Megfelelően preparált PNG állományokkal a libpng csomag több helyen is összeomlasztható, valamint kód futtatás is lehetséges inicializálatlan memória használat miatt. A BlueZ csomag elemzője nem megfelelően kezeli a túl hosszú sztringeket az SDP protokollban, ez buffer overflow hibát eredményez. Több biztonsági hibát is találtak az Opera böngészőben, a legsúlyosabb kód futtatást is lehetővé tesz. Heap buffer overflow hibát találtak a libcdaudio CDDB válasz feldolgozó részében. Több biztonsági hibát (kód futtatási lehetőség, XSS, CSRF és SQL injection) is találtak a phpMyAdmin csomagban. Az ffmpeg hibásan kezeli az Ogg Media (OGM), DTS Coherent Acoustics (DCA) és 4X movie (4xm) fájlokat, valamint a DTS stream-eket. Az Amarok nem megfelelően kezeli az Audible Audio (.aa) fájlokat, heap overflow és érvénytelen memória kezelési hibákat tartalmaz. A muttprint nem megfelelő módon kezeli az átmeneti állományokat. A MLDonkey web felülete nem megfelelően kezeli a két slash (//) karakterrel kezdődő fájlneveket, a támadó a fájlrendszerhez férhet hozzá. Több integer overflow hibát is találtak a ghostscript ICC rutinkönyvtárában. A squid assert-re futott, ha a HTTP kérés érvénytelen verziót tartalmazott. Szintén hibaüzenettel leállás történt, ha sikerült egy tömböt 0 eleműre csökkenteni. A pam_krb5 nem setuid használatnak megfelelően inicializálta a kerberos rutinkönyvtárat, ezért gond volt, ha setuid alkalmazásból hívták meg. A bzip2 buffer túlolvasás miatti DoS lehetősége érinti az analog csomagot is, mivel a forrásban szerepel a bzip2 rutinkönyvtár egy saját példánya is. A python modul keresési sorrend hiba érinti a gedit editort is.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Multiple vulnerabilities Date: March 15, 2009 Bugs: #244808, #255231, #259578 ID: 200903-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in libpng, which might result in the execution of arbitrary code Background ========== libpng is the official PNG reference library used to read, write and manipulate PNG images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libpng < 1.2.35 >= 1.2.35 Description =========== Multiple vulnerabilities were discovered in libpng: * A memory leak bug was reported in png_handle_tEXt(), a function that is used while reading PNG images (CVE-2008-6218). * A memory overwrite bug was reported by Jon Foster in png_check_keyword(), caused by writing overlong keywords to a PNG file (CVE-2008-5907). * A memory corruption issue, caused by an incorrect handling of an out of memory condition has been reported by Tavis Ormandy of the Google Security Team. That vulnerability affects direct uses of png_read_png(), pCAL chunk and 16-bit gamma table handling (CVE-2009-0040). Impact ====== A remote attacker may execute arbitrary code with the privileges of the user opening a specially crafted PNG file by exploiting the erroneous out-of-memory handling. An attacker may also exploit the png_check_keyword() error to set arbitrary memory locations to 0, if the application allows overlong, user-controlled keywords when writing PNG files. The png_handle_tEXT() vulnerability may be exploited by an attacker to potentially consume all memory on a users system when a specially crafted PNG file is opened. Workaround ========== There is no known workaround at this time. Resolution ========== All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.35" References ========== [ 1 ] CVE-2008-5907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907 [ 2 ] CVE-2008-6218 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6218 [ 3 ] CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-28.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BlueZ: Arbitrary code execution Date: March 16, 2009 Bugs: #230591 ID: 200903-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Insufficient input validation in BlueZ may lead to arbitrary code execution or a Denial of Service. Background ========== BlueZ is a set of Bluetooth tools and system daemons for Linux. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/bluez-utils < 3.36 >= 3.36 2 net-wireless/bluez-libs < 3.36 >= 3.36 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets. Impact ====== A physically proximate attacker using a Bluetooth device with an already established trust relationship could send specially crafted requests, possibly leading to arbitrary code execution or a crash. Exploitation may also be triggered by a local attacker registering a service record via a UNIX socket or D-Bus interface. Workaround ========== There is no known workaround at this time. Resolution ========== All bluez-utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-3.36" All bluez-libs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/bluez-libs-3.36" References ========== [ 1 ] CVE-2008-2374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-29.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: March 16, 2009 Bugs: #247229, #261032 ID: 200903-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Opera, the worst of which allow for the execution of arbitrary code. Background ========== Opera is a fast web browser that is available free of charge. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 9.64 >= 9.64 Description =========== Multiple vulnerabilities were discovered in Opera: * Vitaly McLain reported a heap-based buffer overflow when processing host names in file:// URLs (CVE-2008-5178). * Alexios Fakos reported a vulnerability in the HTML parsing engine when processing web pages that trigger an invalid pointer calculation and heap corruption (CVE-2008-5679). * Red XIII reported that certain text-area contents can be manipulated to cause a buffer overlow (CVE-2008-5680). * David Bloom discovered that unspecified "scripted URLs" are not blocked during the feed preview (CVE-2008-5681). * Robert Swiecki of the Google Security Team reported a Cross-site scripting vulnerability (CVE-2008-5682). * An unspecified vulnerability reveals random data (CVE-2008-5683). * Tavis Ormandy of the Google Security Team reported a vulnerability when processing JPEG images that may corrupt memory (CVE pending). Impact ====== A remote attacker could entice a user to open a specially crafted JPEG image to cause a Denial of Service or execute arbitrary code, to process an overly long file:// URL or to open a specially crafted web page to execute arbitrary code. He could also read existing subscriptions and force subscriptions to arbitrary feed URLs, as well as inject arbitrary web script or HTML via built-in XSLT templates. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.64" References ========== [ 1 ] CVE-2008-5178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5178 [ 2 ] CVE-2008-5679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5679 [ 3 ] CVE-2008-5680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5680 [ 4 ] CVE-2008-5681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5681 [ 5 ] CVE-2008-5682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5682 [ 6 ] CVE-2008-5683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5683 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libcdaudio: User-assisted execution of arbitrary code Date: March 17, 2009 Bugs: #245649 ID: 200903-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in libcdaudio might allow for the remote execution of arbitrary code. Background ========== libcdaudio is a library of CD audio related routines. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libcdaudio < 0.99.12-r1 >= 0.99.12-r1 Description =========== A heap-based buffer overflow has been reported in the cddb_read_disc_data() function in cddb.c when processing overly long CDDB data. Impact ====== A remote attacker could entice a user to connect to a malicious CDDB server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libcdaudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libcdaudio-0.99.12-r1" References ========== [ 1 ] CVE-2008-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-31.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: phpMyAdmin: Multiple vulnerabilities Date: March 18, 2009 Bugs: #237781, #244914, #246831, #250752 ID: 200903-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which may allow for remote code execution. Background ========== phpMyAdmin is a web-based management tool for MySQL databases. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/phpmyadmin < 2.11.9.4 >= 2.11.9.4 Description =========== Multiple vulnerabilities have been reported in phpMyAdmin: * libraries/database_interface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function (CVE-2008-4096). * Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977 (CVE-2008-4775). * Cross-site request forgery (CSRF) vulnerability in phpMyAdmin allows remote authenticated attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code (CVE-2008-5621). * Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin allow remote attackers to conduct SQL injection attacks via unknown vectors related to the table parameter, a different vector than CVE-2008-5621 (CVE-2008-5622). Impact ====== A remote attacker may execute arbitrary code with the rights of the webserver, inject and execute SQL with the rights of phpMyAdmin or conduct XSS attacks against other users. Workaround ========== There is no known workaround at this time. Resolution ========== All phpMyAdmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.4" References ========== [ 1 ] CVE-2006-6942 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6942 [ 2 ] CVE-2007-5977 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5977 [ 3 ] CVE-2008-4096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096 [ 4 ] CVE-2008-4775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775 [ 5 ] CVE-2008-5621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621 [ 6 ] CVE-2008-5622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-32.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FFmpeg: Multiple vulnerabilities Date: March 19, 2009 Bugs: #231831, #231834, #245313, #257217, #257381 ID: 200903-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. Background ========== FFmpeg is a complete solution to record, convert and stream audio and video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia player which also includes a vulnerable copy of the code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 ffmpeg < 0.4.9_p20090201 >= 0.4.9_p20090201 2 gst-plugins-ffmpeg < 0.10.5 >= 0.10.5 3 mplayer < 1.0_rc2_p28450 >= 1.0_rc2_p28450 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Multiple vulnerabilities were found in FFmpeg: * astrange reported a stack-based buffer overflow in the str_read_packet() in libavformat/psxstr.c when processing .str files (CVE-2008-3162). * Multiple buffer overflows in libavformat/utils.c (CVE-2008-4866). * A buffer overflow in libavcodec/dca.c (CVE-2008-4867). * An unspecified vulnerability in the avcodec_close() function in libavcodec/utils.c (CVE-2008-4868). * Unspecified memory leaks (CVE-2008-4869). * Tobias Klein repoerted a NULL pointer dereference due to an integer signedness error in the fourxm_read_header() function in libavformat/4xm.c (CVE-2009-0385). Impact ====== A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All FFmpeg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose >=media-video/ffmpeg-0.4.9_p20090201" All gst-plugins-ffmpeg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose >=media-plugins/gst-plugins-ffmpeg-0.10.5" All Mplayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose >=media-video/mplayer-1.0_rc2_p28450" References ========== [ 1 ] CVE-2008-3162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162 [ 2 ] CVE-2008-4866 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4866 [ 3 ] CVE-2008-4867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867 [ 4 ] CVE-2008-4868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4868 [ 5 ] CVE-2008-4869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869 [ 6 ] CVE-2009-0385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-33.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: User-assisted execution of arbitrary code Date: March 20, 2009 Bugs: #254896 ID: 200903-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Amarok might allow for user-assisted execution of arbitrary code. Background ========== Amarok is an advanced music player. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/amarok < 1.4.10-r2 >= 1.4.10-r2 Description =========== Tobias Klein has discovered multiple vulnerabilities in Amarok: * Multiple integer overflows in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows (CVE-2009-0135). * Multiple array index errors in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can lead to invalid pointer dereferences, or the writing of a 0x00 byte to an arbitrary memory location after an allocation failure (CVE-2009-0136). Impact ====== A remote attacker could entice a user to open a specially crafted Audible Audio (.aa) file with a large "nlen" or "vlen" tag value to execute arbitrary code or cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Amarok users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10-r2" References ========== [ 1 ] CVE-2009-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0135 [ 2 ] CVE-2009-0136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-34.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-35 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Muttprint: Insecure temporary file usage Date: March 23, 2009 Bugs: #250554 ID: 200903-35 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage in Muttprint allows for symlink attacks. Background ========== Muttprint formats the output of mail clients to a good-looking printing using LaTeX. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/muttprint < 0.72d-r1 >= 0.72d-r1 Description =========== Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script. Impact ====== A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Muttprint users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/muttprint-0.72d-r1" References ========== [ 1 ] CVE-2008-5368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5368 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-35.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MLDonkey: Information disclosure Date: March 23, 2009 Bugs: #260072 ID: 200903-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in the MLDonkey web interface allows remote attackers to disclose arbitrary files. Background ========== MLDonkey is a multi-network P2P application written in Ocaml, coming with its own Gtk GUI, web and telnet interface. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-p2p/mldonkey < 3.0.0 >= 3.0.0 Description =========== Michael Peselnik reported that src/utils/lib/url.ml in the web interface of MLDonkey does not handle file names with leading double slashes properly. Impact ====== A remote attacker could gain access to arbitrary files readable by the user running the application. Workaround ========== Disable the web interface or restrict access to it. Resolution ========== All MLDonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/mldonkey-3.0.0" References ========== [ 1 ] CVE-2009-0753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0753 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-36.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ghostscript: User-assisted execution of arbitrary code Date: March 23, 2009 Bugs: #261087 ID: 200903-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple integer overflows in the Ghostscript ICC library might allow for user-assisted execution of arbitrary code. Background ========== Ghostscript is an interpreter for the PostScript language and the Portable Document Format (PDF). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/ghostscript-gpl < 8.64-r2 >= 8.64-r2 2 app-text/ghostscript-gnu < 8.62.0 >= 8.62.0 3 app-text/ghostscript-esp <= 8.15.4-r1 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Jan Lieskovsky from the Red Hat Security Response Team discovered the following vulnerabilities in Ghostscript's ICC Library: * Multiple integer overflows (CVE-2009-0583). * Multiple insufficient bounds checks on certain variable sizes (CVE-2009-0584). Impact ====== A remote attacker could entice a user to open a specially crafted PostScript file containing images and a malicious ICC profile, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All GPL Ghostscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.64-r2" All GNU Ghostscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gnu-8.62.0" We recommend that users unmerge ESP Ghostscript and use GPL or GNU Ghostscript instead: # emerge --unmerge "app-text/ghostscript-esp" For installation instructions, see above. References ========== [ 1 ] CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 [ 2 ] CVE-2009-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-37.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Squid: Multiple Denial of Service vulnerabilities Date: March 24, 2009 Bugs: #216319, #257585 ID: 200903-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Squid which allow for remote Denial of Service attacks. Background ========== Squid is a full-featured web proxy cache. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-proxy/squid < 2.7.6 >= 2.7.6 Description =========== * The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239 (CVE-2008-1612). * An invalid version number in a HTTP request may trigger an assertion in HttpMsg.c and HttpStatusLine.c (CVE-2009-0478). Impact ====== The issues allows for Denial of Service attacks against the service via an HTTP request with an invalid version number and other specially crafted requests. Workaround ========== There is no known workaround at this time. Resolution ========== All Squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.7.6" References ========== [ 1 ] CVE-2007-6239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239 [ 2 ] CVE-2008-1612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612 [ 3 ] CVE-2009-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0478 [ 4 ] GLSA-200801-05 http://www.gentoo.org/security/en/glsa/glsa-200801-05.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-38.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message --------BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: pam_krb5: Privilege escalation Date: March 25, 2009 Bugs: #257075 ID: 200903-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files. Background ========== pam_krb5 is a a Kerberos v5 PAM module. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-auth/pam_krb5 < 3.12 >= 3.12 Description =========== The following vulnerabilities were discovered: * pam_krb5 does not properly initialize the Kerberos libraries for setuid use (CVE-2009-0360). * Derek Chan reported that calls to pam_setcred() are not properly handled when running setuid (CVE-2009-0361). Impact ====== A local attacker could set an environment variable to point to a specially crafted Kerberos configuration file and launch a PAM-based setuid application to elevate privileges, or change ownership and overwrite arbitrary files. Workaround ========== There is no known workaround at this time. Resolution ========== All pam_krb5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-3.12" References ========== [ 1 ] CVE-2009-0360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 [ 2 ] CVE-2009-0361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-39.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknKs/0ACgkQuhJ+ozIKI5jOHwCaAwO8UYwZpuUSFbW06x0CHksa S9MAnjcv5ikl2dRFVyuG0/TXQZF0y3ER =ACuG -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Analog: Denial of Service Date: March 29, 2009 Bugs: #249140 ID: 200903-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A Denial of Service vulnerability was discovered in Analog. Background ========== Analog is a a webserver log analyzer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/analog < 6.0-r2 >= 6.0-r2 Description =========== Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). Impact ====== A local attacker could place specially crafted log files into a log directory being analyzed by analog, e.g. /var/log/apache, resulting in a crash when being processed by the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Analog users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/analog-6.0-r2" NOTE: Analog is now linked against the system bzip2 library. References ========== [ 1 ] CVE-2008-1372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 [ 2 ] GLSA 200804-02 http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-40.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: gedit: Untrusted search path Date: March 30, 2009 Bugs: #257004 ID: 200903-41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in gedit might allow local attackers to execute arbitrary code. Background ========== gedit is a text editor for the GNOME desktop. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gedit < 2.24.3 *>= 2.22.3-r1 >= 2.24.3 Description =========== James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact ====== A local attacker could entice a user to open gedit from a specially crafted environment, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== Do not run gedit from untrusted working directories. Resolution ========== All gedit 2.22.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.22.3-r1" All gedit 2.24.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.24.3" References ========== [ 1 ] CVE-2008-5983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983 [ 2 ] CVE-2009-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0314 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200903-41.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---