Biztonsági hibát találtak az OpenSC csomagban: hibás kártya inicializáció miatt a privát objektumok PIN kérés nélkül kinyerhetőek az eszközökből, illetve az RSA kulcs generálás rossz publikus exponenst használ. A bind9 dynamic DNS update csomag segítségével DoS-olható, ehhez elég az, ha authoritative egy zónára, nem kell a dinamikus frissítésnek engedélyezve lennie. Integer és buffer overflow hibákat találtak a libtiff rutinkönyvtárban. Több biztonsági hibát is találtak az Adobe Reader és Flash Player termékeiben. Az svndiff kimenetének feldolgozása heap overflow hibát okozhat mind az svn kliensben mind a szerverben. Több heap overflow hibát is találtak a CDF állományokat feldolgozó cdf rutinkönyvtárban. Off-by-one hibát találtak a perl Compress::Raw::Zlib és Compress::Raw::Bzip2 moduljaiban, ami heap buffer overflow-t eredményez. A támadó egy megfelelően preparált állomány segítségével kódot futtathat a rendszeren. A dhcp daemon pedig DoS-olható, amennyiben a dhcp-client-identifier és hardware ethernet opciók is adottak. A DokuWiki hibája miatt a támadó fájlokhoz férhet hozzá, vagy tetszőleges PHP kódot futtathat a rendszeren. A dillo web böngésző integer overflow hibát tartalmaz a PNG állományok feldolgozásában.
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSC: Multiple vulnerabilities Date: August 01, 2009 Bugs: #260514, #269920 ID: 200908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenSC. Background ========== OpenSC provides a set of libraries and utilities to access smart cards. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/opensc < 0.11.8 >= 0.11.8 Description =========== Multiple vulnerabilities were found in OpenSC: * b.badrignans discovered that OpenSC incorrectly initialises private data objects (CVE-2009-0368). * Miquel Comas Marti discovered that src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents (CVE-2009-1603). Impact ====== The first vulnerabilty allows physically proximate attackers to bypass intended PIN requirements and read private data objects. The second vulnerability allows attackers to read the cleartext form of messages that were intended to be encrypted. NOTE: Smart cards which were initialised using an affected version of OpenSC need to be modified or re-initialised. See the vendor's advisory for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.8" References ========== [ 1 ] CVE-2009-0368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368 [ 2 ] CVE-2009-1603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603 [ 3 ] OpenSC Security Advisory http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Denial of Service Date: August 01, 2009 Bugs: #279508 ID: 200908-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Dynamic Update packets can cause a Denial of Service in the BIND daemon. Background ========== ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.4.3_p3 >= 9.4.3_p3 Description =========== Matthias Urlichs reported that the dns_db_findrdataset() function fails when the prerequisite section of the dynamic update message contains a record of type "ANY" and where at least one RRset for this FQDN exists on the server. Impact ====== A remote unauthenticated attacker could send a specially crafted dynamic update message to the BIND daemon (named), leading to a Denial of Service (daemon crash). This vulnerability affects all primary (master) servers -- it is not limited to those that are configured to allow dynamic updates. Workaround ========== Configure a firewall that performs Deep Packet Inspection to prevent nsupdate messages from reaching named. Alternatively, expose only secondary (slave) servers to untrusted networks. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p3" References ========== [ 1 ] CVE-2009-0696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 [ 2 ] ISC advisory https://www.isc.org/node/474 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: User-assisted execution of arbitrary code Date: August 07, 2009 Bugs: #276339, #276988 ID: 200908-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple boundary checking vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Background ========== libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/tiff < 3.8.2-r8 >= 3.8.2-r8 Description =========== Two vulnerabilities have been reported in libTIFF: * wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). * Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). Impact ====== A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r8" References ========== [ 1 ] CVE-2009-2285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285 [ 2 ] CVE-2009-2347 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe products: Multiple vulnerabilities Date: August 07, 2009 Bugs: #278813, #278819 ID: 200908-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow for attacks including the remote execution of arbitrary code. Background ========== Adobe Flash Player is a closed-source playback software for Flash SWF files. Adobe Reader is a closed-source PDF reader that plays Flash content as well. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 10.0.32.18 >= 10.0.32.18 2 app-text/acroread < 9.1.3 >= 9.1.3 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in Adobe Flash Player: * lakehu of Tencent Security Center reported an unspecified memory corruption vulnerability (CVE-2009-1862). * Mike Wroe reported an unspecified vulnerability, related to "privilege escalation" (CVE-2009-1863). * An anonymous researcher through iDefense reported an unspecified heap-based buffer overflow (CVE-2009-1864). * Chen Chen of Venustech reported an unspecified "null pointer vulnerability" (CVE-2009-1865). * Chen Chen of Venustech reported an unspecified stack-based buffer overflow (CVE-2009-1866). * Joran Benker reported that Adobe Flash Player facilitates "clickjacking" attacks (CVE-2009-1867). * Jun Mao of iDefense reported a heap-based buffer overflow, related to URL parsing (CVE-2009-1868). * Roee Hay of IBM Rational Application Security reported an unspecified integer overflow (CVE-2009-1869). * Gareth Heyes and Microsoft Vulnerability Research reported that the sandbox in Adobe Flash Player allows for information disclosure, when "SWFs are saved to the hard drive" (CVE-2009-1870). Impact ====== A remote attacker could entice a user to open a specially crafted PDF file or web site containing Adobe Flash (SWF) contents, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service (application crash). Furthermore, a remote attacker could trick a user into clicking a button on a dialog by supplying a specially crafted SWF file and disclose sensitive information by exploiting a sandbox issue. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.0.32.18" All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.1.3" References ========== [ 1 ] CVE-2009-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862 [ 2 ] CVE-2009-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1863 [ 3 ] CVE-2009-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1864 [ 4 ] CVE-2009-1865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1865 [ 5 ] CVE-2009-1866 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1866 [ 6 ] CVE-2009-1867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1867 [ 7 ] CVE-2009-1868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1868 [ 8 ] CVE-2009-1869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1869 [ 9 ] CVE-2009-1870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1870 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Subversion: Remote execution of arbitrary code Date: August 18, 2009 Bugs: #280494 ID: 200908-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple integer overflows, leading to heap-based buffer overflows in the Subversion client and server might allow remote attackers to execute arbitrary code. Background ========== Subversion is a versioning system designed to be a replacement for CVS. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/subversion < 1.6.4 >= 1.6.4 Description =========== Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Impact ====== A remote attacker with commit access could exploit this vulnerability by sending a specially crafted commit to a Subversion server, or a remote attacker could entice a user to check out or update a repository from a malicious Subversion server, possibly resulting in the execution of arbitrary code with the privileges of the user running the server or client. Workaround ========== There is no known workaround at this time. Resolution ========== All Subversion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-util/subversion-1.6.4 References ========== [ 1 ] CVE-2009-2411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CDF: User-assisted execution of arbitrary code Date: August 18, 2009 Bugs: #278679 ID: 200908-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple heap-based buffer overflows in CDF might result in the execution of arbitrary code. Background ========== CDF is a library for the Common Data Format which is a self-describing data format for the storage and manipulation of scalar and multidimensional data. It is developed by the NASA. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sci-libs/cdf < 3.3.0 >= 3.3.0 Description =========== Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and CDFsel64() functions. Impact ====== A remote attacker could entice a user to open a specially crafted CDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All CDF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sci-libs/cdf-3.3.0 References ========== [ 1 ] CVE-2009-2850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2850 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl Compress::Raw modules: Denial of Service Date: August 18, 2009 Bugs: #273141, #281955 ID: 200908-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service. Background ========== Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level interfaces to the zlib and bzip2 compression libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 perl-core/Compress-Raw-Zlib < 2.020 >= 2.020 2 perl-core/Compress-Raw-Bzip2 < 2.020 >= 2.020 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Leo Bergolth reported an off-by-one error in the inflate() function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow (CVE-2009-1391). Paul Marquess discovered a similar vulnerability in the bzinflate() function in Bzip2.xs of Compress::Raw::Bzip2 (CVE-2009-1884). Impact ====== A remote attacker might entice a user or automated system (for instance running SpamAssassin or AMaViS) to process specially crafted files, possibly resulting in a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Compress::Raw::Zlib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Compress-Raw-Zlib-2.020 All Compress::Raw::Bzip2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Compress-Raw-Bzip2-2.020 References ========== [ 1 ] CVE-2009-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391 [ 2 ] CVE-2009-1884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1884 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ISC DHCP: dhcpd Denial of Service Date: August 18, 2009 Bugs: #275231 ID: 200908-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service. Background ========== ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/dhcp < 3.1.2_p1 >= 3.1.2_p1 Description =========== Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using "dhcp-client-identifier" and "hardware ethernet". Impact ====== A remote attacker might send a specially crafted request to dhcpd, possibly resulting in a Denial of Service (daemon crash). Workaround ========== There is no known workaround at this time. Resolution ========== All ISC DHCP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/dhcp-3.1.2_p1 References ========== [ 1 ] CVE-2009-1892 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: DokuWiki: Local file inclusion Date: August 18, 2009 Bugs: #272431 ID: 200908-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An input sanitation error in DokuWiki might lead to the dislosure of local files or even the remote execution of arbitrary code. Background ========== DokuWiki is a standards compliant Wiki system written in PHP. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/dokuwiki < 2009-02-14b >= 2009-02-14b Description =========== girex reported that data from the "config_cascade" parameter in inc/init.php is not properly sanitized before being used. Impact ====== A remote attacker could exploit this vulnerability to execute PHP code from arbitrary local, or, when the used PHP version supports ftp:// URLs, also from remote files via FTP. Furthermore, it is possible to disclose the contents of local files. NOTE: Successful exploitation requires the PHP option "register_globals" to be enabled. Workaround ========== Disable "register_globals" in php.ini. Resolution ========== All DokuWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/dokuwiki-2009-02-14b References ========== [ 1 ] CVE-2009-1960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1960 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dillo: User-assisted execution of arbitrary code Date: August 18, 2009 Bugs: #276432 ID: 200908-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An integer overflow in the PNG handling of Dillo might result in the remote execution of arbitrary code. Background ========== Dillo is a graphical web browser known for its speed and small footprint. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/dillo < 2.1.1 >= 2.1.1 Description =========== Tilei Wang reported an integer overflow in the Png_datainfo_callback() function, possibly leading to a heap-based buffer overflow. Impact ====== A remote attacker could entice a user to open an HTML document containing a specially crafted, large PNG image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Dillo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/dillo-2.1.1 References ========== [ 1 ] CVE-2009-2294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2294 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5Attachment: signature.asc
Description: PGP signature
--- End Message ---