French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Fedora Security Update Fixes Tomboy Untrusted Search Path Issue

Title : Fedora Security Update Fixes Tomboy Untrusted Search Path Issue
Advisory ID : FrSIRT/ADV-2007-3834
CVE ID : CVE-2005-4790
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-11-12

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Fedora, which could be exploited by local attackers to potentially obtain elevated privileges [...]

Solution

Upgrade the affected packages :

721ad30740b7669657baa94234f887bc41414b73 tomboy-0.6.1-2.fc7.i386.rpm
0216e31427454b2e07d1ec81ef55b148a899eb7e tomboy-debuginfo-0.6.1-2.fc7.i386.rpm
6732454fba9836cab0b44fb82b1ee4aa8e414916 tomboy-0.6.1-2.fc7.x86_64.rpm
4f0b7427798adb47a54a34f4b9e96a3ef3ca575e tomboy-debuginfo-0.6.1-2.fc7.x86_64.rpm
3b6fe061bf9542ae991df8eb1b92f416f2a05962 tomboy-debuginfo-0.6.1-2.fc7.ppc.rpm
499d72c90787d6583da815c1c00a7da72b94f005 tomboy-0.6.1-2.fc7.ppc.rpm
440e92c0bccceda2e77fdcd8cc90a0a1228ca2c7 tomboy-0.6.1-2.fc7.src.rpm

ChangeLog

2007-11-12 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

Cisco Products SNMPv3 Authentication Packets Vulnerabilities

Cisco PIX and ASA Security Bypass and Denial of Service

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability

IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability

IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability

IBM Hardware Management Console Cross Site Scripting Vulnerabilities

IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability

IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy