GLSA: openafs (200303-26)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-26 - - - PACKAGE : openafs SUMMARY : cryptographic weakness in Kerberos v4 DATE : 2003-03-30 15:50 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.3.2-r1 FIXED VERSION : =1.3.2-r1 CVE : CAN-2003-0139 - - - - From advisory: A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. OpenAFS kaserver implements version 4 of the Kerberos protocol, and therefore is vulnerable. An attacker that knows a shared cross-realm key between any remote realm and the local realm can impersonate any principal in the local realm to AFS database servers and file servers in the local cell, and other services in the local realm. An attacker that can create arbitrary principal names in a realm can also impersonate any principal in that realm. Read the full advisory at http://www.openafs.org/pages/security/OPENAFS-SA-2003-001.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-fs/openafs upgrade to openafs-1.3.2-r1 as follows: emerge sync emerge openafs emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz [EMAIL PROTECTED] - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hxJFfT7nyhUpoZMRAsX+AJ9EpVL8yVWv6zKDub9dgBf8kNDw6ACfZcyL gCOQAEJIogc9cC4AnK7UMzo= =01pX -END PGP SIGNATURE-
GLSA: dietlibc (200303-29)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-29 - - - PACKAGE : dietlibc SUMMARY : integer overflow DATE : 2003-03-31 12:35 UTC EXPLOIT : remote VERSIONS AFFECTED : 0.22-r1 FIXED VERSION : =0.22-r1 CVE : CAN-2003-0028 - - - - From advisory: The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow. Depending on the location and use of the vulnerable xdrmem_getbytes() routine, various conditions may be presented that can permit an attacker to remotely exploit a service using this vulnerable routine. Read the full advisory at: http://www.eeye.com/html/Research/Advisories/AD20030318.html SOLUTION It is recommended that all Gentoo Linux users who are running dev-libs/dietlibc upgrade to dietlibc-0.22-r1 as follows: emerge sync emerge dietlibc emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+iDYjfT7nyhUpoZMRAnM9AKCjWSJBcsWKMWNpDx5fhhRM83zM8QCffwnA 3203obwOioSqaykqFmB7lAo= =FJTb -END PGP SIGNATURE-
GLSA: sendmail (200303-27)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-27 - - - PACKAGE : sendmail SUMMARY : buffer overflow DATE : 2003-03-31 09:13 UTC EXPLOIT : remote VERSIONS AFFECTED : 8.12.9 FIXED VERSION : =8.12.9 CVE : CAN-2003-0161 - - - - From advisory: There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. Read the full advisory at http://www.cert.org/advisories/CA-2003-12.html SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/sendmail upgrade to sendmail-8.12.9 as follows: emerge sync emerge sendmail emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz [EMAIL PROTECTED] - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+iAbNfT7nyhUpoZMRAuQWAJ9DKi8B6JxgHVyxRLZfM1e5N0YyNQCgqM7Y NwuiPB4hihTbTLAXIKg9/J8= =RiMh -END PGP SIGNATURE-
GLSA: krb5 mit-krb5 (200303-28)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-28 - - - PACKAGE : krb5 mit-krb5 SUMMARY : multiple vulnerabilities fixed DATE : 2003-03-31 10:01 UTC EXPLOIT : remote VERSIONS AFFECTED : krb5: 1.2.7-r2 mit-krb5: 1.2.7 FIXED VERSION : krb5: =1.2.7-r2 mit-krb5: =1.2.7 CVE : CAN-2003-0139 CAN-2003-0138 CAN-2003-0082 CAN-2003-0072 CAN-2003-0028 - - - - From advisory: An attacker who has successfully authenticated to the Kerberos administration daemon (kadmind) may be able to crash kadmind or induce it to leak sensitive information, such as secret keys. For the attack to succeed, it is believed that the configuration of the kadmind installation must allow it to successfully allocate more than INT_MAX bytes of memory. Read the full advisory at http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt - From advisory: A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure. Read the full advisory at http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt - From advisory: Buffer overrun and underrun problems exist in Kerberos principal name handling in unusual cases, such as names with zero components, names with one empty component, or host-based service principal names with no host name component. Read the full advisory at http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-crypt/krb5 and/or app-crypt/mit-krb5 upgrade to krb5-1.2.7-r2 and/or mit-krb5-1.2.7 as follows: emerge sync emerge krb5 and/or emerge mit-krb5 emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+iBH9fT7nyhUpoZMRApoJAJ4riLzN44nYgta6XcEWPUweqCTG8QCeMMCs E+Cyl6Q3Z84+9kZWdJlLAfU= =+CmS -END PGP SIGNATURE-
GLSA: zlib (200303-25)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-25 - - - PACKAGE : zlib SUMMARY : buffer overrun DATE : 2003-03-28 10:50 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.1.4-r1 FIXED VERSION : =1.1.4-r1 CVE : CAN-2003-0107 - - - - From advisory: zlib contains a function called gzprintf(). This is similar in behaviour to fprintf() except that by default, this function will smash the stack if called with arguments that expand to more than Z_PRINTF_BUFSIZE (=4096 by default) bytes. Read the full advisory at http://www.securityfocus.com/archive/1/312869/2003-02-18/2003-02-24/0 SOLUTION It is recommended that all Gentoo Linux users who are running sys-libs/zlib upgrade to zlib-1.1.4-r1 as follows: emerge sync emerge zlib emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hCkVfT7nyhUpoZMRAv/oAKCvQvr9WZOBm6O4Z+rWXArdWB2JZACfU9gT jJ0a21t+xwPVPf8Lb2ObEsA= =1ZIH -END PGP SIGNATURE-
GLSA: glibc (200303-22)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22 - - - PACKAGE : glibc SUMMARY : integer overflow DATE : 2003-03-25 08:49 UTC EXPLOIT : remote VERSIONS AFFECTED : 2.3.1-r4 (arm: 2.2.5-r8) FIXED VERSION : =2.3.1-r4 (arm: =2.2.5-r8) CVE : CAN-2003-0028 - - - - From advisory: The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow. Depending on the location and use of the vulnerable xdrmem_getbytes() routine, various conditions may be presented that can permit an attacker to remotely exploit a service using this vulnerable routine. Read the full advisory at: http://www.eeye.com/html/Research/Advisories/AD20030318.html SOLUTION It is recommended that all Gentoo Linux users who are running sys-libs/glibc upgrade to glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) as follows: emerge sync emerge glibc emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+gBg5fT7nyhUpoZMRAp8SAJ0WL/EFzgcNRD6QwXIwKp60DYkhqQCfcoYt +syEpAhdT1ab5c1DBZKMLwc= =suct -END PGP SIGNATURE-
GLSA: mod_ssl (200303-23)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-23 - - - PACKAGE : mod_ssl SUMMARY : timing based attack DATE : 2003-03-25 10:14 UTC EXPLOIT : remote VERSIONS AFFECTED : 2.8.14 FIXED VERSION : =2.8.14 CVE : CAN-2003-0147 - - - - From advisory: Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Read the full advisory at http://www.openssl.org/news/secadv_20030317.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-www/mod_ssl upgrade to mod_ssl-2.8.14 as follows: emerge sync emerge mod_ssl emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+gCv1fT7nyhUpoZMRAum/AJ9q76uO5cwCTdbwY2BA1xEAQaY8dgCdEPQF iE3hH2SYHAEHM7QUhRuGSeo= =b1yN -END PGP SIGNATURE-
GLSA: mutt (200303-19)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-19 - - - PACKAGE : mutt SUMMARY : buffer overflow DATE : 2003-03-22 18:19 UTC EXPLOIT : local VERSIONS AFFECTED : 1.4.1 FIXED VERSION : =1.4.1 CVE : CAN-2003-0140 - - - - From advisory: By controlling a malicious IMAP server and providing a specially crafted folder, an attacker can crash the mail reader and possibly force execution of arbitrary commands on the vulnerable system with the privileges of the user running Mutt. Read the full advisory at: http://www.coresecurity.com/common/showdoc.php?idx=310idxseccion=10 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/mutt upgrade to mutt-1.4.1 as follows: emerge sync emerge mutt emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+fKkyfT7nyhUpoZMRAkw6AKCmyIFHKpT4dpk4eafeuVw9M1zFZQCeI48z 7dK4rjkZJCsYlIk5Yk5Fd/c= =acwA -END PGP SIGNATURE-
GLSA: openssl (200303-20)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-20 - - - PACKAGE : openssl SUMMARY : Klima-Pokorny-Rosa attack DATE : 2003-03-24 11:51 UTC EXPLOIT : remote VERSIONS AFFECTED : 0.9.6i-r2 FIXED VERSION : =0.9.6i-r2 CVE : CAN-2003-0131 - - - - From advisory: Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the Bleichenbacher attack on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack; the server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. Read the full advisory at: http://www.openssl.org/news/secadv_20030319.txt SOLUTION It is recommended that all Gentoo Linux users who are running dev-libs/openssl upgrade to openssl-0.9.6i-r2 as follows: emerge sync emerge openssl emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+fvEtfT7nyhUpoZMRAjGBAJ9fkr/E5rMWv7Sp1YBg+3rRNqbS6wCglHh8 XW2wBWHA0/W3NXOz+ONEFTg= =l0Nr -END PGP SIGNATURE-
GLSA: bitchx (200303-21)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-21 - - - PACKAGE : bitchx SUMMARY : buffer overflow DATE : 2003-03-24 11:56 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.0.19-r5 FIXED VERSION : =1.0.19-r5 CVE : - - - - From advisory: Full of sprintf() calls and relying on BIG_BUFFER_SIZE being large enough. There's multiple ways to exploit it by giving near-BIG_BUFFER_SIZE strings in various places. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104766521328322w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-irc/bitchx upgrade to bitchx-1.0.19-r5 as follows: emerge sync emerge bitchx emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+fvKBfT7nyhUpoZMRAuzlAKCOUEKFF4kgEMzoR764HVGxrjstQQCgqYyq t4OtjEq/D2dO+c6jFlBnPug= =Jz7V -END PGP SIGNATURE-
GLSA: evolution (200303-18)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 - - - PACKAGE : evolution SUMMARY : multiple vulnerabilities DATE : 2003-03-21 16:02 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.2.3 FIXED VERSION : =1.2.3 CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 - - - - From advisory: Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems. Read the full advisory at: http://www.coresecurity.com/common/showdoc.php?idx=309idxseccion=10 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/evolution upgrade to evolution-1.2.3 as follows: emerge sync emerge evolution emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8 puU/UmXZptBvDuVLe66YBNg= =7I0C -END PGP SIGNATURE-
GLSA: kernel (200303-17)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-17 - - - PACKAGE : kernel SUMMARY : ptrace flaw DATE : 2003-03-21 08:59 UTC EXPLOIT : local VERSIONS AFFECTED : All except 2.5 FIXED VERSION : Kernels with patch applied CVE : CAN-2003-0127 - - - - From advisory: The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable. Read the full advisory at: http://marc.theaimsgroup.com/?l=linux-kernelm=104791735604202w=2 SOLUTION It is recommended that all Gentoo Linux users upgrade their kernels. If you are running any of gentoo-sources, gs-sources, pfeifer-sources sparc-sources or xfs-sources updates are available. Sync your tree and run emerge package to install the latest version of the package. Then compile and install your new kernel and reboot. If you are using an other kernel package which hasn't been updated or download your own sources you can download a patch from http://cvs.gentoo.org/~aliz/linux-2.4.20-ptrace.patch and manually patch your kernel. - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+etRofT7nyhUpoZMRAtj9AKCpcSvx893bgbEGVjZ8jExLNh3oHwCgvizk D3X8W7ZFcZ8flX9KD3Qm0ps= =ZiW+ -END PGP SIGNATURE-
GLSA: rxvt (200303-16)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-16 - - - PACKAGE : rxvt SUMMARY : dangerous interception of escape sequences DATE : 2003-03-20 09:57 UTC EXPLOIT : remote VERSIONS AFFECTED : 2.7.8-r6 FIXED VERSION : =2.7.8-r6 CVE : CAN-2003-0021 CAN-2003-0068 - - - - From advisory: Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen. The impact of this abuse can range from annoying screen garbage to a complete system compromise. All of the issues below are actually documented features, anyone who takes the time to read over the man pages or source code could use them to carry out an attack. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104612710031920w=2 SOLUTION It is recommended that all Gentoo Linux users who are running x11-terms/rxvt upgrade to rxvt-2.7.8-r6 as follows: emerge sync emerge rxvt emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+eZCcfT7nyhUpoZMRAoIxAJ4pMomebqxxExy6ae2dWkXROwgThwCgkVyl 946AH96tHODYe29iHZjkGag= =ukg7 -END PGP SIGNATURE-
GLSA: openssl (200303-15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-15 - - - PACKAGE : openssl SUMMARY : timing based attack DATE : 2003-03-20 09:20 UTC EXPLOIT : remote VERSIONS AFFECTED : 0.9.6i-r1 FIXED VERSION : =0.9.6i-r1 CVE : CAN-2003-0147 - - - - From advisory: Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Typically, it will not have been, because it is not easily possible to do so when using OpenSSL to provide SSL or TLS. The enclosed patch switches blinding on by default. Applications that wish to can remove the blinding with RSA_blinding_off(), but this is not generally advised. It is also possible to disable it completely by defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time. The performance impact of blinding appears to be small (a few percent). Read the full advisory at http://www.openssl.org/news/secadv_20030317.txt SOLUTION It is recommended that all Gentoo Linux users who are running dev-libs/openssl upgrade to openssl-0.9.6i-r1 as follows: emerge sync emerge openssl emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+eYfYfT7nyhUpoZMRAsEPAJ9+YC89ZmQ1YfS/vRwj4Zd6DR4sngCbBM6Y WTQ5c9ECLigqgvOnhaPZe/w= =g1MD -END PGP SIGNATURE-
GLSA: mysql (200303-14)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-14 - - - PACKAGE : mysql SUMMARY : remote root exploit DATE : 2003-03-18 18:12 UTC EXPLOIT : remote VERSIONS AFFECTED : 3.23.56 FIXED VERSION : =3.23.56 CVE : - - - This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat. In particular, MySQL will no longer read config files that are world-writeable (and SELECT ... OUTFILE always creates world-writeable files). Also, unlike other options, for --user option the first one will have the precedence. So if --user is set in /etc/my.cnf (as it is recommended in the manual), datadir/my.cnf will not be able to override it. quote from: http://marc.theaimsgroup.com/?l=bugtraqm=104739810523433w=2 SOLUTION It is recommended that all Gentoo Linux users who are running dev-db/mysql upgrade to mysql-3.23.56 as follows: emerge sync emerge mysql emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+d2GffT7nyhUpoZMRAiDNAJ9CABOwtIrF3njTkLBxCO2SdvtsugCeMqqH SSeumvMyzTQCfb0/C4I1nIU= =HMcb -END PGP SIGNATURE-
GLSA: man (200303-13)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-13 - - - PACKAGE : man SUMMARY : arbitrary code execution DATE : 2003-03-18 18:03 UTC EXPLOIT : local VERSIONS AFFECTED : 1.5l FIXED VERSION : =1.5l CVE : CAN-2003-0124 - - - - From advisory: man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file. The basic problem is, upon finding a string with a quoting problem, the function my_xsprintf in util.c will return unsafe (rather than returning a string which could be interpreted by the shell). This return value is passed directly to system(3) - meaning if there is any program named `unsafe`, it will execute with the privs of the user. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104740927915154w=2 SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/man upgrade to man-1.5l as follows: emerge sync emerge man emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+d1+AfT7nyhUpoZMRAoNEAKC6r3Fl0cMaewvVnLPR0GYy+6XqTQCfcil/ dq/EzzvG4HhvhsRan4s8oPY= =EHNI -END PGP SIGNATURE-
GLSA: samba (200303-11)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-11 - - - PACKAGE : samba SUMMARY : buffer overrun DATE : 2003-03-17 09:22 UTC EXPLOIT : remote VERSIONS AFFECTED : 2.2.8 FIXED VERSION : =2.2.8 CVE : CAN-2003-0085 CAN-2003-0086 - - - - From advisory: The SuSE security audit team, in particular Sebastian Krahmer krahmer at suse.de, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. A buffer overrun condition exists in the SMB/CIFS packet fragment re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address space. This could allow a skilled attacker to inject binary specific exploit code into smbd. Read the full advisory at: http://lists.samba.org/pipermail/samba-announce/2003-March/63.html SOLUTION It is recommended that all Gentoo Linux users who are running net-fs/samba upgrade to samba-2.2.8 as follows: emerge sync emerge samba emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dZPAfT7nyhUpoZMRAqJaAJ90Tc8Bkgq+QRwjzTIdAedcgGZb8wCggBWq Gok26HB4womHvtn/3PrBsXY= =7cIA -END PGP SIGNATURE-
GLSA: qpopper (200303-12)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-12 - - - PACKAGE : qpopper SUMMARY : buffer overflow DATE : 2003-03-17 09:50 UTC EXPLOIT : remote VERSIONS AFFECTED : 4.0.5 FIXED VERSION : =4.0.5 CVE : CAN-2003-0143 - - - - From advisory: Under certain conditions it is possible to execute arbitrary code using a buffer overflow in the recent qpopper. You need a valid username/password-combination and code is (depending on the setup) usually executed with the user's uid and gid mail. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104739841223916w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/qpopper upgrade to qpopper-4.0.5 as follows: emerge sync emerge qpopper emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dZp5fT7nyhUpoZMRAq9XAJsFyPbrwFb1CcvL59jEKtAoymZzTwCeIw4Z p8IXHapfnjyZM1j7pcN+nW8= =OPDK -END PGP SIGNATURE-
GLSA: ethereal (200303-10)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-10 - - - PACKAGE : ethereal SUMMARY : arbitrary code execution DATE : 2003-03-09 20:12 UTC EXPLOIT : remote VERSIONS AFFECTED : 0.9.10 FIXED VERSION : =0.9.10 CVE : - - - - From advisory: The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow. This vulnerability has been present in Ethereal since the SOCKS dissector was introduced in version 0.8.7. It was discovered by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a heap overflow. All users of Ethereal 0.9.9 and below are encouraged to upgrade. Read the full advisory at: http://www.ethereal.com/appnotes/enpa-sa-8.html SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal upgrade to ethereal-0.9.10 as follows: emerge sync emerge ethereal emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+a6A1fT7nyhUpoZMRAj6oAJ4wd+WBsHQEgFEuf22fWAueD6zjgACfV1uT rUKVwwCzAPiovynpwUE5N9c= =sn9d -END PGP SIGNATURE-
GLSA: snort (200303-6.1)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-6.1 - - - - PACKAGE : snort SUMMARY : buffer overflow DATE : 2003-03-06 10:59 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.9.1 FIXED VERSION : =1.9.1 CVE : CAN-2003-0033 - - - - - - From advisory: Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process, which typically runs as the superuser. The vulnerable preprocessor is enabled by default. It is not necessary to establish an actual connection to a RPC portmapper service to exploit this vulnerability. Read the full advisory at: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951 SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/snort upgrade to snort-1.9.1 as follows: emerge sync emerge -u snort emerge clean - - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+aIVJfT7nyhUpoZMRAlEBAJ9bQ2DtVTLgZDqUXfbAIB3Ruwd/dQCgh81e V2BQR1tEGzaUGMhWAbtiSng= =RkkJ -END PGP SIGNATURE-
GLSA: mysqlcc (200303-7)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-7 - - - PACKAGE : mysqlcc SUMMARY : information leakage DATE : 2003-03-07 16:03 UTC EXPLOIT : local VERSIONS AFFECTED : 0.8.9 FIXED VERSION : =0.8.9 CVE : - - - Versions prior to 0.8.9 had all configuration and connection files world readable. SOLUTION It is recommended that all Gentoo Linux users who are running dev-db/mysqlcc upgrade to mysqlcc-0.8.10-r1 as follows: emerge sync emerge -u mysqlcc emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+aMK+fT7nyhUpoZMRAoq2AKDE1Xc6ler9UoKz2bVNtN4B4OMlLgCgtj4Y a6RAI1/TyhIthLVSXYCcRj0= =EL3y -END PGP SIGNATURE-
GLSA: snort (200303-6)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-6 - - - PACKAGE : snort SUMMARY : remote dos DATE : 2003-03-06 10:59 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.9.1 FIXED VERSION : =1.9.1 CVE : CAN-2003-0033 - - - - From advisory: Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process, which typically runs as the superuser. The vulnerable preprocessor is enabled by default. It is not necessary to establish an actual connection to a RPC portmapper service to exploit this vulnerability. Read the full advisory at: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951 SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/snort upgrade to snort-1.9.1 as follows: emerge sync emerge -u snort emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+ZyoSfT7nyhUpoZMRAkWXAJ9o4osrNsPeB3zW9Z0waUyqkgdqrwCcCdVm eJHeuzr13368L/eFJK0uqLs= =apAA -END PGP SIGNATURE-
GLSA: tcpdump (200303-5)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-5 - - - PACKAGE : tcpdump SUMMARY : remote dos DATE : 2003-03-05 10:19 UTC EXPLOIT : remote VERSIONS AFFECTED : 3.7.2 FIXED VERSION : =3.7.2 CVE : CAN-2003-0108 - - - - From advisory: A vulnerability exists in the parsing of ISAKMP packets (UDP port 500) that allows an attacker to force TCPDUMP into an infinite loop upon receipt of a specially crafted packet. Read the full advisory at: http://www.idefense.com/advisory/02.27.03.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/tcpdump upgrade to tcpdump-3.7.2 as follows: emerge sync emerge -u tcpdump emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Zc9LfT7nyhUpoZMRAhvzAJ4nvljUMlxZ3apC4IHsgW82ac7IdQCghAJ+ 1A8EmkbKOczX+avWHCEudKY= =YQs3 -END PGP SIGNATURE-
GLSA: sendmail (200303-4)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-4 - - - PACKAGE : sendmail SUMMARY : remote root exploit DATE : 2003-03-04 10:12 UTC EXPLOIT : remote VERSIONS AFFECTED : 8.12.8 FIXED VERSION : =8.12.8 CVE : CAN-2002-1337 - - - - From advisory: Attackers may remotely exploit this vulnerability to gain root or superuser control of any vulnerable Sendmail server. Sendmail and all other email servers are typically exposed to the Internet in order to send and receive Internet email. Vulnerable Sendmail servers will not be protected by legacy security devices such as firewalls and/or packet filters. This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn't need any specific knowledge of the target to launch a successful attack. Read the full advisory at: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/sendmail upgrade to sendmail-8.12.8 as follows: emerge sync emerge -u sendmail emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+ZHwhfT7nyhUpoZMRAh+bAJ4yX5o69EZxFoch2UeGChysnP4ItwCbBqec Kfwwgu9H1hfXnArVUBTmZtY= =cliQ -END PGP SIGNATURE-
GLSA: eterm (200303-1)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-1 - - - PACKAGE : eterm SUMMARY : dangerous interception of escape sequences DATE : 2003-03-03 10:13 UTC EXPLOIT : remote VERSIONS AFFECTED : 0.9.2 FIXED VERSION : 0.9.2 CVE : CAN-2003-0021 CAN-2003-0068 - - - - From advisory: Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen. The impact of this abuse can range from annoying screen garbage to a complete system compromise. All of the issues below are actually documented features, anyone who takes the time to read over the man pages or source code could use them to carry out an attack. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104612710031920w=2 SOLUTION It is recommended that all Gentoo Linux users who are running x11-terms/eterm upgrade to eterm-0.9.2-r3 as follows: emerge sync emerge -u eterm emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+YyrSfT7nyhUpoZMRAmQMAJ9l+LP0d7ZiiU/ORWsHe8dfbizcygCfRRaY 0qutlqN466gl7gkPydYcc6c= =W8wR -END PGP SIGNATURE-
GLSA: vte (200303-2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200303-2 - - - PACKAGE : vte SUMMARY : dangerous interception of escape sequences DATE : 2003-03-03 10:16 UTC EXPLOIT : remote VERSIONS AFFECTED : 0.10.25 FIXED VERSION : 0.10.25 CVE : CAN-2003-0070 - - - - From advisory: Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen. The impact of this abuse can range from annoying screen garbage to a complete system compromise. All of the issues below are actually documented features, anyone who takes the time to read over the man pages or source code could use them to carry out an attack. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104612710031920w=2 SOLUTION It is recommended that all Gentoo Linux users who are running x11-libs/vte upgrade to vte-0.10.25 as follows: emerge sync emerge -u vte emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+YytrfT7nyhUpoZMRAmM4AJ9GiRX6v2zDkr0hftZ5hWc0rP8FtwCfWjsM sM4EOkJZrokHlfOWLABLBgo= =+/3p -END PGP SIGNATURE-
GLSA: usermin (200302-14)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-14 - - - PACKAGE : usermin SUMMARY : unauthorized access DATE : 2003-02-24 10:10 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.000 FIXED VERSION : 1.000 - - - - From announcement: Due to a remotely exploitable security hole being discovered that effects all previous Webmin releases, version 1.070 is now available for download from http://www.webmin.com/ and mirror sites. This problem was reported by Cintia M. Imanishi, but fortunately there have been no known malicious exploits of it yet. However, all users should upgrade to 1.070 as soon as possible. Also available is Usermin 1.000 which fixes the exact same security hole. It includes the same File Manager features, as well as support for IMAP folders and an IMAP inbox in the Read Mail module. Read the full announcement at: http://marc.theaimsgroup.com/?l=webmin-announcem=104587858408101w=2 SOLUTION It is recommended that all Gentoo Linux users who are running app-admin/usermin upgrade to usermin-1.000 as follows: emerge sync emerge -u usermin emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+We97fT7nyhUpoZMRAoJyAJwIyGaJYx/5seE0gJyAWSJxLJjsjACfcjz5 HnsBZk4bNXoP5oW6LMXFqC4= =+8v6 -END PGP SIGNATURE-
GLSA: tightvnc (200302-15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-15 - - - PACKAGE : tightvnc SUMMARY : insecure cookie generation DATE : 2003-02-24 11:34 UTC EXPLOIT : remote VERSIONS AFFECTED : 1.2.8 FIXED VERSION : 1.2.8 - - - - From Red Hat Security Advisory RHSA-2003:041-12: The VNC server acts as an X server, but the script for starting it generates an MIT X cookie (which is used for X authentication) without using a strong enough random number generator. This could allow an attacker to be able to more easily guess the authentication cookie. Read the full advisory at: https://rhn.redhat.com/errata/RHSA-2003-041.html SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/tightvnc upgrade to tightvnc-1.2.8 as follows: emerge sync emerge -u tightvnc emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+WgMufT7nyhUpoZMRAiKmAJ4qnkKGdjD3mizWhjUmWTcXrM0aqACeOp45 r+jWLJSEsOaSmhXb73IYMPc= =Rml2 -END PGP SIGNATURE-
GLSA: vnc (200302-16)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-16 - - - PACKAGE : vnc SUMMARY : insecure cookie generation DATE : 2003-02-24 11:35 UTC EXPLOIT : remote VERSIONS AFFECTED : 3.3.6-r1 FIXED VERSION : 3.3.6-r1 - - - - From Red Hat Security Advisory RHSA-2003:041-12: The VNC server acts as an X server, but the script for starting it generates an MIT X cookie (which is used for X authentication) without using a strong enough random number generator. This could allow an attacker to be able to more easily guess the authentication cookie. Read the full advisory at: https://rhn.redhat.com/errata/RHSA-2003-041.html SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/vnc upgrade to vnc-3.3.6-r1 as follows: emerge sync emerge -u vnc emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+WgNxfT7nyhUpoZMRAjgdAKCkBB7XPF4iXhpPvHW9YQ0lTrTKIACeLKjx wcygjjWoyxpABWAfLk4BX1A= =HPqI -END PGP SIGNATURE-
GLSA: (200302-12)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-12 - - - PACKAGE : webmin SUMMARY : unauthorized access DATE : 2003-02-22 18:48 UTC EXPLOIT : remote VERSIONS AFFECTED : =1.060 FIXED VERSION : 1.070 - - - - From announcement: Due to a remotely exploitable security hole being discovered that effects all previous Webmin releases, version 1.070 is now available for download from http://www.webmin.com/ and mirror sites. This problem was reported by Cintia M. Imanishi, but fortunately there have been no known malicious exploits of it yet. However, all users should upgrade to 1.070 as soon as possible. Read the full announcement at: http://marc.theaimsgroup.com/?l=webmin-announcem=104587858408101w=2 SOLUTION It is recommended that all Gentoo Linux users who are running app-admin/webmin upgrade to webmin-1.070 as follows: emerge sync emerge -u webmin emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+V8XxfT7nyhUpoZMRAvRGAJ4rPNH0gzC7Fk6PupQypzJYtGcQGACdG2o+ tsZUEcOGkalsQl+Ubn29GZA= =F8OA -END PGP SIGNATURE-
GLSA: bitchx (200302-11)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-11 - - - PACKAGE : bitchx SUMMARY : denial of service DATE: 2003-02-20 17:47 UTC EXPLOIT : remote - - - - From advisory: A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104554352513997w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-irc/bitchx upgrade to bitchx-1.0.19-r4 as follows: emerge sync emerge -u bitchx emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+VRTLfT7nyhUpoZMRAvqiAJ4kel27B+vLN8ZRuxYZGqLvhlrvMACdFB+z 6LgjJMmjYP+/EGRH0nGzAmI= =dRwx -END PGP SIGNATURE-
GLSA: mod_php php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-09 - - - PACKAGE : mod_php php SUMMARY : arbitrary code execution DATE: 2003-02-19 13:28 UTC EXPLOIT : local - - - - From release notes: PHP contains code for preventing direct access to the CGI binary with configure option --enable-force-cgi-redirect and php.ini option cgi.force_redirect. In PHP 4.3.0 there is a bug which renders these options useless. Read the full release notes at: http://www.php.net/release_4_3_1.php SOLUTION It is recommended that all Gentoo Linux users who are running dev-php/mod_php and/or dev-php/php upgrade to php-4.3.1 and/or mod_php-4.3.1 as follows: emerge sync emerge -u mod_php and/or emerge -u php emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz [EMAIL PROTECTED] - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+U4ZjfT7nyhUpoZMRAsWsAJ4qV3t9D0x7RIvX32//aHcJvz3kbgCgwywT I44q0SlLumCn++b7K2yvhZc= =QPPk -END PGP SIGNATURE-
GLSA: mod_php (200302-09.1)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-09.1 - - - PACKAGE : mod_php SUMMARY : arbitrary code execution DATE: 2003-02-19 15:56 UTC EXPLOIT : remote - - - This is a re-release of GLSA-200302-09 becuse the first post contained some errors. - From release notes: PHP contains code for preventing direct access to the CGI binary with configure option --enable-force-cgi-redirect and php.ini option cgi.force_redirect. In PHP 4.3.0 there is a bug which renders these options useless. Read the full release notes at: http://www.php.net/release_4_3_1.php SOLUTION It is recommended that all Gentoo Linux users who are running dev-php/mod_php upgrade to mod_php-4.3.1 as follows: emerge sync emerge -u mod_php emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz [EMAIL PROTECTED] - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+U6k3fT7nyhUpoZMRAgYGAJ0VuZ3QvRgdFE9MfkrsdpNRQnfNwgCgqDwK agZ3yHaDeGja82rJavna2GY= =r2WB -END PGP SIGNATURE-
GLSA: nethack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-08 - - - PACKAGE : nethack SUMMARY : buffer overflow DATE: 2003-02-18 09:10 UTC EXPLOIT : local - - - Overflowing a buffer in nethack may lead to privelige escalation to games uid. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104489201032144w=2 SOLUTION It is recommended that all Gentoo Linux users who are running app-games/nethack upgrade to nethack-3.4.0-r6 as follows: emerge sync emerge -u nethack emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UfhsfT7nyhUpoZMRAhFfAJ9asnqYIFPxQ5x0NrI0TX95AoznHACgvDs3 IGHP5+mr6/l6VFSm1egWoNI= =UKVa -END PGP SIGNATURE-
GLSA: mailman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-05 - - - PACKAGE : mailman SUMMARY : cross site scripting DATE: 2003-02-17 09:16 UTC EXPLOIT : remote - - - The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraqm=104342745916111w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/mailman upgrade to mailman-2.1.1 as follows: emerge sync emerge -u mailman emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UKiNfT7nyhUpoZMRAuI2AJ9wnFfMKTXwBVyFnMLASs6SGuZggwCeKdgj k2lHmZN7hAxMFTM7ilmS974= =S96x -END PGP SIGNATURE-
GLSA: syslinux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-06 - - - PACKAGE : syslinux SUMMARY : security issues in installer DATE: 2003-02-17 14:40 UTC EXPLOIT : local - - - - From syslinux changelog: Security flaws have been found in the SYSLINUX installer when running setuid root. Rewrite the SYSLINUX installer so it uses mtools instead. It therefore now requires mtools (specifically mcopy and mattrib) to exist on your system, but it will not require root privileges and SHOULD NOT be setuid. SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/syslinux upgrade to syslinux-2.02 as follows: emerge sync emerge -u syslinux emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UPR9fT7nyhUpoZMRAvdQAJ9nnSJoMKxE8siV7DbDYcAcNCekKQCfetT0 1Abd4vX3xTP6TuKSPmNm1H0= =3bei -END PGP SIGNATURE-
GLSA: w3m
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-07 - - - PACKAGE : w3m SUMMARY : missing HTML quoting DATE: 2003-02-17 14:47 UTC EXPLOIT : remote - - - - From w3m release notes: Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on. SOLUTION It is recommended that all Gentoo Linux users who are running net-www/w3m upgrade to w3m-0.3.2.2 as follows: emerge sync emerge -u w3m emerge clean - - - [EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UPYbfT7nyhUpoZMRAsIBAJ9VXr80M0q44vB0C8FrtuzUrE65/gCgkcu9 Vf4VW9lnTPTDTSBwZnAmc1k= =8w3p -END PGP SIGNATURE-
GLSA: qt-dcgui
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-03 - - PACKAGE : qt-dcgui SUMMARY : file leaking DATE: 2003-02-04 15:03 UTC EXPLOIT : remote - - - From announcment: All versions 0.2.2 have a major security vulnerability in the directory parser. This bug allow a remote attacker to download files outside the sharelist. It's recommend that you upgrade the packages immediatly. Read the full announcment at: http://dc.ketelhot.de/pipermail/dc/2003-January/94.html SOLUTION It is recommended that all Gentoo Linux users who are running net-p2p/qt-dcgui upgrade to qt-dcgui-0.2.4 as follows: emerge sync emerge -u qt-dcgui emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+P9ZJfT7nyhUpoZMRAtoYAJ45ZBiV/8y3CFmv+/UiHTHfN+q1rACfd7bf GxwCDv8PO1m17sJJMp33KfA= =2ZdT -END PGP SIGNATURE-
GLSA: bladeenc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-04 - - PACKAGE : bladeenc SUMMARY : arbitrary code execution DATE: 2003-02-05 12:55 UTC EXPLOIT : local - - - From advisory: A wave file let the attacker to execute all the code he want on the victim Read the full advisory at: http://www.pivx.com/luigi/adv/blade942-adv.txt SOLUTION It is recommended that all Gentoo Linux users who are running media-sound/bladeenc upgrade to bladeenc-0.94.2-r1 as follows: emerge sync emerge -u bladeenc emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+QQnMfT7nyhUpoZMRAj4gAKCysKGdI94DM7FfPu24xfxjhPPNSgCgowXK b+MxfjWXGIiJs2VVyA848RM= =Z9lw -END PGP SIGNATURE-
GLSA: Mail-SpamAssasin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-01 - - PACKAGE : Mail-SpamAssasin SUMMARY : arbitrary code execution DATE: 2003-02-02 13:25 UTC EXPLOIT : remote - - - From advisory: Attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode (-B option). Versions from 2.40 to 2.43 are affected. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=104342896818777w=2 SOLUTION It is recommended that all Gentoo Linux users who are running dev-perl/Mail-SpamAssasin to Mail-SpamAssasin-2.44 as follows: emerge sync emerge -u Mail-SpamAssasin emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+PRxAfT7nyhUpoZMRAjBlAKCIBHUPx/LE/JJg130OosBtzfXNyACfY+/n hQ1myVlS8MPcIc1BGzoLZzM= =y8WM -END PGP SIGNATURE-
GLSA: slocate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-02 - - PACKAGE : slocate SUMMARY : buffer overflow DATE: 2003-02-02 13:36 UTC EXPLOIT : local - - - From advisory: The overflow appears when the slocate is runned with two parameters: - -c and -r, using as arguments a 1024 (or 10240, as Knight420 has informed us earlier) bytes string. Read the full advisory at http://www.usg.org.uk/advisories/2003.001.txt SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/slocate upgrade to slocate-2.7 as follows: emerge sync emerge -u slocate emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+PR7NfT7nyhUpoZMRApEYAJ4uD5qRerI0di1uC0UOIrmMsFaIngCgk2JI XW5zgRH8d560fe7weHDCPrw= =H1YI -END PGP SIGNATURE-
GLSA: dhcp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-10 - - PACKAGE : dhcp SUMMARY : buffer overflow DATE : 2003-01-17 10:01 UTC EXPLOIT : remote - - - From advisory : The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits. Read the full advisory at http://www.cert.org/advisories/CA-2003-01.html SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/dhcp upgrade to dhcp-3.0_p2 as follows: emerge sync emerge -u dhcp emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+J97gfT7nyhUpoZMRAvWAAKCmwJ9SZ9BHqLlVSnpU6uuJdIGR+ACfXpTw ZFnl0fBTQKE3c0ymwNUdQT8= =Ukux -END PGP SIGNATURE-
GLSA: libpng
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-7 - - PACKAGE : libpng SUMMARY : buffer overflow DATE : 2003-01-08 15:01 UTC EXPLOIT : remote - - - From Debian Security Advisory DSA 213-1: Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer. Read the full advisory at http://www.debian.org/security/2002/dsa-213 SOLUTION It is recommended that all Gentoo Linux users who are running media-libs/libpng-1.2.5-r1 or earlier update their systems as follows: emerge rsync emerge libpng If you also have libpng-1.0.12-r1 or earlier installed update your system as follows: emerge \=media-libs/libpng-1.0.12-r2 Finish with: emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+HEShfT7nyhUpoZMRAvoiAKCKhtJz+FVEW84Zr+NDEQ5xYcqf7gCgxLZ8 teSWsNMM8ls6TU7MfX7/lyM= =bhV+ -END PGP SIGNATURE-
GLSA: http-fetcher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-6 - - PACKAGE : http-fetcher SUMMARY : buffer overflow DATE : 2003-01-07 09:01 UTC EXPLOIT : remote - - - From advisory: HTTP Fetcher library is exposed to very fatal buffer overflow. And, It influences in other several programs. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=104187658217144w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-www/http-fetcher-1.0.1 or earlier update their systems as follows: emerge rsync emerge http-fetcher emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+GpibfT7nyhUpoZMRAtR8AJ95B0uA1G6/DC+T3VQN1u2LR97svgCfVUIY w4ZxJhN0WS8KI+3dUPNoaqI= =iWz0 -END PGP SIGNATURE-
GLSA: lcdproc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-7 - - PACKAGE : lcdproc SUMMARY : remote code execution DATE : 2003-01-07 21:01 UTC EXPLOIT : remote - - - From advisory: The vulnerabilities in LCDproc allow an attacker to remotely execute arbitrary code or cause the LCDproc server to crash. Read the full advisory at http://online.securityfocus.com/archive/1/56411 SOLUTION It is recommended that all Gentoo Linux users who are running app-misc/lcdproc-0.4.1-r1 or earlier update their systems as follows: emerge rsync emerge lcdproc emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+G0HGfT7nyhUpoZMRAq7gAKCkO+SxDyRM7UQcNUrMLSntdEzt9ACfXRib VNy+H91tV/pxs+oSU3udMAM= =JLG/ -END PGP SIGNATURE-
GLSA: libmcrypt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-4 - - PACKAGE : libmcrypt SUMMARY : buffer overflows and memory exhaustion DATE : 2003-01-05 12:01 UTC EXPLOIT : remote - - Post by Ilia Alshanetsky [EMAIL PROTECTED]: limbcrypt versions prior to 2.5.5 contain a number of buffer overflow vulnerabilities that stem from imporper or lacking input validation. By passing a longer then expected input to a number of functions (multiple functions are affected) the user can successful make libmcrypt crash. Another vulnerability is due to the way libmcrypt loads algorithms via libtool. When the algorithms are loaded dynamically the each time the algorithm is loaded a small (few kilobytes) of memory are leaked. In a persistant enviroment (web server) this could lead to a memory exhaustion attack that will exhaust all avaliable memory by launching repeated requests at an application utilizing the mcrypt library. The solution to both of these problem is to upgrade to the latest release of libmcrypt, 2.5.5. SOLUTION It is recommended that all Gentoo Linux users who are running dev-libs/libmcrypt-2.5.1-r4 or earlier update their systems as follows: emerge rsync emerge libmcrypt emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+GCDqfT7nyhUpoZMRAgLTAJ9wkfPJg1Z4f0d5krJpObWVGtPwJgCfYQ7o a7jfaOOalcN+xeBczQjxAds= =vxQ0 -END PGP SIGNATURE-
GLSA: dhcpcd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-3 - - PACKAGE : dhcpcd SUMMARY : remote command execution DATE : 2003-01-05 00:01 UTC EXPLOIT : remote - - When assigning an IP address to a network interface, dhcpcd may execute an external script, '/sbin/dhcpd-interface.exe'. This is an optional configuration that must be setup manually on Gentoo Linux systems by copying the script into /sbin/. The script 'dhcpcd-interface.exe' uses values from '/var/lib/dhcpcd/dhcpcd-interface.info', which originate from the DHCP server. A lack of input validation on this data may make it possible for commands injected by a malicious DHCP server to be executed through the use of shell metacharacters such as ';' and '|'. These commands may run with root privileges. More information is available at http://online.securityfocus.com/bid/6200/info/ SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/dhcpcd-1.3.20_p0-r1 or earlier update their systems as follows: emerge rsync emerge dhcpcd emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+F3zufT7nyhUpoZMRAm+hAKCzOXX6yIYWnhHXWYclGaTAmvx5iQCffolq /YhKi+P23DLiTsUoL9l5B98= =sCso -END PGP SIGNATURE-
GLSA: leafnode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-2 - - PACKAGE : leafnode SUMMARY : denial of service DATE : 2003-01-02 11:01 UTC EXPLOIT : local and remote - - - From leafnode advisory: This vulnerability can make leafnode's nntpd server, named leafnode, go into an unterminated loop when a particular article is requested. The connection becomes irresponsive, and the server hogs the CPU. The client will have to terminate the connection and connect again, and may fall prey to the same problem; ultimately, there may be so many leafnode processes hogging the CPU that no serious work is possible any more and the super user has to kill all running leafnode processes. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=104127108823436w=2 SOLUTION It is recommended that all Gentoo Linux users who are running new-news/leafnode-1.9.24 or earlier update their systems as follows: emerge rsync emerge leafnode emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+FB2kfT7nyhUpoZMRAuaNAJ0UrCD8EC3dBOO6SSTMC/yDWj1KpACgqNCi I7R5t+COhHyCvR1l3LBg+Zk= =7hvP -END PGP SIGNATURE-
GLSA: xpdf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-1 - - PACKAGE : xpdf SUMMARY : integer overflow DATE : 2003-01-02 10:01 UTC EXPLOIT : local and remote - - - From iDEFENSE advisory: The pdftops filter in the Xpdf and CUPS packages contains an integer overflow that can be exploited to gain the privileges of the target user or in some cases the increased privileges of the 'lp' user if installed setuid. There are multiple ways of exploiting this vulnerability. Read the full advisory at http://www.idefense.com/advisory/12.23.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-text/xpdf-1.01-r1 or earlier update their systems as follows: emerge rsync emerge xpdf emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+FBHDfT7nyhUpoZMRArLLAJwJ/iqCxaKfUqvTSC6jXFTlwhA25ACfXosJ CM9T0JTkOYDhJIVj7xgZ/5A= =qDHF -END PGP SIGNATURE-
GLSA: openldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-12 - - PACKAGE : openldap SUMMARY : remote command execution DATE : 2002-12-28 00:12 UTC EXPLOIT : remote - - - From SuSE Security Advisory SuSE-SA:2002:047: The SuSE Security Team reviewed critical parts of that package and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers. In addition to these bugs, various local exploitable bugs within the OpenLDAP2 libraries (openldap2-devel package) have been fixed. Read the full advisory at http://www.suse.de/de/security/2002_047_openldap2.html SOLUTION It is recommended that all Gentoo Linux users who are running net-nds/openldap-2.0.25-r2 update their systems as follows: emerge rsync emerge openldap emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+DOvXfT7nyhUpoZMRAosUAJwLfUla5RD/VxF7WHAm8ZAbbFYgmACgugyg WemCvhFKS9lr6lCJpOS3Nyo= =Oga0 -END PGP SIGNATURE-
GLSA: cups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-13 - - PACKAGE : cups SUMMARY : multiple cups vulnerbilities DATE : 2002-12-29 13:12 UTC EXPLOIT : remote and local - - - From iDEFENSE advisory: Exploitation of multiple CUPS vulnerabilities allow local and remote attackers in the worst of the scenarios to gain root privileges. Read the full advisory at http://www.idefense.com/advisory/12.19.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-print/cups-1.1.17_pre20021025 or earlier update their systems as follows: emerge rsync emerge cups emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+DvoLfT7nyhUpoZMRAh8YAJ4lvCiGG5XfVvbpoKfzkKvj0geBygCeJRh1 XYhpQT4S3rWtJu33t3ouuSI= =Qel0 -END PGP SIGNATURE-
GLSA: cyrus-sasl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-10
- -
PACKAGE : cyrus-sasl
SUMMARY : buffer overflows
DATE : 2002-12-27 22:12 UTC
EXPLOIT : remote
- -
- From advisory:
Insufficient buffer length checking in user name canonicalization
may allow attacker to execute arbitrary code on servers using Cyrus
SASL library. Client side library also has the bug but since the user
name is asked from the local user, there's probably not many
applications that care about it, except maybe webmails and the like.
This overflow only happens if default realm is set.
LDAP authentication with saslauthd doesn't allocate enough memory
when it needs to escape characters '*', '(', ')', '\' and '\0' in
username and realm. This should be easily exploited with glibc's
malloc implementation.
Log writer might not have allocated memory for the trailing \0 in
message. Probably hard to exploit, although you can affect the
logging data with at least anonymous authentication.
Read the full advisory at
http://marc.theaimsgroup.com/?l=bugtraqm=103946297703402w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
dev-libs/cyrus-sasl-2.1.9 update their systems as follows:
emerge rsync
emerge cyrus-sasl
emerge clean
- -
[EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz
[EMAIL PROTECTED]
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+DNWlfT7nyhUpoZMRAst/AJ456a3Tiyv4tEBhwQ+7zS36xw0SXwCfaRk1
wX8/LuAzB8J0ub8jsIiLN94=
=0u+r
-END PGP SIGNATURE-
GLSA: kde-3.0.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-9 - - PACKAGE : kde-3.0.x SUMMARY : multiple vulnerabilities in KDE DATE : 2002-12-22 13:12 UTC EXPLOIT : remote - - - From advisory: In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges. The KDE Project is aware of several possible exploits of these vulnerabilities and is releasing this advisory with patches to correct the issues. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. Read the full advisory at http://www.kde.org/info/security/advisory-20021220-1.txt INFORMATION REGARDING OTHER ARCHITECTURES THAN X86 kde-3.0.5a is currenlty only marked stable for x86. If you have succesfully compiled and merged 3.0.5a on any other architecture than x86 please report this to [EMAIL PROTECTED] INFORMATION REGARDING KDE 2.2.2 AND KDE 3.1 The Gentoo KDE team is currently testing a new revision of KDE 2.2.2 that includes fixes for the vulnerabilities mentioned in KDEs security advisory. A new GLSA will be issued when those packages are available. KDE 3.1 has not yet been released by KDE. However, masked ebuilds exist in the portage tree for various release canidates. Since KDE has not released a new version that fixes these vulnerabilites no update is available for those who are currently running any version of the 3.1.x series. If KDE releases a new RC before the official release and when KDE 3.1 final is released a new GLSA will be issued to adress the vulnerabilites in the 3.1.x series. SOLUTION It is recommended that all Gentoo Linux users who are running kde-base/kde-3.0.4 and earlier in the 3.0.x series update their systems as follows: emerge rsync emerge kde emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+BcDAfT7nyhUpoZMRAgOVAJ9+6q+PanprNTsrcsXOIyNYxKC5SgCgu0uf 5DJ+2iGbIo/UfiY45AKXEvY= =3ZMj -END PGP SIGNATURE-
GLSA: perl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-6 - - PACKAGE : perl SUMMARY : broken safe compartment DATE : 2002-12-20 14:12 UTC EXPLOIT : local - - Quote from http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5 A security hole has been discovered in Safe.pm. When a Safe compartment has already been used, there's no guarantee that it's safe any longer, because there's a way for code executed within the Safe compartment to alter its operation mask. (Thus, programs that use a Safe compartment only once aren't affected by this bug Mor information is available at http://groups.google.com/groups?threadm=rt-17744-39131.3.96370682846239%40bugs6.perl.org SOLUTION It is recommended that all Gentoo Linux users who are running sys-devel/perl-5.6.1-r9 or sys-devel/5.8.0-r5 and earlier update their systems as follows: emerge rsync emerge perl emerge clean ALTERNATIVE SOLUTION If you don't want to or can't upgrade your perl package right away, you can emerge dev-perl/Safe to accomplish the same solution as above. - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Ay13fT7nyhUpoZMRAnnkAJ9rZaVQgc8/6JBljqKRq2uO9wj1eACggdJc vvE5MXez0xeSi4EC30BYnSM= =WQ3V -END PGP SIGNATURE-
GLSA: wget
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-7 - - PACKAGE : wget SUMMARY : directory traversal DATE : 2002-12-20 17:12 UTC EXPLOIT : remote - - Quote from advisory A malicious server could potentially overwrite key files to cause a denial of service or, in some cases, gain privileges by modifying executable files. The risk is mitigated because non-default configurations are primarily affected, and the user must be convinced to access the malicious server. However, web-based clients may be more easily exploited. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=103962838628940w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/wget-1.8.2-r1 and earlier update their systems as follows: emerge rsync emerge wget emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+A1BVfT7nyhUpoZMRAitfAJ0ZuwvlTRZnBP9rzfRPE51L7Qm3MwCfUXLn 4QPk2v8r54aB+53CPAwIFhk= =RLsN -END PGP SIGNATURE-
GLSA: mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-2 - - PACKAGE : mysql SUMMARY : remote DOS and arbitrary code execution DATE : 2002-12-15 12:12 UTC EXPLOIT : remote - - - From e-matters advisory: We have discovered two flaws within the MySQL server that can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. We have also discovered an arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. Read the full advisory at http://security.e-matters.de/advisories/042002.html SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/freeswan-3.23.53 and earlier update their systems as follows: emerge rsync emerge mysql emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9/HS4fT7nyhUpoZMRAh7MAKDDjsF3TdzsFWQ7ZlSgkuQCWyhxjACgifSG xISOZG8+mGVv1S6BQCs4+I8= =AA47 -END PGP SIGNATURE-
GLSA: fetchmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-3 - - PACKAGE : fetchmail SUMMARY : buffer overflow DATE : 2002-12-15 13:12 UTC EXPLOIT : remote - - - From e-matters advisory: In the light of recent discoveries we reaudited Fetchmail and found another bufferoverflow within the default configuration. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail. Depending on the configuration this allows a remote root compromise. Read the full advisory at http://security.e-matters.de/advisories/052002.html SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/fetchmail-6.1.2 and earlier update their systems as follows: emerge rsync emerge fetchmail emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9/H6GfT7nyhUpoZMRAsaYAJ91S9qnCMg7K52RKryLUMuWi0URIACgpFdF AUF2cEn+Y8qLPsolPSSIf0s= =nDtt -END PGP SIGNATURE-
GLSA: squirrelmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-4 - - PACKAGE : squirrelmail SUMMARY : cross site scripting DATE : 2002-12-15 14:12 UTC EXPLOIT : remote - - euronymous [EMAIL PROTECTED] found that read_body.php didn't filter out user input for 'filter_dir' and 'mailbox', making a xss attack possible. Read the full advisory at http://f0kp.iplus.ru/bz/008.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/squirrelmail-1.2.9 and earlier update their systems as follows: emerge rsync emerge squirrelmail emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9/JPrfT7nyhUpoZMRAuUKAJ98w49ZxG/AzqPtINkcLHt83S568wCfeq+N X8vYK73anWOOTITkoBwMRsY= =5d7Y -END PGP SIGNATURE-
GLSA: mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-2.1 - - PACKAGE : mysql SUMMARY : remote DOS and arbitrary code execution DATE : 2002-12-15 12:12 UTC EXPLOIT : remote - - The original advisory sent by me contained a typo (net-misc/freeswan should have been dev-db/mysql). This re-issue has the correct text. - From e-matters advisory: We have discovered two flaws within the MySQL server that can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. We have also discovered an arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. Read the full advisory at http://security.e-matters.de/advisories/042002.html SOLUTION It is recommended that all Gentoo Linux users who are running dev-db/mysql-3.23.53 and earlier update their systems as follows: emerge rsync emerge mysql emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9/JgefT7nyhUpoZMRApRsAJ95aYUx7n0WEjXnBZlY8Zn7pYaLGwCfdGid /yJgKoxAcgQMpT08CzM/tgI= =kWbX -END PGP SIGNATURE-
GLSA: exim
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-5 - - PACKAGE : exim SUMMARY : local root vulnerability DATE : 2002-12-16 16:12 UTC EXPLOIT : local - - - From advisory: This is a format string bug in daemon.c, line 976: sprintf(CS buff, CS pid_file_path, ); /* Backward compatibility */ pid_file_path can be changed on the command line. This line is in the function daemon_go(), which only gets executed when the user is an exim-admin-user. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=103903403527788w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/exim-4.05 and earlier update their systems as follows: emerge rsync emerge exim emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9/gBNfT7nyhUpoZMRAq43AKCfp65F8XNHS5Td8CE1qQiNqvrT9QCeJUTB 6MYY1rust/c7RtKpA78PAv4= =IZpj -END PGP SIGNATURE-
GLSA: pine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-1 - - PACKAGE : pine SUMMARY : remote DOS DATE : 2002-12-02 13:12 UTC EXPLOIT : remote - - An attacker can send a fully legal email message with a crafted From-header and thus forcing pine to core dump on startup. The only way to launch pine is manually removing the bad message either directly from the spool, or from another MUA. Until the message has been removed or edited there is no way of accessing the INBOX using pine. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=103668430620531w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/pine-4.44-r5 and earlier update their systems as follows: emerge rsync emerge pine emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE962KFfT7nyhUpoZMRAuXRAJ98j+FOcW1T2+ltJNPhj2lPc7dU/gCfb8IK jEpRPKyGYvhU28yicSxYzCs= =E178 -END PGP SIGNATURE-
GLSA: php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-005 - - PACKAGE : php mod_php SUMMARY : buffer overflow DATE : 2002-11-20 13:11 UTC EXPLOIT : local remote - - - From advisory: Two vulnerabilities exists in mail() PHP function. The first one allows to execute any program/script bypassing safe_mode restriction, the second one may give an open-relay script if mail() function is not carefully used in PHP scripts. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=103011916928204w=2 SOLUTION It is recommended that all Gentoo Linux users who are running dev-php/php-4.2.2-r1 and/or dev-php/mod_php-4.2.2-r1 and earlier update their systems as follows: emerge rsync emerge php and/or emerge mod_php emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE924srfT7nyhUpoZMRAj4XAJ9YugJ+Gvb0+dQbmUJIFPbJJMFEgACgtPNQ OXAlpSYMVp0CcExWEK2ZQlI= =kuEw -END PGP SIGNATURE-
GLSA: samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-007 - - PACKAGE : samba SUMMARY : remote root access DATE : 2002-11-21 09:11 UTC EXPLOIT : remote - - - From 2.2.7 release notes: There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Read the full release notes at http://se.samba.org/samba/whatsnew/samba-2.2.7.html SOLUTION It is recommended that all Gentoo Linux users who are running net-fs/samba-2.2.5-r1 and earlier update their systems as follows: emerge rsync emerge samba emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE93KKCfT7nyhUpoZMRAoZeAKCb7Jdu+glo0BIN3wq4+cDSbmQLKACgnbaY 2+7FwJUYxYALLzhRpckJuNE= =PWpJ -END PGP SIGNATURE-
GLSA: courier
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-005 - - PACKAGE : courier SUMMARY : buffer overflow DATE : 2002-11-19 13:11 UTC EXPLOIT : local - - - From Debian Security Advisory DSA 197-1 : A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under certain circumstances so a local shell user can execute the sqwebmail binary and manage to read an arbitrary file on the local filesystem. SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/courier-0.40.0.20021026 and earlier update their systems as follows: emerge rsync emerge courier emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE92kCafT7nyhUpoZMRAlpYAKC4NgU/HGbbQoveI+uBAQi81TU2LACfVDLE vgIc8zIzeNAZmQxM4XpCTog= =YIvq -END PGP SIGNATURE-
GLSA: kdenetwork
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-004 - - PACKAGE : kdenetwork SUMMARY : rlogin.protocol and telnet.protocol URL KIO Vulnerability resLISa / LISa Vulnerabilities DATE : DATUM EXPLOIT : local remote - - from KDE advisory 2002-1 : The implementation of the rlogin protocol in all of the affected systems, and the implementation of the telnet protocol in affected KDE 2 systems, allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using the victim's account on the vulnerable machine. The vulnerability potentially enables local or remote attackers to compromise a victim's account and execute arbitrary commands on the local system with the victim's privileges, such as erasing files, accessing data or installing trojans. Read the full advisory at http://www.kde.org/info/security/advisory-2002-1.txt from KDE advisory 2002-2 : The resLISa daemon contains a buffer overflow vulnerability which potentially enables any local user to obtain access to a raw socket if 'reslisa' is installed SUID root. This vulnerability was discovered by the iDEFENSE security team and Texonet. The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an lan:// URL in an HTML page or via another KDE application. These vulnerabilities were discovered by Olaf Kirch at SuSE Linux AG. Read the full advisory at http://www.kde.org/info/security/advisory-2002-2.txt More information is available at http://www.idefense.com/advisory/11.11.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running kde-base/kdenetwork-3.0.4 and earlier update their systems as follows: emerge rsync emerge kdenetwork emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE902cmfT7nyhUpoZMRAt8pAJ9dDutM8qF2/jxTMZ7KQutTjhuLMwCgrZoU d5XyUrE6eAWBiIWQ+V/FfdA= =JhtY -END PGP SIGNATURE-
GLSA: kdelibs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-004 - - PACKAGE : kdelibs SUMMARY : rlogin.protocol and telnet.protocol URL KIO Vulnerability resLISa / LISa Vulnerabilities DATE : DATUM EXPLOIT : local remote - - from KDE advisory 2002-1 : The implementation of the rlogin protocol in all of the affected systems, and the implementation of the telnet protocol in affected KDE 2 systems, allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using the victim's account on the vulnerable machine. The vulnerability potentially enables local or remote attackers to compromise a victim's account and execute arbitrary commands on the local system with the victim's privileges, such as erasing files, accessing data or installing trojans. Read the full advisory at http://www.kde.org/info/security/advisory-2002-1.txt from KDE advisory 2002-2 : The resLISa daemon contains a buffer overflow vulnerability which potentially enables any local user to obtain access to a raw socket if 'reslisa' is installed SUID root. This vulnerability was discovered by the iDEFENSE security team and Texonet. The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an lan:// URL in an HTML page or via another KDE application. These vulnerabilities were discovered by Olaf Kirch at SuSE Linux AG. Read the full advisory at http://www.kde.org/info/security/advisory-2002-2.txt More information is available at http://www.idefense.com/advisory/11.11.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running kde-base/kdelibs-3.0.4 and earlier update their systems as follows: emerge rsync emerge kdelibs emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE902/SfT7nyhUpoZMRAg8wAKCcPSEbh+xXPVn9CdVTTJLoaXWymwCfQGWq OP1MzPDSrSIHbJO6rn9Naig= =YJX0 -END PGP SIGNATURE-
GLSA: apache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-003 - - PACKAGE : apache SUMMARY : Cross-Site Scripting Vulnerability DATE : 2002-11-12 14:11 UTC EXPLOIT : local - - A vulnerability exists in the SSI error pages of Apache 2.0 that involves incorrect filtering of server signature data. The vulnerability could enable an attacker to hijack web sessions, allowing a range of potential compromises on the targeted host. Read the full advisory at http://online.securityfocus.com/archive/1/293791 SOLUTION It is recommended that all Gentoo Linux users who are running net-www/apache-2.0.42 and earlier update their systems as follows: emerge rsync emerge apache emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE90Q7hfT7nyhUpoZMRArM0AJ4htFFr3gBDW5tga3p02/CAleoK/wCeK8gc VMxVJ4+E8XG9wCy81Y1TwOA= =wYi6 -END PGP SIGNATURE-
GLSA: kgpg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-002 - - PACKAGE : kgpg SUMMARY : keys generated in wizard have an empty passphrase DATE : 2002-11-10 13:11 UTC EXPLOIT : local - - - From http://devel-home.kde.org/~kgpg/bug.html A bug in Kgpg's key generation affects all secret keys generated through Kgpg's wizard. (Bug does not affect keys created in console/expert mode). All keys created through the wizard have an empty passphrase, which means that if someone has access to your computer and can read your secret key, he/she can decrypt your files whitout the need of a passphrase. SOLUTION It is recommended that all Gentoo Linux users who are running app-crypt/kgpg-0.8.2 and earlier update their systems as follows: emerge rsync emerge kgpg emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9zmVTfT7nyhUpoZMRAlGnAKCqIwAhxi/OtU55GVFWc+waeIY7LwCgtRgf jglVyBs6JzNtzNEQZfz69nA= =EybQ -END PGP SIGNATURE-
GLSA: MailTools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200211-001 - - PACKAGE : MailTools SUMMARY : remote command execution DATE : 2002-11-06 14:11 UTC EXPLOIT : remote - - The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vulnerable to this attack are custom auto reply programs or spam filters which use Mail::Mailer directly or indirectly. SOLUTION It is recommended that all Gentoo Linux users who are running dev-perl/MailTools-1.44-r1 and earlier update their systems as follows: emerge rsync emerge MailTools emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9ySubfT7nyhUpoZMRAgIeAJ4zSYKNfFatgEwUaq/6pskWFY333wCeLBvG 9WiQs7LM4yGUDNk0jH/k/Fw= =ZOPv -END PGP SIGNATURE-
GLSA: sharutils
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-012 - - PACKAGE : sharutils SUMMARY : inadequate checks on user-specified output files DATE : 2002-10-30 14:10 UTC EXPLOIT : local - - The uudecode utility would create an output file without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilege escalation. Read the full advisory at http://www.kb.cert.org/vuls/id/336083 SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/sharutils-4.2.1-r5 and earlier update their systems as follows: emerge rsync emerge sharutils emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9v+gPfT7nyhUpoZMRAvONAKCEtURIf7x9ywYgn5bk3bXGRgtFYwCgulgp pN2sMd4yQUooVdzqeu4OmNY= =DcXc -END PGP SIGNATURE-
GLSA: pam_ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-013 - - PACKAGE : pam_ldap SUMMARY : format string attack DATE : 2002-10-30 22:10 UTC EXPLOIT : local - - Versions 143 and earlier of the pam_ldap module are vulnerable to a format string attack. A local attacker could supply a malicious format string when opening a configuration file, which could allow the attacker to execute arbitrary code on the system with elevated privileges. SOLUTION It is recommended that all Gentoo Linux users who are running net-libs/pam_ldap-134-r1 and earlier update their systems as follows: emerge rsync emerge pam_ldap emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9wF5EfT7nyhUpoZMRArjCAJsEkwr+rMxtCSwJ4ylCHo126BBlZwCfRE2Y /snm/fWy0G8/l4C+85kHfgc= =O57d -END PGP SIGNATURE-
GLSA: mod_ssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-009 - - PACKAGE : mod_ssl SUMMARY : cross site scripting DATE : 2002-10-27 00:40 UTC EXPLOIT : remote - - Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL. SOLUTION It is recommended that all Gentoo Linux users who are running net-www/mod_ssl-2.8.11 and earlier update their systems as follows: emerge rsync emerge mod_ssl emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9uzVqfT7nyhUpoZMRAt2JAKC3lguQrRSwDKcDdtUL4042aHwWKACdHblk UEB8oAlG58KkmP0LXt2YJ1I= =E/JR -END PGP SIGNATURE-
GLSA: krb5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-011 - - PACKAGE : krb5 SUMMARY : buffer overflow DATE : 2002-10-28 14:10 UTC EXPLOIT : remote - - A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the MIT krb5 distribution can be exploited to gain unauthorized root access to a KDC host. The attacker does not need to authenticate to the daemon to successfully perform this attack. At least one exploit is known to exist in the wild, and at least one attacker is reasonably competent at cleaning up traces of intrusion. Read the full advisory at http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-crypt/krb5 and earlier update their systems as follows: emerge rsync emerge krb5 emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9vUr1fT7nyhUpoZMRAhvRAJ9zxSpTuroJ57RA9lVFegHfCODgkgCbBGRb 4qBVkt0y6Ndn9pVFt0zrplo= =SacS -END PGP SIGNATURE-
GLSA: ypserv
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-010 - - PACKAGE : ypserv SUMMARY : information leak DATE : 2002-10-28 14:10 UTC EXPLOIT : remote - - Thorsten Kukuck discovered a problem in the ypserv program which is part of the Network Information Services (NIS). A memory leak in all versions of ypserv prior to 2.5 is remotely exploitable. When a malicious user could request a non-existing map the server will leak parts of an old domainname and mapname. SOLUTION It is recommended that all Gentoo Linux users who are running net-nds/ypserv-1.3.12 and earlier update their systems as follows: emerge rsync emerge ypserv emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9vUUjfT7nyhUpoZMRAv7wAJ4hQ2QqPozFTcLkIr3ddJCHwIqiOQCcC89e CW28lSsCnFemMc4lTReoiao= =IWUR -END PGP SIGNATURE-
GLSA: kth-krb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-008 - - PACKAGE : kth-krb heimdal SUMMARY : Remote root explot DATE : 2002-10-26 16:00 UTC EXPLOIT : remote - - All versions of the kadmind daemon are vulnerable to a remote root exploit, if compiled with support for the Kerberos 4 kadmin protocol. SOLUTION It is recommended that all Gentoo Linux users who are running app-crypt/heimdal-0.5 app-crypt/kth-krb-1.2 and earlier update their systems as follows: emerge rsync emerge kth-krb emerge heimdal emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9ur0ufT7nyhUpoZMRAkoVAJ965emvno57NuDf+58fSrZwzQZlSACffxmg gRYeSIc/Flih9VXh6gtCrcw= =D8Jl -END PGP SIGNATURE-
GLSA: zope
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-007 - - PACKAGE : zope SUMMARY : Incorrect handling of XML-RPC requests DATE : 2002-10-24 15:10 UTC EXPLOIT : remote - - Zope (www.zope.org) will reveal the complete physical location where the server and its components are installed if it receives incorrect XML-RPC requests. In some cases it will reveal also information about the serves in the protected LAN (10.x.x.x for example) on which current server is relaying. More information is available at http://collector.zope.org/Zope/359 SOLUTION It is recommended that all Gentoo Linux users who are running net-www/zope-2.5.1 and earlier update their systems as follows: emerge rsync emerge zope emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uA3IfT7nyhUpoZMRAqJ2AJ4/0CLQWnONWq4k0l8myf2QQ4sk9ACgwbA3 4ZdPm20+wK0ElplUXwugB2Y= =LyVt -END PGP SIGNATURE-
GLSA: groff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-005 - - PACKAGE : groff SUMMARY : buffer overflow DATE : 2002-10-19 19:30 UTC - - The groff preprocessor contains an exploitable buffer overflow. If groff can be invoked within the LPRng printing system, an attacker can gain rights as the lp user. Remote exploitation may be possible if lpd is running and is accessible remotely, and the attacker knows the name of the printer and spoolfile. SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/groff-1.17.2-r2 and earlier update their systems as follows: emerge rsync emerge groff emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9sbgvfT7nyhUpoZMRAu3QAJkBRAmp4Dyz9TPJl2ADXkXZaq36VwCfdTbG KxmxU5E0w0og6TWQgPiZx7M= =mU/h -END PGP SIGNATURE-
GLSA: tetex
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-004 - - PACKAGE : tetex SUMMARY : Command execution vulnerability in dvips EXPLOIT : local remote DATE : 2002-10-18 22:00 UTC - - Olaf Kirch of SuSE has discovered a vulnerability in dvips that allowed remote users with printing access to execute command as the lp user by sending carefully crafted printjobs. SOLUTION It is recommended that all Gentoo Linux users who are running app-text/tetex-1.0.7-r10 and earlier update their systems as follows: emerge rsync emerge tetex emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9sIOVfT7nyhUpoZMRAto7AJ0RU7DDa3SpqQvBoeUKImMs4mEisgCggQNe 4qSNCwk2T6bcxePUOmHbDy4= =eIne -END PGP SIGNATURE-
GLSA: ggv
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-003 - - PACKAGE : ggv SUMMARY : buffer overflow EXPLOIT : local DATE : 2002-10-17 08:30 UTC - - ggv shares the same buffer overflow problem that gv did. Read the full advisory at http://www.idefense.com/advisory/09.26.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-text/ggv-1.99.90 and earlier update their systems as follows: emerge rsync emerge ggv emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9rnUQfT7nyhUpoZMRAr6jAKCNU3Ko5pluB0bZ3yIlw4paUyrh1ACgqQbf CvBJCihfTpuMWwci2+Rhn78= =mnVF -END PGP SIGNATURE-
GLSA: apache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-002 - - PACKAGE : apache SUMMARY : shared memory scoreboard vulnerabilities EXPLOIT : local DATE : 2002-10-15 08:25 UTC - - Apache HTTP Server contains a vulnerability in its shared memory scoreboard. Attackers who can execute commands under the Apache UID can either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack. Read the full advisory at http://www.idefense.com/advisory/10.03.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-www/apache-1.3.26-r4 and earlier update their systems as follows: emerge rsync emerge apache emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9q9EifT7nyhUpoZMRAvMAAKC5uldCFmTfBWUELQUjdPUB63IX4ACeOIZi kXGG6Si1xe2JA+hdpT/TRSo= =Hawy -END PGP SIGNATURE-
GLSA: tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200210-001 - - PACKAGE : tomcat SUMMARY : source disclosure EXPLOIT : remote DATE : 2002-10-15 08:15 UTC - - A security vulnerability has been confirmed to exist in Apache Tomcat 4.0.x releases (including Tomcat 4.0.5), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. This is based on a variant of the exploit that was disclosed on 09/24/2002. Read the full disclosure at http://marc.theaimsgroup.com/?l=tomcat-devm=103417249325526w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-www/tomcat-4.0.5 and earlier update their systems as follows: emerge rsync emerge tomcat emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9q85zfT7nyhUpoZMRAripAKC2pwD2g82Np0cal/0afanM4mfVCgCfbx9o dNLvNJOnmcq3QcvT/S4D3wQ= =6MID -END PGP SIGNATURE-
GLSA: nss_ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE :nss_ldap SUMMARY :Buffer overflow DATE :2002-10-13 12:45 UTC - - Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. DETAIL When versions of nss_ldap prior to nss_ldap-198 are configured without a value for the host setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that the data returned by the server willfit into an internal buffer, leaving it vulnerable to a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0825 to this issue. When versions of nss_ldap prior to nss_ldap-199 are configured without a value for the host setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that the data returned has not been truncated by the resolver libraries to avoid a buffer overflow, and may attempt to parse more data than is actually available, leaving it vulnerable to a read buffer overflow. SOLUTION It is recommended that all Gentoo Linux users who are running net-libs/nss_ldap-174-r2 and earlier update their systems as follows: emerge rsync emerge nss_ldap emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9qWqGfT7nyhUpoZMRAl5/AJ9OguSgjT472Jc3wPhXSBZA8k8YcwCeMNDj ZEvGURfhv4eJwk0ZYFUiCWo= =7SpP -END PGP SIGNATURE-
GLSA: heimdal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE : heimdal SUMMARY : remote command execution EXPLOIT : remote DATE : 2002-10-14 15:30 UTC - - - From www.pdc.kth.se/heimdal: Kf and kfd are used to forward credentials in a stand-alone fashion. Work on them never really finished, and in releases earlier than Heimdal 0.5 they had multiple security issues, including possible buffer overruns. Their use has never been recommended. SOLUTION It is recommended that all Gentoo Linux users who are running app-crypt/heimdal-0.4e and earlier update their systems as follows: emerge rsync emerge heimdal emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9quK2fT7nyhUpoZMRAsc1AKCIttm56nUA6fk95yYR06PD6YSyeQCgwNLU 8EL/GnnW9aSctZoIh8r5S4M= =/ANK -END PGP SIGNATURE-
GLSA: net-snmp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE :net-snmp SUMMARY :Denial of service DATE :2002-10-14 08:00 UTC - - The SNMP daemon included in the Net-SNMP package can be crashed if it attempts to process a specially crafted packet. Exploitation requires foreknowledge of a known SNMP community string (either read or read/write). This issue potentially affects any Net-SNMP installation in which the public read-only community string has not been changed. Read the full advisory at http://www.idefense.com/advisory/10.02.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/net-snmp-5.0.2a and earlier update their systems as follows: emerge rsync emerge net-snmp emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9qnpxfT7nyhUpoZMRAr8VAJ9NwwO9ymOe6V66qGre6wdnJ2kOTACgulqf CKtVjHMlHd5/lFs31IBCyno= =KVPU -END PGP SIGNATURE-
GLSA: sendmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE :sendmail SUMMARY :smsrh bypass vulnerabilites DATE :2002-10-13 14:45 UTC - - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortiums Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Read the full advisory at http://www.sendmail.org/smrsh.adv.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/sendmail-8.12.6 and earlier update their systems as follows: emerge rsync emerge sendmail emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9qYe0fT7nyhUpoZMRAikZAJ401MoPiOSGimzqUq25IPj7sNIrIwCghsXn pXPevOcEyJm89c2k67OIA9g= =8Hz5 -END PGP SIGNATURE-
GLSA: gv
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE :gv SUMMARY :Execution of Arbitrary Shell Commands DATE :2002-10-03 10:00 UTC - - OVERVIEW GV can be tricked into executing arbitary shell commands. DETAIL When GV detects that the document is either a PDF file or a GZip compressed file, it executes some commands with the help of the system() function. Unfortunately, these commands contain the filename, which can be considered as untrusted user input. It is then possible to distribute a file (with a meticulously choosed filename, that can even seems innocent) that causes execution of arbitrary shell commands when it is read with GV. Read the original advisory at http://www.epita.fr/~bevand_m/asa/asa- SOLUTION It is recommended that all Gentoo Linux users who are running app-text/gv-3.58-r1 and earlier update their systems as follows: emerge rsync emerge gv emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9nBYTfT7nyhUpoZMRAs5iAKCQDEFd64NlXMqKZ7zs5BYCdbjQLACdFCV9 ANLj7Y54vnJdkfPxzuNmfuE= =0AGQ -END PGP SIGNATURE-
GLSA: python
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE :python SUMMARY :os.execvpe() vulnerability DATE :2002-10-03 14:45 UTC - - OVERVIEW By exploiting this vulnerability a local attacker can execute arbitrary code with the privileges of the user running python code which uses the execvpe() method. DETAIL Zack Weinberg found a vulnerability in the way the exevpe() method from the os.py module uses a temporary file name. A file which supposedly should not exist is created in a unsafe way and the method tries to execute it. The objective of such code is to discover what error the operating system returns in a portable way. SOLUTION It is recommended that all Gentoo Linux users who are running dev-lang/python-2.2.1-r4 and earlier update their systems as follows: emerge rsync emerge python emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9nFfWfT7nyhUpoZMRAlRIAKChIVtWL75kMwXlt0Ifk5s5seczkgCgiaKZ t1mU5Nim159c3J9y9dyjELs= =80ty -END PGP SIGNATURE-
GLSA: tar
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE :tar SUMMARY :directory-traversal vulnerability DATE :2002-10-01 12:30 UTC - - OVERVIEW The tar utility contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. DETAIL During testing by Redhat of the fix to GNU tar from the advisory below, it was discovered that GNU tar 1.13.25 was still vulnerable to a modified version of the same problem. Read the full original advisory at http://marc.theaimsgroup.com/?l=bugtraqm=99496364810666w=2 SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/tar-1.13.25-r2 and earlier update their systems as follows: emerge rsync emerge tar emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9mZcbfT7nyhUpoZMRAgTqAJ9TIgnwCf6vABCsQp7fZ/WpHUoCNACdGzJH 2yxb1ASJvjfl5ToRzzfJ8oM= =7aPP -END PGP SIGNATURE-
GLSA: fetchmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:fetchmail SUMMARY:remote vulnerabilities DATE :2002-10-01 09:30 UTC - - OVERVIEW Stefan Esser from e-matters has discovered several buffer overflows and a broken boundary check within Fetchmail. DETAIL If Fetchmail is running in multidrop mode these flaws can be used by remote attackers to crash it or to execute arbitrary code with the permissions of the user running fetchmail. Depending on the configuration this allows a remote root compromise. Read the full advisory at http://security.e-matters.de/advisories/032002.html SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/fetchmai-0.59.14 and earlier update their systems as follows: emerge rsync emerge fetchmail emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9mW3bfT7nyhUpoZMRAj24AJ4v6eTU4W0kFymRqxVhVm+pzLzqvACcCLP0 X1kl66YrBuEJozTTNzpwhAg= =9mUU -END PGP SIGNATURE-
GLSA: unzip
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE :unzip SUMMARY :directory-traversal vulnerability DATE :2002-10-01 10:30 UTC - - OVERVIEW Archive extraction is usually treated by users as a safe operation. There are few problems with files extraction though. DETAIL Among them: huge files with high compression ratio are able to fill memory/disk (see Antivirus scanner DoS with zip archives thread on Vuln-Dev), special device names and special characters in file names, directory traversal (dot-dot bug). Probably, directory traversal is most dangerous among this bugs, because it allows to craft archive which will trojan system on extraction. This problem is known for software developers, and newer archivers usually have some kind of protection. But in some cases this protection is weak and can be bypassed. I did very quick (approx. 30 minutes, so may be I've missed something) researches on few popular archivers. Results are below. Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraqm=99496364810666w=2 SOLUTION It is recommended that all Gentoo Linux users who are running app-arch/unzip-5.42-r1 and earlier update their systems as follows: emerge rsync emerge unzip emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9mXsMfT7nyhUpoZMRAmE2AJ42IOteK6437umkllOR4F0oJO0a4ACfY4QU u5jofs44arhh9ZKkAmPxv2A= =myfe -END PGP SIGNATURE-
GLSA: glibc (update)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:glibc SUMMARY:division by zero DATE :2002-09-27 10:00 UTC - - Wolfram Gloger discovered that the sunrpc overflow bugfix unintentially replaced potential integer overflows in connection with malloc() with more likely divisions by zero. DETAIL The XDR (external data representation) libraries are used to provide platform-independent methods for sending data from one system process to another, typically over a network connection. Such routines are commonly used in remote procedure call (RPC) implementations to provide transparency to application programmers who need to use common interfaces to interact with many different types of systems. The xdr_array() function in the XDR library provided by Sun Microsystems contains an integer overflow that can lead to improperly sized dynamic memory allocation. Subsequent problems like buffer overflows may result, depending on how and where the vulnerable xdr_array() function is used. More information can be found at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0391 http://www.kb.cert.org/vuls/id/192995 SOLUTION It is recommended that all Gentoo Linux users who are running sys-libs/glibc-2.2.5-r6 and earlier update their systems as follows: emerge rsync emerge glibc emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9lDQwfT7nyhUpoZMRAujvAJ9AgOYIJ5TfMDr4nxCK7aEXR70rLQCfaw5h V7jcupLlstZYu0C2af44yl8= =WWze -END PGP SIGNATURE-
GLSA: tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE:tomcat
SUMMARY:source exposure
DATE :2002-09-25 11:30 UTC
- -
OVERVIEW
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to
source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
DETAIL
Let say you have valid URL like http://my.site/login.jsp, then an URL like
http://my.site/servlet/org.apache.catalina.servlets.DefaultServlet/login.jsp
will give you the source code of the JSP page.
The full syntaxes of the exposure URL is:
http://{server}[:port]/[Context/]org.apache.catalina.servlets.DefaultServlet
/[context_relative_path/]file_name.jsp
More information can be found at:
http://online.securityfocus.com/archive/1/292936/2002-09-22/2002-09-28/0
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-www/tomcat-4.04 and earlier update their systems
as follows:
emerge rsync
emerge tomcat
emerge clean
- -
[EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9kaeOfT7nyhUpoZMRAjecAJwLLkCyj/iVWlRFN+1RrzR4oo9dlQCgi1PV
DTRyRrBXhKFbP7+ScPIx2A8=
=S0kw
-END PGP SIGNATURE-
GLSA: amavis
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:amavis SUMMARY:possible dos DATE :2002-09-05 10:30 UTC - - OVERVIEW possible DoS attack by a special crafted TAR archive file DETAIL The AMaViS shell script version (AMaViS 0.1.x / 0.2.x) uses securetar. securetar removes the pathes of files in a tar archive and makes each file name a unique name. Links, character devices, block devices and named pipes will be removed from the archive. A special-crafted TAR file may hung securetar forever, using up to 100% CPU time. More information can be found at: http://marc.theaimsgroup.com/?l=amavis-announcem=103121272122242w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/amavis-0.2.1-r2 and earlier update their systems as follows: emerge rsync emerge amavis emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9d1Y9fT7nyhUpoZMRAiXrAJsFH2TeGxyZx6jGO03PbUYDzaPu7QCfayd3 beUbZ/ZtN7EAjcRXdhTS34E= =M8tO -END PGP SIGNATURE-
GLSA: scrollkeeper
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:scrollkeeper SUMMARY:insecure temporary file creation DATE :2002-09-04 10:30 UTC - - OVERVIEW The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. DETAIL The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user. More information can be found at: http://online.securityfocus.com/archive/1/290090/2002-09-01/2002-09-07/0 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0662 SOLUTION It is recommended that all Gentoo Linux users who are running app-text/scrollkeeper-0.3.11 and earlier update their systems as follows: emerge rsync emerge scrollkeeper emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9deLIfT7nyhUpoZMRApU7AJwN7/4Dxd8VGAl22Hzl3nhAqacKOgCgxAKS STYwVuRPVyXmLn4eNGzd2p0= =HfLu -END PGP SIGNATURE-
GLSA: ethereal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:ethereal SUMMARY:buffer overflow DATE :2002-08-30 07:30 UTC - - OVERVIEW The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions is susceptible to a buffer overflow. DETAIL It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems. The full advisory can be read at http://www.ethereal.com/appnotes/enpa-sa-6.html SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal-0.9.5-r2 and earlier update their systems as follows: emerge rsync emerge ethereal emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9bytUfT7nyhUpoZMRAms+AKCUt6lH8p4gYd+1D92rf3mod3YpuwCeJRSa l4axUEqXgrW1U46/R5V8SN8= =N0in -END PGP SIGNATURE-
GLSA: gaim
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:gaim SUMMARY:arbitrary program execution DATE :2002-08-27 13:30 UTC - - OVERVIEW The 'Manual' browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine. DETAIL The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The 'Manual' browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine. Unfortunately, Gaim doesn't display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren't vulnerable. SOLUTION It is recommended that all Gentoo Linux users who are running net-im/gaim-0.59 and earlier update their systems as follows: emerge rsync emerge gaim emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9a36nfT7nyhUpoZMRAuKvAKCy2oLjg2rMA1wmyJTv3b8vU5SdegCfVC9t MFAp7ZtJzFxiZbXAh+V2izU= =DPLe -END PGP SIGNATURE-
GLSA: PostgreSQL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:postgresql SUMMARY:buffer overruns DATE :2002-08-26 09:40 UTC - - OVERVIEW Several buffer overruns found in PostgreSQL DETAIL The PostgreSQL Global Development Team has identified and addressed the following buffer overruns in PostgreSQL: * in handling long datetime input * in repeat() * in lpad() and rpad() with multibyte * in SET TIME ZONE and TZ env var More information can be found on the following adresses: http://online.securityfocus.com/archive/1/288305/2002-08-16/2002-08-22/0 http://online.securityfocus.com/archive/1/288334/2002-08-16/2002-08-22/0 The advisory sent by The PostgreSQL Global Development Team can be read at http://online.securityfocus.com/archive/1/288998/2002-08-23/2002-08-29/0 SOLUTION It is recommended that all Gentoo Linux users who are running dev-db/postgresql-7.2.1-r2 and earlier update their systems as follows: emerge rsync emerge postgresql emerge clean postgresql-7.2.2 is currently only available for x86. Sparc and ppc will be available when it's been tested on these archs. - - Daniel Ahlberg [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9aferfT7nyhUpoZMRAvekAJ9UjtWr7K5934otXCWVujKOrK9m5QCghSE5 W7ksuXGlIoPx2QexaxEcUEY= =nrn6 -END PGP SIGNATURE-
GLSA: xinetd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:xinetd SUMMARY:pipe exposure DATE :2002-08-14 08:40 UTC - - OVERVIEW File descriptors introduced in 2.3.4 can be used to crash xinetd resulting in a denial of service. DETAIL Solar Designer found a vulnerability in xinetd, a replacement for the BSD derived inetd. File descriptors for the signal pipe introduced in version 2.3.4 are leaked into services started from xinetd. The descriptors could be used to talk to xinetd resulting in crashing it entirely. This is usually called a denial of service. SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/xinetd-2.3.5 and earlier update their systems as follows. emerge rsync emerge xinetd emerge clean xinetd-2.3.7 is currently only available for x86. Sparc and ppc will be available when it's been tested on these archs. - - Daniel Ahlberg [EMAIL PROTECTED] - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9Wh+4fT7nyhUpoZMRAmdAAJ0a+G6wsTrpxl/KLH8A03XXDfQgHACggUqw 1xtIcSrLOLwAyv9aain+tDk= =GYvc -END PGP SIGNATURE-
GLSA: OpenSSL
- GENTOO LINUX SECURITY ANNOUNCEMENT - PACKAGE:openssl SUMMARY:denial of service / remote root exploit DATE :2002-07-30 16:15:00 - OVERVIEW Multiple potentially remotely exploitable vulnerabilities has been found in OpenSSL. DETAIL 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. The full advisory can be read at http://www.openssl.org/news/secadv_20020730.txt SOLUTION It is recommended that all Gentoo Linux users update their systems as follows. emerge --clean rsync emerge openssl emerge clean After the installation of the updated OpenSSL you should restart the services that uses OpenSSL, which include such common services as OpenSSH, SSL-Enabled POP3, IMAP, and SMTP servers, and stunnel-wrapped services as well. Also, if you have an application that is statically linked to openssl you will need to reemerge that application to build it against the new OpenSSL. - Daniel Ahlberg [EMAIL PROTECTED] -
