Buffer overflow hibát találtak az optipng csomag BMP állomány felolvasójában. Két stack buffer overflow hibát is találtak az enscript csomagban, ezek kihasználásához a -e opció megadása szükséges. Az ipsec-tools csomag racoon daemon-ja két DoS hibát is tartalmaz: memory leak az érvénytelen proposal-ok kezelésekor, nem távolítja el az "orphaned ph1" (phase 1) azonosítókat. Memory leak hibát, valamint ellenőrzések kikerülési lehetőségeit találták a lighttpd csomagban. Buffer overflow hibát találtak a libsamplerate rutinkönyvtárban. Több biztonsági hibát is találtak a libxml2 rutinkönyvtárban: végtelen rekurzió az attributum értékek felolvasásakor, heap buffer overflow hiba az xmlParseAttValueComplex() függvényben, memory leak a "predefined entity definition" kezelésben, integer overflow hiba az xmlBufferResize() függvényben, integer overflow hiba az xmlSAX2Characters() függvényben. Több biztonsági hibát is találtak a mantis rendszerben: a create_function() függvény ellenőrzetlenül használja a sort paraméterét, nem megfelelő a jogosultság ellenőrzése, nem törli a session cookie-t logout esetén, HTTPS protokoll használata esetén nem állítja be a session cookie-k secure flag-jét. Az mgetty csomag nem megfelelő módon kezeli az átmeneti állományokat.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OptiPNG: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #246522 ID: 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. Background ========== OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/optipng < 0.6.2 >= 0.6.2 Description =========== A buffer overflow in the BMP reader in OptiPNG has been reported. Impact ====== A remote attacker could entice a user to process a specially crafted BMP image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All OptiPNG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2" References ========== [ 1 ] CVE-2008-5101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: enscript: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #243228 ID: 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two buffer overflows in enscript might lead to the execution of arbitrary code. Background ========== enscript is a powerful ASCII to PostScript file converter. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/enscript < 1.6.4-r4 >= 1.6.4-r4 Description =========== Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the "setfilename" command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the "font" escape sequence (CVE-2008-4306). Impact ====== An attacker could entice a user or automated system to process specially crafted input with the special escapes processing enabled using the "-e" option, possibly resulting in the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All enscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.4-r4" References ========== [ 1 ] CVE-2008-3863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863 [ 2 ] CVE-2008-4306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPsec-Tools: racoon Denial of Service Date: December 02, 2008 Bugs: #232831 ID: 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Background ========== IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-firewall/ipsec-tools < 0.7.1 >= 0.7.1 Description =========== Two Denial of Service vulnerabilities have been reported in racoon: * The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651). * Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely (CVE-2008-3652). Impact ====== An attacker could exploit these vulnerabilities to cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-firewall/ipsec-tools-0.7.1" References ========== [ 1 ] CVE-2008-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651 [ 2 ] CVE-2008-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238180 ID: 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Background ========== lighttpd is a lightweight high-performance web server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/lighttpd < 1.4.20 >= 1.4.20 Description =========== Multiple vulnerabilities have been reported in lighttpd: * Qhy reported a memory leak in the http_request_parse() function in request.c (CVE-2008-4298). * Gaetan Bisson reported that URIs are not decoded before applying url.redirect and url.rewrite rules (CVE-2008-4359). * Anders1 reported that mod_userdir performs case-sensitive comparisons on filename components in configuration options, which is insufficient when case-insensitive filesystems are used (CVE-2008-4360). Impact ====== A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data. Workaround ========== There is no known workaround at this time. Resolution ========== All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20" References ========== [ 1 ] CVE-2008-4298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298 [ 2 ] CVE-2008-4359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359 [ 3 ] CVE-2008-4360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsamplerate: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #237037 ID: 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Background ========== Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libsamplerate < 0.1.4 >= 0.1.4 Description =========== Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Impact ====== A remote attacker could entice a user or automated system to process a specially crafted audio file possibly leading to the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libsamplerate users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=media-libs/libsamplerate-0.1.4" References ========== [ 1 ] CVE-2008-5008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: December 02, 2008 Bugs: #234099, #237806, #239346, #245960 ID: 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.7.2-r1 >= 2.7.2-r1 Description =========== Multiple vulnerabilities were reported in libxml2: * Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). * A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). * Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). * Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). * Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact ====== A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1" References ========== [ 1 ] CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 [ 2 ] CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 [ 3 ] CVE-2008-4409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409 [ 4 ] CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 [ 5 ] CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238570, #241940, #242722 ID: 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Background ========== Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.1.4-r1 >= 1.1.4-r1 Description =========== Multiple issues have been reported in Mantis: * EgiX reported that manage_proj_page.php does not correctly sanitize the sort parameter before passing it to create_function() in core/utility_api.php (CVE-2008-4687). * Privileges of viewers are not sufficiently checked before composing a link with issue data in the source anchor (CVE-2008-4688). * Mantis does not unset the session cookie during logout (CVE-2008-4689). * Mantis does not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3102). Impact ====== Remote unauthenticated attackers could exploit these vulnerabilities to execute arbitrary PHP commands, disclose sensitive issue data, or hijack a user's sessions. Workaround ========== There is no known workaround at this time. Resolution ========== All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1" References ========== [ 1 ] CVE-2008-3102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102 [ 2 ] CVE-2008-4687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687 [ 3 ] CVE-2008-4688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688 [ 4 ] CVE-2008-4689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mgetty: Insecure temporary file usage Date: December 06, 2008 Bugs: #235806 ID: 200812-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Mgetty uses temporary files in an insecure manner, allowing for symlink attacks. Background ========== Mgetty is a set of fax and voice modem programs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dialup/mgetty < 1.1.36-r2 >= 1.1.36-r2 Description =========== Dmitry E. Oboukhov reported that the "spooldir" directory in fax/faxspool.in is created in an insecure manner. Impact ====== A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Mgetty users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/mgetty-1.1.36-r2" References ========== [ 1 ] CVE-2008-4936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4936 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---