[FEDORA-2007-0001] Fedora 7: mutt, libpng10, jasper, libexif, devhelp & 2 more

Severity High

Affected Packages 7

CVEs 12

This update fixes two security issues:

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558)

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. (CVE-2007-2683)

Package	Affected Version
pkg:rpm/fedora/yelp?distro=fedora-7	< 2.18.1.4.fc7
pkg:rpm/fedora/mutt?distro=fedora-7	< 1.5.14.4.fc7
pkg:rpm/fedora/libpng10?distro=fedora-7	< 1.0.26.1.fc7.1
pkg:rpm/fedora/libexif?distro=fedora-7	< 0.6.15.1.fc7
pkg:rpm/fedora/jasper?distro=fedora-7	< 1.900.1.2.fc7
pkg:rpm/fedora/firefox?distro=fedora-7	< 2.0.0.4.1.fc7
pkg:rpm/fedora/devhelp?distro=fedora-7	< 0.13.8.fc7

ID

FEDORA-2007-0001

Severity

high

Severity from

CVE-2007-2645

URL

https://bodhi.fedoraproject.org/updates/FEDORA-2007-0001

Published

2007-05-31T18:07:48
(17 years ago)

Modified

2007-05-31T18:07:48
(17 years ago)

Rights

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/fedora/yelp?distro=fedora-7	fedora	yelp	< 2.18.1.4.fc7	fedora-7
Affected	pkg:rpm/fedora/mutt?distro=fedora-7	fedora	mutt	< 1.5.14.4.fc7	fedora-7
Affected	pkg:rpm/fedora/libpng10?distro=fedora-7	fedora	libpng10	< 1.0.26.1.fc7.1	fedora-7
Affected	pkg:rpm/fedora/libexif?distro=fedora-7	fedora	libexif	< 0.6.15.1.fc7	fedora-7
Affected	pkg:rpm/fedora/jasper?distro=fedora-7	fedora	jasper	< 1.900.1.2.fc7	fedora-7
Affected	pkg:rpm/fedora/firefox?distro=fedora-7	fedora	firefox	< 2.0.0.4.1.fc7	fedora-7
Affected	pkg:rpm/fedora/devhelp?distro=fedora-7	fedora	devhelp	< 0.13.8.fc7	fedora-7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date