mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #424 from mischief/glsa

Browse Source 
bump(metadata/glsa): sync with upstream
This commit is contained in:
Nick Owens 2016-05-17 12:38:03 -07:00
commit f33bc59005
2197 changed files with 161129 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-03.xml vendored Normal file
View File

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200310-03">
<title>Apache: multiple buffer overflows</title>
<synopsis>
Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow
execution of arbitrary code and cause a denial of service.
</synopsis>
<product type="ebuild">Apache</product>
<announced>2003-10-28</announced>
<revised>December 30, 2007: 02</revised>
<bug>32194</bug>
<access>local</access>
<affected>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="ge">1.3.29</unaffected>
<vulnerable range="lt">1.3.29</vulnerable>
</package>
</affected>
<background>
<p>
The Apache HTTP Server is one of the most popular web servers on the
Internet.
</p>
</background>
<description>
<p>
Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow
attackers who can create or edit configuration files including .htaccess
files, to cause a denial of service and execute arbitrary code via a regular
expression containing more than 9 captures.
</p>
</description>
<impact type="normal">
<p>
An attacker may cause a denial of service or execute arbitrary code with the
privileges of the user that is running apache.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time, other than to disable both
mod_alias and mod_rewrite.
</p>
</workaround>
<resolution>
<p>
It is recommended that all Gentoo Linux users who are running
net-misc/apache 1.x upgrade:
</p>
<code>
# emerge sync
# emerge -pv apache
# emerge '&gt;=www-servers/apache-1.3.29'
# emerge clean
# /etc/init.d/apache restart</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542 (under review at time of GLSA)</uri>
</references>
</glsa>

71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-04.xml vendored Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200310-04">
<title>Apache: buffer overflows and a possible information disclosure</title>
<synopsis>
Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow
execution of arbitrary code and cause a denial of service, and a bug in the
way mod_cgid handles CGI redirect paths could result in CGI output going to
the wrong client.
</synopsis>
<product type="ebuild">Apache</product>
<announced>2003-10-31</announced>
<revised>December 30, 2007: 02</revised>
<bug>32271</bug>
<access>local</access>
<affected>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="ge">2.0.48</unaffected>
<unaffected range="lt">2.0</unaffected>
<vulnerable range="lt">2.0.48</vulnerable>
</package>
</affected>
<background>
<p>
The Apache HTTP Server is one of the most popular web servers on the
Internet.
</p>
</background>
<description>
<p>
Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow
attackers who can create or edit configuration files including .htaccess
files, to cause a denial of service and execute arbitrary code via a regular
expression containing more than 9 captures, and a bug in the way mod_cgid
handles CGI redirect paths could result in CGI output going to the wrong
client when a threaded MPM is used, resulting in an information disclosure.
</p>
</description>
<impact type="normal">
<p>
An attacker may cause a denial of service or execute arbitrary code with the
privileges of the user that is running apache.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
It is recommended that all Gentoo Linux users who are running
net-misc/apache 2.x upgrade:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=www-servers/apache-2.0.48'
# emerge '&gt;=www-servers/apache-2.0.48'
# emerge clean
# /etc/init.d/apache2 restart</code>
<p>
Please remember to update your config files in /etc/apache2 as --datadir has
been changed to /var/www/localhost.
</p>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</uri>
</references>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-01.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-01">
<title>kdebase: KDM vulnerabilities</title>
<synopsis>
A bug in KDM can allow privilege escalation with certain configurations of
PAM modules.
</synopsis>
<product type="ebuild">kdebase</product>
<announced>2003-11-15</announced>
<revised>2003-11-15: 01</revised>
<bug>29406</bug>
<access>local / remote</access>
<affected>
<package name="kde-base/kdebase" auto="yes" arch="*">
<unaffected range="ge">3.1.4</unaffected>
<vulnerable range="le">3.1.3</vulnerable>
</package>
</affected>
<background>
<p>
KDM is the desktop manager included with the K Desktop Environment.
</p>
</background>
<description>
<p>
Firstly, versions of KDM &lt;=3.1.3 are vulnerable to a privilege escalation
bug with a specific configuration of PAM modules. Users who do not use PAM
with KDM and users who use PAM with regular Unix crypt/MD5 based
authentication methods are not affected.
</p>
<p>
Secondly, KDM uses a weak cookie generation algorithm. Users are advised to
upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable source of
entropy to improve security.
</p>
</description>
<impact type="normal">
<p>
A remote or local attacker could gain root privileges.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
It is recommended that all Gentoo Linux users who are running
kde-base/kdebase &lt;=3.1.3 upgrade:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=kde-base/kde-3.1.4'
# emerge '&gt;=kde-base/kde-3.1.4'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690">CAN-2003-0690</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692">CAN-2003-0692</uri>
<uri link="http://www.kde.org/info/security/advisory-20030916-1.txt">KDE Security Advisory</uri>
</references>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-02.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-02">
<title>Opera: buffer overflows in 7.11 and 7.20</title>
<synopsis>
Buffer overflows exist in Opera 7.11 and 7.20 that can cause Opera to crash,
and can potentially overwrite arbitrary bytes on the heap leading to a
system compromise.
</synopsis>
<product type="ebuild">Opera</product>
<announced>2003-11-19</announced>
<revised>2003-11-19: 01</revised>
<bug>31775</bug>
<access>local / remote</access>
<affected>
<package name="www-client/opera" auto="yes" arch="*">
<unaffected range="ge">7.21</unaffected>
<vulnerable range="eq">7.20</vulnerable>
<vulnerable range="eq">7.11</vulnerable>
</package>
</affected>
<background>
<p>
Opera is a multi-platform web browser.
</p>
</background>
<description>
<p>
The Opera browser can cause a buffer allocated on the heap to overflow under
certain HREFs when rendering HTML. The mail system is also deemed
vulnerable and an attacker can send an email containing a malformed HREF, or
plant the malicious HREF on a web site.
</p>
</description>
<impact type="high">
<p>
Certain HREFs can cause a buffer allocated on the heap to overflow when
rendering HTML which can allow arbitrary bytes on the heap to be overwritten
which can result in a system compromise.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to perform an 'emerge sync' and upgrade the package
to the latest available version. Opera 7.22 is recommended as Opera 7.21 is
vulnerable to other security flaws. Specific steps to upgrade:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=www-client/opera-7.22'
# emerge '&gt;=www-client/opera-7.22'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0870">CAN-2003-0870</uri>
<uri link="http://www.atstake.com/research/advisories/2003/a102003-1.txt">@stake Security Advisory</uri>
</references>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-03.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-03">
<title>HylaFAX: Remote code exploit in hylafax</title>
<synopsis>
A format bug condition allows a remote attacjer to execute arbitrary code as
the root user.
</synopsis>
<product type="ebuild">HylaFAX</product>
<announced>2003-11-10</announced>
<revised>2003-11-10: 01</revised>
<bug>33368</bug>
<access>remote</access>
<affected>
<package name="net-misc/hylafax" auto="yes" arch="*">
<unaffected range="ge">4.1.8</unaffected>
<vulnerable range="le">4.1.7</vulnerable>
</package>
</affected>
<background>
<p>
HylaFAX is a popular client-server fax package.
</p>
</background>
<description>
<p>
During a code review of the hfaxd server, the SuSE Security Team discovered
a format bug condition that allows a remote attacker to execute arbitrary
code as the root user. However, the bug cannot be triggered in the default
hylafax configuration.
</p>
</description>
<impact type="normal">
<p>
A remote attacker could execute arbitrary code with root privileges.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to perform an 'emerge sync' and upgrade the package to
the latest available version. Vulnerable versions of hylafax have been
removed from portage. Specific steps to upgrade:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=net-misc/hylafax-4.1.8'
# emerge '&gt;=net-misc/hylafax-4.1.8'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0886">CAN-2003-0886</uri>
<uri link="http://www.novell.com/linux/security/advisories/2003_045_hylafax.html">SuSE Security Announcment</uri>
</references>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-04.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-04">
<title>FreeRADIUS: heap exploit and NULL pointer dereference vulnerability</title>
<synopsis>
FreeRADIUS is vulnerable to a heap exploit and a NULL pointer dereference
vulnerability.
</synopsis>
<product type="ebuild">FreeRADIUS</product>
<announced>2003-11-23</announced>
<revised>2003-11-23: 01</revised>
<bug>33989</bug>
<access>remote</access>
<affected>
<package name="net-dialup/freeradius" auto="yes" arch="*">
<unaffected range="ge">0.9.3</unaffected>
<vulnerable range="le">0.9.2</vulnerable>
</package>
</affected>
<background>
<p>
FreeRADIUS is a popular open source RADIUS server.
</p>
</background>
<description>
<p>
FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however,
the attack code must be in the form of a valid RADIUS packet which limits
the possible exploits.
</p>
<p>
Also corrected in the 0.9.3 release is another vulnerability which causes
the RADIUS server to de-reference a NULL pointer and crash when an
Access-Request packet with a Tunnel-Password is received.
</p>
</description>
<impact type="normal">
<p>
A remote attacker could craft a RADIUS packet which would cause the RADIUS
server to crash, or could possibly overflow the heap resulting in a system
compromise.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to perform an 'emerge sync' and upgrade the package to
the latest available version - 0.9.3 is available in portage and is marked
as stable.
</p>
<code>
# emerge sync
# emerge -pv '&gt;=net-dialup/freeradius-0.9.3'
# emerge '&gt;=net-dialup/freeradius-0.9.3'
# emerge clean</code>
</resolution>
<references>
<uri link="http://www.securitytracker.com/alerts/2003/Nov/1008263.html">SecurityTracker.com Security Alert</uri>
</references>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-05.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-05">
<title>Ethereal: security problems in ethereal 0.9.15</title>
<synopsis>
Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP,
MEGACO, and SOCKS protocol dissectors.
</synopsis>
<product type="ebuild">Ethereal</product>
<announced>2003-11-22</announced>
<revised>2003-11-22: 01</revised>
<bug>32691</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/ethereal" auto="yes" arch="*">
<unaffected range="ge">0.9.16</unaffected>
<vulnerable range="lt">0.9.16</vulnerable>
</package>
</affected>
<background>
<p>
Ethereal is a popular network protocol analyzer.
</p>
</background>
<description>
<p>
Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and
MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS
protocol dissector, which could cause Ethereal to crash or to execute
arbitrary code.
</p>
</description>
<impact type="normal">
<p>
A remote attacker could craft a malformed packet which would cause Ethereal
to crash or run arbitrary code with the permissions of the user running
Ethereal.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time, other than to disable the GTP,
ISAKMP, MEGACO, and SOCKS protocol dissectors.
</p>
</workaround>
<resolution>
<p>
It is recommended that all Gentoo Linux users who are running
net-analyzer/ethereal 0.9.x upgrade:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=net-analyzer/ethereal-0.9.16'
# emerge '&gt;=net-analyzer/ethereal-0.9.16'
# emerge clean</code>
</resolution>
<references>
<uri link="http://www.ethereal.com/appnotes/enpa-sa-00011.html">Ethereal Security Advisory</uri>
</references>
</glsa>

58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-06.xml vendored Normal file
View File

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-06">
<title>glibc: getgrouplist buffer overflow vulnerability</title>
<synopsis>
glibc contains a buffer overflow in the getgrouplist function.
</synopsis>
<product type="ebuild">glibc</product>
<announced>2003-11-22</announced>
<revised>2003-11-22: 01</revised>
<bug>33383</bug>
<access>local</access>
<affected>
<package name="sys-libs/glibc" auto="yes" arch="*">
<unaffected range="ge">2.2.5</unaffected>
<vulnerable range="le">2.2.4</vulnerable>
</package>
</affected>
<background>
<p>
glibc is the GNU C library.
</p>
</background>
<description>
<p>
A bug in the getgrouplist function can cause a buffer overflow if the size
of the group list is too small to hold all the user's groups. This overflow
can cause segmentation faults in user applications. This vulnerability
exists only when an administrator has placed a user in a number of groups
larger than that expected by an application.
</p>
</description>
<impact type="normal">
<p>
Applications that use getgrouplist can crash.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
It is recommended that all Gentoo Linux users update their systems as
follows:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=sys-libs/glibc-2.2.5'
# emerge '&gt;=sys-libs/glibc-2.2.5'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689">CAN-2003-0689</uri>
</references>
</glsa>

58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-07.xml vendored Normal file
View File

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-07">
<title>phpSysInfo: arbitrary code execution and directory traversal</title>
<synopsis>
phpSysInfo contains two vulnerabilities that can allow arbitrary code
execution and local directory traversal.
</synopsis>
<product type="ebuild">phpSysInfo</product>
<announced>2003-11-22</announced>
<revised>December 30, 2007: 02</revised>
<bug>26782</bug>
<access>local</access>
<affected>
<package name="www-apps/phpsysinfo" auto="yes" arch="*">
<unaffected range="ge">2.1-r1</unaffected>
<vulnerable range="le">2.1</vulnerable>
</package>
</affected>
<background>
<p>
phpSysInfo is a PHP system information tool.
</p>
</background>
<description>
<p>
phpSysInfo contains two vulnerabilities which could allow local files to be
read or arbitrary PHP code to be executed, under the privileges of the web
server process.
</p>
</description>
<impact type="normal">
<p>
An attacker could read local files or execute arbitrary code with the
permissions of the user running the host web server.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
It is recommended that all Gentoo Linux users who are running
www-apps/phpsysinfo upgrade to the fixed version:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=www-apps/phpsysinfo-2.1-r1'
# emerge '&gt;=www-apps/phpsysinfo-2.1-r1'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0536">CAN-2003-0536</uri>
</references>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-08.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-08">
<title>Libnids: remote code execution vulnerability</title>
<synopsis>
Libnids contains a bug which could allow remote code execution.
</synopsis>
<product type="ebuild">Libnids</product>
<announced>2003-11-22</announced>
<revised>2003-11-22: 01</revised>
<bug>32724</bug>
<access>remote</access>
<affected>
<package name="net-libs/libnids" auto="yes" arch="*">
<unaffected range="ge">1.18</unaffected>
<vulnerable range="le">1.17</vulnerable>
</package>
</affected>
<background>
<p>
Libnids is a component of a network intrusion detection system.
</p>
</background>
<description>
<p>
There is a bug in the part of libnids code responsible for TCP reassembly.
The flaw probably allows remote code execution.
</p>
</description>
<impact type="normal">
<p>
A remote attacker could possibly execute arbitrary code.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
It is recommended that all Gentoo Linux users who are running
net-libs/libnids update their systems as follows:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=net-libs/libnids-1.18'
# emerge '&gt;=net-libs/libnids-1.18'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850">CAN-2003-0850</uri>
</references>
</glsa>

79
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-01.xml vendored Normal file
View File

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-01">
<title>rsync.gentoo.org: rotation server compromised</title>
<synopsis>
A server in the rsync.gentoo.org rotation was compromised.
</synopsis>
<product type="infrastructure">rsync mirror</product>
<announced>2003-12-02</announced>
<revised>2003-12-02: 01</revised>
<affected>
<service type="rsync" fixed="yes"/>
</affected>
<background>
<p>
The rsync.gentoo.org rotation of servers provides an up to date Portage
tree using the rsync file transfer protocol.
</p>
</background>
<description>
<p>
On December 2nd at approximately 03:45 UTC, one of the servers that makes up
the rsync.gentoo.org rotation was compromised via a remote exploit. At this
point, we are still performing forensic analysis. However, the compromised
system had both an IDS and a file integrity checker installed and we have a
very detailed forensic trail of what happened once the box was breached, so
we are reasonably confident that the portage tree stored on that box was
unaffected.
</p>
<p>
The attacker appears to have installed a rootkit and modified/deleted some
files to cover their tracks, but left the server otherwise untouched. The
box was in a compromised state for approximately one hour before it was
discovered and shut down. During this time, approximately 20 users
synchronized against the portage mirror stored on this box. The method used
to gain access to the box remotely is still under investigation. We will
release more details once we have ascertained the cause of the remote
exploit.
</p>
<p>
This box is not an official Gentoo infrastructure box and is instead donated
by a sponsor. The box provides other services as well and the sponsor has
requested that we not publicly identify the box at this time. Because the
Gentoo part of this box appears to be unaffected by this exploit, we are
currently honoring the sponsor's request. That said, if at any point, we
determine that any file in the portage tree was modified in any way, we will
release full details about the compromised server.
</p>
</description>
<impact type="low">
<p>
There is no known impact at this time.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
Again, based on the forensic analysis done so far, we are reasonably
confident that no files within the Portage tree on the box were affected.
However, the server has been removed from all rsync.*.gentoo.org rotations
and will remain so until the forensic analysis has been completed and the
box has been wiped and rebuilt. Thus, users preferring an extra level of
security may ensure that they have a correct and accurate portage tree by
running:
</p>
<code>
# emerge sync</code>
<p>
Which will perform a sync against another server and ensure that all files
are up to date.
</p>
</resolution>
<references/>
</glsa>

75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-03.xml vendored Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-03">
<title>rsync: exploitable heap overflow</title>
<synopsis>
rsync contains a heap overflow vulnerability that can be used to execute
arbitrary code.
</synopsis>
<product type="ebuild">rsync</product>
<announced>2003-12-04</announced>
<revised>2003-12-04: 01</revised>
<access>remote</access>
<affected>
<package name="net-misc/rsync" auto="yes" arch="*">
<unaffected range="ge">2.5.7</unaffected>
<vulnerable range="lt">2.5.7</vulnerable>
</package>
</affected>
<background>
<p>
rsync is a popular file transfer package used to synchronize the Portage
tree.
</p>
</background>
<description>
<p>
Rsync version 2.5.6 contains a vulnerability that can be used to run
arbitrary code. The Gentoo infrastructure team has some reasonably good
forensic evidence that this exploit may have been used in combination with
the Linux kernel do_brk() vulnerability (see GLSA 200312-02) to exploit a
rsync.gentoo.org rotation server (see GLSA-200312-01.)
</p>
<p>
Please see http://lwn.net/Articles/61541/ for the security advisory released
by the rsync development team.
</p>
</description>
<impact type="high">
<p>
A remote attacker could execute arbitrary code with the permissions of the
root user.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
To address this vulnerability, all Gentoo users should read GLSA-200312-02
and ensure that all systems are upgraded to a version of the Linux kernel
without the do_brk() vulnerability, and upgrade to version 2.5.7 of rsync:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=net-misc/rsync-2.5.7'
# emerge '&gt;=net-misc/rsync-2.5.7'
# emerge clean</code>
<p>
Review your /etc/rsync/rsyncd.conf configuration file; ensure that the use
chroot="no" command is commented out or removed, or change use chroot="no"
to use chroot="yes". Then, if necessary, restart rsyncd:
</p>
<code>
# /etc/init.d/rsyncd restart</code>
</resolution>
<references>
<uri link="http://rsync.samba.org/#security_dec03">Rsync Security Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962">CAN-2003-0962</uri>
<uri link="http://security.gentoo.org/glsa/glsa-200312-02.xml">GLSA-200312-02</uri>
<uri link="http://security.gentoo.org/glsa/glsa-200312-01.xml">GLSA-200312-01</uri>
</references>
</glsa>

66
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-04.xml vendored Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-04">
<title>CVS: malformed module request vulnerability</title>
<synopsis>
A bug in cvs could allow attempts to create files and directories outside a
repository.
</synopsis>
<product type="ebuild">CVS</product>
<announced>2003-12-08</announced>
<revised>2003-12-08: 01</revised>
<bug>35371</bug>
<access>unknown</access>
<affected>
<package name="dev-util/cvs" auto="yes" arch="*">
<unaffected range="ge">1.11.10</unaffected>
<vulnerable range="le">1.11.9</vulnerable>
</package>
</affected>
<background>
<p>
CVS, which stands for Concurrent Versions System, is a client/server
application which tracks changes to sets of files. It allows multiple users
to work concurrently on files, and then merge their changes back into the
main tree (which can be on a remote system). It also allows branching, or
maintaining separate versions for files.
</p>
</background>
<description>
<p>
Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=84:
"Stable CVS 1.11.10 has been released. Stable releases contain only bug
fixes from previous versions of CVS. This release fixes a security issue
with no known exploits that could cause previous versions of CVS to attempt
to create files and directories in the filesystem root. This release also
fixes several issues relevant to case insensitive filesystems and some other
bugs. We recommend this upgrade for all CVS clients and servers!"
</p>
</description>
<impact type="minimal">
<p>
Attempts to create files and directories outside the repository may be
possible.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All Gentoo Linux machines with cvs installed should be updated to use
dev-util/cvs-1.11.10 or higher:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=dev-util/cvs-1.11.10'
# emerge '&gt;=dev-util/cvs-1.11.10'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977">CAN-2003-0977</uri>
</references>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-05.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-05">
<title>GnuPG: ElGamal signing keys compromised and format string vulnerability</title>
<synopsis>
A bug in GnuPG allows ElGamal signing keys to be compromised, and a format
string bug in the gpgkeys_hkp utility may allow arbitrary code execution.
</synopsis>
<product type="ebuild">GnuPG</product>
<announced>2003-12-12</announced>
<revised>2003-12-12: 01</revised>
<bug>34504</bug>
<access>unknown</access>
<affected>
<package name="app-crypt/gnupg" auto="yes" arch="*">
<unaffected range="ge">1.2.3-r5</unaffected>
<vulnerable range="le">1.2.3-r4</vulnerable>
</package>
</affected>
<background>
<p>
GnuPG is a popular open source signing and encryption tool.
</p>
</background>
<description>
<p>
Two flaws have been found in GnuPG 1.2.3.
</p>
<p>
First, ElGamal signing keys can be compromised. These keys are not commonly
used, but this is "a significant security failure which can lead to a
compromise of almost all ElGamal keys used for signing. Note that this is a
real world vulnerability which will reveal your private key within a few
seconds".
</p>
<p>
Second, there is a format string flaw in the 'gpgkeys_hkp' utility which
"would allow a malicious keyserver in the worst case to execute an arbitrary
code on the user's machine."
</p>
</description>
<impact type="minimal">
<p>
If you have used ElGamal keys for signing your private key can be
compromised, and a malicious keyserver could remotely execute arbitrary code
with the permissions of the user running gpgkeys_hkp.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All users who have created ElGamal signing keys should immediately revoke
them. In addition, all Gentoo Linux machines with gnupg installed should be
updated to use gnupg-1.2.3-r5 or higher:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=app-crypt/gnupg-1.2.3-r5'
# emerge '&gt;=app-crypt/gnupg-1.2.3-r5'
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0971">CAN-2003-0971</uri>
<uri link="http://marc.theaimsgroup.com/?l=gnupg-announce&amp;m=106992378510843&amp;q=raw">GnuPG Announcement</uri>
<uri link="http://www.s-quadra.com/advisories/Adv-20031203.txt">S-Quadra Advisory</uri>
</references>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-06.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-06">
<title>XChat: malformed dcc send request denial of service</title>
<synopsis>
A bug in XChat could allow malformed dcc send requests to cause a denial of
service.
</synopsis>
<product type="ebuild">xchat</product>
<announced>2003-12-14</announced>
<revised>2003-12-14: 01</revised>
<bug>35623</bug>
<access>remote</access>
<affected>
<package name="net-irc/xchat" auto="yes" arch="*">
<unaffected range="ge">2.0.6-r1</unaffected>
<vulnerable range="eq">2.0.6</vulnerable>
</package>
</affected>
<background>
<p>
XChat is a multiplatform IRC client.
</p>
</background>
<description>
<p>
There is a remotely exploitable bug in XChat 2.0.6 that could lead to a
denial of service attack. Gentoo wishes to thank lloydbates for discovering
this bug, as well as jcdutton and rac for submitting patches to fix the bug.
</p>
</description>
<impact type="medium">
<p>
A malformed DCC packet sent by a remote attacker can cause XChat to crash.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
architectures. Since it was never marked as stable in the portage tree,
only xchat users who have explictly added the unstable keyword to
ACCEPT_KEYWORDS are affected. Users may updated affected machines to the
patched version of xchat using the following commands:
</p>
<code>
# emerge sync
# emerge -pv '&gt;=net-irc/xchat-2.0.6-r1'
# emerge '&gt;=net-irc/xchat-2.0.6-r1'
# emerge clean</code>
<p>
This assumes that users are running with ACCEPT_KEYWORDS enabled for their
architecture.
</p>
</resolution>
<references>
<uri link="http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html">XChat Announcement</uri>
</references>
</glsa>

74
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-07.xml vendored Normal file
View File

@ -0,0 +1,74 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-07">
<title>Two buffer overflows in lftp</title>
<synopsis>
Two buffer overflow problems are found in lftp that, in case the user visits
a malicious ftp server, could lead to malicious code being executed.
</synopsis>
<product type="ebuild">lftp</product>
<announced>December 13, 2003</announced>
<revised>200312-07: 2</revised>
<bug>35866</bug>
<access>remote</access>
<affected>
<package name="net-ftp/lftp" auto="yes" arch="*">
<vulnerable range="lt">2.6.10</vulnerable>
<unaffected range="ge">2.6.10</unaffected>
</package>
</affected>
<background>
<p>
lftp is a multithreaded command-line based FTP client. It allows you to
execute multiple commands simultaneously or in the background. If features
mirroring capabilities, resuming downloads, etc.
</p>
</background>
<description>
<p>
Two buffer overflows exist in lftp. Both can occur when the user connects to
a malicious web server using the HTTP or HTTPS protocol and issues lftp's
"ls" or "rels" commands.
</p>
<p>
Ulf Harnhammar explains:
</p>
<p>
Technically, the problem lies in the file src/HttpDir.cc and the
functions try_netscape_proxy() and try_squid_eplf(), which both
have sscanf() calls that take data of an arbitrary length and
store it in a char array with 32 elements. (Back in version 2.3.0,
the problematic code was located in some other function, but the
problem existed back then too.) Depending on the HTML document in the
specially prepared directory, buffers will be overflown in either one
function or the other.
</p>
</description>
<impact type="low">
<p>
When a user issues "ls" or "rels" on a malicious server, the tftp
application can be tricked into running arbitrary code on the user his
machine.
</p>
</impact>
<workaround>
<p>
There is no workaround available.
</p>
</workaround>
<resolution>
<p>
All Gentoo users who have net-ftp/lftp installed should update to use
version 2.6.0 or higher using these commands:
</p>
<code>
# emerge sync
# emerge -pv '>=net-ftp/lftp-2.6.10'
# emerge '>=net-ftp/lftp-2.6.10'
# emerge clean</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0">Initial report by Ulf Harnhammar</uri>
</references>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-08.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-08">
<title>CVS: possible root compromise when using CVS pserver</title>
<synopsis>
A possible root compromise exists for CVS pservers.
</synopsis>
<product type="ebuild">cvs</product>
<announced>2003-12-28</announced>
<revised>2003-12-28: 01</revised>
<bug>36142</bug>
<access>unknown</access>
<affected>
<package name="dev-util/cvs" auto="yes" arch="*">
<unaffected range="ge">1.11.11</unaffected>
<vulnerable range="le">1.11.10</vulnerable>
</package>
</affected>
<background>
<p>
CVS, which stands for Concurrent Versions System, is a client/server
application which tracks changes to sets of files. It allows multiple users
to work concurrently on files, and then merge their changes back into the
main tree (which can be on a remote system). It also allows branching, or
maintaining separate versions for files.
</p>
</background>
<description>
<p>
Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=88:
"Stable CVS 1.11.11 has been released. Stable releases contain only bug
fixes from previous versions of CVS. This release adds code to the CVS
server to prevent it from continuing as root after a user login, as an extra
failsafe against a compromise of the CVSROOT/passwd file. Previously, any
user with the ability to write the CVSROOT/passwd file could execute
arbitrary code as the root user on systems with CVS pserver access enabled.
We recommend this upgrade for all CVS servers!"
</p>
</description>
<impact type="high">
<p>
A remote user could execute arbitrary code with the permissions of the root
user.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All Gentoo Linux machines with cvs installed should be updated to use
cvs-1.11.11 or higher.
</p>
<code>
# emerge sync
# emerge -pv '&gt;=dev-util/cvs-1.11.11'
# emerge '&gt;=dev-util/cvs-1.11.11'
# emerge clean</code>
</resolution>
<references/>
</glsa>

228
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-01.xml vendored Normal file
View File

@ -0,0 +1,228 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-01">
<title>Linux kernel do_mremap() local privilege escalation vulnerability</title>
<synopsis>
A critical security vulnerability has been found in recent Linux kernels
which allows for local privelege escalation.
</synopsis>
<product type="ebuild">Kernel</product>
<announced>January 08, 2004</announced>
<revised>January 08, 2004: 01</revised>
<bug>37292</bug>
<access>local</access>
<affected>
<package name="sys-kernel/aa-sources" auto="no" arch="*">
<unaffected range="ge">2.4.23-r1</unaffected>
<vulnerable range="lt">2.4.23-r1</vulnerable>
</package>
<package name="sys-kernel/alpha-sources" auto="no" arch="*">
<unaffected range="ge">2.4.21-r2</unaffected>
<vulnerable range="lt">2.4.21-r2</vulnerable>
</package>
<package name="sys-kernel/arm-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.19-r2</unaffected>
<vulnerable range="lt">2.4.19-r2</vulnerable>
</package>
<package name="sys-kernel/ck-sources" auto="no" arch="*">
<unaffected range="ge">2.4.23-r1</unaffected>
<vulnerable range="lt">2.4.23-r1</vulnerable>
</package>
<package name="sys-kernel/compaq-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.9.32.7-r1</unaffected>
<vulnerable range="lt">2.4.9.32.7-r1</vulnerable>
</package>
<package name="sys-kernel/development-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.1_rc3</unaffected>
<vulnerable range="lt">2.6.1_rc3</vulnerable>
</package>
<package name="sys-kernel/gaming-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.20-r7</unaffected>
<vulnerable range="lt">2.4.20-r7</vulnerable>
</package>
<package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.1_rc3</unaffected>
<vulnerable range="lt">2.6.1_rc3</vulnerable>
</package>
<package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
<unaffected range="gt">2.4.22-r3</unaffected>
<vulnerable range="lt">2.4.22-r3</vulnerable>
</package>
<package name="sys-kernel/grsec-sources" auto="yes" arch="*">
<unaffected range="gt">2.4.23.2.0_rc4-r1</unaffected>
<vulnerable range="lt">2.4.23.2.0_rc4-r1</vulnerable>
</package>
<package name="sys-kernel/gs-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23_pre8-r2</unaffected>
<vulnerable range="lt">2.4.23_pre8-r2</vulnerable>
</package>
<package name="sys-kernel/hardened-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.22-r2</unaffected>
<vulnerable range="lt">2.4.22-r2</vulnerable>
</package>
<package name="sys-kernel/hppa-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23_p4-r2</unaffected>
<vulnerable range="lt">2.4.23_p4-r2</vulnerable>
</package>
<package name="sys-kernel/ia64-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.22-r2</unaffected>
<vulnerable range="lt">2.4.22-r2</vulnerable>
</package>
<package name="sys-kernel/mips-prepatch-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24_pre2-r1</unaffected>
<vulnerable range="lt">2.4.24_pre2-r1</vulnerable>
</package>
<package name="sys-kernel/mips-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23-r2</unaffected>
<vulnerable range="lt">2.4.23-r2</vulnerable>
</package>
<package name="sys-kernel/mm-sources" auto="no" arch="*">
<unaffected range="ge">2.6.1_rc1-r2</unaffected>
<vulnerable range="lt">2.6.1_rc1-r2</vulnerable>
</package>
<package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.22-r3</unaffected>
<vulnerable range="lt">2.4.22-r3</vulnerable>
</package>
<package name="sys-kernel/pac-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23-r1</unaffected>
<vulnerable range="lt">2.4.23-r1</vulnerable>
</package>
<package name="sys-kernel/pfeifer-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.21.1_pre4-r1</unaffected>
<vulnerable range="lt">2.4.21.1_pre4-r1</vulnerable>
</package>
<package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.21-r4</unaffected>
<vulnerable range="lt">2.4.21-r4</vulnerable>
</package>
<package name="sys-kernel/ppc-development-sources" auto="no" arch="*">
<unaffected range="ge">2.6.1_rc1-r1</unaffected>
<vulnerable range="lt">2.6.1_rc1-r1</vulnerable>
</package>
<package name="sys-kernel/ppc-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23-r1</unaffected>
<vulnerable range="lt">2.4.23-r1</vulnerable>
</package>
<package name="sys-kernel/ppc-sources-benh" auto="yes" arch="*">
<unaffected range="ge">2.4.22-r4</unaffected>
<vulnerable range="lt">2.4.22-r4</vulnerable>
</package>
<package name="sys-kernel/ppc-sources-crypto" auto="yes" arch="*">
<unaffected range="ge">2.4.20-r2</unaffected>
<vulnerable range="lt">2.4.20-r2</vulnerable>
</package>
<package name="sys-kernel/selinux-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24</unaffected>
<vulnerable range="lt">2.4.24</vulnerable>
</package>
<package name="sys-kernel/sparc-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.1_rc2</unaffected>
<vulnerable range="lt">2.6.1_rc2</vulnerable>
</package>
<package name="sys-kernel/sparc-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24</unaffected>
<vulnerable range="lt">2.4.24</vulnerable>
</package>
<package name="sys-kernel/usermode-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23-r1</unaffected>
<vulnerable range="lt">2.4.23-r1</vulnerable>
</package>
<package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.25_pre4</unaffected>
<vulnerable range="lt">2.4.25_pre4</vulnerable>
</package>
<package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24</unaffected>
<vulnerable range="lt">2.4.24</vulnerable>
</package>
<package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.0-r1</unaffected>
<vulnerable range="lt">2.6.0-r1</vulnerable>
</package>
<package name="sys-kernel/wolk-sources" auto="yes" arch="*">
<unaffected range="ge">4.10_pre7-r2</unaffected>
<vulnerable range="lt">4.10_pre7-r2</vulnerable>
</package>
<package name="sys-kernel/xfs-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23-r1</unaffected>
<vulnerable range="lt">2.4.23-r1</vulnerable>
</package>
</affected>
<background>
<p>
The Linux kernel is responsible for memory management in a working
system - to allow this, processes are allowed to allocate and unallocate
memory.
</p>
</background>
<description>
<p>
The memory subsystem allows for shrinking, growing, and moving of
chunks of memory along any of the allocated memory areas which the kernel
posesses.
</p>
<p>
A typical virtual memory area covers at least one memory page. An incorrect
bound check discovered inside the do_mremap() kernel code performing
remapping of a virtual memory area may lead to creation of a virtual memory
area of 0 bytes length.
</p>
<p>
The problem is based on the general mremap flaw that remapping 2 pages from
inside a VMA creates a memory hole of only one page in length but an
additional VMA of two pages. In the case of a zero sized remapping request
no VMA hole is created but an additional VMA descriptor of 0
bytes in length is created.
</p>
<p>
This advisory also addresses an information leak in the Linux RTC system.
</p>
</description>
<impact type="high">
<p>
Arbitrary code may be able to exploit this vulnerability and may
disrupt the operation of other
parts of the kernel memory management subroutines finally leading to
unexpected behavior.
</p>
<p>
Since no special privileges are required to use the mremap(2) system call
any process may misuse its unexpected behavior to disrupt the kernel memory
management subsystem. Proper exploitation of this vulnerability may lead to
local privilege escalation including execution of arbitrary code
with kernel level access.
</p>
<p>
Proof-of-concept exploit code has been created and successfully tested,
permitting root escalation on vulnerable systems. As a result, all users
should upgrade their kernels to new or patched versions.
</p>
</impact>
<workaround>
<p>
There is no temporary workaround - a kernel upgrade is required. A list
of unaffected kernels is provided along with this announcement.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to upgrade to the latest available sources for
their system:
</p>
<code>
$> emerge sync
$> emerge -pv your-favourite-sources
$> emerge your-favourite-sources
$> # Follow usual procedure for compiling and installing a kernel.
$> # If you use genkernel, run genkernel as you would do normally.
$> # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
$> # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
$> # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
</resolution>
<references>
<uri link="http://isec.pl/vulnerabilities/isec-0012-mremap.txt">Vulnerability</uri>
</references>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-02.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-02">
<title>Honeyd remote detection vulnerability via a probe packet</title>
<synopsis>
Identification of Honeyd installations allows an adversary to launch
attacks specifically against Honeyd. No remote root exploit is currently
known.
</synopsis>
<product type="ebuild">honeyd</product>
<announced>January 21, 2004</announced>
<revised>January 21, 2004: 01</revised>
<bug>38934</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/honeyd" auto="yes" arch="*">
<unaffected range="ge">0.8</unaffected>
<vulnerable range="lt">0.8</vulnerable>
</package>
</affected>
<background>
<p>
Honeyd is a virtual honeypot daemon that can simulate virtual hosts on
unallocated IP addresses.
</p>
</background>
<description>
<p>
A bug in handling NMAP fingerprints caused Honeyd to reply to TCP
packets with both the SYN and RST flags set. Watching for replies, it is
possible to detect IP addresses simulated by Honeyd.
</p>
</description>
<impact type="low">
<p>
Although there are no public exploits known for Honeyd, the detection
of Honeyd IP addresses may in some cases be undesirable.
</p>
</impact>
<workaround>
<p>
Honeyd 0.8 has been released along with an advisory to address this
issue. In addition, Honeyd 0.8 drops privileges if permitted by the
configuration file and contains command line flags to force dropping
of privileges.
</p>
</workaround>
<resolution>
<p>
All users are recommended to update to honeyd version 0.8:
</p>
<code>
$> emerge sync
$> emerge -pv ">=net-analyzer/honeyd-0.8"
$> emerge ">=net-analyzer/honeyd-0.8"</code>
</resolution>
<references>
<uri link="http://www.honeyd.org/adv.2004-01.asc">Honeyd Security Advisory 2004-001</uri>
</references>
</glsa>

67
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-03.xml vendored Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-03">
<title>Apache mod_python Denial of Service vulnerability</title>
<synopsis>
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
</synopsis>
<product type="ebuild">mod_python</product>
<announced>January 27, 2004</announced>
<revised>December 30, 2007: 02</revised>
<bug>39154</bug>
<access>remote</access>
<affected>
<package name="www-apache/mod_python" auto="yes" arch="*">
<unaffected range="ge">2.7.10</unaffected>
<vulnerable range="lt">2.7.10</vulnerable>
</package>
</affected>
<background>
<p>
Mod_python is an Apache module that embeds the Python interpreter
within the server allowing Python-based web-applications to be
created.
</p>
</background>
<description>
<p>
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed
query. Mod_python 2.7.9 was released to fix the vulnerability,
however, because the vulnerability has not been fully fixed,
version 2.7.10 has been released.
</p>
<p>
Users of mod_python 3.0.4 are not affected by this vulnerability.
</p>
</description>
<impact type="low">
<p>
Although there are no known public exploits known for this
exploit, users are recommended to upgrade mod_python to ensure the
security of their infrastructure.
</p>
</impact>
<workaround>
<p>
Mod_python 2.7.10 has been released to solve this issue; there is
no immediate workaround.
</p>
</workaround>
<resolution>
<p>
All users using mod_python 2.7.9 or below are recommended to
update their mod_python installation:
</p>
<code>
$> emerge sync
$> emerge -pv ">=www-apache/mod_python-2.7.10"
$> emerge ">=www-apache/mod_python-2.7.10"
$> /etc/init.d/apache restart</code>
</resolution>
<references>
<uri link="http://www.modpython.org/pipermail/mod_python/2004-January/014879.html">Mod_python 2.7.10 release announcement</uri>
</references>
</glsa>

78
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-04.xml vendored Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-04">
<title>GAIM 0.75 Remote overflows</title>
<synopsis>
Various overflows in the handling of AIM DirectIM packets was revealed in
GAIM that could lead to a remote compromise of the IM client.
</synopsis>
<product type="ebuild">GAIM</product>
<announced>January 26, 2004</announced>
<revised>January 26, 2004: 01</revised>
<bug>39470</bug>
<access>man-in-the-middle</access>
<affected>
<package name="net-im/gaim" auto="yes" arch="*">
<unaffected range="ge">0.75-r7</unaffected>
<vulnerable range="lt">0.75-r7</vulnerable>
</package>
</affected>
<background>
<p>
Gaim is a multi-platform and multi-protocol instant messaging
client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo,
IRC, Jabber, Gadu-Gadu, and the Zephyr networks.
</p>
</background>
<description>
<p>
Yahoo changed the authentication methods to their IM servers,
rendering GAIM useless. The GAIM team released a rushed release
solving this issue, however, at the same time a code audit
revealed 12 new vulnerabilities.
</p>
</description>
<impact type="normal">
<p>
Due to the nature of instant messaging many of these bugs require
man-in-the-middle attacks between the client and the server. But
the underlying protocols are easy to implement and attacking
ordinary TCP sessions is a fairly simple task. As a result, all
users are advised to upgrade their GAIM installation.
</p>
<ul>
<li>
Users of GAIM 0.74 or below are affected by 7 of the
vulnerabilities and are encouraged to upgrade.
</li>
<li>
Users of GAIM 0.75 are affected by 11 of the vulnerabilities
and are encouraged to upgrade to the patched version of GAIM
offered by Gentoo.
</li>
<li>
Users of GAIM 0.75-r6 are only affected by
4 of the vulnerabilities, but are still urged to upgrade to
maintain security.
</li>
</ul>
</impact>
<workaround>
<p>
There is no immediate workaround; a software upgrade is required.
</p>
</workaround>
<resolution>
<p>
All users are recommended to upgrade GAIM to 0.75-r7.
</p>
<code>
$> emerge sync
$> emerge -pv ">=net-im/gaim-0.75-r7"
$> emerge ">=net-im/gaim-0.75-r7"</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/archive/1/351235/2004-01-23/2004-01-29/0">Security advisory from Stefan Esser</uri>
</references>
</glsa>

73
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-01.xml vendored Normal file
View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-01">
<title>PHP setting leaks from .htaccess files on virtual hosts</title>
<synopsis>
If the server configuration &quot;php.ini&quot; file has
&quot;register_globals = on&quot; and a request is made to one virtual host
(which has &quot;php_admin_flag register_globals off&quot;) and the next
request is sent to the another virtual host (which does not have the
setting) global variables may leak and may be used to exploit the
site.
</synopsis>
<product type="ebuild">PHP</product>
<announced>February 07, 2004</announced>
<revised>February 07, 2004: 01</revised>
<bug>39952</bug>
<access>remote</access>
<affected>
<package name="dev-php/mod_php" auto="yes" arch="*">
<unaffected range="ge">4.3.4-r4</unaffected>
<vulnerable range="lt">4.3.4-r4</vulnerable>
</package>
</affected>
<background>
<p>
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
</p>
</background>
<description>
<p>
If the server configuration &quot;php.ini&quot; file has
&quot;register_globals = on&quot; and a request is made to one virtual host
(which has &quot;php_admin_flag register_globals off&quot;) and the next
request is sent to the another virtual host (which does not have the
setting) through the same apache child, the setting will persist.
</p>
</description>
<impact type="normal">
<p>
Depending on the server and site, an attacker may be able to exploit
global variables to gain access to reserved areas, such as MySQL passwords,
or this vulnerability may simply cause a lack of functionality. As a
result, users are urged to upgrade their PHP installations.
</p>
<p>
Gentoo ships PHP with &quot;register_globals&quot; set to &quot;off&quot;
by default.
</p>
<p>
This issue affects both servers running Apache 1.x and servers running
Apache 2.x.
</p>
</impact>
<workaround>
<p>
No immediate workaround is available; a software upgrade is required.
</p>
</workaround>
<resolution>
<p>
All users are recommended to upgrade their PHP installation to 4.3.4-r4:
</p>
<code>
# emerge sync
# emerge -pv ">=dev-php/mod_php-4.3.4-r4"
# emerge ">=dev-php/mod_php-4.3.4-r4"</code>
</resolution>
<references>
<uri link="http://bugs.php.net/bug.php?id=25753">Corresponding PHP bug</uri>
</references>
</glsa>

92
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-02.xml vendored Normal file
View File

@ -0,0 +1,92 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-02">
<title>XFree86 Font Information File Buffer Overflow</title>
<synopsis>
Exploitation of a buffer overflow in the XFree86 Project Inc.'s XFree86 X
Window System allows local attackers to gain root privileges.
</synopsis>
<product type="ebuild">200402-02</product>
<announced>February 11, 2004</announced>
<revised>February 11, 2004: 01</revised>
<access>local</access>
<affected>
<package name="x11-base/xfree" auto="yes" arch="*">
<vulnerable range="lt">4.3.99.902-r1</vulnerable>
<unaffected range="eq">4.2.1-r3</unaffected>
<unaffected range="eq">4.3.0-r4</unaffected>
<unaffected range="ge">4.3.99.902-r1</unaffected>
</package>
</affected>
<background>
<p>
XFree86, provides a client/server interface between display
hardware and the desktop environment while also providing both the
windowing infrastructure and a standardized API. XFree86 is
platform independent, network-transparent and extensible.
</p>
</background>
<description>
<p>
Exploitation of a buffer overflow in The XFree86 Window System
discovered by iDefence allows local attackers to gain root
privileges.
</p>
<p>
The problem exists in the parsing of the 'font.alias' file. The X
server (running as root) fails to check the length of the user
provided input, so a malicious user may craft a malformed
'font.alias' file causing a buffer overflow upon parsing,
eventually leading to the execution of arbitrary code.
</p>
<p>
To reproduce the overflow on the command line one can run:
</p>
<code>
# cat > fonts.dir &lt;&lt;EOF
1
word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
EOF
# perl -e 'print "0" x 1024 . "A" x 96 . "\n"' > fonts.alias
# X :0 -fp $PWD</code>
<p>
{Some output removed}... Server aborting... Segmentation fault (core dumped)
</p>
</description>
<impact type="high">
<p>
Successful exploitation can lead to a root compromise provided
that the attacker is able to execute commands in the X11
subsystem. This can be done either by having console access to the
target or through a remote exploit against any X client program
such as a web-browser, mail-reader or game.
</p>
</impact>
<workaround>
<p>
No immediate workaround is available; a software upgrade is required.
</p>
<p>
Gentoo has released XFree 4.2.1-r3, 4.3.0-r4 and 4.3.99.902-r1 and
encourages all users to upgrade their XFree86
installations. Vulnerable versions are no longer available in
Portage.
</p>
</workaround>
<resolution>
<p>
All users are recommended to upgrade their XFree86 installation:
</p>
<code>
# emerge sync
# emerge -pv x11-base/xfree
# emerge x11-base/xfree</code>
</resolution>
<references>
<uri
link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083">CVE: CAN-2004-0083</uri>
<uri link="http://www.idefense.com/application/poi/display?id=72&amp;type=vulnerabilities">Vulnerability:
XFree86 Font Information File Buffer Overflow</uri>
</references>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-03.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-03">
<title>Monkeyd Denial of Service vulnerability</title>
<synopsis>
A bug in get_real_string() function allows for a Denial of Service attack to be
launched against the webserver.
</synopsis>
<product type="ebuild">monkeyd</product>
<announced>February 11, 2004</announced>
<revised>February 11, 2004: 01</revised>
<bug>41156</bug>
<access>remote</access>
<affected>
<package name="www-servers/monkeyd" auto="yes" arch="*">
<unaffected range="ge">0.8.2</unaffected>
<vulnerable range="lt">0.8.2</vulnerable>
</package>
</affected>
<background>
<p>
The Monkey HTTP daemon is a Web server written in C that works
under Linux and is based on the HTTP/1.1 protocol. It aims to develop
a fast, efficient and small web server.
</p>
</background>
<description>
<p>
A bug in the URI processing of incoming requests allows for a Denial of
Service to be launched against the webserver, which may cause the server
to crash or behave sporadically.
</p>
</description>
<impact type="normal">
<p>
Although there are no public exploits known for bug, users are recommended
to upgrade to ensure the security of their infrastructure.
</p>
</impact>
<workaround>
<p>
There is no immediate workaround; a software upgrade is
required. The vulnerable function in the code has been rewritten.
</p>
</workaround>
<resolution>
<p>
All users are recommended to upgrade monkeyd to 0.8.2:
</p>
<code>
# emerge sync
# emerge -pv ">=www-servers/monkeyd-0.8.2"
# emerge ">=www-servers/monkeyd-0.8.2"</code>
</resolution>
<references>
<uri link="http://cvs.sourceforge.net/viewcvs.py/monkeyd/monkeyd/src/utils.c?r1=1.3&amp;r2=1.4">CVS Patch</uri>
</references>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-04.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-04">
<title>Gallery 1.4.1 and below remote exploit vulnerability</title>
<synopsis>
The Gallery developers have discovered a potentially serious security flaw
in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 which can allow a
remote exploit of your webserver.
</synopsis>
<product type="ebuild">Gallery</product>
<announced>February 11, 2004</announced>
<revised>February 11, 2004: 01</revised>
<bug>39638</bug>
<access>remote</access>
<affected>
<package name="www-apps/gallery" auto="yes" arch="*">
<unaffected range="ge">1.4.1_p1</unaffected>
<vulnerable range="lt">1.4.1_p1</vulnerable>
</package>
</affected>
<background>
<p>
Gallery is an open source image management system written in PHP.
More information is available at http://gallery.sourceforge.net
</p>
</background>
<description>
<p>
Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour
of the PHP 'register_globals' variable in environments where that setting
is disabled. It is simulated by extracting the values of the various
$HTTP_ global variables into the global namespace.
</p>
</description>
<impact type="normal">
<p>
A crafted URL such as
http://example.com/gallery/init.php?HTTP_POST_VARS=xxx causes the
'register_globals' simulation code to overwrite the $HTTP_POST_VARS which,
when it is extracted, will deliver the given payload. If the
payload compromises $GALLERY_BASEDIR then the malicious user can perform a
PHP injection exploit and gain remote access to the webserver with PHP
user UID access rights.
</p>
</impact>
<workaround>
<p>
The workaround for the vulnerability is to replace init.php and
setup/init.php with the files in the following ZIP file:
http://prdownloads.sourceforge.net/gallery/patch_1.4.1-to-1.4.1-pl1.zip?download
</p>
</workaround>
<resolution>
<p>
All users are encouraged to upgrade their gallery installation:
</p>
<code>
# emerge sync
# emerge -p ">=www-apps/gallery-1.4.1_p1"
# emerge ">=www-apps/gallery-1.4.1_p1"</code>
</resolution>
<references>
</references>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-05.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-05">
<title>phpMyAdmin &lt; 2.5.6-rc1: possible attack against export.php</title>
<synopsis>
A vulnerability in phpMyAdmin which was not properly verifying user
generated input could lead to a directory traversal attack.
</synopsis>
<product type="ebuild">phpmyadmin</product>
<announced>February 17, 2004</announced>
<revised>February 17, 2004: 01</revised>
<bug>40268</bug>
<access>remote</access>
<affected>
<package name="dev-db/phpmyadmin" auto="yes" arch="*">
<unaffected range="ge">2.5.6_rc1</unaffected>
<vulnerable range="le">2.5.5_p1</vulnerable>
</package>
</affected>
<background>
<p>
phpMyAdmin is a tool written in PHP intended to handle the administration
of MySQL databased over the Web.
</p>
</background>
<description>
<p>
One component of the phpMyAdmin software package (export.php) does not
properly verify input that is passed to it from a remote user. Since the
input is used to include other files, it is possible to launch a directory
traversal attack.
</p>
</description>
<impact type="normal">
<p>
Private information could be gleaned from the remote server if an attacker
uses a malformed URL such as http://phpmyadmin.example.com/export.php?what=../../../[existing_file]
</p>
<p>
In this scenario, the script does not sanitize the "what" argument passed
to it, allowing directory traversal attacks to take place, disclosing
the contents of files if the file is readable as the web-server user.
</p>
</impact>
<workaround>
<p>
The workaround is to either patch the export.php file using the
referenced CVS patch or upgrade the software via Portage.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to upgrade to phpMyAdmin-2.5.6_rc1:
</p>
<code>
# emerge sync
# emerge -pv ">=dev-db/phpmyadmin-2.5.6_rc1"
# emerge ">=dev-db/phpmyadmin-2.5.6_rc1"
# emerge clean</code>
</resolution>
<references>
<uri link="http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/export.php?r1=2.3&amp;r2=2.3.2.1">CVS Patch</uri>
</references>
</glsa>

90
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-06.xml vendored Normal file
View File

@ -0,0 +1,90 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-06">
<title>Updated kernel packages fix the AMD64 ptrace vulnerability</title>
<synopsis>
A vulnerability has been discovered by in the ptrace emulation code for
AMD64 platforms when eflags are processed, allowing a local user to obtain
elevated priveleges.
</synopsis>
<product type="ebuild">Kernel</product>
<announced>February 17, 2004</announced>
<revised>February 17, 2004: 01</revised>
<access>local</access>
<affected>
<package name="sys-kernel/ck-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.6.2</unaffected>
<vulnerable range="lt">2.6.2</vulnerable>
</package>
<package name="sys-kernel/development-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.6.2</unaffected>
<vulnerable range="lt">2.6.2</vulnerable>
</package>
<package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.6.2</unaffected>
<vulnerable range="lt">2.6.2</vulnerable>
</package>
<package name="sys-kernel/gentoo-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.4.22-r6</unaffected>
<vulnerable range="lt">2.4.22-r6</vulnerable>
</package>
<package name="sys-kernel/gentoo-test-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.6.2-r1</unaffected>
<vulnerable range="lt">2.6.2</vulnerable>
</package>
<package name="sys-kernel/gs-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.4.25_pre7-r1</unaffected>
<vulnerable range="lt">2.4.25_pre7-r1</vulnerable>
</package>
<package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.4.25_rc3</unaffected>
<vulnerable range="lt">2.4.25_rc3</vulnerable>
</package>
<package name="sys-kernel/vanilla-sources" auto="yes" arch="amd64">
<unaffected range="ge">2.4.24-r1</unaffected>
<vulnerable range="lt">2.4.24-r1</vulnerable>
</package>
</affected>
<description>
<p>
A vulnerability has been discovered by Andi Kleen in the ptrace emulation
code for AMD64 platforms when eflags are processed, allowing a local user
to obtain elevated priveleges. The Common Vulnerabilities and Exposures
project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue.
</p>
</description>
<impact type="normal">
<p>
Only users of the AMD64 platform are affected: in this scenario, a user may
be able to obtain elevated priveleges, including root access. However, no
public exploit is known for the vulnerability at this time.
</p>
</impact>
<workaround>
<p>
There is no temporary workaround - a kernel upgrade is required. A list of
unaffected kernels is provided along with this announcement.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to upgrade to the latest available sources for
their system:
</p>
<code>
# emerge sync
# emerge -pv your-favourite-sources
# emerge your-favourite-sources
# # Follow usual procedure for compiling and installing a kernel.
# # If you use genkernel, run genkernel as you would do normally.
</code>
<code>
# # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
# # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
# # REPORTS THAT THE SAME VERSION IS INSTALLED.
</code>
</resolution>
<references>
</references>
</glsa>

66
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-07.xml vendored Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-07">
<title>Clam Antivirus DoS vulnerability</title>
<synopsis>
Oliver Eikemeier has reported a vulnerability in Clam AV, which can be
exploited by a malformed uuencoded message causing a denial of service for
programs that rely on the clamav daemon, such as SMTP daemons.
</synopsis>
<product type="ebuild">clamav</product>
<announced>February 17, 2004</announced>
<revised>February 17, 2004: 01</revised>
<bug>41248</bug>
<access>remote</access>
<affected>
<package name="app-antivirus/clamav" auto="yes" arch="*">
<unaffected range="ge">0.67</unaffected>
<vulnerable range="lt">0.67</vulnerable>
</package>
</affected>
<background>
<p>
Clam AntiVirus is a GPLed anti-virus toolkit, designed for integration with
mail servers to perform attachment scanning. Clam AV also provides a
command line scanner and a tool for fetching updates of the virus database.
</p>
</background>
<description>
<p>
Oliver Eikemeier of Fillmore Labs discovered the overflow in Clam AV 0.65
when it handled malformed UUEncoded messages, causing the daemon to shut
down.
</p>
<p>
The problem originated in libclamav which calculates the line length of an
uuencoded message by taking the ASCII value of the first character minus 64
while doing an assertion if the length is not in the allowed range,
effectively terminating the calling program as clamav would not be
available.
</p>
</description>
<impact type="normal">
<p>
A malformed message would cause a denial of service,
and depending on the server configuration this may impact other daemons
relying on Clam AV in a fatal manner.
</p>
</impact>
<workaround>
<p>
There is no immediate workaround, a software upgrade is required.
</p>
</workaround>
<resolution>
<p>
All users are urged to upgrade their Clam AV installations to Clam AV 0.67:
</p>
<code>
# emerge sync
# emerge -pv ">=app-antivirus/clamav-0.6.7"
# emerge ">=app-antivirus/clamav-0.6.7"</code>
</resolution>
<references>
</references>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-01.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-01">
<title>Libxml2 URI Parsing Buffer Overflow Vulnerabilities</title>
<synopsis>
A buffer overflow has been discovered in libxml2 versions prior to
2.6.6 which may be exploited by an attacker allowing the execution of
arbitrary code.
</synopsis>
<product type="ebuild">libxml</product>
<announced>March 05, 2004</announced>
<revised>March 05, 2004: 01</revised>
<bug>42735</bug>
<access>local and remote combination</access>
<affected>
<package name="dev-libs/libxml2" auto="yes" arch="*">
<unaffected range="ge">2.6.6</unaffected>
<vulnerable range="lt">2.6.6</vulnerable>
</package>
</affected>
<description>
<p>
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2
uses parsing routines that can overflow a buffer caused by improper bounds
checking if they are passed a URL longer than 4096 bytes.
</p>
</description>
<impact type="normal">
<p>
If an attacker is able to exploit an application using libxml2 that parses
remote resources, then this flaw could be used to execute arbitrary code.
</p>
</impact>
<workaround>
<p>
No workaround is available; users are urged to upgrade libxml2 to 2.6.6.
</p>
</workaround>
<resolution>
<p>
All users are recommended to upgrade their libxml2 installation:
</p>
<code>
# emerge sync
# emerge -pv ">=dev-libs/libxml2-2.6.6"
# emerge ">=dev-libs/libxml2-2.6.6"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110">CVE 2004-0110</uri>
</references>
</glsa>

242
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-02.xml vendored Normal file
View File

@ -0,0 +1,242 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-02">
<title>Linux kernel do_mremap local privilege escalation vulnerability</title>
<synopsis>
A critical security vulnerability has been found in recent Linux kernels by
Paul Starzetz of iSEC Security Research which allows for local privilege
escalations.
</synopsis>
<product type="ebuild">Kernel</product>
<announced>March 05, 2004</announced>
<revised>May 22, 2006: 03</revised>
<bug>42024</bug>
<access>local</access>
<affected>
<package name="sys-kernel/aa-sources" auto="no" arch="*">
<unaffected range="ge">2.4.23-r1</unaffected>
<vulnerable range="lt">2.4.23-r1</vulnerable>
</package>
<package name="sys-kernel/alpha-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.21-r4</unaffected>
<vulnerable range="lt">2.4.21-r4</vulnerable>
</package>
<package name="sys-kernel/ck-sources" auto="no" arch="*">
<unaffected range="eq">2.4.24-r1</unaffected>
<unaffected range="ge">2.6.2-r1</unaffected>
<vulnerable range="lt">2.6.2-r1</vulnerable>
</package>
<package name="sys-kernel/compaq-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.9.32.7-r2</unaffected>
<vulnerable range="lt">2.4.9.32.7-r2</vulnerable>
</package>
<package name="sys-kernel/development-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.3_rc1</unaffected>
<vulnerable range="lt">2.6.3_rc1</vulnerable>
</package>
<package name="sys-kernel/gaming-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.20-r8</unaffected>
<vulnerable range="lt">2.4.20-r8</vulnerable>
</package>
<package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.3_rc1</unaffected>
<vulnerable range="lt">2.6.3_rc1</vulnerable>
</package>
<package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
<unaffected range="eq">2.4.19-r11</unaffected>
<unaffected range="eq">2.4.20-r12</unaffected>
<unaffected range="ge">2.4.22-r7</unaffected>
<vulnerable range="lt">2.4.22-r7</vulnerable>
</package>
<package name="sys-kernel/grsec-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24.1.9.13-r1</unaffected>
<vulnerable range="lt">2.4.24.1.9.13-r1</vulnerable>
</package>
<package name="sys-kernel/gs-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.25_pre7-r2</unaffected>
<vulnerable range="lt">2.4.25_pre7-r2</vulnerable>
</package>
<package name="sys-kernel/hardened-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r1</unaffected>
<vulnerable range="lt">2.4.24-r1</vulnerable>
</package>
<package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.2_p3-r1</unaffected>
<vulnerable range="lt">2.6.2_p3-r1</vulnerable>
</package>
<package name="sys-kernel/hppa-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24_p0-r1</unaffected>
<vulnerable range="lt">2.4.24_p0-r1</vulnerable>
</package>
<package name="sys-kernel/ia64-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r1</unaffected>
<vulnerable range="lt">2.4.24-r1</vulnerable>
</package>
<package name="sys-kernel/mips-prepatch-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.25_pre6-r1</unaffected>
<vulnerable range="lt">2.4.25_pre6-r1</vulnerable>
</package>
<package name="sys-kernel/mips-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.25_rc4</unaffected>
<vulnerable range="lt">2.4.25_rc4</vulnerable>
</package>
<package name="sys-kernel/mm-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.3_rc1-r1</unaffected>
<vulnerable range="lt">2.6.3_rc1-r1</vulnerable>
</package>
<package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.22-r4</unaffected>
<vulnerable range="lt">2.4.22-r4</vulnerable>
</package>
<package name="sys-kernel/pac-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23-r3</unaffected>
<vulnerable range="lt">2.4.23-r3</vulnerable>
</package>
<package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.21-r5</unaffected>
<vulnerable range="lt">2.4.21-r5</vulnerable>
</package>
<package name="sys-kernel/ppc-development-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.3_rc1-r1</unaffected>
<vulnerable range="lt">2.6.3_rc1-r1</vulnerable>
</package>
<package name="sys-kernel/ppc-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r1</unaffected>
<vulnerable range="lt">2.4.24-r1</vulnerable>
</package>
<package name="sys-kernel/ppc-sources-benh" auto="yes" arch="*">
<unaffected range="ge">2.4.22-r5</unaffected>
<vulnerable range="lt">2.4.22-r5</vulnerable>
</package>
<package name="sys-kernel/ppc-sources-crypto" auto="yes" arch="*">
<unaffected range="ge">2.4.20-r3</unaffected>
<vulnerable range="lt">2.4.20-r3</vulnerable>
</package>
<package name="sys-kernel/ppc-sources-dev" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r2</unaffected>
<vulnerable range="lt">2.4.24-r2</vulnerable>
</package>
<package name="sys-kernel/selinux-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r2</unaffected>
<vulnerable range="lt">2.4.24-r2</vulnerable>
</package>
<package name="sys-kernel/sparc-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.3_rc1</unaffected>
<vulnerable range="lt">2.6.3_rc1</vulnerable>
</package>
<package name="sys-kernel/sparc-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r2</unaffected>
<vulnerable range="lt">2.4.24-r2</vulnerable>
</package>
<package name="sys-kernel/usermode-sources" auto="yes" arch="*">
<unaffected range="rge">2.4.24-r1</unaffected>
<unaffected range="rge">2.4.26</unaffected>
<unaffected range="ge">2.6.3-r1</unaffected>
<vulnerable range="lt">2.6.3-r1</vulnerable>
</package>
<package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.25_rc4</unaffected>
<vulnerable range="lt">2.4.25_rc4</vulnerable>
</package>
<package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.25</unaffected>
<vulnerable range="lt">2.4.25</vulnerable>
</package>
<package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
<unaffected range="eq">2.4.23-r2</unaffected>
<unaffected range="ge">2.6.2-r1</unaffected>
<vulnerable range="lt">2.6.2-r1</vulnerable>
</package>
<package name="sys-kernel/wolk-sources" auto="yes" arch="*">
<unaffected range="eq">4.9-r4</unaffected>
<unaffected range="ge">4.10_pre7-r3</unaffected>
<vulnerable range="lt">4.10_pre7-r3</vulnerable>
</package>
<package name="sys-kernel/xfs-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r2</unaffected>
<vulnerable range="lt">2.4.24-r2</vulnerable>
</package>
</affected>
<background>
<p>
The Linux kernel is responsible for memory management in a working
system - to allow this, processes are allowed to allocate and
unallocate memory.
</p>
</background>
<description>
<p>
The memory subsystem allows for shrinking, growing, and moving of
chunks of memory along any of the allocated memory areas which the
kernel posesses.
</p>
<p>
To accomplish this, the do_mremap code calls the do_munmap() kernel
function to remove any old memory mappings in the new location - but,
the code doesn't check the return value of the do_munmap() function
which may fail if the maximum number of available virtual memory area
descriptors has been exceeded.
</p>
<p>
Due to the missing return value check after trying to unmap the middle
of the first memory area, the corresponding page table entries from the
second new area are inserted into the page table locations described by
the first old one, thus they are subject to page protection flags of
the first area. As a result, arbitrary code can be executed.
</p>
</description>
<impact type="high">
<p>
Arbitrary code with normal non-super-user privelerges may be able to
exploit this vulnerability and may disrupt the operation of other parts
of the kernel memory management subroutines finally leading to
unexpected behavior.
</p>
<p>
Since no special privileges are required to use the mremap() and
mummap() system calls any process may misuse this unexpected behavior
to disrupt the kernel memory management subsystem. Proper exploitation
of this vulnerability may lead to local privilege escalation allowing
for the execution of arbitrary code with kernel level root access.
</p>
<p>
Proof-of-concept exploit code has been created and successfully tested,
permitting root escalation on vulnerable systems. As a result, all
users should upgrade their kernels to new or patched versions.
</p>
</impact>
<workaround>
<p>
Users who are unable to upgrade their kernels may attempt to use
"sysctl -w vm.max_map_count=1000000", however, this is a temporary fix
which only solves the problem by increasing the number of memory areas
that can be created by each process. Because of the static nature of
this workaround, it is not recommended and users are urged to upgrade
their systems to the latest avaiable patched sources.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to upgrade to the latest available sources for
their system:
</p>
<code>
# emerge sync
# emerge -pv your-favourite-sources
# emerge your-favourite-sources
# # Follow usual procedure for compiling and installing a kernel.
# # If you use genkernel, run genkernel as you would do normally.
# # IF YOUR KERNEL IS MARKED as &quot;remerge required!&quot; THEN
# # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
# # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
</resolution>
<references>
<uri link="http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt">Advisory released by iSEC</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0077">CVE-2004-0077</uri>
</references>
<metadata tag="submitter" timestamp="Sat, 2 Apr 2005 12:59:08 +0000">
koon
</metadata>
</glsa>

91
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-03.xml vendored Normal file
View File

@ -0,0 +1,91 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-03">
<title>Multiple OpenSSL Vulnerabilities</title>
<synopsis>
Three vulnerabilities have been found in OpenSSL via a commercial test
suite for the TLS protocol developed by Codenomicon Ltd.
</synopsis>
<product type="ebuild">OpenSSL</product>
<announced>March 17, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>44941</bug>
<access>remote</access>
<affected>
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">0.9.7d</unaffected>
<unaffected range="eq">0.9.6m</unaffected>
<vulnerable range="le">0.9.7c</vulnerable>
</package>
</affected>
<background>
<p>
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols as well as a full-strength general purpose cryptography
library.
</p>
</background>
<description>
<ol>
<li>
Testing performed by the OpenSSL group using the Codenomicon TLS Test
Tool uncovered a null-pointer assignment in the do_change_cipher_spec()
function. A remote attacker could perform a carefully crafted SSL/TLS
handshake against a server that used the OpenSSL library in such a way
as to cause OpenSSL to crash. Depending on the application this could
lead to a denial of service. All versions of OpenSSL from 0.9.6c to
0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by
this issue.
</li>
<li>
A flaw has been discovered in SSL/TLS handshaking code when using
Kerberos ciphersuites. A remote attacker could perform a carefully
crafted SSL/TLS handshake against a server configured to use Kerberos
ciphersuites in such a way as to cause OpenSSL to crash. Most
applications have no ability to use Kerberos cipher suites and will
therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL
are affected by this issue.
</li>
<li>
Testing performed by the OpenSSL group using the Codenomicon TLS Test
Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead
to a Denial of Service attack (infinite loop). This issue was traced to
a fix that was added to OpenSSL 0.9.6d some time ago. This issue will
affect vendors that ship older versions of OpenSSL with backported
security patches.
</li>
</ol>
</description>
<impact type="normal">
<p>
Although there are no public exploits known for bug, users are
recommended to upgrade to ensure the security of their infrastructure.
</p>
</impact>
<workaround>
<p>
There is no immediate workaround; a software upgrade is required. The
vulnerable function in the code has been rewritten.
</p>
</workaround>
<resolution>
<p>
All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-libs/openssl-0.9.7d&quot;
# emerge &quot;&gt;=dev-libs/openssl-0.9.7d&quot;</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079">CVE-2004-0079</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081">CVE-2004-0081</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112">CVE-2004-0112</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:54:03 +0000">
DerCorny
</metadata>
</glsa>

111
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-04.xml vendored Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-04">
<title>Multiple security vulnerabilities in Apache 2</title>
<synopsis>
A memory leak in mod_ssl allows a remote denial of service attack against
an SSL-enabled server via plain HTTP requests. Another flaw was found when
arbitrary client-supplied strings can be written to the error log, allowing
the exploit of certain terminal emulators. A third flaw exists with the
mod_disk_cache module.
</synopsis>
<product type="ebuild">Apache</product>
<announced>March 22, 2004</announced>
<revised>December 30, 2007: 03</revised>
<bug>45206</bug>
<access>remote</access>
<affected>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="eq">1.3*</unaffected>
<unaffected range="ge">2.0.49</unaffected>
<vulnerable range="le">2.0.48</vulnerable>
</package>
</affected>
<background>
<p>
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems. The goal of this
project is to provide a secure, efficient and extensible server that
provides services in tune with the current HTTP standards.
</p>
</background>
<description>
<p>
Three vulnerabilities were found:
</p>
<ol>
<li>
A memory leak in ssl_engine_io.c for mod_ssl in Apache 2.0.48 and below
allows remote attackers to cause a denial of service attack via plain
HTTP requests to the SSL port of an SSL-enabled server.
</li>
<li>
Apache fails to filter terminal escape sequences from error logs that
begin with the ASCII (0x1B) sequence and are followed by a series of
arguments. If a remote attacker could inject escape sequences into an
Apache error log, the attacker could take advantages of weaknesses in
various terminal emulators, launching attacks against remote users
including further denial of service attacks, file modification, and the
execution of arbitrary commands.
</li>
<li>
The Apache mod_disk_cache has been found to be vulnerable to a weakness
that allows attackers to gain access to authentication credentials
through the issue of caching HTTP hop-by-hop headers which would
contain plaintext user passwords. There is no available resolution for
this issue yet.
</li>
</ol>
</description>
<impact type="normal">
<p>
No special privileges are required for these vulnerabilities. As a
result, all users are recommended to upgrade their Apache
installations.
</p>
</impact>
<workaround>
<p>
There is no immediate workaround; a software upgrade is required. There
is no workaround for the mod_disk_cache issue; users are recommended to
disable the feature on their servers until a patched version is
released.
</p>
</workaround>
<resolution>
<p>
Users are urged to upgrade to Apache 2.0.49:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-servers/apache-2.0.49&quot;
# emerge &quot;&gt;=www-servers/apache-2.0.49&quot;
# ** IMPORTANT **
# If you are migrating from Apache 2.0.48-r1 or earlier versions,
# it is important that the following directories are removed.
# The following commands should cause no data loss since these
# are symbolic links.
# rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules
# rm /etc/apache2/modules
# ** ** ** ** **
# ** ALSO NOTE **
# Users who use mod_disk_cache should edit their Apache
# configuration and disable mod_disk_cache.</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/9933/info/">Apache mod_disk_cache authentication storage weakness vulnerability</uri>
<uri link="http://www.apache.org/dist/httpd/Announcement2.html">Apache HTTP Server 2.0.49 Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:52:59 +0000">
DerCorny
</metadata>
</glsa>

68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-05.xml vendored Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-05">
<title>UUDeview MIME Buffer Overflow</title>
<synopsis>
A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe
extensions) may cause UUDeview to crash or execute arbitrary code.
</synopsis>
<product type="ebuild">UUDeview</product>
<announced>March 26, 2004</announced>
<revised>March 26, 2004: 01</revised>
<bug>44859</bug>
<access>remote</access>
<affected>
<package name="app-text/uudeview" auto="yes" arch="*">
<unaffected range="ge">0.5.20</unaffected>
<vulnerable range="lt">0.5.20</vulnerable>
</package>
</affected>
<background>
<p>
UUDeview is a program which is used to transmit binary files over the
Internet in a text-only format. It is commonly used for email and Usenet
attachments. It supports multiple encoding formats, including Base64,
BinHex and UUEncoding.
</p>
</background>
<description>
<p>
By decoding a MIME archive with excessively long strings for various
parameters, it is possible to crash UUDeview, or cause it to execute
arbitrary code.
</p>
<p>
This vulnerability was originally reported by iDEFENSE as part of a WinZip
advisory [ Reference: 1 ].
</p>
</description>
<impact type="normal">
<p>
An attacker could create a specially-crafted MIME file and send it via
email. When recipient decodes the file, UUDeview may execute arbitrary code
which is embedded in the MIME file, thus granting the attacker access to
the recipient's account.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. As a result, a software upgrade
is required and users should upgrade to uudeview 0.5.20.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to uudeview 0.5.20:
</p>
<code>
# emerge sync
# emerge -pv ">=app-text/uudeview-0.5.20"
# emerge ">=app-text/uudeview-0.5.20"
</code>
</resolution>
<references>
<uri link="http://www.idefense.com/application/poi/display?id=76&amp;type=vulnerabilities">iDEFENSE advisory</uri>
<uri link="http://www.securityfocus.com/bid/9758">SecurityFocus advisory</uri>
</references>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-06.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-06">
<title>Multiple remote buffer overflow vulnerabilities in Courier</title>
<synopsis>
Remote buffer overflow vulnerabilities have been found in Courier-IMAP and
Courier MTA. These exploits may allow the execution of abritrary code,
allowing unauthorized access to a vulnerable system.
</synopsis>
<product type="ebuild">Courier</product>
<announced>March 26, 2004</announced>
<revised>March 26, 2004: 01</revised>
<bug>45584</bug>
<access>remote</access>
<affected>
<package name="net-mail/courier-imap" auto="yes" arch="*">
<unaffected range="ge">3.0.0</unaffected>
<vulnerable range="lt">3.0.0</vulnerable>
</package>
<package name="mail-mta/courier" auto="yes" arch="*">
<unaffected range="ge">0.45</unaffected>
<vulnerable range="lt">0.45</vulnerable>
</package>
</affected>
<background>
<p>
Courier MTA is a multiprotocol mail server suite that provides webmail,
mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server
that gives IMAP access to local mailboxes.
</p>
</background>
<description>
<p>
The vulnerabilities have been found in the 'SHIFT_JIS' converter in
'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may
supply Unicode characters that exceed BMP (Basic Multilingual Plane) range,
causing an overflow.
</p>
</description>
<impact type="normal">
<p>
An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access.
</p>
</impact>
<workaround>
<p>
While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected packages.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to current versions of the affected packages:
</p>
<code>
# emerge sync
# emerge -pv ">=net-mail/courier-imap-3.0.0"
# emerge ">=net-mail/courier-imap-3.0.0"
# ** Or; depending on your installation... **
# emerge -pv ">=mail-mta/courier-0.45"
# emerge ">=mail-mta/courier-0.45"
</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/9845">Courier Multiple Remote Buffer Overflow Vulnerabilities</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224">CAN-2004-0224</uri>
</references>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-07.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-07">
<title>Multiple remote overflows and vulnerabilities in Ethereal</title>
<synopsis>
Mulitple overflows and vulnerabilities exist in Ethereal which may allow an
attacker to crash the program or run arbitrary code.
</synopsis>
<product type="ebuild">ethereal</product>
<announced>March 28, 2004</announced>
<revised>March 28, 2004: 01</revised>
<bug>45543</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/ethereal" auto="yes" arch="*">
<unaffected range="ge">0.10.3</unaffected>
<vulnerable range="le">0.10.2</vulnerable>
</package>
</affected>
<background>
<p>
Quote from http://www.ethereal.com
</p>
<p>
&quot;Ethereal is used by network professionals around the world for
troubleshooting, analysis, software and protocol development, and
education. It has all of the standard features you would expect in a
protocol analyzer, and several features not seen in any other product. Its
open source license allows talented experts in the networking community to
add enhancements. It runs on all popular computing platforms, including
Unix, Linux, and Windows.&quot;
</p>
</background>
<description>
<p>There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:</p>
<ul>
<li>Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.</li>
<li>A zero-length Presentation protocol selector could make Ethereal crash.</li>
<li>A vulnerability in the RADIUS packet dissector which may crash ethereal.</li>
<li>A corrupt color filter file could cause a segmentation fault.</li>
</ul>
</description>
<impact type="high">
<p>
These vulnerabilities may cause Ethereal to crash or may allow an attacker
to run arbitrary code on the user's computer.
</p>
</impact>
<workaround>
<p>
While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the current version of the affected package:
</p>
<code>
# emerge sync
# emerge -pv ">=net-analyzer/ethereal-0.10.3"
# emerge ">=net-analyzer/ethereal-0.10.3"</code>
</resolution>
<references>
<uri link="http://www.ethereal.com/appnotes/enpa-sa-00013.html">Multiple security problems in Ethereal 0.10.2</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176">CAN-2004-0176</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365">CAN-2004-0365</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367">CAN-2004-0367</uri>
</references>
</glsa>

75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-08.xml vendored Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-08">
<title>oftpd DoS vulnerability</title>
<synopsis>
A remotely-exploitable overflow exists in oftpd, allowing an attacker to
crash the oftpd daemon.
</synopsis>
<product type="ebuild">oftpd</product>
<announced>March 29, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>45738</bug>
<access>remote</access>
<affected>
<package name="net-ftp/oftpd" auto="yes" arch="*">
<unaffected range="ge">0.3.7</unaffected>
<vulnerable range="le">0.3.6</vulnerable>
</package>
</affected>
<background>
<p>
Quote from <uri
link="http://www.time-travellers.org/oftpd/">http://www.time-travellers
.org/oftpd/</uri>
</p>
<p>
"oftpd is designed to be as secure as an anonymous FTP server can
possibly be. It runs as non-root for most of the time, and uses the
Unix chroot() command to hide most of the systems directories from
external users - they cannot change into them even if the server is
totally compromised! It contains its own directory change code, so that
it can run efficiently as a threaded server, and its own directory
listing code (most FTP servers execute the system "ls" command to list
files)."
</p>
</background>
<description>
<p>
Issuing a port command with a number higher than 255 causes the server
to crash. The port command may be issued before any authentication
takes place, meaning the attacker does not need to know a valid
username and password in order to exploit this vulnerability.
</p>
</description>
<impact type="normal">
<p>
This exploit causes a denial of service.
</p>
</impact>
<workaround>
<p>
While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the current version of the affected
package:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-ftp/oftpd-0.3.7&quot;
# emerge &quot;&gt;=net-ftp/oftpd-0.3.7&quot;</code>
</resolution>
<references>
<uri link="http://www.time-travellers.org/oftpd/oftpd-dos.html">osftpd DoS Vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0376">CVE-2004-0376</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:52:22 +0000">
DerCorny
</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-09.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-09">
<title>Buffer overflow in Midnight Commander</title>
<synopsis>
A remotely-exploitable buffer overflow in Midnight Commander allows
arbitrary code to be run on a user's computer
</synopsis>
<product type="ebuild">mc</product>
<announced>March 29, 2004</announced>
<revised>March 29, 2004: 01</revised>
<bug>45957</bug>
<access>remote</access>
<affected>
<package name="app-misc/mc" auto="yes" arch="*">
<unaffected range="ge">4.6.0-r5</unaffected>
<vulnerable range="le">4.6.0-r4</vulnerable>
</package>
</affected>
<background>
<p>
Midnight Commander is a visual file manager.
</p>
</background>
<description>
<p>
A stack-based buffer overflow has been found in Midnight Commander's
virtual filesystem.
</p>
</description>
<impact type="high">
<p>
This overflow allows an attacker to run arbitrary code on the user's
computer during the symlink conversion process.
</p>
</impact>
<workaround>
<p>
While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the current version of the affected package:
</p>
<code>
# emerge sync
# emerge -pv ">=app-misc/mc-4.6.0-r5"
# emerge ">=app-misc/mc-4.6.0-r5"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023">CAN-2003-1023</uri>
</references>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-10.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-10">
<title>Fetchmail 6.2.5 fixes a remote DoS</title>
<synopsis>
Fetchmail versions 6.2.4 and earlier can be crashed by sending a
specially-crafted email to a fetchmail user.
</synopsis>
<product type="ebuild">fetchmail</product>
<announced>March 30, 2004</announced>
<revised>March 30, 2004: 01</revised>
<bug>37717</bug>
<access>remote</access>
<affected>
<package name="net-mail/fetchmail" auto="yes" arch="*">
<unaffected range="ge">6.2.5</unaffected>
<vulnerable range="le">6.2.4</vulnerable>
</package>
</affected>
<background>
<p>
Fetchmail is a utility that retrieves and forwards mail from remote systems
using IMAP, POP, and other protocols.
</p>
</background>
<description>
<p>
Fetchmail versions 6.2.4 and earlier can be crashed by sending a
specially-crafted email to a fetchmail user. This problem occurs because
Fetchmail does not properly allocate memory for long lines in an incoming
email.
</p>
</description>
<impact type="normal">
<p>
Fetchmail users who receive a malicious email may have their fetchmail
program crash.
</p>
</impact>
<workaround>
<p>
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail.
</p>
</workaround>
<resolution>
<p>
Fetchmail users should upgrade to version 6.2.5 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=net-mail/fetchmail-6.2.5"
# emerge ">=net-mail/fetchmail-6.2.5"</code>
</resolution>
<references>
<uri link="http://xforce.iss.net/xforce/xfdb/13450">ISS X-Force Listing</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792">CVE Candidate (CAN-2003-0792)</uri>
</references>
</glsa>

78
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-11.xml vendored Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-11">
<title>Squid ACL [url_regex] bypass vulnerability</title>
<synopsis>
Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to
bypass Access Control Lists by sending a specially-crafted URL request
containing '%00': in such circumstances; the url_regex ACL may not properly
detect the malicious URL, allowing the attacker to effectively bypass the
ACL.
</synopsis>
<product type="ebuild">Squid</product>
<announced>March 30, 2004</announced>
<revised>September 02, 2004: 02</revised>
<bug>45273</bug>
<access>remote</access>
<affected>
<package name="net-proxy/squid" auto="yes" arch="*">
<unaffected range="ge">2.5.5</unaffected>
<vulnerable range="lt">2.5.5</vulnerable>
</package>
</affected>
<background>
<p>
Squid is a fully-featured Web Proxy Cache designed to run on Unix systems
that supports proxying and caching of HTTP, FTP, and other URLs, as well as
SSL support, cache hierarchies, transparent caching, access control lists
and many other features.
</p>
</background>
<description>
<p>
A bug in Squid allows users to bypass certain access controls by passing a
URL containing &quot;%00&quot; which exploits the Squid decoding function.
This may insert a NUL character into decoded URLs, which may allow users to
bypass url_regex access control lists that are enforced upon them.
</p>
<p>
In such a scenario, Squid will insert a NUL character after
the&quot;%00&quot; and it will make a comparison between the URL to the end
of the NUL character rather than the contents after it: the comparison does
not result in a match, and the user's request is not denied.
</p>
</description>
<impact type="normal">
<p>
Restricted users may be able to bypass url_regex access control lists that
are enforced upon them which may cause unwanted network traffic as well as
a route for other possible exploits. Users of Squid 2.5STABLE4 and below
who require the url_regex features are recommended to upgrade to 2.5STABLE5
to maintain the security of their infrastructure.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of Squid.
</p>
</workaround>
<resolution>
<p>
Squid can be updated as follows:
</p>
<code>
# emerge sync
# emerge -pv ">=net-proxy/squid-2.5.5"
# emerge ">=net-proxy/squid-2.5.5"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri>
<uri link="http://www.squid-cache.org/Advisories/SQUID-2004_1.txt">Squid 2.5.STABLE5 Release Announcement</uri>
</references>
<metadata tag="submitter" timestamp="Thu, 2 Sep 2004 21:11:59 +0000">
vorlon078
</metadata>
</glsa>

69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-12.xml vendored Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-12">
<title>OpenLDAP DoS Vulnerability</title>
<synopsis>
A failed password operation can cause the OpenLDAP slapd server, if it is
using the back-ldbm backend, to free memory that was never allocated.
</synopsis>
<product type="ebuild">openldap</product>
<announced>March 31, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>26728</bug>
<access>remote</access>
<affected>
<package name="net-nds/openldap" auto="yes" arch="*">
<unaffected range="ge">2.1.13</unaffected>
<vulnerable range="le">2.1.12</vulnerable>
</package>
</affected>
<background>
<p>
OpenLDAP is a suite of LDAP-related application and development tools.
It includes slapd (the standalone LDAP server), slurpd (the standalone
LDAP replication server), and various LDAP libraries, utilities and
example clients.
</p>
</background>
<description>
<p>
A password extended operation (password EXOP) which fails will cause
the slapd server to free() an uninitialized pointer, possibly resulting
in a segfault. This only affects servers using the back-ldbm backend.
</p>
<p>
Such a crash is not guaranteed with every failed operation, however, it
is possible.
</p>
</description>
<impact type="normal">
<p>
An attacker (or indeed, a normal user) may crash the OpenLDAP server,
creating a Denial of Service condition.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
OpenLDAP users should upgrade to version 2.1.13 or later:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-nds/openldap-2.1.13&quot;
# emerge &quot;&gt;=net-nds/openldap-2.1.13&quot;</code>
</resolution>
<references>
<uri link="http://www.openldap.org/its/index.cgi?findid=2390">OpenLDAP ITS Bug and Patch</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1201">CVE-2003-1201</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:51:37 +0000">
DerCorny
</metadata>
</glsa>

98
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml vendored Normal file
View File

@ -0,0 +1,98 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-13">
<title>Remote buffer overflow in MPlayer</title>
<synopsis>
MPlayer contains a remotely exploitable buffer overflow in the HTTP parser
that may allow attackers to run arbitrary code on a user's computer.
</synopsis>
<product type="ebuild">mplayer</product>
<announced>March 31, 2004</announced>
<revised>October 11, 2006: 03</revised>
<bug>46246</bug>
<access>remote</access>
<affected>
<package name="media-video/mplayer" auto="yes" arch="x86 and sparc">
<unaffected range="ge">0.92-r1</unaffected>
<vulnerable range="le">0.92</vulnerable>
</package>
<package name="media-video/mplayer" auto="yes" arch="amd64">
<unaffected range="ge">1.0_pre2-r1</unaffected>
<vulnerable range="le">1.0_pre2</vulnerable>
</package>
<package name="media-video/mplayer" auto="yes" arch="ppc">
<unaffected range="ge">1.0_pre3-r3</unaffected>
<vulnerable range="le">1.0_pre3</vulnerable>
</package>
</affected>
<background>
<p>
Quote from <uri link="http://mplayerhq.hu">http://mplayerhq.hu</uri>
</p>
<p>
"MPlayer is a movie player for LINUX (runs on many other Unices, and
non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI,
OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG,
FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL
codecs. You can watch VideoCD, SVCD, DVD, 3ivx, DivX 3/4/5 and even WMV
movies, too."
</p>
</background>
<description>
<p>
A vulnerability exists in the MPlayer HTTP parser which may allow an
attacker to craft a special HTTP header ("Location:") which will trick
MPlayer into executing arbitrary code on the user's computer.
</p>
</description>
<impact type="high">
<p>
An attacker without privileges may exploit this vulnerability remotely,
allowing arbitrary code to be executed in order to gain unauthorized
access.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
MPlayer may be upgraded as follows:
</p>
<p>
x86 and SPARC users should:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/mplayer-0.92-r1&quot;
# emerge &quot;&gt;=media-video/mplayer-0.92-r1&quot;</code>
<p>
AMD64 users should:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/mplayer-1.0_pre2-r1&quot;
# emerge &quot;&gt;=media-video/mplayer-1.0_pre2-r1&quot;</code>
<p>
PPC users should:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/mplayer-1.0_pre3-r2&quot;
# emerge &quot;&gt;=media-video/mplayer-1.0_pre3-r2&quot;</code>
</resolution>
<references>
<uri link="http://www.mplayerhq.hu/homepage/design6/news.html">MPlayerHQ News</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0386">CVE-2004-0386</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:45:24 +0000">
DerCorny
</metadata>
</glsa>

73
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-14.xml vendored Normal file
View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-14">
<title>Multiple Security Vulnerabilities in Monit</title>
<synopsis>
A denial of service and a buffer overflow vulnerability have been found in
Monit.
</synopsis>
<product type="ebuild">app-admin/monit</product>
<announced>March 31, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>43967</bug>
<access>remote</access>
<affected>
<package name="app-admin/monit" auto="yes" arch="*">
<unaffected range="ge">4.2</unaffected>
<vulnerable range="le">4.1</vulnerable>
</package>
</affected>
<background>
<p>
Monit is a system administration utility that allows management and
monitoring of processes, files, directories and devices on a Unix
system.
</p>
</background>
<description>
<p>
A denial of service may occur due to Monit not sanitizing remotely
supplied HTTP parameters before passing them to memory allocation
functions. This could allow an attacker to cause an unexpected
condition that could lead to the Monit daemon crashing.
</p>
<p>
An overly long http request method may cause a buffer overflow due to
Monit performing insufficient bounds checking when handling HTTP
requests.
</p>
</description>
<impact type="high">
<p>
An attacker may crash the Monit daemon to create a denial of service
condition or cause a buffer overflow that would allow arbitrary code to
be executed with root privileges.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Monit users should upgrade to version 4.2 or later:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-admin/monit-4.2&quot;
# emerge &quot;&gt;=app-admin/monit-4.2&quot;</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/9098">Monit HTTP Content-Length Parameter Denial of Service Vulnerability</uri>
<uri link="http://www.securityfocus.com/bid/9099">Monit Overly Long HTTP Request Buffer Overrun Vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1083">CVE-2003-1083</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1084">CVE-2003-1084</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:44:45 +0000">
DerCorny
</metadata>
</glsa>

93
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-01.xml vendored Normal file
View File

@ -0,0 +1,93 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-01">
<title>Insecure sandbox temporary lockfile vulnerabilities in Portage</title>
<synopsis>
A flaw has been found in the temporary file handling algorithms for the
sandboxing code used within Portage. Lockfiles created during normal Portage
operation of portage could be manipulated by local users resulting in the
truncation of hard linked files; causing a Denial of Service attack on
the system.
</synopsis>
<product type="ebuild">Portage</product>
<announced>April 04, 2004</announced>
<revised>April 04, 2004: 01</revised>
<bug>21923</bug>
<access>local</access>
<affected>
<package name="sys-apps/portage" auto="yes" arch="*">
<unaffected range="ge">2.0.50-r3</unaffected>
<vulnerable range="lt">2.0.50-r3</vulnerable>
</package>
</affected>
<background>
<p>
Portage is Gentoo's package management system which is responsible for
installing, compiling and updating any ebuilds on the system through the
Gentoo rsync tree. Under default configurations, most ebuilds run under a
sandbox which prevent the build process writing to the &quot;real&quot;
system outside the build directory - packages are installed into a
temporary location and then copied over safely by Portage instead. During
the process the sandbox wrapper creates lockfiles in the /tmp directory
which are vulnerable to a hard-link attack.
</p>
</background>
<description>
<p>
A flaw in Portage's sandbox wrapper has been found where the temporary
lockfiles are subject to a hard-link attack which allows linkable files to
be overwritten to an empty file. This can be used to damage critical files
on a system causing a Denial of Service, or alternatively this attack may
be used to cause other security risks; for example firewall configuration
data could be overwritten without notice.
</p>
<p>
The vulnerable sandbox functions have been patched to test for these new
conditions: namely; for the existance of a hard-link which would be removed
before the sandbox process would continue, for the existance of a
world-writable lockfile in which case the sandbox would also remove it, and
also for any mismatches in the UID ( anything but root ) and the GID (
anything but the group of the sandbox process ).
</p>
<p>
If the vulnerable files cannot be removed by the sandbox, then the sandbox
would exit with a fatal error warning the adminstrator of the issue. The
patched functions also fix any other sandbox I/O operations which do not
explicitly include the mentioned lockfile.
</p>
</description>
<impact type="normal">
<p>
Any user with write access to the /tmp directory can hard-link a file to
/tmp/sandboxpids.tmp - this file would eventually be replaced with an empty
one; effectively wiping out the file it was linked to as well with no prior
warning. This could be used to potentially disable a vital component of the
system and cause a path for other possible exploits.
</p>
<p>
This vulnerability only affects systems that have /tmp on the root
partition: since symbolic link attacks are filtered, /tmp has to be on the
same partition for an attack to take place.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Users should upgrade to Portage 2.0.50-r3 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=sys-apps/portage-2.0.50-r3"
# emerge ">=sys-apps/portage-2.0.50-r3"</code>
</resolution>
<references>
</references>
<metadata tag="submitter">plasmaroo</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-02.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-02">
<title>KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability</title>
<synopsis>
KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow
unauthorized access to an affected system.
</synopsis>
<product type="ebuild">kde-base/kde</product>
<announced>April 06, 2004</announced>
<revised>April 06, 2004: 01</revised>
<bug>38256</bug>
<access>remote</access>
<affected>
<package name="kde-base/kde" auto="yes" arch="*">
<unaffected range="ge">3.1.5</unaffected>
<vulnerable range="le">3.1.4</vulnerable>
</package>
</affected>
<background>
<p>
KDE-PIM is an application suite designed to manage mail, addresses,
appointments, and contacts.
</p>
</background>
<description>
<p>
A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously
crafted VCF file is opened by a user on a vulnerable system.
</p>
</description>
<impact type="high">
<p>
A remote attacker may unauthorized access to a user's personal data or
execute commands with the user's privileges.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
KDE users should upgrade to version 3.1.5 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=kde-base/kde-3.1.5"
# emerge ">=kde-base/kde-3.1.5"</code>
</resolution>
<references>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988">CAN-2003-0988</uri>
</references>
<metadata tag="submitter">aescriva</metadata>
</glsa>

70
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-03.xml vendored Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-03">
<title>Tcpdump Vulnerabilities in ISAKMP Parsing</title>
<synopsis>
There are multiple vulnerabilities in tcpdump and libpcap related to
parsing of ISAKMP packets.
</synopsis>
<product type="ebuild">tcpdump</product>
<announced>March 31, 2004</announced>
<revised>March 31, 2004: 01</revised>
<bug>38206</bug>
<bug>46258</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/tcpdump" auto="yes" arch="*">
<unaffected range="ge">3.8.3-r1</unaffected>
<vulnerable range="le">3.8.1</vulnerable>
</package>
<package name="net-libs/libpcap" auto="yes" arch="*">
<unaffected range="ge">0.8.3-r1</unaffected>
<vulnerable range="le">0.8.1-r1</vulnerable>
</package>
</affected>
<background>
<p>
Tcpdump is a program for monitoring IP network traffic. Libpcap is a
supporting library which is responsibile for capturing packets off a network
interface.
</p>
</background>
<description>
<p>
There are two specific vulnerabilities in tcpdump, outlined in [ reference
1 ]. In the first scenario, an attacker may send a specially-crafted ISAKMP
Delete packet which causes tcpdump to read past the end of its buffer. In
the second scenario, an attacker may send an ISAKMP packet with the wrong
payload length, again causing tcpdump to read past the end of a buffer.
</p>
</description>
<impact type="high">
<p>
Remote attackers could potentially cause tcpdump to crash or execute
arbitrary code as the 'pcap' user.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All tcpdump users are encouraged
to upgrade to the latest available version.
</p>
</workaround>
<resolution>
<p>
All tcpdump users should upgrade to the latest available version.
ADDITIONALLY, the net-libs/libpcap package should be upgraded.
</p>
<code>
# emerge sync
# emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
# emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"</code>
</resolution>
<references>
<uri link="http://www.rapid7.com/advisories/R7-0017.html">Rapid7 Advisory</uri>
<uri link="http://rhn.redhat.com/errata/RHSA-2004-008.html">Red Hat Security Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989">CVE Advisory</uri>
</references>
</glsa>

66
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-04.xml vendored Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-04">
<title>Multiple vulnerabilities in sysstat</title>
<synopsis>
Multiple vulnerabilities in the way sysstat handles symlinks may allow an
attacker to execute arbitrary code or overwrite arbitrary files
</synopsis>
<product type="ebuild">sysstat</product>
<announced>April 06, 2004</announced>
<revised>April 06, 2004: 01</revised>
<bug>45159</bug>
<access>local</access>
<affected>
<package name="app-admin/sysstat" auto="yes" arch="x86 ppc sparc amd64">
<unaffected range="ge">5.0.2</unaffected>
<vulnerable range="lt">5.0.2</vulnerable>
</package>
</affected>
<background>
<p>
sysstat is a package containing a number of performance monitoring
utilities for Linux, including sar, mpstat, iostat and sa tools
</p>
</background>
<description>
<p>
There are two vulnerabilities in the way sysstat handles symlinks:
</p>
<ol>
<li>The isag utility, which displays sysstat data in a graphical format,
creates a temporary file in an insecure manner.</li>
<li>Two scripts in the sysstat package, post and trigger, create temporary
files in an insecure manner.</li>
</ol>
</description>
<impact type="normal">
<p>
Both vulnerabilities may allow an attacker to overwrite arbitrary files
under the permissions of the user executing any of the affected
utilities.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Systat users should upgrade to version 4.2 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=app-admin/sysstat-5.0.2"
# emerge ">=app-admin/sysstat-5.0.2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0107">CVE (1)</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108">CVE (2)</uri>
</references>
<metadata tag="submitter">klieber</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-05.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-05">
<title>ipsec-tools contains an X.509 certificates vulnerability.</title>
<synopsis>
ipsec-tools contains a vulnerability that affects connections authenticated
with X.509 certificates.
</synopsis>
<product type="ebuild">ipsec-tools</product>
<announced>April 07, 2004</announced>
<revised>April 07, 2004: 01</revised>
<bug>47013</bug>
<access>remote</access>
<affected>
<package name="net-firewall/ipsec-tools" auto="yes" arch="amd64">
<unaffected range="ge">0.2.5</unaffected>
<vulnerable range="le">0.2.4</vulnerable>
</package>
</affected>
<background>
<p>
From http://ipsec-tools.sourceforge.net/ :
</p>
<p>
&quot;IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6
IPsec implementation.&quot;
</p>
</background>
<description>
<p>
<i>racoon</i> (a utility in the ipsec-tools package) does not verify digital
signatures on Phase1 packets. This means that anybody holding the correct
X.509 certificate would be able to establish a connection, even if they did
not have the corresponding private key.
</p>
</description>
<impact type="high">
<p>
Since digital signatures are not verified by the <i>racoon</i> tool, an attacker may
be able to connect to the VPN gateway and/or execute a man-in-the-middle attack.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
ipsec-tools users should upgrade to version 0.2.5 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=net-firewall/ipsec-tools-0.2.5"
# emerge ">=net-firewall/ipsec-tools-0.2.5"</code>
</resolution>
<references>
</references>
<metadata tag="submitter">klieber</metadata>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-06.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-06">
<title>Util-linux login may leak sensitive data</title>
<synopsis>
The login program included in util-linux could leak sensitive information
under certain conditions.
</synopsis>
<product type="ebuild"> </product>
<announced>April 07, 2004</announced>
<revised>April 07, 2004: 01</revised>
<bug>46422</bug>
<access>remote</access>
<affected>
<package name="sys-apps/util-linux" auto="yes" arch="*">
<unaffected range="ge">2.12</unaffected>
<vulnerable range="le">2.11</vulnerable>
</package>
</affected>
<background>
<p>
Util-linux is a suite of essential system utilites, including login,
agetty, fdisk.
</p>
</background>
<description>
<p>
In some situations the login program could leak sensitive data due to an
incorrect usage of a reallocated pointer.
</p>
<p>
<b>NOTE:</b> Only users who have PAM support <b>disabled</b> on their
systems (i.e. <i>-PAM</i> in their USE variable) will be affected by this
vulnerability. By default, this USE flag is <b>enabled</b> on all
architectures. Users with PAM support on their system receive login binaries
as part of the pam-login package, which remains unaffected.
</p>
</description>
<impact type="low">
<p>
A remote attacker may obtain sensitive data.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
All util-linux users should upgrade to version 2.12 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=sys-apps/util-linux-2.12"
# emerge ">=sys-apps/util-linux-2.12"
</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080">CAN-2004-0080</uri>
</references>
<metadata tag="submitter">lcars</metadata>
</glsa>

71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-07.xml vendored Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-07">
<title>ClamAV RAR Archive Remote Denial Of Service Vulnerability</title>
<synopsis>
ClamAV is vulnerable to a denial of service attack when processing certain
RAR archives.
</synopsis>
<product type="ebuild">clamav</product>
<announced>April 07, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>45357</bug>
<access>remote</access>
<affected>
<package name="app-antivirus/clamav" auto="yes" arch="*">
<unaffected range="ge">0.68.1</unaffected>
<vulnerable range="le">0.68</vulnerable>
</package>
</affected>
<background>
<p>
From <uri link="http://www.clamav.net/">http://www.clamav.net/</uri> :
</p>
<p>
"Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose
of this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multi-threaded
daemon, a command line scanner, and a tool for automatic updating via
Internet. The programs are based on a shared library distributed with
the Clam AntiVirus package, which you can use with your own software.
Most importantly, the virus database is kept up to date."
</p>
</background>
<description>
<p>
Certain types of RAR archives, including those created by variants of
the W32.Beagle.A@mm worm, may cause clamav to crash when it attempts to
process them.
</p>
</description>
<impact type="normal">
<p>
This vulnerability causes a Denial of Service in the clamav process.
Depending on configuration, this may cause dependent services such as
mail to fail as well.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
ClamAV users should upgrade to version 0.68.1 or later:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-antivirus/clamav-0.68.1&quot;
# emerge &quot;&gt;=app-antivirus/clamav-0.68.1&quot;</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1909">CVE-2004-1909</uri>
</references>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

66
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-08.xml vendored Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-08">
<title>GNU Automake symbolic link vulnerability</title>
<synopsis>
Automake may be vulnerable to a symbolic link attack which may allow an
attacker to modify data or elevate their privileges.
</synopsis>
<product type="ebuild">automake</product>
<announced>April 08, 2004</announced>
<revised>January 31, 2005: 05</revised>
<bug>45646</bug>
<access>local</access>
<affected>
<package name="sys-devel/automake" auto="yes" arch="*">
<unaffected range="ge">1.8.5-r3</unaffected>
<unaffected range="rge">1.7.9-r1</unaffected>
<unaffected range="lt">1.7</unaffected>
<vulnerable range="le">1.8.5-r2</vulnerable>
</package>
</affected>
<background>
<p>
Automake is a tool for automatically generating `Makefile.in' files
which is often used in conjuction with Autoconf and other GNU Autotools
to ease portability among applications. It also provides a standardized
and light way of writing complex Makefiles through the use of many
built-in macros.
</p>
</background>
<description>
<p>
Automake may be vulnerable to a symbolic link attack which may allow an
attacker to modify data or escalate their privileges. This is due to
the insecure way Automake creates directories during compilation. An
attacker may be able to create symbolic links in the place of files
contained in the affected directories, which may potentially lead to
elevated privileges due to modification of data.
</p>
</description>
<impact type="normal">
<p>
An attacker may be able to use this vulnerability to modify data in an
unauthorized fashion or elevate their privileges.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Automake users should upgrade to the latest versions:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose sys-devel/automake</code>
</resolution>
<references/>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-09.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-09">
<title>Cross-realm trust vulnerability in Heimdal</title>
<synopsis>
Heimdal contains cross-realm vulnerability allowing someone with control
over a realm to impersonate anyone in the cross-realm trust path.
</synopsis>
<product type="ebuild">heimdal</product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 01</revised>
<bug>46590</bug>
<access>local</access>
<affected>
<package name="app-crypt/heimdal" auto="yes" arch="*">
<unaffected range="ge">0.6.1</unaffected>
<vulnerable range="le">0.6.0</vulnerable>
</package>
</affected>
<background>
<p>
Heimdal is a free implementation of Kerberos 5.
</p>
</background>
<description>
<p>
Heimdal does not properly perform certain consistency checks for
cross-realm requests, which allows remote attackers with control of a realm
to impersonate others in the cross-realm trust path.
</p>
</description>
<impact type="normal">
<p>
Remote attackers with control of a realm may be able to impersonate other
users in the cross-realm trust path.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Heimdal users should upgrade to version 0.6.1 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.1"
# emerge ">=app-crypt/heimdal-0.6.1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0371">CVE</uri>
</references>
<metadata tag="submitter">klieber</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-10.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-10">
<title>iproute local Denial of Service vulnerability</title>
<synopsis>
The iproute package allows local users to cause a denial of service.
</synopsis>
<product type="ebuild"></product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 01</revised>
<bug>34294</bug>
<access>local</access>
<affected>
<package name="sys-apps/iproute" auto="yes" arch="*">
<unaffected range="ge">20010824-r5</unaffected>
<vulnerable range="le">20010824-r4</vulnerable>
</package>
</affected>
<background>
<p>
iproute is a set of tools for managing linux network routing and advanced
features.
</p>
</background>
<description>
<p>
It has been reported that iproute can accept spoofed messages on the kernel
netlink interface from local users. This could lead to a local Denial of
Service condition.
</p>
</description>
<impact type="low">
<p>
Local users could cause a Denial of Service.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
All iproute users should upgrade to version 20010824-r5 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=sys-apps/iproute-20010824-r5";
# emerge ">=sys-apps/iproute-20010824-r5";
</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856">CAN-2003-0856</uri>
</references>
<metadata tag="submitter">
lcars
</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-11.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-11">
<title>Multiple Vulnerabilities in pwlib</title>
<synopsis>
Multiple vulnerabilities have been found in pwlib that may lead to a remote
denial of service or buffer overflow attack.
</synopsis>
<product type="ebuild">dev-libs/pwlib</product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 01</revised>
<bug>45846</bug>
<access>remote</access>
<affected>
<package name="dev-libs/pwlib" auto="yes" arch="*">
<unaffected range="ge">1.5.2-r3</unaffected>
<vulnerable range="le">1.5.2-r2</vulnerable>
</package>
</affected>
<background>
<p>
pwlib is a multi-platform library designed for OpenH323.
</p>
</background>
<description>
<p>
Multiple vulnerabilities have been found in the implimentation of protocol
H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of
ASN.1 elements which would allow an attacker to use a maliciously crafted
ASN.1 element to cause unpredictable behavior in pwlib.
</p>
</description>
<impact type="high">
<p>
An attacker may cause a denial of service condition or cause a buffer
overflow that would allow arbitrary code to be executed with root
privileges.
</p>
</impact>
<workaround>
<p>
Blocking ports 1719 and 1720 may reduce the likelihood of an attack. All
users are advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
All pwlib users are advised to upgrade to version 1.5.2-r3 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=dev-libs/pwlib-1.5.2-r3"
# emerge ">=dev-libs/pwlib-1.5.2-r3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097">CAN-2004-0097</uri>
<uri link="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">NISCC Vulnerability Advisory 006489/H323</uri>
</references>
<metadata tag="submitter">
aescriva
</metadata>
</glsa>

67
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-12.xml vendored Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-12">
<title>Scorched 3D server chat box format string vulnerability</title>
<synopsis>
Scorched 3D is vulnerable to a format string attack in the chat box that
leads to Denial of Service on the game server and possibly allows execution
of arbitrary code.
</synopsis>
<product type="ebuild">scorched3d</product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 08</revised>
<bug>39302</bug>
<access>remote</access>
<affected>
<package name="games-strategy/scorched3d" auto="yes" arch="*">
<unaffected range="ge">37</unaffected>
<vulnerable range="lt">37</vulnerable>
</package>
</affected>
<background>
<p>
Scorched 3D is a game based loosely on the classic DOS game &quot;Scorched
Earth&quot;. Scorched 3D adds amongst other new features a 3D island
environment and LAN and internet play. Scorched 3D is totally free and is
available for multiple operating systems.
</p>
</background>
<description>
<p>
Scorched 3D (build 36.2 and before) does not properly check the text
entered in the Chat box (T key). Using format string characters, you can
generate a heap overflow. This and several other unchecked buffers have
been corrected in the build 37 release.
</p>
</description>
<impact type="high">
<p>
This vulnerability can be easily exploited to remotely crash the Scorched
3D server, disconnecting all clients. It could also theorically be used to
execute arbitrary code on the server with the rights of the user running
the server.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Scorched 3D users should upgrade to version 37 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=games-strategy/scorched3d-37"
# emerge ">=games-strategy/scorched3d-37"</code>
</resolution>
<references>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-13.xml vendored Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-13">
<title>CVS Server and Client Vulnerabilities</title>
<synopsis>
There are two vulnerabilities in CVS; one in the server and one in the
client. These vulnerabilities allow the reading and writing of arbitrary
files on both client and server.
</synopsis>
<product type="ebuild">cvs</product>
<announced>April 14, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>47800</bug>
<access>remote</access>
<affected>
<package name="dev-util/cvs" auto="yes" arch="*">
<unaffected range="ge">1.11.15</unaffected>
<vulnerable range="le">1.11.14</vulnerable>
</package>
</affected>
<background>
<p>
CVS, which stands for Concurrent Versions System, is a client/server
application which tracks changes to sets of files. It allows multiple
users to work concurrently on files, and then merge their changes back
into the main tree (which can be on a remote system). It also allows
branching, or maintaining separate versions for files.
</p>
</background>
<description>
<p>
There are two vulnerabilities in CVS; one in the server and one in the
client. The server vulnerability allows a malicious client to request
the contents of any RCS file to which the server has permission, even
those not located under $CVSROOT. The client vulnerability allows a
malicious server to overwrite files on the client machine anywhere the
client has permissions.
</p>
</description>
<impact type="normal">
<p>
Arbitrary files may be read or written on CVS clients and servers by
anybody with access to the CVS tree.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are encouraged to
upgrade to the latest stable version of CVS.
</p>
</workaround>
<resolution>
<p>
All CVS users should upgrade to the latest stable version.
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-util/cvs-1.11.15&quot;
# emerge &quot;&gt;=dev-util/cvs-1.11.15&quot;</code>
</resolution>
<references>
<uri link="http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.92&amp;content-type=text/x-cvsweb-markup">CVS commit log</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0180">CVE-2004-0180</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0405">CVE-2004-0405</uri>
</references>
<metadata tag="submitter">
condordes
</metadata>
</glsa>

68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-14.xml vendored Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-14">
<title>Multiple format string vulnerabilities in cadaver</title>
<synopsis>
There are multiple format string vulnerabilities in the neon library used
in cadaver, possibly leading to execution of arbitrary code when connected
to a malicious server.
</synopsis>
<product type="ebuild">cadaver</product>
<announced>April 19, 2004</announced>
<revised>April 19, 2004: 01</revised>
<bug>47799</bug>
<access>remote </access>
<affected>
<package name="net-misc/cadaver" auto="yes" arch="*">
<unaffected range="ge">0.22.1</unaffected>
<vulnerable range="lt">0.22.1</vulnerable>
</package>
</affected>
<background>
<p>
According to <uri
link="http://www.webdav.org/cadaver">http://www.webdav.org/cadaver</uri>,
cadaver is a command-line WebDAV client for Unix. It supports file upload,
download, on-screen display, namespace operations (move/copy), collection
creation and deletion, and locking operations.
</p>
</background>
<description>
<p>
Cadaver code includes the neon library, which in versions 0.24.4 and
previous is vulnerable to multiple format string attacks. The latest
version of cadaver uses version 0.24.5 of the neon library, which makes it
immune to this vulnerability.
</p>
</description>
<impact type="normal">
<p>
When using cadaver to connect to an untrusted WebDAV server, this
vulnerability can allow a malicious remote server to execute arbitrary code
on the client with the rights of the user using cadaver.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
cadaver users should upgrade to version 0.22.1 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=net-misc/cadaver-0.22.1"
# emerge ">=net-misc/cadaver-0.22.1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-15.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-15">
<title>XChat 2.0.x SOCKS5 Vulnerability</title>
<synopsis>
XChat is vulnerable to a stack overflow that may allow a remote attacker to
run arbitrary code.
</synopsis>
<product type="ebuild">xchat</product>
<announced>April 19, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>46856</bug>
<access>remote</access>
<affected>
<package name="net-irc/xchat" auto="yes" arch="*">
<unaffected range="ge">2.0.8-r1</unaffected>
<vulnerable range="lt">2.0.8-r1</vulnerable>
</package>
</affected>
<background>
<p>
XChat is a multiplatform IRC client.
</p>
</background>
<description>
<p>
The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit.
Users would have to be using XChat through a SOCKS 5 server, enable
SOCKS 5 traversal which is disabled by default and also connect to an
attacker's custom proxy server.
</p>
</description>
<impact type="low">
<p>
This vulnerability may allow an attacker to run arbitrary code within
the context of the user ID of the XChat client.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are
advised to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
All XChat users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-irc/xchat-2.0.8-r1&quot;
# emerge &quot;&gt;=net-irc/xchat-2.0.8-r1&quot;</code>
<p>
Note that users of the gtk1 version of xchat (1.8.*) should upgrade to
xchat-1.8.11-r1:
</p>
<code>
# emerge sync
# emerge -pv &quot;=net-irc/xchat-1.8.11-r1&quot;
# emerge &quot;=net-irc/xchat-1.8.11-r1&quot;</code>
</resolution>
<references>
<uri link="http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html">XChat 2.0.x SOCKS5 Vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0409">CVE-2004-0409</uri>
</references>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-16.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-16">
<title>Multiple new security vulnerabilities in monit</title>
<synopsis>
Two new vulnerabilities have been found in the HTTP interface of monit,
possibly leading to denial of service or execution of arbitrary code.
</synopsis>
<product type="ebuild">monit</product>
<announced>April 19, 2004</announced>
<revised>April 19, 2004: 01</revised>
<bug>47631</bug>
<access>remote </access>
<affected>
<package name="app-admin/monit" auto="yes" arch="*">
<unaffected range="ge">4.2.1</unaffected>
<vulnerable range="le">4.2</vulnerable>
</package>
</affected>
<background>
<p>
Monit is a system administration utility that allows management and
monitoring of processes, files, directories and devices on a Unix system.
</p>
</background>
<description>
<p>
Monit has several vulnerabilities in its HTTP interface : a buffer overflow
vulnerability in the authentication handling code and a off-by-one error in
the POST method handling code.
</p>
</description>
<impact type="high">
<p>
An attacker may exploit the off-by-one error to crash the Monit daemon and
create a denial of service condition, or cause a buffer overflow that would
allow arbitrary code to be executed with root privileges.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Monit users should upgrade to version 4.2.1 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=app-admin/monit-4.2.1"
# emerge ">=app-admin/monit-4.2.1"</code>
</resolution>
<references>
<uri link="http://www.tildeslash.com/monit/secadv_20040305.txt">Monit security advisory 20040305</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

85
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-17.xml vendored Normal file
View File

@ -0,0 +1,85 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-17">
<title>ipsec-tools and iputils contain a remote DoS vulnerability</title>
<synopsis>
racoon, which is included in the ipsec-tools and iputils packages in
Portage, does not check the length of ISAKMP headers. Attackers may be able
to craft an ISAKMP header of sufficient length to consume all available
system resoources, causing a Denial of Service.
</synopsis>
<product type="ebuild">ipsec-utils</product>
<announced>April 24, 2004</announced>
<revised>April 24, 2004: 01</revised>
<bug>48847</bug>
<access>remote </access>
<affected>
<package name="net-firewall/ipsec-tools" auto="yes" arch="amd64">
<unaffected range="ge">0.3.1</unaffected>
<vulnerable range="lt">0.3.1</vulnerable>
</package>
<package name="net-misc/iputils" auto="yes" arch="ppc amd64 ppc64 s390">
<unaffected range="eq">021109-r3</unaffected>
<vulnerable range="eq">021109-r1</vulnerable>
</package>
</affected>
<background>
<p>
From <uri link="http://ipsec-tools.sourceforge.net/">http://ipsec-tools.sourceforge.n
et/</uri>
</p>
<p>
"IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec
implementation."
</p>
<p>
iputils is a collection of network monitoring tools, including racoon, ping
and ping6.
</p>
</background>
<description>
<p>
When racoon receives an ISAKMP header, it allocates memory based on the
length of the header field. Thus, an attacker may be able to cause a Denial
of Services by creating a header that is large enough to consume all
available system resources.
</p>
</description>
<impact type="normal">
<p>
This vulnerability may allow an attacker to remotely cause a Denial of
Service.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
ipsec-tools users should upgrade to version 0.2.5 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=net-firewall/ipsec-tools-0.3.1"
# emerge ">=net-firewall/ipsec-tools-0.3.1"</code>
<p>
iputils users should upgrade to version 021109-r3 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=net-misc/iputils-021109-r3"
# emerge ">=net-misc/iputils-021109-r3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403">CVE</uri>
</references>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-18.xml vendored Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-18">
<title>Multiple Vulnerabilities in ssmtp</title>
<synopsis>
There are multiple format string vulnerabilities in the SSMTP package,
which may allow an attacker to run arbitrary code with ssmtp's privileges
(potentially root).
</synopsis>
<product type="ebuild">ssmtp</product>
<announced>April 26, 2004</announced>
<revised>April 26, 2004: 01</revised>
<bug>47918</bug>
<bug>48435</bug>
<access>remote root </access>
<affected>
<package name="mail-mta/ssmtp" auto="yes" arch="*">
<unaffected range="ge">2.60.7</unaffected>
<vulnerable range="le">2.60.4-r2</vulnerable>
</package>
</affected>
<background>
<p>
SSMTP is a very simple mail transfer agent (MTA) that relays mail from the
local machine to another SMTP host. It is not designed to function as a
full mail server; its sole purpose is to relay mail.
</p>
</background>
<description>
<p>
There are two format string vulnerabilities inside the log_event() and
die() functions of ssmtp. Strings from outside ssmtp are passed to various
printf()-like functions from within log_event() and die() as format
strings. An attacker could cause a specially-crafted string to be passed to
these functions, and potentially cause ssmtp to execute arbitrary code.
</p>
</description>
<impact type="high">
<p>
If ssmtp connects to a malicious mail relay server, this vulnerability can
be used to execute code with the rights of the mail sender, including root.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of ssmtp.
</p>
</workaround>
<resolution>
<p>
All users are advised to upgrade to the latest available version of ssmtp.
</p>
<code>
# emerge sync
# emerge -pv ">=mail-mta/ssmtp-2.60.7"
# emerge ">=mail-mta/ssmtp-2.60.7"</code>
</resolution>
<references>
<uri link="http://secunia.com/advisories/11378/">Secunia Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0156">CVE Reference</uri>
<uri link="http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00084.html">Debian Advisory</uri>
</references>
<metadata tag="submitter">
condordes
</metadata>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-19.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-19">
<title>Buffer overflows and format string vulnerabilities in LCDproc</title>
<synopsis>
Multiple remote vulnerabilities have been found in the LCDd server,
allowing execution of arbitrary code with the rights of the LCDd user.
</synopsis>
<product type="ebuild">lcdproc</product>
<announced>April 27, 2004</announced>
<revised>April 27, 2004: 01</revised>
<bug>47340</bug>
<access>remote </access>
<affected>
<package name="app-misc/lcdproc" auto="yes" arch="*">
<unaffected range="ge">0.4.5</unaffected>
<vulnerable range="le">0.4.4-r1</vulnerable>
</package>
</affected>
<background>
<p>
LCDproc is a program that displays various bits of real-time system
information on an LCD. It makes use of a local server (LCDd) to collect
information to display on the LCD.
</p>
</background>
<description>
<p>
Due to insufficient checking of client-supplied data, the LCDd server is
susceptible to two buffer overflows and one string buffer vulnerability. If
the server is configured to listen on all network interfaces (see the Bind
parameter in LCDproc configuration), these vulnerabilities can be triggered
remotely.
</p>
</description>
<impact type="normal">
<p>
These vulnerabilities allow an attacker to execute code with the rights of
the user running the LCDproc server. By default, this is the "nobody" user.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
LCDproc users should upgrade to version 0.4.5 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=app-misc/lcdproc-0.4.5"
# emerge ">=app-misc/lcdproc-0.4.5"</code>
</resolution>
<references>
<uri link="http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html">LCDproc advisory</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

87
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-20.xml vendored Normal file
View File

@ -0,0 +1,87 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-20">
<title>Multiple vulnerabilities in xine</title>
<synopsis>
Several vulnerabilities have been found in xine-ui and xine-lib,
potentially allowing an attacker to overwrite files with the rights of the
user.
</synopsis>
<product type="ebuild">xine</product>
<announced>April 27, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>45448</bug>
<bug>48107</bug>
<bug>48108</bug>
<access>remote</access>
<affected>
<package name="media-video/xine-ui" auto="yes" arch="*">
<unaffected range="ge">0.9.23-r2</unaffected>
<vulnerable range="le">0.9.23-r1</vulnerable>
</package>
<package name="media-libs/xine-lib" auto="yes" arch="*">
<unaffected range="ge">1_rc3-r3</unaffected>
<vulnerable range="le">1_rc3-r2</vulnerable>
</package>
</affected>
<background>
<p>
xine is a multimedia player allowing to play back CDs, DVDs, and VCDs
and decoding multimedia files like AVI, MOV, WMV, and MP3 from local
disk drives, and displays multimedia streamed over the Internet. It is
available in Gentoo as a reusable library (xine-lib) with a standard
user interface (xine-ui).
</p>
</background>
<description>
<p>
Several vulnerabilities were found in xine-ui and xine-lib. By opening
a malicious MRL in any xine-lib based media player, an attacker can
write arbitrary content to an arbitrary file, only restricted by the
permissions of the user running the application. By opening a malicious
playlist in the xine-ui media player, an attacker can write arbitrary
content to an arbitrary file, only restricted by the permissions of the
user running xine-ui. Finally, a temporary file is created in an
insecure manner by the xine-check and xine-bugreport scripts,
potentially allowing a local attacker to use a symlink attack.
</p>
</description>
<impact type="normal">
<p>
These three vulnerabilities may alow an attacker to corrupt system
files, thus potentially leading to a Denial of Service. It is also
theoretically possible, though very unlikely, to use these
vulnerabilities to elevate the privileges of the attacker.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to
upgrade to the latest available versions of xine-ui and xine-lib.
</p>
</workaround>
<resolution>
<p>
All users of xine-ui or another xine-based player should upgrade to the
latest stable versions:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/xine-ui-0.9.23-r2&quot;
# emerge &quot;&gt;=media-video/xine-ui-0.9.23-r2&quot;
# emerge -pv &quot;&gt;=media-libs/xine-lib-1_rc3-r3&quot;
# emerge &quot;&gt;=media-libs/xine-lib-1_rc3-r3&quot;</code>
</resolution>
<references>
<uri link="http://xinehq.de/index.php/security">Xine Security Advisories</uri>
<uri link="http://nettwerked.mg2.org/advisories/xinebug">xine-bugreport and xine-check vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0372">CVE-2004-0372</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1951">CVE-2004-1951</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

97
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-21.xml vendored Normal file
View File

@ -0,0 +1,97 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-21">
<title>Multiple Vulnerabilities in Samba</title>
<synopsis>
There is a bug in smbfs which may allow local users to gain root via a
setuid file on a mounted Samba share. Also, there is a tmpfile symlink
vulnerability in the smbprint script distributed with Samba.
</synopsis>
<product type="ebuild">samba</product>
<announced>April 29, 2004</announced>
<revised>April 29, 2004: 01</revised>
<bug>41800</bug>
<bug>45965</bug>
<access>local </access>
<affected>
<package name="net-fs/samba" auto="yes" arch="*">
<unaffected range="ge">3.0.2a-r2</unaffected>
<vulnerable range="le">3.0.2a</vulnerable>
</package>
</affected>
<background>
<p>
Samba is a package which allows UNIX systems to act as file servers for
Windows computers. It also allows UNIX systems to mount shares exported by
a Samba/CIFS/Windows server. smbmount is a program in the Samba package
which allows normal users on a UNIX system to mount remote shares. smbprint
is an example script included in the Samba package which can be used to
facilitate network printing.
</p>
</background>
<description>
<p>
Two vulnerabilities have been discovered in Samba. The first vulnerability
allows a local user who has access to the smbmount command to gain root. An
attacker could place a setuid-root binary on a Samba share/server he or she
controls, and then use the smbmount command to mount the share on the
target UNIX box. The remote Samba server must support UNIX extensions for
this to work. This has been fixed in version 3.0.2a.
</p>
<p>
The second vulnerability is in the smbprint script. By creating a symlink
from /tmp/smbprint.log, an attacker could cause the smbprint script to
write to an arbitrary file on the system. This has been fixed in version
3.0.2a-r2.
</p>
</description>
<impact type="normal">
<p>
Local users with access to the smbmount command may gain root access. Also,
arbitrary files may be overwritten using the smbprint script.
</p>
</impact>
<workaround>
<p>
To workaround the setuid bug, remove the setuid bits from the
/usr/bin/smbmnt, /usr/bin/smbumount and /usr/bin/mount.cifs binaries.
However, please note that this workaround will prevent ordinary users from
mounting remote SMB and CIFS shares.
</p>
<p>
To work around the smbprint vulnerability, set "debug=no" in the smbprint
configuration.
</p>
</workaround>
<resolution>
<p>
All users should update to the latest version of the Samba package.
</p>
<p>
The following commands will perform the upgrade:
</p>
<code>
# emerge sync
# emerge -pv ">=net-fs/samba-3.0.2a-r2"
# emerge ">=net-fs/samba-3.0.2a-r2"</code>
<p>
Those who are using Samba's password database also need to run the
following command:
</p>
<code>
# pdbedit --force-initialized-passwords</code>
<p>
Those using LDAP for Samba passwords also need to check the sambaPwdLastSet
attribute on each account, and ensure it is not 0.
</p>
</resolution>
<references>
<uri link="http://www.securityfocus.com/archive/1/353222/2004-04-09/2004-04-15/1">BugTraq Thread: Samba 3.x + kernel 2.6.x local root vulnerability</uri>
<uri link="http://seclists.org/lists/bugtraq/2004/Mar/0189.html">BugTraq: smbprint Vulnerability</uri>
</references>
<metadata tag="submitter">
condordes
</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-01.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-01">
<title>Multiple format string vulnerabilities in neon 0.24.4 and earlier</title>
<synopsis>
There are multiple format string vulnerabilities in libneon which may allow
a malicious WebDAV server to execute arbitrary code.
</synopsis>
<product type="ebuild">neon</product>
<announced>May 09, 2004</announced>
<revised>May 09, 2004: 01</revised>
<bug>48448</bug>
<access>remote </access>
<affected>
<package name="net-misc/neon" auto="yes" arch="*">
<unaffected range="ge">0.24.5</unaffected>
<vulnerable range="le">0.24.4</vulnerable>
</package>
</affected>
<background>
<p>
neon provides an HTTP and WebDAV client library.
</p>
</background>
<description>
<p>
There are multiple format string vulnerabilities in libneon which may allow
a malicious WebDAV server to execute arbitrary code under the context of
the process using libneon.
</p>
</description>
<impact type="normal">
<p>
An attacker may be able to execute arbitrary code under the context of the
process using libneon.
</p>
</impact>
<workaround>
<p>
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
</p>
</workaround>
<resolution>
<p>
Neon users should upgrade to version 0.24.5 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=net-misc/neon-0.24.5"
# emerge ">=net-misc/neon-0.24.5"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CVE</uri>
</references>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

70
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-02.xml vendored Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-02">
<title>Multiple vulnerabilities in LHa</title>
<synopsis>
Two stack-based buffer overflows and two directory traversal problems have
been found in LHa. These vulnerabilities can be used to execute arbitrary
code or as a denial of service attack.
</synopsis>
<product type="ebuild">lha</product>
<announced>May 09, 2004</announced>
<revised>October 20, 2006: 02</revised>
<bug>49961</bug>
<access>remote </access>
<affected>
<package name="app-arch/lha" auto="yes" arch="*">
<unaffected range="rge">114i-r2</unaffected>
<vulnerable range="rle">114i-r1</vulnerable>
</package>
</affected>
<background>
<p>
LHa is a console-based program for packing and unpacking LHarc archives.
</p>
</background>
<description>
<p>
Ulf Harnhammar found two stack overflows and two directory traversal
vulnerabilities in LHa version 1.14 and 1.17. A stack overflow occurs when
testing or extracting archives containing long file or directory names.
Furthermore, LHa doesn't contain sufficient protection against relative or
absolute archive paths.
</p>
</description>
<impact type="high">
<p>
The stack overflows can be exploited to execute arbitrary code with the
rights of the user testing or extracting the archive. The directory
traversal vulnerabilities can be used to overwrite files in the filesystem
with the rights of the user extracting the archive, potentially leading to
denial of service or privilege escalation. Since LHa is often interfaced to
other software like an email virus scanner, this attack can be used
remotely.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of LHa.
</p>
</workaround>
<resolution>
<p>
All users of LHa should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=app-arch/lha-114i-r2"
# emerge ">=app-arch/lha-114i-r2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234">CAN-2004-0234</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235">CAN-2004-0235</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-03.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-03">
<title>ClamAV VirusEvent parameter vulnerability</title>
<synopsis>
With a specific configuration (using %f in the VirusEvent parameter), Clam
AntiVirus is vulnerable to an attack allowing execution of arbitrary
commands.
</synopsis>
<product type="ebuild">ClamAV</product>
<announced>May 11, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>46264</bug>
<access>remote</access>
<affected>
<package name="app-antivirus/clamav" auto="yes" arch="*">
<unaffected range="ge">0.70</unaffected>
<vulnerable range="lt">0.70</vulnerable>
</package>
</affected>
<background>
<p>
From <uri link="http://www.clamav.net/">http://www.clamav.net/</uri> :
</p>
<p>
"Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose
of this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multi-threaded
daemon, a command line scanner, and a tool for automatic updating via
Internet. The programs are based on a shared library distributed with
the Clam AntiVirus package, which you can use with your own software.
Most importantly, the virus database is kept up to date."
</p>
</background>
<description>
<p>
The VirusEvent parameter in the clamav.conf configuration file allows
to specify a system command to run whenever a virus is found. This
system command can make use of the "%f" parameter which is replaced by
the name of the file infected. The name of the file scanned is under
control of the attacker and is not sufficiently checked. Version 0.70
of clamav disables the use of the "%f" parameter.
</p>
</description>
<impact type="high">
<p>
Sending a virus with a malicious file name can result in execution of
arbirary system commands with the rights of the antivirus process.
Since clamav is often associated to mail servers for email scanning,
this attack can be used remotely.
</p>
</impact>
<workaround>
<p>
You should not use the "%f" parameter in your VirusEvent configuration.
</p>
</workaround>
<resolution>
<p>
All users of Clam AntiVirus should upgrade to the latest stable
version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-antivirus/clamav-0.70&quot;
# emerge &quot;&gt;=app-antivirus/clamav-0.70&quot;</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1876">CVE-2004-1876</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

121
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-04.xml vendored Normal file
View File

@ -0,0 +1,121 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-04">
<title>OpenOffice.org vulnerability when using DAV servers</title>
<synopsis>
Several format string vulnerabilities are present in the Neon library
included in OpenOffice.org, allowing remote execution of arbitrary code
when connected to an untrusted WebDAV server.
</synopsis>
<product type="ebuild">openoffice</product>
<announced>May 11, 2004</announced>
<revised>October 27, 2004: 02</revised>
<bug>47926</bug>
<access>remote</access>
<affected>
<package name="app-office/openoffice" auto="yes" arch="x86">
<unaffected range="ge">1.1.1-r1</unaffected>
<vulnerable range="le">1.1.1</vulnerable>
</package>
<package name="app-office/openoffice" auto="yes" arch="ppc">
<unaffected range="ge">1.0.3-r2</unaffected>
<vulnerable range="le">1.0.3-r1</vulnerable>
</package>
<package name="app-office/openoffice" auto="yes" arch="sparc">
<unaffected range="ge">1.1.0-r4</unaffected>
<vulnerable range="le">1.1.0-r3</vulnerable>
</package>
<package name="app-office/openoffice-ximian" auto="yes" arch="*">
<unaffected range="ge">1.1.51-r1</unaffected>
<vulnerable range="le">1.1.51</vulnerable>
</package>
<package name="app-office/openoffice-bin" auto="yes" arch="*">
<unaffected range="ge">1.1.2</unaffected>
<vulnerable range="lt">1.1.2</vulnerable>
</package>
<package name="app-office/openoffice-ximian-bin" auto="no" arch="*">
<vulnerable range="le">1.1.52</vulnerable>
</package>
</affected>
<background>
<p>
OpenOffice.org is an office productivity suite, including word processing,
spreadsheets, presentations, drawings, data charting, formula editing, and
file conversion facilities.
</p>
</background>
<description>
<p>
OpenOffice.org includes code from the Neon library in functions related to
publication on WebDAV servers. This library is vulnerable to several format
string attacks.
</p>
</description>
<impact type="high">
<p>
If you use the WebDAV publication and connect to a malicious WebDAV server,
this server can exploit these vulnerabilities to execute arbitrary code
with the rights of the user running OpenOffice.org.
</p>
</impact>
<workaround>
<p>
As a workaround, you should not use the WebDAV publication facilities.
</p>
</workaround>
<resolution>
<p>
There is no Ximian OpenOffice.org binary version including the fix yet. All
users of the openoffice-ximian-bin package making use of the WebDAV
openoffice-ximian source-based package.
</p>
<p>
openoffice users on the x86 architecture should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.1-r1"
# emerge ">=app-office/openoffice-1.1.1-r1"</code>
<p>
openoffice users on the sparc architecture should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.0-r3"
# emerge ">=app-office/openoffice-1.1.0-r3"</code>
<p>
openoffice users on the ppc architecture should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-1.0.3-r1"
# emerge ">=app-office/openoffice-1.0.3-r1"</code>
<p>
openoffice-ximian users should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1"
# emerge ">=app-office/openoffice-ximian-1.1.51-r1"</code>
<p>
openoffice-bin users should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-bin-1.1.2"
# emerge ">=app-office/openoffice-bin-1.1.2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
<uri link="/security/en/glsa/glsa-200405-01.xml">Neon vulnerabilities (GLSA 200405-01)</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-05.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-05">
<title>Utempter symlink vulnerability</title>
<synopsis>
Utempter contains a vulnerability that may allow local users to overwrite
arbitrary files via a symlink attack.
</synopsis>
<product type="ebuild">utempter</product>
<announced>May 13, 2004</announced>
<revised>May 13, 2004: 01</revised>
<bug>49536</bug>
<access>local </access>
<affected>
<package name="sys-apps/utempter" auto="yes" arch="*">
<unaffected range="ge">0.5.5.4</unaffected>
<vulnerable range="lt">0.5.5.4</vulnerable>
</package>
</affected>
<background>
<p>
Utempter is an application that allows non-privileged apps to write utmp
(login) info, which otherwise needs root access.
</p>
</background>
<description>
<p>
Utempter contains a vulnerability that may allow local users to overwrite
arbitrary files via a symlink attack.
</p>
</description>
<impact type="normal">
<p>
This vulnerability may allow arbitrary files to be overwritten with root
privileges.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of utempter.
</p>
</workaround>
<resolution>
<p>
All users of utempter should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=sys-apps/utempter-0.5.5.4"
# emerge ">=sys-apps/utempter-0.5.5.4"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233">CAN-2004-0233</uri>
</references>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-06.xml vendored Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-06">
<title>libpng denial of service vulnerability</title>
<synopsis>
A bug in the libpng library can be abused to crash programs making use of
that library to decode PNG images.
</synopsis>
<product type="ebuild">libpng</product>
<announced>May 14, 2004</announced>
<revised>May 14, 2004: 01</revised>
<bug>49887</bug>
<access>remote </access>
<affected>
<package name="media-libs/libpng" auto="yes" arch="*">
<unaffected range="ge">1.2.5-r5</unaffected>
<vulnerable range="le">1.2.5-r4</vulnerable>
</package>
</affected>
<background>
<p>
libpng is a standard library used to process PNG (Portable Network
Graphics) images.
</p>
</background>
<description>
<p>
libpng provides two functions (png_chunk_error and png_chunk_warning) for
default error and warning messages handling. These functions do not perform
proper bounds checking on the provided message, which is limited to 64
bytes. Programs linked against this library may crash when handling a
malicious PNG image.
</p>
</description>
<impact type="normal">
<p>
This vulnerability could be used to crash various programs using the libpng
library, potentially resulting in a denial of service attack on vulnerable
daemon processes.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of libpng.
</p>
</workaround>
<resolution>
<p>
All users of libpng should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=media-libs/libpng-1.2.5-r5"
# emerge ">=media-libs/libpng-1.2.5-r5"</code>
<p>
You should also run revdep-rebuild to rebuild any packages that depend on
older versions of libpng :
</p>
<code>
# revdep-rebuild</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421">CAN-2004-0421</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-07.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-07">
<title>Exim verify=header_syntax buffer overflow</title>
<synopsis>
When the verify=header_syntax option is set, there is a buffer overflow in
Exim that allows remote execution of arbitrary code.
</synopsis>
<product type="ebuild">Exim</product>
<announced>May 14, 2004</announced>
<revised>May 14, 2004: 01</revised>
<bug>50217</bug>
<access>remote </access>
<affected>
<package name="mail-mta/exim" auto="yes" arch="*">
<unaffected range="ge">4.33-r1</unaffected>
<vulnerable range="le">4.33</vulnerable>
</package>
</affected>
<background>
<p>
Exim is an highly configurable message transfer agent (MTA) developed at
the University of Cambridge.
</p>
</background>
<description>
<p>
When the option "verify = header_syntax" is used in an ACL in the
configuration file, Exim is vulnerable to a buffer overflow attack that can
be triggered remotely by sending malicious headers in an email message.
Note that this option is not enabled in Exim's default configuration file.
</p>
</description>
<impact type="high">
<p>
This vulnerability can be exploited to trigger a denial of service attack
and potentially execute arbitrary code with the rights of the user used by
the Exim daemon (by default this is the "mail" user in Gentoo Linux).
</p>
</impact>
<workaround>
<p>
Make sure the verify=header_syntax option is not used in your exim.conf
file.
</p>
</workaround>
<resolution>
<p>
All users of Exim should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=mail-mta/exim-4.33-r1"
# emerge ">=mail-mta/exim-4.33-r1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0400">CAN-2004-0400</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-08.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-08">
<title>Pound format string vulnerability</title>
<synopsis>
There is a format string flaw in Pound, allowing remote execution of
arbitrary code with the rights of the Pound process.
</synopsis>
<product type="ebuild">pound</product>
<announced>May 18, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>50421</bug>
<access>remote</access>
<affected>
<package name="www-servers/pound" auto="yes" arch="*">
<unaffected range="ge">1.6</unaffected>
<vulnerable range="le">1.5</vulnerable>
</package>
</affected>
<background>
<p>
Pound is a reverse proxy, load balancer and HTTPS front-end. It allows
to distribute the load on several web servers and offers a SSL wrapper
for web servers that do not support SSL directly.
</p>
</background>
<description>
<p>
A format string flaw in the processing of syslog messages was
discovered and corrected in Pound.
</p>
</description>
<impact type="high">
<p>
This flaw may allow remote execution of arbitrary code with the rights
of the Pound daemon process. By default, Gentoo uses the "nobody" user
to run the Pound daemon.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to
upgrade to the latest available version of Pound.
</p>
</workaround>
<resolution>
<p>
All users of Pound should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-servers/pound-1.6&quot;
# emerge &quot;&gt;=www-servers/pound-1.6&quot;</code>
</resolution>
<references>
<uri link="http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000">Pound announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2026">CVE-2004-2026</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-09.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-09">
<title>ProFTPD Access Control List bypass vulnerability</title>
<synopsis>
Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based
Access Control Lists (ACLs) to be treated as &quot;AllowAll&quot;, thereby
allowing remote users full access to files available to the FTP daemon.
</synopsis>
<product type="ebuild">proftpd</product>
<announced>May 19, 2004</announced>
<revised>May 19, 2004: 01</revised>
<bug>49496</bug>
<access>remote </access>
<affected>
<package name="net-ftp/proftpd" auto="yes" arch="*">
<unaffected range="ge">1.2.9-r2</unaffected>
<vulnerable range="eq">1.2.9-r1</vulnerable>
<vulnerable range="eq">1.2.9</vulnerable>
</package>
</affected>
<background>
<p>
ProFTPD is an FTP daemon.
</p>
</background>
<description>
<p>
ProFTPD 1.2.9 introduced a vulnerability that allows CIDR-based ACLs (such
as 10.0.0.1/24) to be bypassed. The CIDR ACLs are disregarded, with the net
effect being similar to an "AllowAll" directive.
</p>
</description>
<impact type="high">
<p>
This vulnerability may allow unauthorized files, including critical system
files to be downloaded and/or modified, thereby allowing a potential remote
compromise of the server.
</p>
</impact>
<workaround>
<p>
Users may work around the problem by avoiding use of CIDR-based ACLs.
</p>
</workaround>
<resolution>
<p>
ProFTPD users are encouraged to upgrade to the latest version of the
package:
</p>
<code>
# emerge sync
# emerge -pv ">=net-ftp/proftpd-1.2.9-r2"
# emerge ">=net-ftp/proftpd-1.2.9-r2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0432">CAN-2004-0432</uri>
</references>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-10.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-10">
<title>Icecast denial of service vulnerability</title>
<synopsis>
Icecast is vulnerable to a denial of service attack allowing remote users
to crash the application.
</synopsis>
<product type="ebuild">icecast</product>
<announced>May 19, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>50935</bug>
<access>remote</access>
<affected>
<package name="net-misc/icecast" auto="yes" arch="*">
<unaffected range="ge">2.0.1</unaffected>
<vulnerable range="le">2.0.0</vulnerable>
</package>
</affected>
<background>
<p>
Icecast is a program that streams audio data to listeners over the
Internet.
</p>
</background>
<description>
<p>
There is an out-of-bounds read error in the web interface of Icecast
when handling Basic Authorization requests. This vulnerability can
theorically be exploited by sending a specially crafted Authorization
header to the server.
</p>
</description>
<impact type="normal">
<p>
By exploiting this vulnerability, it is possible to crash the Icecast
server remotely, resulting in a denial of service attack.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to
upgrade to the latest available version of Icecast.
</p>
</workaround>
<resolution>
<p>
All users of Icecast should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-misc/icecast-2.0.1&quot;
# emerge &quot;&gt;=net-misc/icecast-2.0.1&quot;</code>
</resolution>
<references>
<uri link="http://www.xiph.org/archives/icecast/7144.html">Icecast 2.0.1 announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2027">CVE-2004-2027</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-11.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-11">
<title>KDE URI Handler Vulnerabilities</title>
<synopsis>
Vulnerabilities in KDE URI handlers makes your system vulnerable to various
attacks.
</synopsis>
<product type="ebuild">kdelibs</product>
<announced>May 19, 2004</announced>
<revised>May 19, 2004: 01</revised>
<bug>51276</bug>
<access>remote </access>
<affected>
<package name="kde-base/kdelibs" auto="yes" arch="*">
<unaffected range="ge">3.2.2-r1</unaffected>
<unaffected range="eq">3.1.5-r1</unaffected>
<vulnerable range="le">3.2.2</vulnerable>
</package>
</affected>
<background>
<p>
The K Desktop Environment (KDE) is a powerful Free Software graphical
desktop environment. KDE makes use of URI handlers to trigger various
programs when specific URLs are received.
</p>
</background>
<description>
<p>
The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-'
at the beginning of the hostname passed. By crafting a malicious URI and
entice an user to click on it, it is possible to pass an option to the
programs started by the handlers (typically telnet, kmail...).
</p>
</description>
<impact type="normal">
<p>
If the attacker controls the options passed to the URI handling programs,
it becomes possible for example to overwrite arbitrary files (possibly
leading to denial of service), to open kmail on an attacker-controlled
remote display or with an alternate configuration file (possibly leading to
control of the user account).
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to a corrected version of kdelibs.
</p>
</workaround>
<resolution>
<p>
Users of KDE 3.1 should upgrade to the corrected version of kdelibs:
</p>
<code>
# emerge sync
# emerge -pv "=kde-base/kdelibs-3.1.5-r1"
# emerge "=kde-base/kdelibs-3.1.5-r1"</code>
<p>
Users of KDE 3.2 should upgrade to the latest available version of kdelibs:
</p>
<code>
# emerge sync
# emerge -pv ">=kde-base/kdelibs-3.2.2-r1"
# emerge ">=kde-base/kdelibs-3.2.2-r1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411">CAN-2004-0411</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

66
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-12.xml vendored Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-12">
<title>CVS heap overflow vulnerability</title>
<synopsis>
CVS is subject to a heap overflow vulnerability allowing source repository
compromise.
</synopsis>
<product type="ebuild">cvs</product>
<announced>May 20, 2004</announced>
<revised>May 20, 2004: 01</revised>
<bug>51460</bug>
<access>remote </access>
<affected>
<package name="dev-util/cvs" auto="yes" arch="*">
<unaffected range="ge">1.11.16</unaffected>
<vulnerable range="le">1.11.15</vulnerable>
</package>
</affected>
<background>
<p>
CVS (Concurrent Versions System) is an open-source network-transparent
version control system. It contains both a client utility and a server.
</p>
</background>
<description>
<p>
Stefan Esser discovered a heap overflow in the CVS server, which can be
triggered by sending malicious "Entry" lines and manipulating the flags
related to that Entry. This vulnerability was proven to be exploitable.
</p>
</description>
<impact type="high">
<p>
A remote attacker can execute arbitrary code on the CVS server, with the
rights of the CVS server. By default, Gentoo uses the "cvs" user to run the
CVS server. In particular, this flaw allows a complete compromise of CVS
source repositories. If you're not running a server, then you are not
vulnerable.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of CVS.
</p>
</workaround>
<resolution>
<p>
All users running a CVS server should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.16"
# emerge ">=dev-util/cvs-1.11.16"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/072004.html">E-matters advisory 07/2004</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396">CAN-2004-0396</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-13.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-13">
<title>neon heap-based buffer overflow</title>
<synopsis>
A vulnerability potentially allowing remote execution of arbitrary code has
been discovered in the neon library.
</synopsis>
<product type="ebuild">neon</product>
<announced>May 20, 2004</announced>
<revised>May 20, 2004: 01</revised>
<bug>51490</bug>
<access>remote </access>
<affected>
<package name="net-misc/neon" auto="yes" arch="*">
<unaffected range="ge">0.24.6</unaffected>
<vulnerable range="le">0.24.5</vulnerable>
</package>
</affected>
<background>
<p>
neon provides an HTTP and WebDAV client library.
</p>
</background>
<description>
<p>
Stefan Esser discovered a vulnerability in the code of the neon library :
if a malicious date string is passed to the ne_rfc1036_parse() function, it
can trigger a string overflow into static heap variables.
</p>
</description>
<impact type="normal">
<p>
Depending on the application linked against libneon and when connected to a
malicious WebDAV server, this vulnerability could allow execution of
arbitrary code with the rights of the user running that application.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of neon.
</p>
</workaround>
<resolution>
<p>
All users of neon should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=net-misc/neon-0.24.6"
# emerge ">=net-misc/neon-0.24.6"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/062004.html">E-matters advisory 06/2004</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

74
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-14.xml vendored Normal file
View File

@ -0,0 +1,74 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-14">
<title>Buffer overflow in Subversion</title>
<synopsis>
There is a vulnerability in the Subversion date parsing code which may lead
to denial of service attacks, or execution of arbitrary code. Both the
client and server are vulnerable.
</synopsis>
<product type="ebuild">subversion</product>
<announced>May 20, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>51462</bug>
<access>remote</access>
<affected>
<package name="dev-util/subversion" auto="yes" arch="*">
<unaffected range="ge">1.0.3</unaffected>
<vulnerable range="le">1.0.2</vulnerable>
</package>
</affected>
<background>
<p>
Subversion is a version control system intended to eventually replace
CVS. Like CVS, it has an optional client-server architecture (where the
server can be an Apache server running mod_svn, or an ssh program as in
CVS's :ext: method). In addition to supporting the features found in
CVS, Subversion also provides support for moving and copying files and
directories.
</p>
</background>
<description>
<p>
All releases of Subversion prior to 1.0.3 have a vulnerability in the
date-parsing code. This vulnerability may allow denial of service or
arbitrary code execution as the Subversion user. Both the client and
server are vulnerable, and write access is NOT required to the server's
repository.
</p>
</description>
<impact type="normal">
<p>
All servers and clients are vulnerable. Specifically, clients that
allow other users to write to administrative files in a working copy
may be exploited. Additionally all servers (whether they are httpd/DAV
or svnserve) are vulnerable. Write access to the server is not
required; public read-only Subversion servers are also exploitable.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version.
</p>
</workaround>
<resolution>
<p>
All Subversion users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-util/subversion-1.0.3&quot;
# emerge &quot;&gt;=dev-util/subversion-1.0.3&quot;</code>
</resolution>
<references>
<uri link="http://subversion.tigris.org/servlets/ReadMsg?list=announce&amp;msgNo=125">Subversion Announcement</uri>
<uri link="http://security.e-matters.de/advisories/082004.html">E-Matters Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397">CVE-2004-0397</uri>
</references>
<metadata tag="submitter">
condordes
</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-15.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-15">
<title>cadaver heap-based buffer overflow</title>
<synopsis>
There is a heap-based buffer overflow vulnerability in the neon library
used in cadaver, possibly leading to execution of arbitrary code when
connected to a malicious server.
</synopsis>
<product type="ebuild">cadaver</product>
<announced>May 20, 2004</announced>
<revised>May 20, 2004: 01</revised>
<bug>51461</bug>
<access>remote </access>
<affected>
<package name="net-misc/cadaver" auto="yes" arch="*">
<unaffected range="ge">0.22.2</unaffected>
<vulnerable range="le">0.22.1</vulnerable>
</package>
</affected>
<background>
<p>
cadaver is a command-line WebDAV client.
</p>
</background>
<description>
<p>
Stefan Esser discovered a vulnerability in the code of the neon library
(see GLSA 200405-13). This library is also included in cadaver.
</p>
</description>
<impact type="normal">
<p>
When connected to a malicious WebDAV server, this vulnerability could allow
remote execution of arbitrary code with the rights of the user running
cadaver.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of cadaver.
</p>
</workaround>
<resolution>
<p>
All users of cadaver should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=net-misc/cadaver-0.22.2"
# emerge ">=net-misc/cadaver-0.22.2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
<uri link="/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

70
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-16.xml vendored Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-16">
<title>Multiple XSS Vulnerabilities in SquirrelMail</title>
<synopsis>
SquirrelMail is subject to several XSS and one SQL injection vulnerability.
</synopsis>
<product type="ebuild">SquirrelMail</product>
<announced>May 25, 2004</announced>
<revised>May 27, 2006: 04</revised>
<bug>49675</bug>
<access>remote</access>
<affected>
<package name="mail-client/squirrelmail" auto="yes" arch="*">
<unaffected range="ge">1.4.3_rc1</unaffected>
<vulnerable range="lt">1.4.3_rc1</vulnerable>
</package>
</affected>
<background>
<p>
SquirrelMail is a webmail package written in PHP. It supports IMAP and
SMTP, and can optionally be installed with SQL support.
</p>
</background>
<description>
<p>
Several unspecified cross-site scripting (XSS) vulnerabilities and a
well hidden SQL injection vulnerability were found. An XSS attack
allows an attacker to insert malicious code into a web-based
application. SquirrelMail does not check for code when parsing
variables received via the URL query string.
</p>
</description>
<impact type="normal">
<p>
One of the XSS vulnerabilities could be exploited by an attacker to
steal cookie-based authentication credentials from the user's browser.
The SQL injection issue could potentially be used by an attacker to run
arbitrary SQL commands inside the SquirrelMail database with privileges
of the SquirrelMail database user.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to
upgrade to version 1.4.3_rc1 or higher of SquirrelMail.
</p>
</workaround>
<resolution>
<p>
All SquirrelMail users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=mail-client/squirrelmail-1.4.3_rc1&quot;
# emerge &quot;&gt;=mail-client/squirrelmail-1.4.3_rc1&quot;</code>
</resolution>
<references>
<uri link="http://sourceforge.net/mailarchive/forum.php?thread_id=4199060&amp;forum_id=1988">SquirrelMail 1.4.3_rc1 release annoucement</uri>
<uri link="http://www.securityfocus.com/bid/10246/">Bugtraq security annoucement</uri>
<uri link="http://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0519">CVE-2004-0519</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0521">CVE-2004-0521</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-17.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-17">
<title>Multiple vulnerabilities in metamail</title>
<synopsis>
Several format string bugs and buffer overflows were discovered in
metamail, potentially allowing execution of arbitrary code remotely.
</synopsis>
<product type="ebuild">metamail</product>
<announced>May 21, 2004</announced>
<revised>May 21, 2004: 01</revised>
<bug>42133</bug>
<access>remote </access>
<affected>
<package name="net-mail/metamail" auto="yes" arch="*">
<unaffected range="ge">2.7.45.3</unaffected>
<vulnerable range="lt">2.7.45.3</vulnerable>
</package>
</affected>
<background>
<p>
Metamail is a program that decodes MIME encoded mail. It is therefore often
automatically called when an email is received or read.
</p>
</background>
<description>
<p>
Ulf Harnhammar found two format string bugs and two buffer overflow bugs in
Metamail.
</p>
</description>
<impact type="high">
<p>
A remote attacker could send a malicious email message and execute
arbitrary code with the rights of the process calling the Metamail program.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All users of Metamail should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=net-mail/metamail-2.7.45.3"
# emerge ">=net-mail/metamail-2.7.45.3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104">CAN-2004-0104</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105">CAN-2004-0105</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

66
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-18.xml vendored Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-18">
<title>Buffer Overflow in Firebird</title>
<synopsis>
A buffer overflow via environmental variables in Firebird may allow a local
user to manipulate or destroy local databases and trojan the Firebird
binaries.
</synopsis>
<product type="ebuild">firebird</product>
<announced>May 23, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>20837</bug>
<access>local</access>
<affected>
<package name="dev-db/firebird" auto="yes" arch="*">
<unaffected range="ge">1.5</unaffected>
<vulnerable range="lt">1.5</vulnerable>
</package>
</affected>
<background>
<p>
Firebird is an open source relational database that runs on Linux,
Windows, and various UNIX systems.
</p>
</background>
<description>
<p>
A buffer overflow exists in three Firebird binaries (gds_inet_server,
gds_lock_mgr, and gds_drop) that is exploitable by setting a large
value to the INTERBASE environment variable.
</p>
</description>
<impact type="high">
<p>
An attacker could control program execution, allowing privilege
escalation to the UID of Firebird, full access to Firebird databases,
and trojaning the Firebird binaries. An attacker could use this to
compromise other user or root accounts.
</p>
</impact>
<workaround>
<p>
There is no known workaround.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the latest version of Firebird:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-db/firebird-1.5&quot;
# emerge &quot;&gt;=dev-db/firebird-1.5&quot;</code>
</resolution>
<references>
<uri link="http://securityfocus.com/bid/7546/info/">Bugtraq Security Announcement</uri>
<uri link=" http://sourceforge.net/tracker/?group_id=9028&amp;atid=109028&amp;func=detail&amp;aid=739480">Sourceforge BugTracker Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0281">CVE-2003-0281</uri>
</references>
<metadata tag="submitter">
dmargoli
</metadata>
</glsa>

75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-19.xml vendored Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-19">
<title>Opera telnet URI handler file creation/truncation vulnerability</title>
<synopsis>
A vulnerability exists in Opera's telnet URI handler that may allow a
remote attacker to overwrite arbitrary files.
</synopsis>
<product type="ebuild">opera</product>
<announced>May 25, 2004</announced>
<revised>December 30, 2007: 03</revised>
<bug>50857</bug>
<access>remote</access>
<affected>
<package name="www-client/opera" auto="yes" arch="*">
<unaffected range="ge">7.50_beta1</unaffected>
<vulnerable range="lt">7.50_beta1</vulnerable>
</package>
</affected>
<background>
<p>
Opera is a multi-platform web browser.
</p>
</background>
<description>
<p>
The telnet URI handler in Opera does not check for leading '-'
characters in the host name. Consequently, a maliciously-crafted
telnet:// link may be able to pass options to the telnet program
itself. One example would be the following:
</p>
<p>
telnet://-nMyFile
</p>
<p>
If MyFile exists in the user's home directory and the user clicking on
the link has write permissions to it, the contents of the file will be
overwritten with the output of the telnet trace information. If MyFile
does not exist, the file will be created in the user's home directory.
</p>
</description>
<impact type="normal">
<p>
This exploit has two possible impacts. First, it may create new files
in the user's home directory. Second, and far more serious, it may
overwrite existing files that the user has write permissions to. An
attacker with some knowledge of a user's home directory might be able
to destroy important files stored within.
</p>
</impact>
<workaround>
<p>
Disable the telnet URI handler from within Opera.
</p>
</workaround>
<resolution>
<p>
All Opera users are encouraged to upgrade to the latest version of the
program:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-client/opera-7.50_beta1&quot;
# emerge &quot;&gt;=www-client/opera-7.50_beta1&quot;</code>
</resolution>
<references>
<uri link="http://www.idefense.com/application/poi/display?id=104&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Security Advisory 05.12.04</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0473">CVE-2004-0473</uri>
</references>
<metadata tag="submitter">
klieber
</metadata>
</glsa>

68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-20.xml vendored Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-20">
<title>Insecure Temporary File Creation In MySQL</title>
<synopsis>
Two MySQL utilities create temporary files with hardcoded paths, allowing
an attacker to use a symlink to trick MySQL into overwriting important
data.
</synopsis>
<product type="ebuild">MySQL</product>
<announced>May 25, 2004</announced>
<revised>May 25, 2004: 01</revised>
<bug>46242</bug>
<access>local </access>
<affected>
<package name="dev-db/mysql" auto="yes" arch="*">
<unaffected range="ge">4.0.18-r2</unaffected>
<vulnerable range="lt">4.0.18-r2</vulnerable>
</package>
</affected>
<background>
<p>
MySQL is a popular open-source multi-threaded, multi-user SQL database
server.
</p>
</background>
<description>
<p>
The MySQL bug reporting utility (mysqlbug) creates a temporary file to log
bug reports to. A malicious local user with write access to the /tmp
directory could create a symbolic link of the name mysqlbug-<i>N</i>
pointing to a protected file, such as /etc/passwd, such that when mysqlbug
creates the <i>N</i>th log file, it would end up overwriting the target
file. A similar vulnerability exists with the mysql_multi utility, which
creates a temporary file called mysql_multi.log.
</p>
</description>
<impact type="normal">
<p>
Since mysql_multi runs as root, a local attacker could use this to destroy
any other users' data or corrupt and destroy system files.
</p>
</impact>
<workaround>
<p>
One could modify both scripts to log to a directory that users do not have
write permission to, such as /var/log/mysql/.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the latest stable version of MySQL.
</p>
<code>
# emerge sync
# emerge -pv ">=dev-db/mysql-4.0.18-r2"
# emerge ">=dev-db/mysql-4.0.18-r2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381">CAN-2004-0381</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388">CAN-2004-0388</uri>
</references>
<metadata tag="submitter">
dmargoli
</metadata>
</glsa>

67
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-21.xml vendored Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-21">
<title>Midnight Commander: Multiple vulnerabilities</title>
<synopsis>
Multiple security issues have been discovered in Midnight Commander
including several buffer overflows and string format vulnerabilities.
</synopsis>
<product type="ebuild">MC</product>
<announced>May 26, 2004</announced>
<revised>May 26, 2004: 01</revised>
<bug>49990</bug>
<access>local </access>
<affected>
<package name="app-misc/mc" auto="yes" arch="*">
<unaffected range="ge">4.6.0-r7</unaffected>
<vulnerable range="le">4.6.0-r6</vulnerable>
</package>
</affected>
<background>
<p>
Midnight Commander is a visual console file manager.
</p>
</background>
<description>
<p>
Numerous security issues have been discovered in Midnight Commander,
including several buffer overflow vulnerabilities, multiple vulnerabilities
in the handling of temporary file and directory creation, and multiple
format string vulnerabilities.
</p>
</description>
<impact type="high">
<p>
The buffer overflows and format string vulnerabilities may allow attackers
to cause a denial of service or execute arbitrary code with permissions of
the user running MC. The insecure creation of temporary files and
directories could lead to a privilege escalation, including root
privileges, for a local attacker.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to version 4.6.0-r7 or higher of Midnight Commander.
</p>
</workaround>
<resolution>
<p>
All Midnight Commander users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=app-misc/mc-4.6.0-r7
# emerge ">=app-misc/mc-4.6.0-r7"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226">CAN-2004-0226</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231">CAN-2004-0231</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232">CAN-2004-0232</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

83
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-22.xml vendored Normal file
View File

@ -0,0 +1,83 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-22">
<title>Apache 1.3: Multiple vulnerabilities</title>
<synopsis>
Several security vulnerabilities have been fixed in the latest release of
Apache 1.3.
</synopsis>
<product type="ebuild">Apache</product>
<announced>May 26, 2004</announced>
<revised>December 30, 2007: 02</revised>
<bug>51815</bug>
<access>remote </access>
<affected>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="ge">1.3.31</unaffected>
<vulnerable range="lt">1.3.31</vulnerable>
</package>
</affected>
<background>
<p>
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems. The goal of this
project is to provide a secure, efficient and extensible server that
provides services in tune with the current HTTP standards.
</p>
</background>
<description>
<p>
On 64-bit big-endian platforms, mod_access does not properly parse
Allow/Deny rules using IP addresses without a netmask which could result in
failure to match certain IP addresses.
</p>
<p>
Terminal escape sequences are not filtered from error logs. This could be
used by an attacker to insert escape sequences into a terminal emulater
vulnerable to escape sequences.
</p>
<p>
mod_digest does not properly verify the nonce of a client response by using
a AuthNonce secret. This could permit an attacker to replay the response of
another website. This does not affect mod_auth_digest.
</p>
<p>
On certain platforms there is a starvation issue where listening sockets
fails to handle short-lived connection on a rarely-accessed listening
socket. This causes the child to hold the accept mutex and block out new
connections until another connection arrives on the same rarely-accessed
listening socket thus leading to a denial of service.
</p>
</description>
<impact type="normal">
<p>
These vulnerabilities could lead to attackers bypassing intended access
restrictions, denial of service, and possibly execution of arbitrary code.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the latest stable version of Apache 1.3.
</p>
<code>
# emerge sync
# emerge -pv ">=www-servers/apache-1.3.31"
# emerge ">=www-servers/apache-1.3.31"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993">CAN-2003-0993</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-23.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-23">
<title>Heimdal: Kerberos 4 buffer overflow in kadmin</title>
<synopsis>
A possible buffer overflow in the Kerberos 4 component of Heimdal has been
discovered.
</synopsis>
<product type="ebuild">Heimdal</product>
<announced>May 27, 2004</announced>
<revised>May 27, 2004: 01</revised>
<bug>50208</bug>
<access>remote </access>
<affected>
<package name="app-crypt/heimdal" auto="yes" arch="*">
<unaffected range="ge">0.6.2</unaffected>
<vulnerable range="lt">0.6.2</vulnerable>
</package>
</affected>
<background>
<p>
Heimdal is a free implementation of Kerberos.
</p>
</background>
<description>
<p>
A buffer overflow was discovered in kadmind, a server for administrative
access to the Kerberos database.
</p>
</description>
<impact type="high">
<p>
By sending a specially formatted message to kadmind, a remote attacker may
be able to crash kadmind causing a denial of service, or execute arbitrary
code with the permissions of the kadmind process.
</p>
</impact>
<workaround>
<p>
For a temporary workaround, providing you do not require Kerberos 4
support, you may turn off Kerberos 4 kadmin by running kadmind with the
--no-kerberos4 option.
</p>
</workaround>
<resolution>
<p>
All Heimdal users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.2"
# emerge ">=app-crypt/heimdal-0.6.2"</code>
</resolution>
<references>
<uri link="http://www.pdc.kth.se/heimdal/advisory/2004-05-06/">Heimdal 0.6.2 Release Notice</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0434">CAN-2004-0434</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

77
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-24.xml vendored Normal file
View File

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-24">
<title>MPlayer, xine-lib: vulnerabilities in RTSP stream handling</title>
<synopsis>
Multiple vulnerabilities, including remotely exploitable buffer overflows,
have been found in code common to MPlayer and the xine library.
</synopsis>
<product type="ebuild">mplayer</product>
<announced>May 28, 2004</announced>
<revised>May 28, 2004: 01</revised>
<bug>49387</bug>
<access>remote </access>
<affected>
<package name="media-video/mplayer" auto="yes" arch="*">
<unaffected range="ge">1.0_pre4</unaffected>
<unaffected range="le">0.92-r1</unaffected>
<vulnerable range="lt">1.0_pre4</vulnerable>
</package>
<package name="media-libs/xine-lib" auto="yes" arch="*">
<unaffected range="ge">1_rc4</unaffected>
<unaffected range="le">0.9.13-r3</unaffected>
<vulnerable range="lt">1_rc4</vulnerable>
</package>
</affected>
<background>
<p>
MPlayer is a movie player capable of handling multiple multimedia file
formats. xine-lib is a multimedia player library used by several graphical
user interfaces, including xine-ui. They both use the same code to handle
Real-Time Streaming Protocol (RTSP) streams from RealNetworks servers.
</p>
</background>
<description>
<p>
Multiple vulnerabilities have been found and fixed in the RTSP handling
code common to recent versions of these two packages. These vulnerabilities
include several remotely exploitable buffer overflows.
</p>
</description>
<impact type="high">
<p>
A remote attacker, posing as a RTSP stream server, can execute arbitrary
code with the rights of the user of the software playing the stream
(MPlayer or any player using xine-lib). Another attacker may entice a user
to use a maliciously crafted URL or playlist to achieve the same results.
</p>
</impact>
<workaround>
<p>
For MPlayer, there is no known workaround at this time. For xine-lib, you
can delete the xineplug_inp_rtsp.so file.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to non-vulnerable versions of MPlayer and
xine-lib:
</p>
<code>
# emerge sync
# emerge -pv ">=media-video/mplayer-1.0_pre4"
# emerge ">=media-video/mplayer-1.0_pre4"
# emerge -pv ">=media-libs/xine-lib-1_rc4"
# emerge ">=media-libs/xine-lib-1_rc4"</code>
</resolution>
<references>
<uri link="http://xinehq.de/index.php/security/XSA-2004-3">Xine security advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0433">CAN-2004-0433</uri>
</references>
<metadata tag="submitter">
koon
</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-25.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-25">
<title>tla: Multiple vulnerabilities in included libneon</title>
<synopsis>
tla includes a vulnerable version of the neon library.
</synopsis>
<product type="ebuild">tla</product>
<announced>May 30, 2004</announced>
<revised>June 02, 2004: 02</revised>
<bug>51586</bug>
<access>remote</access>
<affected>
<package name="dev-util/tla" auto="yes" arch="*">
<unaffected range="ge">1.2-r2</unaffected>
<vulnerable range="le">1.2-r1</vulnerable>
<vulnerable range="eq">1.2.1_pre1</vulnerable>
</package>
</affected>
<background>
<p>
GNU Arch (tla) is a revision control system suited for widely distributed
development.
</p>
</background>
<description>
<p>
Multiple format string vulnerabilities and a heap overflow vulnerability
were discovered in the code of the neon library (GLSA 200405-01 and
200405-13). Current versions of the tla package include their own version
of this library.
</p>
</description>
<impact type="normal">
<p>
When connected to a malicious WebDAV server, these vulnerabilities could
allow execution of arbitrary code with the rights of the user running tla.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All users of tla should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=dev-util/tla-1.2-r2"
# emerge ">=dev-util/tla-1.2-r2"</code>
</resolution>
<references>
<uri link="/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
<uri link="/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-01.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-01">
<title>Ethereal: Multiple security problems</title>
<synopsis>
Multiple vulnerabilities including one buffer overflow exist in Ethereal,
which may allow an attacker to run arbitrary code or crash the program.
</synopsis>
<product type="ebuild">Ethereal</product>
<announced>June 04, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>51022</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/ethereal" auto="yes" arch="*">
<unaffected range="ge">0.10.4</unaffected>
<vulnerable range="le">0.10.3</vulnerable>
</package>
</affected>
<background>
<p>
Ethereal is a feature rich network protocol analyzer.
</p>
</background>
<description>
<p>
There are multiple vulnerabilities in versions of Ethereal earlier than
0.10.4, including:
</p>
<ul>
<li>A buffer overflow in the MMSE dissector.</li>
<li>Under specific conditions a SIP packet could make Ethereal
crash.</li>
<li>The AIM dissector could throw an assertion, causing Ethereal to
crash.</li>
<li>The SPNEGO dissector could dereference a null pointer, causing a
crash.</li>
</ul>
</description>
<impact type="high">
<p>
An attacker could use these vulnerabilities to crash Ethereal or even
execute arbitrary code with the permissions of the user running
Ethereal, which could be the root user.
</p>
</impact>
<workaround>
<p>
For a temporary workaround you can disable all affected protocol
dissectors by selecting Analyze->Enabled Protocols... and deselecting
them from the list. However, it is strongly recommended to upgrade to
the latest stable release.
</p>
</workaround>
<resolution>
<p>
All Ethereal users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-analyzer/ethereal-0.10.4&quot;
# emerge &quot;&gt;=net-analyzer/ethereal-0.10.4&quot;</code>
</resolution>
<references>
<uri link="http://www.ethereal.com/appnotes/enpa-sa-00014.html">Ethereal enpa-sa-00014</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0504">CVE-2004-0504</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0505">CVE-2004-0505</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0506">CVE-2004-0506</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0507">CVE-2004-0507</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-02.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-02">
<title>tripwire: Format string vulnerability</title>
<synopsis>
A vulnerability allowing arbitrary code execution under certain
circumstances has been found.
</synopsis>
<product type="ebuild">tripwire</product>
<announced>June 04, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>52945</bug>
<access>local</access>
<affected>
<package name="app-admin/tripwire" auto="yes" arch="*">
<unaffected range="ge">2.3.1.2-r1</unaffected>
<vulnerable range="le">2.3.1.2</vulnerable>
</package>
</affected>
<background>
<p>
tripwire is an open source file integrity checker.
</p>
</background>
<description>
<p>
The code that generates email reports contains a format string
vulnerability in pipedmailmessage.cpp.
</p>
</description>
<impact type="high">
<p>
With a carefully crafted filename on a local filesystem an attacker
could cause execution of arbitrary code with permissions of the user
running tripwire, which could be the root user.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All tripwire users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-admin/tripwire-2.3.1.2-r1&quot;
# emerge &quot;&gt;=app-admin/tripwire-2.3.1.2-r1&quot;</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/archive/1/365036/2004-05-31/2004-06-06/0">Bugtraq Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0536">CVE-2004-0536</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-03.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-03">
<title>sitecopy: Multiple vulnerabilities in included libneon</title>
<synopsis>
sitecopy includes a vulnerable version of the neon library.
</synopsis>
<product type="ebuild">sitecopy</product>
<announced>June 05, 2004</announced>
<revised>August 15, 2004: 04</revised>
<bug>51585</bug>
<access>remote</access>
<affected>
<package name="net-misc/sitecopy" auto="yes" arch="*">
<unaffected range="ge">0.13.4-r2</unaffected>
<vulnerable range="le">0.13.4-r1</vulnerable>
</package>
</affected>
<background>
<p>
sitecopy easily maintains remote websites. It makes it simple to keep a
remote site synchronized with the local site with one command.
</p>
</background>
<description>
<p>
Multiple format string vulnerabilities and a heap overflow vulnerability
were discovered in the code of the neon library (GLSA 200405-01 and
200405-13). Current versions of the sitecopy package include their own
version of this library.
</p>
</description>
<impact type="normal">
<p>
When connected to a malicious WebDAV server, these vulnerabilities could
allow execution of arbitrary code with the rights of the user running
sitecopy.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of sitecopy.
</p>
</workaround>
<resolution>
<p>
All sitecopy users should upgrade to the latest version:
</p>
<code>
# emerge sync
# emerge -pv ">=net-misc/sitecopy-0.13.4-r2"
# emerge ">=net-misc/sitecopy-0.13.4-r2"</code>
</resolution>
<references>
<uri link="/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
<uri link="/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-04.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-04">
<title>Mailman: Member password disclosure vulnerability</title>
<synopsis>
Mailman contains a bug allowing 3rd parties to retrieve member passwords.
</synopsis>
<product type="ebuild">mailman</product>
<announced>June 09, 2004</announced>
<revised>June 09, 2004: 01</revised>
<bug>51671</bug>
<access>remote </access>
<affected>
<package name="net-mail/mailman" auto="yes" arch="*">
<unaffected range="ge">2.1.5</unaffected>
<vulnerable range="lt">2.1.5</vulnerable>
</package>
</affected>
<background>
<p>
Mailman is a python-based mailing list server with an extensive web
interface.
</p>
</background>
<description>
<p>
Mailman contains an unspecified vulnerability in the handling of request
emails.
</p>
</description>
<impact type="normal">
<p>
By sending a carefully crafted email request to the mailman server an
attacker could obtain member passwords.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All users of Mailman should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=net-mail/mailman-2.1.5"
# emerge ">=net-mail/mailman-2.1.5"</code>
</resolution>
<references>
<uri link="http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html">Mailman 2.1.5 Release Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412">CAN-2004-0412</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

80
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-05.xml vendored Normal file
View File

@ -0,0 +1,80 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-05">
<title>Apache: Buffer overflow in mod_ssl</title>
<synopsis>
A bug in mod_ssl may allow a remote attacker to execute remote code when
Apache is configured a certain way.
</synopsis>
<product type="ebuild">Apache</product>
<announced>June 09, 2004</announced>
<revised>December 30, 2007: 03</revised>
<bug>51368</bug>
<access>remote</access>
<affected>
<package name="net-www/mod_ssl" auto="yes" arch="*">
<unaffected range="ge">2.8.18</unaffected>
<vulnerable range="lt">2.8.18</vulnerable>
</package>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="lt">2.0</unaffected>
<unaffected range="ge">2.0.49-r3</unaffected>
<vulnerable range="le">2.0.49-r2</vulnerable>
</package>
</affected>
<background>
<p>
Apache is the most popular Web server on the Internet. mod_ssl provides
Secure Sockets Layer encryption and authentication to Apache 1.3. Apache 2
contains the functionality of mod_ssl.
</p>
</background>
<description>
<p>
A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead to a
remote buffer overflow on a server configured to use FakeBasicAuth that
will trust a client certificate with an issuing CA with a subject DN longer
than 6k.
</p>
</description>
<impact type="high">
<p>
Given the right server configuration, an attacker could cause a Denial of
Service or execute code as the user running Apache, usually
&quot;apache&quot;. It is thought to be impossible to exploit this to
execute code on the x86 platform, but the possibility for other platforms
is unknown. This does not preclude a DoS on x86 systems.
</p>
</impact>
<workaround>
<p>
A server should not be vulnerable if it is not configured to use
FakeBasicAuth and to trust a client CA with a long subject DN.
</p>
</workaround>
<resolution>
<p>
Apache 1.x users should upgrade to the latest version of mod_ssl:
</p>
<code>
# emerge sync
# emerge -pv ">=net-www/mod_ssl-2.8.18"
# emerge ">=net-www/mod_ssl-2.8.18"</code>
<p>
Apache 2.x users should upgrade to the latest version of Apache:
</p>
<code>
# emerge sync
# emerge -pv ">=www-servers/apache-2.0.49-r3"
# emerge ">=www-servers/apache-2.0.49-r3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</uri>
</references>
<metadata tag="submitter">
dmargoli
</metadata>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-06.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-06">
<title>CVS: additional DoS and arbitrary code execution vulnerabilities</title>
<synopsis>
Several serious new vulnerabilities have been found in CVS, which may allow
an attacker to remotely compromise a CVS server.
</synopsis>
<product type="ebuild">CVS</product>
<announced>June 10, 2004</announced>
<revised>June 10, 2004: 01</revised>
<bug>53408</bug>
<access>remote</access>
<affected>
<package name="dev-util/cvs" auto="yes" arch="*">
<unaffected range="ge">1.11.17</unaffected>
<vulnerable range="le">1.11.16-r1</vulnerable>
</package>
</affected>
<background>
<p>
CVS (Concurrent Versions System) is an open-source network-transparent
version control system. It contains both a client utility and a server.
</p>
</background>
<description>
<p>
A team audit of the CVS source code performed by Stefan Esser and Sebastian
Krahmer resulted in the discovery of several remotely exploitable
vulnerabilities including:
</p>
<ul>
<li>no-null-termination of &quot;Entry&quot; lines</li>
<li>error_prog_name &quot;double-free()&quot;</li>
<li>Argument integer overflow</li>
<li>serve_notify() out of bounds writes</li>
</ul>
</description>
<impact type="high">
<p>
An attacker could use these vulnerabilities to cause a Denial of Service or
execute arbitrary code with the permissions of the user running cvs.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of CVS.
</p>
</workaround>
<resolution>
<p>
All CVS users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.17"
# emerge ">=dev-util/cvs-1.11.17"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/092004.html">E-matters Advisory 09/2004</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414">CAN-2004-0414</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416">CAN-2004-0416</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417">CAN-2004-0417</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418">CAN-2004-0418</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

70
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-07.xml vendored Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-07">
<title>Subversion: Remote heap overflow</title>
<synopsis>
Subversion is vulnerable to a remote Denial of Service that may be
exploitable to execute arbitrary code on the server running svnserve.
</synopsis>
<product type="ebuild">dev-util/subversion</product>
<announced>June 10, 2004</announced>
<revised>June 10, 2004: 01</revised>
<access>remote</access>
<affected>
<package name="dev-util/subversion" auto="yes" arch="*">
<unaffected range="ge">1.0.4-r1</unaffected>
<vulnerable range="le">1.0.4</vulnerable>
</package>
</affected>
<background>
<p>
Subversion is a revision control system that aims to be a &quot;compelling
replacement for CVS&quot;. It enjoys wide use in the open source community.
svnserve allows access to Subversion repositories using URIs with the
svn://, svn+ssh://, and other tunelled svn+*:// protocols.
</p>
</background>
<description>
<p>
The svn protocol parser trusts the indicated length of a URI string sent by
a client. This allows a client to specify a very long string, thereby
causing svnserve to allocate enough memory to hold that string. This may
cause a Denial of Service. Alternately, given a string that causes an
integer overflow in the variable holding the string length, the server
might allocate less memory than required, allowing a heap overflow. This
heap overflow may then be exploitable, allowing remote code execution. The
attacker does not need read or write access to the Subversion repository
being served, since even un-authenticated users can send svn protocol
requests.
</p>
</description>
<impact type="high">
<p>
Ranges from remote Denial of Service to potential arbitrary code execution
with privileges of the svnserve process.
</p>
</impact>
<workaround>
<p>
Servers without svnserve running are not vulnerable. Disable svnserve and
use DAV for access instead.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the latest version of Subversion.
</p>
<code>
# emerge sync
# emerge -pv ">=dev-util/subversion-1.0.4-r1"
# emerge ">=dev-util/subversion-1.0.4-r1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0413">CAN-2004-0413</uri>
</references>
<metadata tag="submitter">
dmargoli
</metadata>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-08.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-08">
<title>Squirrelmail: Another XSS vulnerability</title>
<synopsis>
Squirrelmail fails to properly sanitize user input, which could lead to a
compromise of webmail accounts.
</synopsis>
<product type="ebuild">Squirrelmail</product>
<announced>June 15, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>52434</bug>
<access>remote</access>
<affected>
<package name="mail-client/squirrelmail" auto="yes" arch="*">
<unaffected range="ge">1.4.3</unaffected>
<vulnerable range="le">1.4.3_rc1-r1</vulnerable>
</package>
</affected>
<background>
<p>
SquirrelMail is a webmail package written in PHP. It supports IMAP and
SMTP, and can optionally be installed with SQL support.
</p>
</background>
<description>
<p>
A new cross-site scripting (XSS) vulnerability in
Squirrelmail-1.4.3_rc1 has been discovered. In functions/mime.php
Squirrelmail fails to properly sanitize user input.
</p>
</description>
<impact type="normal">
<p>
By enticing a user to read a specially crafted e-mail, an attacker can
execute arbitrary scripts running in the context of the victim's
browser. This could lead to a compromise of the user's webmail account,
cookie theft, etc.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All SquirrelMail users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=mail-client/squirrelmail-1.4.3&quot;
# emerge &quot;&gt;=mail-client/squirrelmail-1.4.3&quot;</code>
</resolution>
<references>
<uri link="http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt">RS-Labs Advisory</uri>
<uri link="http://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0520">CVE-2004-0520</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-09.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-09">
<title>Horde-Chora: Remote code execution</title>
<synopsis>
A vulnerability in Chora allows remote code execution and file upload.
</synopsis>
<product type="ebuild">www-apps/horde-chora</product>
<announced>June 15, 2004</announced>
<revised>December 30, 2007: 02</revised>
<bug>53800</bug>
<access>remote</access>
<affected>
<package name="www-apps/horde-chora" auto="yes" arch="*">
<unaffected range="ge">1.2.2</unaffected>
<vulnerable range="lt">1.2.2</vulnerable>
</package>
</affected>
<background>
<p>
Chora is a PHP-based SVN/CVS repository viewer by the HORDE project.
</p>
</background>
<description>
<p>
A vulnerability in the diff viewer of Chora allows an attacker to inject
shellcode. An attacker can exploit PHP's file upload functionality to
upload a malicious binary to a vulnerable server, chmod it as executable,
and run the file.
</p>
</description>
<impact type="high">
<p>
An attacker could remotely execute arbitrary binaries with the permissions
of the PHP script, conceivably allowing further exploitation of local
vulnerabilities and remote root access.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All users are advised to upgrade to the latest version of Chora:
</p>
<code>
# emerge sync
# emerge -pv ">=www-apps/horde-chora-1.2.2"
# emerge ">=www-apps/horde-chora-1.2.2"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/102004.html">e-matters Advisory</uri>
</references>
<metadata tag="submitter">
dmargoli
</metadata>
</glsa>

66
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-10.xml vendored Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-10">
<title>Gallery: Privilege escalation vulnerability</title>
<synopsis>
There is a vulnerability in the Gallery photo album software which may
allow an attacker to gain administrator privileges within Gallery.
</synopsis>
<product type="ebuild">gallery</product>
<announced>June 15, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>52798</bug>
<access>remote</access>
<affected>
<package name="www-apps/gallery" auto="yes" arch="*">
<unaffected range="ge">1.4.3_p2</unaffected>
<vulnerable range="le">1.4.3_p1</vulnerable>
</package>
</affected>
<background>
<p>
Gallery is a web application written in PHP which is used to organize
and publish photo albums. It allows multiple users to build and
maintain their own albums. It also supports the mirroring of images on
other servers.
</p>
</background>
<description>
<p>
There is a vulnerability in the Gallery photo album software which may
allow an attacker to gain administrator privileges within Gallery. A
Gallery administrator has full access to all albums and photos on the
server, thus attackers may add or delete photos at will.
</p>
</description>
<impact type="normal">
<p>
Attackers may gain full access to all Gallery albums. There is no risk
to the webserver itself, or the server on which it runs.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version.
</p>
</workaround>
<resolution>
<p>
All users should upgrade to the latest available version of Gallery.
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-apps/gallery-1.4.3_p2&quot;
# emerge &quot;&gt;=www-apps/gallery-1.4.3_p2&quot;</code>
</resolution>
<references>
<uri link="http://gallery.menalto.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=123&amp;mode=thread&amp;order=0&amp;thold=0">Gallery Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0522">CVE-2004-0522</uri>
</references>
<metadata tag="submitter">
condordes
</metadata>
</glsa>

62
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-11.xml vendored Normal file
View File

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-11">
<title>Horde-IMP: Input validation vulnerability</title>
<synopsis>
An input validation vulnerability has been discovered in Horde-IMP.
</synopsis>
<product type="ebuild">horde-imp</product>
<announced>June 16, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>53862</bug>
<access>remote</access>
<affected>
<package name="www-apps/horde-imp" auto="yes" arch="*">
<unaffected range="ge">3.2.4</unaffected>
<vulnerable range="le">3.2.3</vulnerable>
</package>
</affected>
<background>
<p>
Horde-IMP is the Internet Messaging Program. It is written in PHP and
provides webmail access to IMAP and POP3 accounts.
</p>
</background>
<description>
<p>
Horde-IMP fails to properly sanitize email messages that contain
malicious HTML or script code.
</p>
</description>
<impact type="normal">
<p>
By enticing a user to read a specially crafted e-mail, an attacker can
execute arbitrary scripts running in the context of the victim's
browser. This could lead to a compromise of the user's webmail account,
cookie theft, etc.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All Horde-IMP users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-apps/horde-imp-3.2.4&quot;
# emerge &quot;&gt;=www-apps/horde-imp-3.2.4&quot;</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/10501">Bugtraq Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0584">CVE-2004-0584</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

67
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-12.xml vendored Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-12">
<title>Webmin: Multiple vulnerabilities</title>
<synopsis>
Webmin contains two security vulnerabilities which could lead to a Denial
of Service attack and information disclosure.
</synopsis>
<product type="ebuild">webmin</product>
<announced>June 16, 2004</announced>
<revised>May 22, 2006: 02</revised>
<bug>53375</bug>
<access>remote</access>
<affected>
<package name="app-admin/webmin" auto="yes" arch="*">
<unaffected range="ge">1.150</unaffected>
<vulnerable range="le">1.140-r1</vulnerable>
</package>
</affected>
<background>
<p>
Webmin is a web-based administration tool for Unix. It supports a wide
range of applications including Apache, DNS, file sharing and others.
</p>
</background>
<description>
<p>
Webmin contains two security vulnerabilities. One allows any user to
view the configuration of any module and the other could allow an
attacker to lock out a valid user by sending an invalid username and
password.
</p>
</description>
<impact type="normal">
<p>
An authenticated user could use these vulnerabilities to view the
configuration of any module thus potentially obtaining important
knowledge about configuration settings. Furthermore an attacker could
lock out legitimate users by sending invalid login information.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All Webmin users should upgrade to the latest stable version:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-admin/app-admin/webmin-1.150&quot;
# emerge &quot;&gt;=app-admin/app-admin/webmin-1.150&quot;</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/10474">Bugtraq Announcement</uri>
<uri link="http://www.webmin.com/changes-1.150.html">Webmin Changelog</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0582">CVE-2004-0582</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0583">CVE-2004-0583</uri>
</references>
<metadata tag="submitter">
jaervosz
</metadata>
</glsa>

Some files were not shown because too many files have changed in this diff Show More