[ GLSA 200808-12 ] Postfix: Local privilege escalation vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Postfix: Local privilege escalation vulnerability Date: August 14, 2008 Bugs: #232642 ID: 200808-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Postfix incorrectly checks the ownership of a mailbox, allowing, in certain circumstances, to append data to arbitrary files on a local system with root privileges. Background == Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mail-mta/postfix 2.5.3-r1 *= 2.4.7-r1 = 2.5.3-r1 Description === Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Impact == The combination of these features allows a local attacker to hardlink a root-owned symlink such that the newly created symlink would be root-owned and would point to a regular file (or another symlink) that would be written by the Postfix built-in local(8) or virtual(8) delivery agents, regardless the ownership of the final destination regular file. Depending on the write permissions of the spool mail directory, the delivery style, and the existence of a root mailbox, this could allow a local attacker to append a mail to an arbitrary file like /etc/passwd in order to gain root privileges. The default configuration of Gentoo Linux does not permit any kind of user privilege escalation. The second vulnerability (CVE-2008-2937) allows a local attacker, already having write permissions to the mail spool directory which is not the case on Gentoo by default, to create a previously nonexistent mailbox before Postfix creates it, allowing to read the mail of another user on the system. Workaround == The following conditions should be met in order to be vulnerable to local privilege escalation. * The mail delivery style is mailbox, with the Postfix built-in local(8) or virtual(8) delivery agents. * The mail spool directory (/var/spool/mail) is user-writeable. * The user can create hardlinks pointing to root-owned symlinks located in other directories. Consequently, each one of the following workarounds is efficient. * Verify that your /var/spool/mail directory is not writeable by a user. Normally on Gentoo, only the mail group has write access, and no end-user should be granted the mail group ownership. * Prevent the local users from being able to create hardlinks pointing outside of the /var/spool/mail directory, e.g. with a dedicated partition. * Use a non-builtin Postfix delivery agent, like procmail or maildrop. * Use the maildir delivery style of Postfix (home_mailbox=Maildir/ for example). Concerning the second vulnerability, check the write permissions of /var/spool/mail, or check that every Unix account already has a mailbox, by using Wietse Venema's Perl script available in the official advisory. Resolution == All Postfix users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-mta/postfix-2.5.3-r1 References == [ 1 ] CVE-2008-2936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936 [ 2 ] CVE-2008-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937 [ 3 ] Official Advisory http://article.gmane.org/gmane.mail.postfix.announce/110 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality
[ GLSA 200808-07 ] ClamAV: Multiple Denials of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: ClamAV: Multiple Denials of Service Date: August 08, 2008 Bugs: #204340, #227351 ID: 200808-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in ClamAV may result in a Denial of Service. Background == Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav 0.93.3 = 0.93.3 Description === Damian Put has discovered an out-of-bounds memory access while processing Petite files (CVE-2008-2713, CVE-2008-3215). Also, please note that the 0.93 ClamAV branch fixes the first of the two attack vectors of CVE-2007-6595 concerning an insecure creation of temporary files vulnerability. The sigtool attack vector seems still unfixed. Impact == A remote attacker could entice a user or automated system to scan a specially crafted Petite file, possibly resulting in a Denial of Service (daemon crash). Also, the insecure creation of temporary files vulnerability can be triggered by a local user to perform a symlink attack. Workaround == There is no known workaround at this time. Resolution == All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-antivirus/clamav-0.93.3 References == [ 1 ] CVE-2007-6595 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6595 [ 2 ] CVE-2008-2713 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713 [ 3 ] CVE-2008-3215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3215 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpUxA2w7aLss.pgp Description: PGP signature
[ GLSA 200808-08 ] stunnel: Security bypass
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: stunnel: Security bypass Date: August 08, 2008 Bugs: #222805 ID: 200808-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis stunnel does not properly prevent the authentication of a revoked certificate which would be published by OCSP. Background == The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP (Online Certificate Status Protocol), as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/stunnel4.24 = 4.24 Description === An unspecified bug in the OCSP search functionality of stunnel has been discovered. Impact == A remote attacker can use a revoked certificate that would be successfully authenticated by stunnel. This issue only concerns the users who have enabled the OCSP validation in stunnel. Workaround == There is no known workaround at this time. Resolution == All stunnel users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/stunnel-1.2.3 References == [ 1 ] CVE-2008-2420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2420 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpMa5ZIYCzFc.pgp Description: PGP signature
[ GLSA 200808-09 ] OpenLDAP: Denial of Service vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: OpenLDAP: Denial of Service vulnerability Date: August 08, 2008 Bugs: #230269 ID: 200808-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A flaw in OpenLDAP allows remote unauthenticated attackers to cause a Denial of Service. Background == OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-nds/openldap 2.3.43 = 2.3.43 Description === Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the ber_get_next() function in libraries/liblber/io.c. Impact == A remote unauthenticated attacker can send a specially crafted ASN.1 BER encoded packet which will trigger the error and cause an assert(), terminating the slapd daemon. Workaround == There is no known workaround at this time. Resolution == All OpenLDAP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-nds/openldap-2.3.43 References == [ 1 ] CVE-2008-2952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpo00YSKQIPM.pgp Description: PGP signature
[ GLSA 200804-12 ] gnome-screensaver: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: gnome-screensaver: Privilege escalation Date: April 11, 2008 Bugs: #213940 ID: 200804-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis gnome-screensaver allows local users to bypass authentication under certain configurations. Background == gnome-screensaver is a screensaver, designed to integrate with the Gnome desktop, that can replace xscreensaver. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 gnome-extra/gnome-screensaver 2.20.0-r3 = 2.20.0-r3 Description === gnome-screensaver incorrectly handles the results of the getpwuid() function in the file src/setuid.c when using directory servers (like NIS) during a network outage, a similar issue to GLSA 200705-14. Impact == A local user can crash gnome-xscreensaver by preventing network connectivity if the system uses a remote directory service for credentials such as NIS or LDAP, which will unlock the screen. Workaround == There is no known workaround at this time. Resolution == All gnome-screensaver users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =gnome-extra/gnome-screensaver-2.20.0-r3 References == [ 1 ] CVE-2008-0887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887 [ 2 ] GLSA 200705-14 http://www.gentoo.org/security/en/glsa/glsa-200705-14.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpXnfUBqAYeq.pgp Description: PGP signature
[ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sarg: Remote execution of arbitrary code Date: March 12, 2008 Bugs: #212208, #212731 ID: 200803-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Sarg is vulnerable to the execution of arbitrary code when processed with untrusted input files. Background == Sarg (Squid Analysis Report Generator) is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-analyzer/sarg2.2.5 = 2.2.5 Description === Sarg doesn't properly check its input for abnormal content when processing Squid log files. Impact == A remote attacker using a vulnerable Squid as a proxy server or a reverse-proxy server can inject arbitrary content into the User-Agent HTTP client header, that will be processed by sarg, which will lead to the execution of arbitrary code, or JavaScript injection, allowing Cross-Site Scripting attacks and the theft of credentials. Workaround == There is no known workaround at this time. Resolution == All sarg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/sarg-2.2.5 References == [ 1 ] CVE-2008-1167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1167 [ 2 ] CVE-2008-1168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1168 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpSQn8NAl9Sr.pgp Description: PGP signature
[ GLSA 200802-08 ] Boost: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Boost: Denial of Service Date: February 14, 2008 Bugs: #205955 ID: 200802-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities have been reported in Boost, each one possibly resulting in a Denial of Service. Background == Boost is a set of C++ libraries, including the Boost.Regex library to process regular expressions. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/boost 1.34.1-r2 = 1.34.1-r2 Description === Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perl_matcher_non_recursive.hpp (CVE-2008-0171) and a NULL pointer dereference in function get_repeat_type() file basic_regex_creator.hpp (CVE-2008-0172) when processing regular expressions. Impact == A remote attacker could provide specially crafted regular expressions to an application using Boost, resulting in a crash. Workaround == There is no known workaround at this time. Resolution == All Boost users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/boost-1.34.1-r2 References == [ 1 ] CVE-2008-0171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0171 [ 2 ] CVE-2008-0172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0172 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200802-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpaKAu5KDwOq.pgp Description: PGP signature
[ GLSA 200802-01 ] SDL_image: Two buffer overflow vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SDL_image: Two buffer overflow vulnerabilities Date: February 06, 2008 Bugs: #207933 ID: 200802-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two boundary errors have been identified in SDL_image allowing for the remote execution of arbitrary code or the crash of the application using the library. Background == SDL_image is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/sdl-image 1.2.6-r1 = 1.2.6-r1 Description === The LWZReadByte() function in file IMG_gif.c and the IMG_LoadLBM_RW() function in file IMG_lbm.c each contain a boundary error that can be triggered to cause a static buffer overflow and a heap-based buffer overflow. The first boundary error comes from some old vulnerable GD PHP code (CVE-2006-4484). Impact == A remote attacker can make an application using the SDL_image library to process a specially crafted GIF file or IFF ILBM file that will trigger a buffer overflow, resulting in the execution of arbitrary code with the permissions of the application or the application crash. Workaround == There is no known workaround at this time. Resolution == All SDL_image users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/sdl-image-1.2.6-r1 References == [ 1 ] SA28640 http://secunia.com/advisories/28640/ [ 2 ] CVE-2007-6697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6697 [ 3 ] CVE-2008-0544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0544 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200802-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpwprDexeyuV.pgp Description: PGP signature
[ GLSA 200801-17 ] Netkit FTP Server: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Netkit FTP Server: Denial of Service Date: January 29, 2008 Bugs: #199206 ID: 200801-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Netkit FTP Server contains a Denial of Service vulnerability. Background == net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-ftp/netkit-ftpd 0.17-r7 = 0.17-r7 Description === Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose() function call on an uninitialized stream in ftpd.c. Impact == A remote attacker can send specially crafted FTP data to a server with passive mode and SSL support, causing the ftpd daemon to crash. Workaround == Disable passive mode or SSL. Resolution == All Netkit FTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-ftp/netkit-ftpd-0.17-r7 References == [ 1 ] CVE-2007-6263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6263 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp3kvrTzGtcZ.pgp Description: PGP signature
[ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MaraDNS: CNAME Denial of Service Date: January 29, 2008 Bugs: #204351 ID: 200801-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis MaraDNS is prone to a Denial of Service vulnerability impacting CNAME resolution. Background == MaraDNS is a package that implements the Domain Name Service (DNS) with resolver and caching ability. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-dns/maradns 1.2.12.08 = 1.2.12.08 Description === Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name (CNAME) record from being resolved because of an improper rotation of resource records. Impact == A remote attacker could send specially crafted DNS packets to a vulnerable server, making it unable to resolve CNAME records. Workaround == Add max_ar_chain = 2 to the marac configuration file. Resolution == All MaraDNS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/maradns-1.2.12.09 References == [ 1 ] CVE-2008-0061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0061 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpiR0KHUqGdL.pgp Description: PGP signature
[ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PostgreSQL: Multiple vulnerabilities Date: January 29, 2008 Bugs: #204760 ID: 200801-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PostgreSQL contains multiple vulnerabilities that could result in privilege escalation or a Denial of Service. Background == PostgreSQL is an open source object-relational database management system. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-db/postgresql 8.0.15 = 8.0.15 *= 7.4.19 *= 7.3.21 Description === If using the expression indexes feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601). This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278. Impact == A remote authenticated attacker could send specially crafted queries containing complex regular expressions to the server that could result in a Denial of Service by a server crash (CVE-2007-4769), an infinite loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two other vulnerabilities can be exploited to gain additional privileges. Workaround == There is no known workaround for all these issues at this time. Resolution == All PostgreSQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-db/postgresql References == [ 1 ] CVE-2007-3278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278 [ 2 ] CVE-2007-4769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769 [ 3 ] CVE-2007-4772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 [ 4 ] CVE-2007-6067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067 [ 5 ] CVE-2007-6600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600 [ 6 ] CVE-2007-6601 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpeFU7FTBipc.pgp Description: PGP signature
[ GLSA 200710-31 ] Opera: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: October 30, 2007 Bugs: #196164 ID: 200710-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Opera contains multiple vulnerabilities, which may allow the execution of arbitrary code. Background == Opera is a multi-platform web browser. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/opera9.24 = 9.24 Description === Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients (CVE-2007-5541). David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly enforced (CVE-2007-5540). Impact == An attacker could potentially exploit the first vulnerability to execute arbitrary code with the privileges of the user running Opera by enticing a user to visit a specially crafted URL. Note that this vulnerability requires an external e-mail or newsgroup client configured in Opera to be exploitable. The second vulnerability allows an attacker to execute arbitrary script code in a user's browser session in context of other sites or the theft of browser credentials. Workaround == There is no known workaround at this time for all these vulnerabilities. Resolution == All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/opera-9.24 References == [ 1 ] CVE-2007-5540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5540 [ 2 ] CVE-2007-5541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5541 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-31.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgptN0ibPvUZ0.pgp Description: PGP signature
[ GLSA 200710-26 ] HPLIP: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: HPLIP: Privilege escalation Date: October 24, 2007 Bugs: #195565 ID: 200710-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The hpssd daemon might allow local attackers to execute arbitrary commands with root privileges. Background == The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System (CUPS) and Scanner Access Now Easy (SANE). Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-print/hplip 2.7.9-r1 *= 1.7.4a-r2 = 2.7.9-r1 Description === Kees Cook from the Ubuntu Security team discovered that the hpssd daemon does not correctly validate user supplied data before passing it to a popen3() call. Impact == A local attacker may be able to exploit this vulnerability by sending a specially crafted request to the hpssd daemon to execute arbitrary commands with the privileges of the user running hpssd, usually root. Workaround == There is no known workaround at this time. Resolution == All HPLIP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose net-print/hplip References == [ 1 ] CVE-2007-5208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-26.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgptYekQ6fXjm.pgp Description: PGP signature
[ GLSA 200710-27 ] ImageMagick: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ImageMagick: Multiple vulnerabilities Date: October 24, 2007 Bugs: #186030 ID: 200710-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in ImageMagick, possibly resulting in arbitrary code execution or a Denial of Service. Background == ImageMagick is a collection of tools and libraries for manipulating various image formats. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-gfx/imagemagick 6.3.5.10 = 6.3.5.10 Description === regenrecht reported multiple infinite loops in functions ReadDCMImage() and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an off-by-one error in the ReadBlobString() function (CVE-2007-4987). Impact == A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or an excessive CPU consumption. Note that applications relying on ImageMagick to process images can also trigger the vulnerability. Workaround == There is no known workaround at this time. Resolution == All ImageMagick users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-gfx/imagemagick-6.3.5.10 References == [ 1 ] CVE-2007-4985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985 [ 2 ] CVE-2007-4986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986 [ 3 ] CVE-2007-4987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987 [ 4 ] CVE-2007-4988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-27.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpAvE5E2WWKN.pgp Description: PGP signature
[ GLSA 200710-29 ] Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code Date: October 25, 2007 Bugs: #190104 ID: 200710-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A format string error has been discovered in Sylpheed and Claws Mail, potentially leading to the remote execution of arbitrary code. Background == Sylpheed and Claws Mail are two GTK based e-mail clients. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mail-client/sylpheed 2.4.5 = 2.4.5 2 mail-client/claws-mail3.0.0 = 3.0.0 --- 2 affected packages on all of their supported architectures. --- Description === Ulf Harnhammar from Secunia Research discovered a format string error in the inc_put_error() function in file src/inc.c. Impact == A remote attacker could entice a user to connect to a malicious POP server sending specially crafted replies, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Sylpheed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/sylpheed-2.4.5 All Claws Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/claws-mail-3.0.0 References == [ 1 ] CVE-2007-2958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-29.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpAB0moxEpQf.pgp Description: PGP signature
[ GLSA 200710-28 ] Qt: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Qt: Buffer overflow Date: October 25, 2007 Bugs: #192472 ID: 200710-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An off-by-one vulnerability has been discovered in Qt, possibly resulting in the execution of arbitrary code. Background == Qt is a cross-platform GUI framework, which is used e.g. by KDE. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-libs/qt 3.3.8-r4= 3.3.8-r4 Description === Dirk Mueller from the KDE development team discovered a boundary error in file qutfcodec.cpp when processing Unicode strings. Impact == A remote attacker could send a specially crafted Unicode string to a vulnerable Qt application, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Note that the boundary error is present but reported to be not exploitable in 4.x series. Workaround == There is no known workaround at this time. Resolution == All Qt 3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/qt-3.3.8-r4 References == [ 1 ] CVE-2007-4137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-28.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpDHYz1pFZYa.pgp Description: PGP signature
[ GLSA 200710-25 ] MLDonkey: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MLDonkey: Privilege escalation Date: October 24, 2007 Bugs: #189412 ID: 200710-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The Gentoo MLDonkey ebuild adds a user to the system with a valid login shell and no password. Background == MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-p2p/mldonkey 2.9.0-r3 = 2.9.0-r3 Description === The Gentoo MLDonkey ebuild adds a user to the system named p2p so that the MLDonkey service can run under a user with low privileges. This user is created with a valid login shell and no password. Impact == A remote attacker could log into a vulnerable system as the p2p user. This would require an installed login service that permitted empty passwords, such as SSH configured with the PermitEmptyPasswords yes option, a local login console, or a telnet server. Workaround == See Resolution. Resolution == Change the p2p user's shell to disallow login. For example, as root run the following command: # usermod -s /bin/false p2p NOTE: updating to the current MLDonkey ebuild will not remove this vulnerability, it must be fixed manually. The updated ebuild is to prevent this problem from occurring in the future. Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-25.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp6PWDWuud38.pgp Description: PGP signature
[ GLSA 200710-24 ] OpenOffice.org: Heap-based buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Heap-based buffer overflow Date: October 23, 2007 Bugs: #192818 ID: 200710-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A heap-based buffer overflow vulnerability has been discovered in OpenOffice.org, allowing for the remote execution of arbitrary code. Background == OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-office/openoffice2.3.0 = 2.3.0 2 app-office/openoffice-bin2.3.0 = 2.3.0 --- 2 affected packages on all of their supported architectures. --- Description === iDefense Labs reported that the TIFF parsing code uses untrusted values to calculate buffer sizes, which can lead to an integer overflow resulting in heap-based buffer overflow. Impact == A remote attacker could entice a user to open a specially crafted document, possibly leading to execution of arbitrary code with the privileges of the user running OpenOffice.org. Workaround == There is no known workaround at this time. Resolution == All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/openoffice-2.3.0 All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/openoffice-bin-2.3.0 References == [ 1 ] CVE-2007-2834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2834 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-24.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpEYYMRIbBme.pgp Description: PGP signature
[ GLSA 200710-21 ] TikiWiki: Arbitrary command execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TikiWiki: Arbitrary command execution Date: October 20, 2007 Bugs: #195503 ID: 200710-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Tikiwiki contains a command injection vulnerability which may allow remote execution of arbitrary code. Background == TikiWiki is an open source content management system written in PHP. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apps/tikiwiki 1.9.8.1 = 1.9.8.1 Description === ShAnKaR reported that input passed to the f array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions. Impact == An attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file. Workaround == There is no known workaround at this time. Resolution == All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/tikiwiki-1.9.8.1 References == [ 1 ] CVE-2007-5423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpSSEGQf5Tif.pgp Description: PGP signature
[ GLSA 200710-22 ] TRAMP: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: TRAMP: Insecure temporary file creation Date: October 20, 2007 Bugs: #194713 ID: 200710-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The TRAMP package for GNU Emacs insecurely creates temporary files. Background == TRAMP is a remote file editing package for GNU Emacs, a highly extensible and customizable text editor. Affected packages = --- Package / Vulnerable /Unaffected --- 1 app-emacs/tramp 2.1.10-r2 = 2.1.10-r2 * 2.1 Description === Stefan Monnier discovered that the tramp-make-tramp-temp-file() function creates temporary files in an insecure manner. Impact == A local attacker could create symbolic links in the directory where the temporary files are written, pointing to a valid file somewhere on the filesystem that is writable by the user running TRAMP. When TRAMP writes the temporary file, the target valid file would then be overwritten with the contents of the TRAMP temporary file. Workaround == There is no known workaround at this time. Resolution == All TRAMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-emacs/tramp-2.1.10-r2 References == [ 1 ] CVE-2007-5377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5377 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp3ACFOf9iQd.pgp Description: PGP signature
[ GLSA 200710-23 ] Star: Directory traversal vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Star: Directory traversal vulnerability Date: October 22, 2007 Bugs: #189690 ID: 200710-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A directory traversal vulnerability has been discovered in Star. Background == The Star program provides the ability to create and extract tar archives. Affected packages = --- Package/Vulnerable/Unaffected --- 1 app-arch/star 1.5_alpha84 = 1.5_alpha84 Description === Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the has_dotdot() function which does not identify //.. (slash slash dot dot) sequences in file names inside tar files. Impact == By enticing a user to extract a specially crafted tar archive, a remote attacker could extract files to arbitrary locations outside of the specified directory with the permissions of the user running Star. Workaround == There is no known workaround at this time. Resolution == All Star users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/star-1.5_alpha84 References == [ 1 ] CVE-2007-4134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4134 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-23.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp4hHcrlQDqW.pgp Description: PGP signature
[ GLSA 200710-20 ] PDFKit, ImageKits: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PDFKit, ImageKits: Buffer overflow Date: October 18, 2007 Bugs: #188185 ID: 200710-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PDFKit and ImageKits are vulnerable to an integer overflow and a stack overflow allowing for the user-assisted execution of arbitrary code. Background == PDFKit is a framework for rendering of PDF content in GNUstep applications. ImageKits is a collection of frameworks to support imaging in GNUstep applications. Affected packages = --- Package / Vulnerable / Unaffected --- 1 gnustep-libs/pdfkit= 0.9_pre062906 Vulnerable! 2 gnustep-libs/imagekits = 0.6Vulnerable! --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. --- 2 affected packages on all of their supported architectures. --- Description === Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in the XPDF code which PDFKit is based on. ImageKits also contains a copy of PDFKit. Impact == By enticing a user to view a specially crafted PDF file with a viewer based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == PDFKit and ImageKits are not maintained upstream, so the packages were masked in Portage. We recommend that users unmerge PDFKit and ImageKits: # emerge --unmerge gnustep-libs/pdfkit # emerge --unmerge gnustep-libs/imagekits As an alternative, users should upgrade their systems to use PopplerKit instead of PDFKit and Vindaloo instead of ViewPDF. References == [ 1 ] CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 [ 2 ] GLSA 200709-12 http://www.gentoo.org/security/en/glsa/glsa-200709-12.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-20.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp2UgEz9vPpN.pgp Description: PGP signature
[ GLSA 200710-18 ] util-linux: Local privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: util-linux: Local privilege escalation Date: October 18, 2007 Bugs: #195390 ID: 200710-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The mount and umount programs might allow local attackers to gain root privileges. Background == util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-apps/util-linux 2.12r-r8= 2.12r-r8 Description === Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Impact == A local attacker may be able to exploit this vulnerability by using mount helpers such as the mount.nfs program to gain root privileges and run arbitrary commands. Workaround == There is no known workaround at this time. Resolution == All util-linux users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-apps/util-linux-2.12r-r8 References == [ 1 ] CVE-2007-5191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp6rNxmwc31x.pgp Description: PGP signature
[ GLSA 200710-19 ] The Sleuth Kit: Integer underflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: The Sleuth Kit: Integer underflow Date: October 18, 2007 Bugs: #181977 ID: 200710-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer underflow vulnerability has been reported in The Sleuth Kit allowing for the user-assisted execution of arbitrary code. Background == The Sleuth Kit is a collection of file system and media management forensic analysis tools. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-forensics/sleuthkit2.0.9= 2.0.9 Description === Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Impact == A remote attacker could entice a user to run The Sleuth Kit on a file system containing a specially crafted file that would trigger a heap-based buffer overflow possibly leading to the execution of arbitrary code with the rights of the user running The Sleuth Kit. Workaround == There is no known workaround at this time. Resolution == All The Sleuth Kit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-forensics/sleuthkit-2.0.9 References == [ 1 ] CVE-2007-1536 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 [ 2 ] CVE-2007-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 [ 3 ] GLSA 200703-26 http://www.gentoo.org/security/en/glsa/glsa-200703-26.xml [ 4 ] GLSA 200705-25 http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpMJjBykP9vt.pgp Description: PGP signature
[ GLSA 200710-17 ] Balsa: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Balsa: Buffer overflow Date: October 16, 2007 Bugs: #193179 ID: 200710-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Balsa is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code. Background == Balsa is a highly configurable email client for GNOME. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 mail-client/balsa 2.3.20 = 2.3.20 Description === Evil Ninja Squirrel discovered a stack-based buffer overflow in the ir_fetch_seq() function when receiving a long response to a FETCH command (CVE-2007-5007). Impact == A remote attacker could entice a user to connect to a malicious or compromised IMAP server, possibly leading to the execution of arbitrary code with the rights of the user running Balsa. Workaround == There is no known workaround at this time. Resolution == All Balsa users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/balsa-2.3.20 References == [ 1 ] CVE-2007-5007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5007 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpUO2cwzcHsK.pgp Description: PGP signature
[ GLSA 200710-10 ] SKK Tools: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SKK Tools: Insecure temporary file creation Date: October 12, 2007 Bugs: #193121 ID: 200710-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis SKK insecurely creates temporary files. Background == SKK is a Japanese input method for Emacs. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-i18n/skktools 1.2-r1 = 1.2-r1 Description === skkdic-expr.c insecurely writes temporary files to a location in the form $TMPDIR/skkdic$PID.{pag,dir,db}, where $PID is the process ID. Impact == A local attacker could create symbolic links in the directory where the temporary files are written, pointing to a valid file somewhere on the filesystem that is writable by the user running the SKK software. When SKK writes the temporary file, the target valid file would then be overwritten with the contents of the SKK temporary file. Workaround == There is no known workaround at this time. Resolution == All SKK Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-i18n/skktools-1.2-r1 References == [ 1 ] CVE-2007-3916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3916 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpnH0KCtpa7Q.pgp Description: PGP signature
[ GLSA 200710-02 ] PHP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: October 07, 2007 Bugs: #179158, #180556, #191034 ID: 200710-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background == PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/php 5.2.4_p20070914-r2 = 5.2.4_p20070914-r2 Description === Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows (CVE-2007-3996). Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow (CVE-2007-2872). Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow (CVE-2007-4661 and CVE-2007-4660). A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly (CVE-2007-1887). Stefan Esser discovered an error in the zend_alter_ini_entry() function handling a memory_limit violation (CVE-2007-4659). Stefan Esser also discovered a flaw when handling interruptions with userspace error handlers that can be exploited to read arbitrary heap memory (CVE-2007-1883). Disclosure of sensitive memory can also be triggered due to insufficient boundary checks in the strspn() and strcspn() functions, an issue discovered by Mattias Bengtsson and Philip Olausson (CVE-2007-4657) Stefan Esser reported incorrect validation in the FILTER_VALIDATE_EMAIL filter of the Filter extension allowing arbitrary email header injection (CVE-2007-1900). NOTE: This CVE was referenced, but not fixed in GLSA 200705-19. Stanislav Malyshev found an error with unknown impact in the money_format() function when processing %i and %n tokens (CVE-2007-4658). zatanzlatan reported a buffer overflow in the php_openssl_make_REQ() function with unknown impact when providing a manipulated SSL configuration file (CVE-2007-4662). Possible memory corruption when trying to read EXIF data in exif_read_data() and exif_thumbnail() occurred with unknown impact. Several vulnerabilities that allow bypassing of open_basedir and other restrictions were reported, including the glob() function (CVE-2007-4663), the session_save_path(), ini_set(), and error_log() functions which can allow local command execution (CVE-2007-3378), involving the readfile() function (CVE-2007-3007), via the Session extension (CVE-2007-4652), via the MySQL extension (CVE-2007-3997) and in the dl() function which allows loading extensions outside of the specified directory (CVE-2007-4825). Multiple Denial of Service vulnerabilities were discovered, including a long library parameter in the dl() function (CVE-2007-4887), in several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783), in the setlocale() function (CVE-2007-4784), in the glob() and fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point exception in the wordwrap() function (CVE-2007-3998), a stack exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop caused by a specially crafted PNG image in the png_read_info() function of libpng (CVE-2007-2756) and several issues related to array conversion. Impact == Remote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. Workaround == There is no known workaround at this time. Resolution == All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/php-5.2.4_p20070914-r2 References == [ 1 ] CVE-2007-1883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1883 [ 2 ] CVE-2007-1887
[ GLSA 200710-04 ] libsndfile: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsndfile: Buffer overflow Date: October 07, 2007 Bugs: #192834 ID: 200710-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in libsndfile. Background == libsndfile is a library for reading and writing various formats of audio files including WAV and FLAC. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-libs/libsndfile 1.0.17-r1 = 1.0.17-r1 Description === Robert Buchholz of the Gentoo Security team discovered that the flac_buffer_copy() function does not correctly handle FLAC streams with variable block sizes which leads to a heap-based buffer overflow (CVE-2007-4974). Impact == A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted FLAC file or network stream with an application using libsndfile. This might lead to the execution of arbitrary code with privileges of the user playing the file. Workaround == There is no known workaround at this time. Resolution == All libsndfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libsndfile-1.0.17-r1 References == [ 1 ] CVE-2007-4974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4974 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpHamc9Hvqaj.pgp Description: PGP signature
[ GLSA 200710-07 ] Tk: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tk: Buffer overflow Date: October 07, 2007 Bugs: #192539 ID: 200710-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in Tk. Background == Tk is a toolkit for creating graphical user interfaces. Affected packages = --- Package / Vulnerable /Unaffected --- 1 dev-lang/tk 8.4.15-r1 = 8.4.15-r1 Description === Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Impact == A remote attacker could entice a user to open a specially crafted GIF image with a Tk-based software, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Tk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/tk-8.4.15-r1 References == [ 1 ] CVE-2007-4851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4851 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpvmTT1VD4xO.pgp Description: PGP signature
[ GLSA 200709-18 ] Bugzilla: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Bugzilla: Multiple vulnerabilities Date: September 30, 2007 Bugs: #190112 ID: 200709-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Bugzilla contains several vulnerabilities, some of them possibly leading to the remote execution of arbitrary code. Background == Bugzilla is a web application designed to help with managing software development. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apps/bugzilla3.0.1*= 2.20.5 *= 2.22.3 = 3.0.1 Description === Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the buildid parameter when filing bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla 2.23.3 or later, hence the stable Gentoo Portage tree does not contain these two vulnerabilities: Loic Minier reported that the Email::Send::Sendmail() function does not properly sanitise from email information before sending it to the -f parameter of /usr/sbin/sendmail (CVE-2007-4538), and Frédéric Buclin discovered that the XML-RPC interface does not correctly check permissions in the time-tracking fields (CVE-2007-4539). Impact == A remote attacker could trigger the buildid vulnerability by sending a specially crafted form to Bugzilla, leading to a persistent XSS, thus allowing for theft of credentials. With Bugzilla 2.23.3 or later, an attacker could also execute arbitrary code with the permissions of the web server by injecting a specially crafted from email address and gain access to normally restricted time-tracking information through the XML-RPC service. Workaround == There is no known workaround at this time. Resolution == All Bugzilla users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose www-apps/bugzilla References == [ 1 ] CVE-2007-4538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4538 [ 2 ] CVE-2007-4539 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4539 [ 3 ] CVE-2007-4543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4543 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgprrcEd8MaXM.pgp Description: PGP signature
[ GLSA 200709-17 ] teTeX: Multiple buffer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: teTeX: Multiple buffer overflows Date: September 27, 2007 Bugs: #170861, #182055, #188172 ID: 200709-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in teTeX, allowing for user-assisted execution of arbitrary code. Background == teTeX is a complete TeX distribution for editing documents. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-text/tetex 3.0_p1-r4 = 3.0_p1-r4 Description === Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable (CVE-2007-0650). Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf (CVE-2007-3387). Impact == A remote attacker could entice a user to process a specially crafted PNG, GIF or PDF file, or to execute makeindex on an overly long filename. In both cases, this could lead to the remote execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All teTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/tetex-3.0_p1-r4 References == [ 1 ] CVE-2007-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0650 [ 2 ] CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 [ 3 ] GLSA-200708-05 http://www.gentoo.org/security/en/glsa/glsa-200708-05.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpdALpWaqQ4l.pgp Description: PGP signature
[ GLSA 200709-15 ] BEA JRockit: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BEA JRockit: Multiple vulnerabilities Date: September 23, 2007 Bugs: #190686 ID: 200709-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code. Background == BEA JRockit provides tools, utilities, and a complete runtime environment for developing and running applications using the Java programming language. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 dev-java/jrockit-jdk-bin 1.5.0.11_p1= 1.5.0.11_p1 Description === An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Impact == A remote attacker could trigger the integer overflow to execute arbitrary code or crash the JVM through a specially crafted file. Also, an attacker could perform unauthorized actions via an applet that grants certain privileges to itself because of the font parsing vulnerability. The error when processing XSLT stylesheets can be exploited to execute arbitrary code. Other vulnerabilities could lead to establishing restricted network connections to certain services, Cross Site Scripting and Denial of Service attacks. Workaround == There is no known workaround at this time for all these vulnerabilities. Resolution == All BEA JRockit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/jrockit-jdk-bin-1.5.0.11_p1 References == [ 1 ] CVE-2007-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 [ 2 ] CVE-2007-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 [ 3 ] CVE-2007-3004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004 [ 4 ] CVE-2007-3005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3005 [ 5 ] CVE-2007-3503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3503 [ 6 ] CVE-2007-3698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698 [ 7 ] CVE-2007-3716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716 [ 8 ] CVE-2007-3922 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3922 [ 9 ] CVE-2007-4381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpgLu89JUX4J.pgp Description: PGP signature
[ GLSA 200709-13 ] rsync: Two buffer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: rsync: Two buffer overflows Date: September 20, 2007 Bugs: #189132 ID: 200709-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two user-assisted buffer overflow vulnerabilities have been discovered in rsync. Background == rsync is a file transfer program to keep remote directories synchronized. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/rsync 2.6.9-r3 = 2.6.9-r3 Description === Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function f_name() in file sender.c when processing overly long directory names. Impact == A remote attacker could entice a user to synchronize a repository containing specially crafted directories, leading to the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/rsync-2.6.9-r3 References == [ 1 ] CVE-2007-4091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp7cLIkfdLVk.pgp Description: PGP signature
[ GLSA 200709-12 ] Poppler: Two buffer overflow vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Poppler: Two buffer overflow vulnerabilities Date: September 19, 2007 Bugs: #188863 ID: 200709-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Poppler is vulnerable to an integer overflow and a stack overflow. Background == Poppler is a cross-platform PDF rendering library originally based on Xpdf. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-text/poppler 0.5.4-r2 = 0.5.4-r2 Description === Poppler and Xpdf are vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function, and a stack overflow in the StreamPredictor::getNextLine function. The original vulnerability was discovered by Maurycy Prodeus. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Impact == By enticing a user to view a specially crafted program with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Poppler users should upgrade to the latest version of Poppler: # emerge --sync # emerge --ask --oneshot --verbose =app-text/poppler-0.5.4-r2 References == [ 1 ] CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpCR4K1IIiF4.pgp Description: PGP signature
[ GLSA 200709-11 ] GDM: Local Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: GDM: Local Denial of Service Date: September 18, 2007 Bugs: #187919 ID: 200709-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis GDM can be crashed by a local user, preventing it from managing future displays. Background == GDM is the GNOME display manager. Affected packages = --- Package / Vulnerable / Unaffected --- 1 gnome-base/gdm 2.18.4= 2.18.4 *= 2.16.7 Description === The result of a g_strsplit() call is incorrectly parsed in the files daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and gui/gdmflexiserver.c, allowing for a null pointer dereference. Impact == A local user could send a crafted message to /tmp/.gdm_socket that would trigger the null pointer dereference and crash GDM, thus preventing it from managing future displays. Workaround == Restrict the write permissions on /tmp/.gdm_socket to trusted users only after each GDM restart. Resolution == All GDM users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose gnome-base/gdm References == [ 1 ] CVE-2007-3381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3381 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp21fuCRyNnf.pgp Description: PGP signature
[ GLSA 200709-10 ] PhpWiki: Authentication bypass
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: PhpWiki: Authentication bypass Date: September 18, 2007 Bugs: #181692 ID: 200709-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in PhpWiki authentication mechanism. Background == PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/phpwiki 1.3.14 = 1.3.14 Description === The PhpWiki development team reported an authentication error within the file lib/WikiUser/LDAP.php when binding to an LDAP server with an empty password. Impact == A remote attacker could provide an empty password when authenticating. Depending on the LDAP implementation used, this could bypass the PhpWiki authentication mechanism and grant the attacker access to the application. Workaround == There is no known workaround at this time. Resolution == All PhpWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/phpwiki-1.3.14 References == [ 1 ] CVE-2007-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3193 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpRXpF84itif.pgp Description: PGP signature
[ GLSA 200709-09 ] GNU Tar: Directory traversal vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU Tar: Directory traversal vulnerability Date: September 15, 2007 Bugs: #189682 ID: 200709-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A directory traversal vulnerability has been discovered in GNU Tar. Background == The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-arch/tar 1.18-r2= 1.18-r2 Description === Dmitry V. Levin discovered a directory traversal vulnerability in the contains_dot_dot() function in file src/names.c. Impact == By enticing a user to extract a specially crafted tar archive, a remote attacker could extract files to arbitrary locations outside of the specified directory with the permissions of the user running GNU Tar. Workaround == There is no known workaround at this time. Resolution == All GNU Tar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/tar-1.18-r2 References == [ 1 ] CVE-2007-4131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpGUh3B2tROe.pgp Description: PGP signature
[ GLSA 200709-05 ] RealPlayer: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: RealPlayer: Buffer overflow Date: September 14, 2007 Bugs: #183421 ID: 200709-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis RealPlayer is vulnerable to a buffer overflow allowing for execution of arbitrary code. Background == RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/realplayer 10.0.9= 10.0.9 Description === A stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats. Impact == By enticing a user to open a specially crafted SMIL (Synchronized Multimedia Integration Language) file, an attacker could be able to execute arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All RealPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/realplayer-10.0.9 References == [ 1 ] CVE-2007-3410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpETFhZaByej.pgp Description: PGP signature
[ GLSA 200709-06 ] flac123: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: flac123: Buffer overflow Date: September 14, 2007 Bugs: #186220 ID: 200709-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis flac123 is affected by a buffer overflow vulnerability, which could allow for the execution of arbitrary code. Background == flac123 is a command-line application for playing FLAC audio files. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/flac123 0.0.11 = 0.0.11 Description === A possible buffer overflow vulnerability has been reported in the local__vcentry_parse_value() function in vorbiscomment.c. Impact == An attacker could entice a user to play a specially crafted audio file, which could lead to the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All flac123 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/flac123-0.0.11 References == [ 1 ] CVE-2007-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3507 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpyejgNMndNW.pgp Description: PGP signature
[ GLSA 200709-02 ] KVIrc: Remote arbitrary code execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: KVIrc: Remote arbitrary code execution Date: September 13, 2007 Bugs: #183174 ID: 200709-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in KVIrc, allowing for the remote execution of arbitrary code. Background == KVIrc is a free portable IRC client based on Qt. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 net-irc/kvirc 3.2.6_pre20070714 = 3.2.6_pre20070714 Description === Stefan Cornelius from Secunia Research discovered that the parseIrcUrl() function in file src/kvirc/kernel/kvi_ircurl.cpp does not properly sanitise parts of the URI when building the command for KVIrc's internal script system. Impact == A remote attacker could entice a user to open a specially crafted irc:// URI, possibly leading to the remote execution of arbitrary code with the privileges of the user running KVIrc. Successful exploitation requires that KVIrc is registered as the default handler for irc:// or similar URIs. Workaround == There is no known workaround at this time. Resolution == All KVIrc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/kvirc-3.2.6_pre20070714 References == [ 1 ] CVE-2007-2951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpPAgcCzKsGC.pgp Description: PGP signature
[ GLSA 200709-04 ] po4a: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: po4a: Insecure temporary file creation Date: September 13, 2007 Bugs: #189440 ID: 200709-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in po4a, allowing for a symlink attack. Background == po4a is a set of tools for helping with the translation of documentation. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/po4a 0.32-r1 = 0.32-r1 Description === The po4a development team reported a race condition in the gettextize() function when creating the file /tmp/gettextization.failed.po. Impact == A local attacker could perform a symlink attack, possibly overwriting files with the permissions of the user running po4a. Workaround == There is no known workaround at this time. Resolution == All po4a users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/po4a-0.32-r1 References == [ 1 ] CVE-2007-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4462 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpkXWRcW66EU.pgp Description: PGP signature
[ GLSA 200709-03 ] Streamripper: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Streamripper: Buffer overflow Date: September 13, 2007 Bugs: #188698 ID: 200709-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in Streamripper, allowing for user-assisted execution of arbitrary code. Background == Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/streamripper 1.62.2 = 1.62.2 Description === Chris Rohlf discovered several boundary errors in the httplib_parse_sc_header() function when processing HTTP headers. Impact == A remote attacker could entice a user to connect to a malicious streaming server, resulting in the execution of arbitrary code with the privileges of the user running Streamripper. Workaround == There is no known workaround at this time. Resolution == All Streamripper users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/streamripper-1.62.2 References == [ 1 ] CVE-2007-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4337 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgppvab8SAoDx.pgp Description: PGP signature
[ GLSA 200708-16 ] Qt: Multiple format string vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Qt: Multiple format string vulnerabilities Date: August 22, 2007 Bugs: #185446 ID: 200708-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Format string vulnerabilities in Qt 3 may lead to the remote execution of arbitrary code in some Qt applications. Background == Qt is a cross-platform GUI framework, which is used e.g. by KDE. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-libs/qt 3.3.8-r3= 3.3.8-r3 Description === Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning() calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp. Impact == An attacker could trigger one of the vulnerabilities by causing a Qt application to parse specially crafted text, which may lead to the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All Qt 3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/qt-3* References == [ 1 ] CVE-2007-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpOpwvgzqX4w.pgp Description: PGP signature
[ GLSA 200708-17 ] Opera: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: August 22, 2007 Bugs: #185497, #188987 ID: 200708-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Opera contain several vulnerabilities, some of which may allow the execution of arbitrary code. Background == Opera is a multi-platform web browser. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/opera9.23 = 9.23 Description === An error known as a virtual function call on an invalid pointer has been discovered in the JavaScript engine (CVE-2007-4367). Furthermore, iDefense Labs reported that an already-freed pointer may be still used under unspecified circumstances in the BitTorrent support (CVE-2007-3929). At last, minor other errors have been discovered, relative to memory read protection (Opera Advisory 861) and URI displays (CVE-2007-3142, CVE-2007-3819). Impact == A remote attacker could trigger the BitTorrent vulnerability by enticing a user into starting a malicious BitTorrent download, and execute arbitrary code through unspecified vectors. Additionally, a specially crafted JavaScript may trigger the virtual function vulnerability. The JavaScript engine can also access previously freed but uncleaned memory. Finally, a user can be fooled with a too long HTTP server name that does not fit the dialog box, or a URI containing whitespaces. Workaround == There is no known workaround at this time for all these vulnerabilities. Resolution == All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/opera-9.23 References == [ 1 ] CVE-2007-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3142 [ 2 ] CVE-2007-3819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3819 [ 3 ] CVE-2007-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3929 [ 4 ] CVE-2007-4367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4367 [ 5 ] Opera Advisory 861 http://www.opera.com/support/search/view/861/ Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpEm5wdNTnmU.pgp Description: PGP signature
[ GLSA 200708-13 ] BIND: Weak random number generation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Weak random number generation Date: August 18, 2007 Bugs: #186556 ID: 200708-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The ISC BIND random number generator uses a weak algorithm, making it easier to guess the next query ID and perform a DNS cache poisoning attack. Background == ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-dns/bind 9.4.1_p1 = 9.4.1_p1 Description === Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries (CVE-2007-2926). Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options (CVE-2007-2925). Impact == A remote attacker can use this weakness by sending queries for a domain he handles to a resolver (directly to a recursive server, or through another process like an email processing) and then observing the resulting IDs of the iterative queries. The attacker will half the time be able to guess the next query ID, then perform cache poisoning by answering with those guessed IDs, while spoofing the UDP source address of the reply. Furthermore, with empty allow-recursion{} and allow-query{} options, the default configuration allowed anybody to make recursive queries and query the cache. Workaround == There is no known workaround at this time for the random generator weakness. The allow-recursion{} and allow-query{} options should be set to trusted hosts only in /etc/bind/named.conf, thus preventing several security risks. Resolution == All ISC BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/bind-9.4.1_p1 References == [ 1 ] CVE-2007-2925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 [ 2 ] CVE-2007-2926 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpzruY8lDGgY.pgp Description: PGP signature
[ GLSA 200708-11 ] Lighttpd: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Lighttpd: Multiple vulnerabilities Date: August 16, 2007 Bugs: #185442 ID: 200708-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Several vulnerabilities were reported in Lighttpd, most of them allowing a Denial of Service and potentially the remote execution of arbitrary code. Background == Lighttpd is a lightweight HTTP web server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/lighttpd 1.4.16 = 1.4.16 Description === Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the mod_auth and mod_scgi modules, and the limitation of active connections. Impact == A remote attacker can trigger any of these vulnerabilities by sending malicious data to the server, which may lead to a crash or memory exhaustion, and potentially the execution of arbitrary code. Additionally, access-deny settings can be evaded by appending a final / to a URL. Workaround == There is no known workaround at this time. Resolution == All Lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/lighttpd-1.4.16 References == [ 1 ] CVE-2007-3946 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3946 [ 2 ] CVE-2007-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3947 [ 3 ] CVE-2007-3948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3948 [ 4 ] CVE-2007-3949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3949 [ 5 ] CVE-2007-3950 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3950 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpNXtFHQdNfG.pgp Description: PGP signature
[ GLSA 200708-12 ] Wireshark: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple vulnerabilities Date: August 16, 2007 Bugs: #183520 ID: 200708-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Wireshark, allowing for the remote execution of arbitrary code and a Denial of Service. Background == Wireshark is a network protocol analyzer with a graphical front-end. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/wireshark 0.99.6= 0.99.6 Description === Wireshark doesn't properly handle chunked encoding in HTTP responses (CVE-2007-3389), iSeries capture files (CVE-2007-3390), certain types of DCP ETSI packets (CVE-2007-3391), and SSL or MMS packets (CVE-2007-3392). An off-by-one error has been discovered in the DHCP/BOOTP dissector when handling DHCP-over-DOCSIS packets (CVE-2007-3393). Impact == A remote attacker could send specially crafted packets on a network being monitored with Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running Wireshark which might be the root user, or a Denial of Service. Workaround == In order to prevent root compromise, take network captures with tcpdump and analyze them running Wireshark as a least privileged user. Resolution == All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/wireshark-0.99.6 References == [ 1 ] CVE-2007-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389 [ 2 ] CVE-2007-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390 [ 3 ] CVE-2007-3391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391 [ 4 ] CVE-2007-3392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392 [ 5 ] CVE-2007-3393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpZkSDzAwNa3.pgp Description: PGP signature
[ GLSA 200708-10 ] MySQL: Denial of Service and information leakage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Denial of Service and information leakage Date: August 16, 2007 Bugs: #185333 ID: 200708-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A Denial of Service vulnerability and a table structure information leakage vulnerability were found in MySQL. Background == MySQL is a popular multi-threaded, multi-user SQL server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/mysql 5.0.44 = 5.0.44 Description === Dormando reported a vulnerability within the handling of password packets in the connection protocol (CVE-2007-3780). Andrei Elkin also found that the CREATE TABLE LIKE command didn't require SELECT privileges on the source table (CVE-2007-3781). Impact == A remote unauthenticated attacker could use the first vulnerability to make the server crash. The second vulnerability can be used by authenticated users to obtain information on tables they are not normally able to access. Workaround == There is no known workaround at this time. Resolution == All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/mysql-5.0.44 References == [ 1 ] CVE-2007-3780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780 [ 2 ] CVE-2007-3781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp3LDZWG9E1s.pgp Description: PGP signature
[ GLSA 200708-09 ] Mozilla products: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: August 14, 2007 Bugs: #185737, #187205 ID: 200708-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted arbitrary remote code execution. Background == Mozilla Firefox is an open-source web browser from the Mozilla Project, and Mozilla Thunderbird an email client. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mozilla-firefox 2.0.0.6 = 2.0.0.6 2 mozilla-firefox-bin 2.0.0.6 = 2.0.0.6 3 mozilla-thunderbird 2.0.0.6 = 2.0.0.6 4 mozilla-thunderbird-bin 2.0.0.6 = 2.0.0.6 5 seamonkey 1.1.4= 1.1.4 6 seamonkey-bin 1.1.4= 1.1.4 7 xulrunner 1.8.1.6 = 1.8.1.6 --- 7 affected packages on all of their supported architectures. --- Description === Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers (CVE-2007-3738), a problem with event handlers executing elements outside of the document (CVE-2007-3737), and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects (CVE-2007-3656). Denials of Service involving corrupted memory were fixed in the browser engine (CVE-2007-3734) and the JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed (CVE-2007-3844). Impact == A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to perform cross-site scripting attacks, which could result in the exposure of sensitive information such as login credentials. Workaround == There is no known workaround at this time. Resolution == All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/mozilla-firefox-2.0.0.6 All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/mozilla-firefox-bin-2.0.0.6 All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/mozilla-thunderbird-2.0.0.6 All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/mozilla-thunderbird-bin-2.0.0.6 All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/seamonkey-1.1.4 All SeaMonkey binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/seamonkey-bin-1.1.4 All XULRunner users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-libs/xulrunner-1.8.1.6 References == [ 1 ] CVE-2007-3089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089 [ 2 ] CVE-2007-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656 [ 3 ] CVE-2007-3734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734 [ 4 ] CVE-2007-3735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735 [ 5 ] CVE-2007-3736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736 [ 6 ] CVE-2007-3737
[ GLSA 200708-06 ] Net::DNS: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Net::DNS: Multiple vulnerabilities Date: August 11, 2007 Bugs: #184029 ID: 200708-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in the Net::DNS Perl module, allowing for a Denial of Service and a cache poisoning attack. Background == Net::DNS is a Perl implementation of a DNS resolver. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-perl/Net-DNS0.60 = 0.60 Description === hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dn_expand() function which could lead to an endless loop. Impact == A remote attacker could send a specially crafted DNS request to the server which could result in a Denial of Service with an infinite recursion, or perform a cache poisoning attack. Workaround == There is no known workaround at this time. Resolution == All Net::DNS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-perl/Net-DNS-0.60 References == [ 1 ] CVE-2007-3377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3377 [ 2 ] CVE-2007-3409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpxDcwPpDJtp.pgp Description: PGP signature
[ GLSA 200708-08 ] SquirrelMail G/PGP plugin: Arbitrary code execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: SquirrelMail G/PGP plugin: Arbitrary code execution Date: August 11, 2007 Bugs: #185010 ID: 200708-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in SquirrelMail, allowing for the remote execution of arbitrary code. Background == SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mail-client/squirrelmail 1.4.10a-r2 = 1.4.10a-r2 Description === The functions deletekey(), gpg_check_sign_pgp_mime() and gpg_recv_key() used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact == An authenticated user could use the plugin to execute arbitrary code on the server, or a remote attacker could send a specially crafted e-mail to a SquirrelMail user, possibly leading to the execution of arbitrary code with the privileges of the user running the underlying web server. Note that the G/PGP plugin is disabled by default. Workaround == Enter the SquirrelMail configuration directory (/usr/share/webapps/squirrelmail/version/htdocs/config), then execute the conf.pl script. Select the plugins menu, then select the gpg plugin item number in the Installed Plugins list to disable it. Press S to save your changes, then Q to quit. Resolution == All SquirrelMail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/squirrelmail-1.4.10a-r2 References == [ 1 ] CVE-2005-1924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1924 [ 2 ] CVE-2006-4169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4169 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpyUY5YDLxgm.pgp Description: PGP signature
[ GLSA 200708-07 ] Xfce Terminal: Remote arbitrary code execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xfce Terminal: Remote arbitrary code execution Date: August 11, 2007 Bugs: #184886 ID: 200708-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in the Xfce Terminal program, allowing for the remote execution of arbitrary code. Background == Xfce Terminal is a console tool for the Xfce desktop environment. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 xfce-extra/terminal 0.2.6_p25931= 0.2.6_p25931 Description === Lasse Karkkainen discovered that the function terminal_helper_execute() in file terminal-helper.c does not properly escape the URIs before processing. Impact == A remote attacker could entice a user to open a specially crafted link, possibly leading to the remote execution of arbitrary code with the privileges of the user running Xfce Terminal. Note that the exploit code depends on the browser used to open the crafted link. Workaround == There is no known workaround at this time. Resolution == All Xfce Terminal users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =xfce-extra/terminal-0.2.6_p25931 References == [ 1 ] CVE-2007-3770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3770 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpfJri4sMifa.pgp Description: PGP signature
[ GLSA 200708-05 ] GD: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GD: Multiple vulnerabilities Date: August 09, 2007 Bugs: #179154 ID: 200708-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in GD, allowing for the execution of arbitrary code. Background == GD is a graphic library for fast image creation. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/gd 2.0.35 = 2.0.35 Description === Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file (CVE-2007-2756). An integer overflow has been discovered in the gdImageCreateTrueColor() function (CVE-2007-3472). An error has been discovered in the function gdImageCreateXbm() function (CVE-2007-3473). Unspecified vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). An error has been discovered when processing a GIF image that has no global color map (CVE-2007-3475). An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index (CVE-2007-3476). An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values (CVE-2007-3477). A race condition has been discovered in the gdImageStringFTEx() function (CVE-2007-3478). Impact == A remote attacker could exploit one of these vulnerabilities to cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running GD. Workaround == There is no known workaround at this time. Resolution == All GD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/gd-2.0.35 References == [ 1 ] CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 [ 2 ] CVE-2007-3472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472 [ 3 ] CVE-2007-3473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473 [ 4 ] CVE-2007-3474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474 [ 5 ] CVE-2007-3475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475 [ 6 ] CVE-2007-3476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476 [ 7 ] CVE-2007-3477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477 [ 8 ] CVE-2007-3478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp7sqNx4InbB.pgp Description: PGP signature
[ GLSA 200708-03 ] libarchive (formerly named as bsdtar): Multiple pax Extension Header Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libarchive (formerly named as bsdtar): Multiple pax Extension Header Vulnerabilities Date: August 08, 2007 Bugs: #184984 ID: 200708-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in libarchive (formerly named as app-archive/bsdtar), possibly allowing for the execution of arbitrary code or a Denial of Service. Background == libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-arch/libarchive2.2.4= 2.2.4 Description === CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL pointer dereference (CVE-2007-3645) within the processing of archives having corrupted PaX extension headers. Impact == An attacker can trick a user or automated system to process an archive with malformed PaX extension headers into execute arbitrary code, crash an application using the library, or cause a high CPU load. Workaround == There is no known workaround at this time. Resolution == All libarchive or bsdtar users should upgrade to the latest libarchive version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/libarchive-2.2.4 References == [ 1 ] CVE-2007-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3641 [ 2 ] CVE-2007-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644 [ 3 ] CVE-2007-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3645 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpZvZIi2plcl.pgp Description: PGP signature
[ GLSA 200708-04 ] ClamAV: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Denial of Service Date: August 09, 2007 Bugs: #185013 ID: 200708-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in ClamAV, allowing for a Denial of Service. Background == ClamAV is a GPL virus scanner. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav0.91 = 0.91 Description === Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Impact == A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-antivirus/clamav-0.91 References == [ 1 ] CVE-2007-3725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpwwNzBDdE81.pgp Description: PGP signature
[ GLSA 200708-02 ] Xvid: Array indexing vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xvid: Array indexing vulnerabilities Date: August 08, 2007 Bugs: #183145 ID: 200708-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Several array indexing vulnerabilities were discovered in Xvid, possibly allowing for the remote execution of arbitrary code. Background == Xvid is a popular open source video codec licensed under the GPL. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/xvid1.1.3= 1.1.3 Description === Trixter Jack discovered an array indexing error in the get_intra_block() function in the file src/bitstream/mbcoding.c. The get_inter_block_h263() and get_inter_block_mpeg() functions in the same file were also reported as vulnerable. Impact == An attacker could exploit these vulnerabilities to execute arbitrary code by tricking a user or automated system into processing a malicious video file with an application that makes use of the Xvid library. Workaround == There is no known workaround at this time. Resolution == All Xvid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/xvid-1.1.3 References == [ 1 ] CVE-2007-3329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3329 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp3DxVVEfq1E.pgp Description: PGP signature
[ GLSA 200708-01 ] Macromedia Flash Player: Remote arbitrary code execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Macromedia Flash Player: Remote arbitrary code execution Date: August 08, 2007 Bugs: #185141 ID: 200708-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Macromedia Flash Player, allowing for the remote execution of arbitrary code. Background == The Macromedia Flash Player is a renderer for the popular SWF file type which is commonly used to provide interactive websites, digital experiences and mobile content. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-www/netscape-flash 9.0.48.0 = 9.0.48.0 Description === Mark Hills discovered some errors when interacting with a browser for keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon from Minded Security discovered a boundary error when processing FLV files (CVE-2007-3456). An input validation error when processing HTTP referrers has also been reported (CVE-2007-3457). Impact == A remote attacker could entice a user to open a specially crafted file, possibly leading to the execution of arbitrary code with the privileges of the user running the Macromedia Flash Player, or sensitive data access. Workaround == There is no known workaround at this time. Resolution == All Macromedia Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-www/netscape-flash-9.0.48.0 References == [ 1 ] CVE-2007-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022 [ 2 ] CVE-2007-3456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456 [ 3 ] CVE-2007-3457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpfOLpOPBogm.pgp Description: PGP signature
[ GLSA 200707-14 ] tcpdump: Integer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: tcpdump: Integer overflow Date: July 28, 2007 Bugs: #184815 ID: 200707-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in tcpdump, allowing for the execution of arbitrary code, possibly with root privileges. Background == tcpdump is a tool for capturing and inspecting network traffic. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/tcpdump 3.9.5-r3 = 3.9.5-r3 Description === mu-b from Digital Labs discovered that the return value of a snprintf() call is not properly checked before being used. This could lead to an integer overflow. Impact == A remote attacker could send specially crafted BGP packets on a network being monitored with tcpdump, possibly resulting in the execution of arbitrary code with the privileges of the user running tcpdump, which is usually root. Workaround == There is no known workaround at this time. Resolution == All tcpdump users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/tcpdump-3.9.5-r3 References == [ 1 ] CVE-2007-3798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp5vCCAquvOU.pgp Description: PGP signature
[ GLSA 200707-13 ] Fail2ban: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Fail2ban: Denial of Service Date: July 28, 2007 Bugs: #181214 ID: 200707-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Fail2ban is vulnerable to a Denial of Service attack. Background == Fail2ban is a tool for parsing log files and banning IP addresses which make too many password failures. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-analyzer/fail2ban 0.8.0-r1 = 0.8.0-r1 Description === A vulnerability has been discovered in Fail2ban when parsing log files. Impact == A remote attacker could send specially crafted SSH login banners to the vulnerable host, which would prevent any ssh connection to the host and result in a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Fail2ban users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/fail2ban-0.8.0-r1 References == [ 1 ] Original advisory http://www.ossec.net/en/attacking-loganalysis.html#fail2ban Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpE3zYZ8W3QC.pgp Description: PGP signature
[ GLSA 200707-12 ] VLC media player: Format string vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC media player: Format string vulnerabilities Date: July 28, 2007 Bugs: #182389 ID: 200707-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in VLC media player, allowing for the remote execution of arbitrary code. Background == VLC media player is a multimedia player for various audio and video formats. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/vlc 0.8.6c = 0.8.6c Description === David Thiel from iSEC Partners Inc. discovered format string errors in various plugins when parsing data. The affected plugins include Vorbis, Theora, CDDA and SAP. Impact == A remote attacker could entice a user to open a specially crafted media file, possibly resulting in the execution of arbitrary code with the privileges of the user running VLC media player. Workaround == There is no known workaround at this time. Resolution == All VLC media player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/vlc-0.8.6c References == [ 1 ] CVE-2007-3316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3316 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpxgP1s2VIfv.pgp Description: PGP signature
[ GLSA 200707-11 ] MIT Kerberos 5: Arbitrary remote code execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Arbitrary remote code execution Date: July 25, 2007 Bugs: #183338 ID: 200707-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in MIT Kerberos 5 could potentially result in remote code execution with root privileges by unauthenticated users. Background == MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-crypt/mit-krb5 1.5.2-r3 = 1.5.2-r3 Description === kadmind is affected by multiple vulnerabilities in the RPC library shipped with MIT Kerberos 5. It fails to properly handle zero-length RPC credentials (CVE-2007-2442) and the RPC library can write past the end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to do proper bounds checking (CVE-2007-2798). Impact == A remote unauthenticated attacker could exploit these vulnerabilities to execute arbitrary code with root privileges. Workaround == There is no known workaround at this time. Resolution == All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-crypt/mit-krb5-1.5.2-r3 References == [ 1 ] CVE-2007-2442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442 [ 2 ] CVE-2007-2443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443 [ 3 ] CVE-2007-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpHiyDY4vKmA.pgp Description: PGP signature
[ GLSA 200707-08 ] NVClock: Insecure file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NVClock: Insecure file usage Date: July 24, 2007 Bugs: #184071 ID: 200707-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in NVClock, allowing for the execution of arbitrary code. Background == NVClock is an utility for changing NVidia graphic chipsets internal frequency. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/nvclock 0.7-r2 = 0.7-r2 Description === Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory. Impact == A local attacker could create a specially crafted temporary file in /tmp to execute arbitrary code with the privileges of the user running NVCLock. Workaround == There is no known workaround at this time. Resolution == All NVClock users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/nvclock-0.7-r2 References == [ 1 ] CVE-2007-3531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3531 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpPgm9ul8pJu.pgp Description: PGP signature
[ GLSA 200707-07 ] MPlayer: Multiple buffer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Multiple buffer overflows Date: July 24, 2007 Bugs: #181097 ID: 200707-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in MPlayer, possibly allowing for the remote execution of arbitrary code. Background == MPlayer is a media player incuding support for a wide range of audio and video formats. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 media-video/mplayer 1.0.20070622= 1.0.20070622 Description === Stefan Cornelius and Reimar Döffinger of Secunia Research discovered several boundary errors in the functions cddb_query_parse(), cddb_parse_matches_list() and cddb_read_parse(), each allowing for a stack-based buffer overflow. Impact == A remote attacker could entice a user to open a specially crafted file with malicious CDDB entries, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer. Workaround == There is no known workaround at this time. Resolution == All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/mplayer-1.0.20070622 References == [ 1 ] CVE-2007-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2948 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpkDMXApZxPS.pgp Description: PGP signature
[ GLSA 200707-09 ] GIMP: Multiple integer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GIMP: Multiple integer overflows Date: July 25, 2007 Bugs: #182047 ID: 200707-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in GIMP, allowing for the remote execution of arbitrary code. Background == GIMP is the GNU Image Manipulation Program. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-gfx/gimp 2.2.16= 2.2.16 Description === Sean Larsson from iDefense Labs discovered multiple integer overflows in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia Research discovered an integer overflow in the seek_to_and_unpack_pixeldata() function when processing PSD files (CVE-2007-2949). Impact == A remote attacker could entice a user to open a specially crafted image file, possibly resulting in the execution of arbitrary code with the privileges of the user running GIMP. Workaround == There is no known workaround at this time. Resolution == All GIMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-gfx/gimp-2.2.16 References == [ 1 ] CVE-2006-4519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519 [ 2 ] CVE-2007-2949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp3YjCTqyldg.pgp Description: PGP signature
[ GLSA 200707-10 ] Festival: Privilege elevation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Festival: Privilege elevation Date: July 25, 2007 Bugs: #170477 ID: 200707-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in Festival, allowing for a local privilege escalation. Background == Festival is a text-to-speech accessibility program. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 app-accessibility/festival 1.95_beta-r4 = 1.95_beta-r4 Description === Konstantine Shirow reported a vulnerability in default Gentoo configurations of Festival. The daemon is configured to run with root privileges and to listen on localhost, without requiring a password. Impact == A local attacker could gain root privileges by connecting to the daemon and execute arbitrary commands. Workaround == Set a password in the configuration file /etc/festival/server.scm by adding the line: (set! server_passwd password) Resolution == All Festival users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-accessibility/festival-1.95_beta-r4 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpm7zHbnf5XS.pgp Description: PGP signature
[ GLSA 200707-05 ] Webmin, Usermin: Cross-site scripting vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Webmin, Usermin: Cross-site scripting vulnerabilities Date: July 05, 2007 Bugs: #181385 ID: 200707-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Webmin and Usermin are vulnerable to cross-site scripting vulnerabilities (XSS). Background == Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-admin/webmin 1.350 = 1.350 2 app-admin/usermin1.280 = 1.280 --- 2 affected packages on all of their supported architectures. --- Description === The pam_login.cgi file does not properly sanitize user input before sending it back as output to the user. Impact == An unauthenticated attacker could entice a user to browse a specially crafted URL, allowing for the execution of script code in the context of the user's browser and for the theft of browser credentials. This may permit the attacker to login to Webmin or Usermin with the user's permissions. Workaround == There is no known workaround at this time. Resolution == All Webmin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot =app-admin/webmin-1.350 All Usermin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot =app-admin/usermin-1.280 References == [ 1 ] CVE-2007-3156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3156 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpuwc4lNzfju.pgp Description: PGP signature
[ GLSA 200707-02 ] OpenOffice.org: Two buffer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Two buffer overflows Date: July 02, 2007 Bugs: #181773 ID: 200707-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in OpenOffice.org, allowing for the remote execution of arbitrary code. Background == OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-office/openoffice2.2.1 = 2.2.1 2 app-office/openoffice-bin2.2.1 = 2.2.1 --- 2 affected packages on all of their supported architectures. --- Description === John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the prdata tag in RTF files where the first token is smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice binary program is shipped with a version of FreeType that contains an integer signedness error in the n_points variable in file truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754). Impact == A remote attacker could entice a user to open a specially crafted document, possibly leading to execution of arbitrary code with the rights of the user running OpenOffice.org. Workaround == There is no known workaround at this time. Resolution == All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/openoffice-2.2.1 All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/openoffice-bin-2.2.1 References == [ 1 ] CVE-2007-0245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0245 [ 2 ] CVE-2007-2754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 [ 3 ] GLSA 200705-22 http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp5If21ushaj.pgp Description: PGP signature
[ GLSA 200707-04 ] GNU C Library: Integer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU C Library: Integer overflow Date: July 03, 2007 Bugs: #183844 ID: 200707-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow in the dynamic loader, ld.so, could result in the execution of arbitrary code with escalated privileges. Background == The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related functions. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-libs/glibc 2.5-r4= 2.5-r4 --- # Package 1 only applies to x86 users. Description === Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in the handling of the hardware capabilities mask by the dynamic loader. If a mask is specified with a high population count, an integer overflow could occur when allocating memory. Impact == As the hardware capabilities mask is honored by the dynamic loader during the execution of suid and sgid programs, in theory this vulnerability could result in the execution of arbitrary code with root privileges. This update is provided as a precaution against currently unknown attack vectors. Workaround == There is no known workaround at this time. Resolution == All users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-libs/glibc-2.5-r4 References == [ 1 ] CVE-2007-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3508 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpTm77QZVeRj.pgp Description: PGP signature
[ GLSA 200707-01 ] Firebird: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Firebird: Buffer overflow Date: July 01, 2007 Bugs: #181811 ID: 200707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in Firebird, allowing for the execution of arbitrary code. Background == Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/firebird2.0.1= 2.0.1 Description === Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing connect requests with an overly large p_cnct_count value. Impact == An unauthenticated remote attacker could send a specially crafted request to a vulnerable server, possibly resulting in the execution of arbitrary code with the privileges of the user running Firebird. Workaround == There is no known workaround at this time. Resolution == All Firebird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/firebird-2.0.1 References == [ 1 ] CVE-2007-3181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3181 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp0Yq4yUaZze.pgp Description: PGP signature
[ GLSA 200706-08 ] emul-linux-x86-java: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: emul-linux-x86-java: Multiple vulnerabilities Date: June 26, 2007 Bugs: #178962 ID: 200706-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in emul-linux-x86-java, possibly resulting in the execution of arbitrary code or a Denial of Service. Background == emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development Kit. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-emulation/emul-linux-x86-java 1.5.0.11 = 1.5.0.11 Description === Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an incorrect use of system classes was reported by the Fujitsu security team. Impact == A remote attacker could entice a user to open a specially crafted image, possibly resulting in the execution of arbitrary code with the privileges of the user running Emul-linux-x86-java. They also could entice a user to open a specially crafted BMP image, resulting in a Denial of Service. Note that these vulnerabilities may also be triggered by a tool processing image files automatically. Workaround == There is no known workaround at this time. Resolution == All Emul-linux-x86-java users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-emulation/emul-linux-x86-java-1.5.0.11 References == [ 1 ] CVE-2007-2435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435 [ 2 ] CVE-2007-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 [ 3 ] CVE-2007-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpSQNbUVu1p1.pgp Description: PGP signature
[ GLSA 200706-09 ] libexif: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libexif: Buffer overflow Date: June 26, 2007 Bugs: #181922 ID: 200706-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis libexif does not properly handle image EXIF information, possibly allowing for the execution of arbitrary code. Background == libexif is a library for parsing, editing and saving EXIF metadata from images. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libexif 0.6.16= 0.6.16 Description === iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Impact == An attacker could entice a user of an application making use of a vulnerable version of libexif to load a specially crafted image file, possibly resulting in a crash of the application or the execution of arbitrary code with the rights of the user running the application. Workaround == There is no known workaround at this time. Resolution == All libexif users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libexif-0.6.16 References == [ 1 ] CVE-2006-4168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpl0UQqg461C.pgp Description: PGP signature
[ GLSA 200706-06 ] Mozilla products: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: June 19, 2007 Bugs: #180436 ID: 200706-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted arbitrary remote code execution. Background == Mozilla Firefox is an open-source web browser from the Mozilla Project, and Mozilla Thunderbird an email client. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mozilla-firefox 2.0.0.4 = 2.0.0.4 2 mozilla-firefox-bin 2.0.0.4 = 2.0.0.4 3 mozilla-thunderbird 2.0.0.4 = 2.0.0.4 *= 1.5.0.12 4 mozilla-thunderbird-bin 2.0.0.4 = 2.0.0.4 *= 1.5.0.12 5 seamonkey 1.1.2= 1.1.2 6 seamonkey-bin 1.1.2= 1.1.2 7 xulrunner 1.8.1.4 = 1.8.1.4 --- 7 affected packages on all of their supported architectures. --- Description === Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Impact == A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to spoof the address bar or other browser elements, obtain sensitive APOP information, or perform cross-site scripting attacks, leading to the exposure of sensitive information, like user credentials. Workaround == There is no known workaround at this time. Resolution == All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/mozilla-firefox-2.0.0.4 All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/mozilla-firefox-bin-2.0.0.4 All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/mozilla-thunderbird-2.0.0.4 All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/mozilla-thunderbird-bin-2.0.0.4 All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/seamonkey-1.1.2 All SeaMonkey binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/seamonkey-bin-1.1.2 All XULRunner users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-libs/xulrunner-1.8.1.4 References == [ 1 ] CVE-2007-1362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362 [ 2 ] CVE-2007-1558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 [ 3 ] CVE-2007-2867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867 [ 4 ] CVE-2007-2868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868 [ 5 ] CVE-2007-2869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869 [ 6 ] CVE-2007-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870 [ 7 ] CVE-2007-2871
[ GLSA 200706-07 ] PHProjekt: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHProjekt: Multiple vulnerabilities Date: June 19, 2007 Bugs: #170905 ID: 200706-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in PHProjekt, allowing for the execution of arbitrary PHP and SQL code, and cross-site scripting attacks. Background == PHProjekt is a project management and coordination tool written in PHP. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/phprojekt5.2.1 = 5.2.1 Description === Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code using an unrestricted file upload (CVE-2007-1639), cross-site request forgeries using different modules (CVE-2007-1638), and a cross-site scripting attack using unkown vectors (CVE-2007-1576). Impact == An authenticated user could elevate their privileges by exploiting the vulnerabilities described above. Note that the magic_quotes_gpc PHP configuration setting must be set to off to exploit these vulnerabilities. Workaround == There is no known workaround at this time. Resolution == All PHProjekt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/phprojekt-5.2.1 References == [ 1 ] CVE-2007-1575 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1575 [ 2 ] CVE-2007-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1576 [ 3 ] CVE-2007-1638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1638 [ 4 ] CVE-2007-1639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1639 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpAJBAcZKHxI.pgp Description: PGP signature
[ GLSA 200706-05 ] ClamAV: Multiple Denials of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Multiple Denials of Service Date: June 15, 2007 Bugs: #178082 ID: 200706-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ClamAV contains several vulnerabilities leading to a Denial of Service. Background == ClamAV is a GPL virus scanner. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav 0.90.3 = 0.90.3 Description === Several vulnerabilities were discovered in ClamAV by various researchers: * Victor Stinner (INL) discovered that the OLE2 parser may enter in an infinite loop (CVE-2007-2650). * A boundary error was also reported by an anonymous researcher in the file unsp.c, which might lead to a buffer overflow (CVE-2007-3023). * The file unrar.c contains a heap-based buffer overflow via a modified vm_codesize value from a RAR file (CVE-2007-3123). * The RAR parsing engine can be bypassed via a RAR file with a header flag value of 10 (CVE-2007-3122). * The cli_gentempstream() function from clamdscan creates temporary files with insecure permissions (CVE-2007-3024). Impact == A remote attacker could send a specially crafted file to the scanner, possibly triggering one of the vulnerabilities. The two buffer overflows are reported to only cause Denial of Service. This would lead to a Denial of Service by CPU consumption or a crash of the scanner. The insecure temporary file creation vulnerability could be used by a local user to access sensitive data. Workaround == There is no known workaround at this time. Resolution == All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-antivirus/clamav-0.90.3 References == [ 1 ] CVE-2007-2650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650 [ 2 ] CVE-2007-3023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3023 [ 3 ] CVE-2007-3024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3024 [ 4 ] CVE-2007-3122 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3122 [ 5 ] CVE-2007-3123 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3123 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpV7ARvIOnuQ.pgp Description: PGP signature
[ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MadWifi: Multiple vulnerabilities Date: June 11, 2007 Bugs: #179532 ID: 200706-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in MadWifi, possibly allowing for the execution of arbitrary code or a Denial of Service. Background == The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-wireless/madwifi-ng 0.9.3.1 = 0.9.3.1 Description === Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829). Impact == An attacker could send specially crafted packets to a vulnerable host to exploit one of these vulnerabilities, possibly resulting in the execution of arbitrary code with root privileges, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All MadWifi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-wireless/madwifi-ng-0.9.3.1 References == [ 1 ] CVE-2007-2829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2829 [ 2 ] CVE-2007-2830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2830 [ 3 ] CVE-2007-2831 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2831 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpbABfuhzwQC.pgp Description: PGP signature
[ GLSA 200706-03 ] ELinks: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ELinks: User-assisted execution of arbitrary code Date: June 06, 2007 Bugs: #177512 ID: 200706-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in ELinks allowing for the user-assisted execution of arbitrary code. Background == ELinks is a text-mode web browser. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 www-client/elinks 0.11.2-r1 = 0.11.2-r1 Description === Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Impact == A local attacker could entice a user to run ELinks in a specially crafted directory environment containing a malicious .po file, possibly resulting in the execution of arbitrary code with the privileges of the user running ELinks. Workaround == There is no known workaround at this time. Resolution == All ELinks users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/elinks-0.11.2-r1 References == [ 1 ] CVE-2007-2027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpA9NucCeRPw.pgp Description: PGP signature
[ GLSA 200706-02 ] Evolution: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Evolution: User-assisted execution of arbitrary code Date: June 06, 2007 Bugs: #170879 ID: 200706-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in Evolution allowing for the execution of arbitrary code. Background == Evolution is the mail client of the GNOME desktop environment. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 mail-client/evolution 2.8.3-r2 = 2.8.3-r2 Description === Ulf Härnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Impact == A remote attacker could entice a user to open a specially crafted shared memo, possibly resulting in the execution of arbitrary code with the privileges of the user running Evolution. Workaround == There is no known workaround at this time. Resolution == All Evolution users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/evolution-2.8.3-r2 References == [ 1 ] CVE-2007-1002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp1jSQe7bIzN.pgp Description: PGP signature
[ GLSA 200706-01 ] libexif: Integer overflow vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libexif: Integer overflow vulnerability Date: June 05, 2007 Bugs: #178081 ID: 200706-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis libexif fails to handle Exif (EXchangeable Image File) data inputs, making it vulnerable to an integer overflow. Background == libexif is a library for parsing, editing and saving Exif data. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libexif 0.6.15= 0.6.15 Description === Victor Stinner reported an integer overflow in the exif_data_load_data_entry() function from file exif-data.c while handling Exif data. Impact == An attacker could entice a user to process a file with specially crafted Exif extensions with an application making use of libexif, which will trigger the integer overflow and potentially execute arbitrary code or crash the application. Workaround == There is no known workaround at this time. Resolution == All libexif users should upgrade to the latest version. Please note that users upgrading from =media-libs/libexif-0.6.13 should also run revdep-rebuild after their upgrade. # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libexif-0.6.15 # revdep-rebuild --library=/usr/lib/libexif.so References == [ 1 ] CVE-2007-2645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp4PZAP7yvwS.pgp Description: PGP signature
[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sun JDK/JRE: Multiple vulnerabilities Date: May 31, 2007 Bugs: #176675, #178851 ID: 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). Background == The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-java/sun-jdk 1.5.0.11 = 1.5.0.11 *= 1.4.2.14 2 dev-java/sun-jre-bin 1.5.0.11 = 1.5.0.11 *= 1.4.2.14 --- 2 affected packages on all of their supported architectures. --- Description === An unspecified vulnerability involving an incorrect use of system classes was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files. Impact == A remote attacker could entice a user to run a specially crafted Java class or applet that will trigger one of the vulnerabilities. This could lead to the execution of arbitrary code outside of the Java sandbox and of the Java security restrictions, or crash the Java application or the browser. Workaround == There is no known workaround at this time. Resolution == All Sun Java Development Kit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-java/sun-jdk All Sun Java Runtime Environment users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-java/sun-jre-bin References == [ 1 ] CVE-2007-2435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435 [ 2 ] CVE-2007-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 [ 3 ] CVE-2007-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-23.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp7n35jB8hpx.pgp Description: PGP signature
[ GLSA 200705-24 ] libpng: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Denial of Service Date: May 31, 2007 Bugs: #178004 ID: 200705-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images. Background == libpng is a free ANSI C library used to process and manipulate PNG images. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/libpng 1.2.17 = 1.2.17 Description === Mats Palmgren fixed an error in file pngrutil.c in which the trans[] array might be not allocated because of images with a bad tRNS chunk CRC value. Impact == A remote attacker could craft an image that when processed or viewed by an application using libpng causes the application to terminate abnormally. Workaround == There is no known workaround at this time. Resolution == Please note that due to separate bugs in libpng 1.2.17, Gentoo does not provide libpng-1.2.17 but libpng-1.2.18. All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libpng-1.2.18 References == [ 1 ] CVE-2007-2445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-24.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpGeQtO5HNY5.pgp Description: PGP signature
[ GLSA 200705-25 ] file: Integer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: file: Integer overflow Date: May 31, 2007 Bugs: #179583 ID: 200705-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow vulnerability has been reported in file allowing for the user-assisted execution of arbitrary code. Background == file is a utility that guesses a file format by scanning binary data for patterns. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 sys-apps/file4.21= 4.21 --- # Package 1 only applies to x86, PPC and HPPA users. Description === Colin Percival from FreeBSD reported that the previous fix for the file_printf() buffer overflow introduced a new integer overflow. Impact == A remote attacker could entice a user to run the file program on an overly large file (more than 1Gb) that would trigger an integer overflow on 32-bit systems, possibly leading to the execution of arbitrary code with the rights of the user running file. Workaround == There is no known workaround at this time. Resolution == Since file is a system package, all Gentoo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-apps/file-4.21 References == [ 1 ] CVE-2007-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-25.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp6bVtPxewcu.pgp Description: PGP signature
[ GLSA 200705-21 ] MPlayer: Two buffer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Two buffer overflows Date: May 30, 2007 Bugs: #168917 ID: 200705-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities have been discovered in MPlayer, each one could lead to the execution of arbitrary code. Background == MPlayer is a media player incuding support for a wide range of audio and video formats. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 media-video/mplayer 1.0.20070321= 1.0.20070321 Description === A buffer overflow has been reported in the DMO_VideoDecoder_Open() function in file loader/dmo/DMO_VideoDecoder.c. Another buffer overflow has been reported in the DS_VideoDecoder_Open() function in file loader/dshow/DS_VideoDecoder.c. Impact == A remote attacker could entice a user to open a specially crafted video file, potentially resulting in the execution of arbitrary code with the privileges of the user running MPlayer. Workaround == There is no known workaround at this time. Resolution == All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/mplayer-1.0.20070321 References == [ 1 ] CVE-2007-1246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 [ 2 ] CVE-2007-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387 [ 3 ] GLSA 200704-09 http://www.gentoo.org/security/en/glsa/glsa-200704-09.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpOKvEyJ16FS.pgp Description: PGP signature
[ GLSA 200705-22 ] FreeType: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FreeType: Buffer overflow Date: May 30, 2007 Bugs: #179161 ID: 200705-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in FreeType allowing for the execution of arbitrary code. Background == FreeType is a True Type Font rendering library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/freetype 2.3.4-r2= 2.3.4-r2 2.0 Description === Victor Stinner discovered a heap-based buffer overflow in the function Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with a negative n_points attribute. Impact == A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. Workaround == There is no known workaround at this time. Resolution == All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/freetype-2.3.4-r2 References == [ 1 ] CVE-2007-2754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpxUKHmBixee.pgp Description: PGP signature
[ GLSA 200705-19 ] PHP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: May 26, 2007 Bugs: #169372 ID: 200705-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PHP contains several vulnerabilities including buffer and integer overflows which could under certain conditions lead to the remote execution of arbitrary code. Background == PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/php5.2.2 *= 4.4.7 = 5.2.2 Description === Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library (CVE-2007-1001) and in the substr_compare() PHP 5 function (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library (CVE-2007-1864). Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Impact == Remote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. Workaround == There is no known workaround at this time. Resolution == All PHP 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/php-5.2.2 All PHP 4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/php-4.4.7 References == [ 1 ] CVE-2007-1001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 [ 2 ] CVE-2007-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285 [ 3 ] CVE-2007-1286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286 [ 4 ] CVE-2007-1484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1484 [ 5 ] CVE-2007-1521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521 [ 6 ] CVE-2007-1583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583 [ 7 ] CVE-2007-1700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700 [ 8 ] CVE-2007-1701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1701 [ 9 ] CVE-2007-1711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711 [ 10 ] CVE-2007-1717 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1717 [ 11 ] CVE-2007-1718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718 [ 12 ] CVE-2007-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864 [ 13 ] CVE-2007-1900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 [ 14 ] CVE-2007-2509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509 [ 15 ] CVE-2007-2510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510 [ 16 ] CVE-2007-2511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2511 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
[ GLSA 200705-20 ] Blackdown Java: Applet privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Blackdown Java: Applet privilege escalation Date: May 26, 2007 Bugs: #161835 ID: 200705-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The Blackdown JDK and the Blackdown JRE suffer from the multiple unspecified vulnerabilities that already affected the Sun JDK and JRE. Background == Blackdown provides implementations of the Java Development Kit (JDK) and the Java Runtime Environment (JRE). Affected packages = --- Package /Vulnerable/ Unaffected --- 1 dev-java/blackdown-jdk 1.4.2.03-r14 = 1.4.2.03-r14 2 dev-java/blackdown-jre 1.4.2.03-r14 = 1.4.2.03-r14 --- 2 affected packages on all of their supported architectures. --- Description === Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Impact == An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM, access data maintained in other Java applets, or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround == Disable the nsplugin USE flag in order to prevent web applets from being run. Resolution == Since there is no fixed update from Blackdown and since the flaw only occurs in the applets, the nsplugin USE flag has been masked in the portage tree. Emerge the ebuild again in order to fix the vulnerability. Another solution is to switch to another Java implementation such as the Sun implementation (dev-java/sun-jdk and dev-java/sun-jre-bin). # emerge --sync # emerge --ask --oneshot --verbose dev-java/blackdown-jdk # emerge --ask --oneshot --verbose dev-java/blackdown-jre References == [ 1 ] CVE-2006-6731 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731 [ 2 ] CVE-2006-6736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736 [ 3 ] CVE-2006-6737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737 [ 4 ] CVE-2006-6745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-20.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpPHDb2kTZ2q.pgp Description: PGP signature
[ GLSA 200705-16 ] PhpWiki: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PhpWiki: Remote execution of arbitrary code Date: May 17, 2007 Bugs: #174451 ID: 200705-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in PhpWiki allowing for the remote execution of arbitrary code. Background == PhpWiki is an open source content management system written in PHP. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/phpwiki 1.3.10-r3= 1.3.10-r3 Description === Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact == A remote attacker could upload a specially crafted PHP file to the vulnerable server, resulting in the execution of arbitrary PHP code with the privileges of the user running PhpWiki. Workaround == There is no known workaround at this time. Resolution == All PhpWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/phpwiki-1.3.10-r3 References == [ 1 ] CVE-2007-2024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2024 [ 2 ] CVE-2007-2025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2025 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp1NTdByA0Qn.pgp Description: PGP signature
[ GLSA 200705-14 ] XScreenSaver: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: XScreenSaver: Privilege escalation Date: May 13, 2007 Bugs: #176584 ID: 200705-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis XScreenSaver allows local users to bypass authentication under certain configurations. Background == XScreenSaver is a widely used screen saver collection shipped on systems running the X11 Window System. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 x11-misc/xscreensaver5.02= 5.02 Description === XScreenSaver incorrectly handles the results of the getpwuid() function in drivers/lock.c when using directory servers during a network outage. Impact == A local user can crash XScreenSaver by preventing network connectivity if the system uses a remote directory service for credentials such as NIS or LDAP, which will unlock the screen. Workaround == There is no known workaround at this time. Resolution == All XScreenSaver users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-misc/xscreensaver-5.02 References == [ 1 ] CVE-2007-1859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1859 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgphBxTyXWjCl.pgp Description: PGP signature
[ GLSA 200705-09 ] IPsec-Tools: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPsec-Tools: Denial of Service Date: May 08, 2007 Bugs: #173219 ID: 200705-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis IPsec-Tools contains a vulnerability that allows a remote attacker to crash the IPsec tunnel. Background == IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-firewall/ipsec-tools0.6.7 = 0.6.7 Description === The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) packets are encrypted. Impact == A remote attacker could send a specially crafted IPsec message to one of the two peers during the beginning of phase 1, resulting in the termination of the IPsec exchange. Workaround == There is no known workaround at this time. Resolution == All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-firewall/ipsec-tools-0.6.7 References == [ 1 ] CVE-2007-1841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp0kNgdYko44.pgp Description: PGP signature
[ GLSA 200705-11 ] MySQL: Two Denial of Service vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Two Denial of Service vulnerabilities Date: May 08, 2007 Bugs: #170126, #171934 ID: 200705-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two Denial of Service vulnerabilities have been discovered in MySQL. Background == MySQL is a popular multi-threaded, multi-user SQL server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/mysql 5.0.38 = 5.0.38 5.0 Description === mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata. Impact == In both cases, a remote attacker could send a specially crafted SQL request to the server, possibly resulting in a server crash. Note that the attacker needs the ability to execute SELECT queries. Workaround == There is no known workaround at this time. Resolution == All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/mysql-5.0.38 References == [ 1 ] Original Report http://bugs.mysql.com/bug.php?id=27513 [ 2 ] CVE-2007-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgplzllhNmIcD.pgp Description: PGP signature
[ GLSA 200705-10 ] LibXfont, TightVNC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: LibXfont, TightVNC: Multiple vulnerabilities Date: May 08, 2007 Bugs: #172575, #174200 ID: 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in libXfont and TightVNC, allowing for the execution of arbitrary code with root privileges. Background == LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/tightvnc 1.2.9-r4 = 1.2.9-r4 2 x11-libs/libXfont 1.2.7-r1 = 1.2.7-r1 --- 2 affected packages on all of their supported architectures. --- Description === The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Impact == A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host. Workaround == There is no known workaround at this time. Resolution == All libXfont users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/libXfont-1.2.7-r1 All TightVNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/tightvnc-1.2.9-r4 References == [ 1 ] CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 [ 2 ] CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 [ 3 ] CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpKHYnqC6DfZ.pgp Description: PGP signature
[ GLSA 200705-06 ] X.Org X11 library: Multiple integer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: X.Org X11 library: Multiple integer overflows Date: May 05, 2007 Bugs: #172752 ID: 200705-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The X.Org X11 library contains multiple integer overflows, which could lead to the execution of arbitrary code. Background == X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-libs/libX11 1.0.3-r2= 1.0.3-r2 Description === Multiple integer overflows have been reported in the XGetPixel() function of the X.Org X11 library. Impact == By enticing a user to open a specially crafted image, an attacker could cause a Denial of Service or an integer overflow, potentially resulting in the execution of arbitrary code with root privileges. Workaround == There is no known workaround at this time. Resolution == All X.Org X11 library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/libX11-1.0.3-r2 References == [ 1 ] CVE-2007-1667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp4l9BJGmJU1.pgp Description: PGP signature
[ GLSA 200705-07 ] Lighttpd: Two Denials of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Lighttpd: Two Denials of Service Date: May 07, 2007 Bugs: #174043 ID: 200705-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities have been discovered in Lighttpd, each allowing for a Denial of Service. Background == Lighttpd is a lightweight HTTP web server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/lighttpd 1.4.14 = 1.4.14 Description === Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd tries to access a file with a mtime of 0. Impact == A remote attacker could upload a specially crafted file to the server or send a specially crafted request and then abort the connection, possibly resulting in a crash or a Denial of Service by CPU consumption. Workaround == There is no known workaround at this time. Resolution == All Lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/lighttpd-1.4.14 References == [ 1 ] CVE-2007-1869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1869 [ 2 ] CVE-2007-1870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1870 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp9XH6SfhiwC.pgp Description: PGP signature
[ GLSA 200705-02 ] FreeType: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FreeType: User-assisted execution of arbitrary code Date: May 01, 2007 Bugs: #172577 ID: 200705-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in FreeType allowing for user-assisted remote execution of arbitrary code. Background == FreeType is a True Type Font rendering library. Affected packages = --- Package / Vulnerable /Unaffected --- 1 media-libs/freetype 2.1.10-r3 = 2.1.10-r3 Description === Greg MacManus of iDefense Labs has discovered an integer overflow in the function bdfReadCharacters() when parsing BDF fonts. Impact == A remote attacker could entice a user to use a specially crafted BDF font, possibly resulting in a heap-based buffer overflow and the remote execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/freetype-2.1.10-r3 References == [ 1 ] CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp2b6KsE2uRg.pgp Description: PGP signature
[ GLSA 200704-22 ] BEAST: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: BEAST: Denial of Service Date: April 27, 2007 Bugs: #163146 ID: 200704-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in BEAST allowing for a Denial of Service. Background == BEdevilled Audio SysTem is an audio compositor, supporting a wide range of audio formats. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-sound/beast0.7.1 = 0.7.1 Description === BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid() fails due to a user exceeding assigned resource limits. Impact == A local user could exceed his resource limit in order to prevent the seteuid() call from succeeding. This may lead BEAST to keep running with root privileges. Then, the local user could use the save as dialog box to overwrite any file on the vulnerable system, potentially leading to a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All BEAST users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/beast-0.7.1 References == [ 1 ] CVE-2006-2916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 [ 2 ] CVE-2006-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200704-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpNkHRJDYbOe.pgp Description: PGP signature
[ GLSA 200704-23 ] capi4k-utils: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: capi4k-utils: Buffer overflow Date: April 27, 2007 Bugs: #170870 ID: 200704-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis capi4k-utils is vulnerable to a buffer overflow in the bufprint() function. Background == capi4k-utils is a set of utilities for accessing COMMON-ISDN-API software interfaces for ISDN devices. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 net-dialup/capi4k-utils 20050718-r3 = 20050718-r3 Description === The bufprint() function in capi4k-utils fails to properly check boundaries of data coming from CAPI packets. Impact == A local attacker could possibly escalate privileges or cause a Denial of Service by sending a crafted CAPI packet. Workaround == There is no known workaround at this time. Resolution == All capi4k-utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dialup/capi4k-utils-20050718-r3 References == [ 1 ] CVE-2007-1217 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1217 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200704-23.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpVrXGoHkODR.pgp Description: PGP signature
[ GLSA 200704-17 ] 3proxy: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: 3proxy: Buffer overflow Date: April 22, 2007 Bugs: #174429 ID: 200704-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in 3proxy allowing for the remote execution of arbitrary code. Background == 3proxy is a multi-protocol proxy, including HTTP/HTTPS/FTP and SOCKS support. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-proxy/3proxy 0.5.3h = 0.5.3h Description === The 3proxy development team reported a buffer overflow in the logurl() function when processing overly long requests. Impact == A remote attacker could send a specially crafted transparent request to the proxy, resulting in the execution of arbitrary code with privileges of the user running 3proxy. Workaround == There is no known workaround at this time. Resolution == All 3proxy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-proxy/3proxy-0.5.3h References == [ 1 ] CVE-2007-2031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200704-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpcOTFPOTuPS.pgp Description: PGP signature
[ GLSA 200704-16 ] Aircrack-ng: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Aircrack-ng: Remote execution of arbitrary code Date: April 22, 2007 Bugs: #174340 ID: 200704-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Aircrack-ng contains a buffer overflow that could lead to the remote execution of arbitrary code with root privileges. Background == Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-wireless/aircrack-ng 0.7-r2 = 0.7-r2 Description === Jonathan So reported that the airodump-ng module does not correctly check the size of 802.11 authentication packets before copying them into a buffer. Impact == A remote attacker could trigger a stack-based buffer overflow by sending a specially crafted 802.11 authentication packet to a user running airodump-ng with the -w (--write) option. This could lead to the remote execution of arbitrary code with the permissions of the user running airodump-ng, which is typically the root user. Workaround == There is no known workaround at this time. Resolution == All Aircrack-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-wireless/aircrack-ng-0.7-r2 References == [ 1 ] CVE-2007-2057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2057 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200704-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpRXWzkabEEn.pgp Description: PGP signature
[ GLSA 200704-18 ] Courier-IMAP: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Courier-IMAP: Remote execution of arbitrary code Date: April 22, 2007 Bugs: #168196 ID: 200704-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in Courier-IMAP allowing for remote code execution with root privileges. Background == Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-mail/courier-imap 4.0.6-r2 = 4.0.6-r2 Description === CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact == A remote attacker could send specially crafted login credentials to a Courier-IMAP server instance, possibly leading to remote code execution with root privileges. Workaround == There is no known workaround at this time. Resolution == All Courier-IMAP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-mail/courier-imap-4.0.6-r2 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200704-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpBfmuZ8oOap.pgp Description: PGP signature
[ GLSA 200704-19 ] Blender: User-assisted remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Blender: User-assisted remote execution of arbitrary code Date: April 23, 2007 Bugs: #168907 ID: 200704-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in Blender allowing for user-assisted arbitrary code execution. Background == Blender is a 3D creation, animation and publishing program. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-gfx/blender2.43= 2.43 Description === Stefan Cornelius of Secunia Research discovered an insecure use of the eval() function in kmz_ImportWithMesh.py. Impact == A remote attacker could entice a user to open a specially crafted Blender file (.kmz or .kml), resulting in the execution of arbitrary Python code with the privileges of the user running Blender. Workaround == There is no known workaround at this time. Resolution == All Blender users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-gfx/blender-2.43 References == [ 1 ] CVE-2007-1253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200704-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpSWCCk6l6KI.pgp Description: PGP signature
[ GLSA 200704-14 ] FreeRADIUS: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FreeRADIUS: Denial of Service Date: April 17, 2007 Bugs: #174292 ID: 200704-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A memory leak has been discovered in FreeRADIUS, possibly allowing for a Denial of Service. Background == FreeRADIUS is an open source RADIUS authentication server implementation. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-dialup/freeradius1.1.6 = 1.1.6 Description === The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Impact == A remote attacker could send a large amount of specially crafted packets to a FreeRADIUS server using EAP-TTLS authentication and exhaust all memory, possibly resulting in a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All FreeRADIUS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dialup/freeradius-1.1.6 References == [ 1 ] CVE-2007-2028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2028 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200704-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpjaEwTdcoZm.pgp Description: PGP signature