GLSA 200504-19: MPlayer: Two heap overflow vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A MPlayer security update has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MPlayer: Two heap overflow vulnerabilities
Date: April 20, 2005
Bugs: #89277
ID: 200504-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two vulnerabilities have been found in MPlayer which could lead to the remote execution of arbitrary code.

GLSA 200504-18: Mozilla Firefox, Mozilla Suite

Gentoo 2503 Published by Philipp Esselbach 0

Mozilla security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities
Date: April 19, 2005
Bugs: #89303, #89305
ID: 200504-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

New Mozilla Firefox and Mozilla Suite releases fix new security vulnerabilities, including memory disclosure and various ways of executing JavaScript code with elevated privileges.

GLSA 200504-17: XV: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A XV security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: XV: Multiple vulnerabilities
Date: April 19, 2005
Bugs: #88742
ID: 200504-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities have been discovered in XV, potentially resulting in the execution of arbitrary code.

GLSA 200504-16: CVS: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A CVS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: CVS: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #86476
ID: 200504-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several serious vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server or cause a DoS.

GLSA 200504-15: PHP: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A PHP security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PHP: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #87517
ID: 200504-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities were found and fixed in PHP image handling functions, potentially resulting in Denial of Service conditions or the remote execution of arbitrary code.

GLSA 200504-14: monkeyd: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A monkeyd security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: monkeyd: Multiple vulnerabilities
Date: April 15, 2005
Bugs: #87916
ID: 200504-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Format string and Denial of Service vulnerabilities have been discovered in the monkeyd HTTP server, potentially resulting in the execution of arbitrary code.

GLSA 200504-13: OpenOffice.Org: DOC document Heap Overflow

Gentoo 2503 Published by Philipp Esselbach 0

An OpenOffice.Org security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: OpenOffice.Org: DOC document Heap Overflow
Date: April 15, 2005
Bugs: #88863
ID: 200504-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

OpenOffice.Org is vulnerable to a heap overflow when processing DOC documents, which could lead to arbitrary code execution.

GLSA 200504-12: rsnapshot: Local privilege escalation

Gentoo 2503 Published by Philipp Esselbach 0

A rsnapshot security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: rsnapshot: Local privilege escalation
Date: April 13, 2005
Bugs: #88681
ID: 200504-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

rsnapshot allow a local user to take ownership of local files, resulting in privilege escalation.

GLSA 200504-11: JunkBuster: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A JunkBuster security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: JunkBuster: Multiple vulnerabilities
Date: April 13, 2005
Bugs: #88537
ID: 200504-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

JunkBuster is vulnerable to a heap corruption vulnerability, and under certain configurations may allow an attacker to modify settings.

GLSA 200504-10: Gld: Remote execution of arbitrary code

Gentoo 2503 Published by Philipp Esselbach 0

A gld security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Gld: Remote execution of arbitrary code
Date: April 13, 2005
Bugs: #88904
ID: 200504-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gld contains several serious vulnerabilities, potentially resulting in the execution of arbitrary code as the root user.

GLSA 200504-09: Axel: Vulnerability in HTTP redirection handling

Gentoo 2503 Published by Philipp Esselbach 0

An Axel security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Axel: Vulnerability in HTTP redirection handling
Date: April 12, 2005
Bugs: #88264
ID: 200504-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow vulnerability has been found in Axel which could lead to the execution of arbitrary code.

GLSA 200504-08: phpMyAdmin: Cross-site scripting

Gentoo 2503 Published by Philipp Esselbach 0

A phpMyAdmin update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: phpMyAdmin: Cross-site scripting vulnerability
Date: April 11, 2005
Bugs: #87952
ID: 200504-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpMyAdmin is vulnerable to a cross-site scripting attack.

UPDATE: GLSA 200503-35: Smarty: Template vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A Smarty security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200503-35:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Smarty: Template vulnerability
Date: March 30, 2005
Updated: April 09, 2005
Bugs: #86488
ID: 200503-35:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

New ways of bypassing Smarty's "Template security" were found and fixed in Smarty. Users making use of that feature are encouraged to upgrade to version 2.6.9.

The updated sections appear below.

GLSA 200504-07: GnomeVFS, libcdaudio: CDDB response overflow

Gentoo 2503 Published by Philipp Esselbach 0

A GnomeVFS security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GnomeVFS, libcdaudio: CDDB response overflow
Date: April 08, 2005
Bugs: #84936
ID: 200504-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code.

GLSA 200504-06: sharutils: Insecure temporary file creation

Gentoo 2503 Published by Philipp Esselbach 0

A sharutils security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: sharutils: Insecure temporary file creation
Date: April 06, 2005
Bugs: #87939
ID: 200504-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The unshar utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200504-05: Gaim: Denial of Service issues

Gentoo 2503 Published by Philipp Esselbach 0

A Gaim security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Gaim: Denial of Service issues
Date: April 06, 2005
Updated: April 06, 2005
Bugs: #87903
ID: 200504-05:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gaim contains multiple vulnerabilities that can lead to a Denial of Service.

GLSA 200504-04: mit-krb5: Multiple buffer overflows in telnet

Gentoo 2503 Published by Philipp Esselbach 0

A mit-krb5 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mit-krb5: Multiple buffer overflows in telnet client
Date: April 06, 2005
Bugs: #87145
ID: 200504-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The mit-krb5 telnet client is vulnerable to two buffer overflows, which could allow a malicious telnet server operator to execute arbitrary code.

GLSA 200504-03: Dnsmasq: Poisoning and Denial of Service

Gentoo 2503 Published by Philipp Esselbach 0

A Dnsmasq security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Dnsmasq: Poisoning and Denial of Service vulnerabilities
Date: April 04, 2005
Bugs: #86718
ID: 200504-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Dnsmasq is vulnerable to DNS cache poisoning attacks and a potential Denial of Service from the local network.

GLSA 200504-02: Sylpheed, Sylpheed-claws: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A Sylpheed, Sylpheed-claws security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Sylpheed, Sylpheed-claws: Buffer overflow on message
display
Date: April 02, 2005
Bugs: #86541
ID: 200504-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered when displaying messages with specially crafted attachments.

GLSA 200504-01: telnet-bsd: Multiple buffer overflows

Gentoo 2503 Published by Philipp Esselbach 0

A telnet-bsd security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: telnet-bsd: Multiple buffer overflows
Date: April 01, 2005
Bugs: #87019
ID: 200504-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The telnet-bsd telnet client is vulnerable to two buffer overflows, which could allow a malicious telnet server operator to execute arbitrary code.

GLSA 200503-37: LimeWire: Disclosure of sensitive informati

Gentoo 2503 Published by Philipp Esselbach 0

A LimeWare security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: LimeWire: Disclosure of sensitive information
Date: March 31, 2005
Bugs: #85380
ID: 200503-37

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two vulnerabilities in LimeWire can be exploited to disclose sensitive information.

GLSA 200503-36: netkit-telnetd: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A netkit-telnetd security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: netkit-telnetd: Buffer overflow
Date: March 31, 2005
Bugs: #87211
ID: 200503-36

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The netkit-telnetd telnet client is vulnerable to a buffer overflow, which could allow a malicious telnet server operator to execute arbitrary code.

GLSA 200503-35: Smarty: Template vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A Smarty ecurity update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Smarty: Template vulnerability
Date: March 30, 2005
Bugs: #86488
ID: 200503-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Smarty's "Template security" feature can be bypassed, potentially allowing a remote attacker to execute arbitrary PHP code.

GLSA 200503-34: mpg321: Format string vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A mpg321 security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mpg321: Format string vulnerability
Date: March 28, 2005
Bugs: #86033
ID: 200503-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw in the processing of ID3 tags in mpg321 could potentially lead to the execution of arbitrary code.

GLSA 200503-33: IPsec-Tools: racoon Denial of Service

Gentoo 2503 Published by Philipp Esselbach 0

An IPsec-Tools security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: IPsec-Tools: racoon Denial of Service
Date: March 25, 2005
Bugs: #84479
ID: 200503-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability.

GLSA 200503-29: GnuPG: OpenPGP protocol attack

Gentoo 2503 Published by Philipp Esselbach 0

A GnuPG security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: GnuPG: OpenPGP protocol attack
Date: March 24, 2005
Bugs: #85547
ID: 200503-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Automated systems using GnuPG may leak plaintext portions of an encrypted message.

GLSA 200503-28: Sun Java: Web Start argument injection

Gentoo 2503 Published by Philipp Esselbach 0

A Sun Java security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Sun Java: Web Start argument injection vulnerability
Date: March 24, 2005
Bugs: #85804
ID: 200503-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Java Web Start JNLP files can be abused to evade sandbox restriction and execute arbitrary code.

GLSA 200503-27: Xzabite dyndnsupdate: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A Xzabite dyndnsupdate security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Xzabite dyndnsupdate: Multiple vulnerabilities
Date: March 21, 2005
Bugs: #84659
ID: 200503-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Xzabite's dyndnsupdate software suffers from multiple vulnerabilities, potentially resulting in the remote execution of arbitrary code.

GLSA 200503-26: Sylpheed, Sylpheed-claws

Gentoo 2503 Published by Philipp Esselbach 0

Sylpheed, Sylpheed-claws security update are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Sylpheed, Sylpheed-claws: Message reply overflow
Date: March 20, 2005
Bugs: #84056
ID: 200503-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered when replying to specially crafted messages.

GLSA 200503-24: LTris: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A LTris security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: LTris: Buffer overflow
Date: March 20, 2005
Bugs: #85770
ID: 200503-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

LTris is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

GLSA 200503-23: rxvt-unicode: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A rxvt-unicode security update is availalble for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: rxvt-unicode: Buffer overflow
Date: March 20, 2005
Bugs: #84680
ID: 200503-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

rxvt-unicode is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.

GLSA 200503-21: Grip: CDDB response overflow

Gentoo 2503 Published by Philipp Esselbach 0

A Grip security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Grip: CDDB response overflow
Date: March 17, 2005
Bugs: #84704
ID: 200503-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Grip contains a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code.

GLSA 200503-20: curl: NTLM response buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A curl security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: curl: NTLM response buffer overflow
Date: March 16, 2005
Bugs: #82534
ID: 200503-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

curl is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

GLSA 200503-19: MySQL: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A MySQL security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Multiple vulnerabilities
Date: March 16, 2005
Bugs: #84819
ID: 200503-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MySQL contains several vulnerabilities potentially leading to the overwriting of local files or to the execution of arbitrary code.

GLSA 200501-38: Perl: rmtree and DBI tmpfile

Gentoo 2503 Published by Philipp Esselbach 0

A Perl security update is availble for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200501-38:03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Perl: rmtree and DBI tmpfile vulnerabilities
Date: January 26, 2005
Updated: March 15, 2005
Bugs: #75696, #78634, #79685
ID: 200501-38:03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

The rmtree race conditions were only partly fixed in the original GLSA. New versions of dev-lang/perl have been released to address the remaining issues (CAN-2005-0448).

The updated sections appear below.

GLSA 200503-18: Ringtone Tools: Buffer overflow

Gentoo 2503 Published by Philipp Esselbach 0

A Ringtone Tools security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Ringtone Tools: Buffer overflow vulnerability
Date: March 15, 2005
Bugs: #74700
ID: 200503-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Ringtone Tools utilities contain a buffer overflow vulnerability, potentially leading to the execution of arbitrary code.

GLSA 200503-17: libexif: Buffer overflow vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A libexif security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: libexif: Buffer overflow vulnerability
Date: March 12, 2005
Bugs: #84076
ID: 200503-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

libexif fails to validate certain inputs, making it vulnerable to buffer overflows.

GLSA 200503-16: Ethereal: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

An Ethereal security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: March 12, 2005
Bugs: #84547
ID: 200503-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program.

GLSA 200503-15: X.org: libXpm vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A libXpm security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: X.org: libXpm vulnerability
Date: March 12, 2005
Updated: March 12, 2005
Bugs: #83598
ID: 200503-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A new vulnerability has been discovered in libXpm, which is included in X.org, that can potentially lead to remote code execution.

GLSA 200503-14: KDE dcopidlng: Insecure temporary file creation

Gentoo 2503 Published by Philipp Esselbach 0

A KDE dcopidlng security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KDE dcopidlng: Insecure temporary file creation
Date: March 07, 2005
Bugs: #81652
ID: 200503-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The dcopidlng script is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200503-13: mlterm: Integer overflow vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A mlterm security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mlterm: Integer overflow vulnerability
Date: March 07, 2005
Bugs: #84174
ID: 200503-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

mlterm is vulnerable to an integer overflow, which could potentially allow the execution of arbitrary code.

GLSA 200503-12: Hashcash: Format string vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A Hashcash security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Hashcash: Format string vulnerability
Date: March 06, 2005
Bugs: #83541
ID: 200503-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A format string vulnerability in the Hashcash utility could allow an attacker to execute arbitrary code.

GLSA 200503-11: ImageMagick: Filename handling vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

An ImageMagick security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick: Filename handling vulnerability
Date: March 06, 2005
Bugs: #83542
ID: 200503-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A format string vulnerability exists in ImageMagick that may allow an attacker to execute arbitrary code.

GLSA 200503-10: Mozilla Firefox: Various vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A Mozilla Firefox security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Firefox: Various vulnerabilities
Date: March 04, 2005
Bugs: #83267
ID: 200503-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Mozilla Firefox is vulnerable to a local file deletion issue and to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content.

GLSA 200503-09: xv: Filename handling vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

a xv security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xv: Filename handling vulnerability
Date: March 04, 2005
Bugs: #83686
ID: 200503-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

xv contains a format string vulnerability, potentially resulting in the execution of arbitrary code.

GLSA 200503-08: OpenMotif, LessTif

Gentoo 2503 Published by Philipp Esselbach 0

OpenMotif, LessTif security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: OpenMotif, LessTif: New libXpm buffer overflows
Date: March 04, 2005
Bugs: #83655, #83656
ID: 200503-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A new vulnerability has been discovered in libXpm, which is included in OpenMotif and LessTif, that can potentially lead to remote code execution.

GLSA 200503-07: phpMyAdmin: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A phpMyAdmin security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: phpMyAdmin: Multiple vulnerabilities
Date: March 03, 2005
Bugs: #83190, #83792
ID: 200503-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpMyAdmin contains multiple vulnerabilities that could lead to command execution, XSS issues and bypass of security restrictions.

GLSA 200503-06: BidWatcher: Format string vulnerability

Gentoo 2503 Published by Philipp Esselbach 0

A BidWatcher security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: BidWatcher: Format string vulnerability
Date: March 03, 2005
Bugs: #82460
ID: 200503-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

BidWatcher is vulnerable to a format string vulnerability, potentially allowing arbitrary code execution.

GLSA 200503-05: xli, xloadimage: Multiple vulnerabilities

Gentoo 2503 Published by Philipp Esselbach 0

A xli, xloadimage security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xli, xloadimage: Multiple vulnerabilities
Date: March 02, 2005
Bugs: #79762
ID: 200503-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

xli and xloadimage are vulnerable to multiple issues, potentially leading to the execution of arbitrary code.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...