Fedora Essential and Critical Security Patch Updates - Page 787
Find the information you need for your favorite open source distribution .
Fedora 7 Update: gallery2-2.2-0.7..
Security fix release for Gallery 2.2 series. Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in (a) WebDAV and (b) Reupload modules.
Fedora 7 Update: vavoom-1.24-3.fc7
Security update fixing various format strings vulnerabilities and a DOS vulnerability in the vavoom server, this fixes: CVE-2007-4533, CVE-2007-4534 & CVE-2007-4535. Also see bugzilla bug 256621.
Fedora 7 Update: sylpheed-2.3.1-5
Ulf Harnhammar (Secunia Research) has discovered a format string vulnerability in sylpheed and claws-mail in inc_put_error() function in src/inc.c when displaying POP3 error reply. Problem can be exploited by malicious POP3 server via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.
Fedora 7 Update: moodle-1.8.2-1.fc7
Upgrade to 1.8.2, Security fixes for 247582. Also corrects bug 245750, cron job problem.
Fedora 7 Update: koffice-1.6.3-9.fc7
This is an update to address a stack-based buffer overflow vulnerability in kword's pdf filter.
Fedora 7 Update: mediawiki-1.9.3-34.0.2.fc7
This update fixes the following vulnerability: "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer."
Fedora 7 Update: cups-1.2.12-4.fc7
This update fixes a security problem concerning PDF handling. It also fixes printing speed with USB printers, and includes a fix for the LSPP support.
Fedora 7 Update: tetex-3.0-40.1.fc7
* Fri Aug 10 2007 Jindrich Novy 3.0-40.1 - backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251514) - don't mess up file contexts while running texhash (#235032)
Fedora 7 Update: kdegraphics-3.5.7-2.fc7
This is an update to address a vulnerability in kpdf, one that can cause a stack based buffer overflow.
Fedora 7 Update: kdelibs-3.5.7-20.fc7
This update primarily addresses problems with URL spoofing and consolekit/session permissions.
Fedora 7 Update: kdebase-3.5.7-13.fc7
This update primarily addresses security issues around URL spoofing.
Fedora 7 Update: po4a-0.32-4.fc7
This update fixes a potential security problem (information leak) due to use of predictable name in /tmp. There is no CVE assignment yet
Fedora 7 Update: libvorbis-1.1.2-3.fc7
Multiple security flaws were found in libvorbis. This updated package fixes them all. Descriptions of the security bugs can be found in the Fedora bug reporting software.
Fedora 7 Update: id3lib-3.8.3-17.fc7
This security update fixes a (minor) tempfile creation security issue (CVE-2007-4460) by using mkstemp (bugzilla 253553)
Fedora 7 Update: bochs-2.3-7.fc7
This security update of bochs fixes CVE-2007-2894: The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
Fedora Core 6 Update: kernel-2.6.22.1-32.fc6
The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the Linux kernel before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.
Fedora Core 6 Update: gdm-2.16.5-2.fc6
Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. JLANTHEA reported a denial of service flaw in the way that gdm listens on its unix domain socket. Any local user can crash the locally running X session.
Fedora Core 6 Update: tcpdump-3.9.4-11.fc6
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
Fedora Core 6 Update: bind-9.3.4-7.P1.fc6
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. This update fixes the following flaw. Allows cache-poisoning type of attack, no workaround, affect only outgoing queries.
