[Full-disclosure] [ GLSA 200510-12 ] KOffice, KWord: RTF import buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200510-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: KOffice, KWord: RTF import buffer overflow
  Date: October 14, 2005
  Bugs: #108411
ID: 200510-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


KOffice and KWord are vulnerable to a buffer overflow in the RTF
importer, potentially resulting in the execution of arbitrary code.

Background
==

KOffice is an integrated office suite for KDE. KWord is the KOffice
word processor.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  app-office/koffice < 1.4.1-r1 >= 1.4.1-r1
  2  app-office/kword   < 1.4.1-r1 >= 1.4.1-r1
---
 2 affected packages on all of their supported architectures.
---

Description
===

Chris Evans discovered that the KWord RTF importer was vulnerable to a
heap-based buffer overflow.

Impact
==

An attacker could entice a user to open a specially-crafted RTF file,
potentially resulting in the execution of arbitrary code with the
rights of the user running the affected application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All KOffice users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.1-r1"

All KWord users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/kword-1.4.1-r1"

References
==

  [ 1 ] CAN-2005-2971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2971
  [ 2 ] KDE Security Advisory: KWord RTF import buffer overflow
http://www.kde.org/info/security/advisory-20051011-1.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-12.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgplb43OrZWYg.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200510-15 ] Lynx: Buffer overflow in NNTP processing

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200510-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Lynx: Buffer overflow in NNTP processing
  Date: October 17, 2005
  Bugs: #108451
ID: 200510-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Lynx contains a buffer overflow that may be exploited to execute
arbitrary code.

Background
==

Lynx is a text-mode browser for the World Wide Web. It supports
multiple URL types, including HTTP and NNTP URLs.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  www-client/lynx < 2.8.5-r1>= 2.8.5-r1

Description
===

When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves
information about the available articles in the target newsgroup. Ulf
Harnhammar discovered a buffer overflow in a function that handles the
escaping of special characters.

Impact
==

An attacker could setup a malicious NNTP server and entice a user to
access it using Lynx (either by creating NNTP links on a web page or by
forcing a redirect for Lynx users). The data returned by the NNTP
server would trigger the buffer overflow and execute arbitrary code
with the rights of the user running Lynx.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Lynx users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.5-r1"

References
==

  [ 1 ] CAN-2005-3120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3120

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-15.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpHBnCkrESmX.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200510-16 ] phpMyAdmin: Local file inclusion vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200510-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: phpMyAdmin: Local file inclusion vulnerability
  Date: October 17, 2005
  Bugs: #108939
ID: 200510-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


phpMyAdmin contains a local file inclusion vulnerability that may lead
to the execution of arbitrary code.

Background
==

phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the web.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-db/phpmyadmin < 2.6.4_p2  >= 2.6.4_p2

Description
===

Maksymilian Arciemowicz reported that in
libraries/grab_globals.lib.php, the $__redirect parameter was not
correctly validated. Systems running PHP in safe mode are not affected.

Impact
==

A local attacker may exploit this vulnerability by sending malicious
requests, causing the execution of arbitrary code with the rights of
the user running the web server.

Workaround
==

Run PHP in safe mode.

Resolution
==

All phpMyAdmin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.4_p2"

References
==

  [ 1 ] PMASA-2005-4
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-16.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpezWirBvgU6.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200510-25 ] Ethereal: Multiple vulnerabilities in protocol dissectors

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200510-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Ethereal: Multiple vulnerabilities in protocol dissectors
  Date: October 30, 2005
  Bugs: #109348
ID: 200510-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Ethereal is vulnerable to numerous vulnerabilities, potentially
resulting in the execution of arbitrary code or abnormal termination.

Background
==

Ethereal is a feature-rich network protocol analyzer.

Affected packages
=

---
 Package/   Vulnerable   /  Unaffected
---
  1  net-analyzer/ethereal < 0.10.13-r1  >= 0.10.13-r1

Description
===

There are numerous vulnerabilities in versions of Ethereal prior to
0.10.13, including:

* The SLIM3 and AgentX dissectors could overflow a buffer
  (CVE-2005-3243).

* iDEFENSE discovered a buffer overflow in the SRVLOC dissector
  (CVE-2005-3184).

* Multiple potential crashes in many dissectors have been fixed, see
  References for further details.

Furthermore an infinite loop was discovered in the IRC protocol
dissector of the 0.10.13 release (CVE-2005-3313).

Impact
==

An attacker might be able to use these vulnerabilities to crash
Ethereal or execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Ethereal users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.13-r1"

References
==

  [ 1 ] CVE-2005-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3184
  [ 2 ] CVE-2005-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3241
  [ 3 ] CVE-2005-3242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3242
  [ 4 ] CVE-2005-3243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3243
  [ 5 ] CVE-2005-3244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3244
  [ 6 ] CVE-2005-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3245
  [ 7 ] CVE-2005-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3246
  [ 8 ] CVE-2005-3247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3247
  [ 9 ] CVE-2005-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3248
  [ 10 ] CVE-2005-3249
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3249
  [ 11 ] CVE-2005-3313
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3313
  [ 12 ] Ethereal enpa-sa-00021
 http://www.ethereal.com/appnotes/enpa-sa-00021.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-25.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgph7TPIWlYvE.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200510-26 ] XLI, Xloadimage: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200510-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: XLI, Xloadimage: Buffer overflow
  Date: October 30, 2005
  Bugs: #108365
ID: 200510-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


XLI and Xloadimage contain a vulnerability which could potentially
result in the execution of arbitrary code.

Background
==

XLI and Xloadimage are X11 image manipulation utilities.

Affected packages
=

---
 Package   /   Vulnerable   /   Unaffected
---
  1  media-gfx/xli < 1.17.0-r2>= 1.17.0-r2
  2  media-gfx/xloadimage   < 4.1-r4 >= 4.1-r4
---
 2 affected packages on all of their supported architectures.
---

Description
===

When XLI or Xloadimage process an image, they create a new image object
to contain the new image, copying the title from the old image to the
newly created image. Ariel Berkman reported that the 'zoom', 'reduce',
and 'rotate' functions use a fixed length buffer to contain the new
title, which could be overwritten by the NIFF or XPM image processors.

Impact
==

A malicious user could craft a malicious XPM or NIFF file and entice a
user to view it using XLI, or manipulate it using Xloadimage,
potentially resulting in the execution of arbitrary code with the
permissions of the user running XLI or Xloadimage.

Workaround
==

There is no known workaround at this time.

Resolution
==

All XLI users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r2"

All Xloadimage users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r4"

References
==

  [ 1 ] CAN-2005-3178
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-26.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpf1VQBdQlx0.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200511-04 ] ClamAV: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: ClamAV: Multiple vulnerabilities
  Date: November 06, 2005
  Bugs: #109213
ID: 200511-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


ClamAV has many security flaws which make it vulnerable to remote
execution of arbitrary code and a Denial of Service.

Background
==

ClamAV is a GPL anti-virus toolkit, designed for integration with mail
servers to perform attachment scanning. ClamAV also provides a command
line scanner and a tool for fetching updates of the virus database.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-antivirus/clamav  < 0.87.1  >= 0.87.1

Description
===

ClamAV has multiple security flaws: a boundary check was performed
incorrectly in petite.c, a buffer size calculation in unfsg_133 was
incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a
possible infinite loop in cabd_find was fixed in cabd.c . In addition
to this, Marcin Owsiany reported that a corrupted DOC file causes a
segmentation fault in ClamAV.

Impact
==

By sending a malicious attachment to a mail server that is hooked with
ClamAV, a remote attacker could cause a Denial of Service or the
execution of arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All ClamAV users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87.1"

References
==

  [ 1 ] CAN-2005-3239
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239
  [ 2 ] CAN-2005-3303
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
  [ 3 ] ClamAV release notes
http://sourceforge.net/project/shownotes.php?release_id=368319
  [ 4 ] Zero Day Initiative advisory
http://www.zerodayinitiative.com/advisories/ZDI-05-002.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-04.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpnxPqqoDN2X.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200511-05 ] GNUMP3d: Directory traversal and XSS vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200511-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: GNUMP3d: Directory traversal and XSS vulnerabilities
  Date: November 06, 2005
  Bugs: #109667
ID: 200511-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


GNUMP3d is vulnerable to directory traversal and cross-site scripting
attacks that may result in information disclosure or the compromise of
a browser.

Background
==

GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and
other media formats.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  media-sound/gnump3d   < 2.9.7>= 2.9.7

Description
===

Steve Kemp reported about two cross-site scripting attacks that are
related to the handling of files (CVE-2005-3424, CVE-2005-3425). Also
reported is a directory traversal vulnerability which comes from the
attempt to sanitize input paths (CVE-2005-3123).

Impact
==

A remote attacker could exploit this to disclose sensitive information
or inject and execute malicious script code, potentially compromising
the victim's browser.

Workaround
==

There is no known workaround at this time.

Resolution
==

All GNUMP3d users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9.7"

References
==

  [ 1 ] CVE-2005-3123
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3123
  [ 2 ] CVE-2005-3424
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3424
  [ 3 ] CVE-2005-3425
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3425

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-05.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpJk4ewU6ADT.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200511-15 ] Smb4k: Local unauthorized file access

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200511-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Smb4k: Local unauthorized file access
  Date: November 18, 2005
  Bugs: #111089
ID: 200511-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A vulnerability has been identified that allows unauthorized access to
the contents of /etc/sudoers and /etc/super.tab files.

Background
==

Smb4K is a SMB/CIFS share browser for KDE.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  net-misc/smb4k   < 0.6.4 >= 0.6.4

Description
===

A vulnerability leading to unauthorized file access has been found. A
pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile
will cause Smb4k to write the contents of these files to the target of
the symlink, as Smb4k does not check for the existence of these files
before writing to them.

Impact
==

An attacker could acquire local privilege escalation by adding
username(s) to the list of sudoers.

Workaround
==

There is no known workaround at this time.

Resolution
==

All smb4k users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.4"

References
==

  [ 1 ] CVE-2005-2851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851
  [ 2 ] Smb4k Announcement
http://smb4k.berlios.de/

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-15.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpRkrGrybyJX.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200511-18 ] phpSysInfo: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200511-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: phpSysInfo: Multiple vulnerabilities
  Date: November 22, 2005
  Bugs: #112482
ID: 200511-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


phpSysInfo is vulnerable to multiple issues, including a local file
inclusion leading to information disclosure and the potential
execution of arbitrary code.

Background
==

phpSysInfo displays various system stats via PHP scripts.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  www-apps/phpsysinfo   < 2.4.1>= 2.4.1

Description
===

Christopher Kunz from the Hardened-PHP Project discovered that
phpSysInfo is vulnerable to local file inclusion, cross-site scripting
and a HTTP Response Splitting attacks.

Impact
==

A local attacker may exploit the file inclusion vulnerability by
sending malicious requests, causing the execution of arbitrary code
with the rights of the user running the web server. A remote attacker
could exploit the vulnerability to disclose local file content.
Furthermore, the cross-site scripting issues gives a remote attacker
the ability to inject and execute malicious script code in the user's
browser context or to steal cookie-based authentication credentials.
The HTTP response splitting issue give an attacker the ability to
perform site hijacking and cache poisoning.

Workaround
==

There is no known workaround at this time.

Resolution
==

All phpSysInfo users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpsysinfo-2.4.1"

References
==

  [ 1 ] Original advisory
http://www.hardened-php.net/advisory_222005.81.html
  [ 2 ] CVE-2005-3347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3347
  [ 3 ] CVE-2005-3348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3348

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-18.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp8gOrp1kelo.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200511-19 ] eix: Insecure temporary file creation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200511-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: eix: Insecure temporary file creation
  Date: November 22, 2005
  Bugs: #112061
ID: 200511-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


eix has an insecure temporary file creation vulnerability, potentially
allowing a local user to overwrite arbitrary files.

Background
==

eix is a small utility for searching ebuilds with indexing for fast
results.

Affected packages
=

---
 Package  /   Vulnerable   /Unaffected
---
  1  app-portage/eix < 0.5.0_pre2>= 0.5.0_pre2
  *>= 0.3.0-r2

Description
===

Eric Romang discovered that eix creates a temporary file with a
predictable name. eix creates a temporary file in /tmp/eix.*.sync where
* is the process ID of the shell running eix.

Impact
==

A local attacker can watch the process list and determine the process
ID of the shell running eix while the "emerge --sync" command is
running, then create a link from the corresponding temporary file to a
system file, which would result in the file being overwritten with the
rights of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All eix users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose app-portage/eix

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-19.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpsK4EbRxmlz.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200511-20 ] Horde Application Framework: XSS vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200511-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
 Title: Horde Application Framework: XSS vulnerability
  Date: November 22, 2005
  Bugs: #112491
ID: 200511-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


The Horde Application Framework is vulnerable to a cross-site scripting
vulnerability which could lead to the compromise of the victim's
browser content.

Background
==

The Horde Application Framework is a general-purpose web application
framework written in PHP, providing classes for handling preferences,
compression, browser detection, connection tracking, MIME, and more.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  www-apps/horde   < 2.2.9 >= 2.2.9

Description
===

The Horde Team reported a potential XSS vulnerability. Horde fails to
properly escape error messages which may lead to displaying unsanitized
error messages via Notification_Listener::getMessage()

Impact
==

By enticing a user to read a specially-crafted e-mail or using a
manipulated URL, an attacker can execute arbitrary scripts running in
the context of the victim's browser. This could lead to a compromise of
the user's browser content.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Horde Application Framework users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.9"

References
==

  [ 1 ] CVE-2005-3570
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3570
  [ 2 ] Horde Announcement
http://lists.horde.org/archives/announce/2005/000231.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-20.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpXc30hGXIoO.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200512-01 ] Perl: Format string errors can lead to code execution

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200512-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Perl: Format string errors can lead to code execution
  Date: December 07, 2005
  Bugs: #114113
ID: 200512-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A fix is available for Perl to mitigate the effects of format string
programming errors, that could otherwise be exploited to execute
arbitrary code.

Background
==

Perl is a stable, cross-platform programming language created by Larry
Wall. It contains printf functions that allows construction of strings
from format specifiers and parameters, like the C printf functions. A
well-known class of vulnerabilities, called format string errors,
result of the improper use of the printf functions in C. Perl in itself
is vulnerable to a limited form of format string errors through its own
sprintf function, especially through wrapper functions that call
sprintf (for example the syslog function) and by taking advantage of
Perl powerful string expansion features rather than using format string
specifiers.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-lang/perl < 5.8.7-r3  >= 5.8.7-r3
  *>= 5.8.6-r8

Description
===

Jack Louis discovered a new way to exploit format string errors in Perl
that could lead to the execution of arbitrary code. This is perfomed by
causing an integer wrap overflow in the efix variable inside the
function Perl_sv_vcatpvfn. The proposed fix closes that specific
exploitation vector to mitigate the risk of format string programming
errors in Perl. This fix does not remove the need to fix such errors in
Perl code.

Impact
==

Perl applications making improper use of printf functions (or derived
functions) using untrusted data may be vulnerable to the already-known
forms of Perl format string exploits and also to the execution of
arbitrary code.

Workaround
==

Fix all misbehaving Perl applications so that they make proper use of
the printf and derived Perl functions.

Resolution
==

All Perl users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/perl

References
==

  [ 1 ] CVE-2005-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962
  [ 2 ] Dyad Security Advisory
http://www.dyadsecurity.com/perl-0002.html
  [ 3 ] Research on format string errors in Perl
http://www.securityfocus.com/archive/1/418460/30/30

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200512-01.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpE8YztnvNe1.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200512-02 ] Webmin, Usermin: Format string vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200512-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Webmin, Usermin: Format string vulnerability
  Date: December 07, 2005
  Bugs: #113888
ID: 200512-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Webmin and Usermin are vulnerable to a format string vulnerability
which may lead to the execution of arbitrary code.

Background
==

Webmin is a web-based interface for Unix-like systems. Usermin is a
simplified version of Webmin designed for use by normal users rather
than system administrators.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  app-admin/webmin< 1.250  >= 1.250
  2  app-admin/usermin   < 1.180  >= 1.180
---
 2 affected packages on all of their supported architectures.
---

Description
===

Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web
server component is vulnerable to a Perl format string vulnerability.
Login with the supplied username is logged via the Perl "syslog"
facility in an unsafe manner.

Impact
==

A remote attacker can trigger this vulnerability via a specially
crafted username containing format string data. This can be exploited
to consume a large amount of CPU and memory resources on a vulnerable
system, and possibly to execute arbitrary code of the attacker's choice
with the permissions of the user running Webmin.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Webmin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/webmin-1.250"

All Usermin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/usermin-1.180"

References
==

  [ 1 ] CVE-2005-3912
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
  [ 2 ] Dyad Security Advisory
http://www.dyadsecurity.com/webmin-0001.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200512-02.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp3e2BChchT0.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200512-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: phpMyAdmin: Multiple vulnerabilities
  Date: December 11, 2005
  Bugs: #114662
ID: 200512-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple flaws in phpMyAdmin may lead to several XSS issues and local
and remote file inclusion vulnerabilities.

Background
==

phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the web.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-db/phpmyadmin < 2.7.0_p1  >= 2.7.0_p1

Description
===

Stefan Esser from Hardened-PHP reported about multiple vulnerabilties
found in phpMyAdmin. The $GLOBALS variable allows modifying the global
variable import_blacklist to open phpMyAdmin to local and remote file
inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9).
Furthermore, it is also possible to conduct an XSS attack via the
$HTTP_HOST variable and a local and remote file inclusion because the
contents of the variable are under total control of the attacker
(CVE-2005-3665, PMASA-2005-8).

Impact
==

A remote attacker may exploit these vulnerabilities by sending
malicious requests, causing the execution of arbitrary code with the
rights of the user running the web server. The cross-site scripting
issues allow a remote attacker to inject and execute malicious script
code or to steal cookie-based authentication credentials, potentially
allowing unauthorized access to phpMyAdmin.

Workaround
==

There is no known workaround at this time.

Resolution
==

All phpMyAdmin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.7.0_p1"

References
==

  [ 1 ] CVE-2005-3665
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3665
  [ 2 ] CVE-2005-4079
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4079
  [ 3 ] PMASA-2005-8
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8
  [ 4 ] PMASA-2005-9
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-9
  [ 5 ] Hardened-PHP Advisory 25/2005
http://www.hardened-php.net/advisory_252005.110.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200512-03.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpYv0g0lFTPl.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200512-08 ] Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200512-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
  Date: December 16, 2005
  Bugs: #114428, #115286
ID: 200512-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and
Poppler potentially resulting in the execution of arbitrary code.

Background
==

Xpdf and GPdf are PDF file viewers that run under the X Window System.
Poppler is a PDF rendering library based on Xpdf code. The Common UNIX
Printing System (CUPS) is a cross-platform print spooler. It makes use
of Xpdf code to handle PDF files.

Affected packages
=

---
 Package   /   Vulnerable   /   Unaffected
---
  1  app-text/xpdf  < 3.01-r2   >= 3.01-r2
  2  app-text/gpdf < 2.10.0-r2>= 2.10.0-r2
  3  app-text/poppler  < 0.4.2-r1  >= 0.4.2-r1
  4  net-print/cups< 1.1.23-r3>= 1.1.23-r3
---
 4 affected packages on all of their supported architectures.
---

Description
===

infamous41md discovered that several Xpdf functions lack sufficient
boundary checking, resulting in multiple exploitable buffer overflows.

Impact
==

An attacker could entice a user to open a specially-crafted PDF file
which would trigger an overflow, potentially resulting in execution of
arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or
Poppler.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Xpdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r2"

All GPdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r2"

All Poppler users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.2-r1"

All CUPS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r3"

References
==

  [ 1 ] CVE-2005-3191
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
  [ 2 ] CVE-2005-3192
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
  [ 3 ] CVE-2005-3193
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200512-08.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpSHALlbPkPo.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200512-09 ] cURL: Off-by-one errors in URL handling

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200512-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
 Title: cURL: Off-by-one errors in URL handling
  Date: December 16, 2005
  Bugs: #114710
ID: 200512-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


cURL is vulnerable to local arbitrary code execution via buffer
overflow due to the insecure parsing of URLs.

Background
==

cURL is a command line tool for transferring files with URL syntax,
supporting numerous protocols.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-misc/curl  < 7.15.1 >= 7.15.1

Description
===

Stefan Esser from the Hardened-PHP Project has reported a vulnerability
in cURL that allows for a local buffer overflow when cURL attempts to
parse specially crafted URLs. The URL can be specially crafted in one
of two ways: the URL could be malformed in a way that prevents a
terminating null byte from being added to either a hostname or path
buffer; or the URL could contain a "?" separator in the hostname
portion, which causes a "/" to be prepended to the resulting string.

Impact
==

An attacker capable of getting cURL to parse a maliciously crafted URL
could cause a denial of service or execute arbitrary code with the
privileges of the user making the call to cURL. An attacker could also
escape open_basedir or safe_mode pseudo-restrictions when exploiting
this problem from within a PHP program when PHP is compiled with
libcurl.

Workaround
==

There is no known workaround at this time.

Resolution
==

All cURL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.1"

References
==

  [ 1 ] CVE-2005-4077
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
  [ 2 ] Hardened-PHP Advisory
http://www.hardened-php.net/advisory_242005.109.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200512-09.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpyPagHcr8js.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: KPdf, KWord: Multiple overflows in included Xpdf code
  Date: January 04, 2006
  Bugs: #114429, #115851
ID: 200601-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.

Background
==

KPdf is a KDE-based PDF viewer included in the kdegraphics package.
KWord is a KDE-based word processor also included in the koffice
package.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  kde-base/kdegraphics < 3.4.3-r3   >= 3.4.3-r3
  2  kde-base/kpdf< 3.4.3-r3   >= 3.4.3-r3
  3  app-office/koffice   < 1.4.2-r6   >= 1.4.2-r6
  4  app-office/kword < 1.4.2-r6   >= 1.4.2-r6
---
 4 affected packages on all of their supported architectures.
---

Description
===

KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf
code is vulnerable to several heap overflows (GLSA 200512-08) as well
as several buffer and integer overflows discovered by Chris Evans.

Impact
==

An attacker could entice a user to open a specially crafted PDF file
with Kpdf or KWord, potentially resulting in the execution of arbitrary
code with the rights of the user running the affected application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All kdegraphics users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r3"

All Kpdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r3"

All KOffice users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.2-r6"

All KWord users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/kword-1.4.2-r6"

References
==

  [ 1 ] CAN-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191
  [ 2 ] CAN-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192
  [ 3 ] CAN-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
  [ 4 ] CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
  [ 5 ] CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
  [ 6 ] CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
  [ 7 ] CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
  [ 8 ] GLSA 200512-08
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
  [ 9 ] KDE Security Advisory: kpdf/xpdf multiple integer overflows
http://www.kde.org/info/security/advisory-20051207-2.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-02.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp9mx1Ce8Oc8.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: HylaFAX: Multiple vulnerabilities
  Date: January 06, 2006
  Bugs: #116389
ID: 200601-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


HylaFAX is vulnerable to arbitrary code execution and unauthorized
access vulnerabilities.

Background
==

HylaFAX is an enterprise-class system for sending and receiving
facsimile messages and for sending alpha-numeric pages.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  net-misc/hylafax < 4.2.3-r1   >= 4.2.3-r1

Description
===

Patrice Fournier discovered that HylaFAX runs the notify script on
untrusted user input. Furthermore, users can log in without a password
when HylaFAX is installed with the pam USE-flag disabled.

Impact
==

An attacker could exploit the input validation vulnerability to run
arbitrary code as the user running HylaFAX, which is usually uucp. The
password vulnerability could be exploited to log in without proper user
credentials.

Workaround
==

There is no known workaround at this time.

Resolution
==

All HylaFAX users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.3-r1"

References
==

  [ 1 ] CVE-2005-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3538
  [ 2 ] CVE-2005-3539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3539
  [ 3 ] HylaFAX release announcement
http://www.hylafax.org/content/HylaFAX_4.2.4_release

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-03.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpCq9DdZoOO1.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: VMware Workstation: Vulnerability in NAT networking
  Date: January 07, 2006
  Bugs: #116238
ID: 200601-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


VMware guest operating systems can execute arbitrary code with elevated
privileges on the host operating system through a flaw in NAT
networking.

Background
==

VMware Workstation is a powerful virtual machine for developers and
system administrators.

Affected packages
=

---
 Package /Vulnerable/   Unaffected
---
  1  vmware-workstation  < 5.5.1.19175  >= 5.5.1.19175
   *>= 4.5.3.19414

Description
===

Tim Shelton discovered that vmnet-natd, the host module providing
NAT-style networking for VMware guest operating systems, is unable to
process incorrect 'EPRT' and 'PORT' FTP requests.

Impact
==

Malicious guest operating systems using the NAT networking feature or
local VMware Workstation users could exploit this vulnerability to
execute arbitrary code on the host system with elevated privileges.

Workaround
==

Disable the NAT service by following the instructions at
http://www.vmware.com/support/kb, Answer ID 2002.

Resolution
==

All VMware Workstation users should upgrade to a fixed version:

# emerge --sync
# emerge --ask --oneshot --verbose app-emulation/vmware-workstation

References
==

  [ 1 ] CVE-2005-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4459
  [ 2 ] VMware Security Response
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-04.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpgQGEGgZHna.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: ClamAV: Remote execution of arbitrary code
  Date: January 13, 2006
  Bugs: #118459
ID: 200601-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


ClamAV is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.

Background
==

ClamAV is a GPL virus scanner.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-antivirus/clamav   < 0.88 >= 0.88

Description
===

Zero Day Initiative (ZDI) reported a heap buffer overflow
vulnerability. The vulnerability is due to an incorrect boundary check
of the user-supplied data prior to copying it to an insufficiently
sized memory buffer. The flaw occurs when the application attempts to
handle compressed UPX files.

Impact
==

For example by sending a maliciously crafted UPX file into a mail
server that is integrated with ClamAV, a remote attacker's supplied
code could be executed with escalated privileges.

Workaround
==

There is no known workaround at this time.

Resolution
==

All ClamAV users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88"

References
==

  [ 1 ] CVE-2006-0162
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-07.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpdxzWBzwAka.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-08 ] Blender: Heap-based buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Blender: Heap-based buffer overflow
  Date: January 13, 2006
  Bugs: #118163
ID: 200601-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Blender is vulnerable to a buffer overflow that may be exploited by
attackers to execute arbitrary code.

Background
==

Blender is an open source software for 3D modeling, animation,
rendering, post-production, interactive creation and playback.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  media-gfx/blender   < 2.40>= 2.40

Description
===

Damian Put has reported a flaw due to an integer overflow in the
"get_bhead()" function, leading to a heap overflow when processing
malformed ".blend" files.

Impact
==

A remote attacker could entice a user into opening a specially crafted
".blend" file, resulting in the execution of arbitrary code with the
permissions of the user running Blender.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Blender users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/blender-2.40"

References
==

  [ 1 ] CVE-2005-4470
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-08.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpFLN1VbLrLn.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Wine: Windows Metafile SETABORTPROC vulnerability
  Date: January 13, 2006
  Bugs: #118101
ID: 200601-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


There is a flaw in Wine in the handling of Windows Metafiles (WMF)
files, which could possibly result in the execution of arbitrary code.

Background
==

Wine is a free implementation of Windows APIs for Unix-like systems.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  app-emulation/wine < 20050930 >= 20050930

Description
===

H D Moore discovered that Wine implements the insecure-by-design
SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.

Impact
==

An attacker could entice a user to open a specially crafted Windows
Metafile (WMF) file from within a Wine executed Windows application,
possibly resulting in the execution of arbitrary code with the rights
of the user running Wine.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Wine users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/wine-20050930"

References
==

  [ 1 ] CVE-2006-0106
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-09.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpgLFGO6F28C.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200601-09:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Wine: Windows Metafile SETABORTPROC vulnerability
  Date: January 13, 2006
   Updated: January 15, 2006
  Bugs: #118101
ID: 200601-09:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Errata
==

Fixed packages were issued to fix this vulnerability in Wine, but some
of the fixed packages were missing the correct patch. All Wine users
should re-emerge Wine to make sure they are safe. The corrected
sections appear below.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  app-emulation/wine < 2006>= 0.9.0
 app-emulation/wine > 2004>= 0.9.0

Resolution
==

All Wine users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-09.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgptlalc8T4qL.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200503-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: KDE dcopidlng: Insecure temporary file creation
  Date: March 07, 2005
  Bugs: #81652
ID: 200503-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


The dcopidlng script is vulnerable to symlink attacks, potentially
allowing a local user to overwrite arbitrary files.

Background
==

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism.
dcopidlng is a DCOP helper script.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  kde-base/kdelibs < 3.3.2-r5   >= 3.3.2-r5
  *>= 3.2.3-r7

Description
===

Davide Madrisan has discovered that the dcopidlng script creates
temporary files in a world-writable directory with predictable names.

Impact
==

A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
dcopidlng is executed, this would result in the file being overwritten
with the rights of the user running the utility, which could be the
root user.

Workaround
==

There is no known workaround at this time.

Resolution
==

All kdelibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs

References
==

  [ 1 ] CAN-2005-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-14.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpyj8IVaF5KD.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

[Full-disclosure] [ GLSA 200503-19 ] MySQL: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200503-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: MySQL: Multiple vulnerabilities
  Date: March 16, 2005
  Bugs: #84819
ID: 200503-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


MySQL contains several vulnerabilities potentially leading to the
overwriting of local files or to the execution of arbitrary code.

Background
==

MySQL is a fast, multi-threaded, multi-user SQL database server.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  dev-db/mysql  < 4.0.24  >= 4.0.24

Description
===

MySQL fails to properly validate input for authenticated users with
INSERT and DELETE privileges (CAN-2005-0709 and CAN-2005-0710).
Furthermore MySQL uses predictable filenames when creating temporary
files with CREATE TEMPORARY TABLE (CAN-2005-0711).

Impact
==

At attacker with INSERT and DELETE privileges could exploit this to
manipulate the mysql table or accessing libc calls, potentially leading
to the execution of arbitrary code with the permissions of the user
running MySQL. An attacker with CREATE TEMPORARY TABLE privileges could
exploit this to overwrite arbitrary files via a symlink attack.

Workaround
==

There is no known workaround at this time.

Resolution
==

All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.24"

References
==

  [ 1 ] CAN-2005-0709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709
  [ 2 ] CAN-2005-0710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710
  [ 3 ] CAN-2005-0711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-19.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpSO8TiBYNcd.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

[Full-disclosure] [ GLSA 200503-20 ] curl: NTLM response buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200503-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: curl: NTLM response buffer overflow
  Date: March 16, 2005
  Bugs: #82534
ID: 200503-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


curl is vulnerable to a buffer overflow which could lead to the
execution of arbitrary code.

Background
==

curl is a command line tool for transferring files via many different
protocols.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-misc/curl  < 7.13.1 >= 7.13.1

Description
===

curl fails to properly check boundaries when handling NTLM
authentication.

Impact
==

With a malicious server an attacker could send a carefully crafted NTLM
response to a connecting client leading to the execution of arbitrary
code with the permissions of the user running curl.

Workaround
==

Disable NTLM authentication by not using the --anyauth or --ntlm
options.

Resolution
==

All curl users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1"

References
==

  [ 1 ] CAN-2005-0490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-20.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpp1BAZ73syJ.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

[Full-disclosure] [ GLSA 200503-22 ] KDE: Local Denial of Service

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200503-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: KDE: Local Denial of Service
  Date: March 19, 2005
  Bugs: #83814
ID: 200503-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


KDE is vulnerable to a local Denial of Service attack.

Background
==

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  kde-base/kdelibs < 3.3.2-r7   >= 3.3.2-r7
  *>= 3.2.3-r8

Description
===

Sebastian Krahmer discovered that it is possible to stall the
dcopserver of other users.

Impact
==

An attacker could exploit this to cause a local Denial of Service by
stalling the dcopserver in the authentication process. As a result all
desktop functionality relying on DCOP will cease to function.

Workaround
==

There is no known workaround at this time.

Resolution
==

All kdelibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs

References
==

  [ 1 ] CAN-2005-0396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-22.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpsvDqxwi1Tf.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

[Full-disclosure] [ GLSA 200503-23 ] rxvt-unicode: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200503-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: rxvt-unicode: Buffer overflow
  Date: March 20, 2005
  Bugs: #84680
ID: 200503-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


rxvt-unicode is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.

Background
==

rxvt-unicode is a clone of the well known terminal emulator rxvt.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  x11-terms/rxvt-unicode< 5.3>= 5.3
 < 4.8

Description
===

Rob Holland of the Gentoo Linux Security Audit Team discovered that
rxvt-unicode fails to properly check input length.

Impact
==

Successful exploitation would allow an attacker to execute arbitrary
code with the permissions of the user running rxvt-unicode.

Workaround
==

There is no known workaround at this time.

Resolution
==

All rxvt-unicode users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-5.3"

References
==

  [ 1 ] CAN-2005-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0764

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-23.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpRDFAcmAGli.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200503-24 ] LTris: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200503-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: LTris: Buffer overflow
  Date: March 20, 2005
  Bugs: #85770
ID: 200503-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


LTris is vulnerable to a buffer overflow which could lead to the
execution of arbitrary code.

Background
==

LTris is a Tetris clone.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  games-puzzle/ltris  < 1.0.10>= 1.0.10

Description
===

LTris is vulnerable to a buffer overflow when reading the global
highscores file.

Impact
==

By modifying the global highscores file a malicious user could trick
another user to execute arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All LTris users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-24.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpaF6ylSYvoc.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200503-34 ] mpg321: Format string vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200503-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: mpg321: Format string vulnerability
  Date: March 28, 2005
  Bugs: #86033
ID: 200503-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A flaw in the processing of ID3 tags in mpg321 could potentially lead
to the execution of arbitrary code.

Background
==

mpg321 is a GPL replacement for mpg123, a command line audio player
with support for ID3. ID3 is a tagging system that allows metadata to
be embedded within media files.

Affected packages
=

---
 Package /   Vulnerable   / Unaffected
---
  1  media-sound/mpg321  < 0.2.10-r2  >= 0.2.10-r2

Description
===

A routine security audit of the mpg321 package revealed a known
security issue remained unpatched. The vulnerability is a result of
mpg321 printing embedded ID3 data to the console in an unsafe manner.

Impact
==

Successful exploitation would require a victim to play a specially
crafted audio file using mpg321, potentially resulting in the execution
of arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All mpg321 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/mpg321-0.2.10-r2"

References
==

  [ 1 ] CVE-2003-0969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0969

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-34.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpVyNFSOnhfM.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-10 ] Gld: Remote execution of arbitrary code

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Gld: Remote execution of arbitrary code
  Date: April 13, 2005
  Bugs: #88904
ID: 200504-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Gld contains several serious vulnerabilities, potentially resulting in
the execution of arbitrary code as the root user.

Background
==

Gld is a standalone greylisting server for Postfix.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  mail-filter/gld   <= 1.4   >= 1.5

Description
===

dong-hun discovered several buffer overflows in server.c, as well as
several format string vulnerabilities in cnf.c.

Impact
==

An attacker could exploit this vulnerability to execute arbitrary code
with the permissions of the user running Gld, the default user being
root.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Gld users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/gld-1.5"

References
==

  [ 1 ] SecurityTracker ID 1013678
http://securitytracker.com/alerts/2005/Apr/1013678.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-10.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpC0NibcYiQ5.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: JunkBuster: Multiple vulnerabilities
  Date: April 13, 2005
  Bugs: #88537
ID: 200504-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


JunkBuster is vulnerable to a heap corruption vulnerability, and under
certain configurations may allow an attacker to modify settings.

Background
==

JunkBuster is a filtering HTTP proxy, designed to enhance privacy and
remove unwanted content.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  www-proxy/junkbuster < 2.0.2-r3   >= 2.0.2-r3

Description
===

James Ranson reported a vulnerability when JunkBuster is configured to
run in single-threaded mode, an attacker can modify the referrer
setting by getting a victim to request a specially crafted URL. Tavis
Ormandy of the Gentoo Linux Security Audit Team identified a heap
corruption issue in the filtering of URLs.

Impact
==

If JunkBuster has been configured to run in single-threaded mode, an
attacker can disable or modify the filtering of Referrer: HTTP headers,
potentially compromising the privacy of users. The heap corruption
vulnerability could crash or disrupt the operation of the proxy,
potentially executing arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All JunkBuster users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-proxy/junkbuster-2.0.2-r3"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-11.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgplHHbjnfGpE.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: OpenOffice.Org: DOC document Heap Overflow
  Date: April 15, 2005
  Bugs: #88863
ID: 200504-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


OpenOffice.Org is vulnerable to a heap overflow when processing DOC
documents, which could lead to arbitrary code execution.

Background
==

OpenOffice.org is an office productivity suite, including word
processing, spreadsheets, presentations, drawings, data charting,
formula editing, and file conversion facilities.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-office/openoffice< 1.1.4-r1   >= 1.1.4-r1
  2  app-office/openoffice-bin< 1.1.4-r1   >= 1.1.4-r1
  3  app-office/openoffice-ximian < 1.3.9-r1   >= 1.3.9-r1
  *>= 1.3.6-r1
  *>= 1.3.7-r1
---
 3 affected packages on all of their supported architectures.
---

Description
===

AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load()"
function when processing DOC documents.

Impact
==

An attacker could design a malicious DOC document containing a
specially crafted header which, when processed by OpenOffice.Org, would
result in the execution of arbitrary code with the rights of the user
running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All OpenOffice.Org users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-1.1.4-r1"

All OpenOffice.Org binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-1.1.4-r1"

All OpenOffice.Org Ximian users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose app-office/openoffice-ximian

Note to PPC users: There is no fixed OpenOffice.Org binary version for
the PPC architecture yet. Affected users are encouraged to switch to
the latest OpenOffice.Org source package.

Note to SPARC users: There is no stable OpenOffice.Org fixed version
for the SPARC architecture. Affected users should switch to the latest
OpenOffice.Org Ximian version.

References
==

  [ 1 ] OpenOffice.Org Issue 46388
http://www.openoffice.org/issues/show_bug.cgi?id=46388
  [ 2 ] CAN-2005-0941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-13.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpw6n4AMH6hx.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: monkeyd: Multiple vulnerabilities
  Date: April 15, 2005
  Bugs: #87916
ID: 200504-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Format string and Denial of Service vulnerabilities have been
discovered in the monkeyd HTTP server, potentially resulting in the
execution of arbitrary code.

Background
==

monkeyd is a fast, efficient, small and easy to configure web server
for Linux.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  www-servers/monkeyd   < 0.9.1>= 0.9.1

Description
===

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
double expansion error in monkeyd, resulting in a format string
vulnerability. Ciaran McCreesh of Gentoo Linux discovered a Denial of
Service vulnerability, a syntax error caused monkeyd to zero out
unallocated memory should a zero byte file be requested.

Impact
==

The format string vulnerability could allow an attacker to send a
specially crafted request to the monkeyd server, resulting in the
execution of arbitrary code with the permissions of the user running
monkeyd. The DoS vulnerability could allow an attacker to disrupt the
operation of the web server, should a zero byte file be accessible.

Workaround
==

There is no known workaround at this time.

Resolution
==

All monkeyd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/monkeyd-0.9.1"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-14.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpzJIsRN3GlW.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-16 ] CVS: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: CVS: Multiple vulnerabilities
  Date: April 18, 2005
  Bugs: #86476
ID: 200504-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Several serious vulnerabilities have been found in CVS, which may allow
an attacker to remotely compromise a CVS server or cause a DoS.

Background
==

CVS (Concurrent Versions System) is an open-source network-transparent
version control system. It contains both a client utility and a server.

Affected packages
=

---
 Package   /   Vulnerable   /   Unaffected
---
  1  dev-util/cvs < 1.11.18-r1   >= 1.11.18-r1

Description
===

Alen Zukich has discovered several serious security issues in CVS,
including at least one buffer overflow (CAN-2005-0753), memory leaks
and a NULL pointer dereferencing error.

Impact
==

An attacker could exploit these vulnerabilities to cause a Denial of
Service or execute arbitrary code with the permissions of the CVS
pserver or the authenticated user (depending on the connection method
used).

Workaround
==

There is no known workaround at this time.

Resolution
==

All CVS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.18-r1"

References
==

  [ 1 ] CAN-2005-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-16.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpaCz0PSM95k.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-17 ] XV: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: XV: Multiple vulnerabilities
  Date: April 19, 2005
  Bugs: #88742
ID: 200504-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities have been discovered in XV, potentially
resulting in the execution of arbitrary code.

Background
==

XV is an interactive image manipulation program for the X Window
System.

Affected packages
=

---
 Package   /   Vulnerable   /   Unaffected
---
  1  media-gfx/xv  < 3.10a-r11>= 3.10a-r11

Description
===

Greg Roelofs has reported multiple input validation errors in XV image
decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has
reported insufficient validation in the PDS (Planetary Data System)
image decoder, format string vulnerabilities in the TIFF and PDS
decoders, and insufficient protection from shell meta-characters in
malformed filenames.

Impact
==

Successful exploitation would require a victim to view a specially
created image file using XV, potentially resulting in the execution of
arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All XV users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-17.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpGSVdwhPhe8.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] UPDATE: [ GLSA 200504-16 ] CVS: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE]   GLSA 200504-16:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: CVS: Multiple vulnerabilities
  Date: April 18, 2005
   Updated: April 21, 2005
  Bugs: #86476
ID: 200504-16:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
==

The initial version did not fix several DoS vulnerabilities and one instance 
of arbitrary code execution. The arbitrary code execution was only possible 
under very specific circumstances.

The updated sections appear below.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  dev-util/cvs  < 1.11.20>= 1.11.20

Description
===

Alen Zukich has discovered several serious security issues in CVS,
including at least one buffer overflow (CAN-2005-0753), memory leaks
and a NULL pointer dereferencing error. Furthermore when launching
trigger scripts CVS includes a user controlled directory.

Resolution
==

All CVS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.20"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-16.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpm9cTFyru1J.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE]   GLSA 200410-10:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
 Title: gettext: Insecure temporary file handling
  Date: October 10, 2004
   Updated: April 21, 2005
  Bugs: #66355
ID: 200410-10:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
==

gettext version 0.14.1 reintroduced an old vulnerability by failing to 
apply the proper patch.

The updated sections appear below.

Affected packages
=

---
 Package/   Vulnerable   /  Unaffected
---
  1  sys-devel/gettext  < 0.14.1-r1   >= 0.14.1-r1
 *>= 0.12.1-r2

Resolution
==

All gettext users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.14.1-r1"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200410-10.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpzIRtambWzz.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [gentoo-announce] [ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: KDE kimgio: PCX handling buffer overflow
  Date: April 22, 2005
  Bugs: #88862
ID: 200504-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


KDE fails to properly validate input when handling PCX images,
potentially resulting in the execution of arbitrary code.

Background
==

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. kimgio is the KDE image handler provided
by kdelibs.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  kde-base/kdelibs < 3.3.2-r8  *>= 3.2.3-r9
   >= 3.3.2-r8

Description
===

kimgio fails to properly validate input when handling PCX files.

Impact
==

By enticing a user to load a specially-crafted PCX image in a KDE
application, an attacker could execute arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All kdelibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs

References
==

  [ 1 ] CAN-2005-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
  [ 2 ] KDE Security Advisory: kimgio input validation errors
http://www.kde.org/info/security/advisory-20050421-1.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-22.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpdKzBwnTwil.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [gentoo-announce] [ GLSA 200504-23 ] Kommander: Insecure remote script execution

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Kommander: Insecure remote script execution
  Date: April 22, 2005
  Bugs: #89092
ID: 200504-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Kommander executes remote scripts without confirmation, potentially
resulting in the execution of arbitrary code.

Background
==

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. Kommander is a visual dialog editor and
interpreter for KDE applications, part of the kdewebdev package.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  kde-base/kdewebdev < 3.3.2-r1 >= 3.3.2-r1

Description
===

Kommander executes data files from possibly untrusted locations without
user confirmation.

Impact
==

An attacker could exploit this to execute arbitrary code with the
permissions of the user running Kommander.

Workaround
==

There is no known workaround at this time.

Resolution
==

All kdewebdev users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r1"

References
==

  [ 1 ] CAN-2005-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0754
  [ 2 ] KDE Security Advisory: Kommander untrusted code execution
http://www.kde.org/info/security/advisory-20050420-1.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-23.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpVVgPmSuyKe.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Rootkit Hunter: Insecure temporary file creation
  Date: April 26, 2005
  Bugs: #90007
ID: 200504-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

Background
==

Rootkit Hunter is a scanning tool to detect rootkits, backdoors and
local exploits on a local machine. Rootkit Hunter uses downloaded data
files to check file integrity. These files are updated via the
check_update.sh script.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  app-forensics/rkhunter < 1.2.3-r1 >= 1.2.3-r1

Description
===

Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux
Security Team have reported that the check_update.sh script and the
main rkhunter script insecurely creates several temporary files with
predictable filenames.

Impact
==

A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
rkhunter or the check_update.sh script runs, this would result in the
file being overwritten with the rights of the user running the utility,
which could be the root user.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Rootkit Hunter users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.2.3-r1"

References
==

  [ 1 ] CAN-2005-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1270

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-25.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpNjB3KE4fxt.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-26 ] Convert-UUlib: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Convert-UUlib: Buffer overflow
  Date: April 26, 2005
  Bugs: #89501
ID: 200504-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow has been reported in Convert-UUlib, potentially
resulting in the execution of arbitrary code.

Background
==

Convert-UUlib provides a Perl interface to the uulib library, allowing
Perl applications to access data encoded in a variety of formats.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  dev-perl/Convert-UUlib   < 1.051 >= 1.051

Description
===

A vulnerability has been reported in Convert-UUlib where a malformed
parameter can be provided by an attacker allowing a read operation to
overflow a buffer. The vendor credits Mark Martinec and Robert Lewis
with the discovery.

Impact
==

Successful exploitation would permit an attacker to run arbitrary code
with the privileges of the user running the Perl application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Convert-UUlib users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/Convert-UUlib-1.051"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-26.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpvnU7Ajui7I.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-28 ] Heimdal: Buffer overflow vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Heimdal: Buffer overflow vulnerabilities
  Date: April 28, 2005
  Bugs: #89861
ID: 200504-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Buffer overflow vulnerabilities have been found in the telnet client in
Heimdal which could lead to execution of arbitrary code.

Background
==

Heimdal is a free implementation of Kerberos 5 that includes a telnet
client program.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  app-crypt/heimdal   < 0.6.4  >= 0.6.4

Description
===

Buffer overflow vulnerabilities in the slc_add_reply() and
env_opt_add() functions have been discovered by Gael Delalleau in the
telnet client in Heimdal.

Impact
==

Successful exploitation would require a vulnerable user to connect to
an attacker-controlled host using the telnet client, potentially
executing arbitrary code with the permissions of the user running the
application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Heimdal users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.4"

References
==

  [ 1 ] CAN-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
  [ 2 ] CAN-2005-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-28.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpO5k5jU1vLy.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200504-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: phpMyAdmin: Insecure SQL script installation
  Date: April 30, 2005
  Bugs: #88831
ID: 200504-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


phpMyAdmin leaves the SQL install script with insecure permissions,
potentially leading to a database compromise.

Background
==

phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL databases from a web-browser. phpMyAdmin uses a
pma MySQL user to control the linked-tables infrastructure. The SQL
install script sets the initial password for the pma user.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-db/phpmyadmin < 2.6.2-r1  >= 2.6.2-r1

Description
===

The phpMyAdmin installation process leaves the SQL install script with
insecure permissions.

Impact
==

A local attacker could exploit this vulnerability to obtain the initial
phpMyAdmin password and from there obtain information about databases
accessible by phpMyAdmin.

Workaround
==

Change the password for the phpMyAdmin MySQL user (pma):

mysql -u root -p
SET PASSWORD FOR 'pma'@'localhost' = PASSWORD('MyNewPassword');

Update your phpMyAdmin config.inc.php:

$cfg['Servers'][$i]['controlpass']   = 'MyNewPassword';

Resolution
==

All phpMyAdmin users should change password for the pma user as
described above and upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2-r1"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-30.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpSyeBDLUTXR.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Ethereal: Numerous vulnerabilities
  Date: May 06, 2005
  Bugs: #90539
ID: 200505-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Ethereal is vulnerable to numerous vulnerabilities potentially
resulting in the execution of arbitrary code or abnormal termination.

Background
==

Ethereal is a feature rich network protocol analyzer.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-analyzer/ethereal  < 0.10.11   >= 0.10.11

Description
===

There are numerous vulnerabilities in versions of Ethereal prior to
0.10.11, including:

* The ANSI A and DHCP dissectors are vulnerable to format string
  vulnerabilities.

* The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
  PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP
  and Presentation dissectors are vulnerable to buffer overflows.

* The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
  NETLOGON dissectors are vulnerable to pointer handling errors.

* The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
  L2TP dissectors are vulnerable to looping problems.

* The Telnet and DHCP dissectors could abort.

* The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
  segmentation fault.

* The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
  RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.

* The DICOM, NDPS and ICEP dissectors are vulnerable to memory
  handling errors.

* The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
  dissectors could terminate abnormallly.

Impact
==

An attacker might be able to use these vulnerabilities to crash
Ethereal and execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Ethereal users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.11"

References
==

  [ 1 ] Ethereal enpa-sa-00019
http://www.ethereal.com/appnotes/enpa-sa-00019.html
  [ 2 ] CAN-2005-1456
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
  [ 3 ] CAN-2005-1457
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
  [ 4 ] CAN-2005-1458
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
  [ 5 ] CAN-2005-1459
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
  [ 6 ] CAN-2005-1460
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
  [ 7 ] CAN-2005-1461
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
  [ 8 ] CAN-2005-1462
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
  [ 9 ] CAN-2005-1463
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
  [ 10 ] CAN-2005-1464
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
  [ 11 ] CAN-2005-1465
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
  [ 12 ] CAN-2005-1466
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466
  [ 13 ] CAN-2005-1467
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467
  [ 14 ] CAN-2005-1468
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468
  [ 15 ] CAN-2005-1469
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469
  [ 16 ] CAN-2005-1470
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-03.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgprlyaQkqyF9.pgp
Description: PGP signature
___

[Full-disclosure] [ GLSA 200505-05 ] gzip: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: gzip: Multiple vulnerabilities
  Date: May 09, 2005
  Bugs: #89946, #90626
ID: 200505-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


gzip contains multiple vulnerabilities potentially allowing an attacker
to execute arbitrary commands.

Background
==

gzip (GNU zip) is a popular compression program. The included zgrep
utility allows you to grep gzipped files in place.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  app-arch/gzip < 1.3.5-r6  >= 1.3.5-r6

Description
===

The gzip and gunzip programs are vulnerable to a race condition when
setting file permissions (CAN-2005-0988), as well as improper handling
of filename restoration (CAN-2005-1228). The zgrep utility improperly
sanitizes arguments, which may come from an untrusted source
(CAN-2005-0758).

Impact
==

These vulnerabilities could allow arbitrary command execution, changing
the permissions of arbitrary files, and installation of files to an
aribitrary location in the filesystem.

Workaround
==

There is no known workaround at this time.

Resolution
==

All gzip users should upgrade to the latest stable version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6"

References
==

  [ 1 ] CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
  [ 2 ] CAN-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
  [ 3 ] CAN-2005-1228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-05.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpoohoJb1kyG.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-07 ] libTIFF: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: libTIFF: Buffer overflow
  Date: May 10, 2005
  Bugs: #91584
ID: 200505-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


The libTIFF library is vulnerable to a buffer overflow, potentially
resulting in the execution of arbitrary code.

Background
==

libTIFF provides support for reading and manipulating TIFF (Tag Image
File Format) images.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  media-libs/tiff   < 3.7.2>= 3.7.2

Description
===

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
stack based buffer overflow in the libTIFF library when reading a TIFF
image with a malformed BitsPerSample tag.

Impact
==

Successful exploitation would require the victim to open a specially
crafted TIFF image, resulting in the execution of arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All libTIFF users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2"

References
==

  [ 1 ] LIBTIFF BUG#863
http://bugzilla.remotesensing.org/show_bug.cgi?id=843

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-07.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpPoG1zokiUy.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-08 ] HT Editor: Multiple buffer overflows

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: HT Editor: Multiple buffer overflows
  Date: May 10, 2005
  Bugs: #91569
ID: 200505-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Two vulnerabilities have been discovered in HT Editor, potentially
leading to the execution of arbitrary code.

Background
==

HT is a hex editor, designed to help analyse and modify executable
files.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-editors/hteditor < 0.8.0-r2   >= 0.8.0-r2

Description
===

Tavis Ormandy of the Gentoo Linux Security Team discovered an integer
overflow in the ELF parser, leading to a heap-based buffer overflow.
The vendor has reported that an unrelated buffer overflow has been
discovered in the PE parser.

Impact
==

Successful exploitation would require the victim to open a specially
crafted file using HT, potentially permitting an attacker to execute
arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All hteditor users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-08.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpxXOG6ZY2FM.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Gaim: Denial of Service and buffer overflow vulnerabilties
  Date: May 12, 2005
  Bugs: #91862
ID: 200505-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Gaim contains two vulnerabilities, potentially resulting in the
execution of arbitrary code or Denial of Service.

Background
==

Gaim is a full featured instant messaging client which handles a
variety of instant messaging protocols.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  net-im/gaim   < 1.3.0>= 1.3.0

Description
===

Stu Tomlinson discovered that Gaim is vulnerable to a remote stack
based buffer overflow when receiving messages in certain protocols,
like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe
Tolsma discovered that Gaim is also vulnerable to a remote Denial of
Service attack when receiving a specially crafted MSN message
(CAN-2005-1262).

Impact
==

A remote attacker could cause a buffer overflow by sending an instant
message with a very long URL, potentially leading to the execution of
malicious code. By sending a SLP message with an empty body, a remote
attacker could cause a Denial of Service or crash of the Gaim client.

Workaround
==

There are no known workarounds at this time.

Resolution
==

All Gaim users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0"

References
==

  [ 1 ] CAN-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
  [ 2 ] CAN-2005-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-09.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpqRmEbkV9ys.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-10 ] phpBB: Cross-Site Scripting Vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: phpBB: Cross-Site Scripting Vulnerability
  Date: May 14, 2005
  Bugs: #90213
ID: 200505-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


phpBB is vulnerable to a cross-site scripting attack that could allow
arbitrary scripting code execution.

Background
==

phpBB is an Open Source bulletin board package.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  www-apps/phpBB  < 2.0.15>= 2.0.15

Description
===

phpBB is vulnerable to a cross-site scripting vulnerability due to
improper sanitization of user supplied input. Coupled with poor
validation of BBCode URLs which may be included in a forum post, an
unsuspecting user may follow a posted link triggering the
vulnerability.

Impact
==

Successful exploitation of the vulnerability could cause arbitrary
scripting code to be executed in the browser of a user.

Workaround
==

There are no known workarounds at this time.

Resolution
==

All phpBB users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phpbb-2.0.15"

References
==

  [ 1 ] BugTraq ID 13344
http://www.securityfocus.com/bid/13344/info/
  [ 2 ] SecurityTracker ID 1013918
http://securitytracker.com/id?1013918

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-10.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpW6iAwV6LDR.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-11 ] Mozilla Suite, Mozilla Firefox: Remote compromise

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Mozilla Suite, Mozilla Firefox: Remote compromise
  Date: May 15, 2005
  Bugs: #91859, #92393, #92394
ID: 200505-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Several vulnerabilities in the Mozilla Suite and Firefox allow an
attacker to conduct cross-site scripting attacks or to execute
arbitrary code.

Background
==

The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader. Mozilla Firefox is the next-generation browser
from the Mozilla project.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  www-client/mozilla-firefox   < 1.0.4 >= 1.0.4
  2  www-client/mozilla-firefox-bin   < 1.0.4 >= 1.0.4
  3  www-client/mozilla   < 1.7.8 >= 1.7.8
  4  www-client/mozilla-bin   < 1.7.8 >= 1.7.8
---
 4 affected packages on all of their supported architectures.
---

Description
===

The Mozilla Suite and Firefox do not properly protect "IFRAME"
JavaScript URLs from being executed in context of another URL in the
history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail
to verify the "IconURL" parameter of the "InstallTrigger.install()"
function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered
that it is possible to bypass JavaScript-injection security checks by
wrapping the javascript: URL within the view-source: or jar:
pseudo-protocols (MFSA2005-43).

Impact
==

A malicious remote attacker could use the "IFRAME" issue to execute
arbitrary JavaScript code within the context of another website,
allowing to steal cookies or other sensitive data. By supplying a
javascript: URL as the "IconURL" parameter of the
"InstallTrigger.Install()" function, a remote attacker could also
execute arbitrary JavaScript code. Combining both vulnerabilities with
a website which is allowed to install software or wrapping javascript:
URLs within the view-source: or jar: pseudo-protocols could possibly
lead to the execution of arbitrary code with user privileges.

Workaround
==

Affected systems can be protected by disabling JavaScript. However, we
encourage Mozilla Suite or Mozilla Firefox users to upgrade to the
latest available version.

Resolution
==

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.4"

All Mozilla Firefox binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose 
">=www-client/mozilla-firefox-bin-1.0.4"

All Mozilla Suite users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.8"

All Mozilla Suite binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.8"

References
==

  [ 1 ] CAN-2005-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1476
  [ 2 ] CAN-2005-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1477
  [ 3 ] Mozilla Foundation Security Advisory 2005-43
http://www.mozilla.org/security/announce/mfsa2005-43.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-11.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpXlIX5DNhpT.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-12 ] PostgreSQL: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: PostgreSQL: Multiple vulnerabilities
  Date: May 15, 2005
  Bugs: #91231
ID: 200505-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


PostgreSQL is vulnerable to Denial of Service attacks and possibly
allows unprivileged users to gain administrator rights.

Background
==

PostgreSQL is a SQL compliant, open source object-relational database
management system.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-db/postgresql < 8.0.2-r1 *>= 7.4.7-r2
  *>= 8.0.1-r3
   >= 8.0.2-r1

Description
===

PostgreSQL gives public EXECUTE access to a number of character
conversion routines, but doesn't validate the given arguments
(CAN-2005-1409). It has also been reported that the contrib/tsearch2
module of PostgreSQL misdeclares the return value of some functions as
"internal" (CAN-2005-1410).

Impact
==

An attacker could call the character conversion routines with specially
setup arguments to crash the backend process of PostgreSQL or to
potentially gain administrator rights. A malicious user could also call
the misdeclared functions of the contrib/tsearch2 module, resulting in
a Denial of Service or other, yet uninvestigated, impacts.

Workaround
==

There is no known workaround at this time.

Resolution
==

All PostgreSQL users should update to the latest available version and
follow the guide at http://www.postgresql.org/about/news.315

# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql

References
==

  [ 1 ] CAN-2005-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1409
  [ 2 ] CAN-2005-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1410
  [ 3 ] PostgreSQL Announcement
http://www.postgresql.org/about/news.315

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-12.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpFhDJ1ZPRME.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-13 ] FreeRADIUS: Buffer overflow and SQL injection vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: FreeRADIUS: Buffer overflow and SQL injection vulnerability
  Date: May 17, 2005
  Bugs: #91736
ID: 200505-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


The FreeRADIUS server is vulnerable to a buffer overflow and an SQL
injection attack, possibly allowing the compromise of the system.

Background
==

FreeRADIUS is an open source RADIUS authentication server
implementation.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-dialup/freeradius < 1.0.2-r3  >= 1.0.2-r3

Description
===

Primoz Bratanic discovered that the sql_escape_func function of
FreeRADIUS may be vulnerable to a buffer overflow (BID 13541). He also
discovered that FreeRADIUS fails to sanitize user-input before using it
in a SQL query, possibly allowing SQL command injection (BID 13540).

Impact
==

By supplying carefully crafted input, a malicious user could cause a
buffer overflow or an SQL injection, possibly leading to the execution
of arbitrary code or disclosure and the modification of sensitive data.

Workaround
==

There are no known workarounds at this time.

Resolution
==

All FreeRADIUS users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.0.2-r3"

References
==

  [ 1 ] BugTraq ID 13540
http://www.securityfocus.com/bid/13540/
  [ 2 ] BugTraq ID 13541
http://www.securityfocus.com/bid/13541/

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-13.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpuvjVuwTEw5.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-14 ] Cheetah: Untrusted module search path

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Cheetah: Untrusted module search path
  Date: May 19, 2005
  Bugs: #92926
ID: 200505-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Cheetah contains a vulnerability in the module importing code that can
allow a local user to gain escalated privileges.

Background
==

Cheetah is a Python powered template engine and code generator.

Affected packages
=

---
 Package /   Vulnerable   / Unaffected
---
  1  dev-python/cheetah < 0.9.17-rc1 >= 0.9.17-rc1

Description
===

Brian Bird discovered that Cheetah searches for modules in the
world-writable /tmp directory.

Impact
==

A malicious local user could place a module containing arbitrary code
in /tmp, which when imported would run with escalated privileges.

Workaround
==

There are no known workarounds at this time.

Resolution
==

All Cheetah users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/cheetah-0.9.17-rc1"

References
==

  [ 1 ] Secunia Advisory SA15386
http://secunia.com/advisories/15386/

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-14.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgppspl3Eumtd.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE]   GLSA 200504-23:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Kommander: Insecure remote script execution
  Date: April 22, 2005
   Updated: May 20, 2005
  Bugs: #89092
ID: 200504-23:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
==

The fixed ebuild proposed in the original version of this Security
Advisory did not address all the vulnerabilities.

The updated sections appear below.

Resolution
==

All kdewebdev users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-23.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp6tawghCdOT.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200505-13:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: FreeRADIUS: SQL injection and Denial of Service
vulnerability
  Date: May 17, 2005
   Updated: May 20, 2005
  Bugs: #91736
ID: 200505-13:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Errata
==

This advisory incorrectly described FreeRADIUS versions as being
vulnerable to a remote compromise. After further verifications, it
appears to only result in potential Denial of Service. The SQL injection
issue is not affected by this. Many thanks to Nicolas Baradakis for
bringing this to our attention.

The corrected sections appear below.

Synopsis


The FreeRADIUS server is vulnerable to an SQL injection attack and a
buffer overflow, possibly resulting in disclosure and modification of
data and Denial of Service.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-dialup/freeradius < 1.0.2-r4  >= 1.0.2-r4

Description
===

Primoz Bratanic discovered that the sql_escape_func function of
FreeRADIUS may be vulnerable to a buffer overflow (BID 13541). He also
discovered that FreeRADIUS fails to sanitize user-input before using it
in a SQL query, possibly allowing SQL command injection (BID 13540).

Impact
==

By supplying carefully crafted input, a malicious user could cause an
SQL injection or a buffer overflow, possibly leading to the disclosure
and the modification of sensitive data or Denial of Service by crashing
the server.

Resolution
==

All FreeRADIUS users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.0.2-r4"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-13.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpEWhf2RFbk9.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-15 ] gdb: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: gdb: Multiple vulnerabilities
  Date: May 20, 2005
  Bugs: #88398, #91398, #91654
ID: 200505-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities have been discovered in the GNU debugger,
potentially allowing the execution of arbitrary code.

Background
==

gdb is the GNU project's debugger, facilitating the analysis and
debugging of applications. The BFD library provides a uniform method of
accessing a variety of object file formats.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  sys-devel/gdb  < 6.3-r3 >= 6.3-r3

Description
===

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an
integer overflow in the BFD library, resulting in a heap overflow. A
review also showed that by default, gdb insecurely sources
initialisation files from the working directory.

Impact
==

Successful exploitation would result in the execution of arbitrary code
on loading a specially crafted object file or the execution of
arbitrary commands.

Workaround
==

There is no known workaround at this time.

Resolution
==

All gdb users should upgrade to the latest stable version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/gdb-6.3-r3"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-15.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpZ3Cb9TCtpC.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Qpopper: Multiple Vulnerabilities
  Date: May 23, 2005
  Bugs: #90622
ID: 200505-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Qpopper contains two vulnerabilities allowing an attacker to overwrite
arbitrary files and create files with insecure permissions.

Background
==

Qpopper is a widely used server for the POP3 protocol.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  net-mail/qpopper < 4.0.5-r3   >= 4.0.5-r3

Description
===

Jens Steube discovered that Qpopper doesn't drop privileges to process
local files from normal users (CAN-2005-1151). The upstream developers
discovered that Qpopper can be forced to create group or world
writeable files (CAN-2005-1152).

Impact
==

A malicious local attacker could exploit Qpopper to overwrite arbitrary
files as root or create new files which are group or world writeable.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Qpopper users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/qpopper-4.0.5-r3"

References
==

  [ 1 ] CAN-2005-1151
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1151
  [ 2 ] CAN-2005-1152
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1152

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-17.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpIm7ligyiCs.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200505-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Net-SNMP: fixproc insecure temporary file creation
  Date: May 23, 2005
  Bugs: #91792
ID: 200505-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Net-SNMP creates temporary files in an insecure manner, possibly
allowing the execution of arbitrary code.

Background
==

Net-SNMP is a suite of applications used to implement the Simple
Network Management Protocol.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-analyzer/net-snmp < 5.2.1-r1  >= 5.2.1-r1

Description
===

The fixproc application of Net-SNMP creates temporary files with
predictable filenames.

Impact
==

A malicious local attacker could exploit a race condition to change the
content of the temporary files before they are executed by fixproc,
possibly leading to the execution of arbitrary code. A local attacker
could also create symbolic links in the temporary files directory,
pointing to a valid file somewhere on the filesystem. When fixproc is
executed, this would result in the file being overwritten.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Net-SNMP users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1-r1"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-18.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpEsQHDGTQyS.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200506-01 ] Binutils, elfutils: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200506-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Binutils, elfutils: Buffer overflow
  Date: June 01, 2005
  Bugs: #91398, #91817
ID: 200506-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Various utilities from the GNU Binutils and elfutils packages are
vulnerable to a heap based buffer overflow, potentially resulting in
the execution of arbitrary code.

Background
==

The GNU Binutils are a collection of tools to create, modify and
analyse binary files. Many of the files use BFD, the Binary File
Descriptor library, to do low-level manipulation. Elfutils provides a
library and utilities to access, modify and analyse ELF objects.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  dev-libs/elfutils< 0.108 >= 0.108
  2  sys-devel/binutils  < 2.16-r1  *>= 2.14.90.0.8-r3
  *>= 2.15.90.0.1.1-r5
*>= 2.15.90.0.3-r5
*>= 2.15.91.0.2-r2
   *>= 2.15.92.0.2-r10
>= 2.16-r1
---
 2 affected packages on all of their supported architectures.
---

Description
===

Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team
discovered an integer overflow in the BFD library and elfutils,
resulting in a heap based buffer overflow.

Impact
==

Successful exploitation would require a user to access a specially
crafted binary file, resulting in the execution of arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All GNU Binutils users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose sys-devel/binutils

All elfutils users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.108"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-01.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpTNDf7mQdiY.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200506-04 ] Wordpress: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200506-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Wordpress: Multiple vulnerabilities
  Date: June 06, 2005
  Bugs: #88926, #94512
ID: 200506-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Wordpress contains SQL injection and XSS vulnerabilities.

Background
==

WordPress is a PHP and MySQL based content management and publishing
system.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  www-apps/wordpress  < 1.5.1.2  >= 1.5.1.2

Description
===

Due to a lack of input validation, WordPress is vulnerable to SQL
injection and XSS attacks.

Impact
==

An attacker could use the SQL injection vulnerabilites to gain
information from the database. Furthermore the cross-site scripting
issues give an attacker the ability to inject and execute malicious
script code or to steal cookie-based authentication credentials,
potentially compromising the victim's browser.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Wordpress users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.2"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-04.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpPMFrxaCvrw.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200506-05 ] SilverCity: Insecure file permissions

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200506-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: SilverCity: Insecure file permissions
  Date: June 08, 2005
  Bugs: #93558
ID: 200506-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Executable files with insecure permissions can be modified causing an
unsuspecting user to run arbitrary code.

Background
==

SilverCity provides lexical analysis for over 20 programming and markup
languages.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  app-text/silvercity < 0.9.5-r1>= 0.9.5-r1

Description
===

The SilverCity package installs three executable files with insecure
permissions.

Impact
==

A local attacker could modify the executable files, causing arbitrary
code to be executed with the permissions of an unsuspecting SilverCity
user.

Workaround
==

There are no known workarounds at this time.

Resolution
==

All SilverCity users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/silvercity-0.9.5-r1"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-05.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpVRNNIakB9u.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200506-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
 Title: MediaWiki: Cross-site scripting vulnerability
  Date: June 13, 2005
  Bugs: #95255
ID: 200506-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


MediaWiki is vulnerable to a cross-site scripting attack that could
allow arbitrary scripting code execution.

Background
==

MediaWiki is a collaborative editing software, used by big projects
like Wikipedia.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  www-apps/mediawiki   < 1.4.5 >= 1.4.5
*>= 1.3.13

Description
===

MediaWiki incorrectly handles page template inclusions, rendering it
vulnerable to cross-site scripting attacks.

Impact
==

A remote attacker could exploit this vulnerability to inject malicious
script code that will be executed in a user's browser session in the
context of the vulnerable site.

Workaround
==

There is no known workaround at this time.

Resolution
==

All MediaWiki users should upgrade to the latest available versions:

# emerge --sync
# emerge --ask --oneshot --verbose www-apps/mediawiki

References
==

  [ 1 ] MediaWiki 1.4.5 Release Notes
http://sourceforge.net/project/shownotes.php?release_id=332231

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-12.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpwwxnC2bKup.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200506-13 ] webapp-config: Insecure temporary file handling

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200506-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: webapp-config: Insecure temporary file handling
  Date: June 17, 2005
  Bugs: #91785, #88831
ID: 200506-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


The webapp-config utility insecurely creates temporary files in a world
writable directory, potentially allowing the execution of arbitrary
commands.

Background
==

webapp-config is a Gentoo Linux utility to help manage the installation
of web-based applications.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-www/webapp-config   < 1.11>= 1.11

Description
===

Eric Romang discovered webapp-config uses a predictable temporary
filename while processing certain options, resulting in a race
condition.

Impact
==

Successful exploitation of the race condition would allow an attacker
to disrupt the operation of webapp-config, or execute arbitrary shell
commands with the privileges of the user running webapp-config. A local
attacker could use a symlink attack to create or overwrite files with
the permissions of the user running webapp-config.

Workaround
==

There is no known workaround at this time.

Resolution
==

All webapp-config users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/webapp-config-1.11"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-13.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpiz3y5OuzzU.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200506-14 ] Sun and Blackdown Java: Applet privilege escalation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200506-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Sun and Blackdown Java: Applet privilege escalation
  Date: June 19, 2005
  Bugs: #96092, #96229
ID: 200506-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate
their privileges.

Background
==

Sun and Blackdown both provide implementations of the Java Development
Kit (JDK) and Java Runtime Environment (JRE).

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  dev-java/sun-jdk   < 1.4.2.08 >= 1.4.2.08
  2  dev-java/sun-jre-bin   < 1.4.2.08 >= 1.4.2.08
  3  dev-java/blackdown-jdk < 1.4.2.02 >= 1.4.2.02
  4  dev-java/blackdown-jre < 1.4.2.02 >= 1.4.2.02
---
 4 affected packages on all of their supported architectures.
---

Description
===

Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to
elevate privileges.

Impact
==

A remote attacker could embed a malicious Java applet in a web page and
entice a victim to view it. This applet can then bypass security
restrictions and execute any command or access any file with the rights
of the user running the web browser.

Workaround
==

There are no known workarounds at this time.

Resolution
==

All Sun JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.08"

All Sun JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.08"

All Blackdown JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.02"

All Blackdown JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.02"

Note to SPARC users: There is no stable secure Blackdown Java for the
SPARC architecture. Affected users should remove the package until a
SPARC package is released.

References
==

  [ 1 ] Sun Security Alert ID 101749
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
  [ 2 ] Blackdown Java Security Advisory

http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2005-02.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-14.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpVAXx167zOK.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: KDE kjs: URI heap overflow vulnerability
  Date: January 22, 2006
  Bugs: #118550
ID: 200601-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


KDE fails to properly validate URIs when handling javascript,
potentially resulting in the execution of arbitrary code.

Background
==

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. kjs is the javascript interpreter used in
Konqueror and other parts of KDE.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  kde-base/kdelibs < 3.4.3-r1   >= 3.4.3-r1

Description
===

Maksim Orlovich discovered an incorrect bounds check in kjs when
handling URIs.

Impact
==

By enticing a user to load a specially crafted webpage containing
malicious javascript, an attacker could execute arbitrary code with the
rights of the user running kjs.

Workaround
==

There is no known workaround at this time.

Resolution
==

All kdelibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs-3.4.3-r1

References
==

  [ 1 ] CVE-2006-0019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019
  [ 2 ] KDE Security Advisory: kjs encodeuri/decodeuri heap overflow 
vulnerability
http://www.kde.org/info/security/advisory-20060119-1.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-11.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpDJ0jRMf9Hv.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-14 ] LibAST: Privilege escalation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: LibAST: Privilege escalation
  Date: January 29, 2006
  Bugs: #120106
ID: 200601-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow in LibAST may result in execution of arbitrary code
with escalated privileges.

Background
==

LibAST is a utility library that was originally intended to accompany
Eterm, but may be used by various other applications.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  x11-libs/libast< 0.7   >= 0.7

Description
===

Michael Jennings discovered an exploitable buffer overflow in the
configuration engine of LibAST.

Impact
==

The vulnerability can be exploited to gain escalated privileges if the
application using LibAST is setuid/setgid and passes a specifically
crafted filename to LibAST's configuration engine.

Workaround
==

Identify all applications linking against LibAST and verify they are
not setuid/setgid.

Resolution
==

All users should upgrade to the latest version and run revdep-rebuild:

# emerge --sync
# emerge --ask --oneshot --verbose >=x11-libs/libast-0.7
# revdep-rebuild

References
==

  [ 1 ] CVE-2006-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0224

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-14.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp8q5d6iEHp5.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Paros: Default administrator password
  Date: January 29, 2006
  Bugs: #120352
ID: 200601-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Paros's database component is installed without a password, allowing
execution of arbitrary system commands.

Background
==

Paros is an intercepting proxy between a web server and a client meant
to be used for security assessments. It allows the user to watch and
modify the HTTP(S) traffic.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  net-proxy/paros  <= 3.2.5 > 3.2.5

Description
===

Andrew Christensen discovered that in older versions of Paros the
database component HSQLDB is installed with an empty password for the
database administrator "sa".

Impact
==

Since the database listens globally by default, an attacker can connect
and issue arbitrary commands, including execution of binaries installed
on the host.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Paros users should upgrade to the latest version:

# emerge --snyc
# emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8"

References
==

  [ 1 ] CVE-2005-3280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3280

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-15.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpE5yhi8Bl61.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-16 ] MyDNS: Denial of Service

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: MyDNS: Denial of Service
  Date: January 30, 2006
  Bugs: #119548
ID: 200601-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


MyDNS contains a vulnerability that may lead to a Denial of Service
attack.

Background
==

MyDNS is a DNS server using a MySQL database as a backend. It is
designed to allow for fast updates and small resource usage.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-dns/mydns   < 1.1.0  >= 1.1.0

Description
===

MyDNS contains an unspecified flaw that may allow a remote Denial of
Service.

Impact
==

An attacker could cause a Denial of Service by sending malformed DNS
queries to the MyDNS server.

Workaround
==

There is no known workaround at this time.

Resolution
==

All MyDNS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/mydns-1.1.0"

References
==

  [ 1 ] CVE-2006-0351
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0351

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-16.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp9znMxBZQSa.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200601-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap
overflows
  Date: January 30, 2006
  Bugs: #117481, #117494, #117495, #115789, #118665
ID: 200601-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to
integer overflows that may be exploited to execute arbitrary code.

Background
==

Xpdf is a PDF file viewer that runs under the X Window System. Poppler
is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a
PDF file viewer for the GNOME 2 platform, also based on Xpdf.
libextractor is a library which includes Xpdf code to extract arbitrary
meta-data from files. pdftohtml is a utility to convert PDF files to
HTML or XML formats that makes use of Xpdf code to decode PDF files.

Affected packages
=

---
 Package  /   Vulnerable   /Unaffected
---
  1  app-text/xpdf < 3.01-r5>= 3.01-r5
  2  app-text/poppler < 0.4.3-r4   >= 0.4.3-r4
  3  app-text/gpdf< 2.10.0-r3 >= 2.10.0-r3
  4  media-libs/libextractor< 0.5.9   >= 0.5.9
  5  app-text/pdftohtml< 0.36-r4   Vulnerable!
---
 NOTE: Certain packages are still vulnerable. Users should migrate
   to another package if one is available or wait for the
   existing packages to be marked stable by their
   architecture maintainers.
---
 5 affected packages on all of their supported architectures.
---

Description
===

Chris Evans has reported some integer overflows in Xpdf when attempting
to calculate buffer sizes for memory allocation, leading to a heap
overflow and a potential infinite loop when handling malformed input
files.

Impact
==

By sending a specially crafted PDF file to a victim, an attacker could
cause an overflow, potentially resulting in the execution of arbitrary
code with the privileges of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Xpdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5"

All Poppler users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4"

All GPdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3"

All libextractor users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9"

All pdftohtml users should migrate to the latest stable version of
Poppler.

References
==

  [ 1 ] CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
  [ 2 ] CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
  [ 3 ] CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
  [ 4 ] CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-17.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpmMgJkTEZiQ.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200602-02 ] ADOdb: PostgresSQL command injection

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200602-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: ADOdb: PostgresSQL command injection
  Date: February 06, 2006
  Bugs: #120215
ID: 200602-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


ADOdb is vulnerable to SQL injections if used in conjunction with a
PostgreSQL database.

Background
==

ADOdb is an abstraction library for PHP creating a common API for a
wide range of database backends.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-php/adodb   < 4.71>= 4.71

Description
===

Andy Staudacher discovered that ADOdb does not properly sanitize all
parameters.

Impact
==

By sending specifically crafted requests to an application that uses
ADOdb and a PostgreSQL backend, an attacker might exploit the flaw to
execute arbitrary SQL queries on the host.

Workaround
==

There is no known workaround at this time.

Resolution
==

All ADOdb users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71"

References
==

  [ 1 ] CVE-2006-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0410

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200602-02.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpsfPQFna2bz.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200602-03 ] Apache: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200602-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Apache: Multiple vulnerabilities
  Date: February 06, 2006
  Bugs: #115324, #118875
ID: 200602-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Apache can be exploited for cross-site scripting attacks and is
vulnerable to a Denial of Service attack.

Background
==

The Apache HTTP server is one of the most popular web servers on the
Internet. mod_imap provides support for server-side image maps; mod_ssl
provides secure HTTP connections.

Affected packages
=

---
 Package /   Vulnerable   / Unaffected
---
  1  net-www/apache  < 2.0.55-r1  >= 2.0.55-r1
*>= 2.0.54-r16
  == 1.3.34-r2
*>= 1.3.34-r11

Description
===

Apache's mod_imap fails to properly sanitize the "Referer" directive of
imagemaps in some cases, leaving the HTTP Referer header unescaped. A
flaw in mod_ssl can lead to a NULL pointer dereference if the site uses
a custom "Error 400" document. These vulnerabilities were reported by
Marc Cox and Hartmut Keil, respectively.

Impact
==

A remote attacker could exploit mod_imap to inject arbitrary HTML or
JavaScript into a user's browser to gather sensitive information.
Attackers could also cause a Denial of Service on hosts using the SSL
module (Apache 2.0.x only).

Workaround
==

There is no known workaround at this time.

Resolution
==

All Apache users should upgrade to the latest version, depending on
whether they still use the old configuration style
(/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).

2.0.x users, new style config:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/apache-2.0.55-r1"

2.0.x users, old style config:

# emerge --sync
# emerge --ask --oneshot --verbose "=net-www/apache-2.0.54-r16"

1.x users, new style config:

# emerge --sync
# emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r11"

1.x users, old style config:

# emerge --sync
# emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r2"

References
==

  [ 1 ] CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
  [ 2 ] CVE-2005-3357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200602-03.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpx5idhRGPzY.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory + -Thu Mar 16 14:08:20 EST 2006- + Directory Transversal in Microsoft Windows XP

[Sune Kloppenborg Jeppesen]

Advisory + -Thu Mar 16 14:08:20 EST 2006- + Directory Transversal in Microsoft 
Windows XP




=
[+] Background
=
This issue has no identified background information on the vulnerability in 
question.
=
[+] Workaround
=
This issue had no workarounds for this vulnerability in question.
=
[+] CVE Information
=
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-545572 to this issue

=
Appendix A Vendor Information
=
http://www.microsoft.com

=
Appendix B References
=
RFC 9942

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-17 ] PeerCast: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: PeerCast: Buffer overflow
  Date: March 21, 2006
  Bugs: #123432
ID: 200603-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


PeerCast is vulnerable to a buffer overflow that may lead to the
execution of arbitrary code.

Background
==

PeerCast is a Peer to Peer broadcasting technology for listening to
radio and watching video on the Internet.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  media-sound/peercast  < 0.1217  >= 0.1217

Description
===

INFIGO discovered a problem in the URL handling code. Buffers that are
allocated on the stack can be overflowed inside of nextCGIarg()
function.

Impact
==

By sending a specially crafted request to the HTTP server, a remote
attacker can cause a stack overflow, resulting in the execution of
arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All PeerCast users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1217"

References
==

  [ 1 ] CVE-2006-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1148

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-17.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpXXKHm7j45j.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-18 ] Pngcrush: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Pngcrush: Buffer overflow
  Date: March 21, 2006
  Bugs: #123286
ID: 200603-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Pngcrush is vulnerable to a buffer overflow which could potentially
lead to the execution of arbitrary code.

Background
==

Pngcrush is an optimizer for PNG files.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  media-gfx/pngcrush   < 1.6.2 >= 1.6.2

Description
===

Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a
vulnerable version of zlib (GLSA 200507-19).

Impact
==

By creating a specially crafted data stream, attackers can overwrite
data structures for applications that use Pngcrush, resulting in a
Denial of Service and potentially arbitrary code execution.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Pngcrush users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/pngcrush-1.6.2"

References
==

  [ 1 ] GLSA 200507-19
http://www.gentoo.org/security/en/glsa/glsa-200507-19.xml
  [ 2 ] CVE-2005-1849
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-18.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpq42mfLBMKQ.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Macromedia Flash Player: Arbitrary code execution
  Date: March 21, 2006
  Bugs: #102777
ID: 200603-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities have been identified that allows arbitrary
code execution on a user's system via the handling of malicious SWF
files.

Background
==

The Macromedia Flash Player is a renderer for the popular SWF filetype
which is commonly used to provide interactive websites, digital
experiences and mobile content.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  net-www/netscape-flash  < 7.0.63>= 7.0.63

Description
===

The Macromedia Flash Player contains multiple unspecified
vulnerabilities.

Impact
==

An attacker serving a maliciously crafted SWF file could entice a user
to view the SWF file and execute arbitrary code on the user's machine.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Macromedia Flash Player users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/netscape-flash-7.0.63"

References
==

  [ 1 ] CVE-2006-0024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024
  [ 2 ] Macromedia Announcement
http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-20.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgphrVLVZ6sK4.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-21 ] Sendmail: Race condition in the handling of asynchronous signals

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Sendmail: Race condition in the handling of asynchronous
signals
  Date: March 22, 2006
  Bugs: #125623
ID: 200603-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Sendmail is vulnerable to a race condition which could lead to the
execution of arbitrary code with sendmail privileges.

Background
==

Sendmail is a popular mail transfer agent (MTA).

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  mail-mta/sendmail  < 8.13.6 >= 8.13.6

Description
===

ISS discovered that Sendmail is vulnerable to a race condition in the
handling of asynchronous signals.

Impact
==

An attacker could exploit this via certain crafted timing conditions.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Sendmail users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6"

References
==

  [ 1 ] CVE-2006-0058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
  [ 2 ] Sendmail Inc. advisory
http://www.sendmail.com/company/advisory/index.shtml

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-21.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpf20BzpCF5V.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: PHP: Format string and XSS vulnerabilities
  Date: March 22, 2006
  Bugs: #125878
ID: 200603-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities in PHP allow remote attackers to inject
arbitrary HTTP headers, perform cross site scripting or in some cases
execute arbitrary code.

Background
==

PHP is a general-purpose scripting language widely used to develop
web-based applications. It can run on a web server with the mod_php
module or the CGI version and also stand-alone in a CLI.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  dev-lang/php   < 4.4.2   >= 5.1.2
 dev-lang/php  *>= 5.1.1  >= 5.1.2
 dev-lang/php  *>= 5.0.5  >= 5.1.2
 dev-lang/php  *>= 5.0.4  >= 5.1.2

Description
===

Stefan Esser of the Hardened PHP project has reported a few
vulnerabilities found in PHP:

* Input passed to the session ID in the session extension isn't
  properly sanitised before being returned to the user via a
  "Set-Cookie" HTTP header, which can contain arbitrary injected data.

* A format string error while processing error messages using the
  mysqli extension in version 5.1 and above.

Impact
==

By sending a specially crafted request, a remote attacker can exploit
this vulnerability to inject arbitrary HTTP headers, which will be
included in the response sent to the user. The format string
vulnerability may be exploited to execute arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All PHP 5.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.2"

All PHP 4.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.2"

References
==

  [ 1 ] CVE-2006-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
  [ 2 ] CVE-2006-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
  [ 3 ] Hardened-PHP Advisory 01/2006
http://www.hardened-php.net/advisory_022006.112.html
  [ 4 ] Hardened-PHP Advisory 02/2006
http://www.hardened-php.net/advisory_012006.113.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-22.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpocQoXYMAVF.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
  Date: March 23, 2006
  Bugs: #125902, #122376, #127167, #127319
ID: 200603-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege
escalation vulnerabilities that could potentially allow the execution
of arbitrary code as other users.

Background
==

NetHack is the classic single player dungeon exploration game. Slash'EM
and Falcon's Eye are NetHack variants.

Affected packages
=

---
 Package /   Vulnerable   / Unaffected
---
  1  games-roguelike/nethack <= 3.4.3-r1   Vulnerable!
  2  games-roguelike/falconseye   <= 1.9.4aVulnerable!
  3  games-roguelike/slashem <= 0.0.760Vulnerable!
---
 NOTE: Certain packages are still vulnerable. Users should migrate
   to another package if one is available or wait for the
   existing packages to be marked stable by their
   architecture maintainers.
---
 3 affected packages on all of their supported architectures.
---

Description
===

NetHack, Slash'EM and Falcon's Eye have been found to be incompatible
with the system used for managing games on Gentoo Linux. As a result,
they cannot be played securely on systems with multiple users.

Impact
==

A local user who is a member of group "games" may be able to modify the
state data used by NetHack, Slash'EM or Falcon's Eye to trigger the
execution of arbitrary code with the privileges of other players.
Additionally, the games may create save game files in a manner not
suitable for use on Gentoo Linux, potentially allowing a local user to
create or overwrite files with the permissions of other players.

Workaround
==

Do not add untrusted users to the "games" group.

Resolution
==

NetHack has been masked in Portage pending the resolution of these
issues. Vulnerable NetHack users are advised to uninstall the package
until further notice.

# emerge --ask --verbose --unmerge "games-roguelike/nethack"

Slash'EM has been masked in Portage pending the resolution of these
issues. Vulnerable Slash'EM users are advised to uninstall the package
until further notice.

# emerge --ask --verbose --unmerge "games-roguelike/slashem"

Falcon's Eye has been masked in Portage pending the resolution of these
issues. Vulnerable Falcon's Eye users are advised to uninstall the
package until further notice.

# emerge --ask --verbose --unmerge "games-roguelike/falconseye"

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-23.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpCVtIu7NKTz.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-04 ] Kaffeine: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Kaffeine: Buffer overflow
  Date: April 05, 2006
  Bugs: #127326
ID: 200604-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Kaffeine is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.

Background
==

Kaffeine is a graphical front-end for the xine-lib multimedia library.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  media-video/kaffeine < 0.7.1-r2   >= 0.7.1-r2

Description
===

Kaffeine uses an unchecked buffer when fetching remote RAM playlists
via HTTP.

Impact
==

A remote attacker could entice a user to play a specially-crafted RAM
playlist resulting in the execution of arbitrary code with the
permissions of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Kaffeine users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.7.1-r2"

References
==

  [ 1 ] CVE-2006-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0051
  [ 2 ] KDE Security Advisory: Kaffeine buffer overflow
http://www.kde.org/info/security/advisory-20060404-1.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-04.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpGaV8u0gRSs.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-06 ] ClamAV: Multiple vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: ClamAV: Multiple vulnerabilities
  Date: April 07, 2006
  Bugs: #128963
ID: 200604-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


ClamAV contains multiple vulnerabilities that could lead to remote
execution of arbitrary code or cause an application crash.

Background
==

ClamAV is a GPL virus scanner.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-antivirus/clamav  < 0.88.1  >= 0.88.1

Description
===

ClamAV contains format string vulnerabilities in the logging code
(CVE-2006-1615). Furthermore Damian Put discovered an integer overflow
in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered
that ClamAV can be tricked into performing an invalid memory access
(CVE-2006-1630).

Impact
==

By sending a malicious attachment to a mail server running ClamAV, a
remote attacker could cause a Denial of Service or the execution of
arbitrary code. Note that the overflow in the PE header parser is only
exploitable when the ArchiveMaxFileSize option is disabled.

Workaround
==

There is no known workaround at this time.

Resolution
==

All ClamAV users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.1"

References
==

  [ 1 ] CVE-2006-1614
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614
  [ 2 ] CVE-2006-1615
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615
  [ 3 ] CVE-2006-1630
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-06.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgprlILkpoW00.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-09 ] Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
  Date: April 21, 2006
  Bugs: #129523
ID: 200604-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that
could lead to a Denial of Service.

Background
==

Cyrus-SASL is an implementation of the Simple Authentication and
Security Layer.

Affected packages
=

---
 Package  /   Vulnerable   /Unaffected
---
  1  dev-libs/cyrus-sasl  < 2.1.21-r2 >= 2.1.21-r2

Description
===

Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
process that could lead to a Denial of Service.

Impact
==

An attacker could possibly exploit this vulnerability by sending
specially crafted data stream to the Cyrus-SASL server, resulting in a
Denial of Service even if the attacker is not able to authenticate.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Cyrus-SASL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.21-r2"

References
==

  [ 1 ] CVE-2006-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-09.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpgieBkg8ap2.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-10 ] zgv, xzgv: Heap overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: zgv, xzgv: Heap overflow
  Date: April 21, 2006
  Bugs: #127008
ID: 200604-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour
space incorrectly, potentially resulting in the execution of arbitrary
code.

Background
==

xzgv and zgv are picture viewing utilities with a thumbnail based file
selector.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  media-gfx/xzgv  < 0.8-r2>= 0.8-r2
  2  media-gfx/zgv < 5.8>= 5.8
---
 2 affected packages on all of their supported architectures.
---

Description
===

Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate
insufficient memory when rendering images with more than 3 output
components, such as images using the YCCK or CMYK colour space. When
xzgv or zgv attempt to render the image, data from the image overruns a
heap allocated buffer.

Impact
==

An attacker may be able to construct a malicious image that executes
arbitrary code with the permissions of the xzgv or zgv user when
attempting to render the image.

Workaround
==

There is no known workaround at this time.

Resolution
==

All xzgv users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r2"

All zgv users should also upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8"

References
==

  [ 1 ] CVE-2006-1060
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-10.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpSbdbaCaddO.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-13 ] fbida: Insecure temporary file creation

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: fbida: Insecure temporary file creation
  Date: April 23, 2006
  Bugs: #129470
ID: 200604-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


fbida is vulnerable to linking attacks, potentially allowing a local
user to overwrite arbitrary files.

Background
==

fbida is a collection of image viewers and editors for the framebuffer
console and X11.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  media-gfx/fbida  < 2.03-r3 >= 2.03-r3

Description
===

Jan Braun has discovered that the "fbgs" script provided by fbida
insecurely creates temporary files in the "/var/tmp" directory.

Impact
==

A local attacker could create links in the temporary file directory,
pointing to a valid file somewhere on the filesystem. When an affected
script is called, this could result in the file being overwritten with
the rights of the user running the script.

Workaround
==

There is no known workaround at this time.

Resolution
==

All fbida users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r3"

References
==

  [ 1 ] CVE-2006-1695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1695

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-13.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpg4tjKuMBNA.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Dia: Arbitrary code execution through XFig import
  Date: April 23, 2006
  Bugs: #128107
ID: 200604-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Buffer overflows in Dia's XFig import could allow remote attackers to
execute arbitrary code.

Background
==

Dia is a GTK+ based diagram creation program.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  app-office/dia  < 0.94-r5  >= 0.94-r5

Description
===

infamous41md discovered multiple buffer overflows in Dia's XFig file
import plugin.

Impact
==

By enticing a user to import a specially crafted XFig file into Dia, an
attacker could exploit this issue to execute arbitrary code with the
rights of the user running Dia.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Dia users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r5"

References
==

  [ 1 ] CVE-2006-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-14.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpTKp6hGgFQN.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-15 ] xine-ui: Format string vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: xine-ui: Format string vulnerabilities
  Date: April 26, 2006
  Bugs: #130801
ID: 200604-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Format string vulnerabilities in xine-ui may lead to the execution of
arbitrary code.

Background
==

xine-ui is a skin-based user interface for xine. xine is a free
multimedia player. It plays CDs, DVDs, and VCDs, and can also decode
other common multimedia formats.

Affected packages
=

---
 Package  /   Vulnerable   /Unaffected
---
  1  media-video/xine-ui  < 0.99.4-r5 >= 0.99.4-r5

Description
===

Ludwig Nussel discovered that xine-ui incorrectly implements formatted
printing.

Impact
==

By constructing a malicious playlist file, a remote attacker could
exploit these vulnerabilities to execute arbitrary code with the rights
of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All xine-ui users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.4-r5"

References
==

  [ 1 ] CVE-2006-1905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1905

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-15.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpzObq8GG0Yu.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-16 ] xine-lib: Buffer overflow vulnerability

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: xine-lib: Buffer overflow vulnerability
  Date: April 26, 2006
  Bugs: #128838
ID: 200604-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


xine-lib contains a buffer overflow vulnerability which may lead to the
execution of arbitrary code.

Background
==

xine-lib is the xine core engine. xine is a free multimedia player. It
plays CDs, DVDs, and VCDs, and can also decode other common multimedia
formats.

Affected packages
=

---
 Package   /Vulnerable/ Unaffected
---
  1  xine-lib < 1.1.2_pre20060328-r1   >= 1.1.2_pre20060328-r1

Description
===

Federico L. Bossi Bonin discovered that when handling MPEG streams
xine-lib fails to make a proper boundary check of the input data
supplied by the user before copying it to an insufficiently sized
memory buffer.

Impact
==

A remote attacker could entice a user to play a specially-crafted MPEG
file, resulting in the execution of arbitrary code with the permissions
of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All xine-lib users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose 
">=media-libs/xine-lib-1.1.2_pre20060328-r1"

References
==

  [ 1 ] CVE-2006-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1664

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-16.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpOFUOJdBjoq.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200604-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Ethereal: Multiple vulnerabilities in protocol dissectors
  Date: April 27, 2006
  Bugs: #130505
ID: 200604-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Ethereal is vulnerable to numerous vulnerabilities, potentially
resulting in the execution of arbitrary code.

Background
==

Ethereal is a feature-rich network protocol analyzer.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-analyzer/ethereal  < 0.99.0 >= 0.99.0

Description
===

Coverity discovered numerous vulnerabilities in versions of Ethereal
prior to 0.99.0, including:

* buffer overflows in the ALCAP (CVE-2006-1934), COPS (CVE-2006-1935)
  and telnet (CVE-2006-1936) dissectors.

* buffer overflows in the NetXray/Windows Sniffer and Network
  Instruments file code (CVE-2006-1934).

For further details please consult the references below.

Impact
==

An attacker might be able to exploit these vulnerabilities to crash
Ethereal or execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Ethereal users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.99.0"

References
==

  [ 1 ] CVE-2006-1932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1932
  [ 2 ] CVE-2006-1933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1933
  [ 3 ] CVE-2006-1934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1934
  [ 4 ] CVE-2006-1935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1935
  [ 5 ] CVE-2006-1936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1936
  [ 6 ] CVE-2006-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1937
  [ 7 ] CVE-2006-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1938
  [ 8 ] CVE-2006-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1939
  [ 9 ] CVE-2006-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1940
  [ 10 ] Ethereal enpa-sa-00023
 http://www.ethereal.com/appnotes/enpa-sa-00023.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200604-17.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp05KZH4hmOo.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: MPlayer: Heap-based buffer overflow
  Date: May 01, 2006
  Bugs: #127969
ID: 200605-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


MPlayer contains multiple integer overflows that may lead to a
heap-based buffer overflow.

Background
==

MPlayer is a media player that supports many multimedia file types.

Affected packages
=

---
 Package  /Vulnerable/  Unaffected
---
  1  media-video/mplayer < 1.0.20060415>= 1.0.20060415
  2  media-video/mplayer-bin < 1.0.20060415>= 1.0.20060415
---
 2 affected packages on all of their supported architectures.
---

Description
===

Xfocus Team discovered multiple integer overflows that may lead to a
heap-based buffer overflow.

Impact
==

An attacker could entice a user to play a specially crafted multimedia
file, potentially resulting in the execution of arbitrary code with the
privileges of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All MPlayer users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060415"

All MPlayer binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-bin-1.0.20060415"

References
==

  [ 1 ] CVE-2006-1502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-01.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpflMVmILKBP.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: X.Org: Buffer overflow in XRender extension
  Date: May 02, 2006
  Bugs: #130979
ID: 200605-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow in the XRender extension potentially allows any X.Org
user to execute arbitrary code with elevated privileges.

Background
==

X.Org is X.Org Foundation's public implementation of the X Window
System.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  x11-base/xorg-x11 < 6.8.2-r7  >= 6.8.2-r7

Description
===

X.Org miscalculates the size of a buffer in the XRender extension.

Impact
==

An X.Org user could exploit this issue to make the X server execute
arbitrary code with elevated privileges.

Workaround
==

There is no known workaround at this time.

Resolution
==

All X.Org users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.8.2-r7"

References
==

  [ 1 ] CVE-2006-1526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-02.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpWAhdNFMym3.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: ClamAV: Buffer overflow in Freshclam
  Date: May 02, 2006
  Bugs: #131791
ID: 200605-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Freshclam is vulnerable to a buffer overflow that could lead to
execution of arbitrary code.

Background
==

ClamAV is a GPL virus scanner. Freshclam is a utility to download virus
signature updates.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-antivirus/clamav  < 0.88.2  >= 0.88.2

Description
===

Ulf Harnhammar and an anonymous German researcher discovered that
Freshclam fails to check the size of the header data returned by a
webserver.

Impact
==

By enticing a user to connect to a malicious webserver an attacker
could cause the execution of arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All ClamAV users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.2"

References
==

  [ 1 ] CVE-2006-1989
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1989

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-03.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpfzNsv5TRPD.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-04 ] phpWebSite: Local file inclusion

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: phpWebSite: Local file inclusion
  Date: May 02, 2006
  Bugs: #130295
ID: 200605-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Remote attackers can include local files which may lead to the
execution of arbitrary code.

Background
==

phpWebSite provides a complete web site content management system.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  www-apps/phpwebsite  < 0.10.2   >= 0.10.2

Description
===

rgod has reported that the "hub_dir" parameter in "index.php" isn't
properly verified. When "magic_quotes_gpc" is disabled, this can be
exploited to include arbitrary files from local ressources.

Impact
==

If "magic_quotes_gpc" is disabled, which is not the default on Gentoo
Linux, a remote attacker could exploit this issue to include and
execute PHP scripts from local ressources with the rights of the user
running the web server, or to disclose sensitive information and
potentially compromise a vulnerable system.

Workaround
==

There is no known workaround at this time.

Resolution
==

All phpWebSite users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2"

References
==

  [ 1 ] CVE-2006-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1819

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-04.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp3fehBLLsLm.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-05 ] rsync: Potential integer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: rsync: Potential integer overflow
  Date: May 06, 2006
  Bugs: #131631
ID: 200605-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


An attacker having write access to an rsync module might be able to
execute arbitrary code on an rsync server.

Background
==

rsync is a server and client utility that provides fast incremental
file transfers. It is used to efficiently synchronize files between
hosts and is used by emerge to fetch Gentoo's Portage tree.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  net-misc/rsync   < 2.6.8 >= 2.6.8

Description
===

An integer overflow was found in the receive_xattr function from the
extended attributes patch (xattr.c) for rsync. The vulnerable function
is only present when the "acl" USE flag is set.

Impact
==

A remote attacker with write access to an rsync module could craft
malicious extended attributes which would trigger the integer overflow,
potentially resulting in the execution of arbitrary code with the
rights of the rsync daemon.

Workaround
==

Do not provide write access to an rsync module to untrusted parties.

Resolution
==

All rsync users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.8"

References
==

  [ 1 ] CVE-2006-2083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-05.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp9ZpdUTVjPM.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-07 ] Nagios: Buffer overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Nagios: Buffer overflow
  Date: May 07, 2006
  Bugs: #132159
ID: 200605-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Nagios is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.

Background
==

Nagios is an open source host, service and network monitoring program.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  net-analyzer/nagios-core< 1.4  >= 1.4

Description
===

Sebastian Krahmer of the SuSE security team discovered a buffer
overflow vulnerability in the handling of a negative HTTP
Content-Length header.

Impact
==

A buffer overflow in Nagios CGI scripts under certain web servers
allows remote attackers to execute arbitrary code via a negative
content length HTTP header.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Nagios users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-1.4"

References
==

  [ 1 ] CVE-2006-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-07.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgpsEzUdGFWhx.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: pdnsd: Denial of Service and potential arbitrary code
execution
  Date: May 10, 2006
  Bugs: #131341
ID: 200605-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


pdnsd is vulnerable to a buffer overflow that may result in arbitrary
code execution.

Background
==

pdnsd is a proxy DNS server with permanent caching that is designed to
cope with unreachable DNS servers.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-dns/pdnsd   < 1.2.4  >= 1.2.4

Description
===

The pdnsd team has discovered an unspecified buffer overflow
vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure
Programming Group (OUSPG), has also revealed a memory leak error within
the handling of the QTYPE and QCLASS DNS queries, leading to
consumption of large amounts of memory.

Impact
==

An attacker can craft malicious DNS queries leading to a Denial of
Service, and potentially the execution of arbitrary code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All pdnsd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/pdnsd-1.2.4-r1"

References
==

  [ 1 ] CVE-2006-2076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2076
  [ 2 ] CVE-2006-2077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2077

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-10.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgpxB150MJPOi.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-11 ] Ruby: Denial of Service

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Ruby: Denial of Service
  Date: May 10, 2006
  Bugs: #130657
ID: 200605-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Ruby WEBrick and XMLRPC servers are vulnerable to Denial of Service.

Background
==

Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It comes bundled with HTTP ("WEBrick") and
XMLRPC server objects.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-lang/ruby < 1.8.4-r1  >= 1.8.4-r1

Description
===

Ruby uses blocking sockets for WEBrick and XMLRPC servers.

Impact
==

An attacker could send large amounts of data to an affected server to
block the socket and thus deny other connections to the server.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Ruby users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.4-r1"

References
==

  [ 1 ] CVE-2006-1931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
  [ 2 ] Ruby release announcement
http://www.ruby-lang.org/en/20051224.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-11.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgp30szZk8DFe.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Quake 3 engine based games: Buffer Overflow
  Date: May 10, 2006
  Bugs: #132377
ID: 200605-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


The Quake 3 engine has a vulnerability that could be exploited to
execute arbitrary code.

Background
==

Quake 3 is a multiplayer first person shooter.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  games-fps/quake3-bin< 1.32c  >= 1.32c
  2  games-fps/rtcw  < 1.41b  >= 1.41b
  3  games-fps/enemy-territory   < 2.60b  >= 2.60b
---
 3 affected packages on all of their supported architectures.
---

Description
===

landser discovered a vulnerability within the "remapShader" command.
Due to a boundary handling error in "remapShader", there is a
possibility of a buffer overflow.

Impact
==

An attacker could set up a malicious game server and entice users to
connect to it, potentially resulting in the execution of arbitrary code
with the rights of the game user.

Workaround
==

Do not connect to untrusted game servers.

Resolution
==

All Quake 3 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"

All RTCW users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"

All Enemy Territory users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"

References
==

  [ 1 ] CVE-2006-2236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2236

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-12.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgpqbWGC3JVaD.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200605-13 ] MySQL: Information leakage

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200605-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
 Title: MySQL: Information leakage
  Date: May 11, 2006
  Bugs: #132146
ID: 200605-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A MySQL server may leak information to unauthorized users.

Background
==

MySQL is a popular multi-threaded, multi-user SQL database server.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  dev-db/mysql  < 4.1.19  >= 4.1.19

Description
===

The processing of the COM_TABLE_DUMP command by a MySQL server fails to
properly validate packets that arrive from the client via a network
socket.

Impact
==

By crafting specific malicious packets an attacker could gather
confidential information from the memory of a MySQL server process, for
example results of queries by other users or applications. By using PHP
code injection or similar techniques it would be possible to exploit
this flaw through web applications that use MySQL as a database
backend.

Note that on 5.x versions it is possible to overwrite the stack and
execute arbitrary code with this technique. Users of MySQL 5.x are
urged to upgrade to the latest available version.

Workaround
==

There is no known workaround at this time.

Resolution
==

All MySQL users should upgrade to the latest version.

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-4.1.19"

References
==

  [ 1 ] Original advisory

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-05/msg00041.html
  [ 2 ] CVE-2006-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
  [ 3 ] CVE-2006-1517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200605-13.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200704-01 ] Asterisk: Two SIP Denial of Service vulnerabilities

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200704-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Asterisk: Two SIP Denial of Service vulnerabilities
  Date: April 02, 2007
  Bugs: #171467
ID: 200704-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Asterisk is vulnerable to two Denial of Service issues in the SIP
channel.

Background
==

Asterisk is an open source implementation of a telephone private branch
exchange (PBX).

Affected packages
=

---
 Package/   Vulnerable   /  Unaffected
---
  1  net-misc/asterisk  < 1.2.14-r2   >= 1.2.14-r2
 *>= 1.0.12-r2

Description
===

The Madynes research team at INRIA has discovered that Asterisk
contains a null pointer dereferencing error in the SIP channel when
handling INVITE messages. Furthermore qwerty1979 discovered that
Asterisk 1.2.x fails to properly handle SIP responses with return code
0.

Impact
==

A remote attacker could cause an Asterisk server listening for SIP
messages to crash by sending a specially crafted SIP message or
answering with a 0 return code.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Asterisk users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose net-misc/asterisk

Note: Asterisk 1.0.x is no longer supported upstream so users should
consider upgrading to Asterisk 1.2.x.

References
==

  [ 1 ] CVE-2007-1561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561
  [ 2 ] CVE-2007-1594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1594

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200704-01.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgp2vhF3asZOa.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200704-02 ] MIT Kerberos 5: Arbitrary remote code execution

[Sune Kloppenborg Jeppesen]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200704-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: MIT Kerberos 5: Arbitrary remote code execution
  Date: April 03, 2007
  Bugs: #171889
ID: 200704-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities in MIT Kerberos 5 could potentially result in
unauthenticated remote root code execution.

Background
==

MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  app-crypt/mit-krb5 < 1.5.2-r1 >= 1.5.2-r1

Description
===

The Kerberos telnet daemon fails to properly handle usernames allowing
unauthorized access to any account (CVE-2007-0956). The Kerberos
administration daemon, the KDC and possibly other applications using
the MIT Kerberos libraries are vulnerable to the following issues. The
krb5_klog_syslog function from the kadm5 library fails to properly
validate input leading to a stack overflow (CVE-2007-0957). The GSS-API
library is vulnerable to a double-free attack (CVE-2007-1216).

Impact
==

By exploiting the telnet vulnerability a remote attacker may obtain
access with root privileges. The remaining vulnerabilities may allow an
authenticated remote attacker to execute arbitrary code with root
privileges.

Workaround
==

There is no known workaround at this time.

Resolution
==

All MIT Kerberos 5 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.2-r1"

References
==

  [ 1 ] CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
  [ 2 ] CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
  [ 3 ] CVE-2007-1216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200704-02.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgp5qgD6gLAer.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/