An Evolution security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Evolution: Integer overflow in camel-lock-helper
Date: January 24, 2005
Bugs: #79183
ID: 200501-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
An overflow in the camel-lock-helper application can be exploited by an attacker to execute arbitrary code with elevated privileges.
A Konversation security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Konversation: Various vulnerabilities
Date: January 24, 2005
Bugs: #78712
ID: 200501-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Konversation contains multiple vulnerabilities that could lead to remote command execution or information leaks.
A MySQL security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MySQL: Insecure temporary file creation
Date: January 23, 2005
Bugs: #77805
ID: 200501-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
MySQL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
KPdf, KOffice updates are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: KPdf, KOffice: Stack overflow in included Xpdf code
Date: January 23, 2005
Bugs: #78619, #78620
ID: 200501-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.
teTeX, pTeX, CSTeX updates are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: teTeX, pTeX, CSTeX: Multiple vulnerabilities
Date: January 23, 2005
Bugs: #75801
ID: 200501-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues.
A mailman security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Mailman: Cross-site scripting vulnerability
Date: January 22, 2005
Bugs: #77524
ID: 200501-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Mailman is vulnerable to cross-site scripting attacks.
A Xpdf, GPdf security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
Date: January 21, 2005
Bugs: #77888, #78128
ID: 200501-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: January 20, 2005
Bugs: #78559
ID: 200501-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ImageMagick: PSD decoding heap overflow
Date: January 20, 2005
Bugs: #77932
ID: 200501-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
ImageMagick is vulnerable to a heap overflow when decoding Photoshop Document (PSD) files, which could lead to arbitrary code execution.
A Squiad security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Squid: Multiple vulnerabilities
Date: January 16, 2005
Bugs: #77934, #77521
ID: 200501-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Squid contains vulnerabilities in the the code handling NTLM (NT Lan Manager), Gopher to HTML and WCCP (Web Cache Communication Protocol) which could lead to denial of service and arbitrary code execution.
A tnftp security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: tnftp: Arbitrary file overwriting
Date: January 14, 2005
Bugs: #74704
ID: 200501-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
tnftp fails to validate filenames when downloading files, making it vulnerable to arbitrary file overwriting.
An Exim security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Exim: Two buffer overflows
Date: January 12, 2005
Bugs: #76893
ID: 200501-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim.
A CUPS security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200412-25:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 28, 2004
Updated: January 12, 2005
Bugs: #74479, #75197, #77023
ID: 200412-25:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Update
=====
CUPS was vulnerable to multiple vulnerabilities and as a fix we recommended upgrading to version 1.1.23_rc1. This version is affected by a remote Denial Of Service, so we now recommend upgrading to the final 1.1.23 release which does not have any known vulnerability.
The updated sections appear below.
A poppassd_pam security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: poppassd_pam: Unauthorized password changing
Date: January 11, 2005
Bugs: #75820
ID: 200501-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
poppassd_pam allows anyone to change any user's password without authenticating the user first.
An o3read security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: o3read: Buffer overflow during file conversion
Date: January 11, 2005
Bugs: #74478
ID: 200501-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.
A HylaFAX security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: HylaFAX: hfaxd unauthorized login vulnerability
Date: January 11, 2005
Bugs: #75941
ID: 200501-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
HylaFAX is subject to a vulnerability in its username matching code, potentially allowing remote users to bypass access control lists.
An imlib2 security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: imlib2: Buffer overflows in image decoding
Date: January 11, 2005
Bugs: #77002
ID: 200501-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple overflows have been found in the imlib2 library image decoding routines, potentially allowing the execution of arbitrary code.
A Xpdf security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: KPdf, KOffice: More vulnerabilities in included Xpdf
Date: January 11, 2005
Bugs: #75203, #75204
ID: 200501-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file.
A konqueror security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Konqueror: Java sandbox vulnerabilities
Date: January 11, 2005
Bugs: #72750
ID: 200501-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.
An UnRTF security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: UnRTF: Buffer overflow
Date: January 10, 2005
Bugs: #74480
ID: 200501-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file.
A mpg123 security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: mpg123: Buffer overflow
Date: January 10, 2005
Bugs: #76862
ID: 200501-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
An attacker may be able to execute arbitrary code by way of specially crafted MP2 or MP3 files.
A pdftohtml security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: pdftohtml: Vulnerabilities in included Xpdf
Date: January 10, 2005
Bugs: #75200
ID: 200501-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.
A TikiWiki security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: TikiWiki: Arbitrary command execution
Date: January 10, 2005
Bugs: #75568
ID: 200501-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts.
A Dillo security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Dillo: Format string vulnerability
Date: January 09, 2005
Bugs: #76665
ID: 200501-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Dillo is vulnerable to a format string bug, which may result in the execution of arbitrary code.
A Vilistextum security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Vilistextum: Buffer overflow vulnerability
Date: January 06, 2005
Bugs: #74694
ID: 200501-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Vilistextum is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious webpage.
A xzgv security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xzgv: Multiple overflows
Date: January 06, 2005
Bugs: #74069
ID: 200501-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
xzgv contains multiple overflows that may lead to the execution of arbitrary code.
A phpGroupWare security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: phpGroupWare: Various vulnerabilities
Date: January 06, 2005
Bugs: #74487
ID: 200501-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in phpGroupWare that could lead to information disclosure or remote compromise.
A xine-lib security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xine-lib: Multiple overflows
Date: January 06, 2005
Bugs: #74475
ID: 200501-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
xine-lib contains multiple overflows potentially allowing execution of arbitrary code.
A tiff security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: tiff: New overflows in image decoding
Date: January 05, 2005
Bugs: #75213
ID: 200501-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
An integer overflow has been found in the TIFF library image decoding routines and the tiffdump utility, potentially allowing arbitrary code execution.
A mit-krb5 security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: mit-krb5: Heap overflow in libkadm5srv
Date: January 05, 2005
Bugs: #75143
ID: 200501-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The MIT Kerberos 5 administration library (libkadm5srv) contains a heap overflow that could lead to execution of arbitrary code.
A Shoutcast Server security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Shoutcast Server: Remote code execution
Date: January 05, 2005
Bugs: #75482
ID: 200501-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Shoutcast Server contains a possible buffer overflow that could lead to the execution of arbitrary code.
An a2ps security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: a2ps: Insecure temporary files handling
Date: January 04, 2005
Bugs: #75784
ID: 200501-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The fixps and psmandup scripts in the a2ps package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
A LinPopUp security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: LinPopUp: Buffer overflow in message reply
Date: January 04, 2005
Bugs: #74705
ID: 200501-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
LinPopUp contains a buffer overflow potentially allowing execution of arbitrary code.
A ViewCVS security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: ViewCVS: Information leak and XSS vulnerabilities
Date: December 28, 2004
Bugs: #72461, #73772
ID: 200412-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
ViewCVS is vulnerable to an information leak and to cross-site scripting (XSS) issues.
A CUPS security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 28, 2004
Bugs: #74479, #75197
ID: 200412-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in CUPS, ranging from local Denial of Service attacks to the remote execution of arbitrary code.
New Xpdf, GPdf security updates are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xpdf, GPdf: New integer overflows
Date: December 28, 2004
Bugs: #75191, #75201
ID: 200412-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
New integer overflows were discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issues.
A Zwiki security update is available for Gento Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Zwiki: XSS vulnerability
Date: December 21, 2004
Bugs: #72315
ID: 200412-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Zwiki is vulnerable to cross-site scripting attacks.
A mpg123 security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: mpg123: Playlist buffer overflow
Date: December 21, 2004
Bugs: #74692
ID: 200412-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.
A MPlayer security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MPlayer: Multiple overflows
Date: December 20, 2004
Bugs: #74473
ID: 200412-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code.
A NASM security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: NASM: Buffer overflow vulnerability
Date: December 20, 2004
Bugs: #74477
ID: 200412-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
NASM is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious object file.
Another WordPress security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200410-12:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: WordPress: HTTP response splitting and XSS vulnerabilities
Date: October 14, 2004
Updated: December 19, 2004
Bugs: #65798
ID: 200410-12:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Update
=====
Thomas Waldegger, who discovered these vulnerabilities, reported that these issues were not fixed in version 1.2.1. After notifying the developers, they released 1.2.2 to fix these flaws.
A phpMyAdmin security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpMyAdmin: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74303
ID: 200412-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
phpMyAdmin contains multiple vulnerabilities which could lead to file disclosure or command execution.
An abcm2ps security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-18:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: abcm2ps: Buffer overflow vulnerability
Date: December 19, 2004
Updated: December 19, 2004
Bugs: #74702
ID: 200412-18:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
abcm2ps is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.
A kfax security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: kfax: Multiple overflows in the included TIFF library
Date: December 19, 2004
Bugs: #73795
ID: 200412-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
kfax contains several buffer overflows potentially leading to execution of arbitrary code.
kdebase/libs security updates are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: kdelibs, kdebase: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #72804, #73869
ID: 200412-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.
An Ethereal security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74443
ID: 200412-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.
A PHP security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PHP: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74547
ID: 200412-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code.
A Samba security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Samba: Integer overflow
Date: December 17, 2004
Bugs: #73943
ID: 200412-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Samba contains a bug that could lead to remote execution of arbitrary code.
A Cscope security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Linux Security Advisory GLSA 200412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Cscope: Insecure creation of temporary files
Date: December 16, 2004
Bugs: #71595
ID: 200412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
An Adobe Acrobat Reader secuity update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Acrobat Reader: Buffer overflow vulnerability
Date: December 16, 2004
Bugs: #74406
ID: 200412-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.