Linux Compatible - Gentoo (Page 4)

GLSA 200409-17: SUS: Local root vulnerability

Gentoo 2504 Published 2004-09-14 17:06 by Philipp Esselbach 0

A SUS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: SUS: Local root vulnerability
Date: September 14, 2004
Bugs: #63927
ID: 200409-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

SUS contains a string format bug that could lead to local privilege escalation.

GLSA 200409-16: Samba: Denial of Service vulnerabilities

Gentoo 2504 Published 2004-09-13 17:46 by Philipp Esselbach 0

A Samba security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Samba: Denial of Service vulnerabilities
Date: September 13, 2004
ID: 200409-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two Denial of Service vulnerabilities have been found and fixed in Samba.

GLSA 200409-15: Webmin, Usermin

Gentoo 2504 Published 2004-09-12 18:43 by Philipp Esselbach 0

A Webmin/Usermin security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Webmin, Usermin: Multiple vulnerabilities in Usermin
Date: September 12, 2004
Bugs: #63167
ID: 200409-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A vulnerability in the webmail function of Usermin could be used by an attacker to execute shell code via a specially-crafted e-mail. A bug in the installation script of Webmin and Usermin also allows a local user to execute a symlink attack at installation time.

GLSA 200409-14: Samba: Remote printing vulnerability

Gentoo 2504 Published 2004-09-09 05:25 by Philipp Esselbach 0

A Samba security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Samba: Remote printing vulnerability
Date: September 09, 2004
Bugs: #62476
ID: 200409-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Samba is vulnerable to a remote denial of service attack due to out of sequence print change notification requests.

GLSA 200409-13: LHa: Multiple vulnerabilities

Gentoo 2504 Published 2004-09-08 17:40 by Philipp Esselbach 0

A LHa security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: LHa: Multiple vulnerabilities
Date: September 08, 2004
Bugs: #62618
ID: 200409-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code.

GLSA 200409-12: ImageMagick, imlib, imlib2

Gentoo 2504 Published 2004-09-08 07:12 by Philipp Esselbach 0

ImageMagick, imlib, imlib2 security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick, imlib, imlib2: BMP decoding buffer overflows
Date: September 08, 2004
Bugs: #62309, #62487
ID: 200409-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ImageMagick, imlib and imlib2 contain exploitable buffer overflow vulnerabilities in the BMP image processing code.

GLSA 200409-11: star: Suid root vulnerability

Gentoo 2504 Published 2004-09-08 06:48 by Philipp Esselbach 0

A star security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: star: Suid root vulnerability
Date: September 07, 2004
Bugs: #61797
ID: 200409-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

star contains a suid root vulnerability which could potentially grant unauthorized root access to an attacker.

GLSA 200409-10: multi-gnome-terminal: Information leak

Gentoo 2504 Published 2004-09-06 16:13 by Philipp Esselbach 0

A multi-gnome-terminal update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: multi-gnome-terminal: Information leak
Date: September 06, 2004
Bugs: #62322
ID: 200409-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Active keystroke logging in multi-gnome-terminal has been discovered in potentially world-readable files. This could allow any authorized user on the system to read sensitive data, including passwords.

GLSA 200409-09: MIT krb5: Multiple vulnerabilities

Gentoo 2504 Published 2004-09-06 06:56 by Philipp Esselbach 0

A MIT krb5 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: MIT krb5: Multiple vulnerabilities
Date: September 06, 2004
Bugs: #62417
ID: 200409-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MIT krb5 contains several double-free vulnerabilities, potentially allowing the execution of arbitrary code, as well as a denial of service vulnerability.

GLSA 200409-08: Ruby: CGI::Session creates files insecurely

Gentoo 2504 Published 2004-09-03 17:44 by Philipp Esselbach 0

A Ruby security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Ruby: CGI::Session creates files insecurely
Date: September 03, 2004
Bugs: #60525
ID: 200409-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

When used for CGI scripting, Ruby creates session files in /tmp with the permissions of the default umask. Depending on that umask, local users may be able to read sensitive data stored in session files.

GLSA 200409-07: xv: Buffer overflows in image handling

Gentoo 2504 Published 2004-09-03 10:35 by Philipp Esselbach 0

An updated xv package has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xv: Buffer overflows in image handling
Date: September 03, 2004
Bugs: #61619
ID: 200409-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

xv contains multiple exploitable buffer overflows in the image handling code.

UPDATE: GLSA 200408-22: Mozilla, Firefox, Thunderbird

Gentoo 2504 Published 2004-09-03 06:31 by Philipp Esselbach 0

Updated versions of Mozilla, Firefox, Thunderbird, Galeon, and Epiphany are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New
releases fix vulnerabilities
Date: August 23, 2004
Bugs: #57380, #59419
ID: 200408-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

New releases of Mozilla, Epiphany, Galeon, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including remote DoS and buffer overflows.

GLSA 200409-06: eGroupWare: Multiple XSS vulnerabilities

Gentoo 2504 Published 2004-09-02 19:00 by Philipp Esselbach 0

An eGroupWare security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: eGroupWare: Multiple XSS vulnerabilities
Date: September 02, 2004
Bugs: #61510
ID: 200409-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The eGroupWare software contains multiple cross site scripting vulnerabilities.

GLSA 200409-05: Gallery: Arbitrary command execution

Gentoo 2504 Published 2004-09-02 18:57 by Philipp Esselbach 0

A Gallery security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Gallery: Arbitrary command execution
Date: September 02, 2004
Bugs: #60742
ID: 200409-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Gallery image upload code contains a temporary file handling vulnerability which could lead to execution of arbitrary commands.

GLSA 200409-04: Squid: Denial of service when using NTLM

Gentoo 2504 Published 2004-09-02 18:56 by Philipp Esselbach 0

A Squid security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Squid: Denial of service when using NTLM authentication
Date: September 02, 2004
Bugs: #61280
ID: 200409-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squid is vulnerable to a denial of service attack which could crash its NTLM helpers.

GLSA 200409-03: Python 2.2: Buffer overflow in getaddrinfo

Gentoo 2504 Published 2004-09-02 18:52 by Philipp Esselbach 0

A Python 2.2 security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Python 2.2: Buffer overflow in getaddrinfo()
Date: September 02, 2004
Bugs: #62440
ID: 200409-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().

GLSA 200409-02: MySQL: Insecure temporary file creation

Gentoo 2504 Published 2004-09-01 15:36 by Philipp Esselbach 0

A MySQL security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Insecure temporary file creation in mysqlhotcopy
Date: September 01, 2004
Bugs: #60744
ID: 200409-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data.

GLSA 200409-01: vpopmail: Multiple vulnerabilities

Gentoo 2504 Published 2004-09-01 15:34 by Philipp Esselbach 0

A vpopmail security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: vpopmail: Multiple vulnerabilities
Date: September 01, 2004
Bugs: #60844
ID: 200409-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.

GLSA 200408-27: Gaim: New vulnerabilities

Gentoo 2504 Published 2004-08-27 15:43 by Philipp Esselbach 0

A Gaim update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Gaim: New vulnerabilities
Date: August 27, 2004
Bugs: #61457
ID: 200408-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gaim contains several security issues that might allow an attacker to execute arbitrary code or commands.

GLSA 200408-26: zlib: Denial of service vulnerability

Gentoo 2504 Published 2004-08-27 15:40 by Philipp Esselbach 0

A zlib update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: zlib: Denial of service vulnerability
Date: August 27, 2004
Bugs: #61749
ID: 200408-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The zlib library contains a Denial of Service vulnerability.

GLSA 200408-25: MoinMoin: Group ACL bypass

Gentoo 2504 Published 2004-08-26 15:56 by Philipp Esselbach 0

A MoinMoin update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MoinMoin: Group ACL bypass
Date: August 26, 2004
Bugs: #57913
ID: 200408-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.

GLSA 200408-24: Linux Kernel: Multiple information leaks

Gentoo 2504 Published 2004-08-26 06:31 by Philipp Esselbach 0

A kernel update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Linux Kernel: Multiple information leaks
Date: August 25, 2004
Bugs: #59378, #59905, #59769
ID: 200408-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple information leaks have been found in the Linux kernel, allowing an attacker to obtain sensitive data which may be used for further exploitation of the system.

ERRATA: GLSA 200406-14: aspell

Gentoo 2504 Published 2004-08-23 10:13 by Philipp Esselbach 0

An aspell security patch is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: aspell: Buffer overflow in word-list-compress
Date: August 23, 2004
Bugs: #53389
ID: 200406-14:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Errata
=====

The previous security patch intended to fix this vulnerability was apparently incorrect in that it counted the words rather than characters. This revision fixes that. This was brought to our attention by by Ludwig Nussel ludwig.nussel@suse.de

GLSA 200408-22: Mozilla, Firefox, Thunderbird: New releases

Gentoo 2504 Published 2004-08-23 10:10 by Philipp Esselbach 0

Mozilla, Firefox, and Thunderbird updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla, Firefox, Thunderbird: New releases fix
vulnerabilities
Date: August 23, 2004
Bugs: #57380, #59419
ID: 200408-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

New releases of Mozilla, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including remote DoS and buffer overflows.

GLSA 200408-21: Cacti: SQL injection vulnerability

Gentoo 2504 Published 2004-08-23 10:06 by Philipp Esselbach 0

A Cacti update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Cacti: SQL injection vulnerability
Date: August 23, 2004
Bugs: #60630
ID: 200408-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

With special configurations of Cacti it is possible to change passwords via a SQL injection attack.

GLSA 200408-20: Qt: Image loader overflows

Gentoo 2504 Published 2004-08-23 07:01 by Philipp Esselbach 0

A Qt update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Qt: Image loader overflows
Date: August 22, 2004
Bugs: #60855
ID: 200408-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There are several bugs in Qt's image-handling code which could lead to crashes or arbitrary code execution.

GLSA 200408-19: courier-imap

Gentoo 2504 Published 2004-08-20 04:36 by Philipp Esselbach 0

A courier-imap update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: courier-imap: Remote Format String Vulnerability
Date: August 19, 2004
Bugs: #60865
ID: 200408-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There is a format string vulnerability in non-standard configurations of courier-imapd which may be exploited remotely. An attacker may be able to execute arbitrary code as the user running courier-imapd (oftentimes root).

GLSA 200408-18: xine-lib: VCD MRL buffer overflow

Gentoo 2504 Published 2004-08-18 04:16 by Philipp Esselbach 0

A xine-lib update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xine-lib: VCD MRL buffer overflow
Date: August 17, 2004
Bugs: #59948
ID: 200408-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

xine-lib contains an exploitable buffer overflow in the VCD handling code

GLSA 200408-17: rsync: Potential information leakage

Gentoo 2504 Published 2004-08-18 04:14 by Philipp Esselbach 0

A rsync update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: rsync: Potential information leakage
Date: August 17, 2004
Bugs: #60309
ID: 200408-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

rsync fails to properly sanitize paths. This vulnerability could allow the listing of arbitrary files and allow file overwriting outside module's path on rsync server configurations that allow uploading.

GLSA 200408-16: glibc: Information leak with LD_DEBUG

Gentoo 2504 Published 2004-08-17 17:48 by Philipp Esselbach 0

A glibc update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: glibc: Information leak with LD_DEBUG
Date: August 16, 2004
Bugs: #59526
ID: 200408-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

glibc contains an information leak vulnerability allowing the debugging of SUID binaries.

GLSA 200408-15: Tomcat: Insecure Installation

Gentoo 2504 Published 2004-08-16 04:39 by Philipp Esselbach 0

A Tomcat update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Tomcat: Insecure Installation
Date: August 15, 2004
Bugs: #59232
ID: 200408-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Improper file ownership may allow a member of the tomcat group to execute scripts as root.

GLSA 200408-14: acroread: UUDecode filename buffer overflow

Gentoo 2504 Published 2004-08-16 04:38 by Philipp Esselbach 0

An acroread update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: acroread: UUDecode filename buffer overflow
Date: August 15, 2004
Bugs: #60205
ID: 200408-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

acroread contains two errors in the handling of UUEncoded filenames that may lead to execution of arbitrary code or programs.

GLSA 200408-11: Nessus: "adduser" race condition

Gentoo 2504 Published 2004-08-12 18:05 by Philipp Esselbach 0

A Nessus update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Nessus: "adduser" race condition vulnerability
Date: August 12, 2004
Bugs: #58014
ID: 200408-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.

GLSA 200408-13: kdebase, kdelibs: Multiple security issues

Gentoo 2504 Published 2004-08-12 17:51 by Philipp Esselbach 0

Updated kdebase, kdelibs are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: kdebase, kdelibs: Multiple security issues
Date: August 12, 2004
Bugs: #60068
ID: 200408-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

KDE contains three security issues that can allow an attacker to compromise system accounts, cause a Denial of Service, or spoof websites via frame injection.

GLSA 200408-12: Gaim: MSN protocol parsing function buffer

Gentoo 2504 Published 2004-08-12 17:50 by Philipp Esselbach 0

A gaim update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Gaim: MSN protocol parsing function buffer overflow
Date: August 12, 2004
Bugs: #60034
ID: 200408-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gaim contains a remotely exploitable buffer overflow vulnerability in the MSN-protocol parsing code that may allow remote execution of arbitrary code.

GLSA 200408-10: gv: Exploitable Buffer Overflow

Gentoo 2504 Published 2004-08-12 08:07 by Philipp Esselbach 0

A gv update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: gv: Exploitable Buffer Overflow
Date: August 12, 2004
Bugs: #59385
ID: 200408-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

gv contains an exploitable buffer overflow that allows an attacker to execute arbitrary code.

GLSA 200408-09: Roundup filesystem access vulnerability

Gentoo 2504 Published 2004-08-11 18:54 by Philipp Esselbach 0

A Roundup update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Roundup filesystem access vulnerability
Date: August 11, 2004
Bugs: #53494
ID: 200408-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Roundup will make files owned by the user that it's running as accessable to a remote attacker.

GLSA 200408-08: Cfengine : RSA Authentication

Gentoo 2504 Published 2004-08-11 04:28 by Philipp Esselbach 0

A Cfengine update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Cfengine : RSA Authentication Heap Corruption
Date: August 10, 2004
Bugs: #59895
ID: 200408-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Cfengine is vulnerable to a remote root exploit from clients in AllowConnectionsFrom.

GLSA 200408-07: Horde-IMP: Input validation vulnerability

Gentoo 2504 Published 2004-08-10 10:20 by Philipp Esselbach 0

A Horde-IMP update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Horde-IMP: Input validation vulnerability for Internet
Explorer users
Date: August 10, 2004
Bugs: #59336
ID: 200408-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

An input validation vulnerability has been discovered in Horde-IMP. This only affects users of Internet Explorer.

GLSA 200408-06: SpamAssassin

Gentoo 2504 Published 2004-08-09 18:00 by Philipp Esselbach 0

A SpamAssassin update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: SpamAssassin: Denial of Service vulnerability
Date: August 09, 2004
Bugs: #59483
ID: 200408-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

SpamAssassin is vulnerable to a Denial of Service attack when handling certain malformed messages.

GLSA 200408-05: Opera: Multiple new vulnerabilities

Gentoo 2504 Published 2004-08-05 16:47 by Philipp Esselbach 0

An Opera update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Opera: Multiple new vulnerabilities
Date: August 05, 2004
Bugs: #59503
ID: 200408-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several new vulnerabilities were found and fixed in Opera, including one allowing an attacker to read the local filesystem remotely.

GLSA 200408-04: PuTTY

Gentoo 2504 Published 2004-08-05 09:10 by Philipp Esselbach 0

A PuTTY update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: PuTTY: Pre-authentication arbitrary code execution
Date: August 05, 2004
Bugs: #59383
ID: 200408-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

PuTTY contains a vulnerability allowing a SSH server to execute arbitrary code on the connecting client.

GLSA 200408-01: MPlayer: GUI filename handling overflow

Gentoo 2504 Published 2004-08-01 06:33 by Philipp Esselbach 0

An updated mplayer package has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MPlayer: GUI filename handling overflow
Date: August 01, 2004
Bugs: #55456
ID: 200408-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

When compiled with GUI support MPlayer is vulnerable to a remotely exploitable buffer overflow attack.

GLSA 200407-23: SoX: Multiple buffer overflows

Gentoo 2504 Published 2004-07-30 16:18 by Philipp Esselbach 0

A SoX update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: SoX: Multiple buffer overflows
Date: July 30, 2004
Bugs: #58733
ID: 200407-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

SoX contains two buffer overflow vulnerabilities in the WAV header parser code.

GLSA 200407-22: phpMyAdmin: Multiple vulnerabilities

Gentoo 2504 Published 2004-07-29 17:42 by Philipp Esselbach 0

A phpMyAdmin update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: phpMyAdmin: Multiple vulnerabilities
Date: July 29, 2004
Bugs: #57890
ID: 200407-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a valid user account to alter configuration variables and execute arbitrary PHP code.

GLSA 200407-21: Samba: Multiple buffer overflows

Gentoo 2504 Published 2004-07-29 09:28 by Philipp Esselbach 0

A Samba update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Samba: Multiple buffer overflows
Date: July 29, 2004
Bugs: #57962
ID: 200407-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two buffer overflows vulnerabilities were found in Samba, potentially allowing the remote execution of arbitrary code.

GLSA 200407-20: Subversion: Vulnerability

Gentoo 2504 Published 2004-07-26 17:18 by Philipp Esselbach 0

A subversion update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Subversion: Vulnerability in mod_authz_svn
Date: July 26, 2004
Bugs: #57747
ID: 200407-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Users with write access to parts of a Subversion repository may bypass read restrictions in mod_authz_svn and read any part of the repository they wish.

GLSA 200407-19: Pavuk: Digest authentication helper buffer

Gentoo 2504 Published 2004-07-26 11:05 by Philipp Esselbach 0

A Pavuk update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Pavuk: Digest authentication helper buffer overflow
Date: July 26, 2004
ID: 200407-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Pavuk contains a bug that can allow an attacker to run arbitrary code.

Gentoo 2004.2

Gentoo 2504 Published 2004-07-26 05:16 by Philipp Esselbach 0

Gentoo Linux 2004.2 has been released

GLSA 200407-18: mod_ssl: Format string vulnerability

Gentoo 2504 Published 2004-07-22 10:01 by Philipp Esselbach 0

A mod_ssl update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mod_ssl: Format string vulnerability
Date: July 22, 2004
Bugs: #57379
ID: 200407-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A bug in mod_ssl may allow a remote attacker to execute arbitrary code when Apache is configured to use mod_ssl and mod_proxy.

Windows

Linux

macOS

Community