GLSA 200508-10: Kismet: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A Kismet security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Kismet: Multiple vulnerabilities
Date: August 19, 2005
Bugs: #102702
ID: 200508-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Kismet is vulnerable to multiple issues potentially resulting in the execution of arbitrary code.

GLSA 200508-09 bluez-utils

Gentoo 2503 Published by Philipp Esselbach 0

A bluez-utils security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: bluez-utils: Bluetooth device name validation vulnerability
Date: August 17, 2005
Bugs: #101557
ID: 200508-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Improper validation of Bluetooth device names can lead to arbitrary command execution.

GLSA 200508-05: Heartbeat: Insecure temporary file creation

Gentoo 2503 Published by Philipp Esselbach 0

A Heartbeat security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Heartbeat: Insecure temporary file creation
Date: August 07, 2005
Bugs: #97175
ID: 200508-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200508-04: Netpbm: Arbitrary code execution in pstopnm

Gentoo 2503 Published by Philipp Esselbach 0

A Netpbm update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Netpbm: Arbitrary code execution in pstopnm
Date: August 05, 2005
Bugs: #100398
ID: 200508-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The pstopnm utility, part of the Netpbm tools, contains a vulnerability which can potentially result in the execution of arbitrary code.

GLSA 200508-03: nbSMTP: Format string vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A nbSMTP security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: nbSMTP: Format string vulnerability
Date: August 02, 2005
Bugs: #100274
ID: 200508-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

nbSMTP is vulnerable to a format string vulnerability which may result in remote execution of arbitrary code.

GLSA 200508-02: ProFTPD: Format string vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A ProFTPD security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ProFTPD: Format string vulnerabilities
Date: August 01, 2005
Bugs: #100364
ID: 200508-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Under specific circumstances, ProFTPD is vulnerable to format string vulnerabilities, potentially resulting in the execution of arbitrary code.

GLSA 200508-01: Compress::Zlib: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A Compress::Zlib security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Compress::Zlib: Buffer overflow
Date: August 01, 2005
Bugs: #100540
ID: 200508-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Compress::Zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.

GLSA 200507-29: pstotext: Remote execution of arbitrary code

Gentoo 2503 Published by Philipp Esselbach 0

A pstotext update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: pstotext: Remote execution of arbitrary code
Date: July 31, 2005
Bugs: #100245
ID: 200507-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

pstotext contains a vulnerability which can potentially result in the execution of arbitrary code.

GLSA 200507-28: AMD64 x86 emulation base libraries: Buffer

Gentoo 2503 Published by Philipp Esselbach 0

An AMD64 x86 emulation base libraries security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: AMD64 x86 emulation base libraries: Buffer overflow
Date: July 30, 2005
Bugs: #100686
ID: 200507-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The x86 emulation base libraries for AMD64 contain a vulnerable version of zlib which could potentially lead to execution of arbitrary code.

GLSA 200507-27: Ethereal: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

An Ethereal update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: July 28, 2005
Bugs: #100316
ID: 200507-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination.

GLSA 200507-26: GNU Gadu, CenterICQ, Kadu, EKG, libgadu

Gentoo 2503 Published by Philipp Esselbach 0

A Gadu library security update is available for Debian GNU/Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code
execution in Gadu library
Date: July 27, 2005
Bugs: #99816, #99890, #99583
ID: 200507-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow which could potentially lead to the execution of arbitrary code or a Denial of Service.

GLSA 200507-25: Clam AntiVirus: Integer overflows

Gentoo 2503 Published by Philipp Esselbach 0

A Clam AntiVirus update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Clam AntiVirus: Integer overflows
Date: July 26, 2005
Bugs: #100178
ID: 200507-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Clam AntiVirus is vulnerable to integer overflows when handling several file formats, potentially resulting in the execution of arbitrary code.

GLSA 200507-24: Mozilla Suite: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A Mozilla Suite security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Suite: Multiple vulnerabilities
Date: July 26, 2005
Bugs: #98846
ID: 200507-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to information leakage.

GLSA 200507-23: Kopete: Vulnerability in included Gadu library

Gentoo 2503 Published by Philipp Esselbach 0

A Koperte update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Kopete: Vulnerability in included Gadu library
Date: July 25, 2005
Bugs: #99754
ID: 200507-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.

GLSA 200507-21: fetchmail: Buffer Overflow

Gentoo 2503 Published by Philipp Esselbach 0

A fetchmail update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: fetchmail: Buffer Overflow
Date: July 25, 2005
Bugs: #99865
ID: 200507-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

fetchmail is susceptible to a buffer overflow resulting in a Denial of Service or arbitrary code execution.

GLSA 200507-20: Shorewall: Security policy bypass

Gentoo 2503 Published by Philipp Esselbach 0

A Shorewall update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Shorewall: Security policy bypass
Date: July 22, 2005
Bugs: #99398
ID: 200507-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules.

GLSA 200507-19: zlib: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A zlib security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: zlib: Buffer overflow
Date: July 22, 2005
Bugs: #99751
ID: 200507-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.

GLSA 200507-18: MediaWiki: Cross-site scripting vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A MediaWiki security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: MediaWiki: Cross-site scripting vulnerability
Date: July 20, 2005
Bugs: #99132
ID: 200507-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.

GLSA 200507-17: Mozilla Thunderbird

Gentoo 2503 Published by Philipp Esselbach 0

New Mozilla Thunderbird packages are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: July 18, 2005
Bugs: #98855
ID: 200507-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leak.

GLSA 200507-16: dhcpcd: Denial of Service vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A dhcpcd update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: dhcpcd: Denial of Service vulnerability
Date: July 15, 2005
Bugs: #98394
ID: 200507-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.

GLSA 200507-15: PHP: Script injection through XML-RPC

Gentoo 2503 Published by Philipp Esselbach 0

A PHP security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PHP: Script injection through XML-RPC
Date: July 15, 2005
Bugs: #97655
ID: 200507-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

PHP includes an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.

GLSA 200507-14: Mozilla Firefox: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A Mozilla Firefox security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: July 15, 2005
Bugs: #95199
ID: 200507-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leak.

GLSA 200507-13: pam_ldap and nss_ldap: Plain text authentic

Gentoo 2503 Published by Philipp Esselbach 0

A pam_ldap and nss_ldap security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: pam_ldap and nss_ldap: Plain text authentication leak
Date: July 14, 2005
Bugs: #96767
ID: 200507-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

pam_ldap and nss_ldap fail to restart TLS when following a referral, possibly leading to credentials being sent in plain text.

GLSA 200507-12: Bugzilla: Unauthorized access and information

Gentoo 2503 Published by Philipp Esselbach 0

A Bugzilla security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Bugzilla: Unauthorized access and information disclosure
Date: July 13, 2005
Bugs: #98348
ID: 200507-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities in Bugzilla could allow remote users to modify bug flags or gain sensitive information.

GLSA 200507-11: MIT Kerberos 5: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A MIT Kerberos 5 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: MIT Kerberos 5: Multiple vulnerabilities
Date: July 12, 2005
Bugs: #98799
ID: 200507-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote execution of arbitrary code, possibly leading to the compromise of the entire Kerberos realm.

GLSA 200507-10: Ruby: Arbitrary command execution

Gentoo 2503 Published by Philipp Esselbach 0

A Ruby ecurity update has been released for Gentoo Linuxx

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ruby: Arbitrary command execution through XML-RPC
Date: July 11, 2005
Bugs: #96784
ID: 200507-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute arbitrary commands.

GLSA 200507-09: Adobe Acrobat Reader: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

An Adobe Acrobat security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Adobe Acrobat Reader: Buffer overflow vulnerability
Date: July 11, 2005
Bugs: #98101
ID: 200507-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

GLSA 200507-08: phpGroupWare, eGroupWare: PHP script inject

Gentoo 2503 Published by Philipp Esselbach 0

phpGroupWare, eGroupWare security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpGroupWare, eGroupWare: PHP script injection
vulnerability
Date: July 10, 2005
Bugs: #97460, #97651
ID: 200507-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpGroupWare and eGroupWare include an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.

GLSA 200507-07: phpWebSite: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A phpWebSite security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpWebSite: Multiple vulnerabilities
Date: July 10, 2005
Bugs: #97461
ID: 200507-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpWebSite is vulnerable to the remote execution of arbitrary PHP script code and to other, yet undisclosed, vulnerabilities.

UPDATE: GLSA 200506-20: Cacti: Several vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

Another Cacti update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Updated: July 06, 2005
Bugs: #96243, #97475
ID: 200506-20:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

Stefan Esser of the Hardened - PHP Project discovered that some of the recent vulnerabilities were incorrectly fixed, as well as a new vulnerability.

The updated sections appear below.

GLSA 200507-06: TikiWiki: Arbitrary command execution

Gentoo 2503 Published by Philipp Esselbach 0

A TikiWiki security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: TikiWiki: Arbitrary command execution through XML-RPC
Date: July 06, 2005
Bugs: #97648
ID: 200507-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution.

GLSA 200507-05: zlib: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A zlib security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: zlib: Buffer overflow
Date: July 06, 2005
Bugs: #98121
ID: 200507-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow has been discovered in zlib, potentially resulting in the execution of arbitrary code.

GLSA 200507-04: RealPlayer: Heap overflow vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A RealPlayer security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: RealPlayer: Heap overflow vulnerability
Date: July 06, 2005
Bugs: #96923
ID: 200507-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

RealPlayer is vulnerable to a heap overflow that could lead to remote execution of arbitrary code.

GLSA 200506-17: SpamAssassin 3, Vipul's Razor

Gentoo 2503 Published by Philipp Esselbach 0

Another Vipul's Razor update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-17:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: SpamAssassin 3, Vipul's Razor: Denial of Service
vulnerability
Date: June 21, 2005
Updated: July 04, 2005
Bugs: #94722, #95492, #96776
ID: 200506-17:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

Sascha Lucas discovered that with certain malformed headers it was still possible to crash Vipul's Razor.

The updated sections appear below.

GLSA 200507-03: phpBB: Arbitrary command execution

Gentoo 2503 Published by Philipp Esselbach 0

phpBB has been removed from Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpBB: Arbitrary command execution
Date: July 04, 2005
Bugs: #97278
ID: 200507-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A vulnerability in phpBB allows a remote attacker to execute arbitrary commands with the rights of the web server.

GLSA 200507-02: WordPress: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A WordPress security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: WordPress: Multiple vulnerabilities
Date: July 04, 2005
Bugs: #97374
ID: 200507-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities.

GLSA 200507-01: PEAR XML-RPC, phpxmlrpc: PHP script injection

Gentoo 2503 Published by Philipp Esselbach 0

PEAR XML-RPC, phpxmlrpc security update are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
Date: July 03, 2005
Bugs: #97399, #97629
ID: 200507-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands.

GLSA 200506-24: Heimdal: Buffer overflow vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A Heimdal security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Heimdal: Buffer overflow vulnerabilities
Date: June 29, 2005
Bugs: #96727
ID: 200506-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.

USN-143-1: Linux amd64 kernel vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A new amd64 kernel is available for Ubuntu Linux

==========================================================
Ubuntu Security Notice USN-143-1 June 27, 2005
linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities
CAN-2005-1762, CAN-2005-1765
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10

The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.20 (for Ubuntu 4.10) and 2.6.10-34.3 (for Ubuntu 5.04). You need to reboot your computer after doing a standard system upgrade to effect the necessary changes.

GLSA 200506-23: Clam AntiVirus: Denial of Service

Gentoo 2503 Published by Philipp Esselbach 0

A Clam AntiVirus security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Clam AntiVirus: Denial of Service vulnerability
Date: June 27, 2005
Bugs: #96960
ID: 200506-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Clam AntiVirus is vulnerable to a Denial of Service attack when processing certain Quantum archives.

GLSA 200506-21: Trac: File upload vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A Trac security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Trac: File upload vulnerability
Date: June 22, 2005
Bugs: #96572
ID: 200506-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Trac may allow remote attackers to upload files, possibly leading to the execution of arbitrary code.

GLSA 200506-20: Cacti: Several vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A Cacti security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Bugs: #96243
ID: 200506-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Cacti is vulnerable to several SQL injection and file inclusion vulnerabilities.

GLSA 200506-19: SquirrelMail: Several XSS vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A SquirrelMail security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: SquirrelMail: Several XSS vulnerabilities
Date: June 21, 2005
Bugs: #95937
ID: 200506-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squirrelmail is vulnerable to several cross-site scripting vulnerabilities which could lead to a compromise of webmail accounts.

GLSA 200506-18: Tor: Information disclosure

Gentoo 2503 Published by Philipp Esselbach 0

A Tor security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Tor: Information disclosure
Date: June 21, 2005
Bugs: #96320
ID: 200506-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw in Tor may allow the disclosure of arbitrary memory portions.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...