Az OpenSC-vel inicializált smartcard-ok nem megfelelően védik a PIN kódot, a támadó könnyen törölheti. Az Archive::Tar perl modul directory traversal hibát tartalmaz. Buffer overflow hibákat találtak a cups imagetops, texttops, HPGL valamint a PNG szűrőjében. A honeyd test.sh script-je nem megfelelő módon kezeli az átmeneti állományokat. Az OpenOffice.org WMF és EMF formátum felolvasója buffer overflow hibákat tartalmaz, valamint nem megfelelő módon kezeli az átmeneti állományokat. Az aview kockázatos módon kezli az átmeneti állományokat. A POV-Ray a libpng rutinkönyvtár egy hibás verzióját tartalmazza, ami több buffer overflow hibát is tartalmaz. Több biztonsági hibát (hibás acl kezelés, mindenki számára olvasható konfigurációs állomány, DoS lehetőség sérült levélfejlécek esetén) is találtak a dovecot pop3/imap szerverben. Több biztonsági hibát is találtak a ruby beépített web szerverében valamint az XML feldolgozójában. A jasper jpeg2k codec integer és stack buffer overflow hibákat tartalmaz. Két biztonsági hibát is találtak a PowerDNS szerverben. Az első egy DoS lehetőség a HINFO CH kérés feldolgozása közben, míg a második egy protokoll hiba, amivel a őt kérdező kliensek és szerverek elleni spoof támadás lehet hatékonyabb. Több biztonsági hibát (shell, SQL és PHP parancsok befecskendezése) is találtak a phpCollab csomagban. Off by one buffer overflow hibát találtak a ClamAV VBA állomány feldolgozójában, valamint végtelen ciklust a JPEG elemzőben. Az ampache kockázatos módon kezeli az átmeneti állományokat. Az imlib2 csomag heap buffer overflow hibát tartalmaz az XPM állományok feldolgozásakor. Több stack buffer overflow, valamint integer overflow hibát is találtak a vlc lejátszó CUE, RT és RM állomány feldolgozóiban. Több buffer overflow hibát is találtak az ndiswrapper csomagban. Buffer overflow, kockázatos átmeneti állomány kezelési, fájl törlési valamint rossz shell metakarakter védelmi hibát találtak a jhead programban. Biztonsági hibákat találtak a pdns programban ami cache poisoning-hoz vagy spoofing-hoz vezetnek. A dbus daemon aláírás ellenőrző algoritmusa DoS-olható. Több buffer overflow hibát találtak a streamripper csomag HTTP fejléc valamint playlist feldolgozásában. Buffer overflow hibát találtak a Tremulous FPS játékban. Stack buffer overflow hibákat az STR és TwinVQ, és integer overflow hibát találtak az mplayer RM állomány feldolgozójában. Azonosítás kikerülési hibát, SQL injection-t, valamint XSS-t találtak az online-bookmarks csomagban. Több biztonsági hibát is találtak az Adobe Reader programban: buffer overflow hiba a util.printf javascript függvényben, buffer túlírás a type 1 karakterkészletek kezelésében, nem megfelelő keresési útvonal kezelés, heap overflow hiba az AcroJS függvényben, valamint egyéb nem részletezett hibák. A támadó egy megfelelően preparált PDF állomány segítségével kódot futtathat az olvasó rendszerén. A GnuTLS tévesen helyesnek fogad el olyan certificate láncokat, amik utolsó tagja self signed. DoS hibát találtak az avahi daemon-ban. Buffer overflow hibát találtak a no-ip dinamikus dns kliens HTTP feldolgozójában. Több biztonsági hibát (integer overflow, felszabadítás utáni memóriaterület használatot, méretellenőrzés nélküli letöltést, valamint rossz SSL certificate ellenőrzést) is találtak a Pidgin csomagban (volt Gaim). A Scilab csomag scilink, scidoc és scidem script-jei kockázatos módon kezelik az átmeneti állományokat. Integer overflow hibát találtak a net-snmp csomagban.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSC: Insufficient protection of smart card PIN Date: December 10, 2008 Bugs: #233543 ID: 200812-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it. Background ========== OpenSC is a smart card application that allows reading and writing via PKCS#11. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/opensc < 0.11.6 >= 0.11.6 Description =========== Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Impact ====== A physically proximate attacker can exploit this vulnerability to change the PIN on a smart card and use it for authentication, leading to privilege escalation. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSC users should upgrade to the latest version, and then check and update their smart cards: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.6" # pkcs15-tool --test-update # pkcs15-tool --test-update --update References ========== [ 1 ] CVE-2008-2235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Archive::Tar: Directory traversal vulnerability Date: December 10, 2008 Bugs: #192989 ID: 200812-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A directory traversal vulnerability has been discovered in Archive::Tar. Background ========== Archive::Tar is a Perl module for creation and manipulation of tar files. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 perl-core/Archive-Tar < 1.40 >= 1.40 Description =========== Jonathan Smith of rPath reported that Archive::Tar does not check for ".." in file names. Impact ====== A remote attacker could entice a user or automated system to extract a specially crafted tar archive, overwriting files at arbitrary locations outside of the specified directory. Workaround ========== There is no known workaround at this time. Resolution ========== All Archive::Tar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=perl-core/Archive-Tar-1.40" References ========== [ 1 ] CVE-2007-4829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4829 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: December 10, 2008 Bugs: #238976, #249727 ID: 200812-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Background ========== CUPS is the Common Unix Printing System. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.3.9-r1 >= 1.3.9-r1 Description =========== Several buffer overflows were found in: * The read_rle16 function in imagetops (CVE-2008-3639, found by regenrecht, reported via ZDI) * The WriteProlog function in texttops (CVE-2008-3640, found by regenrecht, reported via ZDI) * The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641, found by regenrecht, reported via iDefense) * The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs) Impact ====== A remote attacker could send specially crafted input to a vulnerable server, resulting in the remote execution of arbitrary code with the privileges of the user running the server. Workaround ========== None this time. Resolution ========== All CUPS users should upgrade to the latest version. # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1" References ========== [ 1 ] CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 [ 2 ] CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 [ 3 ] CVE-2008-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 [ 4 ] CVE-2008-5286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Honeyd: Insecure temporary file creation Date: December 12, 2008 Bugs: #237481 ID: 200812-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage has been reported in Honeyd, possibly leading to symlink attacks. Background ========== Honeyd is a small daemon that creates virtual hosts on a network. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/honeyd < 1.5c-r1 >= 1.5c-r1 Description =========== Dmitry E. Oboukhov reported an insecure temporary file usage within the "test.sh" script. Impact ====== A local attacker could perform symlink attacks and overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Honeyd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/honeyd-1.5c-r1" References ========== [ 1 ] CVE-2008-3928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3928 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Multiple vulnerabilities Date: December 12, 2008 Bugs: #235824, #244995 ID: 200812-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in OpenOffice.org might allow for user-assisted execution of arbitrary code or symlink attacks. Background ========== OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/openoffice < 3.0.0 >= 3.0.0 2 app-office/openoffice-bin < 3.0.0 >= 3.0.0 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Two heap-based buffer overflows when processing WMF files (CVE-2008-2237) and EMF files (CVE-2008-2238) were discovered. Dmitry E. Oboukhov also reported an insecure temporary file usage within the senddoc script (CVE-2008-4937). Impact ====== A remote attacker could entice a user to open a specially crafted document, resulting in the remote execution of arbitrary code. A local attacker could perform symlink attacks to overwrite arbitrary files on the system. Both cases happen with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-3.0.0" All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-3.0.0" References ========== [ 1 ] CVE-2008-2237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2237 [ 2 ] CVE-2008-2238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2238 [ 3 ] CVE-2008-4937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4937 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: aview: Insecure temporary file usage Date: December 14, 2008 Bugs: #235808 ID: 200812-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage has been reported in aview, leading to symlink attacks. Background ========== aview is an ASCII image viewer and animation player. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/aview < 1.3.0_rc1-r1 >= 1.3.0_rc1-r1 Description =========== Dmitry E. Oboukhov reported that aview uses the "/tmp/aview$$.pgm" file in an insecure manner when processing files. Impact ====== A local attacker could perform symlink attacks to overwrite arbitrary files on the system with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All aview users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/aview-1.3.0_rc1-r1" References ========== [ 1 ] CVE-2008-4935 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4935 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: POV-Ray: User-assisted execution of arbitrary code Date: December 14, 2008 Bugs: #153538 ID: 200812-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== POV-Ray includes a version of libpng that might allow for the execution of arbitrary code when reading a specially crafted PNG file Background ========== POV-Ray is a well known open-source ray tracer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/povray < 3.6.1-r4 >= 3.6.1-r4 Description =========== POV-Ray uses a statically linked copy of libpng to view and output PNG files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in POV-Ray's build system caused it to load the old version when your installed copy of libpng was >=media-libs/libpng-1.2.10. Impact ====== An attacker could entice a user to load a specially crafted PNG file as a texture, resulting in the execution of arbitrary code with the permissions of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All POV-Ray users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/povray-3.6.1-r4" References ========== [ 1 ] CVE-2004-0768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0768 [ 2 ] CVE-2006-0481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0481 [ 3 ] CVE-2006-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334 [ 4 ] CVE-2008-1382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 [ 5 ] CVE-2008-3964 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dovecot: Multiple vulnerabilities Date: December 14, 2008 Bugs: #240409, #244962, #245316 ID: 200812-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in the Dovecot mailserver. Background ========== Dovecot is an IMAP and POP3 server written with security primarily in mind. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/dovecot < 1.1.7-r1 >= 1.1.7-r1 Description =========== Several vulnerabilities were found in Dovecot: * The "k" right in the acl_plugin does not work as expected (CVE-2008-4577, CVE-2008-4578) * The dovecot.conf is world-readable, providing improper protection for the ssl_key_password setting (CVE-2008-4870) * A permanent Denial of Service with broken mail headers is possible (CVE-2008-4907) Impact ====== These vulnerabilities might allow a remote attacker to cause a Denial of Service, to circumvent security restrictions or allow local attackers to disclose the passphrase of the SSL private key. Workaround ========== There is no known workaround at this time. Resolution ========== All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.1.7-r1" Users should be aware that dovecot.conf will still be world-readable after the update. If employing ssl_key_password, it should not be used in dovecot.conf but in a separate file which should be included with "include_try". References ========== [ 1 ] CVE-2008-4577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577 [ 2 ] CVE-2008-4578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578 [ 3 ] CVE-2008-4870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4870 [ 4 ] CVE-2008-4907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4907 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Multiple vulnerabilities Date: December 16, 2008 Bugs: #225465, #236060 ID: 200812-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. Background ========== Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server ("WEBRick") and a class for XML parsing ("REXML"). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/ruby < 1.8.6_p287-r1 >= 1.8.6_p287-r1 Description =========== Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: * Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662). * Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663). * Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664). * Memory corruption ("REALLOC_N") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725). * Memory corruption ("beg + rlen") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726). Furthermore, several other vulnerabilities have been reported: * Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447). * Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376). * Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655). * Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656). * A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by "sheepman" (CVE-2008-3657). * Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905). * Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790). Impact ====== These vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion. Workaround ========== There is no known workaround at this time. Resolution ========== All Ruby users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1" References ========== [ 1 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [ 2 ] CVE-2008-2376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 [ 3 ] CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 [ 4 ] CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 [ 5 ] CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 [ 6 ] CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 [ 7 ] CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 [ 8 ] CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 [ 9 ] CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 [ 10 ] CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 [ 11 ] CVE-2008-3790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 [ 12 ] CVE-2008-3905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: JasPer: User-assisted execution of arbitrary code Date: December 16, 2008 Bugs: #222819 ID: 200812-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple memory management errors in JasPer might lead to execution of arbitrary code via jpeg2k files. Background ========== The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 (jpeg2k) standard. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/jasper < 1.900.1-r3 >= 1.900.1-r3 Description =========== Marc Espie and Christian Weisgerber have discovered multiple vulnerabilities in JasPer: * Multiple integer overflows might allow for insufficient memory allocation, leading to heap-based buffer overflows (CVE-2008-3520). * The jas_stream_printf() function in libjasper/base/jas_stream.c uses vsprintf() to write user-provided data to a static to a buffer, leading to an overflow (CVE-2008-3522). Impact ====== Remote attackers could entice a user or automated system to process specially crafted jpeg2k files with an application using JasPer, possibly leading to the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All JasPer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r3" References ========== [ 1 ] CVE-2008-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 [ 2 ] CVE-2008-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PowerDNS: Multiple vulnerabilities Date: December 19, 2008 Bugs: #234032, #247079 ID: 200812-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities have been discovered in PowerDNS, possibly leading to a Denial of Service and easing cache poisoning attacks. Background ========== The PowerDNS Nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/pdns < 2.9.21.2 >= 2.9.21.2 Description =========== Daniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). Brian J. Dowling of Simplicity Communications discovered a previously unknown security implication of the PowerDNS behavior to not respond to certain queries it considers malformed (CVE-2008-3337). Impact ====== A remote attacker could send specially crafted queries to cause a Denial of Service. The second vulnerability in itself does not pose a security risk to PowerDNS Nameserver. However, not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window on third-party nameservers for domains being hosted by PowerDNS Nameserver itself. Workaround ========== There is no known workaround at this time. Resolution ========== All PowerDNS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/pdns-2.9.21.2" References ========== [ 1 ] CVE-2008-3337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337 [ 2 ] CVE-2008-5277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5277 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: phpCollab: Multiple vulnerabilities Date: December 21, 2008 Bugs: #235052 ID: 200812-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in phpCollab allowing for remote injection of shell commands, PHP code and SQL statements. Background ========== phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/phpcollab <= 2.5_rc3 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description =========== Multiple vulnerabilities have been found in phpCollab: * rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used in an SQL statement (CVE-2006-1495). * Christian Hoffmann of Gentoo Security discovered multiple vulnerabilites where input is insufficiently sanitized before being used in an SQL statement, for instance in general/login.php via the loginForm parameter. (CVE-2008-4303). * Christian Hoffmann also found out that the variable $SSL_CLIENT_CERT in general/login.php is not properly sanitized before being used in a shell command. (CVE-2008-4304). * User-supplied data to installation/setup.php is not checked before being written to include/settings.php which is executed later. This issue was reported by Christian Hoffmann as well (CVE-2008-4305). Impact ====== These vulnerabilities enable remote attackers to execute arbitrary SQL statements and PHP code. NOTE: Some of the SQL injection vulnerabilities require the php.ini option "magic_quotes_gpc" to be disabled. Furthermore, an attacker might be able to execute arbitrary shell commands if "register_globals" is enabled, "magic_quotes_gpc" is disabled, the PHP OpenSSL extension is not installed or loaded and the file "installation/setup.php" has not been deleted after installation. Workaround ========== There is no known workaround at this time. Resolution ========== phpCollab has been removed from the Portage tree. We recommend that users unmerge phpCollab: # emerge --unmerge "www-apps/phpcollab" References ========== [ 1 ] CVE-2006-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1495 [ 2 ] CVE-2008-4303 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4303 [ 3 ] CVE-2008-4304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4304 [ 4 ] CVE-2008-4305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4305 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ClamAV: Multiple vulnerabilities Date: December 23, 2008 Bugs: #245450, #249833 ID: 200812-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Background ========== Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/clamav < 0.94.2 >= 0.94.2 Description =========== Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Impact ====== A remote attacker could send a specially crafted VBA or JPEG file to the clamd daemon, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94.2" References ========== [ 1 ] CVE-2008-5050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050 [ 2 ] CVE-2008-5314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-21.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ampache: Insecure temporary file usage Date: December 23, 2008 Bugs: #237483 ID: 200812-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. Background ========== Ampache is a PHP based tool for managing, updating and playing audio files via a web interface. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/ampache < 3.4.3 >= 3.4.3 Description =========== Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Impact ====== A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Ampache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/ampache-3.4.3" References ========== [ 1 ] CVE-2008-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3929 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-22.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Imlib2: User-assisted execution of arbitrary code Date: December 23, 2008 Bugs: #248057 ID: 200812-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability has been discovered in Imlib2. Background ========== Imlib2 is replacement library from the Enlightenment project for libraries like libXpm. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/imlib2 < 1.4.2-r1 >= 1.4.2-r1 Description =========== Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load() function of the XPM image loader. Impact ====== A remote attacker could entice a user to process a specially crafted XPM image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Imlib2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.4.2-r1" References ========== [ 1 ] CVE-2008-5187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-23.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: Multiple vulnerabilities Date: December 24, 2008 Bugs: #245774, #249391 ID: 200812-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Background ========== VLC is a cross-platform media player and streaming server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/vlc < 0.9.8a >= 0.9.8a Description =========== Tobias Klein reported the following vulnerabilities: * A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032). * A stack-based buffer overflow when processing RealText (.rt) subtitle files in the ParseRealText() function in modules/demux/subtitle.c (CVE-2008-5036). * An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin, leading to a heap-based buffer overflow (CVE-2008-5276). Impact ====== A remote attacker could entice a user to open a specially crafted CUE image file, RealMedia file or RealText subtitle file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/vlc-0.9.8a" References ========== [ 1 ] CVE-2008-5032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032 [ 2 ] CVE-2008-5036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036 [ 3 ] CVE-2008-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: NDISwrapper: Arbitrary remote code execution Date: January 11, 2009 Bugs: #239371 ID: 200901-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflows might lead to remote execution of arbitrary code with root privileges. Background ========== NDISwrapper is a Linux kernel module that enables the use of Microsoft Windows drivers for wireless network devices. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/ndiswrapper < 1.53-r1 >= 1.53-r1 Description =========== Anders Kaseorg reported multiple buffer overflows related to long ESSIDs. Impact ====== A physically proximate attacker could send packets over a wireless network that might lead to the execution of arbitrary code with root privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All NDISwrapper users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/ndiswrapper-1.53-r1" References ========== [ 1 ] CVE-2008-4395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4395 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: JHead: Multiple vulnerabilities Date: January 11, 2009 Bugs: #242702, #243238 ID: 200901-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss. Background ========== JHead is an exif jpeg header manipulation tool. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/jhead < 2.84-r1 >= 2.84-r1 Description =========== Marc Merlin and John Dong reported multiple vulnerabilities in JHead: * A buffer overflow in the DoCommand() function when processing the cmd argument and related to potential string overflows (CVE-2008-4575). * An insecure creation of a temporary file (CVE-2008-4639). * A error when unlinking a file (CVE-2008-4640). * Insufficient escaping of shell metacharacters (CVE-2008-4641). Impact ====== A remote attacker could possibly execute arbitrary code by enticing a user or automated system to open a file with a long filename or via unspecified vectors. It is also possible to trick a user into deleting or overwriting files. Workaround ========== There is no known workaround at this time. Resolution ========== All JHead users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/jhead-2.84-r1" References ========== [ 1 ] CVE-2008-4575 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4575 [ 2 ] CVE-2008-4639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4639 [ 3 ] CVE-2008-4640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640 [ 4 ] CVE-2008-4641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: pdnsd: Denial of Service and cache poisoning Date: January 11, 2009 Bugs: #231285 ID: 200901-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two errors in pdnsd allow for Denial of Service and cache poisoning. Background ========== pdnsd is a proxy DNS server with permanent caching that is designed to cope with unreachable DNS servers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/pdnsd < 1.2.7 >= 1.2.7 Description =========== Two issues have been reported in pdnsd: * The p_exec_query() function in src/dns_query.c does not properly handle many entries in the answer section of a DNS reply, related to a "dangling pointer bug" (CVE-2008-4194). * The default value for query_port_start was set to 0, disabling UDP source port randomization for outgoing queries (CVE-2008-1447). Impact ====== An attacker could exploit the second weakness to poison the cache of pdnsd and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. The first issue can be exploited by enticing pdnsd to send a query to a malicious DNS server, or using the port randomization weakness, and might lead to a Denial of Service. Workaround ========== Port randomization can be enabled by setting the "query_port_start" option to 1024 which would resolve the CVE-2008-1447 issue. Resolution ========== All pdnsd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/pdnsd-1.2.7" References ========== [ 1 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [ 2 ] CVE-2008-4194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4194 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: D-Bus: Denial of Service Date: January 11, 2009 Bugs: #240308 ID: 200901-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error condition can cause D-Bus to crash. Background ========== D-Bus is a daemon providing a framework for applications to communicate with one another. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/dbus < 1.2.3-r1 >= 1.2.3-r1 Description =========== schelte reported that the dbus_signature_validate() function can trigger a failed assertion when processing a message containing a malformed signature. Impact ====== A local user could send a specially crafted message to the D-Bus daemon, leading to a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All D-Bus users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.2.3-r1" References ========== [ 1 ] CVE-2008-3834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Streamripper: Multiple vulnerabilities Date: January 11, 2009 Bugs: #249039 ID: 200901-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflows have been discovered in Streamripper, allowing for user-assisted execution of arbitrary code. Background ========== Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/streamripper < 1.64.0 >= 1.64.0 Description =========== Stefan Cornelius from Secunia Research reported multiple buffer overflows in the http_parse_sc_header(), http_get_pls() and http_get_m3u() functions in lib/http.c when parsing overly long HTTP headers, or pls and m3u playlists with overly long entries. Impact ====== A remote attacker could entice a user to connect to a malicious server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Streamripper users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.64.0" References ========== [ 1 ] CVE-2008-4829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4829 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tremulous: User-assisted execution of arbitrary code Date: January 11, 2009 Bugs: #222119 ID: 200901-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability has been discovered in Tremulous. Background ========== Tremulous is a team-based First Person Shooter game. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-fps/tremulous < 1.1.0-r2 >= 1.1.0-r2 2 games-fps/tremulous-bin < 1.1.0 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== It has been reported that Tremulous includes a vulnerable version of the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236). Impact ====== A remote attacker could entice a user to connect to a malicious games server, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== Tremulous users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=games-fps/tremulous-1.1.0-r2" Note: The binary version of Tremulous has been removed from the Portage tree. References ========== [ 1 ] CVE-2006-2236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2236 [ 2 ] GLSA 200605-12 http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Multiple vulnerabilities Date: January 12, 2009 Updated: January 12, 2009 Bugs: #231836, #239130, #251017 ID: 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Background ========== MPlayer is a media player including support for a wide range of audio and video formats. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mplayer < 1.0_rc2_p28058-r1 >= 1.0_rc2_p28058-r1 Description =========== Multiple vulnerabilities have been reported in MPlayer: * A stack-based buffer overflow was found in the str_read_packet() function in libavformat/psxstr.c when processing crafted STR files that interleave audio and video sectors (CVE-2008-3162). * Felipe Andres Manzano reported multiple integer underflows in the demux_real_fill_buffer() function in demux_real.c when processing crafted Real Media files that cause the stream_read() function to read or write arbitrary memory (CVE-2008-3827). * Tobias Klein reported a stack-based buffer overflow in the demux_open_vqf() function in libmpdemux/demux_vqf.c when processing malformed TwinVQ files (CVE-2008-5616). Impact ====== A remote attacker could entice a user to open a specially crafted STR, Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p28058-r1 " References ========== [ 1 ] CVE-2008-3162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162 [ 2 ] CVE-2008-3827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3827 [ 3 ] CVE-2008-5616 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Online-Bookmarks: Multiple vulnerabilities Date: January 12, 2009 Bugs: #235053 ID: 200901-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Online-Bookmarks. Background ========== Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/online-bookmarks < 0.6.28 >= 0.6.28 Description =========== The following vulnerabilities were reported: * Authentication bypass when directly requesting certain pages (CVE-2004-2155). * Insufficient input validation in the login function in auth.inc (CVE-2006-6358). * Unspecified cross-site scripting vulnerability (CVE-2006-6359). Impact ====== A remote attacker could exploit these vulnerabilities to bypass authentication mechanisms, execute arbitrary SQL statements or inject arbitrary web scripts. Workaround ========== There is no known workaround at this time. Resolution ========== All Online-Bookmarks users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/online-bookmarks-0.6.28" References ========== [ 1 ] CVE-2004-2155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2155 [ 2 ] CVE-2006-6358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6358 [ 3 ] CVE-2006-6359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6359 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: January 13, 2009 Bugs: #225483 ID: 200901-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Adobe Reader is vulnerable to execution of arbitrary code. Background ========== Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 8.1.3 >= 8.1.3 Description =========== * An unspecified vulnerability can be triggered by a malformed PDF document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549). * Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg MacManus reported a stack-based buffer overflow in the util.printf JavaScript function that incorrectly handles the format string argument (CVE-2008-2992). * Greg MacManus of iDefense Labs reported an array index error that can be leveraged for an out-of-bounds write, related to parsing of Type 1 fonts (CVE-2008-4812). * Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day Initiative, reported multiple unspecified memory corruption vulnerabilities (CVE-2008-4813). * Thomas Garnier of SkyRecon Systems reported an unspecified vulnerability in a JavaScript method, related to an "input validation issue" (CVE-2008-4814). * Josh Bressers of Red Hat reported an untrusted search path vulnerability (CVE-2008-4815). * Peter Vreugdenhil reported through iDefense that the Download Manager can trigger a heap corruption via calls to the AcroJS function (CVE-2008-4817). Impact ====== A remote attacker could entice a user to open a specially crafted PDF document, and local attackers could entice a user to run acroread from an untrusted working directory. Both might result in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.3" References ========== [ 1 ] CVE-2008-2549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549 [ 2 ] CVE-2008-2992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992 [ 3 ] CVE-2008-4812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812 [ 4 ] CVE-2008-4813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813 [ 5 ] CVE-2008-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814 [ 6 ] CVE-2008-4815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815 [ 7 ] CVE-2008-4817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message --------BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ Severity: Normal ~ Title: GnuTLS: Certificate validation error ~ Date: January 14, 2009 ~ Bugs: #245850 ~ ID: 200901-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A certificate validation error in GnuTLS might allow for spoofing attacks. Background ========== GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0. Affected packages ================= ~ ------------------------------------------------------------------- ~ Package / Vulnerable / Unaffected ~ ------------------------------------------------------------------- ~ 1 net-libs/gnutls < 2.4.1-r2 >= 2.4.1-r2 Description =========== Martin von Gagern reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate. Impact ====== A remote attacker could exploit this vulnerability and spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All GnuTLS users should upgrade to the latest version: ~ # emerge --sync ~ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.4.1-r2" References ========== ~ [ 1 ] CVE-2008-4989 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: ~ http://security.gentoo.org/glsa/glsa-200901-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklua+gACgkQuhJ+ozIKI5g1tgCeOEvV3MYts1IzizHmO2PMPtlo jdcAn3Vv3VNJ2TKSHE0FyPS7hBrsIcdv =ySwo -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Avahi: Denial of Service Date: January 14, 2009 Bugs: #250913 ID: 200901-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A Denial of Service vulnerability has been discovered in Avahi. Background ========== Avahi is a system that facilitates service discovery on a local network. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/avahi < 0.6.24 >= 0.6.24 Description =========== Hugo Dias reported a failed assertion in the originates_from_local_legacy_unicast_socket() function in avahi-core/server.c when processing mDNS packets with a source port of 0. Impact ====== A remote attacker could send specially crafted packets to the daemon, leading to its crash. Workaround ========== There is no known workaround at this time. Resolution ========== All Avahi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.24" References ========== [ 1 ] CVE-2008-5081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5081 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: noip-updater: Execution of arbitrary code Date: January 18, 2009 Bugs: #248709 ID: 200901-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in noip-updater can lead to arbitrary code execution. Background ========== noip-updater is a tool used for updating IP addresses of dynamic DNS records at no-ip.com. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/noip-updater < 2.1.9 >= 2.1.9 Description =========== xenomuta found out that the GetNextLine() function in noip2.c misses a length check, leading to a stack-based buffer overflow. Impact ====== A remote attacker could exploit this vulnerability to execute arbitrary code by sending a specially crafted HTTP message to the client. NOTE: Successful exploitation requires a man in the middle attack, a DNS spoofing attack or a compromise of no-ip.com servers. Workaround ========== There is no known workaround at this time. Resolution ========== All noip-updater users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/noip-updater-2.1.9" References ========== [ 1 ] CVE-2008-5297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5297 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Pidgin: Multiple vulnerabilities Date: January 20, 2009 Bugs: #230045, #234135 ID: 200901-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, Denial of Service and service spoofing. Background ========== Pidgin (formerly Gaim) is an instant messaging client for a variety of instant messaging protocols. It is based on the libpurple instant messaging library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/pidgin < 2.5.1 >= 2.5.1 Description =========== Multiple vulnerabilities have been discovered in Pidgin and the libpurple library: * A participant to the TippingPoint ZDI reported multiple integer overflows in the msn_slplink_process_msg() function in the MSN protocol implementation (CVE-2008-2927). * Juan Pablo Lopez Yacubian is credited for reporting a use-after-free flaw in msn_slplink_process_msg() in the MSN protocol implementation (CVE-2008-2955). * The included UPnP server does not limit the size of data to be downloaded for UPnP service discovery, according to a report by Andrew Hunt and Christian Grothoff (CVE-2008-2957). * Josh Triplett discovered that the NSS plugin for libpurple does not properly verify SSL certificates (CVE-2008-3532). Impact ====== A remote attacker could send specially crafted messages or files using the MSN protocol which could result in the execution of arbitrary code or crash Pidgin. NOTE: Successful exploitation might require the victim's interaction. Furthermore, an attacker could conduct man-in-the-middle attacks to obtain sensitive information using bad certificates and cause memory and disk resources to exhaust. Workaround ========== There is no known workaround at this time. Resolution ========== All Pidgin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.1" References ========== [ 1 ] CVE-2008-2927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927 [ 2 ] CVE-2008-2955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955 [ 3 ] CVE-2008-2957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957 [ 4 ] CVE-2008-3532 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Scilab: Insecure temporary file usage Date: January 21, 2009 Bugs: #245922 ID: 200901-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage has been reported in Scilab, allowing for symlink attacks. Background ========== Scilab is a scientific software package for numerical computations. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sci-mathematics/scilab < 4.1.2-r1 >= 4.1.2-r1 Description =========== Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Impact ====== A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Scilab users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sci-mathematics/scilab-4.1.2-r1" References ========== [ 1 ] CVE-2008-4983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Net-SNMP: Denial of Service Date: January 21, 2009 Bugs: #245306 ID: 200901-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in Net-SNMP could lead to a Denial of Service. Background ========== Net-SNMP is a collection of tools for generating and retrieving SNMP data. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/net-snmp < 5.4.2.1 >= 5.4.2.1 Description =========== Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Impact ====== A remote attacker could send a specially crafted request to crash the SNMP server. NOTE: The attacker needs to know the community string to exploit this vulnerability. Workaround ========== Restrict access to trusted entities only. Resolution ========== All Net-SNMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1" References ========== [ 1 ] CVE-2008-4309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---