GLSA (Gentoo Linux Security Advisory) publication changes
Like other Linux distribution vendors, Gentoo is currently CC'ing advisories to the full-disclosure and bugtraq mailing lists. Starting today, we will be *no longer* publishing our advisories to full- disclosure or bugtraq. We are following our colleagues at Ubuntu with this decision. Users who want to receive advisories via email in the future should subscribe to the gentoo-announce mailing list, as described here: http://www.gentoo.org/main/en/lists.xml We also offer an RDF feed at http://www.gentoo.org/rdf/en/glsa-index.rdf Finally, our security notices are posted to our forums at https://forums.gentoo.org/viewforum-f-16.html All past and new advisories can be viewed at http://glsa.gentoo.org/ Please contact secur...@gentoo.org with any questions. -- Alex Legler a...@gentoo.org Gentoo Security/Ruby/Infrastructure signature.asc Description: This is a digitally signed message part.
[ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: X.Org X Server/X Keyboard Configuration Database: Screen lock bypass Date: January 27, 2012 Bugs: #399347 ID: 201201-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A debugging functionality in the X.Org X Server that is bound to a hotkey by default can be used by local attackers to circumvent screen locking utilities. Background == The X Keyboard Configuration Database provides keyboard configuration for various X server implementations. Affected packages = --- Package / Vulnerable /Unaffected --- 1 x11-misc/xkeyboard-config 2.4.1-r3 = 2.4.1-r3 --- # Package 1 only applies to users of these architectures: amd64, arm, hppa, x86 Description === Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server again provides debugging functionality that can be used terminate an application that exclusively grabs mouse and keyboard input, like screen locking utilities. Gu1 reported that the X Keyboard Configuration Database maps this functionality by default to the Ctrl+Alt+Numpad * key combination. Impact == A physically proximate attacker could exploit this vulnerability to gain access to a locked X session without providing the correct credentials. Workaround == Downgrade to any version of x11-base/xorg-server below x11-base/xorg-server-1.11: # emerge --oneshot --verbose x11-base/xorg-server-1.11 Resolution == All xkeyboard-config users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =x11-misc/xkeyboard-config-2.4.1-r3 NOTE: The X.Org X Server 1.11 was only stable on the AMD64, ARM, HPPA, and x86 architectures. Users of the stable branches of all other architectures are not affected and will be directly provided with a fixed X Keyboard Configuration Database version. References == [ 1 ] CVE-2012-0064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0064 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201201-18 ] bip: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: bip: Multiple vulnerabilities Date: January 30, 2012 Bugs: #336321, #400599 ID: 201201-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code. Background == bip is a multi-user IRC proxy with SSL support. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-irc/bip 0.8.8-r1 = 0.8.8-r1 Description === Multiple vulnerabilities have been discovered in bip: * Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash (CVE-2010-3071). * Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a stack buffer overflow (CVE-2012-0806). Impact == A remote attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the user running the bip daemon, or cause a Denial of Service condition. Workaround == There is no known workaround at this time. Resolution == All bip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/bip-0.8.8-r1 NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version of bip and is included in this advisory for completeness. References == [ 1 ] CVE-2010-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3071 [ 2 ] CVE-2012-0806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: January 30, 2012 Bugs: #354211, #382969, #393481 ID: 201201-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Background == Adobe Reader is a closed-source PDF reader. Affected packages = --- Package / Vulnerable /Unaffected --- 1 app-text/acroread 9.4.7= 9.4.7 Description === Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact == A remote attacker could entice a user to open a specially crafted PDF file using Adobe Reader, possibly resulting in the remote execution of arbitrary code, a Denial of Service, or other impact. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-9.4.7 References == [ 1 ] CVE-2010-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091 [ 2 ] CVE-2011-0562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562 [ 3 ] CVE-2011-0563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563 [ 4 ] CVE-2011-0565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565 [ 5 ] CVE-2011-0566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566 [ 6 ] CVE-2011-0567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567 [ 7 ] CVE-2011-0570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570 [ 8 ] CVE-2011-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585 [ 9 ] CVE-2011-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586 [ 10 ] CVE-2011-0587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587 [ 11 ] CVE-2011-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588 [ 12 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 13 ] CVE-2011-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590 [ 14 ] CVE-2011-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591 [ 15 ] CVE-2011-0592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592 [ 16 ] CVE-2011-0593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593 [ 17 ] CVE-2011-0594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594 [ 18 ] CVE-2011-0595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595 [ 19 ] CVE-2011-0596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596 [ 20 ] CVE-2011-0598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598 [ 21 ] CVE-2011-0599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599 [ 22 ] CVE-2011-0600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600 [ 23 ] CVE-2011-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602 [ 24 ] CVE-2011-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603 [ 25 ] CVE-2011-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604 [ 26 ] CVE-2011-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605 [ 27 ] CVE-2011-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606 [ 28 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 29 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 30 ] CVE-2011-2135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 31 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 32 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 33 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 34 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 35 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 36 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 37 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 38 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 39 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 40 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 41 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 42 ] CVE-2011-2431
[ GLSA 201111-06 ] MaraDNS: Arbitrary code execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MaraDNS: Arbitrary code execution Date: November 20, 2011 Bugs: #352569 ID: 20-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability in MaraDNS allows remote attackers to execute arbitrary code or cause a Denial of Service. Background == MaraDNS is a proxy DNS server with permanent caching. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-dns/maradns 1.4.06 = 1.4.06 Description === A long DNS hostname with a large number of labels could trigger a buffer overflow in the compress_add_dlabel_points() function of dns/Compress.c. Impact == A remote unauthenticated attacker could execute arbitrary code or cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All MaraDNS users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/maradns-1.4.06 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since February 12, 2011. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2011-0520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0520 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-20-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TinTin++: Multiple vulnerabilities Date: November 20, 2011 Bugs: #209903 ID: 20-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in TinTin++ which could allow a remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service. Background == TinTin++ is a free MUD gaming client. Affected packages = --- Package / Vulnerable /Unaffected --- 1 games-mud/tintin 1.98.0 = 1.98.0 Description === Multiple vulnerabilities have been discovered in TinTin++. Please review the CVE identifiers referenced below for details. Impact == Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the TinTin++ process, cause a Denial of Service, or truncate arbitrary files in the top level of the home directory belonging to the user running the TinTin++ process. Workaround == There is no known workaround at this time. Resolution == All TinTin++ users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose =games-mud/tintin-1.98.0 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since March 25, 2008. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2008-0671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0671 [ 2 ] CVE-2008-0672 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0672 [ 3 ] CVE-2008-0673 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0673 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-20-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201111-08 ] radvd: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 20-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background == radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-misc/radvd1.8.2= 1.8.2 Description === Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Impact == A remote unauthenticated attacker may be able to gain escalated privileges, escalate the privileges of the radvd process, overwrite files with specific names, or cause a Denial of Service. Local attackers may be able to overwrite the contents of arbitrary files using symlinks. Workaround == There is no known workaround at this time. Resolution == All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/radvd-1.8.2 References == [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-20-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl Safe module: Arbitrary Perl code injection Date: November 20, 2011 Bugs: #325563 ID: 20-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The Safe module for Perl does not properly restrict code, allowing a remote attacker to execute arbitrary Perl code outside of a restricted compartment. Background == Safe is a Perl module to compile and execute code in restricted compartments. Affected packages = --- Package / Vulnerable /Unaffected --- 1 perl-core/Safe 2.27 = 2.27 2 virtual/perl-Safe 2.27 = 2.27 --- 2 affected packages --- Description === Unsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. Impact == A remote attacker could entice a user to load a specially crafted Perl script, resulting in execution arbitrary Perl code outside of a restricted compartment. Workaround == There is no known workaround at this time. Resolution == All users of the standalone Perl Safe module should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Safe-2.27 All users of the Safe module bundled with Perl should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =virtual/perl-Safe-2.27 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 18, 2010. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2010-1168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1168 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-20-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201111-10 ] Evince: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Evince: Multiple vulnerabilities Date: November 20, 2011 Bugs: #350681, #363447 ID: 20-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been found in Evince, allowing remote attackers to execute arbitrary code or cause a Denial of Service. Background == Evince is a document viewer for multiple document formats, including PostScript. Affected packages = --- Package / Vulnerable /Unaffected --- 1 app-text/evince 2.32.0-r2 = 2.32.0-r2 Description === Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. Impact == A remote attacker could entice a user to load a DVI file with a specially crafted font, resulting in the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Evince users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/evince-2.32.0-r2 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 26, 2011. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2010-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2640 [ 2 ] CVE-2010-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2641 [ 3 ] CVE-2010-2642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2642 [ 4 ] CVE-2010-2643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2643 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-20-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU Tar: User-assisted execution of arbitrary code Date: November 20, 2011 Bugs: #31 ID: 20-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow flaw in GNU Tar could result in execution of arbitrary code or a Denial of Service. Background == GNU Tar is a utility to create archives as well as add and extract files from archives. Affected packages = --- Package / Vulnerable /Unaffected --- 1 app-arch/tar 1.23 = 1.23 Description === GNU Tar is vulnerable to a boundary error in the rmt_read__ function in lib/rtapelib.c, which could cause a heap-based buffer overflow. Impact == A remote attacker could entice the user to load a specially crafted archive, possibly resulting in the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All GNU Tar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/tar-1.23 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 18, 2010. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2010-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0624 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-20-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 20-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Background == The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). Affected packages = --- Package / Vulnerable /Unaffected --- 1 dev-java/sun-jre-bin 1.6.0.29 = 1.6.0.29 * 2 app-emulation/emul-linux-x86-java 1.6.0.29 = 1.6.0.29 * 3 dev-java/sun-jdk 1.6.0.29 = 1.6.0.29 * --- NOTE: Packages marked with asterisks require manual intervention! --- 3 affected packages --- Description === Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact == A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All Oracle JDK 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.6.0.29 All Oracle JRE 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.6.0.29 All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: # emerge --sync # emerge -a -1 -v =app-emulation/emul-linux-x86-java-1.6.0.29 NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin. References == [ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573
[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: November 01, 2011 Bugs: #351525, #353626, #354121, #356933, #357963, #358581, #360399, #363629, #365125, #366335, #367013, #368649, #370481, #373451, #373469, #377475, #377629, #380311, #380897, #381713, #383251, #385649, #388461 ID: 20-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. Background == Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages = --- Package / Vulnerable /Unaffected --- 1 www-client/chromium15.0.874.102 = 15.0.874.102 2 dev-lang/v8 3.5.10.22 = 3.5.10.22 --- 2 affected packages --- Description === Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact == A local attacker could gain root privileges (CVE-2011-1444, fixed in chromium-11.0.696.57). A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could obtain cookies and other sensitive information, conduct man-in-the-middle attacks, perform address bar spoofing, bypass the same origin policy, perform Cross-Site Scripting attacks, or bypass pop-up blocks. Workaround == There is no known workaround at this time. Resolution == All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =www-client/chromium-15.0.874.102 All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/v8-3.5.10.22 References == [ 1 ] CVE-2011-2345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2345 [ 2 ] CVE-2011-2346 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2346 [ 3 ] CVE-2011-2347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2347 [ 4 ] CVE-2011-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2348 [ 5 ] CVE-2011-2349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2349 [ 6 ] CVE-2011-2350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2350 [ 7 ] CVE-2011-2351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2351 [ 8 ] CVE-2011-2834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834 [ 9 ] CVE-2011-2835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2835 [ 10 ] CVE-2011-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2837 [ 11 ] CVE-2011-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2838 [ 12 ] CVE-2011-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2839 [ 13 ] CVE-2011-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2840 [ 14 ] CVE-2011-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2841 [ 15 ] CVE-2011-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2843 [ 16 ] CVE-2011-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2844 [ 17 ] CVE-2011-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2845 [ 18 ] CVE-2011-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2846 [ 19 ] CVE-2011-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2847 [ 20 ] CVE-2011-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2848 [ 21 ] CVE-2011-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2849 [ 22 ] CVE-2011-2850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2850 [ 23 ] CVE-2011-2851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2851 [ 24 ] CVE-2011-2852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2852 [ 25 ] CVE-2011-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2853 [ 26 ] CVE-2011-2854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2854 [ 27 ] CVE-2011-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2855 [ 28 ] CVE-2011-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2856 [ 29 ]
[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache mod_authnz_external: SQL injection Date: October 25, 2011 Bugs: #386165 ID: 201110-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An input sanitation flaw in mod_authnz_external allows remote attacker to conduct SQL injection. Background == mod_authnz_external is a tool for creating custom authentication backends for HTTP basic authentication. Affected packages = --- Package / Vulnerable /Unaffected --- 1 www-apache/mod_authnz_external 3.2.6= 3.2.6 Description === mysql/mysql-auth.pl in mod_authnz_external does not properly sanitize input before using it in an SQL query. Impact == A remote attacker could exploit this vulnerability to inject arbitrary SQL statements by using a specially crafted username for HTTP authentication on a site using mod_authnz_external. Workaround == There is no known workaround at this time. Resolution == All Apache mod_authnz_external users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =www-apache/mod_authnz_external-3.2.6 References == [ 1 ] CVE-2011-2688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2688 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-23.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: October 25, 2011 Bugs: #261223, #284274, #297383, #308063, #313335, #320967, #339935, #353387, #384539 ID: 201110-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service. Background == PostgreSQL is an open source object-relational database management system. Affected packages = --- Package / Vulnerable /Unaffected --- 1 dev-db/postgresql = 9 Vulnerable! 2 dev-db/postgresql-server 9.0.5 *= 8.2.22 *= 8.4.9 *= 8.3.16 = 9.0.5 3 dev-db/postgresql-base9.0.5 *= 8.2.22 *= 8.4.9 *= 8.3.16 = 9.0.5 --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. --- 3 affected packages --- Description === Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact == A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the intarray module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. Workaround == There is no known workaround at this time. Resolution == All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-base-8.2.22:8.2 All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-base-8.3.16:8.3 All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-base-8.4.9:8.4 All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-base-9.0.5:9.0 All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-server-8.2.22:8.2 All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-server-8.3.16:8.3 All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-server-8.4.9:8.4 All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: # emerge --sync # emerge --ask --oneshot -v =dev-db/postgresql-server-9.0.5:9.0 The old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: # emerge --unmerge dev-db/postgresql References == [ 1 ] CVE-2009-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0922 [ 2 ] CVE-2009-3229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3229 [ 3 ] CVE-2009-3230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3230 [ 4 ] CVE-2009-3231
[ GLSA 201110-19 ] X.Org X Server: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: X.Org X Server: Multiple vulnerabilities Date: October 22, 2011 Bugs: #387069 ID: 201110-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the X.Org X server might allow local attackers to disclose information. Background == The X Window System is a graphical windowing system based on a client/server model. Affected packages = --- Package / Vulnerable /Unaffected --- 1 x11-base/xorg-server1.10.4-r1 *= 1.9.5-r1 = 1.10.4-r1 Description === vladz reported the following vulnerabilities in the X.Org X server: * The X.Org X server follows symbolic links when trying to access the lock file for a X display, showing a predictable behavior depending on the file type of the link target (CVE-2011-4028). * The X.Org X server lock file mechanism allows for a race condition to cause the X server to modify the file permissions of an arbitrary file to 0444 (CVE-2011-4029). Impact == A local attacker could exploit these vulnerabilities to disclose information by making arbitrary files on a system world-readable or gain information whether a specified file exists on the system and whether it is a file, directory, or a named pipe. Workaround == There is no known workaround at this time. Resolution == All X.Org X Server 1.9 users should upgrade to the latest 1.9 version: # emerge --sync # emerge --ask --oneshot --verbose =x11-base/xorg-server-1.9.5-r1 All X.Org X Server 1.10 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-base/xorg-server-1.10.4-r1 References == [ 1 ] CVE-2011-4028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4028 [ 2 ] CVE-2011-4029 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4029 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 201009-03 ] sudo: Privilege Escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201009-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: sudo: Privilege Escalation Date: September 07, 2010 Bugs: #322517, #335381 ID: 201009-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The secure path feature and group handling in sudo allow local attackers to escalate privileges. Background == sudo allows a system administrator to give users the ability to run commands as other users. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 app-admin/sudo 1.7.4_p3-r1 = 1.7.4_p3-r1 Description === Multiple vulnerabilities have been reported in sudo: * Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo 'secure path' feature does not properly handle multiple PATH variables (CVE-2010-1646). * Markus Wuethrich of Swiss Post reported that sudo fails to restrict access when using Runas groups and the group (-g) command line option (CVE-2010-2956). Impact == A local attacker could exploit these vulnerabilities to gain the ability to run certain commands with the privileges of other users, including root, depending on the configuration. Workaround == There is no known workaround at this time. Resolution == All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/sudo-1.7.4_p3-r1 References == [ 1 ] CVE-2010-1646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1646 [ 2 ] CVE-2010-2956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201009-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201009-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: wxGTK: User-assisted execution of arbitrary code Date: September 02, 2010 Bugs: #277722 ID: 201009-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. Background == wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI toolkit. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 x11-libs/wxGTK 2.8.10.1-r1 *= 2.6.4.0-r5 = 2.8.10.1-r1 Description === wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Impact == A remote attacker might entice a user to open a specially crafted JPEG file using a program that uses wxGTK, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All wxGTK 2.6 users should upgrade to an updated version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/wxGTK-2.6.4.0-r5 All wxGTK 2.8 users should upgrade to an updated version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/wxGTK-2.8.10.1-r1 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 9, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2009-2369 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201009-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-21 ] UnrealIRCd: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: UnrealIRCd: Multiple vulnerabilities Date: June 14, 2010 Bugs: #260806, #323691 ID: 201006-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in UnrealIRCd might allow remote attackers to compromise the unrealircd account, or cause a Denial of Service. Background == UnrealIRCd is an Internet Relay Chat (IRC) daemon. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-irc/unrealircd 3.2.8.1-r1 = 3.2.8.1-r1 Description === Multiple vulnerabilities have been reported in UnrealIRCd: * The vendor reported a buffer overflow in the user authorization code. * The vendor reported that the distributed source code of UnrealIRCd was compromised and altered to include a system() call that could be called with arbitrary user input. Impact == A remote attacker could exploit these vulnerabilities to cause the execution of arbitrary commands with the privileges of the user running UnrealIRCd, or a Denial of Service condition. NOTE: By default UnrealIRCd on Gentoo is run with the privileges of the unrealircd user. Workaround == There is no known workaround at this time. Resolution == All UnrealIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/unrealircd-3.2.8.1-r1 References == [ 1 ] UnrealIRCd Security Advisory 20090413 http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt [ 2 ] UnrealIRCd Security Advisory 20100612 http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-19 ] Bugzilla: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security AdvisoryGLSA 201006-19:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Bugzilla: Multiple vulnerabilities Date: June 04, 2010 Updated: June 04, 2010 Bugs: #239564, #258592, #264572, #284824, #303437, #303725 ID: 201006-19:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Bugzilla is prone to multiple medium severity vulnerabilities. Background == Bugzilla is a bug tracking system from the Mozilla project. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apps/bugzilla3.2.6 = 3.2.6 Description === Multiple vulnerabilities have been reported in Bugzilla. Please review the CVE identifiers referenced below for details. Impact == A remote attacker might be able to disclose local files, bug information, passwords, and other data under certain circumstances. Furthermore, a remote attacker could conduct SQL injection, Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via various vectors. Workaround == There is no known workaround at this time. Resolution == All Bugzilla users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/bugzilla-3.2.6 Bugzilla 2.x and 3.0 have reached their end of life. There will be no more security updates. All Bugzilla 2.x and 3.0 users should update to a supported Bugzilla 3.x version. References == [ 1 ] CVE-2008-4437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4437 [ 2 ] CVE-2008-6098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6098 [ 3 ] CVE-2009-0481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0481 [ 4 ] CVE-2009-0482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0482 [ 5 ] CVE-2009-0483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0483 [ 6 ] CVE-2009-0484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0484 [ 7 ] CVE-2009-0485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0485 [ 8 ] CVE-2009-0486 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0486 [ 9 ] CVE-2009-1213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1213 [ 10 ] CVE-2009-3125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3125 [ 11 ] CVE-2009-3165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3165 [ 12 ] CVE-2009-3166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3166 [ 13 ] CVE-2009-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3387 [ 14 ] CVE-2009-3989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3989 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-18 ] Oracle JRE/JDK: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: June 04, 2010 Bugs: #306579, #314531 ID: 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The Oracle JDK and JRE are vulnerable to multiple unspecified vulnerabilities. Background == The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-java/sun-jre-bin 1.6.0.20 = 1.6.0.20 2 dev-java/sun-jdk 1.6.0.20 = 1.6.0.20 3 app-emulation/emul-linux-x86-java 1.6.0.20 = 1.6.0.20 --- 3 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact == A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All Oracle JRE 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.6.0.20 All Oracle JDK 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.6.0.20 All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-emulation/emul-linux-x86-java-1.6.0.20 All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle JRE 1.5.x users are strongly advised to unmerge Java 1.5: # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5* # emerge --unmerge =dev-java/sun-jre-bin-1.5* # emerge --unmerge =dev-java/sun-jdk-1.5* Gentoo is ceasing support for the 1.5 generation of the Oracle Java Platform in accordance with upstream. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as build-only and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example: # java-config --set-system-vm sun-jdk-1.6 For more information, please consult the Gentoo Linux Java documentation. References == [ 1 ] CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 [ 2 ] CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 [ 3 ] CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 [ 4 ] CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 [ 5 ] CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 [ 6 ] CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 [ 7 ] CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 [ 8 ] CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 [ 9 ] CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 [ 10 ] CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 [ 11 ] CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 [ 12 ] CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 [ 13 ] CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 [ 14 ] CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 [ 15 ] CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 [ 16 ] CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 [ 17 ] CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 [ 18 ] CVE-2010-0841
[ GLSA 201006-20 ] Asterisk: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: June 04, 2010 Bugs: #281107, #283624, #284892, #295270 ID: 201006-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Asterisk might allow remote attackers to cause a Denial of Service condition, or conduct other attacks. Background == Asterisk is an open source telephony engine and toolkit. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/asterisk 1.2.37 = 1.2.37 Description === Multiple vulnerabilities have been reported in Asterisk: * Nick Baggott reported that Asterisk does not properly process overly long ASCII strings in various packets (CVE-2009-2726). * Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol implementation (CVE-2009-2346). * amorsen reported an input processing error in the RTP protocol implementation (CVE-2009-4055). * Patrik Karlsson reported an information disclosure flaw related to the REGISTER message (CVE-2009-3727). * A vulnerability was found in the bundled Prototype JavaScript library, related to AJAX calls (CVE-2008-7220). Impact == A remote attacker could exploit these vulnerabilities by sending a specially crafted package, possibly causing a Denial of Service condition, or resulting in information disclosure. Workaround == There is no known workaround at this time. Resolution == All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/asterisk-1.2.37 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 5, 2010. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2009-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726 [ 2 ] CVE-2009-2346 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346 [ 3 ] CVE-2009-4055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055 [ 4 ] CVE-2009-3727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727 [ 5 ] CVE-2008-7220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-20.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-13 ] Smarty: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Smarty: Multiple vulnerabilities Date: June 02, 2010 Bugs: #212147, #243856, #270494 ID: 201006-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the Smarty template engine might allow remote attackers to execute arbitrary PHP code. Background == Smarty is a template engine for PHP. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-php/smarty 2.6.23= 2.6.23 Description === Multiple vulnerabilities have been discovered in Smarty: * The vendor reported that the modifier.regex_replace.php plug-in contains an input sanitation flaw related to the ASCII NUL character (CVE-2008-1066). * The vendor reported that the _expand_quoted_text() function in libs/Smarty_Compiler.class.php contains an input sanitation flaw via multiple vectors (CVE-2008-4810, CVE-2008-4811). * Nine:Situations:Group::bookoo reported that the smarty_function_math() function in libs/plugins/function.math.php contains input sanitation flaw (CVE-2009-1669). Impact == These issues might allow a remote attacker to execute arbitrary PHP code. Workaround == There is no known workaround at this time. Resolution == All Smarty users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose =dev-php/smarty-2.6.23 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since June 2, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2008-1066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066 [ 2 ] CVE-2008-4810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4810 [ 3 ] CVE-2008-4811 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4811 [ 4 ] CVE-2009-1669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1669 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-14 ] Newt: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Newt: User-assisted execution of arbitrary code Date: June 02, 2010 Bugs: #285854 ID: 201006-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A heap-based buffer overflow in the Newt library might allow remote, user-assisted attackers to execute arbitrary code. Background == Newt is a library for displaying text mode user interfaces. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 dev-libs/newt 0.52.10-r1 = 0.52.10-r1 Description === Miroslav Lichvar reported that Newt is prone to a heap-based buffer overflow in textbox.c. Impact == A remote attacker could entice a user to enter a specially crafted string into a text dialog box rendered by Newt, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. Workaround == There is no known workaround at this time. Resolution == All Newt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/newt-0.52.10-r1 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since October 26, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2009-2905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-15 ] XEmacs: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: XEmacs: User-assisted execution of arbitrary code Date: June 03, 2010 Bugs: #275397 ID: 201006-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflow errors in XEmacs might allow remote, user-assisted attackers to execute arbitrary code. Background == XEmacs is a highly extensible and customizable text editor. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-editors/xemacs 21.4.22-r1 = 21.4.22-r1 Description === Tielei Wang reported multiple integer overflow vulnerabilities in the tiff_instantiate(), png_instantiate() and jpeg_instantiate() functions in glyphs-eimage.c, all possibly leading to heap-based buffer overflows. Impact == A remote attacker could entice a user to open a specially crafted TIFF, JPEG or PNG file using XEmacs, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. Workaround == There is no known workaround at this time. Resolution == All XEmacs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-editors/xemacs-21.4.22-r1 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 26, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2009-2688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2688 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-16 ] GD: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GD: User-assisted execution of arbitrary code Date: June 03, 2010 Bugs: #292130 ID: 201006-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The GD library is prone to a buffer overflow vulnerability. Background == GD is a graphic library for fast image creation. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-libs/gd 2.0.35-r1 = 2.0.35-r1 Description === Tomas Hoger reported that the _gdGetColors() function in gd_gd.c does not properly verify the colorsTotal struct member, possibly leading to a buffer overflow. Impact == A remote attacker could entice a user to open a specially crafted image file with a program using the GD library, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. Workaround == There is no known workaround at this time. Resolution == All GD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/gd-2.0.35-r1 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 21, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2009-3546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-17 ] lighttpd: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Denial of Service Date: June 03, 2010 Bugs: #303213 ID: 201006-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A processing error in lighttpd might result in a Denial of Service condition. Background == lighttpd is a lightweight high-performance web server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/lighttpd 1.4.25-r1= 1.4.25-r1 Description === Li Ming reported that lighttpd does not properly process packets that are sent overly slow. Impact == A remote attacker might send specially crafted packets to a server running lighttpd, possibly resulting in a Denial of Service condition via host memory exhaustion. Workaround == There is no known workaround at this time. Resolution == All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/lighttpd-1.4.25-r1 References == [ 1 ] CVE-2010-0295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0295 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-01 ] FreeType 1: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FreeType 1: User-assisted execution of arbitrary code Date: June 01, 2010 Bugs: #271234 ID: 201006-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in FreeType might result in the remote execution of arbitrary code. Background == FreeType is a True Type Font rendering library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 freetype 1.4_pre20080316-r2 = 1.4_pre20080316-r2 Description === Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Impact == A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. Workaround == There is no known workaround at this time. Resolution == All FreeType 1 users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/freetype-1.4_pre20080316-r2 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 27, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2006-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861 [ 2 ] CVE-2007-2754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 [ 3 ] GLSA 200607-02 http://www.gentoo.org/security/en/glsa/glsa-200607-02.xml [ 4 ] GLSA 200705-22 http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-02 ] CamlImages: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CamlImages: User-assisted execution of arbitrary code Date: June 01, 2010 Bugs: #276235, #290222 ID: 201006-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows in CamlImages might result in the remote execution of arbitrary code. Background == CamlImages is an image processing library for Objective Caml. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-ml/camlimages3.0.2 = 3.0.2 Description === Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Other integer overflows were also found in tiffread.c (CVE-2009-3296). Impact == A remote attacker could entice a user to open a specially crafted, overly large PNG, GIF, TIFF, or JPEG image using an application that uses the CamlImages library, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All CamlImages users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-ml/camlimages-3.0.2 References == [ 1 ] CVE-2009-2295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2295 [ 2 ] CVE-2009-2660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2660 [ 3 ] CVE-2009-3296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3296 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-03 ] ImageMagick: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ImageMagick: User-assisted execution of arbitrary code Date: June 01, 2010 Bugs: #271502 ID: 201006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow in ImageMagick might allow remote attackers to cause the remote execution of arbitrary code. Background == ImageMagick is a collection of tools and libraries for manipulating various image formats. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-gfx/imagemagick 6.5.2.9 = 6.5.2.9 Description === Tielei Wang has discovered that the XMakeImage() function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Impact == A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All ImageMagick users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose =media-gfx/imagemagick-6.5.2.9 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since June 4, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2009-1882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201006-04 ] xine-lib: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: xine-lib: User-assisted execution of arbitrary code Date: June 01, 2010 Bugs: #234777, #249041, #260069, #265250 ID: 201006-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in xine-lib might result in the remote execution of arbitrary code. Background == xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/xine-lib 1.1.16.3= 1.1.16.3 Description === Multiple vulnerabilites have been reported in xine-lib. Please review the CVE identifiers referenced below for details. Impact == A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All xine-lib users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/xine-lib-1.1.16.3 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 10, 2009. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2008-3231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3231 [ 2 ] CVE-2008-5233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5233 [ 3 ] CVE-2008-5234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5234 [ 4 ] CVE-2008-5235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5235 [ 5 ] CVE-2008-5236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5236 [ 6 ] CVE-2008-5237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5237 [ 7 ] CVE-2008-5238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5238 [ 8 ] CVE-2008-5239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5239 [ 9 ] CVE-2008-5240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5240 [ 10 ] CVE-2008-5241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5241 [ 11 ] CVE-2008-5242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5242 [ 12 ] CVE-2008-5243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5243 [ 13 ] CVE-2008-5244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244 [ 14 ] CVE-2008-5245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5245 [ 15 ] CVE-2008-5246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246 [ 16 ] CVE-2008-5247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5247 [ 17 ] CVE-2008-5248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5248 [ 18 ] CVE-2009-0698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0698 [ 19 ] CVE-2009-1274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1274 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201003-01 ] sudo: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201003-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: sudo: Privilege escalation Date: March 03, 2010 Bugs: #306865 ID: 201003-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities in sudo might allow local users to escalate privileges and execute arbitrary code with root privileges. Background == sudo allows a system administrator to give users the ability to run commands as other users. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-admin/sudo 1.7.2_p4 = 1.7.2_p4 Description === Multiple vulnerabilities have been discovered in sudo: * Glenn Waller and neonsignal reported that sudo does not properly handle access control of the sudoedit pseudo-command (CVE-2010-0426). * Harald Koenig reported that sudo does not properly set supplementary groups when using the runas_default option (CVE-2010-0427). Impact == A local attacker with privileges to use sudoedit or the privilege to execute commands with the runas_default setting enabled could leverage these vulnerabilities to execute arbitrary code with elevated privileges. Workaround == CVE-2010-0426: Revoke all sudoedit privileges, or use the full path to sudoedit. CVE-2010-0427: Remove all occurrences of the runas_default setting. Resolution == All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/sudo-1.7.2_p4 References == [ 1 ] CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 [ 2 ] CVE-2010-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201003-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201001-09 ] Ruby: Terminal Control Character Injection
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Terminal Control Character Injection Date: January 14, 2010 Bugs: #300468 ID: 201001-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An input sanitation flaw in the WEBrick HTTP server included in Ruby might allow remote attackers to inject arbitrary control characters into terminal sessions. Background == Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server (WEBrick). Affected packages = --- Package/ Vulnerable / Unaffected --- 1 dev-lang/ruby 1.8.7_p249 = 1.8.7_p249 *= 1.8.6_p388 Description === Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instance when handling HTTP logs. Impact == A remote attacker could send a specially crafted HTTP request to a WEBrick server to inject arbitrary terminal control characters, possibly resulting in the execution of arbitrary commands, data loss, or other unspecified impact. This could also be used to facilitate other attacks. Workaround == There is no known workaround at this time. Resolution == All Ruby 1.8.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/ruby-1.8.7_p249 All Ruby 1.8.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/ruby-1.8.6_p388 References == [ 1 ] CVE-2009-4492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4492 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201001-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: January 03, 2010 Bugs: #296407 ID: 201001-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a Denial of Service. Background == The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Affected packages = --- Package / Vulnerable /Unaffected --- 1 www-plugins/adobe-flash 10.0.42.34= 10.0.42.34 Description === Multiple vulnerabilities have been discovered in Adobe Flash Player: * An anonymous researcher working with the Zero Day Initiative reported that Adobe Flash Player does not properly process JPEG files (CVE-2009-3794). * Jim Cheng of EffectiveUI reported an unspecified data injection vulnerability (CVE-2009-3796). * Bing Liu of Fortinet's FortiGuard Labs reported multiple unspecified memory corruption vulnerabilities (CVE-2009-3797, CVE-2009-3798). * Damian Put reported an integer overflow in the Verifier::parseExceptionHandlers() function (CVE-2009-3799). * Will Dormann of CERT reported multiple unspecified Denial of Service vulnerabilities (CVE-2009-3800). Impact == A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service via unknown vectors. Workaround == There is no known workaround at this time. Resolution == All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-plugins/adobe-flash-10.0.42.34 References == [ 1 ] CVE-2009-3794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794 [ 2 ] CVE-2009-3796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796 [ 3 ] CVE-2009-3797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3797 [ 4 ] CVE-2009-3798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798 [ 5 ] CVE-2009-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3799 [ 6 ] CVE-2009-3800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201001-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200912-02 ] Ruby on Rails: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200912-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby on Rails: Multiple vulnerabilities Date: December 20, 2009 Bugs: #200159, #237385, #247549, #276279, #283396, #294797 ID: 200912-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Rails, the worst of which leading to the execution of arbitrary SQL statements. Background == Ruby on Rails is a web-application and persistence framework. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-ruby/rails2.2.2 = 2.3.5 *= 2.2.3-r1 Description === The following vulnerabilities were discovered: * sameer reported that lib/action_controller/cgi_process.rb removes the :cookie_only attribute from the default session options (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA 200711-17). * Tobias Schlottke reported that the :limit and :offset parameters of ActiveRecord::Base.find() are not properly sanitized before being processed (CVE-2008-4094). * Steve from Coderrr reported that the CRSF protection in protect_from_forgery() does not parse the text/plain MIME format (CVE-2008-7248). * Nate reported a documentation error that leads to the assumption that a block returning nil passed to authenticate_or_request_with_http_digest() would deny access to the requested resource (CVE-2009-2422). * Brian Mastenbrook reported an input sanitation flaw, related to multibyte characters (CVE-2009-3009). * Gabe da Silveira reported an input sanitation flaw in the strip_tags() function (CVE-2009-4214). * Coda Hale reported an information disclosure vulnerability related to HMAC digests (CVE-2009-3086). Impact == A remote attacker could send specially crafted requests to a vulnerable application, possibly leading to the execution of arbitrary SQL statements or a circumvention of access control. A remote attacker could also conduct session fixation attacks to hijack a user's session or bypass the CSRF protection mechanism, or furthermore conduct Cross-Site Scripting attacks or forge a digest via multiple attempts. Workaround == There is no known workaround at this time. Resolution == All Ruby on Rails 2.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-ruby/rails-2.3.5 All Ruby on Rails 2.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-ruby/rails-2.2.3-r1 NOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running rake rails:update inside the application directory. References == [ 1 ] CVE-2007-5380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380 [ 2 ] CVE-2007-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077 [ 3 ] CVE-2008-4094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094 [ 4 ] CVE-2008-7248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248 [ 5 ] CVE-2009-2422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422 [ 6 ] CVE-2009-3009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009 [ 7 ] CVE-2009-3086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086 [ 8 ] CVE-2009-4214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214 [ 9 ] GLSA 200711-17 http://www.gentoo.org/security/en/glsa/glsa-200711-17.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200912-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200912-01 ] OpenSSL: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200912-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 01, 2009 Bugs: #270305, #280591, #292022 ID: 200912-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in OpenSSL might allow remote attackers to conduct multiple attacks, including the injection of arbitrary data into encrypted byte streams. Background == OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/openssl 0.9.8l-r2= 0.9.8l-r2 Description === Multiple vulnerabilities have been reported in OpenSSL: * Marsh Ray of PhoneFactor and Martin Rex of SAP independently reported that the TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). * The MD2 hash algorithm is no longer considered to be cryptographically strong, as demonstrated by Dan Kaminsky. Certificates using this algorithm are no longer accepted (CVE-2009-2409). * Daniel Mentz and Robin Seggelmann reported the following vulnerabilities related to DTLS: A use-after-free flaw (CVE-2009-1379) and a NULL pointer dereference (CVE-2009-1387) in the dtls1_retrieve_buffered_fragment() function in src/d1_both.c, multiple memory leaks in the dtls1_process_out_of_seq_message() function in src/d1_both.c (CVE-2009-1378), and a processing error related to a large amount of DTLS records with a future epoch in the dtls1_buffer_record() function in ssl/d1_pkt.c (CVE-2009-1377). Impact == A remote unauthenticated attacker, acting as a Man in the Middle, could inject arbitrary plain text into a TLS session, possibly leading to the ability to send requests as if authenticated as the victim. A remote attacker could furthermore send specially crafted DTLS packages to a service using OpenSSL for DTLS support, possibly resulting in a Denial of Service. Also, a remote attacker might be able to create rouge certificates, facilitated by a MD2 collision. NOTE: The amount of computation needed for this attack is still very large. Workaround == There is no known workaround at this time. Resolution == All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/openssl-0.9.8l-r2 References == [ 1 ] CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 [ 2 ] CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 [ 3 ] CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 [ 4 ] CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 [ 5 ] CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 [ 6 ] CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200912-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200911-06 ] PEAR Net_Traceroute: Command injection
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PEAR Net_Traceroute: Command injection Date: November 26, 2009 Bugs: #294264 ID: 200911-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An input sanitation error in PEAR Net_Traceroute might allow remote attackers to execute arbitrary commands. Background == PEAR Net_Traceroute is an OS independent wrapper class for executing traceroute calls from PHP. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-php/PEAR-Net_Traceroute 0.21.2 = 0.21.2 Description === Pasquale Imperato reported that the $host parameter to the traceroute() function in Traceroute.php is not properly sanitized before being passed to exec(). Impact == A remote attacker could exploit this vulnerability when user input is passed directly to PEAR Net_Traceroute in a PHP script, possibly resulting in the remote execution of arbitrary shell commands with the privileges of the user running the affected PHP script. Workaround == Ensure that all data that is passed to the traceroute() function is properly shell escaped (for instance using the escapeshellcmd() function). Resolution == All PEAR Net_Traceroute users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-php/PEAR-Net_Traceroute-0.21.2 References == [ 1 ] CVE-2009-4025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4025 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200911-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple vulnerabilities Date: November 25, 2009 Bugs: #285280, #290710 ID: 200911-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Wireshark, allowing for the remote execution of arbitrary code, or Denial of Service. Background == Wireshark is a versatile network protocol analyzer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/wireshark1.2.3 = 1.2.3 Description === Multiple vulnerabilities have been discovered in Wireshark: * Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). * The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact == A remote attacker could entice a user to open a specially crafted erf file using Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. A remote attacker could furthermore send specially crafted packets on a network being monitored by Wireshark or entice a user to open a malformed packet trace file using Wireshark, possibly resulting in a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/wireshark-1.2.3 References == [ 1 ] CVE-2009-2560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560 [ 2 ] CVE-2009-3241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241 [ 3 ] CVE-2009-3242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242 [ 4 ] CVE-2009-3243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3243 [ 5 ] CVE-2009-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3549 [ 6 ] CVE-2009-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3550 [ 7 ] CVE-2009-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3551 [ 8 ] CVE-2009-3829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3829 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200911-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200910-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: October 25, 2009 Bugs: #289016 ID: 200910-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code, or other attacks. Background == Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/acroread 9.2 = 9.2 Description === Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletin referenced below. Impact == A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, Denial of Service, the creation of arbitrary files on the victim's system, Trust Manager bypass, or social engineering attacks. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-9.2 References == [ 1 ] APSB09-15 http://www.adobe.com/support/security/bulletins/apsb09-15.html [ 2 ] CVE-2007-0045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045 [ 3 ] CVE-2007-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048 [ 4 ] CVE-2009-2979 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979 [ 5 ] CVE-2009-2980 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980 [ 6 ] CVE-2009-2981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981 [ 7 ] CVE-2009-2982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982 [ 8 ] CVE-2009-2983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983 [ 9 ] CVE-2009-2985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985 [ 10 ] CVE-2009-2986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986 [ 11 ] CVE-2009-2988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988 [ 12 ] CVE-2009-2990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990 [ 13 ] CVE-2009-2991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991 [ 14 ] CVE-2009-2993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993 [ 15 ] CVE-2009-2994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994 [ 16 ] CVE-2009-2996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996 [ 17 ] CVE-2009-2997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997 [ 18 ] CVE-2009-2998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998 [ 19 ] CVE-2009-3431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431 [ 20 ] CVE-2009-3458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458 [ 21 ] CVE-2009-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459 [ 22 ] CVE-2009-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200910-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200910-01 ] Wget: Certificate validation error
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200910-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wget: Certificate validation error Date: October 20, 2009 Bugs: #286058 ID: 200910-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the X.509 certificate handling of Wget might enable remote attackers to conduct man-in-the-middle attacks. Background == GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/wget1.12= 1.12 Description === The vendor reported that Wget does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL (\0) character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike. Impact == A remote attacker might employ a specially crafted X.509 certificate, containing a NUL character in the Common Name field to conduct man-in-the-middle attacks on SSL connections made using Wget. Workaround == There is no known workaround at this time. Resolution == All Wget users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/wget-1.12 References == [ 1 ] CVE-2009-3490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3490 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200910-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-20 ] cURL: Certificate validation error
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Certificate validation error Date: September 25, 2009 Bugs: #281515 ID: 200909-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the X.509 certificate handling of cURL might enable remote attackers to conduct man-in-the-middle attacks. Background == cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/curl 7.19.6 = 7.19.6 Description === Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL (\0) character. Specifically, the processing of such fields is stopped at the first occurence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike. Impact == A remote attacker might employ a specially crafted X.509 certificate (that for instance contains a NUL character in the Common Name field) to conduct man-in-the-middle attacks. Workaround == There is no known workaround at this time. Resolution == All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/curl-7.19.6 References == [ 1 ] CVE-2009-2417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-20.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-19 ] Dnsmasq: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: September 20, 2009 Bugs: #282653 ID: 200909-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Dnsmasq might result in the remote execution of arbitrary code, or a Denial of Service. Background == Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It includes support for Trivial FTP (TFTP). Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-dns/dnsmasq2.5.0= 2.5.0 Description === Multiple vulnerabilities have been reported in the TFTP functionality included in Dnsmasq: * Pablo Jorge and Alberto Solino discovered a heap-based buffer overflow (CVE-2009-2957). * An anonymous researcher reported a NULL pointer reference (CVE-2009-2958). Impact == A remote attacker in the local network could exploit these vulnerabilities by sending specially crafted TFTP requests to a machine running Dnsmasq, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the daemon, or a Denial of Service. NOTE: The TFTP server is not enabled by default. Workaround == You can disable the TFTP server either at buildtime by not enabling the tftp USE flag, or at runtime. Make sure --enable-tftp is not set in the DNSMASQ_OPTS variable in the /etc/conf.d/dnsmasq file and enable-tftp is not set in /etc/dnsmasq.conf, either of which would enable TFTP support if it is compiled in. Resolution == All Dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/dnsmasq-2.5.0 References == [ 1 ] CVE-2009-2957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957 [ 2 ] CVE-2009-2958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2958 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-18 ] nginx: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: nginx: Remote execution of arbitrary code Date: September 18, 2009 Bugs: #285162 ID: 200909-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer underflow vulnerability in the request URI processing of nginx might enable remote attackers to execute arbitrary code or cause a Denial of Service. Background == nginx is a robust, small and high performance HTTP and reverse proxy server. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-servers/nginx 0.7.62*= 0.5.38 *= 0.6.39 = 0.7.62 Description === Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. Impact == A remote attacker might send a specially crafted request URI to a nginx server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the server, or a Denial of Service. NOTE: By default, nginx runs as the nginx user. Workaround == There is no known workaround at this time. Resolution == All nginx 0.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38 All nginx 0.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39 All nginx 0.7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62 References == [ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-12 ] HTMLDOC: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: HTMLDOC: User-assisted execution of arbitrary code Date: September 12, 2009 Bugs: #278186 ID: 200909-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple insecure calls to the sscanf() function in HTMLDOC might result in the execution of arbitrary code. Background == HTMLDOC is a HTML indexer and HTML to PS and PDF converter. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-text/htmldoc 1.8.27-r1= 1.8.27-r1 Description === ANTHRAX666 reported an insecure call to the sscanf() function in the set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the write_type1() function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in htmldoc/htmllib.cxx. Impact == A remote attacker could entice a user to process a specially crafted HTML file using htmldoc, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. NOTE: Additional vectors via specially crafted AFM font metric files do not cross trust boundaries, as the files can only be modified by privileged users. Workaround == There is no known workaround at this time. Resolution == All HTMLDOC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/htmldoc-1.8.27-r1 References == [ 1 ] CVE-2009-3050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3050 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-13 ] irssi: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: irssi: Execution of arbitrary code Date: September 12, 2009 Bugs: #271875 ID: 200909-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A remotely exploitable off-by-one error leading to a heap overflow was found in irssi which might result in the execution of arbitrary code. Background == irssi is a modular textUI IRC client with IPv6 support. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 net-irc/irssi 0.8.13-r1 = 0.8.13-r1 Description === Nemo discovered an off-by-one error leading to a heap overflow in irssi's event_wallops() parsing function. Impact == A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack to redirect a user to such a server or use ircop rights to send a specially crafted WALLOPS message, which might result in the execution of arbitrary code with the privileges of the user running irssi. Workaround == There is no known workaround at this time. Resolution == All irssi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/irssi-0.8.13-r1 References == [ 1 ] CVE-2009-1959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1959 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-14 ] Horde: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Horde: Multiple vulnerabilities Date: September 12, 2009 Bugs: #256125, #262976, #262978, #277294 ID: 200909-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Horde and two modules, allowing for the execution of arbitrary code, information disclosure, or Cross-Site Scripting. Background == Horde is a web application framework written in PHP. Horde IMP, the Internet Messaging Program, is a Webmail module and Horde Passwd is a password changing module for Horde. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apps/horde 3.3.4 = 3.3.4 2 www-apps/horde-imp 4.3.4 = 4.3.4 3 www-apps/horde-passwd3.1.1 = 3.1.1 --- 3 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities have been discovered in Horde: * Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the Horde_Image driver name (CVE-2009-0932). * Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931). * It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917). Horde Passwd: David Wharton reported that data sent via the backend parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360). Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930). Impact == A remote authenticated attacker could exploit these vulnerabilities to execute arbitrary PHP files on the server, or disclose the content of arbitrary files, both only if the file is readable to the web server. A remote authenticated attacker could conduct Cross-Site Scripting attacks. NOTE: Some Cross-Site Scripting vectors are limited to the usage of Microsoft Internet Explorer. Workaround == There is no known workaround at this time. Resolution == All Horde users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-3.3.4 All Horde IMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-imp-4.3.4 All Horde Passwd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-passwd-3.1.1 References == [ 1 ] CVE-2008-5917 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917 [ 2 ] CVE-2009-0930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930 [ 3 ] CVE-2009-0931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0931 [ 4 ] CVE-2009-0932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0932 [ 5 ] CVE-2009-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-15 ] Lynx: Arbitrary command execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Lynx: Arbitrary command execution Date: September 12, 2009 Bugs: #243058 ID: 200909-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An incomplete fix for an issue related to the Lynx URL handler might allow for the remote execution of arbitrary commands. Background == Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/lynx 2.8.6-r4= 2.8.6-r4 Description === Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) only disabled the lynxcgi:// handler when not using the advanced mode. Impact == A remote attacker can entice a user to access a malicious HTTP server, causing Lynx to execute arbitrary commands. NOTE: The advanced mode is not enabled by default. Successful exploitation requires the lynxcgi:// protocol to be registered with lynx on the victim's system. Workaround == There is no known workaround at this time. Resolution == All Lynx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/lynx-2.8.6-r4 References == [ 1 ] CVE-2005-2929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929 [ 2 ] CVE-2008-4690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4690 [ 3 ] GLSA 200511-09 http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-03 ] Apache Portable Runtime, APR Utility Library: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Portable Runtime, APR Utility Library: Execution of arbitrary code Date: September 09, 2009 Bugs: #280514 ID: 200909-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows in the Apache Portable Runtime and its Utility Library might allow for the remote execution of arbitrary code. Background == The Apache Portable Runtime (aka APR) provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and databases connections. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-libs/apr 1.3.8 = 1.3.8 2 dev-libs/apr-util1.3.9 = 1.3.9 --- 2 affected packages on all of their supported architectures. --- Description === Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks. Impact == A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8 All APR Utility Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9 References == [ 1 ] CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-04 ] Clam AntiVirus: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Clam AntiVirus: Multiple vulnerabilities Date: September 09, 2009 Bugs: #264834, #265545 ID: 200909-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in ClamAV allow for the remote execution of arbitrary code or Denial of Service. Background == Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav 0.95.2 = 0.95.2 Description === Multiple vulnerabilities have been found in ClamAV: * The vendor reported a Divide-by-zero error in the PE (Portable Executable; Windows .exe) file handling of ClamAV (CVE-2008-6680). * Jeffrey Thomas Peckham found a flaw in libclamav/untar.c, possibly resulting in an infinite loop when processing TAR archives in clamd and clamscan (CVE-2009-1270). * Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro in libclamav/others.h, when processing UPack archives (CVE-2009-1371). * Nigel disclosed a stack-based buffer overflow in the cli_url_canon() function in libclamav/phishcheck.c when processing URLs (CVE-2009-1372). Impact == A remote attacker could entice a user or automated system to process a specially crafted UPack archive or a file containing a specially crafted URL, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Furthermore, a remote attacker could cause a Denial of Service by supplying a specially crafted TAR archive or PE executable to a Clam AntiVirus instance. Workaround == There is no known workaround at this time. Resolution == All Clam AntiVirus users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-antivirus/clamav-0.95.2 References == [ 1 ] CVE-2008-6680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680 [ 2 ] CVE-2009-1270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270 [ 3 ] CVE-2009-1371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371 [ 4 ] CVE-2009-1372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-05 ] Openswan: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Openswan: Denial of Service Date: September 09, 2009 Bugs: #264346, #275233 ID: 200909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the pluto IKE daemon of Openswan might allow remote attackers to cause a Denial of Service. Background == Openswan is an implementation of IPsec for Linux. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/openswan 2.4.15 = 2.4.15 Description === Multiple vulnerabilities have been discovered in Openswan: * Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan (CVE-2009-0790). * The Orange Labs vulnerability research team discovered multiple vulnerabilities in the ASN.1 parser (CVE-2009-2185). Impact == A remote attacker could exploit these vulnerabilities by sending specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially crafted X.509 certificate containing a malicious Relative Distinguished Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial of Service of the pluto IKE daemon. Workaround == There is no known workaround at this time. Resolution == All Openswan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/openswan-2.4.15 References == [ 1 ] CVE-2009-0790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790 [ 2 ] CVE-2009-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-06 ] aMule: Parameter injection
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: aMule: Parameter injection Date: September 09, 2009 Bugs: #268163 ID: 200909-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An input validation error in aMule enables remote attackers to pass arbitrary parameters to a victim's media player. Background == aMule is an eMule-like client for the eD2k and Kademlia networks, supporting multiple platforms. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-p2p/amule2.2.5 = 2.2.5 Description === Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Impact == A remote attacker could entice a user to download a file with a specially crafted file name to inject arbitrary arguments to the victim's video player. Workaround == There is no known workaround at this time. Resolution == All aMule users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-p2p/amule-2.2.5 References == [ 1 ] CVE-2009-1440 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1440 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-07 ] TkMan: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: TkMan: Insecure temporary file usage Date: September 09, 2009 Bugs: #247540 ID: 200909-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in TkMan, allowing for symlink attacks. Background == TkMan is a graphical, hypertext manual page and Texinfo browser for UNIX. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-text/tkman 2.2-r1= 2.2-r1 Description === Dmitry E. Oboukhov reported that TkMan does not handle the /tmp/tkman# and /tmp/ll temporary files securely. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All TkMan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/tkman-2.2-r1 References == [ 1 ] CVE-2008-5137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5137 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-08 ] C* music player: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: C* music player: Insecure temporary file usage Date: September 09, 2009 Bugs: #250474 ID: 200909-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in the C* music player, allowing for symlink attacks. Background == The C* Music Player (cmus) is a modular and very configurable ncurses-based audio player. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/cmus 2.2.0-r1 = 2.2.0-r1 Description === Dmitry E. Oboukhov reported that cmus-status-display does not handle the /tmp/cmus-status temporary file securely. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All C* music player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/cmus-2.2.0-r1 References == [ 1 ] CVE-2008-5375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5375 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-09 ] Screenie: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Screenie: Insecure temporary file usage Date: September 09, 2009 Bugs: #250476 ID: 200909-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in Screenie, allowing for symlink attacks. Background == Screenie is a small screen frontend that is designed to be a session handler. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 app-misc/screenie 1.30.0-r1 = 1.30.0-r1 Description === Dmitry E. Oboukhov reported that Screenie does not handle /tmp/.screenie.# temporary files securely. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Screenie users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-misc/screenie-1.30.0-r1 References == [ 1 ] CVE-2008-5371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5371 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-10 ] LMBench: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: LMBench: Insecure temporary file usage Date: September 09, 2009 Bugs: #246015 ID: 200909-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple insecure temporary file usage issues have been reported in LMBench, allowing for symlink attacks. Background == LMBench is a suite of simple, portable benchmarks for UNIX platforms. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-benchmarks/lmbench= 3Vulnerable! --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description === Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not handle /tmp/sdiff.# temporary files securely. NOTE: There might be further occurances of insecure temporary file usage. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == LMBench has been removed from Portage. We recommend that users unmerge LMBench: # emerge --unmerge app-benchmarks/lmbench References == [ 1 ] CVE-2008-4968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4968 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-11 ] GCC-XML: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GCC-XML: Insecure temporary file usage Date: September 09, 2009 Bugs: #245765 ID: 200909-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in GCC-XML allowing for symlink attacks. Background == GCC-XML is an XML output extension to the C++ front-end of GCC. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-cpp/gccxml 0.9.0_pre20090516 = 0.9.0_pre20090516 Description === Dmitry E. Oboukhov reported that find_flags in GCC-XML does not handle /tmp/*.cxx temporary files securely. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All GCC-XML users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-cpp/gccxml-0.9.0_pre20090516 References == [ 1 ] CVE-2008-4957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4957 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-01 ] Linux-PAM: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Linux-PAM: Privilege escalation Date: September 07, 2009 Bugs: #261512 ID: 200909-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the handling of user names of Linux-PAM might allow remote attackers to cause a Denial of Service or escalate privileges. Background == Linux-PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-libs/pam1.0.4 = 1.0.4 Description === Marcus Granado repoted that Linux-PAM does not properly handle user names that contain Unicode characters. This is related to integer signedness errors in the pam_StrTok() function in libpam/pam_misc.c. Impact == A remote attacker could exploit this vulnerability to cause a Denial of Service. A remote authenticated attacker could exploit this vulnerability to log in to a system with the account of a user that has a similar user name, but with non-ASCII characters. Workaround == There is no known workaround at this time. Resolution == All Linux-PAM users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-libs/pam-1.0.4 References == [ 1 ] CVE-2009-0887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200909-02 ] libvorbis: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libvorbis: User-assisted execution of arbitrary code Date: September 07, 2009 Bugs: #280590 ID: 200909-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A processing error in libvorbis might result in the execution of arbitrary code or a Denial of Service. Background == libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libvorbis1.2.3 = 1.2.3 Description === Lucas Adamski reported that libvorbis does not correctly process file headers, related to static mode headers and encoding books. Impact == A remote attacker could entice a user to play a specially crafted OGG Vorbis file using an application that uses libvorbis, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All libvorbis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libvorbis-1.2.3 References == [ 1 ] CVE-2009-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200908-07 ] Perl Compress::Raw modules: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl Compress::Raw modules: Denial of Service Date: August 18, 2009 Bugs: #273141, #281955 ID: 200908-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service. Background == Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level interfaces to the zlib and bzip2 compression libraries. Affected packages = --- Package / Vulnerable / Unaffected --- 1 perl-core/Compress-Raw-Zlib 2.020 = 2.020 2 perl-core/Compress-Raw-Bzip22.020 = 2.020 --- 2 affected packages on all of their supported architectures. --- Description === Leo Bergolth reported an off-by-one error in the inflate() function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow (CVE-2009-1391). Paul Marquess discovered a similar vulnerability in the bzinflate() function in Bzip2.xs of Compress::Raw::Bzip2 (CVE-2009-1884). Impact == A remote attacker might entice a user or automated system (for instance running SpamAssassin or AMaViS) to process specially crafted files, possibly resulting in a Denial of Service condition. Workaround == There is no known workaround at this time. Resolution == All Compress::Raw::Zlib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Compress-Raw-Zlib-2.020 All Compress::Raw::Bzip2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Compress-Raw-Bzip2-2.020 References == [ 1 ] CVE-2009-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391 [ 2 ] CVE-2009-1884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1884 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200908-05 ] Subversion: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Subversion: Remote execution of arbitrary code Date: August 18, 2009 Bugs: #280494 ID: 200908-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows, leading to heap-based buffer overflows in the Subversion client and server might allow remote attackers to execute arbitrary code. Background == Subversion is a versioning system designed to be a replacement for CVS. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-util/subversion1.6.4= 1.6.4 Description === Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Impact == A remote attacker with commit access could exploit this vulnerability by sending a specially crafted commit to a Subversion server, or a remote attacker could entice a user to check out or update a repository from a malicious Subversion server, possibly resulting in the execution of arbitrary code with the privileges of the user running the server or client. Workaround == There is no known workaround at this time. Resolution == All Subversion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-util/subversion-1.6.4 References == [ 1 ] CVE-2009-2411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200908-08 ] ISC DHCP: dhcpd Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ISC DHCP: dhcpd Denial of Service Date: August 18, 2009 Bugs: #275231 ID: 200908-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service. Background == ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/dhcp 3.1.2_p1 = 3.1.2_p1 Description === Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using dhcp-client-identifier and hardware ethernet. Impact == A remote attacker might send a specially crafted request to dhcpd, possibly resulting in a Denial of Service (daemon crash). Workaround == There is no known workaround at this time. Resolution == All ISC DHCP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/dhcp-3.1.2_p1 References == [ 1 ] CVE-2009-1892 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200908-10 ] Dillo: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dillo: User-assisted execution of arbitrary code Date: August 18, 2009 Bugs: #276432 ID: 200908-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow in the PNG handling of Dillo might result in the remote execution of arbitrary code. Background == Dillo is a graphical web browser known for its speed and small footprint. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/dillo2.1.1 = 2.1.1 Description === Tilei Wang reported an integer overflow in the Png_datainfo_callback() function, possibly leading to a heap-based buffer overflow. Impact == A remote attacker could entice a user to open an HTML document containing a specially crafted, large PNG image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Dillo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/dillo-2.1.1 References == [ 1 ] CVE-2009-2294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2294 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200908-06 ] CDF: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CDF: User-assisted execution of arbitrary code Date: August 18, 2009 Bugs: #278679 ID: 200908-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple heap-based buffer overflows in CDF might result in the execution of arbitrary code. Background == CDF is a library for the Common Data Format which is a self-describing data format for the storage and manipulation of scalar and multidimensional data. It is developed by the NASA. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sci-libs/cdf3.3.0 = 3.3.0 Description === Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and CDFsel64() functions. Impact == A remote attacker could entice a user to open a specially crafted CDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All CDF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sci-libs/cdf-3.3.0 References == [ 1 ] CVE-2009-2850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2850 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200908-09 ] DokuWiki: Local file inclusion
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: DokuWiki: Local file inclusion Date: August 18, 2009 Bugs: #272431 ID: 200908-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An input sanitation error in DokuWiki might lead to the dislosure of local files or even the remote execution of arbitrary code. Background == DokuWiki is a standards compliant Wiki system written in PHP. Affected packages = --- Package/Vulnerable/Unaffected --- 1 www-apps/dokuwiki 2009-02-14b = 2009-02-14b Description === girex reported that data from the config_cascade parameter in inc/init.php is not properly sanitized before being used. Impact == A remote attacker could exploit this vulnerability to execute PHP code from arbitrary local, or, when the used PHP version supports ftp:// URLs, also from remote files via FTP. Furthermore, it is possible to disclose the contents of local files. NOTE: Successful exploitation requires the PHP option register_globals to be enabled. Workaround == Disable register_globals in php.ini. Resolution == All DokuWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/dokuwiki-2009-02-14b References == [ 1 ] CVE-2009-1960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1960 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200908-02 ] BIND: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Denial of Service Date: August 01, 2009 Bugs: #279508 ID: 200908-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Dynamic Update packets can cause a Denial of Service in the BIND daemon. Background == ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-dns/bind 9.4.3_p3 = 9.4.3_p3 Description === Matthias Urlichs reported that the dns_db_findrdataset() function fails when the prerequisite section of the dynamic update message contains a record of type ANY and where at least one RRset for this FQDN exists on the server. Impact == A remote unauthenticated attacker could send a specially crafted dynamic update message to the BIND daemon (named), leading to a Denial of Service (daemon crash). This vulnerability affects all primary (master) servers -- it is not limited to those that are configured to allow dynamic updates. Workaround == Configure a firewall that performs Deep Packet Inspection to prevent nsupdate messages from reaching named. Alternatively, expose only secondary (slave) servers to untrusted networks. Resolution == All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/bind-9.4.3_p3 References == [ 1 ] CVE-2009-0696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 [ 2 ] ISC advisory https://www.isc.org/node/474 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature
[ GLSA 200907-12 ] ISC DHCP: dhcpclient Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ISC DHCP: dhcpclient Remote execution of arbitrary code Date: July 14, 2009 Bugs: #277729 ID: 200907-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in dhclient as included in the ISC DHCP implementation allows for the remote execution of arbitrary code with root privileges. Background == ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/dhcp 3.1.1-r1 = 3.1.1-r1 Description === The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Impact == A remote attacker might set up a rogue DHCP server in a victim's local network, possibly leading to the execution of arbitrary code with root privileges. Workaround == There is no known workaround at this time. Resolution == All ISC DHCP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/dhcp-3.1.1-r1 References == [ 1 ] CVE-2009-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200907-04 ] Apache: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache: Multiple vulnerabilities Date: July 12, 2009 Bugs: #268154, #271470, #276426, #276792 ID: 200907-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the Apache HTTP daemon allow for local privilege escalation, information disclosure or Denial of Service attacks. Background == The Apache HTTP server is one of the most popular web servers on the Internet. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/apache 2.2.11-r2 = 2.2.11-r2 Description === Multiple vulnerabilities have been discovered in the Apache HTTP server: * Jonathan Peatfield reported that the Options=IncludesNoEXEC argument to the AllowOverride directive is not processed properly (CVE-2009-1195). * Sander de Boer discovered that the AJP proxy module (mod_proxy_ajp) does not correctly handle POST requests that do not contain a request body (CVE-2009-1191). * The vendor reported that the HTTP proxy module (mod_proxy_http), when being used as a reverse proxy, does not properly handle requests containing more data as stated in the Content-Length header (CVE-2009-1890). * Francois Guerraz discovered that mod_deflate does not abort the compression of large files even when the requesting connection is closed prematurely (CVE-2009-1891). Impact == A local attacker could circumvent restrictions put up by the server administrator and execute arbitrary commands with the privileges of the user running the Apache server. A remote attacker could send multiple requests to a server with the AJP proxy module, possibly resulting in the disclosure of a request intended for another client, or cause a Denial of Service by sending specially crafted requests to servers running mod_proxy_http or mod_deflate. Workaround == Remove include, mod_proxy_ajp, mod_proxy_http and deflate from APACHE2_MODULES in make.conf and rebuild Apache, or disable the aforementioned modules in the Apache configuration. Resolution == All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/apache-2.2.11-r2 References == [ 1 ] CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 [ 2 ] CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 [ 3 ] CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 [ 4 ] CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200907-03 ] APR Utility Library: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: APR Utility Library: Multiple vulnerabilities Date: July 04, 2009 Bugs: #268643, #272260, #274193 ID: 200907-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the Apache Portable Runtime Utility Library might enable remote attackers to cause a Denial of Service or disclose sensitive information. Background == The Apache Portable Runtime Utility Library (aka apr-util) provides an interface to functionality such as XML parsing, string matching and databases connections. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-libs/apr-util1.3.7 = 1.3.7 Description === Multiple vulnerabilities have been discovered in the APR Utility Library: * Matthew Palmer reported a heap-based buffer underflow while compiling search patterns in the apr_strmatch_precompile() function in strmatch/apr_strmatch.c (CVE-2009-0023). * kcope reported that the expat XML parser in xml/apr_xml.c does not limit the amount of XML entities expanded recursively (CVE-2009-1955). * C. Michael Pilato reported an off-by-one error in the apr_brigade_vprintf() function in buckets/apr_brigade.c (CVE-2009-1956). Impact == A remote attacker could exploit these vulnerabilities to cause a Denial of Service (crash or memory exhaustion) via an Apache HTTP server running mod_dav or mod_dav_svn, or using several configuration files. Additionally, a remote attacker could disclose sensitive information or cause a Denial of Service by sending a specially crafted input. NOTE: Only big-endian architectures such as PPC and HPPA are affected by the latter flaw. Workaround == There is no known workaround at this time. Resolution == All Apache Portable Runtime Utility Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.7 References == [ 1 ] CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 [ 2 ] CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 [ 3 ] CVE-2009-1956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200907-01 ] libwmf: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libwmf: User-assisted execution of arbitrary code Date: July 02, 2009 Bugs: #268161 ID: 200907-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis libwmf bundles an old GD version which contains a use-after-free vulnerability. Background == libwmf is a library for converting WMF files. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-libs/libwmf 0.2.8.4-r3 = 0.2.8.4-r3 Description === The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Impact == A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All libwmf users should upgrade to the latest version which no longer builds the GD library: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libwmf-0.2.8.4-r3 References == [ 1 ] CVE-2009-1364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200907-02 ] ModSecurity: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ModSecurity: Denial of Service Date: July 02, 2009 Bugs: #262302 ID: 200907-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities in ModSecurity might lead to a Denial of Service. Background == ModSecurity is a popular web application firewall for the Apache HTTP server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apache/mod_security2.5.9= 2.5.9 Description === Multiple vulnerabilities were discovered in ModSecurity: * Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name (CVE-2009-1902). * Steve Grubb of Red Hat reported that the PDF XSS protection feature does not properly handle HTTP requests to a PDF file that do not use the GET method (CVE-2009-1903). Impact == A remote attacker might send requests containing specially crafted multipart data or send certain requests to access a PDF file, possibly resulting in a Denial of Service (crash) of the Apache HTTP daemon. NOTE: The PDF XSS protection is not enabled by default. Workaround == There is no known workaround at this time. Resolution == All ModSecurity users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apache/mod_security-2.5.9 References == [ 1 ] CVE-2009-1902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902 [ 2 ] CVE-2009-1903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200906-03 ] phpMyAdmin: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200906-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: phpMyAdmin: Multiple vulnerabilities Date: June 29, 2009 Bugs: #263711 ID: 200906-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple errors in phpMyAdmin might allow the remote execution of arbitrary code or a Cross-Site Scripting attack. Background == phpMyAdmin is a web-based management tool for MySQL databases. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-db/phpmyadmin 2.11.9.5 = 2.11.9.5 Description === Multiple vulnerabilities have been reported in phpMyAdmin: * Greg Ose discovered that the setup script does not sanitize input properly, leading to the injection of arbitrary PHP code into the configuration file (CVE-2009-1151). * Manuel Lopez Gallego and Santiago Rodriguez Collazo reported that data from cookies used in the Export page is not properly sanitized (CVE-2009-1150). Impact == A remote unauthorized attacker could exploit the first vulnerability to execute arbitrary code with the privileges of the user running phpMyAdmin and conduct Cross-Site Scripting attacks using the second vulnerability. Workaround == Removing the scripts/setup.php file protects you from CVE-2009-1151. Resolution == All phpMyAdmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/phpmyadmin-2.11.9.5 References == [ 1 ] CVE-2009-1150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150 [ 2 ] CVE-2009-1151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200906-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200906-04 ] Apache Tomcat JK Connector: Information disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200906-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache Tomcat JK Connector: Information disclosure Date: June 29, 2009 Bugs: #265455 ID: 200906-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the Apache Tomcat JK Connector might allow for an information disclosure flaw. Background == The Apache Tomcat JK Connector (aka mod_jk) connects the Tomcat application server with the Apache HTTP Server. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apache/mod_jk 1.2.27 = 1.2.27 Description === The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the Content-Length header while not providing data and (2) clients sending repeated requests very quickly. Impact == A remote attacker could send specially crafted requests or a large number of requests at a time, possibly resulting in the disclosure of a response intended for another client. Workaround == There is no known workaround at this time. Resolution == All Apache Tomcat JK Connector users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apache/mod_jk-1.2.27 References == [ 1 ] CVE-2008-5519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200906-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200906-02 ] Ruby: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200906-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Denial of Service Date: June 28, 2009 Bugs: #273213 ID: 200906-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. Background == Ruby is an interpreted object-oriented programming language. The elaborate standard library includes the BigDecimal class. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 dev-lang/ruby 1.8.6_p369 = 1.8.6_p369 Description === Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. Impact == A remote attacker could exploit this issue to remotely cause a Denial of Service attack. Workaround == There is no known workaround at this time. Resolution == All Ruby users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/ruby-1.8.6_p369 References == [ 1 ] CVE-2009-1904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200906-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsndfile: User-assisted execution of arbitrary code Date: May 27, 2009 Bugs: #269863 ID: 200905-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple heap-based buffer overflow vulnerabilities in libsndfile might allow remote attackers to execute arbitrary code. Background == libsndfile is a C library for reading and writing files containing sampled sound. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/libsndfile 1.0.20 = 1.0.20 Description === The following vulnerabilities have been found in libsndfile: * Tobias Klein reported that the header_read() function in src/common.c uses user input for calculating a buffer size, possibly leading to a heap-based buffer overflow (CVE-2009-1788). * The vendor reported a boundary error in the aiff_read_header() function in src/aiff.c, possibly leading to a heap-based buffer overflow (CVE-2009-1791). Impact == A remote attacker could entice a user to open a specially crafted AIFF or VOC file in a program using libsndfile, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All libsndfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libsndfile-1.0.20 References == [ 1 ] CVE-2009-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1788 [ 2 ] CVE-2009-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1791 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Pidgin: Multiple vulnerabilities Date: May 25, 2009 Bugs: #270811 ID: 200905-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Pidgin might allow for the remote execution of arbitrary code or a Denial of Service. Background == Pidgin (formerly Gaim) is an instant messaging client for a variety of instant messaging protocols. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-im/pidgin2.5.6 = 2.5.6 Description === Multiple vulnerabilities have been discovered in Pidgin: * Veracode reported a boundary error in the XMPP SOCKS5 bytestream server when initiating an outgoing file transfer (CVE-2009-1373). * Ka-Hing Cheung reported a heap corruption flaw in the QQ protocol handler (CVE-2009-1374). * A memory corruption flaw in PurpleCircBuffer was disclosed by Josef Andrysek (CVE-2009-1375). * The previous fix for CVE-2008-2927 contains a cast from uint64 to size_t, possibly leading to an integer overflow (CVE-2009-1376, GLSA 200901-13). Impact == A remote attacker could send specially crafted messages or files using the MSN, XMPP or QQ protocols, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. NOTE: Successful exploitation might require the victim's interaction. Workaround == There is no known workaround at this time. Resolution == All Pidgin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/pidgin-2.5.6 References == [ 1 ] CVE-2009-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373 [ 2 ] CVE-2009-1374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374 [ 3 ] CVE-2009-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375 [ 4 ] CVE-2009-1376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376 [ 5 ] GLSA 200901-13 http://www.gentoo.org/security/en/glsa/glsa-200901-13.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200905-08 ] NTP: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: NTP: Remote execution of arbitrary code Date: May 26, 2009 Bugs: #263033, #268962 ID: 200905-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple errors in the NTP client and server programs might allow for the remote execution of arbitrary code. Background == NTP contains the client and daemon implementations for the Network Time Protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/ntp 4.2.4_p7 = 4.2.4_p7 Description === Multiple vulnerabilities have been found in the programs included in the NTP package: * Apple Product Security reported a boundary error in the cookedprint() function in ntpq/ntpq.c, possibly leading to a stack-based buffer overflow (CVE-2009-0159). * Chris Ries of CMU reported a boundary error within the crypto_recv() function in ntpd/ntp_crypto.c, possibly leading to a stack-based buffer overflow (CVE-2009-1252). Impact == A remote attacker might send a specially crafted package to a machine running ntpd, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the daemon, or a Denial of Service. NOTE: Successful exploitation requires the autokey feature to be enabled. This feature is only available if NTP was built with the 'ssl' USE flag. Furthermore, a remote attacker could entice a user into connecting to a malicious server using ntpq, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == You can protect against CVE-2009-1252 by disabling the 'ssl' USE flag and recompiling NTP. Resolution == All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/ntp-4.2.4_p7 References == [ 1 ] CVE-2009-0159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 [ 2 ] CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200905-03 ] IPSec Tools: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPSec Tools: Denial of Service Date: May 24, 2009 Bugs: #267135 ID: 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service. Background == The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-firewall/ipsec-tools0.7.2 = 0.7.2 Description === The following vulnerabilities have been found in the racoon daemon as shipped with IPSec Tools: * Neil Kettle reported that racoon/isakmp_frag.c is prone to a null-pointer dereference (CVE-2009-1574). * Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632). Impact == A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon. Workaround == There is no known workaround at this time. Resolution == All IPSec Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-firewall/ipsec-tools-0.7.2 References == [ 1 ] CVE-2009-1574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 [ 2 ] CVE-2009-1632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200905-04 ] GnuTLS: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuTLS: Multiple vulnerabilities Date: May 24, 2009 Bugs: #267774 ID: 200905-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in GnuTLS might result in a Denial of Service, spoofing or the generation of invalid keys. Background == GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-libs/gnutls2.6.6= 2.6.6 Description === The following vulnerabilities were found in GnuTLS: * Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415). * Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416). * Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the gnutls-cli program accepting X.509 certificates with validity times in the past or future (CVE-2009-1417). Impact == A remote attacker could entice a user or automated system to process a specially crafted DSA certificate, possibly resulting in a Denial of Service condition. NOTE: This issue might have other unspecified impact including the execution of arbitrary code. Furthermore, a remote attacker could spoof signatures on certificates and the gnutls-cli application can be tricked into accepting an invalid certificate. Workaround == There is no known workaround at this time. Resolution == All GnuTLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-libs/gnutls-2.6.6 References == [ 1 ] CVE-2009-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415 [ 2 ] CVE-2009-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416 [ 3 ] CVE-2009-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FreeType: Multiple vulnerabilities Date: May 24, 2009 Bugs: #263032 ID: 200905-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows in FreeType might allow for the remote execution of arbitrary code or a Denial of Service. Background == FreeType is a high-quality and portable font engine. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/freetype 2.3.9-r1= 2.3.9-r1 Description === Tavis Ormandy reported multiple integer overflows in the cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly leading to heap or stack-based buffer overflows. Impact == A remote attacker could entice a user or automated system to open a specially crafted font file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/freetype-2.3.9-r1 References == [ 1 ] CVE-2009-0946 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part
Re: Adobe Flash Player plug-in null pointer dereference and browser crash
Hello Matthew, On Mi, 2009-03-11 at 10:30 -0700, Matthew Dempsky wrote: On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky matt...@mochimedia.com wrote: If a Flash 9 SWF loads two SWF files with different SWF version numbers from two distinct HTTP requests to the exact same URL (including query string arguments), then Adobe's Flash Player plug-in will try to dereference a null pointer. This issue affects at least versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS X, and Linux. As an update, this issue also affects 10.0.22.87 at least on Windows and OS X. I've seen some Linux distributions (e.g., [1]) claim that 10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is mistaken. yes, indeed you are right. Both a user and me could repoduce the issue with the version we mistakenly marked as not vulnerable. You can easily reproduce this bug (i.e., crash your browser) by visiting http://flashcrash.dempsky.org/. Be sure to tell your friends: it can be the next Rick Roll. [1] http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable We have updated that GLSA to no longer reference this issue. Thank you for the heads-up! Regards, Alex signature.asc Description: This is a digitally signed message part
