A HTMLDOC csomagban nem ellenőrzött sscanf() hívások miatt több buffer overflow hibát is találtak. Távolról kihasználható off-by-one heap buffer overflow hibát találtak az irssi IRC kliensben. Kód futtatást eredményező directory traversal és XSS hibákat találtak a Horde keretrendszerben. A lynx lynxcgi:// URL kezelését már évekkel ezelőtt javították, de a javítás nem terjedt ki az advanced módra. Több biztonsági hibát is találtak a wireshark IPMI, Bluetooth L2CAP, RADIUS, MIOP, sFlow, AFS és Infiniband dekódereiben. Directory traversal hibát találtak a znc programban, a támadó megfelelően preparált DCC SEND segítségével fájlokat írhat felül a rendszeren.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: HTMLDOC: User-assisted execution of arbitrary code Date: September 12, 2009 Bugs: #278186 ID: 200909-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple insecure calls to the sscanf() function in HTMLDOC might result in the execution of arbitrary code. Background ========== HTMLDOC is a HTML indexer and HTML to PS and PDF converter. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/htmldoc < 1.8.27-r1 >= 1.8.27-r1 Description =========== ANTHRAX666 reported an insecure call to the sscanf() function in the set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the write_type1() function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in htmldoc/htmllib.cxx. Impact ====== A remote attacker could entice a user to process a specially crafted HTML file using htmldoc, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. NOTE: Additional vectors via specially crafted AFM font metric files do not cross trust boundaries, as the files can only be modified by privileged users. Workaround ========== There is no known workaround at this time. Resolution ========== All HTMLDOC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/htmldoc-1.8.27-r1 References ========== [ 1 ] CVE-2009-3050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3050 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: irssi: Execution of arbitrary code Date: September 12, 2009 Bugs: #271875 ID: 200909-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A remotely exploitable off-by-one error leading to a heap overflow was found in irssi which might result in the execution of arbitrary code. Background ========== irssi is a modular textUI IRC client with IPv6 support. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/irssi < 0.8.13-r1 >= 0.8.13-r1 Description =========== Nemo discovered an off-by-one error leading to a heap overflow in irssi's event_wallops() parsing function. Impact ====== A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack to redirect a user to such a server or use ircop rights to send a specially crafted WALLOPS message, which might result in the execution of arbitrary code with the privileges of the user running irssi. Workaround ========== There is no known workaround at this time. Resolution ========== All irssi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/irssi-0.8.13-r1 References ========== [ 1 ] CVE-2009-1959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1959 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Horde: Multiple vulnerabilities Date: September 12, 2009 Bugs: #256125, #262976, #262978, #277294 ID: 200909-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Horde and two modules, allowing for the execution of arbitrary code, information disclosure, or Cross-Site Scripting. Background ========== Horde is a web application framework written in PHP. Horde IMP, the "Internet Messaging Program", is a Webmail module and Horde Passwd is a password changing module for Horde. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/horde < 3.3.4 >= 3.3.4 2 www-apps/horde-imp < 4.3.4 >= 4.3.4 3 www-apps/horde-passwd < 3.1.1 >= 3.1.1 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been discovered in Horde: * Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the "Horde_Image driver name" (CVE-2009-0932). * Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931). * It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917). Horde Passwd: David Wharton reported that data sent via the "backend" parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360). Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930). Impact ====== A remote authenticated attacker could exploit these vulnerabilities to execute arbitrary PHP files on the server, or disclose the content of arbitrary files, both only if the file is readable to the web server. A remote authenticated attacker could conduct Cross-Site Scripting attacks. NOTE: Some Cross-Site Scripting vectors are limited to the usage of Microsoft Internet Explorer. Workaround ========== There is no known workaround at this time. Resolution ========== All Horde users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-3.3.4 All Horde IMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-imp-4.3.4 All Horde Passwd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-passwd-3.1.1 References ========== [ 1 ] CVE-2008-5917 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917 [ 2 ] CVE-2009-0930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930 [ 3 ] CVE-2009-0931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0931 [ 4 ] CVE-2009-0932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0932 [ 5 ] CVE-2009-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Lynx: Arbitrary command execution Date: September 12, 2009 Bugs: #243058 ID: 200909-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An incomplete fix for an issue related to the Lynx URL handler might allow for the remote execution of arbitrary commands. Background ========== Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/lynx < 2.8.6-r4 >= 2.8.6-r4 Description =========== Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) only disabled the lynxcgi:// handler when not using the advanced mode. Impact ====== A remote attacker can entice a user to access a malicious HTTP server, causing Lynx to execute arbitrary commands. NOTE: The advanced mode is not enabled by default. Successful exploitation requires the "lynxcgi://" protocol to be registered with lynx on the victim's system. Workaround ========== There is no known workaround at this time. Resolution ========== All Lynx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/lynx-2.8.6-r4 References ========== [ 1 ] CVE-2005-2929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929 [ 2 ] CVE-2008-4690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4690 [ 3 ] GLSA 200511-09 http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Denial of Service Date: September 13, 2009 Bugs: #278564 ID: 200909-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service. Background ========== Wireshark is a versatile network protocol analyzer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.2.1 >= 1.2.1 Description =========== Multiple vulnerabilities were discovered in Wireshark: * A buffer overflow in the IPMI dissector related to an array index error (CVE-2009-2559). * Multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560). * An unspecified vulnerability in the sFlow dissector (CVE-2009-2561). * An unspecified vulnerability in the AFS dissector (CVE-2009-2562). * An unspecified vulnerability in the Infiniband dissector when running on unspecified platforms (CVE-2009-2563). Impact ====== A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file to cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/wireshark-1.2.1 References ========== [ 1 ] CVE-2009-2559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2559 [ 2 ] CVE-2009-2560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560 [ 3 ] CVE-2009-2561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2561 [ 4 ] CVE-2009-2562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562 [ 5 ] CVE-2009-2563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ZNC: Directory traversal Date: September 13, 2009 Bugs: #278684 ID: 200909-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A directory traversal was found in ZNC, allowing for overwriting of arbitrary files. Background ========== ZNC is an advanced IRC bouncer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/znc < 0.074 >= 0.074 Description =========== The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact ====== A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user running ZNC, and possibly cause the execution of arbitrary code e.g. by uploading a malicious ZNC module. Workaround ========== There is no known workaround at this time. Resolution ========== All ZNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/znc-0.074 References ========== [ 1 ] CVE-2009-2658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2658 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---