http://blog.gmane.org/gmane.linux.gentoo.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.linux.gentoo.announce/1629 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 16, 2008 Bugs: #209148, #212211, #215266, #228369, #230575, #234102 ID: 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.2.6-r6 >= 5.2.6-r6 Description =========== Several vulnerabilitites were found in PHP: * PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674). * Multiple crash issues in several PHP functions have been discovered. * Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599). * An off-by-one error in the metaphone() function may lead to memory corruption. * Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384). * Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050). * Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051). * Stefan Esser reported that a short-coming in PHP's algorithm of seeding the random number generator might allow for predictible random numbers (CVE-2008-2107, CVE-2008-2108). * The IMAP extension in PHP uses obsolete c-client API calls making it vulnerable to buffer overflows as no bounds checking can be done (CVE-2008-2829). * Tavis Ormandy reported a heap-based buffer overflow in pcre_compile.c in the PCRE version shipped by PHP when processing user-supplied regular expressions (CVE-2008-2371). * CzechSec reported that specially crafted font files can lead to an overflow in the imageloadfont() function in ext/gd/gd.c, which is part of the GD extension (CVE-2008-3658). * Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665, CVE-2008-2666). * Laurent Gaffie discovered a buffer overflow in the internal memnstr() function, which is used by the PHP function explode() (CVE-2008-3659). * An error in the FastCGI SAPI when processing a request with multiple dots preceding the extension (CVE-2008-3660). Impact ====== These vulnerabilities might allow a remote attacker to execute arbitrary code, to cause a Denial of Service, to circumvent security restrictions, to disclose information, and to manipulate files. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.6-r6" References ========== [ 1 ] CVE-2008-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 [ 2 ] CVE-2008-0674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674 [ 3 ] CVE-2008-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384 [ 4 ] CVE-2008-2050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050 [ 5 ] CVE-2008-2051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051 [ 6 ] CVE-2008-2107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 [ 7 ] CVE-2008-2108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108 [ 8 ] CVE-2008-2371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371 [ 9 ] CVE-2008-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665 [ 10 ] CVE-2008-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666 [ 11 ] CVE-2008-2829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 [ 12 ] CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 [ 13 ] CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 [ 14 ] CVE-2008-3660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-16T16:08:59 http://permalink.gmane.org/gmane.linux.gentoo.announce/1628 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Graphviz: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #240636 ID: 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file. Background ========== Graphviz is an open source graph visualization software. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/graphviz < 2.20.3 >= 2.20.3 Description =========== Roee Hay reported a stack-based buffer overflow in the push_subg() function in parser.y when processing a DOT file with a large number of Agraph_t elements. Impact ====== A remote attacker could entice a user or automated system to open a specially crafted DOT file in an application using Graphviz, possibly leading to the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Graphviz users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.20.3" References ========== [ 1 ] CVE-2008-4555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-09T21:01:08 http://permalink.gmane.org/gmane.linux.gentoo.announce/1627 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FAAD2: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #238445 ID: 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in FAAD2 might lead to user-assisted execution of arbitrary code via an MP4 file. Background ========== FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/faad2 < 2.6.1-r2 >= 2.6.1-r2 Description =========== The ICST-ERCIS (Peking University) reported a heap-based buffer overflow in the decodeMP4file() function in frontend/main.c. Impact ====== A remote attacker could entice a user to open a specially crafted MPEG-4 (MP4) file in an application using FAAD2, possibly leading to the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All FAAD2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.6.1-r2" References ========== [ 1 ] CVE-2008-4201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-09T20:59:25 http://permalink.gmane.org/gmane.linux.gentoo.announce/1626 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gallery: Multiple vulnerabilities Date: November 09, 2008 Bugs: #234137, #238113 ID: 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials. Background ========== Gallery is an open source web based photo album organizer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/gallery < 2.2.6 >= 2.2.6 *>= 1.5.9 Description =========== Multiple vulnerabilities have been discovered in Gallery 1 and 2: * Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when register_globals is enabled (CVE-2008-3600). * Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3662). * Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP archives containing symbolic links (CVE-2008-4129). * The vendor reported a Cross-Site Scripting vulnerability in Gallery 2 (CVE-2008-4130). Impact ====== Remote attackers could send specially crafted requests to a server running Gallery, allowing for the execution of arbitrary code when register_globals is enabled, or read arbitrary files via directory traversals otherwise. Attackers could also entice users to visit crafted links allowing for theft of login credentials. Workaround ========== There is no known workaround at this time. Resolution ========== All Gallery 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6" All Gallery 1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9" References ========== [ 1 ] CVE-2008-3600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600 [ 2 ] CVE-2008-3662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662 [ 3 ] CVE-2008-4129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129 [ 4 ] CVE-2008-4130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-09T20:56:41 http://permalink.gmane.org/gmane.linux.gentoo.announce/1625 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: November 03, 2008 Bugs: #235298, #240500, #243060, #244980 ID: 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Opera, allowing for the execution of arbitrary code. Background ========== Opera is a fast web browser that is available free of charge. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 9.62 >= 9.62 Description =========== Multiple vulnerabilities have been discovered in Opera: * Opera does not restrict the ability of a framed web page to change the address associated with a different frame (CVE-2008-4195). * Chris Weber (Casaba Security) discovered a Cross-site scripting vulnerability (CVE-2008-4196). * Michael A. Puls II discovered that Opera can produce argument strings that contain uninitialized memory, when processing custom shortcut and menu commands (CVE-2008-4197). * Lars Kleinschmidt discovered that Opera, when rendering an HTTP page that has loaded an HTTPS page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection (CVE-2008-4198). * Opera does not prevent use of links from web pages to feed source files on the local disk (CVE-2008-4199). * Opera does not ensure that the address field of a news feed represents the feed's actual URL (CVE-2008-4200). * Opera does not check the CRL override upon encountering a certificate that lacks a CRL (CVE-2008-4292). * Chris (Matasano Security) reported that Opera may crash if it is redirected by a malicious page to a specially crafted address (CVE-2008-4694). * Nate McFeters reported that Opera runs Java applets in the context of the local machine, if that applet has been cached and a page can predict the cache path for that applet and load it from the cache (CVE-2008-4695). * Roberto Suggi Liverani (Security-Assessment.com) reported that Opera's History Search results does not escape certain constructs correctly, allowing for the injection of scripts into the page (CVE-2008-4696). * David Bloom reported that Opera's Fast Forward feature incorrectly executes scripts from a page held in a frame in the outermost page instead of the page the JavaScript URL was located (CVE-2008-4697). * David Bloom reported that Opera does not block some scripts when previewing a news feed (CVE-2008-4698). * Opera does not correctly sanitize content when certain parameters are passed to Opera's History Search, allowing scripts to be injected into the History Search results page (CVE-2008-4794). * Opera's links panel incorrectly causes scripts from a page held in a frame to be executed in the outermost page instead of the page where the URL was located (CVE-2008-4795). Impact ====== These vulnerabilties allow remote attackers to execute arbitrary code, to run scripts injected into Opera's History Search with elevated privileges, to inject arbitrary web script or HTML into web pages, to manipulate the address bar, to change Opera's preferences, to determine the validity of local filenames, to read cache files, browsing history, and subscribed feeds or to conduct other attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.62" References ========== [ 1 ] CVE-2008-4195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4195 [ 2 ] CVE-2008-4196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4196 [ 3 ] CVE-2008-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197 [ 4 ] CVE-2008-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4198 [ 5 ] CVE-2008-4199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4199 [ 6 ] CVE-2008-4200 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4200 [ 7 ] CVE-2008-4292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4292 [ 8 ] CVE-2008-4694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4694 [ 9 ] CVE-2008-4695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4695 [ 10 ] CVE-2008-4696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4696 [ 11 ] CVE-2008-4697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4697 [ 12 ] CVE-2008-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4698 [ 13 ] CVE-2008-4794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4794 [ 14 ] CVE-2008-4795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4795 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-03T18:50:10 http://permalink.gmane.org/gmane.linux.gentoo.announce/1624 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libspf2: DNS response buffer overflow Date: October 30, 2008 Bugs: #242254 ID: 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A memory management error in libspf2 might allow for remote execution of arbitrary code. Background ========== libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-filter/libspf2 < 1.2.8 >= 1.2.8 Description =========== libspf2 uses a fixed-length buffer to receive DNS responses and does not properly check the length of TXT records, leading to buffer overflows. Impact ====== A remote attacker could store a specially crafted DNS entry and entice a user or automated system using libspf2 to lookup that SPF entry (e.g. by sending an email to the MTA), possibly allowing for the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All libspf2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.8" References ========== [ 1 ] CVE-2008-2469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2469 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-10-30T21:27:08 http://permalink.gmane.org/gmane.linux.gentoo.announce/1623 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WordNet: Execution of arbitrary code Date: October 07, 2008 Bugs: #211491 ID: 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Background ========== WordNet is a large lexical database of English. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-dicts/wordnet < 3.0-r2 >= 3.0-r2 Description =========== Jukka Ruohonen initially reported a boundary error within the searchwn() function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: * Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary errors within the searchwn() function in src/wn.c, the wngrep() function in lib/search.c, the morphstr() and morphword() functions in lib/morph.c, and the getindex() in lib/search.c, which lead to stack-based buffer overflows. * Rob Holland (oCERT) reported two boundary errors within the do_init() function in lib/morph.c, which lead to stack-based buffer overflows via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables. * Rob Holland (oCERT) reported multiple boundary errors in the bin_search() and bin_search_key() functions in binsrch.c, which lead to stack-based buffer overflows via specially crafted data files. * Rob Holland (oCERT) reported a boundary error within the parse_index() function in lib/search.c, which leads to a heap-based buffer overflow via specially crafted data files. Impact ====== * In case the application is accessible e.g. via a web server, a remote attacker could pass overly long strings as arguments to the "wm" binary, possibly leading to the execution of arbitrary code. * A local attacker could exploit the second vulnerability via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables, possibly leading to the execution of arbitrary code with escalated privileges. * A local attacker could exploit the third and fourth vulnerability by making the application use specially crafted data files, possibly leading to the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All WordNet users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-dicts/wordnet-3.0-r2" References ========== [ 1 ] CVE-2008-2149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 [ 2 ] CVE-2008-3908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3908 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-10-07T18:13:38 http://permalink.gmane.org/gmane.linux.gentoo.announce/1622 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Portage: Untrusted search path local root vulnerability Date: October 09, 2008 Bugs: #239560 ID: 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. Background ========== Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/portage < 2.1.4.5 >= 2.1.4.5 Description =========== The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python code using "python -c", which includes the current working directory in Python's module search path. For several ebuild functions, Portage did not change the working directory from emerge's working directory. Impact ====== A local attacker could place a specially crafted Python module in a directory (such as /tmp) and entice the root user to run commands such as "emerge sys-apps/portage" from that directory, resulting in the execution of arbitrary Python code with root privileges. Workaround ========== Do not run "emerge" from untrusted working directories. Resolution ========== All Portage users should upgrade to the latest version: # cd /root # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.4.5" NOTE: To upgrade to Portage 2.1.4.5 using 2.1.4.4 or prior, you must run emerge from a trusted working directory, such as "/root". References ========== [ 1 ] CVE-2008-4394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4394 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-10-09T17:36:48 http://permalink.gmane.org/gmane.linux.gentoo.announce/1621 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Multiple Denials of Service Date: September 25, 2008 Bugs: #236665 ID: 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in ClamAV may result in a Denial of Service. Background ========== Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/clamav < 0.94 >= 0.94 Description =========== Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files (CVE-2008-1389). Other unspecified vulnerabilites were also reported, including a NULL pointer dereference in libclamav (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), and file descriptor leaks in libclamav/others.c and libclamav/sis.c (CVE-2008-3914). Impact ====== A remote attacker could entice a user or automated system to scan a specially crafted CHM, possibly resulting in a Denial of Service (daemon crash). The other attack vectors mentioned above could also result in a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94" References ========== [ 1 ] CVE-2008-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389 [ 2 ] CVE-2008-3912 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912 [ 3 ] CVE-2008-3913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913 [ 4 ] CVE-2008-3914 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-25T21:23:08 http://permalink.gmane.org/gmane.linux.gentoo.announce/1620 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple Denials of Service Date: September 25, 2008 Bugs: #236515 ID: 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Background ========== Wireshark is a network protocol analyzer with a graphical front-end. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.0.3 >= 1.0.3 Description =========== The following vulnerabilities were reported: * Multiple buffer overflows in the NCP dissector (CVE-2008-3146). * Infinite loop in the NCP dissector (CVE-2008-3932). * Invalid read in the tvb_uncompress() function when processing zlib compressed data (CVE-2008-3933). * Unspecified error when processing Textronix .rf5 files (CVE-2008-3934). Impact ====== A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file, causing a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.3" References ========== [ 1 ] CVE-2008-3146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146 [ 2 ] CVE-2008-3932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932 [ 3 ] CVE-2008-3933 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933 [ 4 ] CVE-2008-3934 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-25T21:15:47 http://permalink.gmane.org/gmane.linux.gentoo.announce/1619 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Git: User-assisted execution of arbitrary code Date: September 25, 2008 Bugs: #234075 ID: 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflow vulnerabilities have been discovered in Git. Background ========== Git is a distributed version control system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/git < 1.5.6.4 >= 1.5.6.4 Description =========== Multiple boundary errors in the functions diff_addremove() and diff_change() when processing overly long repository path names were reported. Impact ====== A remote attacker could entice a user to run commands like "git-diff" or "git-grep" on a specially crafted repository, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/git-1.5.6.4" References ========== [ 1 ] CVE-2008-3546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-25T21:09:41 http://permalink.gmane.org/gmane.linux.gentoo.announce/1618 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU ed: User-assisted execution of arbitrary code Date: September 23, 2008 Bugs: #236521 ID: 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in ed may allow for the remote execution of arbitrary code. Background ========== GNU ed is a basic line editor. red is a restricted version of ed that does not allow shell command execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/ed < 1.0 >= 1.0 Description =========== Alfredo Ortega from Core Security Technologies reported a heap-based buffer overflow in the strip_escapes() function when processing overly long filenames. Impact ====== A remote attacker could entice a user to process specially crafted commands with ed or red, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All GNU ed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/ed-1.0" References ========== [ 1 ] CVE-2008-3916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-23T21:56:51 http://permalink.gmane.org/gmane.linux.gentoo.announce/1617 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BitlBee: Security bypass Date: September 23, 2008 Bugs: #236160 ID: 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts. Background ========== BitlBee is an IRC to IM gateway that support multiple IM protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/bitlbee < 1.2.3 >= 1.2.3 Description =========== Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact ====== A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround ========== There is no known workaround at this time. Resolution ========== All BitlBee users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-im/bitlbee-1.2.3" References ========== [ 1 ] CVE-2008-3920 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3920 [ 2 ] CVE-2008-3969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3969 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-23T21:33:35 http://permalink.gmane.org/gmane.linux.gentoo.announce/1616 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: R: Insecure temporary file creation Date: September 22, 2008 Bugs: #235822 ID: 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== R is vulnerable to symlink attacks due to an insecure usage of temporary files. Background ========== R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/R < 2.7.1 >= 2.7.1 Description =========== Dmitry E. Oboukhov reported that the "javareconf" script uses temporary files in an insecure manner. Impact ====== A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All R users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/R-2.7.1" References ========== [ 1 ] CVE-2008-3931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3931 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-22T20:15:42 http://permalink.gmane.org/gmane.linux.gentoo.announce/1615 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Newsbeuter: User-assisted execution of arbitrary code Date: September 22, 2008 Bugs: #236506 ID: 200809-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Insufficient input validation in newsbeuter may allow remote attackers to execute arbitrary shell commands. Background ========== Newsbeuter is a RSS/Atom feed reader for the text console. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-news/newsbeuter < 1.2 >= 1.2 Description =========== J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system(). Impact ====== A remote attacker could entice a user to open a feed with specially crafted URLs, possibly resulting in the remote execution of arbitrary shell commands with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Newsbeuter users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-news/newsbeuter-1.2" References ========== [ 1 ] CVE-2008-3907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3907 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-22T20:07:04 http://permalink.gmane.org/gmane.linux.gentoo.announce/1614 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: HAVP: Denial of Service Date: September 21, 2008 Bugs: #234715 ID: 200809-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A Denial of Service vulnerability has been reported in HAVP. Background ========== HAVP is a HTTP AntiVirus Proxy. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-proxy/havp < 0.89 >= 0.89 Description =========== Peter Warasin reported an infinite loop in sockethandler.cpp when connecting to a non-responsive HTTP server. Impact ====== A remote attacker could send requests to unavailable servers, resulting in a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All HAVP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/havp-0.89" References ========== [ 1 ] CVE-2008-3688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-21T17:31:33 http://permalink.gmane.org/gmane.linux.gentoo.announce/1613 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: September 21, 2008 Bugs: #233336 ID: 200809-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Mantis. Background ========== Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.1.2 >= 1.1.2 Description =========== Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a Cross-Site Scripting vulnerability in return_dynamic_filters.php (CVE-2008-3331), and an insufficient input validation in adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability in core/lang_api.php (CVE-2008-3333) has also been reported. Impact ====== A remote attacker could exploit these vulnerabilities to execute arbitrary HTML and script code, create arbitrary users with administrative privileges, execute arbitrary PHP commands, and include arbitrary files. Workaround ========== There is no known workaround at this time. Resolution ========== All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.2" References ========== [ 1 ] CVE-2008-2276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2276 [ 2 ] CVE-2008-3331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3331 [ 3 ] CVE-2008-3332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3332 [ 4 ] CVE-2008-3333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3333 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-21T17:25:09 http://permalink.gmane.org/gmane.linux.gentoo.announce/1612 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Postfix: Denial of Service Date: September 19, 2008 Bugs: #236453 ID: 200809-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A memory leak in Postfix might allow local users to cause a Denial of Service. Background ========== Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-mta/postfix < 2.4.9 >= 2.4.9 >= 2.5.5 mail-mta/postfix < 2.5.5 >= 2.4.9 >= 2.5.5 Description =========== It has been discovered than Postfix leaks an epoll file descriptor when executing external commands, e.g. user-controlled $HOME/.forward or $HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix instances running on Linux 2.6 kernels. Impact ====== A local attacker could exploit this vulnerability to reduce the performance of Postfix, and possibly trigger an assertion, resulting in a Denial of Service. Workaround ========== Allow only trusted users to control delivery to non-Postfix commands. Resolution ========== All Postfix 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.4.9" All Postfix 2.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.5.5" References ========== [ 1 ] CVE-2008-3889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-19T20:10:45 http://permalink.gmane.org/gmane.linux.gentoo.announce/1611 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: Insecure temporary file creation Date: September 08, 2008 Bugs: #234689 ID: 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Amarok uses temporary files in an insecure manner, allowing for a symlink attack. Background ========== Amarok is an advanced music player. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/amarok < 1.4.10 >= 1.4.10 Description =========== Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete() function in magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary file in an insecure manner. Impact ====== A local attacker could perform a symlink attack to overwrite arbitrary files on the system with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Amarok users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10" References ========== [ 1 ] CVE-2008-3699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-08T18:08:57 http://permalink.gmane.org/gmane.linux.gentoo.announce/1610 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: User-assisted execution of arbitrary code Date: September 08, 2008 Bugs: #234080 ID: 200809-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer underflow vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Background ========== libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/tiff < 3.8.2-r4 >= 3.8.2-r4 Description =========== Drew Yao (Apple Product Security) and Clay Wood reported multiple buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in tif_lzw.c when processing TIFF files. Impact ====== A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r4" References ========== [ 1 ] CVE-2008-2327 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-08T17:57:53 http://permalink.gmane.org/gmane.linux.gentoo.announce/1609 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: Multiple vulnerabilities Date: September 07, 2008 Bugs: #235238, #235589 ID: 200809-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in VLC may lead to the remote execution of arbitrary code. Background ========== VLC is a cross-platform media player and streaming server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/vlc < 0.8.6i-r2 >= 0.8.6i-r2 Description =========== g_ reported the following vulnerabilities: * An integer overflow leading to a heap-based buffer overflow in the Open() function in modules/demux/tta.c (CVE-2008-3732). * A signedness error leading to a stack-based buffer overflow in the mms_ReceiveCommand() function in modules/access/mms/mmstu.c (CVE-2008-3794). Impact ====== A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6i-r2" References ========== [ 1 ] CVE-2008-3732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3732 [ 2 ] CVE-2008-3794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3794 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-07T19:21:51 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.gentoo.announce