http://permalink.gmane.org/gmane.linux.gentoo.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.linux.gentoo.announce/1636 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238570, #241940, #242722 ID: 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Background ========== Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ----------------------- Robert Buchholz 2008-12-02T17:55:03 http://permalink.gmane.org/gmane.linux.gentoo.announce/1635 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: December 02, 2008 Bugs: #234099, #237806, #239346, #245960 ID: 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / U Robert Buchholz 2008-12-02T17:42:03 http://permalink.gmane.org/gmane.linux.gentoo.announce/1634 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsamplerate: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #237037 ID: 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Background ========== Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected --------------------------- Robert Buchholz 2008-12-02T17:40:19 http://permalink.gmane.org/gmane.linux.gentoo.announce/1633 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238180 ID: 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Background ========== lighttpd is a lightweight high-performance web server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 Robert Buchholz 2008-12-02T17:33:06 http://permalink.gmane.org/gmane.linux.gentoo.announce/1632 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPsec-Tools: racoon Denial of Service Date: December 02, 2008 Bugs: #232831 ID: 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Background ========== IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Robert Buchholz 2008-12-02T17:30:56 http://permalink.gmane.org/gmane.linux.gentoo.announce/1631 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: enscript: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #243228 ID: 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two buffer overflows in enscript might lead to the execution of arbitrary code. Background ========== enscript is a powerful ASCII to PostScript file converter. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------ Robert Buchholz 2008-12-02T17:28:07 http://permalink.gmane.org/gmane.linux.gentoo.announce/1630 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OptiPNG: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #246522 ID: 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. Background ========== OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------ Robert Buchholz 2008-12-02T17:25:54 http://permalink.gmane.org/gmane.linux.gentoo.announce/1629 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 16, 2008 Bugs: #209148, #212211, #215266, #228369, #230575, #234102 ID: 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= -------------------------------------------------------- Tobias Heinlein 2008-11-16T16:08:59 http://permalink.gmane.org/gmane.linux.gentoo.announce/1628 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Graphviz: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #240636 ID: 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file. Background ========== Graphviz is an open source graph visualization software. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------------------- Tobias Heinlein 2008-11-09T21:01:08 http://permalink.gmane.org/gmane.linux.gentoo.announce/1627 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FAAD2: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #238445 ID: 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in FAAD2 might lead to user-assisted execution of arbitrary code via an MP4 file. Background ========== FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ----------------------------------------------------- Tobias Heinlein 2008-11-09T20:59:25 http://permalink.gmane.org/gmane.linux.gentoo.announce/1626 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gallery: Multiple vulnerabilities Date: November 09, 2008 Bugs: #234137, #238113 ID: 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials. Background ========== Gallery is an open source web based photo album organizer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------------- Tobias Heinlein 2008-11-09T20:56:41 http://permalink.gmane.org/gmane.linux.gentoo.announce/1625 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: November 03, 2008 Bugs: #235298, #240500, #243060, #244980 ID: 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Opera, allowing for the execution of arbitrary code. Background ========== Opera is a fast web browser that is available free of charge. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------- Tobias Heinlein 2008-11-03T18:50:10 http://permalink.gmane.org/gmane.linux.gentoo.announce/1624 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libspf2: DNS response buffer overflow Date: October 30, 2008 Bugs: #242254 ID: 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A memory management error in libspf2 might allow for remote execution of arbitrary code. Background ========== libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Affected packages ================= ------------------------------------------- Robert Buchholz 2008-10-30T21:27:08 http://permalink.gmane.org/gmane.linux.gentoo.announce/1623 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WordNet: Execution of arbitrary code Date: October 07, 2008 Bugs: #211491 ID: 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Background ========== WordNet is a large lexical database of English. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- Tobias Heinlein 2008-10-07T18:13:38 http://permalink.gmane.org/gmane.linux.gentoo.announce/1622 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Portage: Untrusted search path local root vulnerability Date: October 09, 2008 Bugs: #239560 ID: 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. Background ========== Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Affected packages ================= ------------------------------------------ Robert Buchholz 2008-10-09T17:36:48 http://permalink.gmane.org/gmane.linux.gentoo.announce/1621 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Multiple Denials of Service Date: September 25, 2008 Bugs: #236665 ID: 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in ClamAV may result in a Denial of Service. Background ========== Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------------- Pierre-Yves Rofes 2008-09-25T21:23:08 http://permalink.gmane.org/gmane.linux.gentoo.announce/1620 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple Denials of Service Date: September 25, 2008 Bugs: #236515 ID: 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Background ========== Wireshark is a network protocol analyzer with a graphical front-end. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------------------------- Pierre-Yves Rofes 2008-09-25T21:15:47 http://permalink.gmane.org/gmane.linux.gentoo.announce/1619 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Git: User-assisted execution of arbitrary code Date: September 25, 2008 Bugs: #234075 ID: 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflow vulnerabilities have been discovered in Git. Background ========== Git is a distributed version control system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 d Pierre-Yves Rofes 2008-09-25T21:09:41 http://permalink.gmane.org/gmane.linux.gentoo.announce/1618 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU ed: User-assisted execution of arbitrary code Date: September 23, 2008 Bugs: #236521 ID: 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in ed may allow for the remote execution of arbitrary code. Background ========== GNU ed is a basic line editor. red is a restricted version of ed that does not allow shell command execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Una Pierre-Yves Rofes 2008-09-23T21:56:51 http://permalink.gmane.org/gmane.linux.gentoo.announce/1617 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BitlBee: Security bypass Date: September 23, 2008 Bugs: #236160 ID: 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts. Background ========== BitlBee is an IRC to IM gateway that support multiple IM protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------------------- Pierre-Yves Rofes 2008-09-23T21:33:35 http://permalink.gmane.org/gmane.linux.gentoo.announce/1616 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: R: Insecure temporary file creation Date: September 22, 2008 Bugs: #235822 ID: 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== R is vulnerable to symlink attacks due to an insecure usage of temporary files. Background ========== R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------- Pierre-Yves Rofes 2008-09-22T20:15:42 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.gentoo.announce