping problems, upstream 1.7 changeset 5f51246a4df1 backported.
udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially-crafted arguments as input to this utility. (CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.
udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially-crafted arguments as input to this utility. (CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.
This update fixes several security flaws: CVE-2009-0792 (multiple integer overflows and missing upper-bounds checks in icclib), CVE-2009-0196 (missing boundary check in jbig2dec library), and CVE-2008-6679 (buffer overflow in pdfwrite device).
This update fixes several security flaws: CVE-2009-0792 (multiple integer overflows and missing upper-bounds checks in icclib), CVE-2009-0196 (missing boundary check in jbig2dec library), and CVE-2008-6679 (buffer overflow in pdfwrite device).
Improvements for 3.1.3.2: - [security] Insufficient output sanitizing when generating configuration file
Improvements for 3.1.3.2: - [security] Insufficient output sanitizing when generating configuration file
Update to new minor upstream release. Minor security issue fixes and bug fixes.
Update to new minor upstream release. Minor security issue fixes and bug fixes.
Fixed log world-writable when the --access-log-file option is used.
This update corrects the behaviour of pptpsetup when its --delete option is used, retaining the permissions of /etc/ppp/chap-secrets rather than creating a new file that is likely to be world-readable.
Multiple integer overflows and multiple insufficient upper-bounds checks on certain variable sizes were originally discovered in the Ghostscript's International Color Consortium Format Library (icclib). It was found, the original patch, addressing this issue was incomplete.
Fix insecure permissions on multipathd.sock (CVE-2009-0115)
Fix insecure permissions on multipathd.sock (CVE-2009-0115)