Planet Frugalware

Boobaa: Diploma

Thu, 03 Jul 2008 17:18:16 +0000

http://csecsy.hu/boobaa_blogja/informatikatanar

My colleague has just brought my new stuff, as I didn't take the trouble to go to Szeged for it:

DIPLOMA
This diploma has been awarded to István László Csécsy, born in Budapest (town), - (county) Hungary (country) on %j (day) %F (month) %Y (year), who fulfilled his/her university obligations from the academic year 2003/2004 to the academic year 2007/2008 at the University of Szeged Faculty of Science and Informatics majoring in computer science.
On the basis of the decision of the Final Examination Board dated 6 (day) June (month) 2008 (year), he/she is hereby declared Teacher of Informatics.
Grade of diploma: satisfactory (3,28)
Szeged, 23 June 2008

Security announcements: FSA485 - courier-authlib

Tue, 01 Jul 2008 22:00:00 +0000

A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. potentially bypass authentication. Successful exploitation requires that a MySQL database is used for authentication and that a Non-Latin character set is selected.Vulnerable version: 0.60.2-1, Unaffected version: 0.60.6-1kalgan1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2667

Security announcements: FSA484 - xorg-server

Tue, 01 Jul 2008 22:00:00 +0000

Some vulnerabilities have been reported in X.org X11, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. 1) An integer overflow error when calculating the size of the glyph exists in the "AllocateGlyph()" function within the Render extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted request. 2) An integer overflow error when calculating the size of the glyph in the "ProcRenderCreateCursor()" function within the Render extension can be exploited to crash the X server via a specially crafted request. 3) An integer overflow error exists in the Render extension when parsing client requests for the "SProcRenderCreateLinearGradient", "SProcRenderCreateRadialGradient", or "SProcRenderCreateConicalGradient" functions and can be exploited to corrupt heap memory. 4) Multiple input validation errors in the "SProcSecurityGenerateAuthorization()", "SProcRecordCreateContext()", and "SProcRecordRegisterClients()" functions within the Record and Security extensions can be exploited to corrupt heap memory via specially crafted requests. Successful exploitation of vulnerabilities #1, #3, and #4 may allow execution of arbitrary code with privileges of the X server (typically root). 5) An integer overflow error when processing parameters to the "ShmPutImage()" request can be exploited to disclose arbitrary memory of the X server process.Vulnerable version: 1.4.0.90-5, Unaffected version: 1.4.0.90-6kalgan2, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362

Security announcements: FSA483 - apache

Tue, 01 Jul 2008 22:00:00 +0000

A vulnerability has been reported in the Apache mod_proxy module, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "ap_proxy_http_process_response()" function when forwarding interim responses. This can be exploited to consume large amounts of memory by tricking mod_proxy into sending an overly large number of interim responses to the client.Vulnerable version: 2.2.8-1, Unaffected version: 2.2.8-2kalgan1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364

Miklos: security through obscurity

Fri, 27 Jun 2008 21:08:30 +0000

okay, this won't be a happy post either, but i thought i would just share a few links here.

first, there was this article about some microsoft ie security problem, and the opensource evangelists started to hype again linux about being open, etc, etc. you know the story.

the sad fact is that, just being opensource, or let's say even having an open scm will not guarantee that all the details are published. i want to pick up a minor issue, so that i can be sure about i don't publish any details here which may not public.

let's take this commit. it's a bugfix, right? umm, if it would be security-related, they would mention it. hm, no.

to make the long story short, the relevant cve is there, even secunia released an advisory.

i could add few more details (no cve on the secunia page, the "from remote" is probably wrong), and finally make some conclustions, but i would avoid that this sime.

take care.

Security announcements: FSA482 - net-snmp

Wed, 25 Jun 2008 22:00:00 +0000

A vulnerability has been reported in Net-SNMP, which can be exploited by malicious people to spoof authenticated SNMPv3 packets. The vulnerability is caused due to an error within the verification of the HMAC digest. This can be exploited to increase the chance of successfully spoofing a packet to 1 in 256 by sending a specially crafted SNMPv3 packet with an incomplete 1 byte HMAC digest. Successful exploitation requires a valid username.Vulnerable version: 5.4.1-4kalgan1, Unaffected version: 5.4.1-4kalgan2, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960

Security announcements: FSA481 - horde-webmail

Wed, 25 Jun 2008 22:00:00 +0000

Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed to item names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 2) Input passed to contact views is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 3) Input passed to unspecified input is not properly sanitised before being returned to the user in the add event screen. This can be exploited to execute arbitrary HTML and script code in a user's browser session in contact of an affected site.Vulnerable version: 1.1-1kalgan1, Unaffected version: 1.1.1-1kalgan1, CVEs: There is no CVE for this issue, see http://lists.horde.org/archives/announce/2008/000420.html.

Security announcements: FSA480 - exiv2

Wed, 25 Jun 2008 22:00:00 +0000

A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash an application using the library. The vulnerability is caused due to a floating point exception within the pretty printing functionality when processing certain Nicon camera lens information. This can be exploited to crash an application linked against the Exiv2 library when a image containing specially-crafted metadata is processed.Vulnerable version: 0.16-1, Unaffected version: 0.16-2kalgan1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2696

Security announcements: FSA479 - kernel

Mon, 23 Jun 2008 22:00:00 +0000

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error within the ASN.1 BER decoder of the cifs and ip_nat_snmp_basic modules when calculating the buffer size. This can be exploited to cause a crash or potentially execute arbitrary code by sending specially crafted BER encoded data to a vulnerable system.Vulnerable version: 2.6.24-4kalgan2, Unaffected version: 2.6.24-4kalgan3, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673

Frugalware News: Frugalware Newsletter Issue 26

Sat, 21 Jun 2008 12:51:35 +0000

The newsletter's aim is to keep you up to date with what's happened recently in the world of Frugalware.
Features of this issue include:

Frugalware's developers are people too! - Devil505
Tips and tricks - Get a better looking "man"
Priyank is back!

You can read it here. We hope you like it!

Miklos: non-public scm for free software

Mon, 16 Jun 2008 09:40:25 +0000

i find it really interesting that some people think that the scm for free software doesn't matter that much. just think about the "open"suse buildscripts, where the svn (in which they are tracked) is closed, or about "free"bsd, where the perforce repos (where _real_ development happens) is not checkoutable anonymously.

and no, i'm not rms who says you must use a free scm to develop free software, i just think a public access to it would be nice.

of course there are other projects like archlinux as well (no anonsvn), but i didn't wanted to start with it, since this post is not (just) about distro war..

ah and yes, the best of these is Debian where many maintainer use just a single huge generated diff and the real scm where they develop such diffs isn't public, either.

(finally a bad example is Ubuntu where the whole webapp behind the distro where all the bzr code and bugs are stored is closed source as well.)

so at the end it'll turn out that we're more free, without having any "open" or "free" in our name, without having a frugalware-legal@ and such?

Miklos: new in git-1.5.6: git cvsexportcommit -W

Sat, 14 Jun 2008 01:38:47 +0000

git-1.5.6 will be released soon (probably in a few weeks) and there are some interesting news in it.

one of them is the new git cvsimport -W switch which makes it easy to do bi-directional changes between git and cvs.

to set up your local repo:

$ CVSROOT=$URL cvs co module
$ cd module
$ git cvsimport

this will do a fresh checkout of the cvs module and will import it to git. you will have two interesting git branch: origin is the "reference" one, you should not touch it, and you can work in master.

you can commit to master, etc.

then there are two tricky operations:

first, you may want to commit back your local commits.

to do this:

$ for i in $(git rev-list --reverse origin..master)
do
        git cvsexportcommit -W -c -p -u $i
done

second, you may want to fetch upstream changes and rebase your local changes on top of them:

$ git cvsimport -i
$ git rebase origin

that's all.

cookies goes to Dscho in commit d775734.

Security announcements: FSA478 - xdvik