FrSIRT - Fedora Security Update Fixes Liferea "LD_LIBRARY_PATH" Weakness / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Liferea "LD_LIBRARY_PATH" Weakness

Title : Fedora Security Update Fixes Liferea "LD_LIBRARY_PATH" Weakness
Advisory ID : FrSIRT/ADV-2007-4050
CVE ID : CVE-2005-4791
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-12-03

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by local attackers to potentially obtain elevated privileges [...]

Solution

Upgrade the affected packages :

7d70d4d53654566bb49b71800bba80827a8447c8 liferea-1.4.8-1.fc7.ppc64.rpm
ad575a6bd9fbbe1c6528c239deab4a9b8f822cea liferea-debuginfo-1.4.8-1.fc7.ppc64.rpm
f41dcd639ca00c069a57fa8eff2a854e6d84d2b6 liferea-1.4.8-1.fc7.i386.rpm
527faadb676d7329ba30e19ae44926c73b16585d liferea-debuginfo-1.4.8-1.fc7.i386.rpm
0f5b2d06c07483d61a64f237bd2b3212319914b9 liferea-1.4.8-1.fc7.x86_64.rpm
67d8ea32b5f1956ee819fca55d493e3177026ceb liferea-debuginfo-1.4.8-1.fc7.x86_64.rpm
2e5dadafde386e7a1424ac974d3c416be9488e86 liferea-debuginfo-1.4.8-1.fc7.ppc.rpm
451044f4d520b7c784663725b0e001daabbff13b liferea-1.4.8-1.fc7.ppc.rpm
1b774b778b1451804a1989840c9ec050ffa9b4b8 liferea-1.4.8-1.fc7.src.rpm

18d663f2be743581a1614b73b86c36d7160d5d36 liferea-1.4.8-1.fc8.ppc64.rpm
e1917a5fadb403a57a131e6145954cb951a5e6c9 liferea-debuginfo-1.4.8-1.fc8.ppc64.rpm
b8a7755711e3d20667d01b3f08e6bb5f46ef1cd2 liferea-1.4.8-1.fc8.i386.rpm
ce5ded6faf03ba4d072e8d4a3299f0280dd24049 liferea-debuginfo-1.4.8-1.fc8.i386.rpm
9f943e7da4853a9739b9a3a476d7facda8efd542 liferea-1.4.8-1.fc8.x86_64.rpm
49acae362d65dc5e224c23685627bfb3b350dfc4 liferea-debuginfo-1.4.8-1.fc8.x86_64.rpm
69d1f80def315c0f81b7aaba61670eb1c420222d liferea-1.4.8-1.fc8.ppc.rpm
97fafb78f9aeaf81c8bb2d8c4552d9cf5a7ae0b9 liferea-debuginfo-1.4.8-1.fc8.ppc.rpm
066ef3139ae7dce4c2e98ba3d0bcaa1a4161bfc4 liferea-1.4.8-1.fc8.src.rpm

ChangeLog

2007-12-03 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerability
	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Firefox Unspecified Remote Command Execution Vulnerability
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability
	Microsoft Internet Explorer "location" Cross-Domain Scripting Issue
	Microsoft Windows PGM Remote Denial of Service Vulnerability (MS08-036)
	Microsoft Active Directory Remote Denial of Service (MS08-035)
	Microsoft Windows WINS Local Privilege Escalation Vulnerability (MS08-034)
	Microsoft Windows DirectX Remote Code Execution (MS08-033)
	Microsoft Windows Speech API Remote Code Execution (MS08-032)