http://blog.gmane.org/gmane.linux.gentoo.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.linux.gentoo.announce/1636 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238570, #241940, #242722 ID: 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Background ========== Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.1.4-r1 >= 1.1.4-r1 Description =========== Multiple issues have been reported in Mantis: * EgiX reported that manage_proj_page.php does not correctly sanitize the sort parameter before passing it to create_function() in core/utility_api.php (CVE-2008-4687). * Privileges of viewers are not sufficiently checked before composing a link with issue data in the source anchor (CVE-2008-4688). * Mantis does not unset the session cookie during logout (CVE-2008-4689). * Mantis does not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3102). Impact ====== Remote unauthenticated attackers could exploit these vulnerabilities to execute arbitrary PHP commands, disclose sensitive issue data, or hijack a user's sessions. Workaround ========== There is no known workaround at this time. Resolution ========== All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1" References ========== [ 1 ] CVE-2008-3102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102 [ 2 ] CVE-2008-4687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687 [ 3 ] CVE-2008-4688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688 [ 4 ] CVE-2008-4689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-12-02T17:55:03 http://comments.gmane.org/gmane.linux.gentoo.announce/1635 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: December 02, 2008 Bugs: #234099, #237806, #239346, #245960 ID: 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.7.2-r1 >= 2.7.2-r1 Description =========== Multiple vulnerabilities were reported in libxml2: * Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). * A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). * Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). * Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). * Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact ====== A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1" References ========== [ 1 ] CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 [ 2 ] CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 [ 3 ] CVE-2008-4409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409 [ 4 ] CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 [ 5 ] CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-12-02T17:42:03 http://comments.gmane.org/gmane.linux.gentoo.announce/1634 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsamplerate: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #237037 ID: 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Background ========== Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libsamplerate < 0.1.4 >= 0.1.4 Description =========== Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Impact ====== A remote attacker could entice a user or automated system to process a specially crafted audio file possibly leading to the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libsamplerate users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=media-libs/libsamplerate-0.1.4" References ========== [ 1 ] CVE-2008-5008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-12-02T17:40:19 http://comments.gmane.org/gmane.linux.gentoo.announce/1633 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238180 ID: 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Background ========== lighttpd is a lightweight high-performance web server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/lighttpd < 1.4.20 >= 1.4.20 Description =========== Multiple vulnerabilities have been reported in lighttpd: * Qhy reported a memory leak in the http_request_parse() function in request.c (CVE-2008-4298). * Gaetan Bisson reported that URIs are not decoded before applying url.redirect and url.rewrite rules (CVE-2008-4359). * Anders1 reported that mod_userdir performs case-sensitive comparisons on filename components in configuration options, which is insufficient when case-insensitive filesystems are used (CVE-2008-4360). Impact ====== A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data. Workaround ========== There is no known workaround at this time. Resolution ========== All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20" References ========== [ 1 ] CVE-2008-4298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298 [ 2 ] CVE-2008-4359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359 [ 3 ] CVE-2008-4360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-12-02T17:33:06 http://comments.gmane.org/gmane.linux.gentoo.announce/1632 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPsec-Tools: racoon Denial of Service Date: December 02, 2008 Bugs: #232831 ID: 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Background ========== IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-firewall/ipsec-tools < 0.7.1 >= 0.7.1 Description =========== Two Denial of Service vulnerabilities have been reported in racoon: * The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651). * Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely (CVE-2008-3652). Impact ====== An attacker could exploit these vulnerabilities to cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-firewall/ipsec-tools-0.7.1" References ========== [ 1 ] CVE-2008-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651 [ 2 ] CVE-2008-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-12-02T17:30:56 http://comments.gmane.org/gmane.linux.gentoo.announce/1631 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: enscript: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #243228 ID: 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two buffer overflows in enscript might lead to the execution of arbitrary code. Background ========== enscript is a powerful ASCII to PostScript file converter. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/enscript < 1.6.4-r4 >= 1.6.4-r4 Description =========== Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the "setfilename" command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the "font" escape sequence (CVE-2008-4306). Impact ====== An attacker could entice a user or automated system to process specially crafted input with the special escapes processing enabled using the "-e" option, possibly resulting in the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All enscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.4-r4" References ========== [ 1 ] CVE-2008-3863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863 [ 2 ] CVE-2008-4306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-12-02T17:28:07 http://comments.gmane.org/gmane.linux.gentoo.announce/1630 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OptiPNG: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #246522 ID: 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. Background ========== OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/optipng < 0.6.2 >= 0.6.2 Description =========== A buffer overflow in the BMP reader in OptiPNG has been reported. Impact ====== A remote attacker could entice a user to process a specially crafted BMP image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All OptiPNG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2" References ========== [ 1 ] CVE-2008-5101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-12-02T17:25:54 http://comments.gmane.org/gmane.linux.gentoo.announce/1629 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 16, 2008 Bugs: #209148, #212211, #215266, #228369, #230575, #234102 ID: 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.2.6-r6 >= 5.2.6-r6 Description =========== Several vulnerabilitites were found in PHP: * PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674). * Multiple crash issues in several PHP functions have been discovered. * Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599). * An off-by-one error in the metaphone() function may lead to memory corruption. * Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384). * Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050). * Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051). * Stefan Esser reported that a short-coming in PHP's algorithm of seeding the random number generator might allow for predictible random numbers (CVE-2008-2107, CVE-2008-2108). * The IMAP extension in PHP uses obsolete c-client API calls making it vulnerable to buffer overflows as no bounds checking can be done (CVE-2008-2829). * Tavis Ormandy reported a heap-based buffer overflow in pcre_compile.c in the PCRE version shipped by PHP when processing user-supplied regular expressions (CVE-2008-2371). * CzechSec reported that specially crafted font files can lead to an overflow in the imageloadfont() function in ext/gd/gd.c, which is part of the GD extension (CVE-2008-3658). * Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665, CVE-2008-2666). * Laurent Gaffie discovered a buffer overflow in the internal memnstr() function, which is used by the PHP function explode() (CVE-2008-3659). * An error in the FastCGI SAPI when processing a request with multiple dots preceding the extension (CVE-2008-3660). Impact ====== These vulnerabilities might allow a remote attacker to execute arbitrary code, to cause a Denial of Service, to circumvent security restrictions, to disclose information, and to manipulate files. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.6-r6" References ========== [ 1 ] CVE-2008-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 [ 2 ] CVE-2008-0674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674 [ 3 ] CVE-2008-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384 [ 4 ] CVE-2008-2050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050 [ 5 ] CVE-2008-2051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051 [ 6 ] CVE-2008-2107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 [ 7 ] CVE-2008-2108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108 [ 8 ] CVE-2008-2371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371 [ 9 ] CVE-2008-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665 [ 10 ] CVE-2008-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666 [ 11 ] CVE-2008-2829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 [ 12 ] CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 [ 13 ] CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 [ 14 ] CVE-2008-3660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-16T16:08:59 http://comments.gmane.org/gmane.linux.gentoo.announce/1628 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Graphviz: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #240636 ID: 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file. Background ========== Graphviz is an open source graph visualization software. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/graphviz < 2.20.3 >= 2.20.3 Description =========== Roee Hay reported a stack-based buffer overflow in the push_subg() function in parser.y when processing a DOT file with a large number of Agraph_t elements. Impact ====== A remote attacker could entice a user or automated system to open a specially crafted DOT file in an application using Graphviz, possibly leading to the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Graphviz users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.20.3" References ========== [ 1 ] CVE-2008-4555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-09T21:01:08 http://comments.gmane.org/gmane.linux.gentoo.announce/1627 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FAAD2: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #238445 ID: 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in FAAD2 might lead to user-assisted execution of arbitrary code via an MP4 file. Background ========== FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/faad2 < 2.6.1-r2 >= 2.6.1-r2 Description =========== The ICST-ERCIS (Peking University) reported a heap-based buffer overflow in the decodeMP4file() function in frontend/main.c. Impact ====== A remote attacker could entice a user to open a specially crafted MPEG-4 (MP4) file in an application using FAAD2, possibly leading to the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All FAAD2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.6.1-r2" References ========== [ 1 ] CVE-2008-4201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-09T20:59:25 http://comments.gmane.org/gmane.linux.gentoo.announce/1626 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gallery: Multiple vulnerabilities Date: November 09, 2008 Bugs: #234137, #238113 ID: 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials. Background ========== Gallery is an open source web based photo album organizer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/gallery < 2.2.6 >= 2.2.6 *>= 1.5.9 Description =========== Multiple vulnerabilities have been discovered in Gallery 1 and 2: * Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when register_globals is enabled (CVE-2008-3600). * Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3662). * Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP archives containing symbolic links (CVE-2008-4129). * The vendor reported a Cross-Site Scripting vulnerability in Gallery 2 (CVE-2008-4130). Impact ====== Remote attackers could send specially crafted requests to a server running Gallery, allowing for the execution of arbitrary code when register_globals is enabled, or read arbitrary files via directory traversals otherwise. Attackers could also entice users to visit crafted links allowing for theft of login credentials. Workaround ========== There is no known workaround at this time. Resolution ========== All Gallery 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6" All Gallery 1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9" References ========== [ 1 ] CVE-2008-3600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600 [ 2 ] CVE-2008-3662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662 [ 3 ] CVE-2008-4129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129 [ 4 ] CVE-2008-4130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-09T20:56:41 http://comments.gmane.org/gmane.linux.gentoo.announce/1625 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: November 03, 2008 Bugs: #235298, #240500, #243060, #244980 ID: 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Opera, allowing for the execution of arbitrary code. Background ========== Opera is a fast web browser that is available free of charge. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 9.62 >= 9.62 Description =========== Multiple vulnerabilities have been discovered in Opera: * Opera does not restrict the ability of a framed web page to change the address associated with a different frame (CVE-2008-4195). * Chris Weber (Casaba Security) discovered a Cross-site scripting vulnerability (CVE-2008-4196). * Michael A. Puls II discovered that Opera can produce argument strings that contain uninitialized memory, when processing custom shortcut and menu commands (CVE-2008-4197). * Lars Kleinschmidt discovered that Opera, when rendering an HTTP page that has loaded an HTTPS page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection (CVE-2008-4198). * Opera does not prevent use of links from web pages to feed source files on the local disk (CVE-2008-4199). * Opera does not ensure that the address field of a news feed represents the feed's actual URL (CVE-2008-4200). * Opera does not check the CRL override upon encountering a certificate that lacks a CRL (CVE-2008-4292). * Chris (Matasano Security) reported that Opera may crash if it is redirected by a malicious page to a specially crafted address (CVE-2008-4694). * Nate McFeters reported that Opera runs Java applets in the context of the local machine, if that applet has been cached and a page can predict the cache path for that applet and load it from the cache (CVE-2008-4695). * Roberto Suggi Liverani (Security-Assessment.com) reported that Opera's History Search results does not escape certain constructs correctly, allowing for the injection of scripts into the page (CVE-2008-4696). * David Bloom reported that Opera's Fast Forward feature incorrectly executes scripts from a page held in a frame in the outermost page instead of the page the JavaScript URL was located (CVE-2008-4697). * David Bloom reported that Opera does not block some scripts when previewing a news feed (CVE-2008-4698). * Opera does not correctly sanitize content when certain parameters are passed to Opera's History Search, allowing scripts to be injected into the History Search results page (CVE-2008-4794). * Opera's links panel incorrectly causes scripts from a page held in a frame to be executed in the outermost page instead of the page where the URL was located (CVE-2008-4795). Impact ====== These vulnerabilties allow remote attackers to execute arbitrary code, to run scripts injected into Opera's History Search with elevated privileges, to inject arbitrary web script or HTML into web pages, to manipulate the address bar, to change Opera's preferences, to determine the validity of local filenames, to read cache files, browsing history, and subscribed feeds or to conduct other attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.62" References ========== [ 1 ] CVE-2008-4195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4195 [ 2 ] CVE-2008-4196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4196 [ 3 ] CVE-2008-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197 [ 4 ] CVE-2008-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4198 [ 5 ] CVE-2008-4199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4199 [ 6 ] CVE-2008-4200 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4200 [ 7 ] CVE-2008-4292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4292 [ 8 ] CVE-2008-4694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4694 [ 9 ] CVE-2008-4695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4695 [ 10 ] CVE-2008-4696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4696 [ 11 ] CVE-2008-4697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4697 [ 12 ] CVE-2008-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4698 [ 13 ] CVE-2008-4794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4794 [ 14 ] CVE-2008-4795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4795 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200811-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-11-03T18:50:10 http://comments.gmane.org/gmane.linux.gentoo.announce/1624 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libspf2: DNS response buffer overflow Date: October 30, 2008 Bugs: #242254 ID: 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A memory management error in libspf2 might allow for remote execution of arbitrary code. Background ========== libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-filter/libspf2 < 1.2.8 >= 1.2.8 Description =========== libspf2 uses a fixed-length buffer to receive DNS responses and does not properly check the length of TXT records, leading to buffer overflows. Impact ====== A remote attacker could store a specially crafted DNS entry and entice a user or automated system using libspf2 to lookup that SPF entry (e.g. by sending an email to the MTA), possibly allowing for the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All libspf2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.8" References ========== [ 1 ] CVE-2008-2469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2469 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-10-30T21:27:08 http://comments.gmane.org/gmane.linux.gentoo.announce/1623 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WordNet: Execution of arbitrary code Date: October 07, 2008 Bugs: #211491 ID: 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Background ========== WordNet is a large lexical database of English. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-dicts/wordnet < 3.0-r2 >= 3.0-r2 Description =========== Jukka Ruohonen initially reported a boundary error within the searchwn() function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: * Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary errors within the searchwn() function in src/wn.c, the wngrep() function in lib/search.c, the morphstr() and morphword() functions in lib/morph.c, and the getindex() in lib/search.c, which lead to stack-based buffer overflows. * Rob Holland (oCERT) reported two boundary errors within the do_init() function in lib/morph.c, which lead to stack-based buffer overflows via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables. * Rob Holland (oCERT) reported multiple boundary errors in the bin_search() and bin_search_key() functions in binsrch.c, which lead to stack-based buffer overflows via specially crafted data files. * Rob Holland (oCERT) reported a boundary error within the parse_index() function in lib/search.c, which leads to a heap-based buffer overflow via specially crafted data files. Impact ====== * In case the application is accessible e.g. via a web server, a remote attacker could pass overly long strings as arguments to the "wm" binary, possibly leading to the execution of arbitrary code. * A local attacker could exploit the second vulnerability via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables, possibly leading to the execution of arbitrary code with escalated privileges. * A local attacker could exploit the third and fourth vulnerability by making the application use specially crafted data files, possibly leading to the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All WordNet users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-dicts/wordnet-3.0-r2" References ========== [ 1 ] CVE-2008-2149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 [ 2 ] CVE-2008-3908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3908 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Tobias Heinlein 2008-10-07T18:13:38 http://comments.gmane.org/gmane.linux.gentoo.announce/1622 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Portage: Untrusted search path local root vulnerability Date: October 09, 2008 Bugs: #239560 ID: 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. Background ========== Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/portage < 2.1.4.5 >= 2.1.4.5 Description =========== The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python code using "python -c", which includes the current working directory in Python's module search path. For several ebuild functions, Portage did not change the working directory from emerge's working directory. Impact ====== A local attacker could place a specially crafted Python module in a directory (such as /tmp) and entice the root user to run commands such as "emerge sys-apps/portage" from that directory, resulting in the execution of arbitrary Python code with root privileges. Workaround ========== Do not run "emerge" from untrusted working directories. Resolution ========== All Portage users should upgrade to the latest version: # cd /root # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.4.5" NOTE: To upgrade to Portage 2.1.4.5 using 2.1.4.4 or prior, you must run emerge from a trusted working directory, such as "/root". References ========== [ 1 ] CVE-2008-4394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4394 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Robert Buchholz 2008-10-09T17:36:48 http://comments.gmane.org/gmane.linux.gentoo.announce/1621 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Multiple Denials of Service Date: September 25, 2008 Bugs: #236665 ID: 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in ClamAV may result in a Denial of Service. Background ========== Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/clamav < 0.94 >= 0.94 Description =========== Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files (CVE-2008-1389). Other unspecified vulnerabilites were also reported, including a NULL pointer dereference in libclamav (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), and file descriptor leaks in libclamav/others.c and libclamav/sis.c (CVE-2008-3914). Impact ====== A remote attacker could entice a user or automated system to scan a specially crafted CHM, possibly resulting in a Denial of Service (daemon crash). The other attack vectors mentioned above could also result in a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94" References ========== [ 1 ] CVE-2008-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389 [ 2 ] CVE-2008-3912 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912 [ 3 ] CVE-2008-3913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913 [ 4 ] CVE-2008-3914 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-25T21:23:08 http://comments.gmane.org/gmane.linux.gentoo.announce/1620 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple Denials of Service Date: September 25, 2008 Bugs: #236515 ID: 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Background ========== Wireshark is a network protocol analyzer with a graphical front-end. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.0.3 >= 1.0.3 Description =========== The following vulnerabilities were reported: * Multiple buffer overflows in the NCP dissector (CVE-2008-3146). * Infinite loop in the NCP dissector (CVE-2008-3932). * Invalid read in the tvb_uncompress() function when processing zlib compressed data (CVE-2008-3933). * Unspecified error when processing Textronix .rf5 files (CVE-2008-3934). Impact ====== A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file, causing a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.3" References ========== [ 1 ] CVE-2008-3146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146 [ 2 ] CVE-2008-3932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932 [ 3 ] CVE-2008-3933 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933 [ 4 ] CVE-2008-3934 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-25T21:15:47 http://comments.gmane.org/gmane.linux.gentoo.announce/1619 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Git: User-assisted execution of arbitrary code Date: September 25, 2008 Bugs: #234075 ID: 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflow vulnerabilities have been discovered in Git. Background ========== Git is a distributed version control system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/git < 1.5.6.4 >= 1.5.6.4 Description =========== Multiple boundary errors in the functions diff_addremove() and diff_change() when processing overly long repository path names were reported. Impact ====== A remote attacker could entice a user to run commands like "git-diff" or "git-grep" on a specially crafted repository, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/git-1.5.6.4" References ========== [ 1 ] CVE-2008-3546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-25T21:09:41 http://comments.gmane.org/gmane.linux.gentoo.announce/1618 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU ed: User-assisted execution of arbitrary code Date: September 23, 2008 Bugs: #236521 ID: 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in ed may allow for the remote execution of arbitrary code. Background ========== GNU ed is a basic line editor. red is a restricted version of ed that does not allow shell command execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/ed < 1.0 >= 1.0 Description =========== Alfredo Ortega from Core Security Technologies reported a heap-based buffer overflow in the strip_escapes() function when processing overly long filenames. Impact ====== A remote attacker could entice a user to process specially crafted commands with ed or red, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All GNU ed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/ed-1.0" References ========== [ 1 ] CVE-2008-3916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-23T21:56:51 http://comments.gmane.org/gmane.linux.gentoo.announce/1617 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BitlBee: Security bypass Date: September 23, 2008 Bugs: #236160 ID: 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts. Background ========== BitlBee is an IRC to IM gateway that support multiple IM protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/bitlbee < 1.2.3 >= 1.2.3 Description =========== Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact ====== A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround ========== There is no known workaround at this time. Resolution ========== All BitlBee users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-im/bitlbee-1.2.3" References ========== [ 1 ] CVE-2008-3920 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3920 [ 2 ] CVE-2008-3969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3969 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-23T21:33:35 http://comments.gmane.org/gmane.linux.gentoo.announce/1616 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: R: Insecure temporary file creation Date: September 22, 2008 Bugs: #235822 ID: 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== R is vulnerable to symlink attacks due to an insecure usage of temporary files. Background ========== R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/R < 2.7.1 >= 2.7.1 Description =========== Dmitry E. Oboukhov reported that the "javareconf" script uses temporary files in an insecure manner. Impact ====== A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All R users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/R-2.7.1" References ========== [ 1 ] CVE-2008-3931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3931 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security< at >gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Pierre-Yves Rofes 2008-09-22T20:15:42 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.gentoo.announce