different sensors like snort or nepenthes, log files from hostapd etc.
work mostly done before and during c2k6;
initially discussed with reyk@ and sturm@ , help and inputs msf@ alek@;
ok alek@
implementation of split() function in NASL, leading to consume a large
amount of CPU and memory resources before crashing. A solution is to
check for zero-length sep parameters.
CVE-2006-2093;
from ubuntu linux;
ok sturm@
This release improves virus detection and fixes zip handling on 64-bit
architectures.
SECURITY
This release fixes a possible security problem in freshclam.
See http://www.clamav.net/security/0.88.2.html for a full security report.
Versions of this module prior to 2.17 were incorrectly
using 8 byte IVs when generating the old-style RandomIV style header
(as opposed to the new-style random salt header). This affects data
encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
and is a significant security issue.
The bug has been corrected in versions 2.17 and higher by making it
impossible to use 16-byte block ciphers with RandomIV headers. You may
still read legacy encrypted data by explicitly passing the
-insecure_legacy_decrypt option to Crypt::CBC->new().
from gnupg.org:
Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature. Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.
The security issue is caused due to "gpgv" exiting with a return code
of 0 even if the detached signature file did not carry any signature.
This may result in certain scripts that use "gpgv" to conclude that
the signature is correctly verified.
More info: http://secunia.com/advisories/18845/
ok bernd@ pvalchev@
memory if swap encryption is disabled. (It's enabled by default.)
This supersedes pkg/MESSAGE.
Regen patches with update-patches while I'm here. Bump PKGNAME.
idea and ok espie@