[ GLSA 201110-17 ] Avahi: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Avahi: Denial of Service Date: October 22, 2011 Bugs: #335885, #355583 ID: 201110-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in Avahi, allowing for Denial of Service. Background == Avahi is a system which facilitates service discovery on a local network. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-dns/avahi 0.6.28-r1 = 0.6.28-r1 Description === Multiple vulnerabilities have been discovered in Avahi. Please review the CVE identifiers referenced below for details. Impact == A remote attacker could cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Avahi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/avahi-0.6.28-r1 References == [ 1 ] CVE-2010-2244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2244 [ 2 ] CVE-2011-1002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1002 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201110-18 ] rgmanager: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: rgmanager: Privilege escalation Date: October 22, 2011 Bugs: #352213 ID: 201110-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability was found in rgmanager, allowing for privilege escalation. Background == rgmanager is a clustered resource group manager. Affected packages = --- Package / Vulnerable /Unaffected --- 1 sys-cluster/rgmanager 2.03.09-r1= 2.03.09-r1 Description === A vulnerability has been discovered in rgmanager. Please review the CVE identifier referenced below for details. Impact == A local attacker could gain escalated privileges. Workaround == There is no known workaround at this time. Resolution == All rgmanager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =sys-cluster/rgmanager-2.03.09-r1 References == [ 1 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201110-12 ] Unbound: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Unbound: Denial of Service Date: October 15, 2011 Bugs: #309117, #368981 ID: 201110-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple Denial of Service vulnerabilities were found in Unbound. Background == Unbound is a validating, recursive, and caching DNS resolver. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-dns/unbound 1.4.10 = 1.4.10 Description === Multiple vulnerabilities have been discovered in unbound. Please review the CVE identifiers referenced below for details. Impact == A remote attacker could cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Unbound users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-dns/unbound-1.4.10 References == [ 1 ] CVE-2010-0969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0969 [ 2 ] CVE-2011-1922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1922 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201110-01 ] OpenSSL: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Background == OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages = --- Package / Vulnerable /Unaffected --- 1 dev-libs/openssl 1.0.0e = 1.0.0e Description === Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact == A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL. Workaround == There is no known workaround at this time. Resolution == All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/openssl-1.0.0e NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues. References == [ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201110-05 ] GnuTLS: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuTLS: Multiple vulnerabilities Date: October 10, 2011 Bugs: #281224, #292025 ID: 201110-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in GnuTLS, allowing for easier man-in-the-middle attacks. Background == GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-libs/gnutls 2.10.0 = 2.10.0 Description === Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact == An attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority or to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, allowing for further exploitation. Workaround == There is no known workaround at this time. Resolution == All GnuTLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-libs/gnutls-2.10.0 NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 6, 2010. It is likely that your system is already no longer affected by this issue. References == [ 1 ] CVE-2009-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2730 [ 2 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201110-07 ] vsftpd: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: vsftpd: Denial of Service Date: October 10, 2011 Bugs: #357001 ID: 201110-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A Denial of Service vulnerability was found in vsftpd. Background == vsftpd is a very secure FTP daemon written with speed, size and security in mind. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-ftp/vsftpd2.3.4= 2.3.4 Description === A Denial of Service vulnerability was discovered in vsftpd. Please review the CVE identifier referenced below for details. Impact == A remote authenticated attacker could cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All vsftpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-ftp/vsftpd-2.3.4 References == [ 1 ] CVE-2011-0762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0762 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: October 10, 2011 Bugs: #306939, #332039, #340807, #350908, #355399, #358791, #358975, #369071, #372745, #373965, #380261 ID: 201110-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code. Background == PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages = --- Package / Vulnerable /Unaffected --- 1 dev-lang/php 5.3.8= 5.3.8 Description === Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact == A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. Workaround == There is no known workaround at this time. Resolution == All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/php-5.3.8 References == [ 1 ] CVE-2006-7243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243 [ 2 ] CVE-2009-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016 [ 3 ] CVE-2010-1128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128 [ 4 ] CVE-2010-1129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129 [ 5 ] CVE-2010-1130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130 [ 6 ] CVE-2010-1860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860 [ 7 ] CVE-2010-1861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861 [ 8 ] CVE-2010-1862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862 [ 9 ] CVE-2010-1864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864 [ 10 ] CVE-2010-1866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866 [ 11 ] CVE-2010-1868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868 [ 12 ] CVE-2010-1914 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914 [ 13 ] CVE-2010-1915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915 [ 14 ] CVE-2010-1917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917 [ 15 ] CVE-2010-2093 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093 [ 16 ] CVE-2010-2094 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094 [ 17 ] CVE-2010-2097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097 [ 18 ] CVE-2010-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100 [ 19 ] CVE-2010-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101 [ 20 ] CVE-2010-2190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190 [ 21 ] CVE-2010-2191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191 [ 22 ] CVE-2010-2225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225 [ 23 ] CVE-2010-2484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484 [ 24 ] CVE-2010-2531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531 [ 25 ] CVE-2010-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950 [ 26 ] CVE-2010-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062 [ 27 ] CVE-2010-3063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063 [ 28 ] CVE-2010-3064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064 [ 29 ] CVE-2010-3065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065 [ 30 ] CVE-2010-3436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436 [ 31 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 32 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 33 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 34 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 35 ] CVE-2010-3870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870 [ 36 ] CVE-2010-4150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150 [ 37 ] CVE-2010-4409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409 [ 38 ] CVE-2010-4645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645 [ 39 ] CVE-2010-4697
[ GLSA 201101-04 ] aria2: Directory traversal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201101-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: aria2: Directory traversal Date: January 15, 2011 Bugs: #320975 ID: 201101-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A directory traversal vulnerability has been found in aria2. Background == aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/aria21.9.3 = 1.9.3 Description === A directory traversal vulnerability was discovered in aria2. Impact == A remote attacker could entice a user to download from a specially crafted metalink file, resulting in the creation of arbitrary files. Workaround == There is no known workaround at this time. Resolution == All aria2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/aria2-1.9.3 References == [ 1 ] CVE-2010-1512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1512 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201101-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201012-01 ] Chromium: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201012-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: December 17, 2010 Bugs: #325451, #326717, #330003, #333559, #335750, #338204, #341797, #344201, #347625, #348651 ID: 201012-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Chromium, some of which may allow user-assisted execution of arbitrary code. Background == Chromium is an open-source web browser project. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 www-client/chromium 8.0.552.224 = 8.0.552.224 Description === Multiple vulnerabilities were found in Chromium. For further information please consult the release notes referenced below. Impact == A remote attacker could trick a user to perform a set of UI actions that trigger a possibly exploitable crash, leading to execution of arbitrary code or a Denial of Service. It was also possible for an attacker to entice a user to visit a specially-crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code within the confines of the sandbox, successful Cross-Site Scripting attacks, violation of the same-origin policy, successful website spoofing attacks, information leak, or a Denial of Service. An attacker could also trick a user to perform a set of UI actions that might result in a successful website spoofing attack. Multiple bugs in the sandbox could result in a sandbox escape. Multiple UI bugs could lead to information leak and successful website spoofing attacks. Workaround == There is no known workaround at this time. Resolution == All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/chromium-8.0.552.224 References == [ 1 ] Release Notes 5.0.375.86 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html [ 2 ] Release Notes 5.0.375.99 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html [ 3 ] Release Notes 5.0.375.125 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html [ 4 ] Release Notes 5.0.375.127 http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html [ 5 ] Release Notes 6.0.472.59 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html [ 6 ] Release Notes 6.0.472.62 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html [ 7 ] Release Notes 7.0.517.41 http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html [ 8 ] Release Notes 7.0.517.44 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html [ 9 ] Release Notes 8.0.552.215 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html [ 10 ] Release Notes 8.0.552.224 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201012-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201011-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GNU C library: Multiple vulnerabilities Date: November 15, 2010 Bugs: #285818, #32, #330923, #335871, #341755 ID: 201011-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Background == The GNU C library is the standard C library used by Gentoo Linux systems. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-libs/glibc 2.11.2-r3 = 2.11.2-r3 Description === Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Impact == A local attacker could execute arbitrary code as root, cause a Denial of Service, or gain privileges. Additionally, a user-assisted remote attacker could cause the execution of arbitrary code, and a context-dependent attacker could cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All GNU C library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-libs/glibc-2.11.2-r3 References == [ 1 ] CVE-2009-4880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4880 [ 2 ] CVE-2009-4881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4881 [ 3 ] CVE-2010-0296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296 [ 4 ] CVE-2010-0830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830 [ 5 ] CVE-2010-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847 [ 6 ] CVE-2010-3856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201011-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201009-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Clam AntiVirus: Multiple vulnerabilities Date: September 07, 2010 Bugs: #314087, #321157 ID: 201009-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Clam AntiVirus. Background == Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav 0.96.1 = 0.96.1 Description === Multiple vulnerabilities were discovered in Clam AntiVirus. For further information, please consult the CVE entries referenced below. Impact == A remote attacker could possibly bypass virus detection or cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Clam AntiVirus users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-antivirus/clamav-0.96.1 References == [ 1 ] CVE-2010-0098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0098 [ 2 ] CVE-2010-1311 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311 [ 3 ] CVE-2010-1639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1639 [ 4 ] CVE-2010-1640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1640 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201009-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201006-05 ] Wireshark: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple vulnerabilities Date: June 01, 2010 Bugs: #297388, #318935 ID: 201006-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in Wireshark. Background == Wireshark is a versatile network protocol analyzer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/wireshark 1.2.8-r1 = 1.2.8-r1 Description === Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact == A remote attacker could cause a Denial of Service and possibly execute arbitrary code via crafted packets or malformed packet trace files. Workaround == There is no known workaround at this time. Resolution == All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/wireshark-1.2.8-r1 References == [ 1 ] CVE-2009-4376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376 [ 2 ] CVE-2009-4377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377 [ 3 ] CVE-2009-4378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4378 [ 4 ] CVE-2010-1455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1455 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201006-06 ] Transmission: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Transmission: Multiple vulnerabilities Date: June 01, 2010 Bugs: #309831 ID: 201006-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Stack-based buffer overflows in Transmission may allow for remote execution of arbitrary code. Background == Transmission is a cross-platform BitTorrent client. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-p2p/transmission1.92 = 1.92 Description === Multiple stack-based buffer overflows in the tr_magnetParse() function in libtransmission/magnet.c have been discovered. Impact == A remote attacker could cause a Denial of Service or possibly execute arbitrary code via a crafted magnet URL with a large number of tr or ws links. Workaround == There is no known workaround at this time. Resolution == All Transmission users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-p2p/transmission-1.92 References == [ 1 ] CVE-2010-1853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1853 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201006-07 ] SILC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SILC: Multiple vulnerabilities Date: June 01, 2010 Bugs: #284561 ID: 201006-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client, the worst of which allowing for execution of arbitrary code. Background == SILC (Secure Internet Live Conferencing protocol) Toolkit is a software development kit for use in clients, and SILC Client is an IRSSI-based text client. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-im/silc-toolkit 1.1.10 = 1.1.10 2 net-im/silc-client 1.1.8= 1.1.8 --- 2 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client. For further information please consult the CVE entries referenced below. Impact == A remote attacker could overwrite stack locations and possibly execute arbitrary code via a crafted OID value, Content-Length header or format string specifiers in a nickname field or channel name. Workaround == There is no known workaround at this time. Resolution == All SILC Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/silc-toolkit-1.1.10 All SILC Client users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/silc-client-1.1.8 References == [ 1 ] CVE-2008-7159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7159 [ 2 ] CVE-2008-7160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7160 [ 3 ] CVE-2009-3051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3051 [ 4 ] CVE-2009-3163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3163 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201006-08 ] nano: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nano: Multiple vulnerabilities Date: June 01, 2010 Bugs: #315355 ID: 201006-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Race conditions when editing files could lead to symlink attacks or changes of ownerships of important files. Background == nano is a GNU GPL'd Pico clone with more functionality. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-editors/nano2.2.4 = 2.2.4 Description === Multiple race condition vulnerabilities have been discovered in nano. For further information please consult the CVE entries referenced below. Impact == Under certain conditions, a local, user-assisted attacker could possibly overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim, or change the ownership of arbitrary files. Workaround == There is no known workaround at this time. Resolution == All nano users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-editors/nano-2.2.4 References == [ 1 ] CVE-2010-1160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1160 [ 2 ] CVE-2010-1161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1161 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201006-09 ] sudo: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: sudo: Privilege escalation Date: June 01, 2010 Bugs: #321697 ID: 201006-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A flaw in sudo's -e option may allow local attackers to execute arbitrary commands. Background == sudo allows a system administrator to give users the ability to run commands as other users. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-admin/sudo 1.7.2_p6 = 1.7.2_p6 Description === The command matching functionality does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for .. Impact == A local attacker with the permission to run sudoedit could, under certain circumstances, execute arbitrary commands as whichever user he has permission to run sudoedit as, typically root. Workaround == There is no known workaround at this time. Resolution == All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/sudo-1.7.2_p6 References == [ 1 ] CVE-2010-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 201001-03 ] PHP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: January 05, 2010 Bugs: #249875, #255121, #260576, #261192, #266125, #274670, #280602, #285434, #292132, #293888, #297369, #297370 ID: 201001-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Background == PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/php 5.2.12 = 5.2.12 Description === Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Impact == A context-dependent attacker could execute arbitrary code via a specially crafted string containing an HTML entity when the mbstring extension is enabled. Furthermore a remote attacker could execute arbitrary code via a specially crafted GD graphics file. A remote attacker could also cause a Denial of Service via a malformed string passed to the json_decode() function, via a specially crafted ZIP file passed to the php_zip_make_relative_path() function, via a malformed JPEG image passed to the exif_read_data() function, or via temporary file exhaustion. It is also possible for an attacker to spoof certificates, bypass various safe_mode and open_basedir restrictions when certain criteria are met, perform Cross-site scripting attacks, more easily perform SQL injection attacks, manipulate settings of other virtual hosts on the same server via a malicious .htaccess entry when running on Apache, disclose memory portions, and write arbitrary files via a specially crafted ZIP archive. Some vulnerabilities with unknown impact and attack vectors have been reported as well. Workaround == There is no known workaround at this time. Resolution == All PHP users should upgrade to the latest version. As PHP is statically linked against a vulnerable version of the c-client library when the imap or kolab USE flag is enabled (GLSA 200911-03), users should upgrade net-libs/c-client beforehand: # emerge --sync # emerge --ask --oneshot --verbose =net-libs/c-client-2007e # emerge --ask --oneshot --verbose =dev-lang/php-5.2.12 References == [ 1 ] CVE-2008-5498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498 [ 2 ] CVE-2008-5514 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514 [ 3 ] CVE-2008-5557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557 [ 4 ] CVE-2008-5624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624 [ 5 ] CVE-2008-5625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5625 [ 6 ] CVE-2008-5658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5658 [ 7 ] CVE-2008-5814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814 [ 8 ] CVE-2008-5844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5844 [ 9 ] CVE-2008-7002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7002 [ 10 ] CVE-2009-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754 [ 11 ] CVE-2009-1271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271 [ 12 ] CVE-2009-1272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1272 [ 13 ] CVE-2009-2626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2626 [ 14 ] CVE-2009-2687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687 [ 15 ] CVE-2009-3291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291 [ 16 ] CVE-2009-3292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292 [ 17 ] CVE-2009-3293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293 [ 18 ] CVE-2009-3546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 [ 19 ] CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 [ 20 ] CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 [ 21 ] CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 [ 22 ] CVE-2009-4142
[ GLSA 200910-02 ] Pidgin: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200910-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Pidgin: Multiple vulnerabilities Date: October 22, 2009 Bugs: #276000, #281545, #283324 ID: 200910-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Background == Pidgin is a client for a variety of instant messaging protocols. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-im/pidgin 2.5.9-r1 = 2.5.9-r1 Description === Multiple vulnerabilities were found in Pidgin: * Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an allocation of a large amount of memory (CVE-2009-1889). * Federico Muttis of Core Security Technologies reported that the msn_slplink_process_msg() function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin doesn't properly process incoming SLP messages, triggering an overwrite of an arbitrary memory location (CVE-2009-2694). NOTE: This issue reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA 200905-07). * bugdave reported that protocols/jabber/auth.c in libpurple as used in Pidgin does not follow the require TSL/SSL preference when connecting to older Jabber servers that do not follow the XMPP specification, resulting in a connection to the server without the expected encryption (CVE-2009-3026). Impact == A remote attacker could send specially crafted SLP (via MSN) or ICQ web messages, possibly leading to execution of arbitrary code with the privileges of the user running Pidgin, unauthorized information disclosure, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Pidgin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/pidgin-2.5.9-r1 References == [ 1 ] CVE-2009-1376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376 [ 2 ] CVE-2009-1889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1889 [ 3 ] CVE-2009-2694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694 [ 4 ] CVE-2009-3026 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026 [ 5 ] GLSA 200905-07 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200910-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200909-17 ] ZNC: Directory traversal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ZNC: Directory traversal Date: September 13, 2009 Bugs: #278684 ID: 200909-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A directory traversal was found in ZNC, allowing for overwriting of arbitrary files. Background == ZNC is an advanced IRC bouncer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-irc/znc0.074= 0.074 Description === The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact == A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user running ZNC, and possibly cause the execution of arbitrary code e.g. by uploading a malicious ZNC module. Workaround == There is no known workaround at this time. Resolution == All ZNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/znc-0.074 References == [ 1 ] CVE-2009-2658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2658 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200909-16 ] Wireshark: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Denial of Service Date: September 13, 2009 Bugs: #278564 ID: 200909-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service. Background == Wireshark is a versatile network protocol analyzer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/wireshark1.2.1 = 1.2.1 Description === Multiple vulnerabilities were discovered in Wireshark: * A buffer overflow in the IPMI dissector related to an array index error (CVE-2009-2559). * Multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560). * An unspecified vulnerability in the sFlow dissector (CVE-2009-2561). * An unspecified vulnerability in the AFS dissector (CVE-2009-2562). * An unspecified vulnerability in the Infiniband dissector when running on unspecified platforms (CVE-2009-2563). Impact == A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file to cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/wireshark-1.2.1 References == [ 1 ] CVE-2009-2559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2559 [ 2 ] CVE-2009-2560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560 [ 3 ] CVE-2009-2561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2561 [ 4 ] CVE-2009-2562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562 [ 5 ] CVE-2009-2563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200908-01 ] OpenSC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSC: Multiple vulnerabilities Date: August 01, 2009 Bugs: #260514, #269920 ID: 200908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in OpenSC. Background == OpenSC provides a set of libraries and utilities to access smart cards. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/opensc 0.11.8 = 0.11.8 Description === Multiple vulnerabilities were found in OpenSC: * b.badrignans discovered that OpenSC incorrectly initialises private data objects (CVE-2009-0368). * Miquel Comas Marti discovered that src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents (CVE-2009-1603). Impact == The first vulnerabilty allows physically proximate attackers to bypass intended PIN requirements and read private data objects. The second vulnerability allows attackers to read the cleartext form of messages that were intended to be encrypted. NOTE: Smart cards which were initialised using an affected version of OpenSC need to be modified or re-initialised. See the vendor's advisory for details. Workaround == There is no known workaround at this time. Resolution == All OpenSC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/opensc-0.11.8 References == [ 1 ] CVE-2009-0368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368 [ 2 ] CVE-2009-1603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603 [ 3 ] OpenSC Security Advisory http://www.opensc-project.org/pipermail/opensc-announce/2009-February/23.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200906-05 ] Wireshark: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200906-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Wireshark: Multiple vulnerabilities Date: June 30, 2009 Bugs: #242996, #248425, #258013, #264571, #271062 ID: 200906-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution. Background == Wireshark is a versatile network protocol analyzer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/wireshark1.0.8 = 1.0.8 Description === Multiple vulnerabilities have been discovered in Wireshark: * David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block (URB) (CVE-2008-4680). * Florent Drouin and David Maciejak reported an unspecified vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681). * A malformed Tamos CommView capture file (aka .ncf file) with an unknown/unexpected packet type triggers a failed assertion in wtap.c (CVE-2008-4682). * An unchecked packet length parameter in the dissect_btacl() function in packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous tvb_memcpy() call (CVE-2008-4683). * A vulnerability where packet-frame does not properly handle exceptions thrown by post dissectors caused by a certain series of packets (CVE-2008-4684). * Mike Davies reported a use-after-free vulnerability in the dissect_q931_cause_ie() function in packet-q931.c in the Q.931 dissector via certain packets that trigger an exception (CVE-2008-4685). * The Security Vulnerability Research Team of Bkis reported that the SMTP dissector could consume excessive amounts of CPU and memory (CVE-2008-5285). * The vendor reported that the WLCCP dissector could go into an infinite loop (CVE-2008-6472). * babi discovered a buffer overflow in wiretap/netscreen.c via a malformed NetScreen snoop file (CVE-2009-0599). * A specially crafted Tektronix K12 text capture file can cause an application crash (CVE-2009-0600). * A format string vulnerability via format string specifiers in the HOME environment variable (CVE-2009-0601). * THCX Labs reported a format string vulnerability in the PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string specifiers in the station name (CVE-2009-1210). * An unspecified vulnerability with unknown impact and attack vectors (CVE-2009-1266). * Marty Adkins and Chris Maynard discovered a parsing error in the dissector for the Check Point High-Availability Protocol (CPHAP) (CVE-2009-1268). * Magnus Homann discovered a parsing error when loading a Tektronix .rf5 file (CVE-2009-1269). * The vendor reported that the PCNFSD dissector could crash (CVE-2009-1829). Impact == A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark. Workaround == There is no known workaround at this time. Resolution == All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/wireshark-1.0.8 References == [ 1 ] CVE-2008-4680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680 [ 2 ] CVE-2008-4681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681 [ 3 ] CVE-2008-4682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682 [ 4 ] CVE-2008-4683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683 [ 5 ] CVE-2008-4684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684 [ 6 ] CVE-2008-4685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685 [ 7 ] CVE-2008-5285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285 [ 8 ] CVE-2008-6472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472 [ 9 ] CVE-2009-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599 [ 10 ] CVE-2009-0600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600 [ 11 ]
[ GLSA 200906-01 ] libpng: Information disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200906-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: libpng: Information disclosure Date: June 27, 2009 Bugs: #272970 ID: 200906-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in libpng that allows for information disclosure. Background == libpng is the official PNG reference library used to read, write and manipulate PNG images. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/libpng 1.2.37 = 1.2.37 Description === Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file. Impact == A remote attacker might entice a user to open a specially crafted PNG file, possibly resulting in the disclosure of sensitive memory portions. Workaround == There is no known workaround at this time. Resolution == All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libpng-1.2.37 References == [ 1 ] CVE-2009-2042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200906-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200904-12 ] Wicd: Information disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wicd: Information disclosure Date: April 10, 2009 Bugs: #258596 ID: 200904-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in Wicd may allow for disclosure of sensitive information. Background == Wicd is an open source wired and wireless network manager for Linux. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/wicd1.5.9 = 1.5.9 Description === Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object. Impact == A local attacker could exploit this vulnerability to receive messages that were intended for the Wicd daemon, possibly including credentials e.g. for wireless networks. Workaround == There is no known workaround at this time. Resolution == All Wicd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/wicd-1.5.9 References == [ 1 ] CVE-2009-0489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200904-04 ] WeeChat: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WeeChat: Denial of Service Date: April 04, 2009 Bugs: #262997 ID: 200904-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A processing error in WeeChat might lead to a Denial of Service. Background == Wee Enhanced Environment for Chat (WeeChat) is a light and extensible console IRC client. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-irc/weechat 0.2.6.1 = 0.2.6.1 Description === Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact == A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a Denial of Service (application crash). Workaround == There is no known workaround at this time. Resolution == All WeeChat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/weechat-0.2.6.1 References == [ 1 ] CVE-2009-0661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0661 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: User-assisted execution of arbitrary code Date: March 20, 2009 Bugs: #254896 ID: 200903-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Amarok might allow for user-assisted execution of arbitrary code. Background == Amarok is an advanced music player. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/amarok 1.4.10-r2 = 1.4.10-r2 Description === Tobias Klein has discovered multiple vulnerabilities in Amarok: * Multiple integer overflows in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows (CVE-2009-0135). * Multiple array index errors in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can lead to invalid pointer dereferences, or the writing of a 0x00 byte to an arbitrary memory location after an allocation failure (CVE-2009-0136). Impact == A remote attacker could entice a user to open a specially crafted Audible Audio (.aa) file with a large nlen or vlen tag value to execute arbitrary code or cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Amarok users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/amarok-1.4.10-r2 References == [ 1 ] CVE-2009-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0135 [ 2 ] CVE-2009-0136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-34.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200903-30 ] Opera: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: March 16, 2009 Bugs: #247229, #261032 ID: 200903-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in Opera, the worst of which allow for the execution of arbitrary code. Background == Opera is a fast web browser that is available free of charge. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/opera9.64 = 9.64 Description === Multiple vulnerabilities were discovered in Opera: * Vitaly McLain reported a heap-based buffer overflow when processing host names in file:// URLs (CVE-2008-5178). * Alexios Fakos reported a vulnerability in the HTML parsing engine when processing web pages that trigger an invalid pointer calculation and heap corruption (CVE-2008-5679). * Red XIII reported that certain text-area contents can be manipulated to cause a buffer overlow (CVE-2008-5680). * David Bloom discovered that unspecified scripted URLs are not blocked during the feed preview (CVE-2008-5681). * Robert Swiecki of the Google Security Team reported a Cross-site scripting vulnerability (CVE-2008-5682). * An unspecified vulnerability reveals random data (CVE-2008-5683). * Tavis Ormandy of the Google Security Team reported a vulnerability when processing JPEG images that may corrupt memory (CVE pending). Impact == A remote attacker could entice a user to open a specially crafted JPEG image to cause a Denial of Service or execute arbitrary code, to process an overly long file:// URL or to open a specially crafted web page to execute arbitrary code. He could also read existing subscriptions and force subscriptions to arbitrary feed URLs, as well as inject arbitrary web script or HTML via built-in XSLT templates. Workaround == There is no known workaround at this time. Resolution == All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/opera-9.64 References == [ 1 ] CVE-2008-5178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5178 [ 2 ] CVE-2008-5679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5679 [ 3 ] CVE-2008-5680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5680 [ 4 ] CVE-2008-5681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5681 [ 5 ] CVE-2008-5682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5682 [ 6 ] CVE-2008-5683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5683 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-30.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200903-02 ] ZNC: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ZNC: Privilege escalation Date: March 06, 2009 Bugs: #260148 ID: 200903-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in ZNC allows for privilege escalation. Background == ZNC is an advanced IRC bouncer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-irc/znc0.066= 0.066 Description === cnu discovered multiple CRLF injection vulnerabilities in ZNC's webadmin module. Impact == A remote authenticated attacker could modify the znc.conf configuration file and gain privileges via newline characters in e.g. the QuitMessage field, and possibly execute arbitrary code. Workaround == There is no known workaround at this time. Resolution == All ZNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/znc-0.066 References == [ 1 ] CVE-2009-0759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0759 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200903-04 ] DevIL: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DevIL: User-assisted execution of arbitrary code Date: March 06, 2009 Bugs: #255217 ID: 200903-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple boundary errors in DevIL may allow for the execution of arbitrary code. Background == Developer's Image Library (DevIL) is a cross-platform image library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/devil1.7.7 = 1.7.7 Description === Stefan Cornelius (Secunia Research) discovered two boundary errors within the iGetHdrHeader() function in src-IL/src/il_hdr.c. Impact == A remote attacker could entice a user to open a specially crafted Radiance RGBE file, possibly resulting in the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All DevIL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/devil-1.7.7 References == [ 1 ] CVE-2008-5262 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5262 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200903-21 ] cURL: Arbitrary file access
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Arbitrary file access Date: March 09, 2009 Bugs: #260361 ID: 200903-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in cURL may allow for arbitrary file access. Background == cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/curl 7.19.4 = 7.19.4 Description === David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPT_FOLLOWLOCATION is enabled. Impact == A remote attacker could possibly exploit this vulnerability to make remote HTTP servers trigger arbitrary requests to intranet servers and read or overwrite arbitrary files via a redirect to a file: URL, or, if the libssh2 USE flag is enabled, execute arbitrary commands via a redirect to an scp: URL. Workaround == There is no known workaround at this time. Resolution == All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/curl-7.19.4 References == [ 1 ] CVE-2009-0037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200902-01 ] sudo: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: sudo: Privilege escalation Date: February 06, 2009 Bugs: #256633 ID: 200902-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in sudo may allow for privilege escalation. Background == sudo allows a system administrator to give users the ability to run commands as other users. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-admin/sudo1.7.0 = 1.7.0 Description === Harald Koenig discovered that sudo incorrectly handles group specifications in Runas_Alias (and related) entries when a group is specified in the list (using %group syntax, to allow a user to run commands as any member of that group) and the user is already a member of that group. Impact == A local attacker could possibly run commands as an arbitrary system user (including root). Workaround == There is no known workaround at this time. Resolution == All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-admin/sudo-1.7.0 References == [ 1 ] CVE-2009-0034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200901-07 ] MPlayer: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security AdvisoryGLSA 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Multiple vulnerabilities Date: January 12, 2009 Updated: January 12, 2009 Bugs: #231836, #239130, #251017 ID: 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Background == MPlayer is a media player including support for a wide range of audio and video formats. Affected packages = --- Package / Vulnerable /Unaffected --- 1 mplayer 1.0_rc2_p28058-r1 = 1.0_rc2_p28058-r1 Description === Multiple vulnerabilities have been reported in MPlayer: * A stack-based buffer overflow was found in the str_read_packet() function in libavformat/psxstr.c when processing crafted STR files that interleave audio and video sectors (CVE-2008-3162). * Felipe Andres Manzano reported multiple integer underflows in the demux_real_fill_buffer() function in demux_real.c when processing crafted Real Media files that cause the stream_read() function to read or write arbitrary memory (CVE-2008-3827). * Tobias Klein reported a stack-based buffer overflow in the demux_open_vqf() function in libmpdemux/demux_vqf.c when processing malformed TwinVQ files (CVE-2008-5616). Impact == A remote attacker could entice a user to open a specially crafted STR, Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/mplayer-1.0_rc2_p28058-r1 References == [ 1 ] CVE-2008-3162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162 [ 2 ] CVE-2008-3827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3827 [ 3 ] CVE-2008-5616 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200812-24 ] VLC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: Multiple vulnerabilities Date: December 24, 2008 Bugs: #245774, #249391 ID: 200812-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Background == VLC is a cross-platform media player and streaming server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/vlc 0.9.8a = 0.9.8a Description === Tobias Klein reported the following vulnerabilities: * A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032). * A stack-based buffer overflow when processing RealText (.rt) subtitle files in the ParseRealText() function in modules/demux/subtitle.c (CVE-2008-5036). * An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin, leading to a heap-based buffer overflow (CVE-2008-5276). Impact == A remote attacker could entice a user to open a specially crafted CUE image file, RealMedia file or RealText subtitle file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/vlc-0.9.8a References == [ 1 ] CVE-2008-5032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032 [ 2 ] CVE-2008-5036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036 [ 3 ] CVE-2008-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5276 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-24.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200812-17 ] Ruby: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Multiple vulnerabilities Date: December 16, 2008 Bugs: #225465, #236060 ID: 200812-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. Background == Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (WEBRick) and a class for XML parsing (REXML). Affected packages = --- Package/ Vulnerable / Unaffected --- 1 dev-lang/ruby 1.8.6_p287-r1 = 1.8.6_p287-r1 Description === Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: * Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662). * Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663). * Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664). * Memory corruption (REALLOC_N) in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725). * Memory corruption (beg + rlen) in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726). Furthermore, several other vulnerabilities have been reported: * Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447). * Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376). * Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655). * Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656). * A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by sheepman (CVE-2008-3657). * Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905). * Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790). Impact == These vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion. Workaround == There is no known workaround at this time. Resolution == All Ruby users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/ruby-1.8.6_p287-r1 References == [ 1 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [ 2 ] CVE-2008-2376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 [ 3 ] CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 [ 4 ] CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 [ 5 ] CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 [ 6 ] CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 [ 7 ] CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 [ 8 ] CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 [ 9 ] CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 [ 10 ] CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 [ 11 ] CVE-2008-3790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 [ 12 ] CVE-2008-3905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
[ GLSA 200812-14 ] aview: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: aview: Insecure temporary file usage Date: December 14, 2008 Bugs: #235808 ID: 200812-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in aview, leading to symlink attacks. Background == aview is an ASCII image viewer and animation player. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 media-gfx/aview 1.3.0_rc1-r1= 1.3.0_rc1-r1 Description === Dmitry E. Oboukhov reported that aview uses the /tmp/aview$$.pgm file in an insecure manner when processing files. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files on the system with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All aview users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-gfx/aview-1.3.0_rc1-r1 References == [ 1 ] CVE-2008-4935 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4935 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200812-16 ] Dovecot: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dovecot: Multiple vulnerabilities Date: December 14, 2008 Bugs: #240409, #244962, #245316 ID: 200812-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in the Dovecot mailserver. Background == Dovecot is an IMAP and POP3 server written with security primarily in mind. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-mail/dovecot 1.1.7-r1 = 1.1.7-r1 Description === Several vulnerabilities were found in Dovecot: * The k right in the acl_plugin does not work as expected (CVE-2008-4577, CVE-2008-4578) * The dovecot.conf is world-readable, providing improper protection for the ssl_key_password setting (CVE-2008-4870) * A permanent Denial of Service with broken mail headers is possible (CVE-2008-4907) Impact == These vulnerabilities might allow a remote attacker to cause a Denial of Service, to circumvent security restrictions or allow local attackers to disclose the passphrase of the SSL private key. Workaround == There is no known workaround at this time. Resolution == All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-mail/dovecot-1.1.7-r1 Users should be aware that dovecot.conf will still be world-readable after the update. If employing ssl_key_password, it should not be used in dovecot.conf but in a separate file which should be included with include_try. References == [ 1 ] CVE-2008-4577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577 [ 2 ] CVE-2008-4578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578 [ 3 ] CVE-2008-4870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4870 [ 4 ] CVE-2008-4907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4907 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200812-12 ] Honeyd: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Honeyd: Insecure temporary file creation Date: December 12, 2008 Bugs: #237481 ID: 200812-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in Honeyd, possibly leading to symlink attacks. Background == Honeyd is a small daemon that creates virtual hosts on a network. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/honeyd 1.5c-r1 = 1.5c-r1 Description === Dmitry E. Oboukhov reported an insecure temporary file usage within the test.sh script. Impact == A local attacker could perform symlink attacks and overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Honeyd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/honeyd-1.5c-r1 References == [ 1 ] CVE-2008-3928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3928 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200811-05 ] PHP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 16, 2008 Bugs: #209148, #212211, #215266, #228369, #230575, #234102 ID: 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background == PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/php 5.2.6-r6 = 5.2.6-r6 Description === Several vulnerabilitites were found in PHP: * PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674). * Multiple crash issues in several PHP functions have been discovered. * Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599). * An off-by-one error in the metaphone() function may lead to memory corruption. * Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384). * Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050). * Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051). * Stefan Esser reported that a short-coming in PHP's algorithm of seeding the random number generator might allow for predictible random numbers (CVE-2008-2107, CVE-2008-2108). * The IMAP extension in PHP uses obsolete c-client API calls making it vulnerable to buffer overflows as no bounds checking can be done (CVE-2008-2829). * Tavis Ormandy reported a heap-based buffer overflow in pcre_compile.c in the PCRE version shipped by PHP when processing user-supplied regular expressions (CVE-2008-2371). * CzechSec reported that specially crafted font files can lead to an overflow in the imageloadfont() function in ext/gd/gd.c, which is part of the GD extension (CVE-2008-3658). * Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665, CVE-2008-2666). * Laurent Gaffie discovered a buffer overflow in the internal memnstr() function, which is used by the PHP function explode() (CVE-2008-3659). * An error in the FastCGI SAPI when processing a request with multiple dots preceding the extension (CVE-2008-3660). Impact == These vulnerabilities might allow a remote attacker to execute arbitrary code, to cause a Denial of Service, to circumvent security restrictions, to disclose information, and to manipulate files. Workaround == There is no known workaround at this time. Resolution == All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/php-5.2.6-r6 References == [ 1 ] CVE-2008-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 [ 2 ] CVE-2008-0674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674 [ 3 ] CVE-2008-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384 [ 4 ] CVE-2008-2050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050 [ 5 ] CVE-2008-2051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051 [ 6 ] CVE-2008-2107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 [ 7 ] CVE-2008-2108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108 [ 8 ] CVE-2008-2371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371 [ 9 ] CVE-2008-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665 [ 10 ] CVE-2008-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666 [ 11
[ GLSA 200811-02 ] Gallery: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gallery: Multiple vulnerabilities Date: November 09, 2008 Bugs: #234137, #238113 ID: 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials. Background == Gallery is an open source web based photo album organizer. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/gallery2.2.6 = 2.2.6 *= 1.5.9 Description === Multiple vulnerabilities have been discovered in Gallery 1 and 2: * Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when register_globals is enabled (CVE-2008-3600). * Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3662). * Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP archives containing symbolic links (CVE-2008-4129). * The vendor reported a Cross-Site Scripting vulnerability in Gallery 2 (CVE-2008-4130). Impact == Remote attackers could send specially crafted requests to a server running Gallery, allowing for the execution of arbitrary code when register_globals is enabled, or read arbitrary files via directory traversals otherwise. Attackers could also entice users to visit crafted links allowing for theft of login credentials. Workaround == There is no known workaround at this time. Resolution == All Gallery 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/gallery-2.2.6 All Gallery 1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/gallery-1.5.9 References == [ 1 ] CVE-2008-3600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600 [ 2 ] CVE-2008-3662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662 [ 3 ] CVE-2008-4129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129 [ 4 ] CVE-2008-4130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200811-03 ] FAAD2: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FAAD2: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #238445 ID: 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in FAAD2 might lead to user-assisted execution of arbitrary code via an MP4 file. Background == FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/faad2 2.6.1-r2 = 2.6.1-r2 Description === The ICST-ERCIS (Peking University) reported a heap-based buffer overflow in the decodeMP4file() function in frontend/main.c. Impact == A remote attacker could entice a user to open a specially crafted MPEG-4 (MP4) file in an application using FAAD2, possibly leading to the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All FAAD2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/faad2-2.6.1-r2 References == [ 1 ] CVE-2008-4201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200810-01 ] WordNet: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WordNet: Execution of arbitrary code Date: October 07, 2008 Bugs: #211491 ID: 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Background == WordNet is a large lexical database of English. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-dicts/wordnet 3.0-r2 = 3.0-r2 Description === Jukka Ruohonen initially reported a boundary error within the searchwn() function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: * Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary errors within the searchwn() function in src/wn.c, the wngrep() function in lib/search.c, the morphstr() and morphword() functions in lib/morph.c, and the getindex() in lib/search.c, which lead to stack-based buffer overflows. * Rob Holland (oCERT) reported two boundary errors within the do_init() function in lib/morph.c, which lead to stack-based buffer overflows via specially crafted WNSEARCHDIR or WNHOME environment variables. * Rob Holland (oCERT) reported multiple boundary errors in the bin_search() and bin_search_key() functions in binsrch.c, which lead to stack-based buffer overflows via specially crafted data files. * Rob Holland (oCERT) reported a boundary error within the parse_index() function in lib/search.c, which leads to a heap-based buffer overflow via specially crafted data files. Impact == * In case the application is accessible e.g. via a web server, a remote attacker could pass overly long strings as arguments to the wm binary, possibly leading to the execution of arbitrary code. * A local attacker could exploit the second vulnerability via specially crafted WNSEARCHDIR or WNHOME environment variables, possibly leading to the execution of arbitrary code with escalated privileges. * A local attacker could exploit the third and fourth vulnerability by making the application use specially crafted data files, possibly leading to the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All WordNet users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-dicts/wordnet-3.0-r2 References == [ 1 ] CVE-2008-2149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 [ 2 ] CVE-2008-3908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3908 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200807-09 ] Mercurial: Directory traversal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mercurial: Directory traversal Date: July 15, 2008 Bugs: #230193 ID: 200807-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A directory traversal vulnerability in Mercurial allows for the renaming of arbitrary files. Background == Mercurial is a distributed Source Control Management system. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-util/mercurial 1.0.1-r2 = 1.0.1-r2 Description === Jakub Wilk discovered a directory traversal vulnerabilty in the applydiff() function in the mercurial/patch.py file. Impact == A remote attacker could entice a user to import a specially crafted patch, possibly resulting in the renaming of arbitrary files, even outside the repository. Workaround == There is no known workaround at this time. Resolution == All Mercurial users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-util/mercurial-1.0.1-r2 References == [ 1 ] CVE-2008-2942 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2942 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200807-01 ] Python: Multiple integer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Python: Multiple integer overflows Date: July 01, 2008 Bugs: #216673, #217221 ID: 200807-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows may allow for Denial of Service. Background == Python is an interpreted, interactive, object-oriented programming language. Affected packages = --- Package / Vulnerable /Unaffected --- 1 dev-lang/python 2.4.4-r13 *= 2.3.6-r6 = 2.4.4-r13 Description === Multiple vulnerabilities were discovered in Python: * David Remahl reported multiple integer overflows in the file imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679). This issue is due to an incomplete fix for CVE-2007-4965. * Justin Ferguson discovered that an integer signedness error in the zlib extension module might trigger insufficient memory allocation and a buffer overflow via a negative signed integer (CVE-2008-1721). * Justin Ferguson discovered that insufficient input validation in the PyString_FromStringAndSize() function might lead to a buffer overflow (CVE-2008-1887). Impact == A remote attacker could exploit these vulnerabilities to cause a Denial of Service or possibly the remote execution of arbitrary code with the privileges of the user running Python. Workaround == There is no known workaround at this time. Resolution == The imageop module is no longer built in the unaffected versions. All Python 2.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/python-2.3.6-r6 All Python 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/python-2.4.4-r13 References == [ 1 ] CVE-2008-1679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679 [ 2 ] CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 [ 3 ] CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200807-02 ] Motion: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Motion: Execution of arbitrary code Date: July 01, 2008 Bugs: #227053 ID: 200807-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Motion might result in the execution of arbitrary code. Background == Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/motion 3.2.10.1 = 3.2.10.1 Description === Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled. Impact == A remote attacker could exploit these vulnerabilities by sending an overly long or specially crafted request to a vulnerable Motion HTTP control interface, possibly resulting in the execution of arbitrary code with the privileges of the motion user. Workaround == There is no known workaround at this time. Resolution == All Motion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/motion-3.2.10.1 References == [ 1 ] CVE-2008-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2654 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200806-11 ] IBM JDK/JRE: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200806-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IBM JDK/JRE: Multiple vulnerabilities Date: June 25, 2008 Bugs: #186277, #198644, #216112 ID: 200806-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been found in IBM Java Development Kit (JDK) and Java Runtime Environment (JRE), resulting in the execution of arbitrary code. Background == The IBM Java Development Kit (JDK) and the IBM Java Runtime Environment (JRE) provide the IBM Java platform. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-java/ibm-jdk-bin 1.5.0.7= 1.5.0.7 *= 1.4.2.11 2 dev-java/ibm-jre-bin 1.5.0.7= 1.5.0.7 *= 1.4.2.11 --- 2 affected packages on all of their supported architectures. --- Description === Because of sharing the same codebase, IBM JDK and JRE are affected by the vulnerabilities mentioned in GLSA 200804-20. Impact == A remote attacker could entice a user to run a specially crafted applet on a website or start an application in Java Web Start to execute arbitrary code outside of the Java sandbox and of the Java security restrictions with the privileges of the user running Java. The attacker could also obtain sensitive information, create, modify, rename and read local files, execute local applications, establish connections in the local network, bypass the same origin policy, and cause a Denial of Service via multiple vectors. Workaround == There is no known workaround at this time. Resolution == All IBM JDK 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/ibm-jdk-bin-1.5.0.7 All IBM JDK 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/ibm-jdk-bin-1.4.2.11 All IBM JRE 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/ibm-jre-bin-1.5.0.7 All IBM JRE 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/ibm-jre-bin-1.4.2.11 References == [ 1 ] GLSA 200804-20 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200806-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200806-03 ] Imlib 2: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200806-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Imlib 2: User-assisted execution of arbitrary code Date: June 08, 2008 Bugs: #223965 ID: 200806-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities in Imlib 2 may allow for the execution of arbitrary code. Background == Imlib 2 is an advanced replacement library for libraries like libXpm. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/imlib2 1.4.0-r1 = 1.4.0-r1 Description === Stefan Cornelius (Secunia Research) reported two boundary errors in Imlib2: * One of them within the load() function in the file src/modules/loaders/loader_pnm.c when processing the header of a PNM image file, possibly leading to a stack-based buffer overflow. * The second one within the load() function in the file src/modules/loader_xpm.c when processing an XPM image file, possibly leading to a stack-based buffer overflow. Impact == A remote attacker could entice a user to open a specially crafted PNM or XPM image, possibly resulting in the execution of arbitrary code with the rights of the user running the application using Imlib 2. Workaround == There is no known workaround at this time. Resolution == All Imlib 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/imlib2-1.4.0-r1 References == [ 1 ] CVE-2008-2426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200806-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200806-02 ] libxslt: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200806-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxslt: Execution of arbitrary code Date: June 03, 2008 Bugs: #222499 ID: 200806-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability was found in libxslt, possibly resulting in the execution of arbitrary code and Denial of Service. Background == Libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/libxslt 1.1.24 = 1.1.24 Description === Anthony de Almeida Lopes reported a vulnerability in libxslt when handling XSL style-sheet files, which could be exploited to trigger the use of uninitialized memory, e.g. in a call to free(). Impact == A remote attacker could entice a user or automated system to process an XML file using a specially crafted XSL transformation file, possibly resulting in the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All libxslt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/libxslt-1.1.24 References == [ 1 ] CVE-2008-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200806-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200806-01 ] mtr: Stack-based buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200806-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: mtr: Stack-based buffer overflow Date: June 03, 2008 Bugs: #223017 ID: 200806-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A stack-based buffer overflow was found in mtr, possibly resulting in the execution of arbitrary code. Background == mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/mtr 0.73-r1= 0.73-r1 Description === Adam Zabrocki reported a boundary error within the split_redraw() function in the file split.c, possibly leading to a stack-based buffer overflow. Impact == A remote attacker could use a specially crafted resolved hostname to execute arbitrary code with root privileges. However, it is required that the attacker controls the DNS server used by the victim, and that the -p (or --split) command line option is used. Workaround == There is no known workaround at this time. Resolution == All mtr users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/mtr-0.73-r1 References == [ 1 ] CVE-2008-2357 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200806-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200805-22 ] MPlayer: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: User-assisted execution of arbitrary code Date: May 29, 2008 Bugs: #215006 ID: 200805-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow vulnerability in MPlayer may allow for the execution of arbitrary code. Background == MPlayer is a media player including support for a wide range of audio and video formats. Affected packages = --- Package / Vulnerable /Unaffected --- 1 media-video/mplayer 1.0_rc2_p26753= 1.0_rc2_p26753 Description === k`sOSe reported an integer overflow vulnerability in the sdpplin_parse() function in the file stream/realrtsp/sdpplin.c, which can be exploited to overwrite arbitrary memory regions via an overly large StreamCount SDP parameter. Impact == A remote attacker could entice a user to open a specially crafted media file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer. Workaround == There is no known workaround at this time. Resolution == All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/mplayer-1.0_rc2_p26753 References == [ 1 ] CVE-2008-1558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1558 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200805-21 ] Roundup: Permission bypass
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Roundup: Permission bypass Date: May 27, 2008 Bugs: #212488, #214666 ID: 200805-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in Roundup allows for bypassing permission restrictions. Background == Roundup is an issue-tracking system with command-line, web and e-mail interfaces. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/roundup 1.4.4-r1 = 1.4.4-r1 Description === Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474). Impact == A remote attacker could possibly exploit the first vulnerability to edit or view restricted properties via the list(), display(), and set() methods. The impact and attack vectors of the second vulnerability are unknown. Workaround == There is no known workaround at this time. Resolution == All Roundup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/roundup-1.4.4-r1 References == [ 1 ] CVE-2008-1474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1474 [ 2 ] CVE-2008-1475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1475 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200805-17 ] Perl: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl: Execution of arbitrary code Date: May 20, 2008 Bugs: #219203 ID: 200805-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A double free vulnerability was discovered in Perl, possibly resulting in the execution of arbitrary code and a Denial of Service. Background == Perl is a stable, cross platform programming language. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-lang/perl 5.8.8-r5 = 5.8.8-r5 2 sys-devel/libperl 5.8.8-r2 = 5.8.8-r2 --- 2 affected packages on all of their supported architectures. --- Description === Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Impact == A remote attacker could possibly exploit this vulnerability to execute arbitrary code or cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/perl-5.8.8-r5 All libperl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-devel/libperl-5.8.8-r2 References == [ 1 ] CVE-2008-1927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200805-15 ] libid3tag: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libid3tag: Denial of Service Date: May 14, 2008 Bugs: #210564 ID: 200805-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A Denial of Service vulnerability was found in libid3tag. Background == libid3tag is an ID3 tag manipulation library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libid3tag 0.15.1b-r2 = 0.15.1b-r2 Description === Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Impact == A remote attacker could entice a user to open a specially crafted MP3 file, possibly resulting in a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All libid3tag users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libid3tag-0.15.1b-r2 References == [ 1 ] CVE-2008-2109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Multiple X11 terminals: Local privilege escalation Date: May 07, 2008 Bugs: #216833, #217819, #219746, #219750, #219754, #219760, #219762 ID: 200805-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm, allowing for local privilege escalation. Background == Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 terminal emulators. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-terms/aterm 1.0.1-r1= 1.0.1-r1 2 x11-terms/eterm 0.9.4-r1= 0.9.4-r1 3 x11-terms/mrxvt 0.5.3-r2= 0.5.3-r2 4 x11-terms/multi-aterm0.2.1-r1= 0.2.1-r1 5 x11-terms/rxvt 2.7.10-r4 = 2.7.10-r4 6 x11-terms/rxvt-unicode9.02-r1 = 9.02-r1 7 x11-terms/wterm 6.2.9-r3= 6.2.9-r3 --- 7 affected packages on all of their supported architectures. --- Description === Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Impact == A local attacker could exploit this vulnerability to hijack X11 terminals of other users. Workaround == There is no known workaround at this time. Resolution == All aterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-terms/aterm-1.0.1-r1 All Eterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-terms/eterm-0.9.4-r1 All Mrxvt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-terms/mrxvt-0.5.3-r2 All multi-aterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-terms/multi-aterm-0.2.1-r1 All RXVT users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-terms/rxvt-2.7.10-r4 All rxvt-unicode users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-terms/rxvt-unicode-9.02-r1 All wterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-terms/wterm-6.2.9-r3 References == [ 1 ] CVE-2008-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142 [ 2 ] CVE-2008-1692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200804-28 ] JRockit: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: JRockit: Multiple vulnerabilities Date: April 24, 2008 Bugs: #218226 ID: 200804-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been identified in BEA JRockit. Background == JRockit is BEA WebLogic's J2SE Development Kit. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-java/jrockit-jdk-bin 1.5.0.14 *= 1.4.2.16 = 1.5.0.14 Description === Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Impact == A remote attacker could entice a user to run a specially crafted applet on a website or start an application in Java Web Start to execute arbitrary code outside of the Java sandbox and of the Java security restrictions with the privileges of the user running Java. The attacker could also obtain sensitive information, create, modify, rename and read local files, execute local applications, establish connections in the local network, bypass the same origin policy, and cause a Denial of Service via multiple vectors. Workaround == There is no known workaround at this time. Resolution == All JRockit 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/jrockit-jdk-bin-1.4.2.16 All JRockit 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/jrockit-jdk-bin-1.5.0.14 References == [ 1 ] GLSA 200804-20 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-28.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200804-27 ] SILC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SILC: Multiple vulnerabilities Date: April 24, 2008 Bugs: #212362, #214116, #214812 ID: 200804-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in SILC Client, Server, and Toolkit, allowing for Denial of Service and execution of arbitrary code. Background == SILC (Secure Internet Live Conferencing protocol) Toolkit is a software development kit for use in clients, SILC Server is a communication server, and SILC Client is an IRSSI-based text client. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-im/silc-toolkit1.1.7= 1.1.7 2 net-im/silc-client 1.1.4= 1.1.4 3 net-im/silc-server 1.1.2= 1.1.2 --- 3 affected packages on all of their supported architectures. --- Description === * Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow (CVE-2008-1227). * A vulnerability has been reported in SILC Server which is caused due to an error in the handling of NEW_CLIENT packets that do not contain a nickname (CVE-2008-1429). * Ariel Waissbein, Pedro Varangot, Martin Mizrahi, Oren Isacson, Carlos Garcia, and Ivan Arce of Core Security Technologies reported that SILC Client, Server, and Toolkit contain a vulnerability in the silc_pkcs1_decode() function in the silccrypt library (silcpkcs1.c), resulting in an integer underflow, signedness error, and a buffer overflow (CVE-2008-1552). Impact == A remote attacker could exploit these vulnerabilities to cause a Denial of Service or execute arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All SILC Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/silc-toolkit-1.1.7 All SILC Client users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/silc-client-1.1.4 All SILC Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-im/silc-server-1.1.2 References == [ 1 ] CVE-2008-1227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1227 [ 2 ] CVE-2008-1429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1429 [ 3 ] CVE-2008-1552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1552 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-27.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200804-08 ] lighttpd: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: April 10, 2008 Bugs: #212930, #214892 ID: 200804-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Background == lighttpd is a lightweight high-performance web server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/lighttpd 1.4.19-r2= 1.4.19-r2 Description === Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the nobody user's $HOME is / (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531). Impact == A remote attacker could exploit the first vulnerability to read arbitrary files. The second vulnerability can be exploited by a remote attacker to cause a Denial of Service by terminating a victim's SSL connection. Workaround == As a workaround for CVE-2008-1270 you can set userdir.path to a sensible value, e.g. public_html. Resolution == All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/lighttpd-1.4.19-r2 References == [ 1 ] CVE-2008-1270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1270 [ 2 ] CVE-2008-1531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ViewVC: Multiple vulnerabilities Date: March 19, 2008 Bugs: #212288 ID: 200803-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple security issues have been reported in ViewVC, which can be exploited by malicious people to bypass certain security restrictions. Background == ViewVC is a browser interface for CVS and Subversion version control repositories. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/viewvc1.05 = 1.05 Description === Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact == A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on all-forbidden files, access hidden CVSROOT folders, and view restricted content via the revision view, the log history, or the diff view. Workaround == There is no known workaround at this time. Resolution == All ViewVC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/viewvc-1.05 References == [ 1 ] CVE-2008-1290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1290 [ 2 ] CVE-2008-1291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1291 [ 3 ] CVE-2008-1292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1292 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-29.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200803-24 ] PCRE: Buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security AdvisoryGLSA 200803-24:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PCRE: Buffer overflow Date: March 17, 2008 Updated: March 17, 2008 Bugs: #209067, #209293 ID: 200803-24:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in PCRE, allowing for the execution of arbitrary code and Denial of Service. Background == PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/libpcre 7.6-r1 = 7.6-r1 2 dev-libs/glib 2.14.6 = 2.14.6 2.14.0 --- 2 affected packages on all of their supported architectures. --- Description === PCRE contains a buffer overflow vulnerability when processing a character class containing a very large number of characters with codepoints greater than 255. Impact == A remote attacker could exploit this vulnerability by sending a specially crafted regular expression to an application making use of the PCRE library, which could possibly lead to the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All PCRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/libpcre-7.6-r1 All GLib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/glib-2.14.6 References == [ 1 ] CVE-2008-0674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-24.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFH3w2UD/IBIJzjypERAkEBAJ90l88QfhQbz2cSxhOZsZNRmXHjDwCfT4tA zJ4fapDOrpd8dukYZkMl/fM= =D3Hn -END PGP SIGNATURE-