[ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: UW IMAP toolkit: Multiple vulnerabilities Date: November 25, 2009 Bugs: #245425, #252567 ID: 200911-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been found in the UW IMAP toolkit and the c-client library, the worst of which leading to the execution of arbitrary code. Background == The UW IMAP toolkit is a daemon for the IMAP and POP3 network mail protocols. The c-client library provides an API for IMAP, POP3 and other protocols. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-libs/c-client2007e = 2007e 2 net-mail/uw-imap 2007e = 2007e --- 2 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities were found in the UW IMAP toolkit: * Aron Andersson and Jan Sahlin of Bitsec reported boundary errors in the tmail and dmail utilities when processing overly long mailbox names, leading to stack-based buffer overflows (CVE-2008-5005). * An error in smtp.c in the c-client library was found, leading to a NULL pointer dereference vulnerability (CVE-2008-5006). * Ludwig Nussel reported an off-by-one error in the rfc822_output_char() function in the RFC822BUFFER routines in the c-client library, as used by the UW IMAP toolkit (CVE-2008-5514). Impact == A remote attacker could send an e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, possibly leading to the execution of arbitrary code. A local attacker could gain privileges by specifying a long folder extension argument to the tmail or dmail program. Furthermore, a remote attacker could send a specially crafted mail message to the UW IMAP toolkit or another daemon using the c-client library, leading to a Denial of Service. A remote SMTP server could respond to the QUIT command with a close of the TCP connection instead of the expected 221 response code, possibly leading to a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All c-client library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-libs/c-client-2007e All UW IMAP toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-mail/uw-imap-2007e References == [ 1 ] CVE-2008-5005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005 [ 2 ] CVE-2008-5006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5006 [ 3 ] CVE-2008-5514 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200911-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[resent] [ GLSA 200911-04 ] dstat: Untrusted search path
Due to an oversight on my part, the original email has not been signed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: dstat: Untrusted search path Date: November 25, 2009 Bugs: #293497 ID: 200911-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An untrusted search path vulnerability in the dstat might result in the execution of arbitrary code. Background == dstat is a versatile system resource monitor written in Python. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-apps/dstat 0.6.9-r1 = 0.6.9-r1 Description === Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path (sys.path) before calling import. Impact == A local attacker could entice a user to run dstat from a directory containing a specially crafted Python module, resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == Do not run dstat from untrusted working directories. Resolution == All dstat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-apps/dstat-0.6.9-r1 References == [ 1 ] CVE-2009-3894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3894 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200911-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200908-03 ] libTIFF: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: User-assisted execution of arbitrary code Date: August 07, 2009 Bugs: #276339, #276988 ID: 200908-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple boundary checking vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Background == libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/tiff 3.8.2-r8= 3.8.2-r8 Description === Two vulnerabilities have been reported in libTIFF: * wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). * Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). Impact == A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/tiff-3.8.2-r8 References == [ 1 ] CVE-2009-2285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285 [ 2 ] CVE-2009-2347 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200908-04 ] Adobe products: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe products: Multiple vulnerabilities Date: August 07, 2009 Bugs: #278813, #278819 ID: 200908-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow for attacks including the remote execution of arbitrary code. Background == Adobe Flash Player is a closed-source playback software for Flash SWF files. Adobe Reader is a closed-source PDF reader that plays Flash content as well. Affected packages = --- Package / Vulnerable /Unaffected --- 1 www-plugins/adobe-flash 10.0.32.18= 10.0.32.18 2 app-text/acroread 9.1.3 = 9.1.3 --- 2 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities have been reported in Adobe Flash Player: * lakehu of Tencent Security Center reported an unspecified memory corruption vulnerability (CVE-2009-1862). * Mike Wroe reported an unspecified vulnerability, related to privilege escalation (CVE-2009-1863). * An anonymous researcher through iDefense reported an unspecified heap-based buffer overflow (CVE-2009-1864). * Chen Chen of Venustech reported an unspecified null pointer vulnerability (CVE-2009-1865). * Chen Chen of Venustech reported an unspecified stack-based buffer overflow (CVE-2009-1866). * Joran Benker reported that Adobe Flash Player facilitates clickjacking attacks (CVE-2009-1867). * Jun Mao of iDefense reported a heap-based buffer overflow, related to URL parsing (CVE-2009-1868). * Roee Hay of IBM Rational Application Security reported an unspecified integer overflow (CVE-2009-1869). * Gareth Heyes and Microsoft Vulnerability Research reported that the sandbox in Adobe Flash Player allows for information disclosure, when SWFs are saved to the hard drive (CVE-2009-1870). Impact == A remote attacker could entice a user to open a specially crafted PDF file or web site containing Adobe Flash (SWF) contents, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service (application crash). Furthermore, a remote attacker could trick a user into clicking a button on a dialog by supplying a specially crafted SWF file and disclose sensitive information by exploiting a sandbox issue. Workaround == There is no known workaround at this time. Resolution == All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =www-plugins/adobe-flash-10.0.32.18 All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-9.1.3 References == [ 1 ] CVE-2009-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862 [ 2 ] CVE-2009-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1863 [ 3 ] CVE-2009-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1864 [ 4 ] CVE-2009-1865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1865 [ 5 ] CVE-2009-1866 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1866 [ 6 ] CVE-2009-1867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1867 [ 7 ] CVE-2009-1868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1868 [ 8 ] CVE-2009-1869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1869 [ 9 ] CVE-2009-1870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1870 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons -
[ GLSA 200907-15 ] Nagios: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Nagios: Execution of arbitrary code Date: July 19, 2009 Bugs: #245887, #249876, #275288 ID: 200907-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Nagios may lead to the execution of arbitrary code. Background == Nagios is an open source host, service and network monitoring program. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/nagios-core 3.0.6-r2 = 3.0.6-r2 Description === Multiple vulnerabilities have been reported in Nagios: * Paul reported that statuswml.cgi does not properly sanitize shell metacharacters in the (1) ping and (2) traceroute parameters (CVE-2009-2288). * Nagios does not properly verify whether an authenticated user is authorized to run certain commands (CVE-2008-5027). * Andreas Ericsson reported that Nagios does not perform validity checks to verify HTTP requests, leading to Cross-Site Request Forgery (CVE-2008-5028). * An unspecified vulnerability in Nagios related to CGI programs, adaptive external commands, and writing newlines and submitting service comments has been reported (CVE-2008-6373). Impact == A remote authenticated or unauthenticated attacker may exploit these vulnerabilities to execute arbitrary commands or elevate privileges. Workaround == There is no known workaround at this time. Resolution == All Nagios users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =net-analyzer/nagios-core-3.0.6-r2 NOTE: Users of the Nagios 2 branch can update to version 2.12-r1 which contains a patch to fix CVE-2009-2288. However, that branch is not supported upstream or in Gentoo and we are unaware whether the other vulnerabilities affect 2.x installations. References == [ 1 ] CVE-2008-5027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027 [ 2 ] CVE-2008-5028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028 [ 3 ] CVE-2008-6373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6373 [ 4 ] CVE-2009-2288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-16 ] Python: Integer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Python: Integer overflows Date: July 19, 2009 Bugs: #246991 ID: 200907-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows in Python have an unspecified impact. Background == Python is an interpreted, interactive, object-oriented programming language. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/python 2.5.4-r2= 2.5.4-r2 *= 2.4.6 Description === Chris Evans reported multiple integer overflows in the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. Impact == A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. The security impact is currently unknown but may include the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Python 2.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/python-2.5.4-r2 All Python 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/python-2.4.6 References == [ 1 ] CVE-2008-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-14 ] Rasterbar libtorrent: Directory traversal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Rasterbar libtorrent: Directory traversal Date: July 17, 2009 Bugs: #273156, #273961 ID: 200907-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A directory traversal vulnerability in Rasterbar libtorrent might allow a remote attacker to overwrite arbitrary files. Background == Rasterbar libtorrent is a C++ BitTorrent implementation focusing on efficiency and scalability. Deluge is a BitTorrent client that ships a copy of libtorrent. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-libs/rb_libtorrent 0.13-r1 = 0.13-r1 2 net-p2p/deluge1.1.9 = 1.1.9 --- 2 affected packages on all of their supported architectures. --- Description === census reported a directory traversal vulnerability in src/torrent_info.cpp that can be triggered via .torrent files. Impact == A remote attacker could entice a user or automated system using Rasterbar libtorrent to load a specially crafted BitTorrent file to create or overwrite arbitrary files using dot dot sequences in filenames. Workaround == There is no known workaround at this time. Resolution == All Rasterbar libtorrent users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =net-libs/rb_libtorrent-0.13-r1 All Deluge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-p2p/deluge-1.1.9 References == [ 1 ] CVE-2009-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1760 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-13 ] PulseAudio: Local privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PulseAudio: Local privilege escalation Date: July 16, 2009 Bugs: #276986 ID: 200907-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges. Background == PulseAudio is a network-enabled sound server with an advanced plug-in system. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/pulseaudio 0.9.9-r54 = 0.9.9-r54 Description === Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. Impact == A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges. Workaround == Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users. Resolution == All PulseAudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =media-sound/pulseaudio-0.9.9-r54 References == [ 1 ] CVE-2009-1894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1894 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-05 ] git: git-daemon Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: git: git-daemon Denial of Service Date: July 12, 2009 Bugs: #273905 ID: 200907-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in git-daemon might lead to a Denial of Service via resource consumption. Background == git - the stupid content tracker, the revision control system used by the Linux kernel team. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-util/git 1.6.3.3= 1.6.3.3 Description === Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments. Impact == A remote unauthenticated attacker could send a specially crafted request to git-daemon, possibly leading to a Denial of Service (CPU consumption). Workaround == There is no known workaround at this time. Resolution == All git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-util/git-1.6.3.3 References == [ 1 ] CVE-2009-2108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2108 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-06 ] Adobe Reader: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: July 12, 2009 Bugs: #267846, #273908 ID: 200907-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Adobe Reader is vulnerable to remote code execution via crafted PDF files. Background == Adobe Reader is a PDF reader released by Adobe. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/acroread8.1.6 = 8.1.6 Description === Multiple vulnerabilities have been reported in Adobe Reader: * Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in the JBIG2 filter (CVE-2009-0198). * Mark Dowd of the IBM Internet Security Systems X-Force and Nicolas Joly of VUPEN Security reported multiple heap-based buffer overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889) * Arr1val reported that multiple methods in the JavaScript API might lead to memory corruption when called with crafted arguments (CVE-2009-1492, CVE-2009-1493). * An anonymous researcher reported a stack-based buffer overflow related to U3D model files with a crafted extension block (CVE-2009-1855). * Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow related to the FlateDecode filter, which triggers a heap-based buffer overflow (CVE-2009-1856). * Haifei Li of Fortinet's FortiGuard Global Security Research Team reported a memory corruption vulnerability related to TrueType fonts (CVE-2009-1857). * The Apple Product Security Team reported a memory corruption vulnerability in the JBIG2 filter (CVE-2009-1858). * Matthew Watchinski of Sourcefire VRT reported an unspecified memory corruption (CVE-2009-1859). * Will Dormann of CERT reported multiple heap-based buffer overflows when processing JPX (aka JPEG2000) stream that trigger heap memory corruption (CVE-2009-1861). * Multiple unspecified vulnerabilities have been discovered (CVE-2009-2028). Impact == A remote attacker could entice a user to open a specially crafted document, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-8.1.6 References == [ 1 ] CVE-2009-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0198 [ 2 ] CVE-2009-0509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0509 [ 3 ] CVE-2009-0510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0510 [ 4 ] CVE-2009-0511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0511 [ 5 ] CVE-2009-0512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0512 [ 6 ] CVE-2009-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0888 [ 7 ] CVE-2009-0889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0889 [ 8 ] CVE-2009-1492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492 [ 9 ] CVE-2009-1493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493 [ 10 ] CVE-2009-1855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1855 [ 11 ] CVE-2009-1856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1856 [ 12 ] CVE-2009-1857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1857 [ 13 ] CVE-2009-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1858 [ 14 ] CVE-2009-1859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1859 [ 15 ] CVE-2009-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1861 [ 16 ] CVE-2009-2028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2028 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may
[ GLSA 200907-07 ] ModPlug: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ModPlug: User-assisted execution of arbitrary code Date: July 12, 2009 Bugs: #266913 ID: 200907-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ModPlug contains several buffer overflows that could lead to the execution of arbitrary code. Background == ModPlug is a library for playing MOD-like music. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libmodplug 0.8.7 = 0.8.7 2 media-libs/gst-plugins-bad 0.10.11 = 0.10.11 --- 2 affected packages on all of their supported architectures. --- Description === Two vulnerabilities have been reported in ModPlug: * dummy reported an integer overflow in the CSoundFile::ReadMed() function when processing a MED file with a crafted song comment or song name, which triggers a heap-based buffer overflow (CVE-2009-1438). * Manfred Tremmel and Stanislav Brabec reported a buffer overflow in the PATinst() function when processing a long instrument name (CVE-2009-1513). The GStreamer Bad plug-ins (gst-plugins-bad) before 0.10.11 built a vulnerable copy of ModPlug. Impact == A remote attacker could entice a user to read specially crafted files, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All ModPlug users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libmodplug-0.8.7 gst-plugins-bad 0.10.11 and later versions do not include the ModPlug plug-in (it has been moved to media-plugins/gst-plugins-modplug). All gst-plugins-bad users should upgrade to the latest version and install media-plugins/gst-plugins-modplug: # emerge --sync # emerge --ask --oneshot -v =media-libs/gst-plugins-bad-0.10.11 # emerge --ask --verbose media-plugins/gst-plugins-modplug References == [ 1 ] CVE-2009-1438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438 [ 2 ] CVE-2009-1513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1513 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-08 ] Multiple Ralink wireless drivers: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple Ralink wireless drivers: Execution of arbitrary code Date: July 12, 2009 Bugs: #257023 ID: 200907-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow in multiple Ralink wireless drivers might lead to the execution of arbitrary code with elevated privileges. Background == All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 rt2400 = 1.2.2_beta3Vulnerable! 2 rt2500 = 1.1.0_pre2007071515Vulnerable! 3 rt2570= 20070209 Vulnerable! 4 rt61= 1.1.0_beta2Vulnerable! 5 ralink-rt61 = 1.1.1.0 Vulnerable! --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. --- 5 affected packages on all of their supported architectures. --- Description === Aviv reported an integer overflow in multiple Ralink wireless card drivers when processing a probe request packet with a long SSID, possibly related to an integer signedness error. Impact == A physically proximate attacker could send specially crafted packets to a user who has wireless networking enabled, possibly resulting in the execution of arbitrary code with root privileges. Workaround == Unload the kernel modules. Resolution == All external kernel modules have been masked and we recommend that users unmerge those drivers. The Linux mainline kernel has equivalent support for these devices and the vulnerability has been resolved in stable versions of sys-kernel/gentoo-sources. # emerge --unmerge net-wireless/rt2400 # emerge --unmerge net-wireless/rt2500 # emerge --unmerge net-wireless/rt2570 # emerge --unmerge net-wireless/rt61 # emerge --unmerge net-wireless/ralink-rt61 References == [ 1 ] CVE-2009-0282 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0282 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-09 ] Cyrus-SASL: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Cyrus-SASL: Execution of arbitrary code Date: July 12, 2009 Bugs: #270261 ID: 200907-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary code in applications or daemons that authenticate using SASL. Background == Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/cyrus-sasl 2.1.23 = 2.1.23 Description === James Ralston reported that in certain situations, Cyrus-SASL does not properly terminate strings which can result in buffer overflows when performing Base64 encoding. Impact == A remote unauthenticated user might send specially crafted packets to a daemon using Cyrus-SASL, possibly resulting in the execution of arbitrary code with the privileges of the user running the daemon or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Cyrus-SASL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/cyrus-sasl-2.1.23 References == [ 1 ] CVE-2009-0688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200907-10 ] Syslog-ng: Chroot escape
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Syslog-ng: Chroot escape Date: July 12, 2009 Bugs: #247278 ID: 200907-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited. Background == Syslog-ng is a flexible and scalable system logger. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-admin/syslog-ng2.1.3 *= 2.0.10 = 2.1.3 Description === Florian Grandel reported that Syslog-ng does not call chdir() before chroot() which leads to an inherited file descriptor to the current working directory. Impact == A local attacker might exploit a separate vulnerability in Syslog-ng and use this vulnerability to escape the chroot jail. Workaround == There is no known workaround at this time. Resolution == All Syslog-ng 2.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/syslog-ng-2.0.10 All Syslog-ng 2.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/syslog-ng-2.1.3 References == [ 1 ] CVE-2008-5110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200905-01 ] Asterisk: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: May 02, 2009 Bugs: #218966, #224835, #232696, #232698, #237476, #250748, #254304 ID: 200905-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been found in Asterisk allowing for Denial of Service and username disclosure. Background == Asterisk is an open source telephony engine and toolkit. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/asterisk 1.2.32 = 1.2.32 Description === Multiple vulnerabilities have been discovered in the IAX2 channel driver when performing the 3-way handshake (CVE-2008-1897), when handling a large number of POKE requests (CVE-2008-3263), when handling authentication attempts (CVE-2008-5558) and when handling firmware download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not correctly handle SIP INVITE messages that lack a From header (CVE-2008-2119), and responds differently to a failed login attempt depending on whether the user account exists (CVE-2008-3903, CVE-2009-0041). Impact == Remote unauthenticated attackers could send specially crafted data to Asterisk, possibly resulting in a Denial of Service via a daemon crash, call-number exhaustion, CPU or traffic consumption. Remote unauthenticated attackers could furthermore enumerate valid usernames to facilitate brute force login attempts. Workaround == There is no known workaround at this time. Resolution == All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/asterisk-1.2.32 References == [ 1 ] CVE-2008-1897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897 [ 2 ] CVE-2008-2119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119 [ 3 ] CVE-2008-3263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3263 [ 4 ] CVE-2008-3264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3264 [ 5 ] CVE-2008-3903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903 [ 6 ] CVE-2008-5558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558 [ 7 ] CVE-2009-0041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: April 18, 2009 Bugs: #259992 ID: 200904-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Adobe Reader is vulnerable to execution of arbitrary code. Background == Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/acroread8.1.4 = 8.1.4 Description === Multiple vulnerabilities have been discovered in Adobe Reader: * Alin Rad Pop of Secunia Research reported a heap-based buffer overflow when processing PDF files containing a malformed JBIG2 symbol dictionary segment (CVE-2009-0193). * A buffer overflow related to a non-JavaScript function call and possibly an embedded JBIG2 image stream has been reported (CVE-2009-0658). * Tenable Network Security reported a stack-based buffer overflow that can be triggered via a crafted argument to the getIcon() method of a Collab object (CVE-2009-0927). * Sean Larsson of iDefense Labs reported a heap-based buffer overflow when processing a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table (CVE-2009-0928). * Jonathan Brossard of the iViZ Security Research Team reported an unspecified vulnerability related to JBIG2 and input validation (CVE-2009-1061). * Will Dormann of CERT/CC reported a vulnerability lading to memory corruption related to JBIG2 (CVE-2009-1062). Impact == A remote attacker could entice a user to open a specially crafted PDF document, possibly leading to the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-8.1.4 References == [ 1 ] CVE-2009-0193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0193 [ 2 ] CVE-2009-0658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658 [ 3 ] CVE-2009-0927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0927 [ 4 ] CVE-2009-0928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0928 [ 5 ] CVE-2009-1061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1061 [ 6 ] CVE-2009-1062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1062 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: mpg123: User-assisted execution of arbitrary code Date: April 16, 2009 Bugs: #265342 ID: 200904-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in mpg123 might allow for the execution of arbitrary code. Background == mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/mpg1231.7.2 = 1.7.2 Description === The vendor reported a signedness error in the store_id3_text() function in id3.c, allowing for out-of-bounds memory access. Impact == A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 (MP3) file containing a specially crafted ID3 tag, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All mpg123 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/mpg123-1.7.2 References == [ 1 ] CVE-2009-1301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-11 ] Tor: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Tor: Multiple vulnerabilities Date: April 08, 2009 Bugs: #250018, #256078, #258833 ID: 200904-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Tor might allow for heap corruption, Denial of Service, escalation of privileges and information disclosure. Background == Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/tor 0.2.0.34 = 0.2.0.34 Description === * Theo de Raadt reported that the application does not properly drop privileges to the primary groups of the user specified via the User configuration option (CVE-2008-5397). * rovv reported that the ClientDNSRejectInternalAddresses configuration option is not always enforced (CVE-2008-5398). * Ilja van Sprundel reported a heap-corruption vulnerability that might be remotely triggerable on some platforms (CVE-2009-0414). * It has been reported that incomplete IPv4 addresses are treated as valid, violating the specification (CVE-2009-0939). * Three unspecified vulnerabilities have also been reported (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938). Impact == A local attacker could escalate privileges by leveraging unintended supplementary group memberships of the Tor process. A remote attacker could exploit these vulnerabilities to cause a heap corruption with unknown impact and attack vectors, to cause a Denial of Service via CPU consuption or daemon crash, and to weaken anonymity provided by the service. Workaround == There is no known workaround at this time. Resolution == All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/tor-0.2.0.34 References == [ 1 ] CVE-2008-5397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397 [ 2 ] CVE-2008-5398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5398 [ 3 ] CVE-2009-0414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0414 [ 4 ] CVE-2009-0936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0936 [ 5 ] CVE-2009-0937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0937 [ 6 ] CVE-2009-0938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0938 [ 7 ] CVE-2009-0939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0939 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Multiple vulnerabilities Date: April 08, 2009 Bugs: #262736, #263398 ID: 200904-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilites in MIT Kerberos 5 might allow remote unauthenticated users to execute arbitrary code with root privileges. Background == MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-crypt/mit-krb5 1.6.3-r6 = 1.6.3-r6 Description === Multiple vulnerabilities have been reported in MIT Kerberos 5: * A free() call on an uninitialized pointer in the ASN.1 decoder when decoding an invalid encoding (CVE-2009-0846). * A buffer overread in the SPNEGO GSS-API application, reported by Apple Product Security (CVE-2009-0844). * A NULL pointer dereference in the SPNEGO GSS-API application, reported by Richard Evans (CVE-2009-0845). * An incorrect length check inside an ASN.1 decoder leading to spurious malloc() failures (CVE-2009-0847). Impact == A remote unauthenticated attacker could exploit the first vulnerability to cause a Denial of Service or, in unlikely circumstances, execute arbitrary code on the host running krb5kdc or kadmind with root privileges and compromise the Kerberos key database. Exploitation of the other vulnerabilities might lead to a Denial of Service in kadmind, krb5kdc, or other daemons performing authorization against Kerberos that utilize GSS-API or an information disclosure. Workaround == There is no known workaround at this time. Resolution == All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-crypt/mit-krb5-1.6.3-r6 References == [ 1 ] CVE-2009-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844 [ 2 ] CVE-2009-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845 [ 3 ] CVE-2009-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846 [ 4 ] CVE-2009-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-10 ] Avahi: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Avahi: Denial of Service Date: April 08, 2009 Bugs: #260971 ID: 200904-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in Avahi might lead to a Denial of Service via network and CPU consumption. Background == Avahi is a system that facilitates service discovery on a local network. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 net-dns/avahi 0.6.24-r2 = 0.6.24-r2 Description === Rob Leslie reported that the originates_from_local_legacy_unicast_socket() function in avahi-core/server.c does not account for the network byte order of a port number when processing incoming multicast packets, leading to a multicast packet storm. Impact == A remote attacker could send specially crafted legacy unicast mDNS query packets to the Avahi daemon, resulting in a Denial of Service due to network bandwidth and CPU consumption. Workaround == There is no known workaround at this time. Resolution == All Avahi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/avahi-0.6.24-r2 References == [ 1 ] CVE-2009-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0758 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-07 ] Xpdf: Untrusted search path
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: Untrusted search path Date: April 07, 2009 Bugs: #242930 ID: 200904-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in Xpdf might allow local attackers to execute arbitrary code. Background == Xpdf is a PDF file viewer that runs under the X Window System. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/xpdf 3.02-r2 = 3.02-r2 Description === Erik Wallin reported that Gentoo's Xpdf attempts to read the xpdfrc file from the current working directory if it cannot find a .xpdfrc file in the user's home directory. This is caused by a missing definition of the SYSTEM_XPDFRC macro when compiling a repackaged version of Xpdf. Impact == A local attacker could entice a user to run xpdf from a directory containing a specially crafted xpdfrc file, resulting in the execution of arbitrary code when attempting to, e.g., print a file. Workaround == Do not run Xpdf from untrusted working directories. Resolution == All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/xpdf-3.02-r2 References == [ 1 ] CVE-2009-1144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1144 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-08 ] OpenSSL: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Denial of Service Date: April 07, 2009 Bugs: #263751 ID: 200904-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in OpenSSL might allow for a Denial of Service when printing certificate details. Background == OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/openssl 0.9.8k = 0.9.8k Description === The ASN1_STRING_print_ex() function does not properly check the provided length of a BMPString or UniversalString, leading to an invalid memory access. Impact == A remote attacker could entice a user or automated system to print a specially crafted certificate, possibly leading to a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/openssl-0.9.8k References == [ 1 ] CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-02 ] GLib: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GLib: Execution of arbitrary code Date: April 03, 2009 Bugs: #249214 ID: 200904-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows might allow for the execution of arbitrary code when performing base64 conversion. Background == The GLib is a library of C routines that is used by a multitude of programs. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 dev-libs/glib 2.18.4-r1 = 2.18.4-r1 *= 2.16.6-r1 Description === Diego E. Pettenò reported multiple integer overflows in glib/gbase64.c when converting a long string from or to a base64 representation. Impact == A remote attacker could entice a user or automated system to perform a base64 conversion via an application using GLib, possibly resulting in the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All GLib 2.18 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/glib-2.18.4-r1 All GLib 2.16 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/glib-2.16.6-r1 References == [ 1 ] CVE-2008-4316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-03 ] Gnumeric: Untrusted search path
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gnumeric: Untrusted search path Date: April 03, 2009 Bugs: #257012 ID: 200904-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An untrusted search path vulnerability in Gnumeric might result in the execution of arbitrary code. Background == The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-office/gnumeric 1.8.4-r1= 1.8.4-r1 Description === James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric. Impact == A local attacker could entice a user to run Gnumeric from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Gnumeric. Workaround == Do not run gnumeric from untrusted working directories. Resolution == All Gnumeric users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/gnumeric-1.8.4-r1 References == [ 1 ] CVE-2009-0318 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0318 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-26 ] TMSNC: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: TMSNC: Execution of arbitrary code Date: March 12, 2009 Bugs: #229157 ID: 200903-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in TMSNC might lead to the execution of arbitrary code when processing an instant message. Background == TMSNC is a Textbased client for the MSN instant messaging protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-im/tmsnc = 0.3.2-r1 Vulnerable! --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description === Nico Golde reported a stack-based buffer overflow when processing a MSN packet with a UBX command containing a large UBX payload length field. Impact == A remote attacker could send a specially crafted message, possibly resulting in the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == Since TMSNC is no longer maintained, we recommend that users unmerge the vulnerable package and switch to another console-based MSN client such as CenterIM or Pebrot: # emerge --unmerge net-im/tmsnc References == [ 1 ] CVE-2008-2828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2828 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-26.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
Hello Paul, On Monday 09 March 2009, Paul Wouters wrote: On Mon, 9 Mar 2009, Robert Buchholz wrote: Subject: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation Once again, thanks to everyone for not contacting the Openswan Project in this matter just like they did not do this 6 months ago when this vulnerability came out originally. We often contact upstream about security issues that we are tracking, however in this case it seemed to be an error in our ebuild which installed a script that was not intended to by upstream. A local attacker could perform symlink attacks to execute arbitrary code and overwrite arbitrary files with the privileges of the user running the application. The ipsec livetest command was never called or used by anything in openswan as it was not finished. Furthermore, it was no longer installed AND explicitely disabled since: commit 4661d345b676d5412a52b6d1289568fc4ab31eac Author: Paul Wouters p...@xelerance.com Date: Fri Nov 21 23:52:38 2008 -0600 Skip installing livetest when we added: $ head -5 programs/livetest/livetest.in #!/bin/sh echo currently not used exit True, however this was not the case in our ebuild for 2.4.13-r1 and earlier. In current versions we do not install it anymore, which is what you have recommended below as well. Workaround == There is no known workaround at this time. The ipsec livetest is not even used by anything within the openswan software. It is never called. No parts of openswan are called without root privs. This whole thing is moot. Please bury it. Or just remove the install of the livetest command in your build environment. Or just ship a newer version of openswanm like 2.6.20 instead of the latest vulnerable version in 2.6.16. Resolution == All Openswan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/openswan-2.4.13-r2 Ahh. gentoo still uses the openswan-2.4.x version which has been EOL since early 2008. The version of a software to move to stable or to remain in unstable Gentoo is at the discretion of the maintainer, so I cannot comment on the reasons for this. Also note that to problematic use was in wget -O. Perhaps one should talk to the wget people about symlink attack in their code instead? Paul Robert signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-22 ] Ganglia: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Ganglia: Execution of arbitrary code Date: March 10, 2009 Bugs: #255366 ID: 200903-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer-overflow in Ganglia's gmetad might lead to the execution of arbitrary code. Background == Ganglia is a scalable distributed monitoring system for clusters and grids. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-cluster/ganglia 3.1.1-r2= 3.1.1-r2 Description === Spike Spiegel reported a stack-based buffer overflow in the process_path() function when processing overly long pathnames in gmetad/server.c. Impact == A remote attacker could send a specially crafted request to the gmetad service leading to the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Ganglia users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-cluster/ganglia-3.1.1-r2 References == [ 1 ] CVE-2009-0241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0241 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-05 ] PDFjam: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PDFjam: Multiple vulnerabilities Date: March 07, 2009 Bugs: #252734 ID: 200903-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the PDFjam scripts allow for local privilege escalation. Background == PDFjam is a small collection of shell scripts to edit PDF documents, including pdfnup, pdfjoin and pdf90. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-text/pdfjam 1.20-r1 = 1.20-r1 Description === * Martin Vaeth reported multiple untrusted search path vulnerabilities (CVE-2008-5843). * Marcus Meissner of the SUSE Security Team reported that temporary files are created with a predictable name (CVE-2008-5743). Impact == A local attacker could place a specially crafted Python module in the current working directory or the /var/tmp directory, and entice a user to run the PDFjam scripts, leading to the execution of arbitrary code with the privileges of the user running the application. A local attacker could also leverage symlink attacks to overwrite arbitrary files. Workaround == There is no known workaround at this time. Resolution == All PDFjam users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/pdfjam-1.20-r1 References == [ 1 ] CVE-2008-5843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5843 [ 2 ] CVE-2008-5743 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5743 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-06 ] nfs-utils: Access restriction bypass
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nfs-utils: Access restriction bypass Date: March 07, 2009 Bugs: #242696 ID: 200903-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in nfs-utils allows for bypass of the netgroups restriction. Background == nfs-utils contains the client and daemon implementations for the NFS protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-fs/nfs-utils1.1.3 = 1.1.3 Description === Michele Marcionelli reported that nfs-utils invokes the hosts_ctl() function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. Impact == A remote attacker could bypass intended access restrictions, i.e. NFS netgroups, and gain access to restricted services. Workaround == There is no known workaround at this time. Resolution == All nfs-utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-fs/nfs-utils-1.1.3 References == [ 1 ] CVE-2008-4552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-07 ] Samba: Data disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Samba: Data disclosure Date: March 07, 2009 Bugs: #247620 ID: 200903-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A missing boundary check in Samba might lead to the disclosure of memory contents. Background == Samba is a suite of SMB and CIFS client/server programs. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-fs/samba 3.0.33 = 3.0.33 Description === Samba does not properly check memory boundaries when handling trans, rans2, and nttrans requests. Impact == A remote attacker could send specially crafted requests to a Samba daemon, leading to the disclosure of arbitrary memory or to a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-fs/samba-3.0.33 References == [ 1 ] CVE-2008-4314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-08 ] gEDA: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: gEDA: Insecure temporary file creation Date: March 07, 2009 Bugs: #247538 ID: 200903-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in gEDA, allowing for symlink attacks. Background == gEDA is an Electronic Design Automation tool used for electrical circuit design. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sci-electronics/geda 1.4.0-r1 = 1.4.0-r1 Description === Dmitry E. Oboukhov reported an insecure temporary file usage within the sch2eaglepos.sh script. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All gEDA users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sci-electronics/geda-1.4.0-r1 References == [ 1 ] CVE-2008-5148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5148 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-09 ] OpenTTD: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenTTD: Execution of arbitrary code Date: March 07, 2009 Bugs: #233929 ID: 200903-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple buffer overflows in OpenTTD might allow for the execution of arbitrary code in the server. Background == OpenTTD is a clone of Transport Tycoon Deluxe. Affected packages = --- Package / Vulnerable / Unaffected --- 1 games-simulation/openttd0.6.3 = 0.6.3 Description === Multiple buffer overflows have been reported in OpenTTD, when storing long for client names (CVE-2008-3547), in the TruncateString function in src/gfx.cpp (CVE-2008-3576) and in src/openttd.cpp when processing a large filename supplied to the -g parameter in the ttd_main function (CVE-2008-3577). Impact == An authenticated attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the OpenTTD server. Workaround == There is no known workaround at this time. Resolution == All OpenTTD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =games-simulation/openttd-0.6.3 References == [ 1 ] CVE-2008-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3547 [ 2 ] CVE-2008-3576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3576 [ 3 ] CVE-2008-3577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3577 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-11 ] PyCrypto: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PyCrypto: Execution of arbitrary code Date: March 09, 2009 Bugs: #258049 ID: 200903-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in PyCrypto might lead to the execution of arbitrary code when decrypting using ARC2. Background == PyCrypto is the Python Cryptography Toolkit. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-python/pycrypto 2.0.1-r8= 2.0.1-r8 Description === Mike Wiacek of the Google Security Team reported a buffer overflow in the ARC2 module when processing a large ARC2 key length. Impact == A remote attacker could entice a user or automated system to decrypt an ARC2 stream in an application using PyCrypto, possibly resulting in the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All PyCrypto users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-python/pycrypto-2.0.1-r8 References == [ 1 ] CVE-2009-0544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OptiPNG: User-assisted execution of arbitrary code Date: March 09, 2009 Bugs: #260265 ID: 200903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. Background == OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-gfx/optipng 0.6.2-r1 = 0.6.2-r1 Description === Roy Tam reported a use-after-free vulnerability in the GIFReadNextExtension() function in lib/pngxtern/gif/gifread.c leading to a memory corruption when reading a GIF image. Impact == A remote attacker could entice a user to process a specially crafted GIF image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All OptiPNG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-gfx/optipng-0.6.2-r1 References == [ 1 ] CVE-2009-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0749 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-13 ] MPFR: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPFR: Denial of Service Date: March 09, 2009 Bugs: #260968 ID: 200903-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple buffer overflows in MPFR might lead to a Denial of Service. Background == MPFR is a library for multiple-precision floating-point computations with exact rounding. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-libs/mpfr2.4.1 = 2.4.1 Description === Multiple buffer overflows have been reported in the mpfr_snprintf() and mpfr_vsnprintf() functions. Impact == A remote user could exploit the vulnerability to cause a Denial of Service in an application using MPFR via unknown vectors. Workaround == There is no known workaround at this time. Resolution == All MPRF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/mpfr-2.4.1 References == [ 1 ] CVE-2009-0757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0757 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-14 ] BIND: Incorrect signature verification
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Incorrect signature verification Date: March 09, 2009 Bugs: #254134, #257949 ID: 200903-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Incomplete verification of RSA and DSA certificates might lead to spoofed records authenticated using DNSSEC. Background == ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-dns/bind 9.4.3_p1 = 9.4.3_p1 Description === BIND does not properly check the return value from the OpenSSL functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) certificates. Impact == A remote attacker could bypass validation of the certificate chain to spoof DNSSEC-authenticated records. Workaround == There is no known workaround at this time. Resolution == All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/bind-9.4.3_p1 References == [ 1 ] CVE-2009-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 [ 2 ] CVE-2009-0265 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-15 ] git: Multiple vulnerabilties
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: git: Multiple vulnerabilties Date: March 09, 2009 Bugs: #251343 ID: 200903-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in gitweb allow for remote execution of arbitrary commands. Background == GIT - the stupid content tracker, the revision control system used by the Linux kernel team. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-util/git 1.6.0.6= 1.6.0.6 Description === Multiple vulnerabilities have been reported in gitweb that is part of the git package: * Shell metacharacters related to git_search are not properly sanitized (CVE-2008-5516). * Shell metacharacters related to git_snapshot and git_object are not properly sanitized (CVE-2008-5517). * The diff.external configuration variable as set in a repository can be executed by gitweb (CVE-2008-5916). Impact == A remote unauthenticated attacker can execute arbitrary commands via shell metacharacters in a query, remote attackers with write access to a git repository configuration can execute arbitrary commands with the privileges of the user running gitweb by modifying the diff.external configuration variable in the repository and sending a crafted query to gitweb. Workaround == There is no known workaround at this time. Resolution == All git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-util/git-1.6.0.6 References == [ 1 ] CVE-2008-5516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5516 [ 2 ] CVE-2008-5517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517 [ 3 ] CVE-2008-5916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5916 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-16 ] Epiphany: Untrusted search path
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Epiphany: Untrusted search path Date: March 09, 2009 Bugs: #257000 ID: 200903-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An untrusted search path vulnerability in Epiphany might result in the execution of arbitrary code. Background == Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Affected packages = --- Package / Vulnerable /Unaffected --- 1 www-client/epiphany 2.22.3-r2 = 2.22.3-r2 Description === James Vega reported an untrusted search path vulnerability in the Python interface. Impact == A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Epiphany. Workaround == Do not run epiphany from untrusted working directories. Resolution == All Epiphany users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/epiphany-2.22.3-r2 References == [ 1 ] CVE-2008-5985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-17 ] Real VNC: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Real VNC: User-assisted execution of arbitrary code Date: March 09, 2009 Bugs: #255225 ID: 200903-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The Real VNC client is vulnerable to execution of arbitrary code when connecting to a malicious server. Background == Real VNC is a remote desktop viewer display system. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/vnc4.1.3 = 4.1.3 Description === An unspecified vulnerability has been discovered int the CMsgReader::readRect() function in the VNC Viewer component, related to the encoding type of RFB protocol data. Impact == A remote attacker could entice a user to connect to a malicious VNC server, or leverage Man-in-the-Middle attacks, to cause the execution of arbitrary code with the privileges of the user running the VNC viewer. Workaround == There is no known workaround at this time. Resolution == All Real VNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/vnc-4.1.3 References == [ 1 ] CVE-2008-4770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-18 ] Openswan: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Openswan: Insecure temporary file creation Date: March 09, 2009 Bugs: #238574 ID: 200903-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in Openswan, allowing for symlink attacks. Background == Openswan is an implementation of IPsec for Linux. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 net-misc/openswan 2.4.13-r2 = 2.4.13-r2 Description === Dmitry E. Oboukhov reported that the IPSEC livetest tool does not handle the ipseclive.conn and ipsec.olts.remote.log temporary files securely. Impact == A local attacker could perform symlink attacks to execute arbitrary code and overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Openswan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/openswan-2.4.13-r2 References == [ 1 ] CVE-2008-4190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4190 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200903-19 ] Xerces-C++: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xerces-C++: Denial of Service Date: March 09, 2009 Bugs: #240496 ID: 200903-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in Xerces-C++ allows for a Denial of Service via malicious XML schema files. Background == Xerces-C++ is a validating XML parser written in a portable subset of C++. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-libs/xerces-c 3.0.0-r1 = 3.0.0-r1 Description === Frank Rast reported that the XML parser in Xerces-C++ does not correctly handle an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during the validation of an XML file. Impact == A remote attacker could entice a user or automated system to validate an XML file using a specially crafted XML schema file, leading to a Denial of Service (stack consumption and crash). Workaround == There is no known workaround at this time. Resolution == All Xerces-C++ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/xerces-c-3.0.0-r1 References == [ 1 ] CVE-2008-4482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4482 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200902-03 ] Valgrind: Untrusted search path
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Valgrind: Untrusted search path Date: February 12, 2009 Bugs: #245317 ID: 200902-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code. Background == Valgrind is an open-source memory debugger. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-util/valgrind3.4.0 = 3.4.0 Description === Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Impact == A local attacker could prepare a specially crafted .valgrindrc file and entice a user to run Valgrind from the directory containing that file, resulting in the execution of arbitrary code with the privileges of the user running Valgrind. Workaround == Do not run valgrind from untrusted working directories. Resolution == All Valgrind users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-util/valgrind-3.4.0 References == [ 1 ] CVE-2008-4865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4865 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200902-02 ] OpenSSL: Certificate validation error
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Certificate validation error Date: February 12, 2009 Bugs: #251346 ID: 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the OpenSSL certificate chain validation might allow for spoofing attacks. Background == OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/openssl 0.9.8j = 0.9.8j Description === The Google Security Team reported that several functions incorrectly check the result after calling the EVP_VerifyFinal() function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. Impact == A remote attacker could exploit this vulnerability and spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. Workaround == There is no known workaround at this time. Resolution == All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/openssl-0.9.8j References == [ 1 ] CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200901-09 ] Adobe Reader: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: January 13, 2009 Bugs: #225483 ID: 200901-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Adobe Reader is vulnerable to execution of arbitrary code. Background == Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/acroread8.1.3 = 8.1.3 Description === * An unspecified vulnerability can be triggered by a malformed PDF document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549). * Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg MacManus reported a stack-based buffer overflow in the util.printf JavaScript function that incorrectly handles the format string argument (CVE-2008-2992). * Greg MacManus of iDefense Labs reported an array index error that can be leveraged for an out-of-bounds write, related to parsing of Type 1 fonts (CVE-2008-4812). * Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day Initiative, reported multiple unspecified memory corruption vulnerabilities (CVE-2008-4813). * Thomas Garnier of SkyRecon Systems reported an unspecified vulnerability in a JavaScript method, related to an input validation issue (CVE-2008-4814). * Josh Bressers of Red Hat reported an untrusted search path vulnerability (CVE-2008-4815). * Peter Vreugdenhil reported through iDefense that the Download Manager can trigger a heap corruption via calls to the AcroJS function (CVE-2008-4817). Impact == A remote attacker could entice a user to open a specially crafted PDF document, and local attackers could entice a user to run acroread from an untrusted working directory. Both might result in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-8.1.3 References == [ 1 ] CVE-2008-2549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549 [ 2 ] CVE-2008-2992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992 [ 3 ] CVE-2008-4812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812 [ 4 ] CVE-2008-4813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813 [ 5 ] CVE-2008-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814 [ 6 ] CVE-2008-4815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815 [ 7 ] CVE-2008-4817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200901-04 ] D-Bus: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: D-Bus: Denial of Service Date: January 11, 2009 Bugs: #240308 ID: 200901-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error condition can cause D-Bus to crash. Background == D-Bus is a daemon providing a framework for applications to communicate with one another. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 sys-apps/dbus 1.2.3-r1 = 1.2.3-r1 Description === schelte reported that the dbus_signature_validate() function can trigger a failed assertion when processing a message containing a malformed signature. Impact == A local user could send a specially crafted message to the D-Bus daemon, leading to a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All D-Bus users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-apps/dbus-1.2.3-r1 References == [ 1 ] CVE-2008-3834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-18 ] JasPer: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: JasPer: User-assisted execution of arbitrary code Date: December 16, 2008 Bugs: #222819 ID: 200812-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple memory management errors in JasPer might lead to execution of arbitrary code via jpeg2k files. Background == The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 (jpeg2k) standard. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-libs/jasper 1.900.1-r3 = 1.900.1-r3 Description === Marc Espie and Christian Weisgerber have discovered multiple vulnerabilities in JasPer: * Multiple integer overflows might allow for insufficient memory allocation, leading to heap-based buffer overflows (CVE-2008-3520). * The jas_stream_printf() function in libjasper/base/jas_stream.c uses vsprintf() to write user-provided data to a static to a buffer, leading to an overflow (CVE-2008-3522). Impact == Remote attackers could entice a user or automated system to process specially crafted jpeg2k files with an application using JasPer, possibly leading to the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All JasPer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/jasper-1.900.1-r3 References == [ 1 ] CVE-2008-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 [ 2 ] CVE-2008-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-09 ] OpenSC: Insufficient protection of smart card PIN
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSC: Insufficient protection of smart card PIN Date: December 10, 2008 Bugs: #233543 ID: 200812-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it. Background == OpenSC is a smart card application that allows reading and writing via PKCS#11. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/opensc 0.11.6 = 0.11.6 Description === Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Impact == A physically proximate attacker can exploit this vulnerability to change the PIN on a smart card and use it for authentication, leading to privilege escalation. Workaround == There is no known workaround at this time. Resolution == All OpenSC users should upgrade to the latest version, and then check and update their smart cards: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/opensc-0.11.6 # pkcs15-tool --test-update # pkcs15-tool --test-update --update References == [ 1 ] CVE-2008-2235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-10 ] Archive::Tar: Directory traversal vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Archive::Tar: Directory traversal vulnerability Date: December 10, 2008 Bugs: #192989 ID: 200812-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A directory traversal vulnerability has been discovered in Archive::Tar. Background == Archive::Tar is a Perl module for creation and manipulation of tar files. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 perl-core/Archive-Tar1.40= 1.40 Description === Jonathan Smith of rPath reported that Archive::Tar does not check for .. in file names. Impact == A remote attacker could entice a user or automated system to extract a specially crafted tar archive, overwriting files at arbitrary locations outside of the specified directory. Workaround == There is no known workaround at this time. Resolution == All Archive::Tar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Archive-Tar-1.40 References == [ 1 ] CVE-2007-4829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4829 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-06 ] libxml2: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: December 02, 2008 Bugs: #234099, #237806, #239346, #245960 ID: 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Background == libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/libxml2 2.7.2-r1 = 2.7.2-r1 Description === Multiple vulnerabilities were reported in libxml2: * Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). * A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). * Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). * Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). * Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact == A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround == There is no known workaround at this time. Resolution == All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/libxml2-2.7.2-r1 References == [ 1 ] CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 [ 2 ] CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 [ 3 ] CVE-2008-4409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409 [ 4 ] CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 [ 5 ] CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-05 ] libsamplerate: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsamplerate: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #237037 ID: 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Background == Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libsamplerate0.1.4 = 0.1.4 Description === Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Impact == A remote attacker could entice a user or automated system to process a specially crafted audio file possibly leading to the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All libsamplerate users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =media-libs/libsamplerate-0.1.4 References == [ 1 ] CVE-2008-5008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-04 ] lighttpd: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238180 ID: 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Background == lighttpd is a lightweight high-performance web server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/lighttpd 1.4.20 = 1.4.20 Description === Multiple vulnerabilities have been reported in lighttpd: * Qhy reported a memory leak in the http_request_parse() function in request.c (CVE-2008-4298). * Gaetan Bisson reported that URIs are not decoded before applying url.redirect and url.rewrite rules (CVE-2008-4359). * Anders1 reported that mod_userdir performs case-sensitive comparisons on filename components in configuration options, which is insufficient when case-insensitive filesystems are used (CVE-2008-4360). Impact == A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data. Workaround == There is no known workaround at this time. Resolution == All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/lighttpd-1.4.20 References == [ 1 ] CVE-2008-4298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298 [ 2 ] CVE-2008-4359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359 [ 3 ] CVE-2008-4360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-02 ] enscript: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: enscript: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #243228 ID: 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two buffer overflows in enscript might lead to the execution of arbitrary code. Background == enscript is a powerful ASCII to PostScript file converter. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/enscript 1.6.4-r4 = 1.6.4-r4 Description === Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the setfilename command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the font escape sequence (CVE-2008-4306). Impact == An attacker could entice a user or automated system to process specially crafted input with the special escapes processing enabled using the -e option, possibly resulting in the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All enscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/enscript-1.6.4-r4 References == [ 1 ] CVE-2008-3863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863 [ 2 ] CVE-2008-4306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200812-07 ] Mantis: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238570, #241940, #242722 ID: 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Background == Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apps/mantisbt 1.1.4-r1 = 1.1.4-r1 Description === Multiple issues have been reported in Mantis: * EgiX reported that manage_proj_page.php does not correctly sanitize the sort parameter before passing it to create_function() in core/utility_api.php (CVE-2008-4687). * Privileges of viewers are not sufficiently checked before composing a link with issue data in the source anchor (CVE-2008-4688). * Mantis does not unset the session cookie during logout (CVE-2008-4689). * Mantis does not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3102). Impact == Remote unauthenticated attackers could exploit these vulnerabilities to execute arbitrary PHP commands, disclose sensitive issue data, or hijack a user's sessions. Workaround == There is no known workaround at this time. Resolution == All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/mantisbt-1.1.4-r1 References == [ 1 ] CVE-2008-3102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102 [ 2 ] CVE-2008-4687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687 [ 3 ] CVE-2008-4688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688 [ 4 ] CVE-2008-4689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200810-03 ] libspf2: DNS response buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libspf2: DNS response buffer overflow Date: October 30, 2008 Bugs: #242254 ID: 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A memory management error in libspf2 might allow for remote execution of arbitrary code. Background == libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mail-filter/libspf21.2.8= 1.2.8 Description === libspf2 uses a fixed-length buffer to receive DNS responses and does not properly check the length of TXT records, leading to buffer overflows. Impact == A remote attacker could store a specially crafted DNS entry and entice a user or automated system using libspf2 to lookup that SPF entry (e.g. by sending an email to the MTA), possibly allowing for the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All libspf2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-filter/libspf2-1.2.8 References == [ 1 ] CVE-2008-2469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2469 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Portage: Untrusted search path local root vulnerability Date: October 09, 2008 Bugs: #239560 ID: 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. Background == Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-apps/portage 2.1.4.5= 2.1.4.5 Description === The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python code using python -c, which includes the current working directory in Python's module search path. For several ebuild functions, Portage did not change the working directory from emerge's working directory. Impact == A local attacker could place a specially crafted Python module in a directory (such as /tmp) and entice the root user to run commands such as emerge sys-apps/portage from that directory, resulting in the execution of arbitrary Python code with root privileges. Workaround == Do not run emerge from untrusted working directories. Resolution == All Portage users should upgrade to the latest version: # cd /root # emerge --sync # emerge --ask --oneshot --verbose =sys-apps/portage-2.1.4.5 NOTE: To upgrade to Portage 2.1.4.5 using 2.1.4.4 or prior, you must run emerge from a trusted working directory, such as /root. References == [ 1 ] CVE-2008-4394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4394 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200809-04 ] MySQL: Privilege bypass
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Privilege bypass Date: September 04, 2008 Bugs: #220399 ID: 200809-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in MySQL might allow users to bypass privileges and gain access to other databases. Background == MySQL is a popular multi-threaded, multi-user SQL server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/mysql 5.0.60-r1= 5.0.60-r1 Description === Sergei Golubchik reported that MySQL imposes no restrictions on the specification of DATA DIRECTORY or INDEX DIRECTORY in SQL CREATE TABLE statements. Impact == An authenticated remote attacker could create MyISAM tables, specifying DATA or INDEX directories that contain future table files by other database users, or existing table files in the MySQL data directory, gaining access to those tables. Workaround == There is no known workaround at this time. Resolution == All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/mysql-5.0.60-r1 References == [ 1 ] CVE-2008-2079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200809-03 ] RealPlayer: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: RealPlayer: Buffer overflow Date: September 04, 2008 Bugs: #232997 ID: 200809-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis RealPlayer is vulnerable to a buffer overflow allowing for the execution of arbitrary code. Background == RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/realplayer 11.0.0.4028-r1 = 11.0.0.4028-r1 Description === Dyon Balding of Secunia Research reported an unspecified heap-based buffer overflow in the Shockwave Flash (SWF) frame handling. Impact == By enticing a user to open a specially crafted SWF (Shockwave Flash) file, a remote attacker could be able to execute arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All RealPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/realplayer-11.0.0.4028-r1 References == [ 1 ] CVE-2007-5400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5400 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200809-01 ] yelp: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: yelp: User-assisted execution of arbitrary code Date: September 04, 2008 Bugs: #234079 ID: 200809-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in yelp can lead to the execution of arbitrary code when opening a URI, for example through Firefox. Background == yelp is the default help browser for GNOME. Affected packages = --- Package / Vulnerable / Unaffected --- 1 gnome-extra/yelp 2.22.1-r2= 2.22.1-r2 *= 2.20.0-r1 Description === Aaron Grattafiori reported a format string vulnerability in the window_error() function in yelp-window.c. Impact == A remote attacker can entice a user to open specially crafted man: or ghelp: URIs in yelp, or an application using yelp such as Firefox or Evolution, and execute arbitrary code with the privileges of that user. Workaround == There is no known workaround at this time. Resolution == All yelp users running GNOME 2.22 should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =gnome-extra/yelp-2.22.1-r2 All yelp users running GNOME 2.20 should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =gnome-extra/yelp-2.20.0-r1 References == [ 1 ] CVE-2008-3533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: dnsmasq: Denial of Service and DNS spoofing Date: September 04, 2008 Bugs: #231282, #232523 ID: 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities in dnsmasq might allow for a Denial of Service or spoofing of DNS replies. Background == Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-dns/dnsmasq2.45 = 2.45 Description === * Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). * Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact == A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/dnsmasq-2.45 References == [ 1 ] CVE-2008-3350 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350 [ 2 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
UPDATE: [ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [UPDATE] GLSA 200804-22:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PowerDNS Recursor: DNS Cache Poisoning Date: April 18, 2008 Updated: August 21, 2008 Bugs: #215567, #231335 ID: 200804-22:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Update == The previous version of the PowerDNS Recursor (3.1.5) did not properly address the issue, as UDP source port selection was insufficiently randomized. We advise all users to upgrade to 3.1.6. The updated sections appear below. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-dns/pdns-recursor3.1.6 = 3.1.6 Description === Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217). Impact == A remote attacker could send malicious answers to insert arbitrary DNS data into the cache. These attacks would in turn help an attacker to perform man-in-the-middle and site impersonation attacks. Resolution == All PowerDNS Recursor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/pdns-recursor-3.1.6 References == [ 1 ] CVE-2008-1637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1637 [ 2 ] CVE-2008-3217 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3217 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200808-10 ] Adobe Reader: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: August 09, 2008 Bugs: #233383 ID: 200808-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Adobe Reader is vulnerable to execution of arbitrary code via a crafted PDF. Background == Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/acroread 8.1.2-r3 = 8.1.2-r3 Description === The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact == A remote attacker could entice a user to open a specially crafted PDF document, possibly resulting in the remote execution of arbitrary code with the privileges of the user. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-8.1.2-r3 References == [ 1 ] CVE-2008-2641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2641 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200808-01 ] xine-lib: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: xine-lib: User-assisted execution of arbitrary code Date: August 06, 2008 Bugs: #213039, #214270, #218059 ID: 200808-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis xine-lib is vulnerable to multiple buffer overflows when processing media streams. Background == xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/xine-lib 1.1.13 = 1.1.13 Description === Multiple vulnerabilities have been discovered in xine-lib: * Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function in the file input/libreal/sdpplin.c when processing streams from RTSP servers that contain a large streamid SDP parameter (CVE-2008-0073). * Luigi Auriemma reported multiple integer overflows that result in heap-based buffer overflows when processing .FLV, .MOV .RM, .MVE, .MKV, and .CAK files (CVE-2008-1482). * Guido Landi reported a stack-based buffer overflow in the demux_nsf_send_chunk() function when handling titles within NES Music (.NSF) files (CVE-2008-1878). Impact == A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player. Workaround == There is no known workaround at this time. Resolution == All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/xine-lib-1.1.13 References == [ 1 ] CVE-2008-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 [ 2 ] CVE-2008-1482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 [ 3 ] CVE-2008-1878 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200808-02 ] Net-SNMP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Net-SNMP: Multiple vulnerabilities Date: August 06, 2008 Bugs: #65, #225105 ID: 200808-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Net-SNMP allow for authentication bypass in snmpd and execution of arbitrary code in Perl applications using Net-SMNP. Background == Net-SNMP is a collection of tools for generating and retrieving SNMP data. The SNMPv3 protocol uses a keyed-Hash Message Authentication Code (HMAC) to verify data integrity and authenticity of SNMP messages. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-analyzer/net-snmp 5.4.1.1 = 5.4.1.1 Description === Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). Impact == An attacker could send SNMPv3 packets to an instance of snmpd providing a valid user name and an HMAC length value of 1, and easily conduct brute-force attacks to bypass SNMP authentication. An attacker could further entice a user to connect to a malicious SNMP agent with an SNMP client using the Perl bindings, possibly resulting in the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All Net-SNMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/net-snmp-5.4.1.1 References == [ 1 ] CVE-2008-0960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960 [ 2 ] CVE-2008-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200808-03 ] Mozilla products: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: August 06, 2008 Bugs: #204337, #218065, #230567, #231975 ID: 200808-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Background == Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mozilla-firefox 2.0.0.16= 2.0.0.16 2 mozilla-firefox-bin 2.0.0.16= 2.0.0.16 3 mozilla-thunderbird 2.0.0.16= 2.0.0.16 4 mozilla-thunderbird-bin 2.0.0.16= 2.0.0.16 5 seamonkey 1.1.11 = 1.1.11 6 seamonkey-bin 1.1.11 = 1.1.11 7 xulrunner1.8.1.16= 1.8.1.16 8 xulrunner-bin1.8.1.16= 1.8.1.16 --- 8 affected packages on all of their supported architectures. --- Description === The following vulnerabilities were reported in all mentioned Mozilla products: * TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS object reference counter, leading to a counter overflow and a free() of in-use memory (CVE-2008-2785). * Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-2799). * Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes in the layout engine, possibly triggering memory corruption (CVE-2008-2798). * moz_bug_r_a4 reported that XUL documents that include a script from a chrome: URI that points to a fastload file would be executed with the privileges specified in the file (CVE-2008-2802). * moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript() function only apply XPCNativeWrappers to scripts loaded from standard chrome: URIs, which could be the case in third-party add-ons (CVE-2008-2803). * Astabis reported a crash in the block reflow implementation related to large images (CVE-2008-2811). * John G. Myers, Frank Benkstein and Nils Toedtmann reported a weakness in the trust model used by Mozilla, that when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, the certificate is also regarded as accepted for all domain names in subjectAltName:dNSName fields (CVE-2008-2809). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: * moz_bug_r_a4 reported that the Same Origin Policy is not properly enforced on JavaScript (CVE-2008-2800). * Collin Jackson and Adam Barth reported that JAR signing is not properly implemented, allowing injection of JavaScript into documents within a JAR archive (CVE-2008-2801). * Opera Software reported an error allowing for arbitrary local file upload (CVE-2008-2805). * Daniel Glazman reported that an invalid .properties file for an add-on might lead to the usage of uninitialized memory (CVE-2008-2807). * Masahiro Yamada reported that HTML in file:// URLs in directory listings is not properly escaped (CVE-2008-2808). * Geoff reported that the context of Windows Internet shortcut files is not correctly identified (CVE-2008-2810). * The crash vulnerability (CVE-2008-1380) that was previously announced in GLSA 200805-18 is now also also resolved in Seamonkey binary ebuilds. The following vulnerability was reported in Firefox only: * Billy Rios reported that the Pipe character in a command-line URI is identified as a request to open multiple tabs, allowing to open chrome and file URIs (CVE-2008-2933). Impact == A remote attacker
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution
On Friday 18 July 2008, Jan Minář wrote: ... 3. Vulnerability During the build process, a temporary file with a predictable name is created in the ``/tmp'' directory. This code is run when Vim is being build with Python support: src/configure.in: 677 dnl -- we need to examine Python's config/Makefile too 678 dnlsee what the interpreter is built from 679 AC_CACHE_VAL(vi_cv_path_python_plibs, 680 [ 681 tmp_mkf=/tmp/Makefile-conf$$ (1)-- 682 cat ${PYTHON_CONFDIR}/Makefile - 'eof' ${tmp_mkf} 683 __: 684 @echo python_MODLIBS='$(MODLIBS)' 685 @echo python_LIBS='$(LIBS)' 686 @echo python_SYSLIBS='$(SYSLIBS)' 687 @echo python_LINKFORSHARED='$(LINKFORSHARED)' 688 eof 689 dnl -- delete the lines from make about Entering/Leaving directory (2)-- 690 eval `cd ${PYTHON_CONFDIR} make -f ${tmp_mkf} __ | sed '/ directory /d'` 691 rm -f ${tmp_mkf} The attacker has to create the temporary file ``/tmp/Makefile-confPID'' before it is first written to at (1). In the time between (1) and (2), arbitrary commands can be written to the file. They will be executed at (2). The commands do not have to be written there between (1) and (2), they can be in the file long before the ./configure was started -- just because the script does care whether it can write to the file at all. So unlike stated in the advisory, and in CVE-2008-3294, the issue does not involve a race condition if the attacker would choose to create a 644 file. Robert signature.asc Description: This is a digitally signed message part.
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution
On Friday 25 July 2008, Jan Minář wrote: 2008/7/25 Robert Buchholz [EMAIL PROTECTED]: On Friday 18 July 2008, Jan Minář wrote: ... 3. Vulnerability During the build process, a temporary file with a predictable name is created in the ``/tmp'' directory. This code is run when Vim is being build with Python support: src/configure.in: 677 dnl -- we need to examine Python's config/Makefile too 678 dnlsee what the interpreter is built from 679 AC_CACHE_VAL(vi_cv_path_python_plibs, 680 [ 681 tmp_mkf=/tmp/Makefile-conf$$ (1)-- 682 cat ${PYTHON_CONFDIR}/Makefile - 'eof' ${tmp_mkf} 683 __: 684 @echo python_MODLIBS='$(MODLIBS)' 685 @echo python_LIBS='$(LIBS)' 686 @echo python_SYSLIBS='$(SYSLIBS)' 687 @echo python_LINKFORSHARED='$(LINKFORSHARED)' 688 eof 689 dnl -- delete the lines from make about Entering/Leaving directory (2)-- 690 eval `cd ${PYTHON_CONFDIR} make -f ${tmp_mkf} __ | sed '/ directory /d'` 691 rm -f ${tmp_mkf} The attacker has to create the temporary file ``/tmp/Makefile-confPID'' before it is first written to at (1). In the time between (1) and (2), arbitrary commands can be written to the file. They will be executed at (2). The commands do not have to be written there between (1) and (2), they can be in the file long before the ./configure was started -- just because the script does care whether it can write to the file at all. So unlike stated in the advisory, and in CVE-2008-3294, the issue does not involve a race condition if the attacker would choose to create a 644 file. The file gets truncated in (1). You're wrong, the advisory is right. Truncation will fail if the configure is not running as root. Robert signature.asc Description: This is a digitally signed message part.
[ GLSA 200807-07 ] NX: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NX: User-assisted execution of arbitrary code Date: July 09, 2008 Bugs: #230147 ID: 200807-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis NX uses code from the X.org X11 server which is prone to multiple vulnerabilities. Background == NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/nxnode 3.2.0-r3= 3.2.0-r3 2 net-misc/nx 3.2.0-r2= 3.2.0-r2 --- 2 affected packages on all of their supported architectures. --- Description === Multiple integer overflow and buffer overflow vulnerabilities have been discovered in the X.Org X server as shipped by NX and NX Node (GLSA 200806-07). Impact == A remote attacker could exploit these vulnerabilities via unspecified vectors, leading to the execution of arbitrary code with the privileges of the user on the machine running the NX server. Workaround == There is no known workaround at this time. Resolution == All NX Node users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/nxnode-3.2.0-r3 All NX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/nx-3.2.0-r2 References == [ 1 ] GLSA 200806-07 http://www.gentoo.org/security/en/glsa/glsa-200806-07.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200807-06 ] Apache: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache: Denial of Service Date: July 09, 2008 Bugs: #222643, #227111 ID: 200807-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Apache might lead to a Denial of Service. Background == The Apache HTTP server is one of the most popular web servers on the Internet. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/apache2.2.9 = 2.2.9 Description === Multiple vulnerabilities have been discovered in Apache: * Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678). * Ryujiro Shibuya reported that the ap_proxy_http_process_response() function in the mod_proxy module does not limit the number of forwarded interim responses (CVE-2008-2364). * sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420). Impact == A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially-crafted URL, resulting in a Denial of Service of the Apache daemon. Workaround == There is no known workaround at this time. Resolution == All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/apache-2.2.9 References == [ 1 ] CVE-2007-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420 [ 2 ] CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 [ 3 ] CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200806-08 ] OpenSSL: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200806-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Denial of Service Date: June 23, 2008 Bugs: #223429 ID: 200806-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities might allow for a Denial of Service of daemons using OpenSSL. Background == OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/openssl 0.9.8g-r2= 0.9.8g-r2 0.9.8f Description === Ossi Herrala and Jukka Taimisto of Codenomicon discovered two vulnerabilities: * A double free() call in the TLS server name extension (CVE-2008-0891). * The OpenSSL client code does not properly handle servers that omit the Server Key Exchange message in the TLS handshake (CVE-2008-1672). Impact == A remote attacker could connect to a vulnerable server, or entice a daemon to connect to a malicious server, causing a Denial of Service of the daemon in both cases. Workaround == There is no known workaround at this time. Resolution == All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/openssl-0.9.8g-r2 References == [ 1 ] CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 [ 2 ] CVE-2008-1672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200806-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200806-09 ] libvorbis: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security AdvisoryGLSA 200806-09:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libvorbis: Multiple vulnerabilities Date: June 23, 2008 Updated: June 23, 2008 Bugs: #222085 ID: 200806-09:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in libvorbis might lead to the execution of arbitrary code. Background == libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libvorbis 1.2.1_rc1= 1.2.1_rc1 Description === Will Drewry of the Google Security Team reported multiple vulnerabilities in libvorbis: * A zero value for codebook.dim is not properly handled, leading to a crash, infinite loop or triggering an integer overflow (CVE-2008-1419). * An integer overflow in residue partition value evaluation might lead to a heap-based buffer overflow (CVE-2008-1420). * An integer overflow in a certain quantvals and quantlist calculation might lead to a heap-based buffer overflow (CVE-2008-1423). Impact == A remote attacker could exploit these vulnerabilities by enticing a user to open a specially crafted Ogg Vorbis file or network stream with an application using libvorbis. This might lead to the execution of arbitrary code with the privileges of the user playing the file or a Denial of Service by a crash or CPU consumption. Workaround == There is no known workaround at this time. Resolution == All libvorbis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =media-libs/libvorbis-1.2.1_rc1 References == [ 1 ] CVE-2008-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419 [ 2 ] CVE-2008-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420 [ 3 ] CVE-2008-1423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200806-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200806-10 ] FreeType: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200806-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FreeType: User-assisted execution of arbitrary code Date: June 23, 2008 Bugs: #225851 ID: 200806-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Font parsing vulnerabilities in FreeType might lead to user-assisted execution of arbitrary code. Background == FreeType is a font rendering library for TrueType Font (TTF) and Printer Font Binary (PFB). Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/freetype2.3.6= 2.3.6 Description === Regenrecht reported multiple vulnerabilities in FreeType via iDefense: * An integer overflow when parsing values in the Private dictionary table in a PFB file, leading to a heap-based buffer overflow (CVE-2008-1806). * An invalid free() call related to parsing an invalid number of axes field in a PFB file (CVE-2008-1807). * Multiple off-by-one errors when parsing PBF and TTF files, leading to heap-based buffer overflows (CVE-2008-1808). Impact == A remote attacker could entice a user to open a specially crafted TTF or PBF file, possibly resulting in the execution of arbitrary code with the privileges of the user running an application linked against FreeType (such as the X.org X server, running as root). Workaround == There is no known workaround at this time. Resolution == All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/freetype-2.3.6 References == [ 1 ] CVE-2008-1806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806 [ 2 ] CVE-2008-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807 [ 3 ] CVE-2008-1808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200806-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200805-20 ] GnuTLS: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GnuTLS: Execution of arbitrary code Date: May 21, 2008 Bugs: #222823 ID: 200805-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. Background == GnuTLS is an implementation of Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0, 1.1 and 1.2. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-libs/gnutls2.2.5= 2.2.5 Description === Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS: * Client Hello messages containing an invalid server name can lead to a buffer overflow when evaluating Security Parameters (CVE-2008-1948). * Multiple Client Hello messages can lead to a NULL pointer dereference (CVE-2008-1949). * A TLS handshake including an encrypted Client Hello message and an invalid record length could lead to a buffer overread (CVE-2008-1950). Impact == Unauthenticated remote attackers could exploit these vulnerabilities to cause Denial of Service conditions in daemons using GnuTLS. The first vulnerability (CVE-2008-1948) might allow for the execution of arbitrary code with the privileges of the daemon handling incoming TLS connections. Workaround == There is no known workaround at this time. Resolution == All GnuTLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-libs/gnutls-2.2.5 References == [ 1 ] CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 [ 2 ] CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 [ 3 ] CVE-2008-1950 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-20.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200805-18 ] Mozilla products: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: May 20, 2008 Bugs: #208128, #214816, #218065 ID: 200805-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Background == Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mozilla-firefox 2.0.0.14= 2.0.0.14 2 mozilla-firefox-bin 2.0.0.14= 2.0.0.14 3 mozilla-thunderbird 2.0.0.14= 2.0.0.14 4 mozilla-thunderbird-bin 2.0.0.14= 2.0.0.14 5 seamonkey1.1.9-r1= 1.1.9-r1 6 seamonkey-bin 1.1.9= 1.1.9 7 xulrunner1.8.1.14= 1.8.1.14 --- 7 affected packages on all of their supported architectures. --- Description === The following vulnerabilities were reported in all mentioned Mozilla products: * Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). * Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). * David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). * moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). * Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). * moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). * Gerry Eisenhaur discovered a directory traversal vulnerability when using flat addons (CVE-2008-0418). * Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the 0x80 character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). The following vulnerability was reported in Thunderbird and SeaMonkey: * regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: * The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380). * hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). * Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a canvas feature (CVE-2008-0420). * Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). * oo.rio.oo discovered that a plain text file with a Content-Disposition: attachment prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). * Martin Straka reported that the .href property of stylesheet DOM
[ GLSA 200805-19 ] ClamAV: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ClamAV: Multiple vulnerabilities Date: May 20, 2008 Bugs: #213762 ID: 200805-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. Background == Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav0.93 = 0.93 Description === Multiple vulnerabilities have been reported: * Damian Put reported a heap-based buffer overflow when processing PeSpin packed PE binaries (CVE-2008-0314). * Alin Rad Pop of Secunia Research reported a buffer overflow in the cli_scanpe() function when processing Upack PE binaries (CVE-2008-1100). * Hanno Boeck reported an infinite loop when processing ARJ archives (CVE-2008-1387). * Damian Put and Thomas Pollet reported a heap-based buffer overflow when processing WWPack compressed PE binaries (CVE-2008-1833). * A buffer over-read was discovered in the rfc2231() function when producing a string that is not NULL terminated (CVE-2008-1836). * An unspecified vulnerability leading to memory problems when scanning RAR files was reported (CVE-2008-1837). * Thierry Zoller reported that scanning of RAR files could be circumvented (CVE-2008-1835). Impact == A remote attacker could entice a user or automated system to scan a specially crafted file, possibly leading to the execution of arbitrary code with the privileges of the user running ClamAV (either a system user or the clamav user if clamd is compromised), or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-antivirus/clamav-0.93 References == [ 1 ] CVE-2008-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314 [ 2 ] CVE-2008-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100 [ 3 ] CVE-2008-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 [ 4 ] CVE-2008-1833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833 [ 5 ] CVE-2008-1835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835 [ 6 ] CVE-2008-1836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836 [ 7 ] CVE-2008-1837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200805-16 ] OpenOffice.org: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Multiple vulnerabilities Date: May 14, 2008 Bugs: #218080 ID: 200805-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Background == OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-office/openoffice2.4.0 = 2.4.0 2 app-office/openoffice-bin2.4.0 = 2.4.0 --- 2 affected packages on all of their supported architectures. --- Description === iDefense Labs reported multiple vulnerabilities in OpenOffice.org: * multiple heap-based buffer overflows when parsing the Attribute and Font Description records of Quattro Pro (QPRO) files (CVE-2007-5745), * an integer overflow when parsing the EMR_STRETCHBLT record of an EMF file, resulting in a heap-based buffer overflow (CVE-2007-5746), * an integer underflow when parsing Quattro Pro (QPRO) files, resulting in an excessive loop and a stack-based buffer overflow (CVE-2007-5747), * and a heap-based buffer overflow when parsing the DocumentSummaryInformation stream in an OLE file (CVE-2008-0320). Furthermore, Will Drewry (Google Security) reported vulnerabilities in the memory management of the International Components for Unicode (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20. However, the binary version of OpenOffice.org uses an internal copy of said library. Impact == A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running OpenOffice.org. Workaround == There is no known workaround at this time. Resolution == All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/openoffice-2.4.0 All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/openoffice-bin-2.4.0 References == [ 1 ] CVE-2007-4770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770 [ 2 ] CVE-2007-4771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771 [ 3 ] CVE-2007-5745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745 [ 4 ] CVE-2007-5746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746 [ 5 ] CVE-2007-5747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747 [ 6 ] CVE-2008-0320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320 [ 7 ] GLSA 200803-20 http://www.gentoo.org/security/en/glsa/glsa-200803-20.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200805-08 ] InspIRCd: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: InspIRCd: Denial of Service Date: May 09, 2008 Bugs: #215704 ID: 200805-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in InspIRCd allows remote attackers to cause a Denial of Service. Background == InspIRCd (Inspire IRCd) is a modular C++ IRC daemon. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-irc/inspircd 1.1.19 = 1.1.19 Description === The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Impact == A remote attacker can send specially crafted IRC commands to the server, causing a Denial of Service. Workaround == Unload the uhnames module in the InspIRCd configuration. Resolution == All InspIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/inspircd-1.1.19 References == [ 1 ] CVE-2008-1925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1925 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200805-07 ] Linux Terminal Server Project: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Linux Terminal Server Project: Multiple vulnerabilities Date: May 09, 2008 Bugs: #215699 ID: 200805-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in components shipped with LTSP which allow remote attackers to compromise terminal clients. Background == The Linux Terminal Server Project adds thin-client support to Linux servers. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/ltsp 5.0Vulnerable! --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description === LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Impact == A remote attacker could possibly exploit vulnerabilities in the aforementioned programs and execute arbitrary code, disclose sensitive data or cause a Denial of Service within LTSP 4.2 clients. Workaround == There is no known workaround at this time. Resolution == LTSP 4.2 is not maintained upstream in favor of version 5. Since version 5 is not yet available in Gentoo, the package has been masked. We recommend that users unmerge LTSP: # emerge --unmerge net-misc/ltsp If you have a requirement for Linux Terminal Servers, please either set up a terminal server by hand or use one of the distributions that already migrated to LTSP 5. If you want to contribute to the integration of LTSP 5 in Gentoo, or want to follow its development, find details in bug 177580. References == [ 1 ] GLSA 200705-02 http://www.gentoo.org/security/en/glsa/glsa-200705-02.xml [ 2 ] GLSA 200705-06 http://www.gentoo.org/security/en/glsa/glsa-200705-06.xml [ 3 ] GLSA 200705-22 http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml [ 4 ] GLSA 200705-24 http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml [ 5 ] GLSA 200710-06 http://www.gentoo.org/security/en/glsa/glsa-200710-06.xml [ 6 ] GLSA 200710-16 http://www.gentoo.org/security/en/glsa/glsa-200710-16.xml [ 7 ] GLSA 200710-30 http://www.gentoo.org/security/en/glsa/glsa-200710-30.xml [ 8 ] GLSA 200711-08 http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml [ 9 ] GLSA 200801-09 http://www.gentoo.org/security/en/glsa/glsa-200801-09.xml [ 10 ] Gentoo bug 177580: Port LTSP 5 to Gentoo https://bugs.gentoo.org/177580 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200805-06 ] Firebird: Data disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Firebird: Data disclosure Date: May 09, 2008 Bugs: #216158 ID: 200805-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Firebird allows remote connections to the administrative account without verifying credentials. Background == Firebird is a multi-platform, open source relational database. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/firebird 2.0.3.12981.0-r6= 2.0.3.12981.0-r6 Description === Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Impact == A remote attacker can authenticate as the SYSDBA user without providing the credentials, resulting in complete disclosure of all databases except for the user and password database (security2.fdb). Workaround == There is no known workaround at this time. Resolution == All Firebird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =dev-db/firebird-2.0.3.12981.0-r6 Note: /etc/conf.d is protected by Portage as a configuration directory. Do not forget to use etc-update or dispatch-conf to overwrite the firebird configuration file, and then restart Firebird. References == [ 1 ] CVE-2008-1880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1880 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-25 ] VLC: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: User-assisted execution of arbitrary code Date: April 23, 2008 Bugs: #214277, #214627 ID: 200804-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in VLC, allowing for the execution of arbitrary code. Background == VLC is a cross-platform media player and streaming server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/vlc 0.8.6f = 0.8.6f Description === Multiple vulnerabilities were found in VLC: * Luigi Auriemma discovered that the stack-based buffer overflow when reading subtitles, which has been reported as CVE-2007-6681 in GLSA 200803-13, was not properly fixed (CVE-2008-1881). * Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function when processing streams from RTSP servers in Xine code, which is also used in VLC (CVE-2008-0073). * Drew Yao and Nico Golde reported an integer overflow in the MP4_ReadBox_rdrf() function in the file libmp4.c leading to a heap-based buffer overflow when reading MP4 files (CVE-2008-1489). * Drew Yao also reported integer overflows in the MP4 demuxer, the Real demuxer and in the Cinepak codec, which might lead to buffer overflows (CVE-2008-1768). * Drew Yao finally discovered and a boundary error in Cinepak, which might lead to memory corruption (CVE-2008-1769). Impact == A remote attacker could entice a user to open a specially crafted media file or stream, possibly resulting in the remote execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/vlc-0.8.6f References == [ 1 ] CVE-2007-6681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681 [ 2 ] CVE-2008-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 [ 3 ] CVE-2008-1489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489 [ 4 ] CVE-2008-1768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1768 [ 5 ] CVE-2008-1769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1769 [ 6 ] CVE-2008-1881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1881 [ 7 ] GLSA 200803-13 http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-25.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-26 ] Openfire: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Openfire: Denial of Service Date: April 23, 2008 Bugs: #217234 ID: 200804-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A design error in Openfire might lead to a Denial of Service. Background == Openfire (formerly Wildfire) is a Java implementation of a complete Jabber server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-im/openfire3.5.0= 3.5.0 Description === Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Impact == Remote authenticated attackers could trigger large outgoing queues without reading messages, causing a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Openfire users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/openfire-3.5.0 References == [ 1 ] CVE-2008-1728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1728 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-26.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-19 ] PHP Toolkit: Data disclosure and Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP Toolkit: Data disclosure and Denial of Service Date: April 17, 2008 Bugs: #209535 ID: 200804-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PHP Toolkit does not quote parameters, allowing for PHP source code disclosure on Apache, and a Denial of Service. Background == PHP Toolkit is a utility to manage parallel installations of PHP within Gentoo. It is executed by the PHP ebuilds at setup. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-admin/php-toolkit1.0.1 = 1.0.1 Description === Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the tr command, which could convert the -D PHP5 argument in the APACHE2_OPTS setting in the file /etc/conf.d/apache2 to lower case. Impact == An attacker could entice a system administrator to run emerge php or call php-select -t apache2 php5 directly in a directory containing a lower case single-character named file, which would prevent Apache from loading mod_php and thereby disclose PHP source code and cause a Denial of Service. Workaround == Do not run emerge or php-select from a working directory which contains a lower case single-character named file. Resolution == All PHP Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/php-toolkit-1.0.1 References == [ 1 ] CVE-2008-1734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1734 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-20 ] Sun JDK/JRE: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sun JDK/JRE: Multiple vulnerabilities Date: April 17, 2008 Bugs: #178851, #178962, #183580, #185256, #194711, #212425 ID: 200804-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). Background == The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-java/sun-jre-bin 1.6.0.05 = 1.6.0.05 *= 1.5.0.15 *= 1.4.2.17 2 dev-java/sun-jdk 1.6.0.05 = 1.6.0.05 *= 1.5.0.15 *= 1.4.2.17 3 app-emulation/emul-linux-x86-java 1.6.0.05 = 1.6.0.05 *= 1.5.0.15 *= 1.4.2.17 --- 3 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities have been discovered in Sun Java: * Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). * Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs. * The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). * Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). * CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). * Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). * Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274). * Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). * Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). * Giorgio Maone discovered that warnings for untrusted code can be hidden under applications' windows (CVE-2007-5240). * Fujitsu reported two security issues where security restrictions of web applets and applications were not properly enforced (CVE-2008-1185, CVE-2008-1186). * John Heasman of NGSSoftware discovered that the Java Plug-in does not properly enforce the same origin policy (CVE-2008-1192). * Chris Evans of the Google Security Team discovered multiple unspecified vulnerabilities within the Java Runtime Environment Image Parsing Library (CVE-2008-1193, CVE-2008-1194). * Gregory Fleischer reported that web content fetched via the jar: protocol was not subject to network access restrictions (CVE-2008-1195). * Chris Evans and Johannes Henkel of the Google Security Team reported that the XML parsing code retrieves external entities even when that feature is disabled (CVE-2008-0628). * Multiple unspecified vulnerabilities might allow for escalation of privileges (CVE-2008-0657). Impact == A remote attacker could entice a user to run a specially crafted applet on a website or start an application in Java Web Start to execute arbitrary code outside of the Java sandbox and of the Java security restrictions with the privileges of the user running Java. The
[ GLSA 200804-21 ] Adobe Flash Player: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: April 18, 2008 Bugs: #204344 ID: 200804-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. Background == The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-www/netscape-flash 9.0.124.0 = 9.0.124.0 Description === Multiple vulnerabilities have been discovered in Adobe Flash: * Secunia Research and Zero Day Initiative reported a boundary error related to DeclareFunction2 Actionscript tags in SWF files (CVE-2007-6019). * The ISS X-Force and the Zero Day Initiative reported an unspecified input validation error that might lead to a buffer overflow (CVE-2007-0071). * Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy files are not checked before sending HTTP headers to another domain (CVE-2008-1654) and that it does not sufficiently restrict the interpretation and usage of cross-domain policy files (CVE-2007-6243). * The Stanford University and Ernst and Young's Advanced Security Center reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275, CVE-2008-1655). * The Google Security Team and Minded Security Multiple reported multiple cross-site scripting vulnerabilities when passing input to Flash functions (CVE-2007-6637). Impact == A remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to send HTTP requests to other hosts, establish TCP sessions with arbitrary hosts, bypass the security sandbox model, or conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. Workaround == There is no known workaround at this time. Resolution == All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =net-www/netscape-flash-9.0.124.0 References == [ 1 ] CVE-2007-0071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071 [ 2 ] CVE-2007-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 [ 3 ] CVE-2007-6019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 [ 4 ] CVE-2007-6243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 [ 5 ] CVE-2007-6637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637 [ 6 ] CVE-2008-1654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654 [ 7 ] CVE-2008-1655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-16 ] rsync: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: rsync: Execution of arbitrary code Date: April 17, 2008 Bugs: #216887 ID: 200804-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in rsync might lead to the remote execution of arbitrary code when extended attributes are being used. Background == rsync is a file transfer program to keep remote directories synchronized. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/rsync 2.6.9-r6 = 2.6.9-r6 Description === Sebastian Krahmer of SUSE reported an integer overflow in the expand_item_list() function in the file util.c which might lead to a heap-based buffer overflow when extended attribute (xattr) support is enabled. Impact == A remote attacker could send a file containing specially crafted extended attributes to an rsync deamon, or entice a user to sync from an rsync server containing specially crafted files, possibly leading to the execution of arbitrary code. Please note that extended attributes are only enabled when USE=acl is enabled, which is the default setting. Workaround == Disable extended attributes in the rsync daemon by setting refuse options = xattrs in the file /etc/rsyncd.conf (or append xattrs to an existing refuse statement). When synchronizing to a server, do not provide the -X parameter to rsync. You can also disable the acl USE flag for rsync and recompile the package. Resolution == All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/rsync-2.6.9-r6 References == [ 1 ] CVE-2008-1720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-17 ] Speex: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Speex: User-assisted execution of arbitrary code Date: April 17, 2008 Bugs: #217715 ID: 200804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Improper input validation in Speex might lead to array indexing vulnerabilities in multiple player applications. Background == Speex is an audio compression format designed for speech that is free of patent restrictions. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 media-libs/speex 1.2_beta3_p2 = 1.2_beta3_p2 Description === oCERT reported that the Speex library does not properly validate the mode value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player applications. Within Gentoo, xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins, vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found to be vulnerable. Impact == A remote attacker could entice a user to open a specially crafted Speex file or network stream with an application listed above. This might lead to the execution of arbitrary code with privileges of the user playing the file. Workaround == There is no known workaround at this time. Resolution == All Speex users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/speex-1.2_beta3_p2 References == [ 1 ] CVE-2008-1686 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-18 ] Poppler: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security AdvisoryGLSA 200804-18:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Poppler: User-assisted execution of arbitrary code Date: April 17, 2008 Updated: April 17, 2008 Bugs: #216850 ID: 200804-18:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Poppler does not handle fonts inside PDF files safely, allowing for execution of arbitrary code. Background == Poppler is a cross-platform PDF rendering library originally based on Xpdf. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-text/poppler0.6.3 = 0.6.3 Description === Kees Cook from the Ubuntu Security Team reported that the CairoFont::create() function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before dereferencing a function pointer from it. Impact == A remote attacker could entice a user to open a specially crafted PDF file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/poppler-0.6.3 References == [ 1 ] CVE-2008-1693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-15 ] libpng: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libpng: Execution of arbitrary code Date: April 15, 2008 Bugs: #217047 ID: 200804-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in libpng may allow for execution of arbitrary code in certain applications that handle untrusted images. Background == libpng is a free ANSI C library used to process and manipulate PNG images. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-libs/libpng 1.2.26-r1 = 1.2.26-r1 Description === Tavis Ormandy of the Google Security Team discovered that libpng does not handle zero-length unknown chunks in PNG files correctly, which might lead to memory corruption in applications that call png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks(). Impact == A remote attacker could entice a user or automated system to process a specially crafted PNG image in an application using libpng and possibly execute arbitrary code with the privileges of the user running the application. Note that processing of unknown chunks is disabled by default in most PNG applications, but some such as ImageMagick are affected. Workaround == There is no known workaround at this time. Resolution == All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libpng-1.2.26-r1 References == [ 1 ] CVE-2008-1382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-14 ] Opera: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: April 14, 2008 Bugs: #216022 ID: 200804-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Opera, allowing for execution of arbitrary code. Background == Opera is a fast web browser that is available free of charge. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/opera9.27 = 9.27 Description === Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website (CVE-2008-1761) as well as when processing HTML CANVAS elements to use scaled images (CVE-2008-1762). Additionally, an unspecified weakness related to keyboard handling of password inputs has been reported (CVE-2008-1764). Impact == A remote attacker could entice a user to visit a specially crafted web site or news feed and possibly execute arbitrary code with the privileges of the user running Opera. Workaround == There is no known workaround at this time. Resolution == All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/opera-9.27 References == [ 1 ] CVE-2008-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1761 [ 2 ] CVE-2008-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1762 [ 3 ] CVE-2008-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1764 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-13 ] Asterisk: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: April 14, 2008 Bugs: #200792, #202733, #213883 ID: 200804-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been found in Asterisk allowing for SQL injection, session hijacking and unauthorized usage. Background == Asterisk is an open source telephony engine and tool kit. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/asterisk 1.2.27 = 1.2.27 Description === Asterisk upstream developers reported multiple vulnerabilities: * The Call Detail Record Postgres logging engine (cdr_pgsql) does not correctly escape the ANI and DNIS arguments before using them in SQL statements (CVE-2007-6170). * When using database-based registrations (realtime) and host-based authentication, Asterisk does not check the IP address when the username is correct and there is no password provided (CVE-2007-6430). * The SIP channel driver does not correctly determine if authentication is required (CVE-2008-1332). Impact == Remote authenticated attackers could send specially crafted data to Asterisk to execute arbitrary SQL commands and compromise the administrative database. Remote unauthenticated attackers could bypass authentication using a valid username to hijack other user's sessions, and establish sessions on the SIP channel without authentication. Workaround == There is no known workaround at this time. Resolution == All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/asterisk-1.2.27 References == [ 1 ] CVE-2007-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6170 [ 2 ] CVE-2007-6430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6430 [ 3 ] CVE-2008-1332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1332 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-11 ] policyd-weight: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: policyd-weight: Insecure temporary file creation Date: April 11, 2008 Bugs: #214403 ID: 200804-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis policyd-weight uses temporary files in an insecure manner, allowing for a symlink attack. Background == policyd-weight is a Perl policy daemon for the Postfix MTA intended to eliminate forged envelope senders and HELOs. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mail-filter/policyd-weight 0.1.14.17 = 0.1.14.17 Description === Chris Howells reported that policyd-weight creates and uses the /tmp/.policyd-weight/ directory in an insecure manner. Impact == A local attacker could exploit this vulnerability to delete arbitrary files or change the ownership to the polw user via symlink attacks. Workaround == Set $LOCKPATH = '/var/run/policyd-weight/' manually in /etc/policyd-weight.conf. Resolution == All policyd-weight users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =mail-filter/policyd-weight-0.1.14.17 This version changes the default path for sockets to /var/run/policyd-weight, which is only writable by a privileged user. Users need to restart policyd-weight immediately after the upgrade due to this change. References == [ 1 ] CVE-2008-1569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1569 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-07 ] PECL APC: Buffer Overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PECL APC: Buffer Overflow Date: April 09, 2008 Bugs: #214576 ID: 200804-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability in PECL APC might allow for the remote execution of arbitrary code. Background == PECL Alternative PHP Cache (PECL APC) is a free, open, and robust framework for caching and optimizing PHP intermediate code. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 dev-php5/pecl-apc 3.0.16-r1 = 3.0.16-r1 Description === Daniel Papasian discovered a stack-based buffer overflow in the apc_search_paths() function in the file apc.c when processing long filenames. Impact == A remote attacker could exploit this vulnerability to execute arbitrary code in PHP applications that pass user-controlled input to the include() function. Workaround == There is no known workaround at this time. Resolution == All PECL APC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-php5/pecl-apc-3.0.16-r1 References == [ 1 ] CVE-2008-1488 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1488 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-05 ] NX: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security AdvisoryGLSA 200804-05:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NX: User-assisted execution of arbitrary code Date: April 06, 2008 Updated: April 06, 2008 Bugs: #210317 ID: 200804-05:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis NX uses code from the X.org X11 server which is prone to multiple vulnerabilities. Background == NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/nxnode 3.1.0-r2= 3.1.0-r2 2 net-misc/nx 3.1.0-r1= 3.1.0-r1 --- 2 affected packages on all of their supported architectures. --- Description === Multiple integer overflow and buffer overflow vulnerabilities have been discovered in the X.Org X server as shipped by NX and NX Node (vulnerabilities 1-4 in GLSA 200801-09). Impact == A remote attacker could exploit these vulnerabilities via unspecified vectors, leading to the execution of arbitrary code with the privileges of the user on the machine running the NX server. Workaround == There is no known workaround at this time. Resolution == All NX Node users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/nxnode-3.1.0-r2 All NX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/nx-3.1.0-r1 References == [ 1 ] GLSA 200801-09 http://www.gentoo.org/security/en/glsa/glsa-200801-09.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-06 ] UnZip: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: UnZip: User-assisted execution of arbitrary code Date: April 06, 2008 Bugs: #213761 ID: 200804-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A double free vulnerability discovered in UnZip might lead to the execution of arbitrary code. Background == Info-ZIP's UnZip is a tool to list and extract files inside PKZIP compressed files. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-arch/unzip 5.52-r2 = 5.52-r2 Description === Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using invalid buffers, which can lead to a double free. Impact == Remote attackers could entice a user or automated system to open a specially crafted ZIP file that might lead to the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All UnZip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/unzip-5.52-r2 References == [ 1 ] CVE-2008-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-04 ] MySQL: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Multiple vulnerabilities Date: April 06, 2008 Bugs: #201669 ID: 200804-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in MySQL might lead to privilege escalation and Denial of Service. Background == MySQL is a popular multi-threaded, multi-user SQL server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/mysql 5.0.54 = 5.0.54 Description === Multiple vulnerabilities have been reported in MySQL: * Mattias Jonsson reported that a RENAME TABLE command against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options would overwrite the file to which the symlink points (CVE-2007-5969). * Martin Friebe discovered that MySQL does not update the DEFINER value of a view when the view is altered (CVE-2007-6303). * Philip Stoev discovered that the federated engine expects the response of a remote MySQL server to contain a minimum number of columns in query replies (CVE-2007-6304). Impact == An authenticated remote attacker could exploit the first vulnerability to overwrite MySQL system tables and escalate privileges, or use the second vulnerability to gain privileges via an ALTER VIEW statement. Remote federated MySQL servers could cause a Denial of Service in the local MySQL server by exploiting the third vulnerability. Workaround == There is no known workaround at this time. Resolution == All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/mysql-5.0.54 References == [ 1 ] CVE-2007-5969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 [ 2 ] CVE-2007-6303 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303 [ 3 ] CVE-2007-6304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-03 ] OpenSSH: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSH: Privilege escalation Date: April 05, 2008 Bugs: #214985, #215702 ID: 200804-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two flaws have been discovered in OpenSSH which could allow local attackers to escalate their privileges. Background == OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/openssh 4.7_p1-r6= 4.7_p1-r6 Description === Two issues have been discovered in OpenSSH: * Timo Juhani Lindfors discovered that OpenSSH sets the DISPLAY variable in SSH sessions using X11 forwarding even when it cannot bind the X11 server to a local port in all address families (CVE-2008-1483). * OpenSSH will execute the contents of the .ssh/rc file even when the ForceCommand directive is enabled in the global sshd_config (CVE-2008-1657). Impact == A local attacker could exploit the first vulnerability to hijack forwarded X11 sessions of other users and possibly execute code with their privileges, disclose sensitive data or cause a Denial of Service, by binding a local X11 server to a port using only one address family. The second vulnerability might allow local attackers to bypass intended security restrictions and execute commands other than those specified by ForceCommand if they are able to write to their home directory. Workaround == There is no known workaround at this time. Resolution == All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/openssh-4.7_p1-r6 References == [ 1 ] CVE-2008-1483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 [ 2 ] CVE-2008-1657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200804-01 ] CUPS: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: April 01, 2008 Bugs: #211449, #212364, #214068 ID: 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Background == CUPS provides a portable printing layer for UNIX-based operating systems. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-print/cups 1.2.12-r7 = 1.2.12-r7 Description === Multiple vulnerabilities have been reported in CUPS: * regenrecht (VeriSign iDefense) discovered that the cgiCompileSearch() function used in several CGI scripts in CUPS' administration interface does not correctly calculate boundaries when processing a user-provided regular expression, leading to a heap-based buffer overflow (CVE-2008-0047). * Helge Blischke reported a double free() vulnerability in the process_browse_data() function when adding or removing remote shared printers (CVE-2008-0882). * Tomas Hoger (Red Hat) reported that the gif_read_lzw() function uses the code_size value from GIF images without properly checking it, leading to a buffer overflow (CVE-2008-1373). * An unspecified input validation error was discovered in the HP-GL/2 filter (CVE-2008-0053). Impact == A local attacker could send specially crafted network packets or print jobs and possibly execute arbitrary code with the privileges of the user running CUPS (usually lp), or cause a Denial of Service. The vulnerabilities are exploitable via the network when CUPS is sharing printers remotely. Workaround == There is no known workaround at this time. Resolution == All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-print/cups-1.2.12-r7 References == [ 1 ] CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 [ 2 ] CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 [ 3 ] CVE-2008-0882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882 [ 4 ] CVE-2008-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200803-31 ] MIT Kerberos 5: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Multiple vulnerabilities Date: March 24, 2008 Bugs: #199205, #212363 ID: 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilites have been found in MIT Kerberos 5, which could allow a remote unauthenticated user to execute arbitrary code with root privileges. Background == MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-crypt/mit-krb5 1.6.3-r1 = 1.6.3-r1 Description === * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063). * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). * Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). Impact == The first two vulnerabilities can be exploited by a remote unauthenticated attacker to execute arbitrary code on the host running krb5kdc, compromise the Kerberos key database or cause a Denial of Service. These bugs can only be triggered when Kerberos 4 support is enabled. The RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. The GSSAPI vulnerabilities could be exploited by a remote attacker to cause Denial of Service conditions or possibly execute arbitrary code. Workaround == Kerberos 4 support can be disabled via disabling the krb4 USE flag and recompiling the ebuild, or setting v4_mode=none in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. Resolution == All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-crypt/mit-krb5-1.6.3-r1 References == [ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-31.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ssl-cert eclass: Certificate disclosure Date: March 20, 2008 Bugs: #174759 ID: 200803-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the usage of the ssl-cert eclass within multiple ebuilds might allow for disclosure of generated SSL private keys. Background == The ssl-cert eclass is a code module used by Gentoo ebuilds to generate SSL certificates. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-admin/conserver8.1.16 = 8.1.16 2 mail-mta/postfix 2.4.6-r2 = 2.4.6-r2 *= 2.3.8-r1 *= 2.2.11-r1 3 net-ftp/netkit-ftpd0.17-r7= 0.17-r7 4 net-im/ejabberd 1.1.3 = 1.1.3 5 net-irc/unrealircd3.2.7-r2 = 3.2.7-r2 6 net-mail/cyrus-imapd 2.3.9-r1 = 2.3.9-r1 7 net-mail/dovecot 1.0.10 = 1.0.10 8 net-misc/stunnel 4.21-r1= 4.21-r1 4.0 9 net-nntp/inn 2.4.3-r1 = 2.4.3-r1 --- 9 affected packages on all of their supported architectures. --- Description === Robin Johnson reported that the docert() function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as src_compile() or src_install(), which will result in the generated SSL keys being included inside binary packages (binpkgs). Impact == A local attacker could recover the SSL keys from publicly readable binary packages when emerge is called with the --buildpkg (-b) or --buildpkgonly (-B) option. Remote attackers can recover these keys if the packages are served to a network. Binary packages built using quickpkg are not affected. Workaround == Do not use pre-generated SSL keys, but use keys that were generated using a different Certificate Authority. Resolution == Upgrading to newer versions of the above packages will neither remove possibly compromised SSL certificates, nor old binary packages. Please remove the certificates installed by Portage, and then emerge an upgrade to the package. All Conserver users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/conserver-8.1.16 All Postfix 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-mta/postfix-2.4.6-r2 All Postfix 2.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-mta/postfix-2.3.8-r1 All Postfix 2.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-mta/postfix-2.2.11-r1 All Netkit FTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-ftp/netkit-ftpd-0.17-r7 All ejabberd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/ejabberd-1.1.3 All UnrealIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/unrealircd-3.2.7-r2 All Cyrus IMAP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-mail/cyrus-imapd-2.3.9-r1 All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-mail/dovecot-1.0.10 All stunnel 4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/stunnel-4.21 All InterNetNews users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-nntp/inn-2.4.3-r1 References == [ 1 ] CVE-2008-1383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1383 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
[ GLSA 200803-26 ] Adobe Acrobat Reader: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Acrobat Reader: Insecure temporary file creation Date: March 18, 2008 Bugs: #212367 ID: 200803-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file creation vulnerability has been discovered in Adobe Acrobat Reader. Background == Acrobat Reader is a PDF reader released by Adobe. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/acroread 8.1.2-r1 = 8.1.2-r1 Description === SUSE reported that the acroread wrapper script does not create temporary files in a secure manner when handling SSL certificates (CVE-2008-0883). Impact == A local attacker could exploit this vulnerability to overwrite arbitrary files via a symlink attack on temporary files. Workaround == There is no known workaround at this time. Resolution == All Adobe Acrobat Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-8.1.2-r1 References == [ 1 ] CVE-2008-0883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0883 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-26.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200801-09:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: X.Org X server and Xfont library: Multiple vulnerabilities Date: January 20, 2008 Updated: March 05, 2008 Bugs: #204362, #208343 ID: 200801-09:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Errata == The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths. All users of the X.Org X server package should upgrade to x11-base/xorg-server-1.3.0.0-r5. The corrected sections appear below. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-base/xorg-server 1.3.0.0-r5 = 1.3.0.0-r5 2 x11-libs/libXfont 1.3.1-r1 = 1.3.1-r1 --- 2 affected packages on all of their supported architectures. --- Resolution == All X.Org X server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-base/xorg-server-1.3.0.0-r5 All X.Org Xfont library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/libXfont-1.3.1-r1 References == [ 1 ] CVE-2007-5760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760 [ 2 ] CVE-2007-5958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958 [ 3 ] CVE-2007-6427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427 [ 4 ] CVE-2007-6428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428 [ 5 ] CVE-2007-6429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429 [ 6 ] CVE-2008-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006 [ 7 ] X.Org security advisory http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.