A new security update has been released for Gentoo Linux - PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability. Here the announcement:
A new security update has been released for Gentoo Linux - Evolution: Format string vulnerabilities. Here the announcement:
A new security update has been released for Gentoo Linux - Adobe Reader: Buffer Overflow. Here the announcement:
A Kismet security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Kismet: Multiple vulnerabilities
Date: August 19, 2005
Bugs: #102702
ID: 200508-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Kismet is vulnerable to multiple issues potentially resulting in the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Kismet: Multiple vulnerabilities
Date: August 19, 2005
Bugs: #102702
ID: 200508-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Kismet is vulnerable to multiple issues potentially resulting in the execution of arbitrary code.
A bluez-utils security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: bluez-utils: Bluetooth device name validation vulnerability
Date: August 17, 2005
Bugs: #101557
ID: 200508-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Improper validation of Bluetooth device names can lead to arbitrary command execution.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: bluez-utils: Bluetooth device name validation vulnerability
Date: August 17, 2005
Bugs: #101557
ID: 200508-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Improper validation of Bluetooth device names can lead to arbitrary command execution.
A new security update has been released for Gentoo Linux - AWStats: Arbitrary code execution using malicious Referrer information. Here the announcement:
A new security update has been released for Gentoo Linux - Xpdf, Kpdf, GPdf: Denial of Service vulnerability. Here the announcement:
A new security update has been released for Gentoo Linux - Gaim: Remote execution of arbitrary code. Here the announcement:
A Heartbeat security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Heartbeat: Insecure temporary file creation
Date: August 07, 2005
Bugs: #97175
ID: 200508-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Heartbeat: Insecure temporary file creation
Date: August 07, 2005
Bugs: #97175
ID: 200508-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
A Netpbm update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Netpbm: Arbitrary code execution in pstopnm
Date: August 05, 2005
Bugs: #100398
ID: 200508-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The pstopnm utility, part of the Netpbm tools, contains a vulnerability which can potentially result in the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Netpbm: Arbitrary code execution in pstopnm
Date: August 05, 2005
Bugs: #100398
ID: 200508-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The pstopnm utility, part of the Netpbm tools, contains a vulnerability which can potentially result in the execution of arbitrary code.
A nbSMTP security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: nbSMTP: Format string vulnerability
Date: August 02, 2005
Bugs: #100274
ID: 200508-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
nbSMTP is vulnerable to a format string vulnerability which may result in remote execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: nbSMTP: Format string vulnerability
Date: August 02, 2005
Bugs: #100274
ID: 200508-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
nbSMTP is vulnerable to a format string vulnerability which may result in remote execution of arbitrary code.
A ProFTPD security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ProFTPD: Format string vulnerabilities
Date: August 01, 2005
Bugs: #100364
ID: 200508-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Under specific circumstances, ProFTPD is vulnerable to format string vulnerabilities, potentially resulting in the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ProFTPD: Format string vulnerabilities
Date: August 01, 2005
Bugs: #100364
ID: 200508-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Under specific circumstances, ProFTPD is vulnerable to format string vulnerabilities, potentially resulting in the execution of arbitrary code.
A Compress::Zlib security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Compress::Zlib: Buffer overflow
Date: August 01, 2005
Bugs: #100540
ID: 200508-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Compress::Zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200508-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Compress::Zlib: Buffer overflow
Date: August 01, 2005
Bugs: #100540
ID: 200508-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Compress::Zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.
A pstotext update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: pstotext: Remote execution of arbitrary code
Date: July 31, 2005
Bugs: #100245
ID: 200507-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
pstotext contains a vulnerability which can potentially result in the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: pstotext: Remote execution of arbitrary code
Date: July 31, 2005
Bugs: #100245
ID: 200507-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
pstotext contains a vulnerability which can potentially result in the execution of arbitrary code.
An AMD64 x86 emulation base libraries security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: AMD64 x86 emulation base libraries: Buffer overflow
Date: July 30, 2005
Bugs: #100686
ID: 200507-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The x86 emulation base libraries for AMD64 contain a vulnerable version of zlib which could potentially lead to execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: AMD64 x86 emulation base libraries: Buffer overflow
Date: July 30, 2005
Bugs: #100686
ID: 200507-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The x86 emulation base libraries for AMD64 contain a vulnerable version of zlib which could potentially lead to execution of arbitrary code.
An Ethereal update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: July 28, 2005
Bugs: #100316
ID: 200507-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: July 28, 2005
Bugs: #100316
ID: 200507-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination.
A Gadu library security update is available for Debian GNU/Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code
execution in Gadu library
Date: July 27, 2005
Bugs: #99816, #99890, #99583
ID: 200507-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow which could potentially lead to the execution of arbitrary code or a Denial of Service.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code
execution in Gadu library
Date: July 27, 2005
Bugs: #99816, #99890, #99583
ID: 200507-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow which could potentially lead to the execution of arbitrary code or a Denial of Service.
A Clam AntiVirus update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Clam AntiVirus: Integer overflows
Date: July 26, 2005
Bugs: #100178
ID: 200507-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Clam AntiVirus is vulnerable to integer overflows when handling several file formats, potentially resulting in the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Clam AntiVirus: Integer overflows
Date: July 26, 2005
Bugs: #100178
ID: 200507-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Clam AntiVirus is vulnerable to integer overflows when handling several file formats, potentially resulting in the execution of arbitrary code.
A Mozilla Suite security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Suite: Multiple vulnerabilities
Date: July 26, 2005
Bugs: #98846
ID: 200507-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to information leakage.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Suite: Multiple vulnerabilities
Date: July 26, 2005
Bugs: #98846
ID: 200507-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to information leakage.
A Koperte update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Kopete: Vulnerability in included Gadu library
Date: July 25, 2005
Bugs: #99754
ID: 200507-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Kopete: Vulnerability in included Gadu library
Date: July 25, 2005
Bugs: #99754
ID: 200507-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.
A fetchmail update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: fetchmail: Buffer Overflow
Date: July 25, 2005
Bugs: #99865
ID: 200507-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
fetchmail is susceptible to a buffer overflow resulting in a Denial of Service or arbitrary code execution.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: fetchmail: Buffer Overflow
Date: July 25, 2005
Bugs: #99865
ID: 200507-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
fetchmail is susceptible to a buffer overflow resulting in a Denial of Service or arbitrary code execution.
A Shorewall update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Shorewall: Security policy bypass
Date: July 22, 2005
Bugs: #99398
ID: 200507-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Shorewall: Security policy bypass
Date: July 22, 2005
Bugs: #99398
ID: 200507-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules.
A zlib security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: zlib: Buffer overflow
Date: July 22, 2005
Bugs: #99751
ID: 200507-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: zlib: Buffer overflow
Date: July 22, 2005
Bugs: #99751
ID: 200507-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.
A MediaWiki security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: MediaWiki: Cross-site scripting vulnerability
Date: July 20, 2005
Bugs: #99132
ID: 200507-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: MediaWiki: Cross-site scripting vulnerability
Date: July 20, 2005
Bugs: #99132
ID: 200507-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.
New Mozilla Thunderbird packages are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: July 18, 2005
Bugs: #98855
ID: 200507-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leak.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: July 18, 2005
Bugs: #98855
ID: 200507-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leak.
A dhcpcd update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: dhcpcd: Denial of Service vulnerability
Date: July 15, 2005
Bugs: #98394
ID: 200507-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: dhcpcd: Denial of Service vulnerability
Date: July 15, 2005
Bugs: #98394
ID: 200507-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.
A PHP security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PHP: Script injection through XML-RPC
Date: July 15, 2005
Bugs: #97655
ID: 200507-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
PHP includes an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PHP: Script injection through XML-RPC
Date: July 15, 2005
Bugs: #97655
ID: 200507-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
PHP includes an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.
A Mozilla Firefox security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: July 15, 2005
Bugs: #95199
ID: 200507-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leak.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: July 15, 2005
Bugs: #95199
ID: 200507-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leak.
A pam_ldap and nss_ldap security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: pam_ldap and nss_ldap: Plain text authentication leak
Date: July 14, 2005
Bugs: #96767
ID: 200507-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
pam_ldap and nss_ldap fail to restart TLS when following a referral, possibly leading to credentials being sent in plain text.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: pam_ldap and nss_ldap: Plain text authentication leak
Date: July 14, 2005
Bugs: #96767
ID: 200507-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
pam_ldap and nss_ldap fail to restart TLS when following a referral, possibly leading to credentials being sent in plain text.
A Bugzilla security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Bugzilla: Unauthorized access and information disclosure
Date: July 13, 2005
Bugs: #98348
ID: 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities in Bugzilla could allow remote users to modify bug flags or gain sensitive information.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Bugzilla: Unauthorized access and information disclosure
Date: July 13, 2005
Bugs: #98348
ID: 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities in Bugzilla could allow remote users to modify bug flags or gain sensitive information.
A MIT Kerberos 5 security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: MIT Kerberos 5: Multiple vulnerabilities
Date: July 12, 2005
Bugs: #98799
ID: 200507-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote execution of arbitrary code, possibly leading to the compromise of the entire Kerberos realm.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: MIT Kerberos 5: Multiple vulnerabilities
Date: July 12, 2005
Bugs: #98799
ID: 200507-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote execution of arbitrary code, possibly leading to the compromise of the entire Kerberos realm.
A Ruby ecurity update has been released for Gentoo Linuxx
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Ruby: Arbitrary command execution through XML-RPC
Date: July 11, 2005
Bugs: #96784
ID: 200507-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute arbitrary commands.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Ruby: Arbitrary command execution through XML-RPC
Date: July 11, 2005
Bugs: #96784
ID: 200507-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute arbitrary commands.
An Adobe Acrobat security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Acrobat Reader: Buffer overflow vulnerability
Date: July 11, 2005
Bugs: #98101
ID: 200507-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Acrobat Reader: Buffer overflow vulnerability
Date: July 11, 2005
Bugs: #98101
ID: 200507-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.
phpGroupWare, eGroupWare security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpGroupWare, eGroupWare: PHP script injection
vulnerability
Date: July 10, 2005
Bugs: #97460, #97651
ID: 200507-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
phpGroupWare and eGroupWare include an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpGroupWare, eGroupWare: PHP script injection
vulnerability
Date: July 10, 2005
Bugs: #97460, #97651
ID: 200507-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
phpGroupWare and eGroupWare include an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.
A phpWebSite security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpWebSite: Multiple vulnerabilities
Date: July 10, 2005
Bugs: #97461
ID: 200507-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
phpWebSite is vulnerable to the remote execution of arbitrary PHP script code and to other, yet undisclosed, vulnerabilities.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpWebSite: Multiple vulnerabilities
Date: July 10, 2005
Bugs: #97461
ID: 200507-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
phpWebSite is vulnerable to the remote execution of arbitrary PHP script code and to other, yet undisclosed, vulnerabilities.
Another Cacti update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Updated: July 06, 2005
Bugs: #96243, #97475
ID: 200506-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Update
=====
Stefan Esser of the Hardened - PHP Project discovered that some of the recent vulnerabilities were incorrectly fixed, as well as a new vulnerability.
The updated sections appear below.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Updated: July 06, 2005
Bugs: #96243, #97475
ID: 200506-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Update
=====
Stefan Esser of the Hardened - PHP Project discovered that some of the recent vulnerabilities were incorrectly fixed, as well as a new vulnerability.
The updated sections appear below.
A TikiWiki security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: TikiWiki: Arbitrary command execution through XML-RPC
Date: July 06, 2005
Bugs: #97648
ID: 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: TikiWiki: Arbitrary command execution through XML-RPC
Date: July 06, 2005
Bugs: #97648
ID: 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution.
A zlib security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: zlib: Buffer overflow
Date: July 06, 2005
Bugs: #98121
ID: 200507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A buffer overflow has been discovered in zlib, potentially resulting in the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: zlib: Buffer overflow
Date: July 06, 2005
Bugs: #98121
ID: 200507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A buffer overflow has been discovered in zlib, potentially resulting in the execution of arbitrary code.
A RealPlayer security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: RealPlayer: Heap overflow vulnerability
Date: July 06, 2005
Bugs: #96923
ID: 200507-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
RealPlayer is vulnerable to a heap overflow that could lead to remote execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: RealPlayer: Heap overflow vulnerability
Date: July 06, 2005
Bugs: #96923
ID: 200507-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
RealPlayer is vulnerable to a heap overflow that could lead to remote execution of arbitrary code.
Another Vipul's Razor update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-17:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: SpamAssassin 3, Vipul's Razor: Denial of Service
vulnerability
Date: June 21, 2005
Updated: July 04, 2005
Bugs: #94722, #95492, #96776
ID: 200506-17:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Update
=====
Sascha Lucas discovered that with certain malformed headers it was still possible to crash Vipul's Razor.
The updated sections appear below.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-17:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: SpamAssassin 3, Vipul's Razor: Denial of Service
vulnerability
Date: June 21, 2005
Updated: July 04, 2005
Bugs: #94722, #95492, #96776
ID: 200506-17:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Update
=====
Sascha Lucas discovered that with certain malformed headers it was still possible to crash Vipul's Razor.
The updated sections appear below.
phpBB has been removed from Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpBB: Arbitrary command execution
Date: July 04, 2005
Bugs: #97278
ID: 200507-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in phpBB allows a remote attacker to execute arbitrary commands with the rights of the web server.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpBB: Arbitrary command execution
Date: July 04, 2005
Bugs: #97278
ID: 200507-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in phpBB allows a remote attacker to execute arbitrary commands with the rights of the web server.
A WordPress security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WordPress: Multiple vulnerabilities
Date: July 04, 2005
Bugs: #97374
ID: 200507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WordPress: Multiple vulnerabilities
Date: July 04, 2005
Bugs: #97374
ID: 200507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities.
PEAR XML-RPC, phpxmlrpc security update are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
Date: July 03, 2005
Bugs: #97399, #97629
ID: 200507-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
Date: July 03, 2005
Bugs: #97399, #97629
ID: 200507-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands.
A Heimdal security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Heimdal: Buffer overflow vulnerabilities
Date: June 29, 2005
Bugs: #96727
ID: 200506-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Heimdal: Buffer overflow vulnerabilities
Date: June 29, 2005
Bugs: #96727
ID: 200506-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.
A new amd64 kernel is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-143-1 June 27, 2005
linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities
CAN-2005-1762, CAN-2005-1765
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10
The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.20 (for Ubuntu 4.10) and 2.6.10-34.3 (for Ubuntu 5.04). You need to reboot your computer after doing a standard system upgrade to effect the necessary changes.
==========================================================
Ubuntu Security Notice USN-143-1 June 27, 2005
linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities
CAN-2005-1762, CAN-2005-1765
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10
The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.20 (for Ubuntu 4.10) and 2.6.10-34.3 (for Ubuntu 5.04). You need to reboot your computer after doing a standard system upgrade to effect the necessary changes.
A Clam AntiVirus security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Clam AntiVirus: Denial of Service vulnerability
Date: June 27, 2005
Bugs: #96960
ID: 200506-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Clam AntiVirus is vulnerable to a Denial of Service attack when processing certain Quantum archives.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Clam AntiVirus: Denial of Service vulnerability
Date: June 27, 2005
Bugs: #96960
ID: 200506-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Clam AntiVirus is vulnerable to a Denial of Service attack when processing certain Quantum archives.
A Trac security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Trac: File upload vulnerability
Date: June 22, 2005
Bugs: #96572
ID: 200506-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Trac may allow remote attackers to upload files, possibly leading to the execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Trac: File upload vulnerability
Date: June 22, 2005
Bugs: #96572
ID: 200506-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Trac may allow remote attackers to upload files, possibly leading to the execution of arbitrary code.
A Cacti security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Bugs: #96243
ID: 200506-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Cacti is vulnerable to several SQL injection and file inclusion vulnerabilities.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Bugs: #96243
ID: 200506-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Cacti is vulnerable to several SQL injection and file inclusion vulnerabilities.
A SquirrelMail security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: SquirrelMail: Several XSS vulnerabilities
Date: June 21, 2005
Bugs: #95937
ID: 200506-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Squirrelmail is vulnerable to several cross-site scripting vulnerabilities which could lead to a compromise of webmail accounts.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: SquirrelMail: Several XSS vulnerabilities
Date: June 21, 2005
Bugs: #95937
ID: 200506-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Squirrelmail is vulnerable to several cross-site scripting vulnerabilities which could lead to a compromise of webmail accounts.
A Tor security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Tor: Information disclosure
Date: June 21, 2005
Bugs: #96320
ID: 200506-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A flaw in Tor may allow the disclosure of arbitrary memory portions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Tor: Information disclosure
Date: June 21, 2005
Bugs: #96320
ID: 200506-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A flaw in Tor may allow the disclosure of arbitrary memory portions.