A Subversion update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Buffer overflow in Subversion
Date: May 20, 2004
Bugs: #51462
ID: 200405-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
There is a vulnerability in the Subversion date parsing code which may lead to denial of service attacks, or execution of arbitrary code. Both the client and server are vulnerable.
A neon update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: neon heap-based buffer overflow
Date: May 20, 2004
Bugs: #51490
ID: 200405-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability potentially allowing remote execution of arbitrary code has been discovered in the neon library.
A CVS update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CVS heap overflow vulnerability
Date: May 20, 2004
Bugs: #51460
ID: 200405-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
CVS is subject to a heap overflow vulnerability allowing source repository compromise.
A KDE URI Handler update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: KDE URI Handler Vulnerabilities
Date: May 19, 2004
Bugs: #51276
ID: 200405-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Vulnerabilities in KDE URI handlers makes your system vulnerable to various attacks.
An Icecast update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Icecast denial of service vulnerability
Date: May 19, 2004
Bugs: #50935
ID: 200405-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Icecast is vulnerable to a denial of service attack allowing remote users to crash the application.
A ProFTPD update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: ProFTPD Access Control List bypass vulnerability
Date: May 19, 2004
Bugs: #49496
ID: 200405-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based Access Control Lists (ACLs) to be treated as "AllowAll", thereby allowing remote users full access to files available to the FTP daemon.
A Pound update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Pound format string vulnerability
Date: May 18, 2004
Bugs: #50421
ID: 200405-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
There is a format string flaw in Pound, allowing remote execution of arbitrary code with the rights of the Pound process.
An Exim securty update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Exim verify=header_syntax buffer overflow
Date: May 14, 2004
Bugs: #50217
ID: 200405-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
When the verify=header_syntax option is set, there is a buffer overflow in Exim that allows remote execution of arbitrary code.
A libpng security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libpng denial of service vulnerability
Date: May 14, 2004
Bugs: #49887
ID: 200405-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A bug in the libpng library can be abused to crash programs making use of that library to decode PNG images.
An Utempter package has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Utempter symlink vulnerability
Date: May 13, 2004
Bugs: #49536
ID: 200405-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack.
An OpenOffice update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenOffice.org vulnerability when using DAV servers
Date: May 11, 2004
Bugs: #47926
ID: 200405-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several format string vulnerabilities are present in the Neon library included in OpenOffice.org, allowing remote execution of arbitrary code when connected to an untrusted WebDAV server.
A ClamAV update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: ClamAV VirusEvent parameter vulnerability
Date: May 11, 2004
Bugs: #46264
ID: 200405-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
With a specific configuration (using %f in the VirusEvent parameter), Clam AntiVirus is vulnerable to an attack allowing execution of arbitrary commands.
A LHa update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple vulnerabilities in LHa
Date: May 09, 2004
Bugs: #49961
ID: 200405-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Two stack-based buffer overflows and two directory traversal problems have been found in LHa. These vulnerabilities can be used to execute arbitrary code or as a denial of service attack.
A neon update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple format string vulnerabilities in neon 0.24.4 and
earlier
Date: May 09, 2004
Bugs: #48448
ID: 200405-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code.
A samba update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple Vulnerabilities in Samba
Date: April 29, 2004
Bugs: #41800, #45965
ID: 200404-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
There is a bug in smbfs which may allow local users to gain root via a setuid file on a mounted Samba share. Also, there is a tmpfile symlink vulnerability in the smbprint script distributed with Samba.
Gentoo Linux 2004.1 has been released
A Xine update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple vulnerabilities in xine
Date: April 27, 2004
Bugs: #45448, #48107, #48108
ID: 200404-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities have been found in xine-ui and xine-lib, potentially allowing an attacker to overwrite files with the rights of the user.
Background
=========
xine is a multimedia player allowing to play back CDs, DVDs, and VCDs and decoding multimedia files like AVI, MOV, WMV, and MP3 from local disk drives, and displays multimedia streamed over the Internet. It is available in Gentoo as a reusable library (xine-lib) with a standard user interface (xine-ui).
A LCDproc update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Buffer overflows and format string vulnerabilities in
LCDproc
Date: April 27, 2004
Bugs: #47340
ID: 200404-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple remote vulnerabilities have been found in the LCDd server, allowing execution of arbitrary code with the rights of the LCDd user.
Background
=========
LCDproc is a program that displays various bits of real-time system information on an LCD. It makes use of a local server (LCDd) to collect information to display on the LCD.
From Gentoo Technologies:
A ssmtp update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple Vulnerabilities in ssmtp
Date: April 26, 2004
Bugs: #47918, #48435
ID: 200404-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
There are multiple format string vulnerabilities in the SSMTP package, which may allow an attacker to run arbitrary code with ssmtp's privileges (potentially root).
Background
=========
SSMTP is a very simple mail transfer agent (MTA) that relays mail from the local machine to another SMTP host. It is not designed to function as a full mail server; its sole purpose is to relay mail.
An ipsec-tools and iputils update for Gentoo Linux has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ipsec-tools and iputils contain a remote DoS vulnerability
Date: April 24, 2004
Bugs: #48847
ID: 200404-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
racoon, which is included in the ipsec-tools and iputils packages in Portage, does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resoources, causing a Denial of Service.
A cadaver update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple format string vulnerabilities in cadaver
Date: April 19, 2004
Bugs: #47799
ID: 200404-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
There are multiple format string vulnerabilities in the neon library used in cadaver, possibly leading to execution of arbitrary code when connected to a malicious server.
A XChat update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: XChat 2.0.x SOCKS5 Vulnerability
Date: April 19, 2004
Bugs: #46856
ID: 200404-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
XChat is vulnerable to a stack overflow that may allow a remote attacker to run arbitrary code.
Updated monit packages are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple new security vulnerabilities in monit
Date: April 19, 2004
Bugs: #47631
ID: 200404-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Two new vulnerabilities have been found in the HTTP interface of monit, possibly leading to denial of service or execution of arbitrary code.
A CVS update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: CVS Server and Client Vulnerabilities
Date: April 14, 2004
Bugs: #47800
ID: 200404-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
There are two vulnerabilities in CVS; one in the server and one in the client. These vulnerabilities allow the reading and writing of arbitrary files on both client and server.
A Scorched 3D update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Scorched 3D server chat box format string vulnerability
Date: April 09, 2004
Bugs: #39302
ID: 200404-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code.
An iproute update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: iproute local Denial of Service vulnerability
Date: April 09, 2004
Bugs: #34294
ID: 200404-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The iproute package allows local users to cause a denial of service.
A Heimdal update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Cross-realm trust vulnerability in Heimdal
Date: April 09, 2004
Bugs: #46590
ID: 200404-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.
An automake update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: GNU Automake symbolic link vulnerability
Date: April 08, 2004
Bugs: #45646
ID: 200404-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges.
A ClamAV update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ClamAV RAR Archive Remote Denial Of Service Vulnerability
Date: April 07, 2004
Bugs: #45357
ID: 200404-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
ClamAV is vulnerable to a denial of service attack when processing certain RAR archives.
An util-linux updated has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Util-linux login may leak sensitive data
Date: April 07, 2004
Bugs: #46422
ID: 200404-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The login program included in util-linux could leak sensitive information under certain conditions.
An ipsec-tools update for Gentoo Linux has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: ipsec-tools contains an X.509 certificates vulnerability.
Date: April 07, 2004
Bugs: #47013
ID: 200404-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates.
A sysstat update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple vulnerabilities in sysstat
Date: April 06, 2004
Bugs: #45159
ID: 200404-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files
A Tcpdump for Gentoo Linux has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Tcpdump Vulnerabilities in ISAKMP Parsing
Date: March 31, 2004
Bugs: #38206, #46258
ID: 200404-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
There are multiple vulnerabilities in tcpdump and libpcap related to parsing of ISAKMP packets.
A KDE Personal Information Management Suite update for Gentoo Linux is available
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: KDE Personal Information Management Suite Remote Buffer
Overflow Vulnerability
Date: April 06, 2004
Bugs: #38256
ID: 200404-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.
A Portage update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~ http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~ Severity: Normal
~ Title: Insecure sandbox temporary lockfile vulnerabilities in
~ Portage
~ Date: April 04, 2004
~ Bugs: #21923
~ ID: 200404-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system.
OSNews has published a Gentoo Linux quick installation guide
The Gentoo Security team has released another update for Gentoo Linux.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple Security Vulnerabilities in Monit
Date: March 31, 2004
Bugs: #43967
ID: 200403-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A denial of service and a buffer overflow vulnerability have been found in Monit.
A MPlayer update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Remote buffer overflow in MPlayer
Date: March 31, 2004
Bugs: #46246
ID: 200403-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
MPlayer contains a remotely exploitable buffer overflow in the HTTP parser that may allow attackers to run arbitrary code on a user's computer.
An OpenLDAP updated has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenLDAP DoS Vulnerability
Date: March 31, 2004
Bugs: #26728
ID: 200403-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A failed password operation can cause the OpenLDAP slapd server, if it is using the back-ldbm backend, to free memory that was never allocated.
A Midnight Commander update for Gentoo Linux has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Buffer overflow in Midnight Commander
Date: March 29, 2004
Bugs: #45957
ID: 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary code to be run on a user's computer
An update for Squid is now available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Squid ACL [url_regex] bypass vulnerability
Date: March 30, 2004
Bugs: #45273
ID: 200403-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circumstances; the url_regex ACL may not properly detect the malicious URL, allowing the attacker to effectively bypass the ACL.
A new Fetchmail update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Fetchmail 6.2.5 fixes a remote DoS
Date: March 30, 2004
Bugs: #37717
ID: 200403-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.
An oftpd security update for Gentoo Linux has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: oftpd DoS vulnerability
Date: March 29, 2004
Bugs: #45738
ID: 200403-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A remotely-exploitable overflow exists in oftpd, allowing an attacker to crash the oftpd daemon.
An Ethereal update for Gentoo Linux has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple remote overflows and vulnerabilities in Ethereal
Date: March 28, 2004
Bugs: #45543
ID: 200403-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Mulitple overflows and vulnerabilities exist in Ethereal which may allow an attacker to crash the program or run arbitrary code.
A new Courier update for Gentoo Linux is available
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple remote buffer overflow vulnerabilities in Courier
Date: March 26, 2004
Bugs: #45584
ID: 200403-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Remote buffer overflow vulnerabilites have been found in Courier-IMAP and Courier MTA. These exploits may allow the execution of abritrary code, allowing unauthorized access to a vulnerable system.
An UUDeview update for Gentoo Linux has been released
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~ http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~ Severity: Normal
~ Title: UUDeview MIME Buffer Overflow
~ Date: March 26, 2004
~ Bugs: #44859
~ ID: 200403-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions) may cause UUDeview to crash or execute arbitrary code.
An Apache 2 update for Gentoo Linux has been relased
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple security vulnerabilities in Apache 2
Date: March 22, 2004
Bugs: #45206
ID: 200403-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A memory leak in mod_ssl allows a remote denial of service attack against an SSL-enabled server via plain HTTP requests. Another flaw was found when arbitrary client-supplied strings can be written to the error log, allowing the exploit of certain terminal emulators. A third flaw exists with the mod_disk_cache module.
The OpenSSL update is now available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Multiple OpenSSL Vulnerabilities
Date: March 17, 2004
Bugs: #44941
ID: 200403-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Three vulnerabilities have been found in OpenSSL via a commercial test suite for the TLS protocol developed by Codenomicon Ltd.
Gentoo 2004.0 CDs based on Red Hat's Anaconda installer are available
