It is currently Sun May 19, 2013 1:38 am

View unanswered posts | View active topics


Board index » Zenwalk Linux » Security and Monitoring

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 5 posts ] 
  Print view Previous topic | Next topic 
Author Message
infwonder
 Post subject: [Fixed]CVE-2008-1568 (comix)
PostPosted: Wed Apr 02, 2008 12:54 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1253
Location: Taiwan
This one was also seen at debian bugtracker. Its severity is rated as "high" by debian as well as NVD.

debian bug 462840:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840

NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1568

CVE-2008-1568 wrote:
comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.


There is no patch released so far, I'll post it here when it's out.

This version of comix is in both our CURRENT and SNAPSHOT repos.

!8! !8!


Last edited by infwonder on Thu Apr 17, 2008 12:43 am, edited 1 time in total.

 Profile Send private message  
 
infwonder
 Post subject: Re: [CVE-2008-1568] comix == 3.6.4, arbitrary code execution
PostPosted: Sat Apr 05, 2008 5:38 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1253
Location: Taiwan
A patch has been issued by debian and can be accessed from the debian link in the first post.

I've downloaded and checked the patch, I think we can apply it to comix source by removing some debian specific fixes in the patch.
 Profile Send private message  
 
bipbip
 Post subject: Re: [CVE-2008-1568] comix == 3.6.4, arbitrary code execution
PostPosted: Sat Apr 05, 2008 10:27 am 
Global Moderator
Global Moderator
User avatar

Joined: Mon Apr 10, 2006 12:43 pm
Posts: 4727
Location: Ath (Belgium)
Who package comix ?
I try to find in the wiki but ... nothing ???
 Profile Send private message  
 
gapan
 Post subject: Re: [CVE-2008-1568] comix == 3.6.4, arbitrary code execution
PostPosted: Sat Apr 05, 2008 11:01 am 

That should be godane. At least he's the one that FIFOed the comix package that is in the repos now.
  
 
bipbip
 Post subject: Re: [CVE-2008-1568] comix == 3.6.4, arbitrary code execution
PostPosted: Wed Apr 16, 2008 7:40 pm 
Global Moderator
Global Moderator
User avatar

Joined: Mon Apr 10, 2006 12:43 pm
Posts: 4727
Location: Ath (Belgium)
New version available on the repo ;)
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 5 posts ] 

Board index » Zenwalk Linux » Security and Monitoring

All times are UTC


 Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
 
cron

Copyright © 2005-2009 Zenwalk.org. http://www.zenwalk.org/ • The information on this website may not be reproduced, republished or mirrored on another webpage or website without explicit permission of the Zenwalk project.