Linux Compatible - Gentoo (Page 7)

GLSA 200501-35: Evolution: Integer overflow in camel-lock-helper

Gentoo 2504 Published 2005-01-25 03:18 by Philipp Esselbach 0

An Evolution security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Evolution: Integer overflow in camel-lock-helper
Date: January 24, 2005
Bugs: #79183
ID: 200501-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

An overflow in the camel-lock-helper application can be exploited by an attacker to execute arbitrary code with elevated privileges.

GLSA 200501-34: Konversation: Various vulnerabilities

Gentoo 2504 Published 2005-01-24 09:59 by Philipp Esselbach 0

A Konversation security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Konversation: Various vulnerabilities
Date: January 24, 2005
Bugs: #78712
ID: 200501-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Konversation contains multiple vulnerabilities that could lead to remote command execution or information leaks.

GLSA 200501-33: MySQL: Insecure temporary file creation

Gentoo 2504 Published 2005-01-23 17:41 by Philipp Esselbach 0

A MySQL security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Insecure temporary file creation
Date: January 23, 2005
Bugs: #77805
ID: 200501-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MySQL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200501-32: KPdf, KOffice: Stack overflow in included X

Gentoo 2504 Published 2005-01-23 14:52 by Philipp Esselbach 0

KPdf, KOffice updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KPdf, KOffice: Stack overflow in included Xpdf code
Date: January 23, 2005
Bugs: #78619, #78620
ID: 200501-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.

GLSA 200501-31: teTeX, pTeX, CSTeX

Gentoo 2504 Published 2005-01-23 08:42 by Philipp Esselbach 0

teTeX, pTeX, CSTeX updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: teTeX, pTeX, CSTeX: Multiple vulnerabilities
Date: January 23, 2005
Bugs: #75801
ID: 200501-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues.

GLSA 200501-29: Mailman: Cross-site scripting vulnerability

Gentoo 2504 Published 2005-01-22 04:24 by Philipp Esselbach 0

A mailman security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Mailman: Cross-site scripting vulnerability
Date: January 22, 2005
Bugs: #77524
ID: 200501-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Mailman is vulnerable to cross-site scripting attacks.

[ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::make

Gentoo 2504 Published 2005-01-21 17:12 by Philipp Esselbach 0

A Xpdf, GPdf security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
Date: January 21, 2005
Bugs: #77888, #78128
ID: 200501-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue.

[ GLSA 200501-27 ] Ethereal: Multiple vulnerabilities

Gentoo 2504 Published 2005-01-21 05:31 by Philipp Esselbach 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: January 20, 2005
Bugs: #78559
ID: 200501-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

[ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflow

Gentoo 2504 Published 2005-01-21 05:09 by Philipp Esselbach 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick: PSD decoding heap overflow
Date: January 20, 2005
Bugs: #77932
ID: 200501-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ImageMagick is vulnerable to a heap overflow when decoding Photoshop Document (PSD) files, which could lead to arbitrary code execution.

GLSA 200501-25: Squid: Multiple vulnerabilities

Gentoo 2504 Published 2005-01-16 17:19 by Philipp Esselbach 0

A Squiad security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Squid: Multiple vulnerabilities
Date: January 16, 2005
Bugs: #77934, #77521
ID: 200501-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squid contains vulnerabilities in the the code handling NTLM (NT Lan Manager), Gopher to HTML and WCCP (Web Cache Communication Protocol) which could lead to denial of service and arbitrary code execution.

GLSA 200501-24: tnftp: Arbitrary file overwriting

Gentoo 2504 Published 2005-01-14 04:17 by Philipp Esselbach 0

A tnftp security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: tnftp: Arbitrary file overwriting
Date: January 14, 2005
Bugs: #74704
ID: 200501-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

tnftp fails to validate filenames when downloading files, making it vulnerable to arbitrary file overwriting.

GLSA 200501-23: Exim: Two buffer overflows

Gentoo 2504 Published 2005-01-12 17:30 by Philipp Esselbach 0

An Exim security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Exim: Two buffer overflows
Date: January 12, 2005
Bugs: #76893
ID: 200501-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim.

GLSA 200412-25: CUPS: Multiple vulnerabilities

Gentoo 2504 Published 2005-01-12 05:44 by Philipp Esselbach 0

A CUPS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200412-25:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 28, 2004
Updated: January 12, 2005
Bugs: #74479, #75197, #77023
ID: 200412-25:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

CUPS was vulnerable to multiple vulnerabilities and as a fix we recommended upgrading to version 1.1.23_rc1. This version is affected by a remote Denial Of Service, so we now recommend upgrading to the final 1.1.23 release which does not have any known vulnerability.

The updated sections appear below.

GLSA 200501-22: poppassd_pam: Unauthorized password changin

Gentoo 2504 Published 2005-01-11 16:06 by Philipp Esselbach 0

A poppassd_pam security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: poppassd_pam: Unauthorized password changing
Date: January 11, 2005
Bugs: #75820
ID: 200501-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

poppassd_pam allows anyone to change any user's password without authenticating the user first.

GLSA 200501-20: o3read: Buffer overflow

Gentoo 2504 Published 2005-01-11 15:54 by Philipp Esselbach 0

An o3read security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: o3read: Buffer overflow during file conversion
Date: January 11, 2005
Bugs: #74478
ID: 200501-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.

GLSA 200501-21: HylaFAX: hfaxd unauthorized login vulnerabi

Gentoo 2504 Published 2005-01-11 15:34 by Philipp Esselbach 0

A HylaFAX security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: HylaFAX: hfaxd unauthorized login vulnerability
Date: January 11, 2005
Bugs: #75941
ID: 200501-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

HylaFAX is subject to a vulnerability in its username matching code, potentially allowing remote users to bypass access control lists.

GLSA 200501-19: imlib2: Buffer overflows in image decoding

Gentoo 2504 Published 2005-01-11 15:32 by Philipp Esselbach 0

An imlib2 security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: imlib2: Buffer overflows in image decoding
Date: January 11, 2005
Bugs: #77002
ID: 200501-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple overflows have been found in the imlib2 library image decoding routines, potentially allowing the execution of arbitrary code.

GLSA 200501-17: KPdf, KOffice

Gentoo 2504 Published 2005-01-11 14:57 by Philipp Esselbach 0

A Xpdf security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KPdf, KOffice: More vulnerabilities in included Xpdf
Date: January 11, 2005
Bugs: #75203, #75204
ID: 200501-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file.

GLSA 200501-16: Konqueror: Java sandbox vulnerabilities

Gentoo 2504 Published 2005-01-11 14:50 by Philipp Esselbach 0

A konqueror security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Konqueror: Java sandbox vulnerabilities
Date: January 11, 2005
Bugs: #72750
ID: 200501-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

GLSA 200501-15: UnRTF: Buffer overflow

Gentoo 2504 Published 2005-01-11 04:43 by Philipp Esselbach 0

An UnRTF security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: UnRTF: Buffer overflow
Date: January 10, 2005
Bugs: #74480
ID: 200501-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file.

GLSA 200501-14: mpg123: Buffer overflow

Gentoo 2504 Published 2005-01-11 04:42 by Philipp Esselbach 0

A mpg123 security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mpg123: Buffer overflow
Date: January 10, 2005
Bugs: #76862
ID: 200501-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

An attacker may be able to execute arbitrary code by way of specially crafted MP2 or MP3 files.

GLSA 200501-13: pdftohtml: Vulnerabilities in included Xpdf

Gentoo 2504 Published 2005-01-10 08:02 by Philipp Esselbach 0

A pdftohtml security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: pdftohtml: Vulnerabilities in included Xpdf
Date: January 10, 2005
Bugs: #75200
ID: 200501-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.

GLSA 200501-12: TikiWiki: Arbitrary command execution

Gentoo 2504 Published 2005-01-10 08:00 by Philipp Esselbach 0

A TikiWiki security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: TikiWiki: Arbitrary command execution
Date: January 10, 2005
Bugs: #75568
ID: 200501-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts.

GLSA 200501-11: Dillo: Format string vulnerability

Gentoo 2504 Published 2005-01-09 18:58 by Philipp Esselbach 0

A Dillo security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Dillo: Format string vulnerability
Date: January 09, 2005
Bugs: #76665
ID: 200501-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Dillo is vulnerable to a format string bug, which may result in the execution of arbitrary code.

GLSA 200501-10: Vilistextum: Buffer overflow vulnerability

Gentoo 2504 Published 2005-01-06 19:52 by Philipp Esselbach 0

A Vilistextum security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Vilistextum: Buffer overflow vulnerability
Date: January 06, 2005
Bugs: #74694
ID: 200501-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Vilistextum is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious webpage.

GLSA 200501-09: xzgv: Multiple overflows

Gentoo 2504 Published 2005-01-06 19:51 by Philipp Esselbach 0

A xzgv security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xzgv: Multiple overflows
Date: January 06, 2005
Bugs: #74069
ID: 200501-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

xzgv contains multiple overflows that may lead to the execution of arbitrary code.

GLSA 200501-08: phpGroupWare: Various vulnerabilities

Gentoo 2504 Published 2005-01-06 16:13 by Philipp Esselbach 0

A phpGroupWare security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: phpGroupWare: Various vulnerabilities
Date: January 06, 2005
Bugs: #74487
ID: 200501-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities have been discovered in phpGroupWare that could lead to information disclosure or remote compromise.

GLSA 200501-07: xine-lib: Multiple overflows

Gentoo 2504 Published 2005-01-06 15:34 by Philipp Esselbach 0

A xine-lib security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xine-lib: Multiple overflows
Date: January 06, 2005
Bugs: #74475
ID: 200501-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

xine-lib contains multiple overflows potentially allowing execution of arbitrary code.

GLSA 200501-06: tiff: New overflows in image decoding

Gentoo 2504 Published 2005-01-05 20:19 by Philipp Esselbach 0

A tiff security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: tiff: New overflows in image decoding
Date: January 05, 2005
Bugs: #75213
ID: 200501-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

An integer overflow has been found in the TIFF library image decoding routines and the tiffdump utility, potentially allowing arbitrary code execution.

GLSA 200501-05: mit-krb5: Heap overflow in libkadm5srv

Gentoo 2504 Published 2005-01-05 20:18 by Philipp Esselbach 0

A mit-krb5 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: mit-krb5: Heap overflow in libkadm5srv
Date: January 05, 2005
Bugs: #75143
ID: 200501-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The MIT Kerberos 5 administration library (libkadm5srv) contains a heap overflow that could lead to execution of arbitrary code.

GLSA 200501-04: Shoutcast Server: Remote code execution

Gentoo 2504 Published 2005-01-05 19:23 by Philipp Esselbach 0

A Shoutcast Server security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Shoutcast Server: Remote code execution
Date: January 05, 2005
Bugs: #75482
ID: 200501-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Shoutcast Server contains a possible buffer overflow that could lead to the execution of arbitrary code.

GLSA 200501-02: a2ps: Insecure temporary files handling

Gentoo 2504 Published 2005-01-04 18:18 by Philipp Esselbach 0

An a2ps security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: a2ps: Insecure temporary files handling
Date: January 04, 2005
Bugs: #75784
ID: 200501-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The fixps and psmandup scripts in the a2ps package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200501-01: LinPopUp: Buffer overflow in message reply

Gentoo 2504 Published 2005-01-04 18:17 by Philipp Esselbach 0

A LinPopUp security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: LinPopUp: Buffer overflow in message reply
Date: January 04, 2005
Bugs: #74705
ID: 200501-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

LinPopUp contains a buffer overflow potentially allowing execution of arbitrary code.

GLSA 200412-26: ViewCVS: Information leak

Gentoo 2504 Published 2004-12-28 18:26 by Philipp Esselbach 0

A ViewCVS security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: ViewCVS: Information leak and XSS vulnerabilities
Date: December 28, 2004
Bugs: #72461, #73772
ID: 200412-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ViewCVS is vulnerable to an information leak and to cross-site scripting (XSS) issues.

GLSA 200412-25: CUPS: Multiple vulnerabilities

Gentoo 2504 Published 2004-12-28 18:16 by Philipp Esselbach 0

A CUPS security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 28, 2004
Bugs: #74479, #75197
ID: 200412-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities have been found in CUPS, ranging from local Denial of Service attacks to the remote execution of arbitrary code.

GLSA 200412-24: Xpdf, GPdf: New integer overflows

Gentoo 2504 Published 2004-12-28 18:15 by Philipp Esselbach 0

New Xpdf, GPdf security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Xpdf, GPdf: New integer overflows
Date: December 28, 2004
Bugs: #75191, #75201
ID: 200412-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

New integer overflows were discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issues.

GLSA 200412-23: Zwiki: XSS vulnerability

Gentoo 2504 Published 2004-12-22 04:11 by Philipp Esselbach 0

A Zwiki security update is available for Gento Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Zwiki: XSS vulnerability
Date: December 21, 2004
Bugs: #72315
ID: 200412-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Zwiki is vulnerable to cross-site scripting attacks.

GLSA 200412-22: mpg123: Playlist buffer overflow

Gentoo 2504 Published 2004-12-21 17:14 by Philipp Esselbach 0

A mpg123 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mpg123: Playlist buffer overflow
Date: December 21, 2004
Bugs: #74692
ID: 200412-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.

GLSA 200412-21: MPlayer: Multiple overflows

Gentoo 2504 Published 2004-12-20 16:41 by Philipp Esselbach 0

A MPlayer security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MPlayer: Multiple overflows
Date: December 20, 2004
Bugs: #74473
ID: 200412-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code.

GLSA 200412-20: NASM: Buffer overflow vulnerability

Gentoo 2504 Published 2004-12-20 09:10 by Philipp Esselbach 0

A NASM security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: NASM: Buffer overflow vulnerability
Date: December 20, 2004
Bugs: #74477
ID: 200412-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

NASM is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious object file.

GLSA 200410-12: WordPress: HTTP response splitting

Gentoo 2504 Published 2004-12-19 18:37 by Philipp Esselbach 0

Another WordPress security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200410-12:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: WordPress: HTTP response splitting and XSS vulnerabilities
Date: October 14, 2004
Updated: December 19, 2004
Bugs: #65798
ID: 200410-12:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

Thomas Waldegger, who discovered these vulnerabilities, reported that these issues were not fixed in version 1.2.1. After notifying the developers, they released 1.2.2 to fix these flaws.

GLSA 200412-19: phpMyAdmin: Multiple vulnerabilities

Gentoo 2504 Published 2004-12-19 18:31 by Philipp Esselbach 0

A phpMyAdmin security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpMyAdmin: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74303
ID: 200412-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpMyAdmin contains multiple vulnerabilities which could lead to file disclosure or command execution.

GLSA 200412-18: abcm2ps: Buffer overflow vulnerability

Gentoo 2504 Published 2004-12-19 18:29 by Philipp Esselbach 0

An abcm2ps security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-18:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: abcm2ps: Buffer overflow vulnerability
Date: December 19, 2004
Updated: December 19, 2004
Bugs: #74702
ID: 200412-18:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

abcm2ps is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

GLSA 200412-17: kfax: Multiple overflows

Gentoo 2504 Published 2004-12-19 18:28 by Philipp Esselbach 0

A kfax security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: kfax: Multiple overflows in the included TIFF library
Date: December 19, 2004
Bugs: #73795
ID: 200412-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

kfax contains several buffer overflows potentially leading to execution of arbitrary code.

GLSA 200412-16: kdelibs, kdebase: Multiple vulnerabilities

Gentoo 2504 Published 2004-12-19 18:22 by Philipp Esselbach 0

kdebase/libs security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: kdelibs, kdebase: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #72804, #73869
ID: 200412-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.

GLSA 200412-15: Ethereal: Multiple vulnerabilities

Gentoo 2504 Published 2004-12-19 18:20 by Philipp Esselbach 0

An Ethereal security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74443
ID: 200412-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

GLSA 200412-14: PHP: Multiple vulnerabilities

Gentoo 2504 Published 2004-12-19 18:17 by Philipp Esselbach 0

A PHP security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PHP: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74547
ID: 200412-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code.

GLSA 200412-13: Samba: Integer overflow

Gentoo 2504 Published 2004-12-18 08:04 by Philipp Esselbach 0

A Samba security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Samba: Integer overflow
Date: December 17, 2004
Bugs: #73943
ID: 200412-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Samba contains a bug that could lead to remote execution of arbitrary code.

GLSA 200412-11: Cscope: Insecure creation of temporary file

Gentoo 2504 Published 2004-12-16 19:47 by Philipp Esselbach 0

A Cscope security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Linux Security Advisory GLSA 200412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Cscope: Insecure creation of temporary files
Date: December 16, 2004
Bugs: #71595
ID: 200412-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200412-12: Adobe Acrobat Reader

Gentoo 2504 Published 2004-12-16 19:44 by Philipp Esselbach 0

An Adobe Acrobat Reader secuity update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Adobe Acrobat Reader: Buffer overflow vulnerability
Date: December 16, 2004
Bugs: #74406
ID: 200412-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

Windows

Linux

macOS

Community