Fedora Essential and Critical Security Patch Updates - Page 780
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Improvements for 3.1.3.1: - [security] HTTP Response Splitting and file inclusion vulnerabilities - [security] XSS vulnerability on export page -[security] Insufficient output sanitizing when generating configuration file
This update fixes a security issue in the expo plugin which allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts.
Fixes important lcms security bug which gives unwarranted access to malicious users.
Fixes important lcms security bug which gives unwarranted access to malicious users.
Some patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream.
Update to PostgreSQL 8.3.7, for various fixes described at https://www.postgresql.org/docs/8.3/release-8-3-7.html
Update to PostgreSQL 8.3.7, for various fixes described at https://www.postgresql.org/docs/8.3/release-8-3-7.html
Some patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream.
Security update for integer overflows (CVE-2009-0583) and upper bounds checks (CVE-2009-0584) in the ICC profile handling.
Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled.
Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled.
Security update for integer overflows (CVE-2009-0583) and upper bounds checks (CVE-2009-0584) in the ICC profile handling.
Security update fixing CVE-2008-3972, CVE-2008-2235, and CVE-2009-0368.
This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582)
This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582)
Minor security issues are fixed in new version of wireshark. Security-related bugs in the Tektronix K12 and NetScreen file formats have been fixed.
* Fix local file access bug in internal http server * Optimized implementation of the ip_set module