English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59890
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2007-3792 (blam)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to blam
announced via advisory FEDORA-2007-3792.

Blam is a tool that helps you keep track of the growing
number of news feeds distributed as RSS. Blam lets you
subscribe to any number of feeds and provides an easy to
use and clean interface to stay up to date

Update Information:

This update resolves a low severity security issue where LD_LIBRARY_PATH could potentially get set to the current directory if it wasn't set before Blam was launched.
ChangeLog:

* Thu Nov 22 2007 Peter Gordon - 1.8.3-9
- Fix CVE-2005-4790 (bug 252294).
* Wed Nov 21 2007 Peter Gordon - 1.8.3-8
- Rebuild for new Gecko (Firefox 2.0.0.9).
* Wed Oct 24 2007 Peter Gordon - 1.8.3-7
- Rebuild for updated Gecko libraries (Firefox 2.0.0.8)
* Fri Aug 17 2007 Peter Gordon - 1.8.3-6
- Add gnome-sharp and mono-web runtime dependencies
fixes bugs 282331 (Blam
does not open links with commas correctly) and 277561 (Blam does nothing
useful).
- Update License tag in accordance with new guidelines.
* Wed Jul 18 2007 Peter Gordon - 1.8.3-5
- Rebuild for newer Gecko libraries (Firefox 2.0.0.5)
- Depend on the gecko-libs and gecko-devel virtuals, instead of querying RPM
at build-time (Thanks to Chris Aillon for the fix.)
- Alphabetize dependencies, and other minor aesthetic-only spec changes.
* Wed May 30 2007 Peter Gordon - 1.8.3-4
- Rebuild for newer Gecko libraries (Firefox 2.0.0.4)
- Add a patch to fix the default theme directory search path to prevent crashes
at startup (fixes bug 241465):
+ fix-THEME_DIR-path.patch
References:

[ 1 ] Bug #395751 - CVE-2005-4790 tomboy includes CWD in LD_LIBRARY_PATH [f7]
https://bugzilla.redhat.com/show_bug.cgi?id=395751
[ 2 ] Bug #393691 - blam blocks firefox update to 2.0.0.9
https://bugzilla.redhat.com/show_bug.cgi?id=393691
Updated packages:

7bc7f1f01d672abaa13f4a2e4c02a8c01a1f1c2e blam-1.8.3-9.fc7.i386.rpm
0c9aa73347873be18fca0e9d0accd8a31634fa34 blam-debuginfo-1.8.3-9.fc7.i386.rpm
5a05537c6b4aabccd52ec6c308bee3015acb9918 blam-debuginfo-1.8.3-9.fc7.x86_64.rpm
5cc7d651d09410b957605518285581434fe6f626 blam-1.8.3-9.fc7.x86_64.rpm
1c89824bf2ccc11c11406acb32cb3c3d126eaeb2 blam-1.8.3-9.fc7.ppc.rpm
b10961d8e75d2716a1c145667ff753e7717df80f blam-debuginfo-1.8.3-9.fc7.ppc.rpm
4413684e045f0c2fa88816ce4fce6064e11bf91a blam-1.8.3-9.fc7.src.rpm

This update can be installed with the yum update program. Use
su -c 'yum update blam'
at the command line. For more information, refer to Managing Software
with yum, available at http://docs.fedoraproject.org/yum/.

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Solution: Apply the appropriate updates.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-3792

Risk factor : High

CVSS Score:
6.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-4790
BugTraq ID: 25341
http://www.securityfocus.com/bid/25341
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html
http://security.gentoo.org/glsa/glsa-200711-12.xml
http://security.gentoo.org/glsa/glsa-200801-14.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:064
http://bugs.gentoo.org/show_bug.cgi?id=188806
http://osvdb.org/39577
http://osvdb.org/39578
http://secunia.com/advisories/26480
http://secunia.com/advisories/27608
http://secunia.com/advisories/27621
http://secunia.com/advisories/27799
http://secunia.com/advisories/28339
http://secunia.com/advisories/28672
SuSE Security Announcement: SUSE-SR:2005:022 (Google Search)
http://www.novell.com/linux/security/advisories/2005_22_sr.html
https://usn.ubuntu.com/560-1/
XForce ISS Database: tomboy-ldlibrarypath-privilege-escalation(36054)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36054
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.