Format string hibát találtak a vinagre csomagban, ha az áldozat egy megfelelően preparált VNC állományt nyit meg, vagy a támadó VNC szerveréhez kapcsolódik. Több CRLF injection hibát is találtak a znc webadmin moduljában, ha a támadó azonosítani tudja magát, akkor a konfigurációs állományba olyan bejegyzéseket tehet, amik kód futtatást eredményeznek. Buffer overflow hibát találtak az Audacity programban. Buffer overflow hibákat találtak a devil csomag Radiance RGBE képformátum kezelőjében. Több rossz keresési útvonalat (python modulok), valamint nem megfelelő átmeneti állomány kezelési hibákat találtak a PDFjam csomag segédprogramjaiban. Az nfs-utils csomag rossz paraméterezéssel hívja a hosts_ctl() függvényt, így a TCP wrappers nem ellenőrzi a netgroup korlátozásokat. A samba nem megfelelően dolgozza fel a trans, trans2 illetve nttrans kéréseket, minek hatására a daemon DoS-olható, illetve a processz memória tartalma is szivárog. A geda nem megfelelő módon kezeli az átmeneti állományokat. Több buffer overflow hibát is találtak az OpenTTD csomagban. Buffer overflow hibát találtak az Irrlicht Engine 3D motorban. Buffer overflow hibát találtak a python-crypto csomag ARC2 implementációjában. Az optipng csomag GIF állomány betöltője felszabadítás után is használ bizonyos memória területet, ez a támadó számára kód futtatását teszi lehetővé. Több buffer overflow hibát is találtak a mpfr rutinkönyvtárban. A bind az OpenSSL API-t rosszul használta, így az aláírások ellenőrzése nem volt megbízható. A gitweb nem minden esetben kezeli helyesen a shell metakaraktereket külső programok indításakor, ami tetszőleges parancsok futtatására ad lehetőséget. A gitweb ezen kívül még egy súlyos hibát tartalmaz, a diff.external paraméter megváltoztatásával tetszőleges parancs futtatható. Az Epiphany böngésző python modulja veszélyes keresési útvonalat tartalmaz. Részletesebben nem dokumentált hibát találtak a Real VNC program CMsgReader::readRect() függvényében, a támadó által befolyásolt VNC szerverhez kapcsolódva kód futtatható az áldozat rendszerén. Az OpenSWAN csomag livetest programja nem megfelelő módon kezeli az ipseclive.conn és ipsec.olts.remote.log átmeneti állományait. A Xerces-C++ fordító összeomlik egy megfelelően preparált XML schema állomány hatására. XSS és információ szivárgási hibát találtak a websvn rendszerben, a támadó hozzáférhet a privát repository-k jelentős részéhez is. A curl nem figyelt a redirect-ek által visszaadott értékre, akkor is követte őket, ha az eredmény egy file:// URL volt. Amennyiben a libssh2 USE flag engedélyezett volt, akkor az scp: URL-en át kód is futtatható volt.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Vinagre: User-assisted execution of arbitrary code Date: March 06, 2009 Bugs: #250314 ID: 200903-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A format string error in Vinagre may allow for the execution of arbitrary code. Background ========== Vinagre is a VNC Client for the GNOME Desktop. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/vinagre < 0.5.2 >= 0.5.2 Description =========== Alfredo Ortega (Core Security Technologies) reported a format string error in the vinagre_utils_show_error() function in src/vinagre-utils.c. Impact ====== A remote attacker could entice a user into opening a specially crafted .vnc file or connecting to a malicious server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Vinagre users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vinagre-0.5.2" References ========== [ 1 ] CVE-2008-5660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5660 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ZNC: Privilege escalation Date: March 06, 2009 Bugs: #260148 ID: 200903-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in ZNC allows for privilege escalation. Background ========== ZNC is an advanced IRC bouncer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/znc < 0.066 >= 0.066 Description =========== cnu discovered multiple CRLF injection vulnerabilities in ZNC's webadmin module. Impact ====== A remote authenticated attacker could modify the znc.conf configuration file and gain privileges via newline characters in e.g. the QuitMessage field, and possibly execute arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All ZNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/znc-0.066" References ========== [ 1 ] CVE-2009-0759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0759 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Audacity: User-assisted execution of arbitrary code Date: March 06, 2009 Bugs: #253493 ID: 200903-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A boundary error in Audacity allows for the execution of arbitrary code. Background ========== Audacity is a free cross-platform audio editor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/audacity < 1.3.6 >= 1.3.6 Description =========== Houssamix discovered a boundary error in the String_parse::get_nonspace_quoted() function in lib-src/allegro/strparse.cpp. Impact ====== A remote attacker could entice a user into importing a specially crafted *.gro file, resulting in the execution of arbitrary code or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Audacity users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/audacity-1.3.6" References ========== [ 1 ] CVE-2009-0490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0490 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DevIL: User-assisted execution of arbitrary code Date: March 06, 2009 Bugs: #255217 ID: 200903-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple boundary errors in DevIL may allow for the execution of arbitrary code. Background ========== Developer's Image Library (DevIL) is a cross-platform image library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/devil < 1.7.7 >= 1.7.7 Description =========== Stefan Cornelius (Secunia Research) discovered two boundary errors within the iGetHdrHeader() function in src-IL/src/il_hdr.c. Impact ====== A remote attacker could entice a user to open a specially crafted Radiance RGBE file, possibly resulting in the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All DevIL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/devil-1.7.7" References ========== [ 1 ] CVE-2008-5262 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5262 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PDFjam: Multiple vulnerabilities Date: March 07, 2009 Bugs: #252734 ID: 200903-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in the PDFjam scripts allow for local privilege escalation. Background ========== PDFjam is a small collection of shell scripts to edit PDF documents, including pdfnup, pdfjoin and pdf90. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/pdfjam < 1.20-r1 >= 1.20-r1 Description =========== * Martin Vaeth reported multiple untrusted search path vulnerabilities (CVE-2008-5843). * Marcus Meissner of the SUSE Security Team reported that temporary files are created with a predictable name (CVE-2008-5743). Impact ====== A local attacker could place a specially crafted Python module in the current working directory or the /var/tmp directory, and entice a user to run the PDFjam scripts, leading to the execution of arbitrary code with the privileges of the user running the application. A local attacker could also leverage symlink attacks to overwrite arbitrary files. Workaround ========== There is no known workaround at this time. Resolution ========== All PDFjam users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/pdfjam-1.20-r1" References ========== [ 1 ] CVE-2008-5843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5843 [ 2 ] CVE-2008-5743 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5743 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nfs-utils: Access restriction bypass Date: March 07, 2009 Bugs: #242696 ID: 200903-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in nfs-utils allows for bypass of the netgroups restriction. Background ========== nfs-utils contains the client and daemon implementations for the NFS protocol. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/nfs-utils < 1.1.3 >= 1.1.3 Description =========== Michele Marcionelli reported that nfs-utils invokes the hosts_ctl() function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. Impact ====== A remote attacker could bypass intended access restrictions, i.e. NFS netgroups, and gain access to restricted services. Workaround ========== There is no known workaround at this time. Resolution ========== All nfs-utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.1.3" References ========== [ 1 ] CVE-2008-4552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Samba: Data disclosure Date: March 07, 2009 Bugs: #247620 ID: 200903-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A missing boundary check in Samba might lead to the disclosure of memory contents. Background ========== Samba is a suite of SMB and CIFS client/server programs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 3.0.33 >= 3.0.33 Description =========== Samba does not properly check memory boundaries when handling trans, rans2, and nttrans requests. Impact ====== A remote attacker could send specially crafted requests to a Samba daemon, leading to the disclosure of arbitrary memory or to a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.33" References ========== [ 1 ] CVE-2008-4314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: gEDA: Insecure temporary file creation Date: March 07, 2009 Bugs: #247538 ID: 200903-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage has been reported in gEDA, allowing for symlink attacks. Background ========== gEDA is an Electronic Design Automation tool used for electrical circuit design. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sci-electronics/geda < 1.4.0-r1 >= 1.4.0-r1 Description =========== Dmitry E. Oboukhov reported an insecure temporary file usage within the sch2eaglepos.sh script. Impact ====== A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All gEDA users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sci-electronics/geda-1.4.0-r1" References ========== [ 1 ] CVE-2008-5148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5148 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenTTD: Execution of arbitrary code Date: March 07, 2009 Bugs: #233929 ID: 200903-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflows in OpenTTD might allow for the execution of arbitrary code in the server. Background ========== OpenTTD is a clone of Transport Tycoon Deluxe. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-simulation/openttd < 0.6.3 >= 0.6.3 Description =========== Multiple buffer overflows have been reported in OpenTTD, when storing long for client names (CVE-2008-3547), in the TruncateString function in src/gfx.cpp (CVE-2008-3576) and in src/openttd.cpp when processing a large filename supplied to the "-g" parameter in the ttd_main function (CVE-2008-3577). Impact ====== An authenticated attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the OpenTTD server. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenTTD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.6.3" References ========== [ 1 ] CVE-2008-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3547 [ 2 ] CVE-2008-3576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3576 [ 3 ] CVE-2008-3577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3577 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Irrlicht: User-assisted execution of arbitrary code Date: March 07, 2009 Bugs: #252203 ID: 200903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow might lead to the execution of arbitrary code or a Denial of Service. Background ========== The Irrlicht Engine is an open source cross-platform high performance realtime 3D engine written in C++. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-games/irrlicht < 1.5 >= 1.5 Description =========== An unspecified component of the B3D loader is vulnerable to a buffer overflow due to missing boundary checks. Impact ====== A remote attacker could entice a user to open a specially crafted .irr file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service (crash). Workaround ========== There is no known workaround at this time. Resolution ========== All irrlicht users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-games/irrlicht-1.5" References ========== [ 1 ] CVE-2008-5876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5876 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PyCrypto: Execution of arbitrary code Date: March 09, 2009 Bugs: #258049 ID: 200903-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in PyCrypto might lead to the execution of arbitrary code when decrypting using ARC2. Background ========== PyCrypto is the Python Cryptography Toolkit. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-python/pycrypto < 2.0.1-r8 >= 2.0.1-r8 Description =========== Mike Wiacek of the Google Security Team reported a buffer overflow in the ARC2 module when processing a large ARC2 key length. Impact ====== A remote attacker could entice a user or automated system to decrypt an ARC2 stream in an application using PyCrypto, possibly resulting in the execution of arbitrary code or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All PyCrypto users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.0.1-r8" References ========== [ 1 ] CVE-2009-0544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OptiPNG: User-assisted execution of arbitrary code Date: March 09, 2009 Bugs: #260265 ID: 200903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. Background ========== OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/optipng < 0.6.2-r1 >= 0.6.2-r1 Description =========== Roy Tam reported a use-after-free vulnerability in the GIFReadNextExtension() function in lib/pngxtern/gif/gifread.c leading to a memory corruption when reading a GIF image. Impact ====== A remote attacker could entice a user to process a specially crafted GIF image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All OptiPNG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2-r1" References ========== [ 1 ] CVE-2009-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0749 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPFR: Denial of Service Date: March 09, 2009 Bugs: #260968 ID: 200903-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflows in MPFR might lead to a Denial of Service. Background ========== MPFR is a library for multiple-precision floating-point computations with exact rounding. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/mpfr < 2.4.1 >= 2.4.1 Description =========== Multiple buffer overflows have been reported in the mpfr_snprintf() and mpfr_vsnprintf() functions. Impact ====== A remote user could exploit the vulnerability to cause a Denial of Service in an application using MPFR via unknown vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All MPRF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/mpfr-2.4.1" References ========== [ 1 ] CVE-2009-0757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0757 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Incorrect signature verification Date: March 09, 2009 Bugs: #254134, #257949 ID: 200903-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Incomplete verification of RSA and DSA certificates might lead to spoofed records authenticated using DNSSEC. Background ========== ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.4.3_p1 >= 9.4.3_p1 Description =========== BIND does not properly check the return value from the OpenSSL functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) certificates. Impact ====== A remote attacker could bypass validation of the certificate chain to spoof DNSSEC-authenticated records. Workaround ========== There is no known workaround at this time. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p1" References ========== [ 1 ] CVE-2009-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 [ 2 ] CVE-2009-0265 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: git: Multiple vulnerabilties Date: March 09, 2009 Bugs: #251343 ID: 200903-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in gitweb allow for remote execution of arbitrary commands. Background ========== GIT - the stupid content tracker, the revision control system used by the Linux kernel team. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/git < 1.6.0.6 >= 1.6.0.6 Description =========== Multiple vulnerabilities have been reported in gitweb that is part of the git package: * Shell metacharacters related to git_search are not properly sanitized (CVE-2008-5516). * Shell metacharacters related to git_snapshot and git_object are not properly sanitized (CVE-2008-5517). * The diff.external configuration variable as set in a repository can be executed by gitweb (CVE-2008-5916). Impact ====== A remote unauthenticated attacker can execute arbitrary commands via shell metacharacters in a query, remote attackers with write access to a git repository configuration can execute arbitrary commands with the privileges of the user running gitweb by modifying the diff.external configuration variable in the repository and sending a crafted query to gitweb. Workaround ========== There is no known workaround at this time. Resolution ========== All git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/git-1.6.0.6" References ========== [ 1 ] CVE-2008-5516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5516 [ 2 ] CVE-2008-5517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517 [ 3 ] CVE-2008-5916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5916 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Epiphany: Untrusted search path Date: March 09, 2009 Bugs: #257000 ID: 200903-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An untrusted search path vulnerability in Epiphany might result in the execution of arbitrary code. Background ========== Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/epiphany < 2.22.3-r2 >= 2.22.3-r2 Description =========== James Vega reported an untrusted search path vulnerability in the Python interface. Impact ====== A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Epiphany. Workaround ========== Do not run "epiphany" from untrusted working directories. Resolution ========== All Epiphany users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/epiphany-2.22.3-r2" References ========== [ 1 ] CVE-2008-5985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Real VNC: User-assisted execution of arbitrary code Date: March 09, 2009 Bugs: #255225 ID: 200903-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The Real VNC client is vulnerable to execution of arbitrary code when connecting to a malicious server. Background ========== Real VNC is a remote desktop viewer display system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/vnc < 4.1.3 >= 4.1.3 Description =========== An unspecified vulnerability has been discovered int the CMsgReader::readRect() function in the VNC Viewer component, related to the encoding type of RFB protocol data. Impact ====== A remote attacker could entice a user to connect to a malicious VNC server, or leverage Man-in-the-Middle attacks, to cause the execution of arbitrary code with the privileges of the user running the VNC viewer. Workaround ========== There is no known workaround at this time. Resolution ========== All Real VNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vnc-4.1.3" References ========== [ 1 ] CVE-2008-4770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Openswan: Insecure temporary file creation Date: March 09, 2009 Bugs: #238574 ID: 200903-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage has been reported in Openswan, allowing for symlink attacks. Background ========== Openswan is an implementation of IPsec for Linux. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/openswan < 2.4.13-r2 >= 2.4.13-r2 Description =========== Dmitry E. Oboukhov reported that the IPSEC livetest tool does not handle the ipseclive.conn and ipsec.olts.remote.log temporary files securely. Impact ====== A local attacker could perform symlink attacks to execute arbitrary code and overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Openswan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.13-r2" References ========== [ 1 ] CVE-2008-4190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4190 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xerces-C++: Denial of Service Date: March 09, 2009 Bugs: #240496 ID: 200903-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in Xerces-C++ allows for a Denial of Service via malicious XML schema files. Background ========== Xerces-C++ is a validating XML parser written in a portable subset of C++. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/xerces-c < 3.0.0-r1 >= 3.0.0-r1 Description =========== Frank Rast reported that the XML parser in Xerces-C++ does not correctly handle an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during the validation of an XML file. Impact ====== A remote attacker could entice a user or automated system to validate an XML file using a specially crafted XML schema file, leading to a Denial of Service (stack consumption and crash). Workaround ========== There is no known workaround at this time. Resolution ========== All Xerces-C++ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xerces-c-3.0.0-r1" References ========== [ 1 ] CVE-2008-4482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4482 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebSVN: Multiple vulnerabilities Date: March 09, 2009 Bugs: #243852 ID: 200903-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in WebSVN allow for file overwrite and information disclosure. Background ========== WebSVN is a web-based browsing tool for Subversion repositories written in PHP. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/websvn < 2.1.0 >= 2.1.0 Description =========== * James Bercegay of GulfTech Security reported a Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl() function in index.php (CVE-2008-5918) and a directory traversal vulnerability in rss.php when magic_quotes_gpc is disabled (CVE-2008-5919). * Bas van Schaik reported that listing.php does not properly enforce access restrictions when using an SVN authz file to authenticate users (CVE-2009-0240). Impact ====== A remote attacker can exploit these vulnerabilities to overwrite arbitrary files, to read changelogs or diffs for restricted projects and to hijack a user's session. Workaround ========== There is no known workaround at this time. Resolution ========== All WebSVN users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/websvn-2.1.0" References ========== [ 1 ] CVE-2008-5918 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5918 [ 2 ] CVE-2008-5919 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5919 [ 3 ] CVE-2009-0240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Arbitrary file access Date: March 09, 2009 Bugs: #260361 ID: 200903-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in cURL may allow for arbitrary file access. Background ========== cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.19.4 >= 7.19.4 Description =========== David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPT_FOLLOWLOCATION is enabled. Impact ====== A remote attacker could possibly exploit this vulnerability to make remote HTTP servers trigger arbitrary requests to intranet servers and read or overwrite arbitrary files via a redirect to a file: URL, or, if the libssh2 USE flag is enabled, execute arbitrary commands via a redirect to an scp: URL. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.19.4" References ========== [ 1 ] CVE-2009-0037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-21.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---