+ The Apache HTTP Server is one of the most popular web servers on the + Internet. +
++ Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow + attackers who can create or edit configuration files including .htaccess + files, to cause a denial of service and execute arbitrary code via a regular + expression containing more than 9 captures. +
++ An attacker may cause a denial of service or execute arbitrary code with the + privileges of the user that is running apache. +
++ There is no known workaround at this time, other than to disable both + mod_alias and mod_rewrite. +
++ It is recommended that all Gentoo Linux users who are running + net-misc/apache 1.x upgrade: +
+
+ # emerge sync
+ # emerge -pv apache
+ # emerge '>=www-servers/apache-1.3.29'
+ # emerge clean
+ # /etc/init.d/apache restart
+ + The Apache HTTP Server is one of the most popular web servers on the + Internet. +
++ Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow + attackers who can create or edit configuration files including .htaccess + files, to cause a denial of service and execute arbitrary code via a regular + expression containing more than 9 captures, and a bug in the way mod_cgid + handles CGI redirect paths could result in CGI output going to the wrong + client when a threaded MPM is used, resulting in an information disclosure. +
++ An attacker may cause a denial of service or execute arbitrary code with the + privileges of the user that is running apache. +
++ There is no known workaround at this time. +
++ It is recommended that all Gentoo Linux users who are running + net-misc/apache 2.x upgrade: +
+
+ # emerge sync
+ # emerge -pv '>=www-servers/apache-2.0.48'
+ # emerge '>=www-servers/apache-2.0.48'
+ # emerge clean
+ # /etc/init.d/apache2 restart
+ + Please remember to update your config files in /etc/apache2 as --datadir has + been changed to /var/www/localhost. +
++ KDM is the desktop manager included with the K Desktop Environment. +
++ Firstly, versions of KDM <=3.1.3 are vulnerable to a privilege escalation + bug with a specific configuration of PAM modules. Users who do not use PAM + with KDM and users who use PAM with regular Unix crypt/MD5 based + authentication methods are not affected. +
++ Secondly, KDM uses a weak cookie generation algorithm. Users are advised to + upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable source of + entropy to improve security. +
++ A remote or local attacker could gain root privileges. +
++ There is no known workaround at this time. +
++ It is recommended that all Gentoo Linux users who are running + kde-base/kdebase <=3.1.3 upgrade: +
+
+ # emerge sync
+ # emerge -pv '>=kde-base/kde-3.1.4'
+ # emerge '>=kde-base/kde-3.1.4'
+ # emerge clean
+ + Opera is a multi-platform web browser. +
++ The Opera browser can cause a buffer allocated on the heap to overflow under + certain HREFs when rendering HTML. The mail system is also deemed + vulnerable and an attacker can send an email containing a malformed HREF, or + plant the malicious HREF on a web site. +
++ Certain HREFs can cause a buffer allocated on the heap to overflow when + rendering HTML which can allow arbitrary bytes on the heap to be overwritten + which can result in a system compromise. +
++ There is no known workaround at this time. +
++ Users are encouraged to perform an 'emerge sync' and upgrade the package + to the latest available version. Opera 7.22 is recommended as Opera 7.21 is + vulnerable to other security flaws. Specific steps to upgrade: +
+
+ # emerge sync
+ # emerge -pv '>=www-client/opera-7.22'
+ # emerge '>=www-client/opera-7.22'
+ # emerge clean
+ + HylaFAX is a popular client-server fax package. +
++ During a code review of the hfaxd server, the SuSE Security Team discovered + a format bug condition that allows a remote attacker to execute arbitrary + code as the root user. However, the bug cannot be triggered in the default + hylafax configuration. +
++ A remote attacker could execute arbitrary code with root privileges. +
++ There is no known workaround at this time. +
++ Users are encouraged to perform an 'emerge sync' and upgrade the package to + the latest available version. Vulnerable versions of hylafax have been + removed from portage. Specific steps to upgrade: +
+
+ # emerge sync
+ # emerge -pv '>=net-misc/hylafax-4.1.8'
+ # emerge '>=net-misc/hylafax-4.1.8'
+ # emerge clean
+ + FreeRADIUS is a popular open source RADIUS server. +
++ FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, + the attack code must be in the form of a valid RADIUS packet which limits + the possible exploits. +
++ Also corrected in the 0.9.3 release is another vulnerability which causes + the RADIUS server to de-reference a NULL pointer and crash when an + Access-Request packet with a Tunnel-Password is received. +
++ A remote attacker could craft a RADIUS packet which would cause the RADIUS + server to crash, or could possibly overflow the heap resulting in a system + compromise. +
++ There is no known workaround at this time. +
++ Users are encouraged to perform an 'emerge sync' and upgrade the package to + the latest available version - 0.9.3 is available in portage and is marked + as stable. +
+
+ # emerge sync
+ # emerge -pv '>=net-dialup/freeradius-0.9.3'
+ # emerge '>=net-dialup/freeradius-0.9.3'
+ # emerge clean
+ + Ethereal is a popular network protocol analyzer. +
++ Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and + MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS + protocol dissector, which could cause Ethereal to crash or to execute + arbitrary code. +
++ A remote attacker could craft a malformed packet which would cause Ethereal + to crash or run arbitrary code with the permissions of the user running + Ethereal. +
++ There is no known workaround at this time, other than to disable the GTP, + ISAKMP, MEGACO, and SOCKS protocol dissectors. +
++ It is recommended that all Gentoo Linux users who are running + net-analyzer/ethereal 0.9.x upgrade: +
+
+ # emerge sync
+ # emerge -pv '>=net-analyzer/ethereal-0.9.16'
+ # emerge '>=net-analyzer/ethereal-0.9.16'
+ # emerge clean
+ + glibc is the GNU C library. +
++ A bug in the getgrouplist function can cause a buffer overflow if the size + of the group list is too small to hold all the user's groups. This overflow + can cause segmentation faults in user applications. This vulnerability + exists only when an administrator has placed a user in a number of groups + larger than that expected by an application. +
++ Applications that use getgrouplist can crash. +
++ There is no known workaround at this time. +
++ It is recommended that all Gentoo Linux users update their systems as + follows: +
+
+ # emerge sync
+ # emerge -pv '>=sys-libs/glibc-2.2.5'
+ # emerge '>=sys-libs/glibc-2.2.5'
+ # emerge clean
+ + phpSysInfo is a PHP system information tool. +
++ phpSysInfo contains two vulnerabilities which could allow local files to be + read or arbitrary PHP code to be executed, under the privileges of the web + server process. +
++ An attacker could read local files or execute arbitrary code with the + permissions of the user running the host web server. +
++ There is no known workaround at this time. +
++ It is recommended that all Gentoo Linux users who are running + www-apps/phpsysinfo upgrade to the fixed version: +
+
+ # emerge sync
+ # emerge -pv '>=www-apps/phpsysinfo-2.1-r1'
+ # emerge '>=www-apps/phpsysinfo-2.1-r1'
+ # emerge clean
+ + Libnids is a component of a network intrusion detection system. +
++ There is a bug in the part of libnids code responsible for TCP reassembly. + The flaw probably allows remote code execution. +
++ A remote attacker could possibly execute arbitrary code. +
++ There is no known workaround at this time. +
++ It is recommended that all Gentoo Linux users who are running + net-libs/libnids update their systems as follows: +
+
+ # emerge sync
+ # emerge -pv '>=net-libs/libnids-1.18'
+ # emerge '>=net-libs/libnids-1.18'
+ # emerge clean
+ + The rsync.gentoo.org rotation of servers provides an up to date Portage + tree using the rsync file transfer protocol. +
++ On December 2nd at approximately 03:45 UTC, one of the servers that makes up + the rsync.gentoo.org rotation was compromised via a remote exploit. At this + point, we are still performing forensic analysis. However, the compromised + system had both an IDS and a file integrity checker installed and we have a + very detailed forensic trail of what happened once the box was breached, so + we are reasonably confident that the portage tree stored on that box was + unaffected. +
++ The attacker appears to have installed a rootkit and modified/deleted some + files to cover their tracks, but left the server otherwise untouched. The + box was in a compromised state for approximately one hour before it was + discovered and shut down. During this time, approximately 20 users + synchronized against the portage mirror stored on this box. The method used + to gain access to the box remotely is still under investigation. We will + release more details once we have ascertained the cause of the remote + exploit. +
++ This box is not an official Gentoo infrastructure box and is instead donated + by a sponsor. The box provides other services as well and the sponsor has + requested that we not publicly identify the box at this time. Because the + Gentoo part of this box appears to be unaffected by this exploit, we are + currently honoring the sponsor's request. That said, if at any point, we + determine that any file in the portage tree was modified in any way, we will + release full details about the compromised server. +
++ There is no known impact at this time. +
++ There is no known workaround at this time. +
++ Again, based on the forensic analysis done so far, we are reasonably + confident that no files within the Portage tree on the box were affected. + However, the server has been removed from all rsync.*.gentoo.org rotations + and will remain so until the forensic analysis has been completed and the + box has been wiped and rebuilt. Thus, users preferring an extra level of + security may ensure that they have a correct and accurate portage tree by + running: +
+
+ # emerge sync
+ + Which will perform a sync against another server and ensure that all files + are up to date. +
++ rsync is a popular file transfer package used to synchronize the Portage + tree. +
++ Rsync version 2.5.6 contains a vulnerability that can be used to run + arbitrary code. The Gentoo infrastructure team has some reasonably good + forensic evidence that this exploit may have been used in combination with + the Linux kernel do_brk() vulnerability (see GLSA 200312-02) to exploit a + rsync.gentoo.org rotation server (see GLSA-200312-01.) +
++ Please see http://lwn.net/Articles/61541/ for the security advisory released + by the rsync development team. +
++ A remote attacker could execute arbitrary code with the permissions of the + root user. +
++ There is no known workaround at this time. +
++ To address this vulnerability, all Gentoo users should read GLSA-200312-02 + and ensure that all systems are upgraded to a version of the Linux kernel + without the do_brk() vulnerability, and upgrade to version 2.5.7 of rsync: +
+
+ # emerge sync
+ # emerge -pv '>=net-misc/rsync-2.5.7'
+ # emerge '>=net-misc/rsync-2.5.7'
+ # emerge clean
+ + Review your /etc/rsync/rsyncd.conf configuration file; ensure that the use + chroot="no" command is commented out or removed, or change use chroot="no" + to use chroot="yes". Then, if necessary, restart rsyncd: +
+
+ # /etc/init.d/rsyncd restart
+ + CVS, which stands for Concurrent Versions System, is a client/server + application which tracks changes to sets of files. It allows multiple users + to work concurrently on files, and then merge their changes back into the + main tree (which can be on a remote system). It also allows branching, or + maintaining separate versions for files. +
++ Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=84: + "Stable CVS 1.11.10 has been released. Stable releases contain only bug + fixes from previous versions of CVS. This release fixes a security issue + with no known exploits that could cause previous versions of CVS to attempt + to create files and directories in the filesystem root. This release also + fixes several issues relevant to case insensitive filesystems and some other + bugs. We recommend this upgrade for all CVS clients and servers!" +
++ Attempts to create files and directories outside the repository may be + possible. +
++ There is no known workaround at this time. +
++ All Gentoo Linux machines with cvs installed should be updated to use + dev-util/cvs-1.11.10 or higher: +
+
+ # emerge sync
+ # emerge -pv '>=dev-util/cvs-1.11.10'
+ # emerge '>=dev-util/cvs-1.11.10'
+ # emerge clean
+ + GnuPG is a popular open source signing and encryption tool. +
++ Two flaws have been found in GnuPG 1.2.3. +
++ First, ElGamal signing keys can be compromised. These keys are not commonly + used, but this is "a significant security failure which can lead to a + compromise of almost all ElGamal keys used for signing. Note that this is a + real world vulnerability which will reveal your private key within a few + seconds". +
++ Second, there is a format string flaw in the 'gpgkeys_hkp' utility which + "would allow a malicious keyserver in the worst case to execute an arbitrary + code on the user's machine." +
++ If you have used ElGamal keys for signing your private key can be + compromised, and a malicious keyserver could remotely execute arbitrary code + with the permissions of the user running gpgkeys_hkp. +
++ There is no known workaround at this time. +
++ All users who have created ElGamal signing keys should immediately revoke + them. In addition, all Gentoo Linux machines with gnupg installed should be + updated to use gnupg-1.2.3-r5 or higher: +
+
+ # emerge sync
+ # emerge -pv '>=app-crypt/gnupg-1.2.3-r5'
+ # emerge '>=app-crypt/gnupg-1.2.3-r5'
+ # emerge clean
+ + XChat is a multiplatform IRC client. +
++ There is a remotely exploitable bug in XChat 2.0.6 that could lead to a + denial of service attack. Gentoo wishes to thank lloydbates for discovering + this bug, as well as jcdutton and rac for submitting patches to fix the bug. +
++ A malformed DCC packet sent by a remote attacker can cause XChat to crash. +
++ There is no known workaround at this time. +
++ For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most + architectures. Since it was never marked as stable in the portage tree, + only xchat users who have explictly added the unstable keyword to + ACCEPT_KEYWORDS are affected. Users may updated affected machines to the + patched version of xchat using the following commands: +
+
+ # emerge sync
+ # emerge -pv '>=net-irc/xchat-2.0.6-r1'
+ # emerge '>=net-irc/xchat-2.0.6-r1'
+ # emerge clean
+ + This assumes that users are running with ACCEPT_KEYWORDS enabled for their + architecture. +
++ lftp is a multithreaded command-line based FTP client. It allows you to + execute multiple commands simultaneously or in the background. If features + mirroring capabilities, resuming downloads, etc. +
++ Two buffer overflows exist in lftp. Both can occur when the user connects to + a malicious web server using the HTTP or HTTPS protocol and issues lftp's + "ls" or "rels" commands. +
++ Ulf Harnhammar explains: +
++ Technically, the problem lies in the file src/HttpDir.cc and the + functions try_netscape_proxy() and try_squid_eplf(), which both + have sscanf() calls that take data of an arbitrary length and + store it in a char array with 32 elements. (Back in version 2.3.0, + the problematic code was located in some other function, but the + problem existed back then too.) Depending on the HTML document in the + specially prepared directory, buffers will be overflown in either one + function or the other. +
++ When a user issues "ls" or "rels" on a malicious server, the tftp + application can be tricked into running arbitrary code on the user his + machine. +
++ There is no workaround available. +
++ All Gentoo users who have net-ftp/lftp installed should update to use + version 2.6.0 or higher using these commands: +
+
+ # emerge sync
+ # emerge -pv '>=net-ftp/lftp-2.6.10'
+ # emerge '>=net-ftp/lftp-2.6.10'
+ # emerge clean
+ + CVS, which stands for Concurrent Versions System, is a client/server + application which tracks changes to sets of files. It allows multiple users + to work concurrently on files, and then merge their changes back into the + main tree (which can be on a remote system). It also allows branching, or + maintaining separate versions for files. +
++ Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=88: + "Stable CVS 1.11.11 has been released. Stable releases contain only bug + fixes from previous versions of CVS. This release adds code to the CVS + server to prevent it from continuing as root after a user login, as an extra + failsafe against a compromise of the CVSROOT/passwd file. Previously, any + user with the ability to write the CVSROOT/passwd file could execute + arbitrary code as the root user on systems with CVS pserver access enabled. + We recommend this upgrade for all CVS servers!" +
++ A remote user could execute arbitrary code with the permissions of the root + user. +
++ There is no known workaround at this time. +
++ All Gentoo Linux machines with cvs installed should be updated to use + cvs-1.11.11 or higher. +
+
+ # emerge sync
+ # emerge -pv '>=dev-util/cvs-1.11.11'
+ # emerge '>=dev-util/cvs-1.11.11'
+ # emerge clean
+ + The Linux kernel is responsible for memory management in a working + system - to allow this, processes are allowed to allocate and unallocate + memory. +
++ The memory subsystem allows for shrinking, growing, and moving of + chunks of memory along any of the allocated memory areas which the kernel + posesses. +
++ A typical virtual memory area covers at least one memory page. An incorrect + bound check discovered inside the do_mremap() kernel code performing + remapping of a virtual memory area may lead to creation of a virtual memory + area of 0 bytes length. +
++ The problem is based on the general mremap flaw that remapping 2 pages from + inside a VMA creates a memory hole of only one page in length but an + additional VMA of two pages. In the case of a zero sized remapping request + no VMA hole is created but an additional VMA descriptor of 0 + bytes in length is created. +
++ This advisory also addresses an information leak in the Linux RTC system. +
++ Arbitrary code may be able to exploit this vulnerability and may + disrupt the operation of other + parts of the kernel memory management subroutines finally leading to + unexpected behavior. +
++ Since no special privileges are required to use the mremap(2) system call + any process may misuse its unexpected behavior to disrupt the kernel memory + management subsystem. Proper exploitation of this vulnerability may lead to + local privilege escalation including execution of arbitrary code + with kernel level access. +
++ Proof-of-concept exploit code has been created and successfully tested, + permitting root escalation on vulnerable systems. As a result, all users + should upgrade their kernels to new or patched versions. +
++ There is no temporary workaround - a kernel upgrade is required. A list + of unaffected kernels is provided along with this announcement. +
++ Users are encouraged to upgrade to the latest available sources for + their system: +
+
+ $> emerge sync
+ $> emerge -pv your-favourite-sources
+ $> emerge your-favourite-sources
+ $> # Follow usual procedure for compiling and installing a kernel.
+ $> # If you use genkernel, run genkernel as you would do normally.
+
+ $> # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+ $> # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+ $> # REPORTS THAT THE SAME VERSION IS INSTALLED.
+ + Honeyd is a virtual honeypot daemon that can simulate virtual hosts on + unallocated IP addresses. +
++ A bug in handling NMAP fingerprints caused Honeyd to reply to TCP + packets with both the SYN and RST flags set. Watching for replies, it is + possible to detect IP addresses simulated by Honeyd. +
++ Although there are no public exploits known for Honeyd, the detection + of Honeyd IP addresses may in some cases be undesirable. +
++ Honeyd 0.8 has been released along with an advisory to address this + issue. In addition, Honeyd 0.8 drops privileges if permitted by the + configuration file and contains command line flags to force dropping + of privileges. +
++ All users are recommended to update to honeyd version 0.8: +
+
+ $> emerge sync
+ $> emerge -pv ">=net-analyzer/honeyd-0.8"
+ $> emerge ">=net-analyzer/honeyd-0.8"
+ + Mod_python is an Apache module that embeds the Python interpreter + within the server allowing Python-based web-applications to be + created. +
++ The Apache Foundation has reported that mod_python may be prone to + Denial of Service attacks when handling a malformed + query. Mod_python 2.7.9 was released to fix the vulnerability, + however, because the vulnerability has not been fully fixed, + version 2.7.10 has been released. +
++ Users of mod_python 3.0.4 are not affected by this vulnerability. +
++ Although there are no known public exploits known for this + exploit, users are recommended to upgrade mod_python to ensure the + security of their infrastructure. +
++ Mod_python 2.7.10 has been released to solve this issue; there is + no immediate workaround. +
++ All users using mod_python 2.7.9 or below are recommended to + update their mod_python installation: +
+
+ $> emerge sync
+ $> emerge -pv ">=www-apache/mod_python-2.7.10"
+ $> emerge ">=www-apache/mod_python-2.7.10"
+ $> /etc/init.d/apache restart
+ + Gaim is a multi-platform and multi-protocol instant messaging + client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo, + IRC, Jabber, Gadu-Gadu, and the Zephyr networks. +
++ Yahoo changed the authentication methods to their IM servers, + rendering GAIM useless. The GAIM team released a rushed release + solving this issue, however, at the same time a code audit + revealed 12 new vulnerabilities. +
++ Due to the nature of instant messaging many of these bugs require + man-in-the-middle attacks between the client and the server. But + the underlying protocols are easy to implement and attacking + ordinary TCP sessions is a fairly simple task. As a result, all + users are advised to upgrade their GAIM installation. +
++ There is no immediate workaround; a software upgrade is required. +
++ All users are recommended to upgrade GAIM to 0.75-r7. +
+
+ $> emerge sync
+ $> emerge -pv ">=net-im/gaim-0.75-r7"
+ $> emerge ">=net-im/gaim-0.75-r7"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ If the server configuration "php.ini" file has + "register_globals = on" and a request is made to one virtual host + (which has "php_admin_flag register_globals off") and the next + request is sent to the another virtual host (which does not have the + setting) through the same apache child, the setting will persist. +
++ Depending on the server and site, an attacker may be able to exploit + global variables to gain access to reserved areas, such as MySQL passwords, + or this vulnerability may simply cause a lack of functionality. As a + result, users are urged to upgrade their PHP installations. +
++ Gentoo ships PHP with "register_globals" set to "off" + by default. +
++ This issue affects both servers running Apache 1.x and servers running + Apache 2.x. +
++ No immediate workaround is available; a software upgrade is required. +
++ All users are recommended to upgrade their PHP installation to 4.3.4-r4: +
+
+ # emerge sync
+ # emerge -pv ">=dev-php/mod_php-4.3.4-r4"
+ # emerge ">=dev-php/mod_php-4.3.4-r4"
+ + XFree86, provides a client/server interface between display + hardware and the desktop environment while also providing both the + windowing infrastructure and a standardized API. XFree86 is + platform independent, network-transparent and extensible. +
++ Exploitation of a buffer overflow in The XFree86 Window System + discovered by iDefence allows local attackers to gain root + privileges. +
++ The problem exists in the parsing of the 'font.alias' file. The X + server (running as root) fails to check the length of the user + provided input, so a malicious user may craft a malformed + 'font.alias' file causing a buffer overflow upon parsing, + eventually leading to the execution of arbitrary code. +
++ To reproduce the overflow on the command line one can run: +
+
+ # cat > fonts.dir <<EOF
+ 1
+ word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
+ EOF
+ # perl -e 'print "0" x 1024 . "A" x 96 . "\n"' > fonts.alias
+ # X :0 -fp $PWD
+ + {Some output removed}... Server aborting... Segmentation fault (core dumped) +
++ Successful exploitation can lead to a root compromise provided + that the attacker is able to execute commands in the X11 + subsystem. This can be done either by having console access to the + target or through a remote exploit against any X client program + such as a web-browser, mail-reader or game. +
++ No immediate workaround is available; a software upgrade is required. +
++ Gentoo has released XFree 4.2.1-r3, 4.3.0-r4 and 4.3.99.902-r1 and + encourages all users to upgrade their XFree86 + installations. Vulnerable versions are no longer available in + Portage. +
++ All users are recommended to upgrade their XFree86 installation: +
+
+ # emerge sync
+ # emerge -pv x11-base/xfree
+ # emerge x11-base/xfree
+ + The Monkey HTTP daemon is a Web server written in C that works + under Linux and is based on the HTTP/1.1 protocol. It aims to develop + a fast, efficient and small web server. +
++ A bug in the URI processing of incoming requests allows for a Denial of + Service to be launched against the webserver, which may cause the server + to crash or behave sporadically. +
++ Although there are no public exploits known for bug, users are recommended + to upgrade to ensure the security of their infrastructure. +
++ There is no immediate workaround; a software upgrade is + required. The vulnerable function in the code has been rewritten. +
++ All users are recommended to upgrade monkeyd to 0.8.2: +
+
+ # emerge sync
+ # emerge -pv ">=www-servers/monkeyd-0.8.2"
+ # emerge ">=www-servers/monkeyd-0.8.2"
+ + Gallery is an open source image management system written in PHP. + More information is available at http://gallery.sourceforge.net +
++ Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour + of the PHP 'register_globals' variable in environments where that setting + is disabled. It is simulated by extracting the values of the various + $HTTP_ global variables into the global namespace. +
++ A crafted URL such as + http://example.com/gallery/init.php?HTTP_POST_VARS=xxx causes the + 'register_globals' simulation code to overwrite the $HTTP_POST_VARS which, + when it is extracted, will deliver the given payload. If the + payload compromises $GALLERY_BASEDIR then the malicious user can perform a + PHP injection exploit and gain remote access to the webserver with PHP + user UID access rights. +
++ The workaround for the vulnerability is to replace init.php and + setup/init.php with the files in the following ZIP file: + http://prdownloads.sourceforge.net/gallery/patch_1.4.1-to-1.4.1-pl1.zip?download +
++ All users are encouraged to upgrade their gallery installation: +
+
+ # emerge sync
+ # emerge -p ">=www-apps/gallery-1.4.1_p1"
+ # emerge ">=www-apps/gallery-1.4.1_p1"
+ + phpMyAdmin is a tool written in PHP intended to handle the administration + of MySQL databased over the Web. +
++ One component of the phpMyAdmin software package (export.php) does not + properly verify input that is passed to it from a remote user. Since the + input is used to include other files, it is possible to launch a directory + traversal attack. +
++ Private information could be gleaned from the remote server if an attacker + uses a malformed URL such as http://phpmyadmin.example.com/export.php?what=../../../[existing_file] +
++ In this scenario, the script does not sanitize the "what" argument passed + to it, allowing directory traversal attacks to take place, disclosing + the contents of files if the file is readable as the web-server user. +
++ The workaround is to either patch the export.php file using the + referenced CVS patch or upgrade the software via Portage. +
++ Users are encouraged to upgrade to phpMyAdmin-2.5.6_rc1: +
+
+ # emerge sync
+ # emerge -pv ">=dev-db/phpmyadmin-2.5.6_rc1"
+ # emerge ">=dev-db/phpmyadmin-2.5.6_rc1"
+ # emerge clean
+ + A vulnerability has been discovered by Andi Kleen in the ptrace emulation + code for AMD64 platforms when eflags are processed, allowing a local user + to obtain elevated priveleges. The Common Vulnerabilities and Exposures + project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue. +
++ Only users of the AMD64 platform are affected: in this scenario, a user may + be able to obtain elevated priveleges, including root access. However, no + public exploit is known for the vulnerability at this time. +
++ There is no temporary workaround - a kernel upgrade is required. A list of + unaffected kernels is provided along with this announcement. +
++ Users are encouraged to upgrade to the latest available sources for + their system: +
+
+ # emerge sync
+ # emerge -pv your-favourite-sources
+ # emerge your-favourite-sources
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.
+
+
+ # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+ # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+ # # REPORTS THAT THE SAME VERSION IS INSTALLED.
+
+ + Clam AntiVirus is a GPLed anti-virus toolkit, designed for integration with + mail servers to perform attachment scanning. Clam AV also provides a + command line scanner and a tool for fetching updates of the virus database. +
++ Oliver Eikemeier of Fillmore Labs discovered the overflow in Clam AV 0.65 + when it handled malformed UUEncoded messages, causing the daemon to shut + down. +
++ The problem originated in libclamav which calculates the line length of an + uuencoded message by taking the ASCII value of the first character minus 64 + while doing an assertion if the length is not in the allowed range, + effectively terminating the calling program as clamav would not be + available. +
++ A malformed message would cause a denial of service, + and depending on the server configuration this may impact other daemons + relying on Clam AV in a fatal manner. +
++ There is no immediate workaround, a software upgrade is required. +
++ All users are urged to upgrade their Clam AV installations to Clam AV 0.67: +
+
+ # emerge sync
+ # emerge -pv ">=app-antivirus/clamav-0.6.7"
+ # emerge ">=app-antivirus/clamav-0.6.7"
+ + Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. + When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 + uses parsing routines that can overflow a buffer caused by improper bounds + checking if they are passed a URL longer than 4096 bytes. +
++ If an attacker is able to exploit an application using libxml2 that parses + remote resources, then this flaw could be used to execute arbitrary code. +
++ No workaround is available; users are urged to upgrade libxml2 to 2.6.6. +
++ All users are recommended to upgrade their libxml2 installation: +
+
+ # emerge sync
+ # emerge -pv ">=dev-libs/libxml2-2.6.6"
+ # emerge ">=dev-libs/libxml2-2.6.6"
+ + The Linux kernel is responsible for memory management in a working + system - to allow this, processes are allowed to allocate and + unallocate memory. +
++ The memory subsystem allows for shrinking, growing, and moving of + chunks of memory along any of the allocated memory areas which the + kernel posesses. +
++ To accomplish this, the do_mremap code calls the do_munmap() kernel + function to remove any old memory mappings in the new location - but, + the code doesn't check the return value of the do_munmap() function + which may fail if the maximum number of available virtual memory area + descriptors has been exceeded. +
++ Due to the missing return value check after trying to unmap the middle + of the first memory area, the corresponding page table entries from the + second new area are inserted into the page table locations described by + the first old one, thus they are subject to page protection flags of + the first area. As a result, arbitrary code can be executed. +
++ Arbitrary code with normal non-super-user privelerges may be able to + exploit this vulnerability and may disrupt the operation of other parts + of the kernel memory management subroutines finally leading to + unexpected behavior. +
++ Since no special privileges are required to use the mremap() and + mummap() system calls any process may misuse this unexpected behavior + to disrupt the kernel memory management subsystem. Proper exploitation + of this vulnerability may lead to local privilege escalation allowing + for the execution of arbitrary code with kernel level root access. +
++ Proof-of-concept exploit code has been created and successfully tested, + permitting root escalation on vulnerable systems. As a result, all + users should upgrade their kernels to new or patched versions. +
++ Users who are unable to upgrade their kernels may attempt to use + "sysctl -w vm.max_map_count=1000000", however, this is a temporary fix + which only solves the problem by increasing the number of memory areas + that can be created by each process. Because of the static nature of + this workaround, it is not recommended and users are urged to upgrade + their systems to the latest avaiable patched sources. +
++ Users are encouraged to upgrade to the latest available sources for + their system: +
+
+ # emerge sync
+ # emerge -pv your-favourite-sources
+ # emerge your-favourite-sources
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.
+
+ # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+ # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+ # # REPORTS THAT THE SAME VERSION IS INSTALLED.
+ + The OpenSSL Project is a collaborative effort to develop a robust, + commercial-grade, full-featured, and Open Source toolkit implementing + the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS + v1) protocols as well as a full-strength general purpose cryptography + library. +
++ Although there are no public exploits known for bug, users are + recommended to upgrade to ensure the security of their infrastructure. +
++ There is no immediate workaround; a software upgrade is required. The + vulnerable function in the code has been rewritten. +
++ All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m: +
+
+ # emerge sync
+ # emerge -pv ">=dev-libs/openssl-0.9.7d"
+ # emerge ">=dev-libs/openssl-0.9.7d"
+ + The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +
++ Three vulnerabilities were found: +
++ No special privileges are required for these vulnerabilities. As a + result, all users are recommended to upgrade their Apache + installations. +
++ There is no immediate workaround; a software upgrade is required. There + is no workaround for the mod_disk_cache issue; users are recommended to + disable the feature on their servers until a patched version is + released. +
++ Users are urged to upgrade to Apache 2.0.49: +
+
+ # emerge sync
+ # emerge -pv ">=www-servers/apache-2.0.49"
+ # emerge ">=www-servers/apache-2.0.49"
+
+ # ** IMPORTANT **
+
+ # If you are migrating from Apache 2.0.48-r1 or earlier versions,
+ # it is important that the following directories are removed.
+
+ # The following commands should cause no data loss since these
+ # are symbolic links.
+
+ # rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules
+ # rm /etc/apache2/modules
+
+ # ** ** ** ** **
+
+ # ** ALSO NOTE **
+
+ # Users who use mod_disk_cache should edit their Apache
+ # configuration and disable mod_disk_cache.
+ + UUDeview is a program which is used to transmit binary files over the + Internet in a text-only format. It is commonly used for email and Usenet + attachments. It supports multiple encoding formats, including Base64, + BinHex and UUEncoding. +
++ By decoding a MIME archive with excessively long strings for various + parameters, it is possible to crash UUDeview, or cause it to execute + arbitrary code. +
++ This vulnerability was originally reported by iDEFENSE as part of a WinZip + advisory [ Reference: 1 ]. +
++ An attacker could create a specially-crafted MIME file and send it via + email. When recipient decodes the file, UUDeview may execute arbitrary code + which is embedded in the MIME file, thus granting the attacker access to + the recipient's account. +
++ There is no known workaround at this time. As a result, a software upgrade + is required and users should upgrade to uudeview 0.5.20. +
++ All users should upgrade to uudeview 0.5.20: +
+
+ # emerge sync
+ # emerge -pv ">=app-text/uudeview-0.5.20"
+ # emerge ">=app-text/uudeview-0.5.20"
+
+ + Courier MTA is a multiprotocol mail server suite that provides webmail, + mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server + that gives IMAP access to local mailboxes. +
++ The vulnerabilities have been found in the 'SHIFT_JIS' converter in + 'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may + supply Unicode characters that exceed BMP (Basic Multilingual Plane) range, + causing an overflow. +
++ An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access. +
++ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected packages. +
++ All users should upgrade to current versions of the affected packages: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-mail/courier-imap-3.0.0"
+ # emerge ">=net-mail/courier-imap-3.0.0"
+
+ # ** Or; depending on your installation... **
+
+ # emerge -pv ">=mail-mta/courier-0.45"
+ # emerge ">=mail-mta/courier-0.45"
+
+ + Quote from http://www.ethereal.com +
++ "Ethereal is used by network professionals around the world for + troubleshooting, analysis, software and protocol development, and + education. It has all of the standard features you would expect in a + protocol analyzer, and several features not seen in any other product. Its + open source license allows talented experts in the networking community to + add enhancements. It runs on all popular computing platforms, including + Unix, Linux, and Windows." +
+There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:
++ These vulnerabilities may cause Ethereal to crash or may allow an attacker + to run arbitrary code on the user's computer. +
++ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected package. +
++ All users should upgrade to the current version of the affected package: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-analyzer/ethereal-0.10.3"
+ # emerge ">=net-analyzer/ethereal-0.10.3"
+
+ Quote from
+ "oftpd is designed to be as secure as an anonymous FTP server can + possibly be. It runs as non-root for most of the time, and uses the + Unix chroot() command to hide most of the systems directories from + external users - they cannot change into them even if the server is + totally compromised! It contains its own directory change code, so that + it can run efficiently as a threaded server, and its own directory + listing code (most FTP servers execute the system "ls" command to list + files)." +
++ Issuing a port command with a number higher than 255 causes the server + to crash. The port command may be issued before any authentication + takes place, meaning the attacker does not need to know a valid + username and password in order to exploit this vulnerability. +
++ This exploit causes a denial of service. +
++ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected package. +
++ All users should upgrade to the current version of the affected + package: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-ftp/oftpd-0.3.7"
+ # emerge ">=net-ftp/oftpd-0.3.7"
+ + Midnight Commander is a visual file manager. +
++ A stack-based buffer overflow has been found in Midnight Commander's + virtual filesystem. +
++ This overflow allows an attacker to run arbitrary code on the user's + computer during the symlink conversion process. +
++ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected package. +
++ All users should upgrade to the current version of the affected package: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-misc/mc-4.6.0-r5"
+ # emerge ">=app-misc/mc-4.6.0-r5"
+ + Fetchmail is a utility that retrieves and forwards mail from remote systems + using IMAP, POP, and other protocols. +
++ Fetchmail versions 6.2.4 and earlier can be crashed by sending a + specially-crafted email to a fetchmail user. This problem occurs because + Fetchmail does not properly allocate memory for long lines in an incoming + email. +
++ Fetchmail users who receive a malicious email may have their fetchmail + program crash. +
++ While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail. +
++ Fetchmail users should upgrade to version 6.2.5 or later: +
+
+ # emerge sync
+ # emerge -pv ">=net-mail/fetchmail-6.2.5"
+ # emerge ">=net-mail/fetchmail-6.2.5"
+ + Squid is a fully-featured Web Proxy Cache designed to run on Unix systems + that supports proxying and caching of HTTP, FTP, and other URLs, as well as + SSL support, cache hierarchies, transparent caching, access control lists + and many other features. +
++ A bug in Squid allows users to bypass certain access controls by passing a + URL containing "%00" which exploits the Squid decoding function. + This may insert a NUL character into decoded URLs, which may allow users to + bypass url_regex access control lists that are enforced upon them. +
++ In such a scenario, Squid will insert a NUL character after + the"%00" and it will make a comparison between the URL to the end + of the NUL character rather than the contents after it: the comparison does + not result in a match, and the user's request is not denied. +
++ Restricted users may be able to bypass url_regex access control lists that + are enforced upon them which may cause unwanted network traffic as well as + a route for other possible exploits. Users of Squid 2.5STABLE4 and below + who require the url_regex features are recommended to upgrade to 2.5STABLE5 + to maintain the security of their infrastructure. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of Squid. +
++ Squid can be updated as follows: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-proxy/squid-2.5.5"
+ # emerge ">=net-proxy/squid-2.5.5"
+ + OpenLDAP is a suite of LDAP-related application and development tools. + It includes slapd (the standalone LDAP server), slurpd (the standalone + LDAP replication server), and various LDAP libraries, utilities and + example clients. +
++ A password extended operation (password EXOP) which fails will cause + the slapd server to free() an uninitialized pointer, possibly resulting + in a segfault. This only affects servers using the back-ldbm backend. +
++ Such a crash is not guaranteed with every failed operation, however, it + is possible. +
++ An attacker (or indeed, a normal user) may crash the OpenLDAP server, + creating a Denial of Service condition. +
++ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +
++ OpenLDAP users should upgrade to version 2.1.13 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-nds/openldap-2.1.13"
+ # emerge ">=net-nds/openldap-2.1.13"
+
+ Quote from
+ "MPlayer is a movie player for LINUX (runs on many other Unices, and + non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, + OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, + FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL + codecs. You can watch VideoCD, SVCD, DVD, 3ivx, DivX 3/4/5 and even WMV + movies, too." +
++ A vulnerability exists in the MPlayer HTTP parser which may allow an + attacker to craft a special HTTP header ("Location:") which will trick + MPlayer into executing arbitrary code on the user's computer. +
++ An attacker without privileges may exploit this vulnerability remotely, + allowing arbitrary code to be executed in order to gain unauthorized + access. +
++ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +
++ MPlayer may be upgraded as follows: +
++ x86 and SPARC users should: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-video/mplayer-0.92-r1"
+ # emerge ">=media-video/mplayer-0.92-r1"
+ + AMD64 users should: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-video/mplayer-1.0_pre2-r1"
+ # emerge ">=media-video/mplayer-1.0_pre2-r1"
+ + PPC users should: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-video/mplayer-1.0_pre3-r2"
+ # emerge ">=media-video/mplayer-1.0_pre3-r2"
+ + Monit is a system administration utility that allows management and + monitoring of processes, files, directories and devices on a Unix + system. +
++ A denial of service may occur due to Monit not sanitizing remotely + supplied HTTP parameters before passing them to memory allocation + functions. This could allow an attacker to cause an unexpected + condition that could lead to the Monit daemon crashing. +
++ An overly long http request method may cause a buffer overflow due to + Monit performing insufficient bounds checking when handling HTTP + requests. +
++ An attacker may crash the Monit daemon to create a denial of service + condition or cause a buffer overflow that would allow arbitrary code to + be executed with root privileges. +
++ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +
++ Monit users should upgrade to version 4.2 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/monit-4.2"
+ # emerge ">=app-admin/monit-4.2"
+ + Portage is Gentoo's package management system which is responsible for + installing, compiling and updating any ebuilds on the system through the + Gentoo rsync tree. Under default configurations, most ebuilds run under a + sandbox which prevent the build process writing to the "real" + system outside the build directory - packages are installed into a + temporary location and then copied over safely by Portage instead. During + the process the sandbox wrapper creates lockfiles in the /tmp directory + which are vulnerable to a hard-link attack. +
++ A flaw in Portage's sandbox wrapper has been found where the temporary + lockfiles are subject to a hard-link attack which allows linkable files to + be overwritten to an empty file. This can be used to damage critical files + on a system causing a Denial of Service, or alternatively this attack may + be used to cause other security risks; for example firewall configuration + data could be overwritten without notice. +
++ The vulnerable sandbox functions have been patched to test for these new + conditions: namely; for the existance of a hard-link which would be removed + before the sandbox process would continue, for the existance of a + world-writable lockfile in which case the sandbox would also remove it, and + also for any mismatches in the UID ( anything but root ) and the GID ( + anything but the group of the sandbox process ). +
++ If the vulnerable files cannot be removed by the sandbox, then the sandbox + would exit with a fatal error warning the adminstrator of the issue. The + patched functions also fix any other sandbox I/O operations which do not + explicitly include the mentioned lockfile. +
++ Any user with write access to the /tmp directory can hard-link a file to + /tmp/sandboxpids.tmp - this file would eventually be replaced with an empty + one; effectively wiping out the file it was linked to as well with no prior + warning. This could be used to potentially disable a vital component of the + system and cause a path for other possible exploits. +
++ This vulnerability only affects systems that have /tmp on the root + partition: since symbolic link attacks are filtered, /tmp has to be on the + same partition for an attack to take place. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ Users should upgrade to Portage 2.0.50-r3 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=sys-apps/portage-2.0.50-r3"
+ # emerge ">=sys-apps/portage-2.0.50-r3"
+ + KDE-PIM is an application suite designed to manage mail, addresses, + appointments, and contacts. +
++ A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously + crafted VCF file is opened by a user on a vulnerable system. +
++ A remote attacker may unauthorized access to a user's personal data or + execute commands with the user's privileges. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ KDE users should upgrade to version 3.1.5 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=kde-base/kde-3.1.5"
+ # emerge ">=kde-base/kde-3.1.5"
+ + Tcpdump is a program for monitoring IP network traffic. Libpcap is a + supporting library which is responsibile for capturing packets off a network + interface. +
++ There are two specific vulnerabilities in tcpdump, outlined in [ reference + 1 ]. In the first scenario, an attacker may send a specially-crafted ISAKMP + Delete packet which causes tcpdump to read past the end of its buffer. In + the second scenario, an attacker may send an ISAKMP packet with the wrong + payload length, again causing tcpdump to read past the end of a buffer. +
++ Remote attackers could potentially cause tcpdump to crash or execute + arbitrary code as the 'pcap' user. +
++ There is no known workaround at this time. All tcpdump users are encouraged + to upgrade to the latest available version. +
++ All tcpdump users should upgrade to the latest available version. + ADDITIONALLY, the net-libs/libpcap package should be upgraded. +
+
+ # emerge sync
+
+ # emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
+ # emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
+ + sysstat is a package containing a number of performance monitoring + utilities for Linux, including sar, mpstat, iostat and sa tools +
++ There are two vulnerabilities in the way sysstat handles symlinks: +
++ Both vulnerabilities may allow an attacker to overwrite arbitrary files + under the permissions of the user executing any of the affected + utilities. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ Systat users should upgrade to version 4.2 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/sysstat-5.0.2"
+ # emerge ">=app-admin/sysstat-5.0.2"
+ + From http://ipsec-tools.sourceforge.net/ : +
++ "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 + IPsec implementation." +
++ racoon (a utility in the ipsec-tools package) does not verify digital + signatures on Phase1 packets. This means that anybody holding the correct + X.509 certificate would be able to establish a connection, even if they did + not have the corresponding private key. +
++ Since digital signatures are not verified by the racoon tool, an attacker may + be able to connect to the VPN gateway and/or execute a man-in-the-middle attack. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ ipsec-tools users should upgrade to version 0.2.5 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-firewall/ipsec-tools-0.2.5"
+ # emerge ">=net-firewall/ipsec-tools-0.2.5"
+ + Util-linux is a suite of essential system utilites, including login, + agetty, fdisk. +
++ In some situations the login program could leak sensitive data due to an + incorrect usage of a reallocated pointer. +
++ NOTE: Only users who have PAM support disabled on their + systems (i.e. -PAM in their USE variable) will be affected by this + vulnerability. By default, this USE flag is enabled on all + architectures. Users with PAM support on their system receive login binaries + as part of the pam-login package, which remains unaffected. +
++ A remote attacker may obtain sensitive data. +
++ A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. +
++ All util-linux users should upgrade to version 2.12 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=sys-apps/util-linux-2.12"
+ # emerge ">=sys-apps/util-linux-2.12"
+
+
+ From
+ "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose + of this software is the integration with mail servers (attachment + scanning). The package provides a flexible and scalable multi-threaded + daemon, a command line scanner, and a tool for automatic updating via + Internet. The programs are based on a shared library distributed with + the Clam AntiVirus package, which you can use with your own software. + Most importantly, the virus database is kept up to date." +
++ Certain types of RAR archives, including those created by variants of + the W32.Beagle.A@mm worm, may cause clamav to crash when it attempts to + process them. +
++ This vulnerability causes a Denial of Service in the clamav process. + Depending on configuration, this may cause dependent services such as + mail to fail as well. +
++ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +
++ ClamAV users should upgrade to version 0.68.1 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-antivirus/clamav-0.68.1"
+ # emerge ">=app-antivirus/clamav-0.68.1"
+ + Automake is a tool for automatically generating `Makefile.in' files + which is often used in conjuction with Autoconf and other GNU Autotools + to ease portability among applications. It also provides a standardized + and light way of writing complex Makefiles through the use of many + built-in macros. +
++ Automake may be vulnerable to a symbolic link attack which may allow an + attacker to modify data or escalate their privileges. This is due to + the insecure way Automake creates directories during compilation. An + attacker may be able to create symbolic links in the place of files + contained in the affected directories, which may potentially lead to + elevated privileges due to modification of data. +
++ An attacker may be able to use this vulnerability to modify data in an + unauthorized fashion or elevate their privileges. +
++ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +
++ Automake users should upgrade to the latest versions: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose sys-devel/automake
+ + Heimdal is a free implementation of Kerberos 5. +
++ Heimdal does not properly perform certain consistency checks for + cross-realm requests, which allows remote attackers with control of a realm + to impersonate others in the cross-realm trust path. +
++ Remote attackers with control of a realm may be able to impersonate other + users in the cross-realm trust path. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ Heimdal users should upgrade to version 0.6.1 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-crypt/heimdal-0.6.1"
+ # emerge ">=app-crypt/heimdal-0.6.1"
+ + iproute is a set of tools for managing linux network routing and advanced + features. +
++ It has been reported that iproute can accept spoofed messages on the kernel + netlink interface from local users. This could lead to a local Denial of + Service condition. +
++ Local users could cause a Denial of Service. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ All iproute users should upgrade to version 20010824-r5 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=sys-apps/iproute-20010824-r5";
+ # emerge ">=sys-apps/iproute-20010824-r5";
+
+ + pwlib is a multi-platform library designed for OpenH323. +
++ Multiple vulnerabilities have been found in the implimentation of protocol + H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of + ASN.1 elements which would allow an attacker to use a maliciously crafted + ASN.1 element to cause unpredictable behavior in pwlib. +
++ An attacker may cause a denial of service condition or cause a buffer + overflow that would allow arbitrary code to be executed with root + privileges. +
++ Blocking ports 1719 and 1720 may reduce the likelihood of an attack. All + users are advised to upgrade to the latest version of the affected package. +
++ All pwlib users are advised to upgrade to version 1.5.2-r3 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-libs/pwlib-1.5.2-r3"
+ # emerge ">=dev-libs/pwlib-1.5.2-r3"
+ + Scorched 3D is a game based loosely on the classic DOS game "Scorched + Earth". Scorched 3D adds amongst other new features a 3D island + environment and LAN and internet play. Scorched 3D is totally free and is + available for multiple operating systems. +
++ Scorched 3D (build 36.2 and before) does not properly check the text + entered in the Chat box (T key). Using format string characters, you can + generate a heap overflow. This and several other unchecked buffers have + been corrected in the build 37 release. +
++ This vulnerability can be easily exploited to remotely crash the Scorched + 3D server, disconnecting all clients. It could also theorically be used to + execute arbitrary code on the server with the rights of the user running + the server. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ Scorched 3D users should upgrade to version 37 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=games-strategy/scorched3d-37"
+ # emerge ">=games-strategy/scorched3d-37"
+ + CVS, which stands for Concurrent Versions System, is a client/server + application which tracks changes to sets of files. It allows multiple + users to work concurrently on files, and then merge their changes back + into the main tree (which can be on a remote system). It also allows + branching, or maintaining separate versions for files. +
++ There are two vulnerabilities in CVS; one in the server and one in the + client. The server vulnerability allows a malicious client to request + the contents of any RCS file to which the server has permission, even + those not located under $CVSROOT. The client vulnerability allows a + malicious server to overwrite files on the client machine anywhere the + client has permissions. +
++ Arbitrary files may be read or written on CVS clients and servers by + anybody with access to the CVS tree. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest stable version of CVS. +
++ All CVS users should upgrade to the latest stable version. +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/cvs-1.11.15"
+ # emerge ">=dev-util/cvs-1.11.15"
+
+ According to
+ Cadaver code includes the neon library, which in versions 0.24.4 and + previous is vulnerable to multiple format string attacks. The latest + version of cadaver uses version 0.24.5 of the neon library, which makes it + immune to this vulnerability. +
++ When using cadaver to connect to an untrusted WebDAV server, this + vulnerability can allow a malicious remote server to execute arbitrary code + on the client with the rights of the user using cadaver. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ cadaver users should upgrade to version 0.22.1 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/cadaver-0.22.1"
+ # emerge ">=net-misc/cadaver-0.22.1"
+ + XChat is a multiplatform IRC client. +
++ The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. + Users would have to be using XChat through a SOCKS 5 server, enable + SOCKS 5 traversal which is disabled by default and also connect to an + attacker's custom proxy server. +
++ This vulnerability may allow an attacker to run arbitrary code within + the context of the user ID of the XChat client. +
++ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +
++ All XChat users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-irc/xchat-2.0.8-r1"
+ # emerge ">=net-irc/xchat-2.0.8-r1"
+ + Note that users of the gtk1 version of xchat (1.8.*) should upgrade to + xchat-1.8.11-r1: +
+
+ # emerge sync
+
+ # emerge -pv "=net-irc/xchat-1.8.11-r1"
+ # emerge "=net-irc/xchat-1.8.11-r1"
+ + Monit is a system administration utility that allows management and + monitoring of processes, files, directories and devices on a Unix system. +
++ Monit has several vulnerabilities in its HTTP interface : a buffer overflow + vulnerability in the authentication handling code and a off-by-one error in + the POST method handling code. +
++ An attacker may exploit the off-by-one error to crash the Monit daemon and + create a denial of service condition, or cause a buffer overflow that would + allow arbitrary code to be executed with root privileges. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ Monit users should upgrade to version 4.2.1 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/monit-4.2.1"
+ # emerge ">=app-admin/monit-4.2.1"
+
+ From
+ "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec + implementation." +
++ iputils is a collection of network monitoring tools, including racoon, ping + and ping6. +
++ When racoon receives an ISAKMP header, it allocates memory based on the + length of the header field. Thus, an attacker may be able to cause a Denial + of Services by creating a header that is large enough to consume all + available system resources. +
++ This vulnerability may allow an attacker to remotely cause a Denial of + Service. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ ipsec-tools users should upgrade to version 0.2.5 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-firewall/ipsec-tools-0.3.1"
+ # emerge ">=net-firewall/ipsec-tools-0.3.1"
+ + iputils users should upgrade to version 021109-r3 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/iputils-021109-r3"
+ # emerge ">=net-misc/iputils-021109-r3"
+ + SSMTP is a very simple mail transfer agent (MTA) that relays mail from the + local machine to another SMTP host. It is not designed to function as a + full mail server; its sole purpose is to relay mail. +
++ There are two format string vulnerabilities inside the log_event() and + die() functions of ssmtp. Strings from outside ssmtp are passed to various + printf()-like functions from within log_event() and die() as format + strings. An attacker could cause a specially-crafted string to be passed to + these functions, and potentially cause ssmtp to execute arbitrary code. +
++ If ssmtp connects to a malicious mail relay server, this vulnerability can + be used to execute code with the rights of the mail sender, including root. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of ssmtp. +
++ All users are advised to upgrade to the latest available version of ssmtp. +
+
+ # emerge sync
+
+ # emerge -pv ">=mail-mta/ssmtp-2.60.7"
+ # emerge ">=mail-mta/ssmtp-2.60.7"
+ + LCDproc is a program that displays various bits of real-time system + information on an LCD. It makes use of a local server (LCDd) to collect + information to display on the LCD. +
++ Due to insufficient checking of client-supplied data, the LCDd server is + susceptible to two buffer overflows and one string buffer vulnerability. If + the server is configured to listen on all network interfaces (see the Bind + parameter in LCDproc configuration), these vulnerabilities can be triggered + remotely. +
++ These vulnerabilities allow an attacker to execute code with the rights of + the user running the LCDproc server. By default, this is the "nobody" user. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ LCDproc users should upgrade to version 0.4.5 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-misc/lcdproc-0.4.5"
+ # emerge ">=app-misc/lcdproc-0.4.5"
+ + xine is a multimedia player allowing to play back CDs, DVDs, and VCDs + and decoding multimedia files like AVI, MOV, WMV, and MP3 from local + disk drives, and displays multimedia streamed over the Internet. It is + available in Gentoo as a reusable library (xine-lib) with a standard + user interface (xine-ui). +
++ Several vulnerabilities were found in xine-ui and xine-lib. By opening + a malicious MRL in any xine-lib based media player, an attacker can + write arbitrary content to an arbitrary file, only restricted by the + permissions of the user running the application. By opening a malicious + playlist in the xine-ui media player, an attacker can write arbitrary + content to an arbitrary file, only restricted by the permissions of the + user running xine-ui. Finally, a temporary file is created in an + insecure manner by the xine-check and xine-bugreport scripts, + potentially allowing a local attacker to use a symlink attack. +
++ These three vulnerabilities may alow an attacker to corrupt system + files, thus potentially leading to a Denial of Service. It is also + theoretically possible, though very unlikely, to use these + vulnerabilities to elevate the privileges of the attacker. +
++ There is no known workaround at this time. All users are advised to + upgrade to the latest available versions of xine-ui and xine-lib. +
++ All users of xine-ui or another xine-based player should upgrade to the + latest stable versions: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-video/xine-ui-0.9.23-r2"
+ # emerge ">=media-video/xine-ui-0.9.23-r2"
+
+ # emerge -pv ">=media-libs/xine-lib-1_rc3-r3"
+ # emerge ">=media-libs/xine-lib-1_rc3-r3"
+ + Samba is a package which allows UNIX systems to act as file servers for + Windows computers. It also allows UNIX systems to mount shares exported by + a Samba/CIFS/Windows server. smbmount is a program in the Samba package + which allows normal users on a UNIX system to mount remote shares. smbprint + is an example script included in the Samba package which can be used to + facilitate network printing. +
++ Two vulnerabilities have been discovered in Samba. The first vulnerability + allows a local user who has access to the smbmount command to gain root. An + attacker could place a setuid-root binary on a Samba share/server he or she + controls, and then use the smbmount command to mount the share on the + target UNIX box. The remote Samba server must support UNIX extensions for + this to work. This has been fixed in version 3.0.2a. +
++ The second vulnerability is in the smbprint script. By creating a symlink + from /tmp/smbprint.log, an attacker could cause the smbprint script to + write to an arbitrary file on the system. This has been fixed in version + 3.0.2a-r2. +
++ Local users with access to the smbmount command may gain root access. Also, + arbitrary files may be overwritten using the smbprint script. +
++ To workaround the setuid bug, remove the setuid bits from the + /usr/bin/smbmnt, /usr/bin/smbumount and /usr/bin/mount.cifs binaries. + However, please note that this workaround will prevent ordinary users from + mounting remote SMB and CIFS shares. +
++ To work around the smbprint vulnerability, set "debug=no" in the smbprint + configuration. +
++ All users should update to the latest version of the Samba package. +
++ The following commands will perform the upgrade: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-fs/samba-3.0.2a-r2"
+ # emerge ">=net-fs/samba-3.0.2a-r2"
+ + Those who are using Samba's password database also need to run the + following command: +
+
+ # pdbedit --force-initialized-passwords
+ + Those using LDAP for Samba passwords also need to check the sambaPwdLastSet + attribute on each account, and ensure it is not 0. +
++ neon provides an HTTP and WebDAV client library. +
++ There are multiple format string vulnerabilities in libneon which may allow + a malicious WebDAV server to execute arbitrary code under the context of + the process using libneon. +
++ An attacker may be able to execute arbitrary code under the context of the + process using libneon. +
++ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +
++ Neon users should upgrade to version 0.24.5 or later: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/neon-0.24.5"
+ # emerge ">=net-misc/neon-0.24.5"
+ + LHa is a console-based program for packing and unpacking LHarc archives. +
++ Ulf Harnhammar found two stack overflows and two directory traversal + vulnerabilities in LHa version 1.14 and 1.17. A stack overflow occurs when + testing or extracting archives containing long file or directory names. + Furthermore, LHa doesn't contain sufficient protection against relative or + absolute archive paths. +
++ The stack overflows can be exploited to execute arbitrary code with the + rights of the user testing or extracting the archive. The directory + traversal vulnerabilities can be used to overwrite files in the filesystem + with the rights of the user extracting the archive, potentially leading to + denial of service or privilege escalation. Since LHa is often interfaced to + other software like an email virus scanner, this attack can be used + remotely. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of LHa. +
++ All users of LHa should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-arch/lha-114i-r2"
+ # emerge ">=app-arch/lha-114i-r2"
+
+ From
+ "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose + of this software is the integration with mail servers (attachment + scanning). The package provides a flexible and scalable multi-threaded + daemon, a command line scanner, and a tool for automatic updating via + Internet. The programs are based on a shared library distributed with + the Clam AntiVirus package, which you can use with your own software. + Most importantly, the virus database is kept up to date." +
++ The VirusEvent parameter in the clamav.conf configuration file allows + to specify a system command to run whenever a virus is found. This + system command can make use of the "%f" parameter which is replaced by + the name of the file infected. The name of the file scanned is under + control of the attacker and is not sufficiently checked. Version 0.70 + of clamav disables the use of the "%f" parameter. +
++ Sending a virus with a malicious file name can result in execution of + arbirary system commands with the rights of the antivirus process. + Since clamav is often associated to mail servers for email scanning, + this attack can be used remotely. +
++ You should not use the "%f" parameter in your VirusEvent configuration. +
++ All users of Clam AntiVirus should upgrade to the latest stable + version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-antivirus/clamav-0.70"
+ # emerge ">=app-antivirus/clamav-0.70"
+ + OpenOffice.org is an office productivity suite, including word processing, + spreadsheets, presentations, drawings, data charting, formula editing, and + file conversion facilities. +
++ OpenOffice.org includes code from the Neon library in functions related to + publication on WebDAV servers. This library is vulnerable to several format + string attacks. +
++ If you use the WebDAV publication and connect to a malicious WebDAV server, + this server can exploit these vulnerabilities to execute arbitrary code + with the rights of the user running OpenOffice.org. +
++ As a workaround, you should not use the WebDAV publication facilities. +
++ There is no Ximian OpenOffice.org binary version including the fix yet. All + users of the openoffice-ximian-bin package making use of the WebDAV + openoffice-ximian source-based package. +
++ openoffice users on the x86 architecture should: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-1.1.1-r1"
+ # emerge ">=app-office/openoffice-1.1.1-r1"
+ + openoffice users on the sparc architecture should: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-1.1.0-r3"
+ # emerge ">=app-office/openoffice-1.1.0-r3"
+ + openoffice users on the ppc architecture should: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-1.0.3-r1"
+ # emerge ">=app-office/openoffice-1.0.3-r1"
+ + openoffice-ximian users should: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1"
+ # emerge ">=app-office/openoffice-ximian-1.1.51-r1"
+ + openoffice-bin users should: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-bin-1.1.2"
+ # emerge ">=app-office/openoffice-bin-1.1.2"
+ + Utempter is an application that allows non-privileged apps to write utmp + (login) info, which otherwise needs root access. +
++ Utempter contains a vulnerability that may allow local users to overwrite + arbitrary files via a symlink attack. +
++ This vulnerability may allow arbitrary files to be overwritten with root + privileges. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of utempter. +
++ All users of utempter should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=sys-apps/utempter-0.5.5.4"
+ # emerge ">=sys-apps/utempter-0.5.5.4"
+ + libpng is a standard library used to process PNG (Portable Network + Graphics) images. +
++ libpng provides two functions (png_chunk_error and png_chunk_warning) for + default error and warning messages handling. These functions do not perform + proper bounds checking on the provided message, which is limited to 64 + bytes. Programs linked against this library may crash when handling a + malicious PNG image. +
++ This vulnerability could be used to crash various programs using the libpng + library, potentially resulting in a denial of service attack on vulnerable + daemon processes. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of libpng. +
++ All users of libpng should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/libpng-1.2.5-r5"
+ # emerge ">=media-libs/libpng-1.2.5-r5"
+ + You should also run revdep-rebuild to rebuild any packages that depend on + older versions of libpng : +
+
+ # revdep-rebuild
+ + Exim is an highly configurable message transfer agent (MTA) developed at + the University of Cambridge. +
++ When the option "verify = header_syntax" is used in an ACL in the + configuration file, Exim is vulnerable to a buffer overflow attack that can + be triggered remotely by sending malicious headers in an email message. + Note that this option is not enabled in Exim's default configuration file. +
++ This vulnerability can be exploited to trigger a denial of service attack + and potentially execute arbitrary code with the rights of the user used by + the Exim daemon (by default this is the "mail" user in Gentoo Linux). +
++ Make sure the verify=header_syntax option is not used in your exim.conf + file. +
++ All users of Exim should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=mail-mta/exim-4.33-r1"
+ # emerge ">=mail-mta/exim-4.33-r1"
+ + Pound is a reverse proxy, load balancer and HTTPS front-end. It allows + to distribute the load on several web servers and offers a SSL wrapper + for web servers that do not support SSL directly. +
++ A format string flaw in the processing of syslog messages was + discovered and corrected in Pound. +
++ This flaw may allow remote execution of arbitrary code with the rights + of the Pound daemon process. By default, Gentoo uses the "nobody" user + to run the Pound daemon. +
++ There is no known workaround at this time. All users are advised to + upgrade to the latest available version of Pound. +
++ All users of Pound should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/pound-1.6"
+ # emerge ">=www-servers/pound-1.6"
+ + ProFTPD is an FTP daemon. +
++ ProFTPD 1.2.9 introduced a vulnerability that allows CIDR-based ACLs (such + as 10.0.0.1/24) to be bypassed. The CIDR ACLs are disregarded, with the net + effect being similar to an "AllowAll" directive. +
++ This vulnerability may allow unauthorized files, including critical system + files to be downloaded and/or modified, thereby allowing a potential remote + compromise of the server. +
++ Users may work around the problem by avoiding use of CIDR-based ACLs. +
++ ProFTPD users are encouraged to upgrade to the latest version of the + package: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-ftp/proftpd-1.2.9-r2"
+ # emerge ">=net-ftp/proftpd-1.2.9-r2"
+ + Icecast is a program that streams audio data to listeners over the + Internet. +
++ There is an out-of-bounds read error in the web interface of Icecast + when handling Basic Authorization requests. This vulnerability can + theorically be exploited by sending a specially crafted Authorization + header to the server. +
++ By exploiting this vulnerability, it is possible to crash the Icecast + server remotely, resulting in a denial of service attack. +
++ There is no known workaround at this time. All users are advised to + upgrade to the latest available version of Icecast. +
++ All users of Icecast should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/icecast-2.0.1"
+ # emerge ">=net-misc/icecast-2.0.1"
+ + The K Desktop Environment (KDE) is a powerful Free Software graphical + desktop environment. KDE makes use of URI handlers to trigger various + programs when specific URLs are received. +
++ The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' + at the beginning of the hostname passed. By crafting a malicious URI and + entice an user to click on it, it is possible to pass an option to the + programs started by the handlers (typically telnet, kmail...). +
++ If the attacker controls the options passed to the URI handling programs, + it becomes possible for example to overwrite arbitrary files (possibly + leading to denial of service), to open kmail on an attacker-controlled + remote display or with an alternate configuration file (possibly leading to + control of the user account). +
++ There is no known workaround at this time. All users are advised to upgrade + to a corrected version of kdelibs. +
++ Users of KDE 3.1 should upgrade to the corrected version of kdelibs: +
+
+ # emerge sync
+
+ # emerge -pv "=kde-base/kdelibs-3.1.5-r1"
+ # emerge "=kde-base/kdelibs-3.1.5-r1"
+ + Users of KDE 3.2 should upgrade to the latest available version of kdelibs: +
+
+ # emerge sync
+
+ # emerge -pv ">=kde-base/kdelibs-3.2.2-r1"
+ # emerge ">=kde-base/kdelibs-3.2.2-r1"
+ + CVS (Concurrent Versions System) is an open-source network-transparent + version control system. It contains both a client utility and a server. +
++ Stefan Esser discovered a heap overflow in the CVS server, which can be + triggered by sending malicious "Entry" lines and manipulating the flags + related to that Entry. This vulnerability was proven to be exploitable. +
++ A remote attacker can execute arbitrary code on the CVS server, with the + rights of the CVS server. By default, Gentoo uses the "cvs" user to run the + CVS server. In particular, this flaw allows a complete compromise of CVS + source repositories. If you're not running a server, then you are not + vulnerable. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of CVS. +
++ All users running a CVS server should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/cvs-1.11.16"
+ # emerge ">=dev-util/cvs-1.11.16"
+ + neon provides an HTTP and WebDAV client library. +
++ Stefan Esser discovered a vulnerability in the code of the neon library : + if a malicious date string is passed to the ne_rfc1036_parse() function, it + can trigger a string overflow into static heap variables. +
++ Depending on the application linked against libneon and when connected to a + malicious WebDAV server, this vulnerability could allow execution of + arbitrary code with the rights of the user running that application. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of neon. +
++ All users of neon should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/neon-0.24.6"
+ # emerge ">=net-misc/neon-0.24.6"
+ + Subversion is a version control system intended to eventually replace + CVS. Like CVS, it has an optional client-server architecture (where the + server can be an Apache server running mod_svn, or an ssh program as in + CVS's :ext: method). In addition to supporting the features found in + CVS, Subversion also provides support for moving and copying files and + directories. +
++ All releases of Subversion prior to 1.0.3 have a vulnerability in the + date-parsing code. This vulnerability may allow denial of service or + arbitrary code execution as the Subversion user. Both the client and + server are vulnerable, and write access is NOT required to the server's + repository. +
++ All servers and clients are vulnerable. Specifically, clients that + allow other users to write to administrative files in a working copy + may be exploited. Additionally all servers (whether they are httpd/DAV + or svnserve) are vulnerable. Write access to the server is not + required; public read-only Subversion servers are also exploitable. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All Subversion users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/subversion-1.0.3"
+ # emerge ">=dev-util/subversion-1.0.3"
+ + cadaver is a command-line WebDAV client. +
++ Stefan Esser discovered a vulnerability in the code of the neon library + (see GLSA 200405-13). This library is also included in cadaver. +
++ When connected to a malicious WebDAV server, this vulnerability could allow + remote execution of arbitrary code with the rights of the user running + cadaver. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of cadaver. +
++ All users of cadaver should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/cadaver-0.22.2"
+ # emerge ">=net-misc/cadaver-0.22.2"
+ + SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP, and can optionally be installed with SQL support. +
++ Several unspecified cross-site scripting (XSS) vulnerabilities and a + well hidden SQL injection vulnerability were found. An XSS attack + allows an attacker to insert malicious code into a web-based + application. SquirrelMail does not check for code when parsing + variables received via the URL query string. +
++ One of the XSS vulnerabilities could be exploited by an attacker to + steal cookie-based authentication credentials from the user's browser. + The SQL injection issue could potentially be used by an attacker to run + arbitrary SQL commands inside the SquirrelMail database with privileges + of the SquirrelMail database user. +
++ There is no known workaround at this time. All users are advised to + upgrade to version 1.4.3_rc1 or higher of SquirrelMail. +
++ All SquirrelMail users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=mail-client/squirrelmail-1.4.3_rc1"
+ # emerge ">=mail-client/squirrelmail-1.4.3_rc1"
+ + Metamail is a program that decodes MIME encoded mail. It is therefore often + automatically called when an email is received or read. +
++ Ulf Harnhammar found two format string bugs and two buffer overflow bugs in + Metamail. +
++ A remote attacker could send a malicious email message and execute + arbitrary code with the rights of the process calling the Metamail program. +
++ There is no known workaround at this time. +
++ All users of Metamail should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-mail/metamail-2.7.45.3"
+ # emerge ">=net-mail/metamail-2.7.45.3"
+ + Firebird is an open source relational database that runs on Linux, + Windows, and various UNIX systems. +
++ A buffer overflow exists in three Firebird binaries (gds_inet_server, + gds_lock_mgr, and gds_drop) that is exploitable by setting a large + value to the INTERBASE environment variable. +
++ An attacker could control program execution, allowing privilege + escalation to the UID of Firebird, full access to Firebird databases, + and trojaning the Firebird binaries. An attacker could use this to + compromise other user or root accounts. +
++ There is no known workaround. +
++ All users should upgrade to the latest version of Firebird: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-db/firebird-1.5"
+ # emerge ">=dev-db/firebird-1.5"
+ + Opera is a multi-platform web browser. +
++ The telnet URI handler in Opera does not check for leading '-' + characters in the host name. Consequently, a maliciously-crafted + telnet:// link may be able to pass options to the telnet program + itself. One example would be the following: +
++ telnet://-nMyFile +
++ If MyFile exists in the user's home directory and the user clicking on + the link has write permissions to it, the contents of the file will be + overwritten with the output of the telnet trace information. If MyFile + does not exist, the file will be created in the user's home directory. +
++ This exploit has two possible impacts. First, it may create new files + in the user's home directory. Second, and far more serious, it may + overwrite existing files that the user has write permissions to. An + attacker with some knowledge of a user's home directory might be able + to destroy important files stored within. +
++ Disable the telnet URI handler from within Opera. +
++ All Opera users are encouraged to upgrade to the latest version of the + program: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-client/opera-7.50_beta1"
+ # emerge ">=www-client/opera-7.50_beta1"
+ + MySQL is a popular open-source multi-threaded, multi-user SQL database + server. +
++ The MySQL bug reporting utility (mysqlbug) creates a temporary file to log + bug reports to. A malicious local user with write access to the /tmp + directory could create a symbolic link of the name mysqlbug-N + pointing to a protected file, such as /etc/passwd, such that when mysqlbug + creates the Nth log file, it would end up overwriting the target + file. A similar vulnerability exists with the mysql_multi utility, which + creates a temporary file called mysql_multi.log. +
++ Since mysql_multi runs as root, a local attacker could use this to destroy + any other users' data or corrupt and destroy system files. +
++ One could modify both scripts to log to a directory that users do not have + write permission to, such as /var/log/mysql/. +
++ All users should upgrade to the latest stable version of MySQL. +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-db/mysql-4.0.18-r2"
+ # emerge ">=dev-db/mysql-4.0.18-r2"
+ + Midnight Commander is a visual console file manager. +
++ Numerous security issues have been discovered in Midnight Commander, + including several buffer overflow vulnerabilities, multiple vulnerabilities + in the handling of temporary file and directory creation, and multiple + format string vulnerabilities. +
++ The buffer overflows and format string vulnerabilities may allow attackers + to cause a denial of service or execute arbitrary code with permissions of + the user running MC. The insecure creation of temporary files and + directories could lead to a privilege escalation, including root + privileges, for a local attacker. +
++ There is no known workaround at this time. All users are advised to upgrade + to version 4.6.0-r7 or higher of Midnight Commander. +
++ All Midnight Commander users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-misc/mc-4.6.0-r7
+ # emerge ">=app-misc/mc-4.6.0-r7"
+ + The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +
++ On 64-bit big-endian platforms, mod_access does not properly parse + Allow/Deny rules using IP addresses without a netmask which could result in + failure to match certain IP addresses. +
++ Terminal escape sequences are not filtered from error logs. This could be + used by an attacker to insert escape sequences into a terminal emulater + vulnerable to escape sequences. +
++ mod_digest does not properly verify the nonce of a client response by using + a AuthNonce secret. This could permit an attacker to replay the response of + another website. This does not affect mod_auth_digest. +
++ On certain platforms there is a starvation issue where listening sockets + fails to handle short-lived connection on a rarely-accessed listening + socket. This causes the child to hold the accept mutex and block out new + connections until another connection arrives on the same rarely-accessed + listening socket thus leading to a denial of service. +
++ These vulnerabilities could lead to attackers bypassing intended access + restrictions, denial of service, and possibly execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All users should upgrade to the latest stable version of Apache 1.3. +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/apache-1.3.31"
+ # emerge ">=www-servers/apache-1.3.31"
+ + Heimdal is a free implementation of Kerberos. +
++ A buffer overflow was discovered in kadmind, a server for administrative + access to the Kerberos database. +
++ By sending a specially formatted message to kadmind, a remote attacker may + be able to crash kadmind causing a denial of service, or execute arbitrary + code with the permissions of the kadmind process. +
++ For a temporary workaround, providing you do not require Kerberos 4 + support, you may turn off Kerberos 4 kadmin by running kadmind with the + --no-kerberos4 option. +
++ All Heimdal users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-crypt/heimdal-0.6.2"
+ # emerge ">=app-crypt/heimdal-0.6.2"
+ + MPlayer is a movie player capable of handling multiple multimedia file + formats. xine-lib is a multimedia player library used by several graphical + user interfaces, including xine-ui. They both use the same code to handle + Real-Time Streaming Protocol (RTSP) streams from RealNetworks servers. +
++ Multiple vulnerabilities have been found and fixed in the RTSP handling + code common to recent versions of these two packages. These vulnerabilities + include several remotely exploitable buffer overflows. +
++ A remote attacker, posing as a RTSP stream server, can execute arbitrary + code with the rights of the user of the software playing the stream + (MPlayer or any player using xine-lib). Another attacker may entice a user + to use a maliciously crafted URL or playlist to achieve the same results. +
++ For MPlayer, there is no known workaround at this time. For xine-lib, you + can delete the xineplug_inp_rtsp.so file. +
++ All users should upgrade to non-vulnerable versions of MPlayer and + xine-lib: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-video/mplayer-1.0_pre4"
+ # emerge ">=media-video/mplayer-1.0_pre4"
+
+ # emerge -pv ">=media-libs/xine-lib-1_rc4"
+ # emerge ">=media-libs/xine-lib-1_rc4"
+ + GNU Arch (tla) is a revision control system suited for widely distributed + development. +
++ Multiple format string vulnerabilities and a heap overflow vulnerability + were discovered in the code of the neon library (GLSA 200405-01 and + 200405-13). Current versions of the tla package include their own version + of this library. +
++ When connected to a malicious WebDAV server, these vulnerabilities could + allow execution of arbitrary code with the rights of the user running tla. +
++ There is no known workaround at this time. +
++ All users of tla should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/tla-1.2-r2"
+ # emerge ">=dev-util/tla-1.2-r2"
+ + Ethereal is a feature rich network protocol analyzer. +
++ There are multiple vulnerabilities in versions of Ethereal earlier than + 0.10.4, including: +
++ An attacker could use these vulnerabilities to crash Ethereal or even + execute arbitrary code with the permissions of the user running + Ethereal, which could be the root user. +
++ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. However, it is strongly recommended to upgrade to + the latest stable release. +
++ All Ethereal users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-analyzer/ethereal-0.10.4"
+ # emerge ">=net-analyzer/ethereal-0.10.4"
+ + tripwire is an open source file integrity checker. +
++ The code that generates email reports contains a format string + vulnerability in pipedmailmessage.cpp. +
++ With a carefully crafted filename on a local filesystem an attacker + could cause execution of arbitrary code with permissions of the user + running tripwire, which could be the root user. +
++ There is no known workaround at this time. +
++ All tripwire users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/tripwire-2.3.1.2-r1"
+ # emerge ">=app-admin/tripwire-2.3.1.2-r1"
+ + sitecopy easily maintains remote websites. It makes it simple to keep a + remote site synchronized with the local site with one command. +
++ Multiple format string vulnerabilities and a heap overflow vulnerability + were discovered in the code of the neon library (GLSA 200405-01 and + 200405-13). Current versions of the sitecopy package include their own + version of this library. +
++ When connected to a malicious WebDAV server, these vulnerabilities could + allow execution of arbitrary code with the rights of the user running + sitecopy. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of sitecopy. +
++ All sitecopy users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/sitecopy-0.13.4-r2"
+ # emerge ">=net-misc/sitecopy-0.13.4-r2"
+ + Mailman is a python-based mailing list server with an extensive web + interface. +
++ Mailman contains an unspecified vulnerability in the handling of request + emails. +
++ By sending a carefully crafted email request to the mailman server an + attacker could obtain member passwords. +
++ There is no known workaround at this time. +
++ All users of Mailman should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-mail/mailman-2.1.5"
+ # emerge ">=net-mail/mailman-2.1.5"
+ + Apache is the most popular Web server on the Internet. mod_ssl provides + Secure Sockets Layer encryption and authentication to Apache 1.3. Apache 2 + contains the functionality of mod_ssl. +
++ A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead to a + remote buffer overflow on a server configured to use FakeBasicAuth that + will trust a client certificate with an issuing CA with a subject DN longer + than 6k. +
++ Given the right server configuration, an attacker could cause a Denial of + Service or execute code as the user running Apache, usually + "apache". It is thought to be impossible to exploit this to + execute code on the x86 platform, but the possibility for other platforms + is unknown. This does not preclude a DoS on x86 systems. +
++ A server should not be vulnerable if it is not configured to use + FakeBasicAuth and to trust a client CA with a long subject DN. +
++ Apache 1.x users should upgrade to the latest version of mod_ssl: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-www/mod_ssl-2.8.18"
+ # emerge ">=net-www/mod_ssl-2.8.18"
+ + Apache 2.x users should upgrade to the latest version of Apache: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/apache-2.0.49-r3"
+ # emerge ">=www-servers/apache-2.0.49-r3"
+ + CVS (Concurrent Versions System) is an open-source network-transparent + version control system. It contains both a client utility and a server. +
++ A team audit of the CVS source code performed by Stefan Esser and Sebastian + Krahmer resulted in the discovery of several remotely exploitable + vulnerabilities including: +
++ An attacker could use these vulnerabilities to cause a Denial of Service or + execute arbitrary code with the permissions of the user running cvs. +
++ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of CVS. +
++ All CVS users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/cvs-1.11.17"
+ # emerge ">=dev-util/cvs-1.11.17"
+ + Subversion is a revision control system that aims to be a "compelling + replacement for CVS". It enjoys wide use in the open source community. + svnserve allows access to Subversion repositories using URIs with the + svn://, svn+ssh://, and other tunelled svn+*:// protocols. +
++ The svn protocol parser trusts the indicated length of a URI string sent by + a client. This allows a client to specify a very long string, thereby + causing svnserve to allocate enough memory to hold that string. This may + cause a Denial of Service. Alternately, given a string that causes an + integer overflow in the variable holding the string length, the server + might allocate less memory than required, allowing a heap overflow. This + heap overflow may then be exploitable, allowing remote code execution. The + attacker does not need read or write access to the Subversion repository + being served, since even un-authenticated users can send svn protocol + requests. +
++ Ranges from remote Denial of Service to potential arbitrary code execution + with privileges of the svnserve process. +
++ Servers without svnserve running are not vulnerable. Disable svnserve and + use DAV for access instead. +
++ All users should upgrade to the latest version of Subversion. +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/subversion-1.0.4-r1"
+ # emerge ">=dev-util/subversion-1.0.4-r1"
+ + SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP, and can optionally be installed with SQL support. +
++ A new cross-site scripting (XSS) vulnerability in + Squirrelmail-1.4.3_rc1 has been discovered. In functions/mime.php + Squirrelmail fails to properly sanitize user input. +
++ By enticing a user to read a specially crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +
++ There is no known workaround at this time. +
++ All SquirrelMail users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=mail-client/squirrelmail-1.4.3"
+ # emerge ">=mail-client/squirrelmail-1.4.3"
+ + Chora is a PHP-based SVN/CVS repository viewer by the HORDE project. +
++ A vulnerability in the diff viewer of Chora allows an attacker to inject + shellcode. An attacker can exploit PHP's file upload functionality to + upload a malicious binary to a vulnerable server, chmod it as executable, + and run the file. +
++ An attacker could remotely execute arbitrary binaries with the permissions + of the PHP script, conceivably allowing further exploitation of local + vulnerabilities and remote root access. +
++ There is no known workaround at this time. +
++ All users are advised to upgrade to the latest version of Chora: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/horde-chora-1.2.2"
+ # emerge ">=www-apps/horde-chora-1.2.2"
+ + Gallery is a web application written in PHP which is used to organize + and publish photo albums. It allows multiple users to build and + maintain their own albums. It also supports the mirroring of images on + other servers. +
++ There is a vulnerability in the Gallery photo album software which may + allow an attacker to gain administrator privileges within Gallery. A + Gallery administrator has full access to all albums and photos on the + server, thus attackers may add or delete photos at will. +
++ Attackers may gain full access to all Gallery albums. There is no risk + to the webserver itself, or the server on which it runs. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All users should upgrade to the latest available version of Gallery. +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/gallery-1.4.3_p2"
+ # emerge ">=www-apps/gallery-1.4.3_p2"
+ + Horde-IMP is the Internet Messaging Program. It is written in PHP and + provides webmail access to IMAP and POP3 accounts. +
++ Horde-IMP fails to properly sanitize email messages that contain + malicious HTML or script code. +
++ By enticing a user to read a specially crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +
++ There is no known workaround at this time. +
++ All Horde-IMP users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/horde-imp-3.2.4"
+ # emerge ">=www-apps/horde-imp-3.2.4"
+ + Webmin is a web-based administration tool for Unix. It supports a wide + range of applications including Apache, DNS, file sharing and others. +
++ Webmin contains two security vulnerabilities. One allows any user to + view the configuration of any module and the other could allow an + attacker to lock out a valid user by sending an invalid username and + password. +
++ An authenticated user could use these vulnerabilities to view the + configuration of any module thus potentially obtaining important + knowledge about configuration settings. Furthermore an attacker could + lock out legitimate users by sending invalid login information. +
++ There is no known workaround at this time. +
++ All Webmin users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/app-admin/webmin-1.150"
+ # emerge ">=app-admin/app-admin/webmin-1.150"
+ + Squid contains a bug in the function ntlm_check_auth(). It fails to do + proper bounds checking on the values copyied to the 'pass' variable. +
++ Squid is a full-featured Web Proxy Cache designed to run on Unix systems. + It supports proxying and caching of HTTP, FTP, and other URLs, as well as + SSL support, cache hierarchies, transparent caching, access control lists + and many other features. +
++ If Squid is configured to use NTLM authentication, an attacker could + exploit this vulnerability by sending a very long password. This could lead + to arbitrary code execution with the permissions of the user running Squid. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All Squid users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-proxy/squid-2.5.5-r2"
+ # emerge ">=net-proxy/squid-2.5.5-r2"
+ + aspell is a popular spell-checker. Dictionaries are available for many + languages. +
++ aspell includes a utility for handling wordlists called + word-list-compress. This utility fails to do proper bounds checking + when processing words longer than 256 bytes. +
++ If an attacker could entice a user to handle a wordlist containing very + long word lengths it could result in the execution of arbitrary code + with the permissions of the user running the program. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All users should upgrade to the latest available version of aspell. +
+
+ # emerge sync
+
+ # emerge -pv ">=app-text/aspell-0.50.5-r4"
+ # emerge ">=app-text/aspell-0.50.5-r4"
+ + Usermin is a web-based administration tool for Unix. It supports a wide + range of user applications including configuring mail forwarding, + setting up SSH or reading mail. +
++ Usermin contains two security vulnerabilities. One fails to properly + sanitize email messages that contain malicious HTML or script code and + the other could allow an attacker to lock out a valid user by sending + an invalid username and password. +
++ By sending a specially crafted e-mail, an attacker can execute + arbitrary scripts running in the context of the victim's browser. This + can be lead to cookie theft and potentially to compromise of user + accounts. Furthermore, an attacker could lock out legitimate users by + sending invalid login information. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ Usermin users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/usermin-1.080"
+ # emerge ">=app-admin/usermin-1.080"
+ + The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +
++ A bug in the proxy_util.c file may lead to a remote buffer overflow. To + trigger the vulnerability an attacker would have to get mod_proxy to + connect to a malicous server which returns an invalid (negative) + Content-Length. +
++ An attacker could cause a Denial of Service as the Apache child handling + the request, which will die and under some circumstances execute arbitrary + code as the user running Apache, usually "apache". +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version: +
++ Apache 1.x users should upgrade to the latest version of Apache: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/apache-1.3.31-r2"
+ # emerge ">=www-servers/apache-1.3.31-r2"
+ + IPsec-Tools is a port of KAME's implementation of the IPsec utilities. + It contains a collection of network monitoring tools, including racoon, + ping, and ping6. +
++ The KAME IKE daemon racoon is used to authenticate peers during Phase 1 + when using either preshared keys, GSS-API, or RSA signatures. When + using RSA signatures racoon validates the X.509 certificate but not the + RSA signature. +
++ By sending a valid and trusted X.509 certificate and any private key an + attacker could exploit this vulnerability to perform man-in-the-middle + attacks and initiate unauthorized connections. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All IPsec-Tools users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-firewall/ipsec-tools-0.3.3"
+ # emerge ">=net-firewall/ipsec-tools-0.3.3"
+ + gzip (GNU zip) is popular compression program. The included gzexe + utility allows you to compress executables in place and have them + automatically uncompress and execute when you run them. +
++ The script gzexe included with gzip contains a bug in the code that + handles tempfile creation. If the creation of a temp file fails when + using gzexe fails instead of bailing out it executes the command given + as argument. +
++ This could lead to priviege escalation by running commands under the + rights of the user running the self extracting file. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All gzip users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-arch/gzip-1.3.3-r4"
+ # emerge ">=app-arch/gzip-1.3.3-r4"
+ + Additionally, once the upgrade is complete, all self extracting files + created with earlier versions gzexe should be recreated, since the + vulnerability is actually embedded in those executables. +
++ giFT-FastTrack is a plugin for the giFT file-sharing application. It + allows giFT users to connect to the fasttrack network to share files. +
++ Alan Fitton found a vulnerability in the giFT-FastTrack plugin in + version 0.8.6 and earlier. It can be used to remotely crash the giFT + daemon. +
++ Attackers may use this vulnerability to perform a Denial of Service + attack against the giFT daemon. There is no risk of code execution. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All users should upgrade to the latest available version of + gift-fasttrack: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-p2p/gift-fasttrack-0.8.7"
+ # emerge ">=net-p2p/gift-fasttrack-0.8.7"
+ + FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN are Open Source + implementations of IPsec for the Linux operating system. They are all + based on the discontinued FreeS/WAN project. +
++ All these IPsec implementations have several bugs in the + verify_x509cert() function, which performs certificate validation, that + make them vulnerable to malicious PKCS#7 wrapped objects. +
++ With a carefully crafted certificate payload an attacker can + successfully authenticate against FreeS/WAN, Openswan, strongSwan or + Super-FreeS/WAN, or make the daemon go into an endless loop. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All FreeS/WAN 1.9x users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv "=net-misc/freeswan-1.99-r1"
+ # emerge "=net-misc/freeswan-1.99-r1"
+ + All FreeS/WAN 2.x users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/freeswan-2.04-r1"
+ # emerge ">=net-misc/freeswan-2.04-r1"
+ + All Openswan 1.x users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv "=net-misc/openswan-1.0.6_rc1"
+ # emerge "=net-misc/openswan-1.0.6_rc1"
+ + All Openswan 2.x users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/openswan-2.1.4"
+ # emerge ">=net-misc/openswan-2.1.4"
+ + All strongSwan users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/strongswan-2.1.3"
+ # emerge ">=net-misc/strongswan-2.1.3"
+ + All Super-FreeS/WAN users should migrate to the latest stable version + of Openswan. Note that Portage will force a move for Super-FreeS/WAN + users to Openswan. +
+
+ # emerge sync
+
+ # emerge -pv "=net-misc/openswan-1.0.6_rc1"
+ # emerge "=net-misc/openswan-1.0.6_rc1"
+ + mit-krb5 is the free implementation of the Kerberos network authentication + protocol by the Massachusetts Institute of Technology. +
++ The library function krb5_aname_to_localname() contains multiple buffer + overflows. This is only exploitable if explicit mapping or rules-based + mapping is enabled. These are not enabled as default. +
++ With explicit mapping enabled, an attacker must authenticate using a + principal name listed in the explicit mapping list. +
++ With rules-based mapping enabled, an attacker must first be able to create + arbitrary principal names either in the local realm Kerberos realm or in a + remote realm from which the local realm's service are reachable by + cross-realm authentication. +
++ An attacker could use these vulnerabilities to execute arbitrary code with + the permissions of the user running mit-krb5, which could be the root user. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ mit-krb5 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-crypt/mit-krb5-1.3.3-r1"
+ # emerge ">=app-crypt/mit-krb5-1.3.3-r1"
+ + Pavuk is web spider and website mirroring tool. +
++ When Pavuk connects to a web server and the server sends back the HTTP + status code 305 (Use Proxy), Pavuk copies data from the HTTP Location + header in an unsafe manner. +
++ An attacker could cause a stack-based buffer overflow which could lead + to arbitrary code execution with the rights of the user running Pavuk. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All Pavuk users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/pavuk-0.9.28-r2"
+ # emerge ">="net-misc/pavuk-0.9.28-r2
+ + Esearch is a replacement for the Portage command "emerge search". It + uses an index to speed up searching of the Portage tree. +
++ The eupdatedb utility uses a temporary file (/tmp/esearchdb.py.tmp) to + indicate that the eupdatedb process is running. When run, eupdatedb + checks to see if this file exists, but it does not check to see if it + is a broken symlink. In the event that the file is a broken symlink, + the script will create the file pointed to by the symlink, instead of + printing an error and exiting. +
++ An attacker could create a symlink from /tmp/esearchdb.py.tmp to a + nonexistent file (such as /etc/nologin), and the file will be created + the next time esearchdb is run. +
++ There is no known workaround at this time. All users should upgrade to + the latest available version of esearch. +
++ All users should upgrade to the latest available version of esearch, as + follows: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-portage/esearch-0.6.2"
+ # emerge ">=app-portage/esearch-0.6.2"
+ + The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications + as well as providing the essential structure and capability to access + hardware that is needed for a running system. +
++ Multiple flaws have been discovered in the Linux kernel. This advisory + corrects the following issues: +
++ Arbitrary code with normal non-super-user privileges may be able to + exploit any of these vulnerabilities; gaining kernel level access to + memory structures and hardware devices. This may be used for further + exploitation of the system, to leak sensitive data or to cause a Denial + of Service on the affected kernel. +
++ Although users may not be affected by certain vulnerabilities, all + kernels are affected by the CAN-2004-0394, CAN-2004-0427 and + CAN-2004-0554 issues which have no workaround. As a result, all users + are urged to upgrade their kernels to patched versions. +
++ Users are encouraged to upgrade to the latest available sources for + their system: +
+
+ # emerge sync
+ # emerge -pv your-favorite-sources
+ # emerge your-favorite-sources
+
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.
+ + The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +
++ A bug in the protocol.c file handling header lines will cause Apache to + allocate memory for header lines starting with TAB or SPACE. +
++ An attacker can exploit this vulnerability to perform a Denial of Service + attack by causing Apache to exhaust all memory. On 64 bit systems with more + than 4GB of virtual memory a possible integer signedness error could lead + to a buffer based overflow causing Apache to crash and under some + circumstances execute arbitrary code as the user running Apache, usually + "apache". +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version: +
++ Apache 2 users should upgrade to the latest version of Apache: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/apache-2.0.49-r4"
+ # emerge ">=www-servers/apache-2.0.49-r4"
+ + Pure-FTPd is a fast, production-quality and standards-compliant FTP + server. +
++ Pure-FTPd contains a bug in the accept_client function handling the + setup of new connections. +
++ When the maximum number of connections is reached an attacker could + exploit this vulnerability to perform a Denial of Service attack. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All Pure-FTPd users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-ftp/pure-ftpd-1.0.18-r1"
+ # emerge ">=net-ftp/pure-ftpd-1.0.18-r1"
+ + The X Display Manager (XDM) is a program which provides a graphical login + prompt to users on the console or on remote X terminals. It has largely + been superseded by programs such as GDM and KDM. +
++ XDM will open TCP sockets for its chooser, even if the + DisplayManager.requestPort setting is set to 0. Remote clients can use this + port to connect to XDM and request a login window, thus allowing access to + the system. +
++ Authorized users may be able to login remotely to a machine running XDM, + even if this option is disabled in XDM's configuration. Please note that an + attacker must have a preexisting account on the machine in order to exploit + this vulnerability. +
++ There is no known workaround at this time. All users should upgrade to the + latest available version of X. +
++ If you are using XFree86, you should run the following: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-base/xfree-4.3.0-r6"
+ # emerge ">=x11-base/xfree-4.3.0-r6"
+ + If you are using X.org's X11 server, you should run the following: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-base/xorg-x11-6.7.0-r1"
+ # emerge ">=x11-base/xorg-x11-6.7.0-r1"
+ + libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several other programs, including web + browsers and potentially server processes. +
++ Due to a wrong calculation of loop offset values, libpng contains a buffer + overflow vulnerability on the row buffers. This vulnerability was initially + patched in January 2003 but since it has been discovered that libpng + contains the same vulnerability in two other places. +
++ An attacker could exploit this vulnerability to cause programs linked + against the library to crash or execute arbitrary code with the permissions + of the user running the vulnerable program, which could be the root user. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All libpng users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/libpng-1.2.5-r7"
+ # emerge ">=media-libs/libpng-1.2.5-r7"
+ + You should also run revdep-rebuild to rebuild any packages that depend on + older versions of libpng : +
+
+ # revdep-rebuild
+ + Shorewall is a high level tool for configuring Netfilter, the firewall + facility included in the Linux Kernel. +
++ Shorewall uses temporary files and directories in an insecure manner. A + local user could create symbolic links at specific locations, + eventually overwriting other files on the filesystem with the rights of + the shorewall process. +
++ An attacker could exploit this vulnerability to overwrite arbitrary + system files with root privileges, resulting in Denial of Service or + further exploitation. +
++ There is no known workaround at this time. All users should upgrade to + the latest available version of Shorewall. +
++ All users should upgrade to the latest available version of Shorewall, + as follows: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-firewall/shorewall-1.4.10f"
+ # emerge ">=net-firewall/shorewall-1.4.10f"
+ + Ethereal is a feature rich network protocol analyzer. +
++ There are multiple vulnerabilities in versions of Ethereal earlier than + 0.10.5, including: +
++ An attacker could use these vulnerabilities to crash Ethereal or even + execute arbitrary code with the permissions of the user running + Ethereal, which could be the root user. +
++ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. For SMB you can disable SID snooping in the SMB + protocol preference. However, it is strongly recommended to upgrade to + the latest stable version. +
++ All Ethereal users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-analyzer/ethereal-0.10.5"
+ # emerge ">=net-analyzer/ethereal-0.10.5"
+ + MoinMoin is a Python clone of WikiWiki, based on PikiPiki. +
++ MoinMoin contains a bug in the code handling administrative group ACLs. + A user created with the same name as an administrative group gains the + privileges of the administrative group. +
++ If an administrative group called AdminGroup existed an attacker could + create a user called AdminGroup and gain the privileges of the group + AdminGroup. This could lead to unauthorized users gaining + administrative access. +
++ For every administrative group with special privileges create a user + with the same name as the group. +
++ All users should upgrade to the latest available version of MoinMoin, + as follows: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/moinmoin-1.2.2"
+ # emerge ">=www-apps/moinmoin-1.2.2"
+ + rsync is a utility that provides fast incremental file transfers. It is + used to efficiently synchronize files between hosts and is used by emerge + to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens + to connections from rsync clients. +
++ When rsyncd is used without chroot ("use chroot = false" in the rsyncd.conf + file), the paths sent by the client are not checked thoroughly enough. If + rsyncd is used with read-write permissions ("read only = false"), this + vulnerability can be used to write files anywhere with the rights of the + rsyncd daemon. With default Gentoo installations, rsyncd runs in a chroot, + without write permissions and with the rights of the "nobody" user. +
++ On affected configurations and if the rsync daemon runs under a privileged + user, a remote client can exploit this vulnerability to completely + compromise the host. +
++ You should never set the rsync daemon to run with "use chroot = false". If + for some reason you have to run rsyncd without a chroot, then you should + not set "read only = false". +
++ All users should update to the latest version of the rsync package. +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/rsync-2.6.0-r2"
+ # emerge ">=net-misc/rsync-2.6.0-r2"
+ + The wv library allows access to MS Word files. It can parse Word files + and allow other applications, such as abiword, to import those files + into their native formats. +
++ A use of strcat without proper bounds checking leads to an exploitable + buffer overflow. The vulnerable code is executed when wv encounters an + unrecognized token, so a specially crafted file, loaded in wv, can + trigger the vulnerable code and execute it's own arbitrary code. This + exploit is only possible when the user loads the document into HTML + view mode. +
++ By inducing a user into running wv on a special file, an attacker can + execute arbitrary code with the permissions of the user running the + vulnerable program. +
++ Users should not view untrusted documents with wvHtml or applications + using wv. When loading an untrusted document in an application using + the wv library, make sure HTML view is disabled. +
++ All users should upgrade to the latest available version. +
+
+ # emerge sync
+
+ # emerge -pv ">=app-text/wv-1.0.0-r1"
+ # emerge ">=app-text/wv-1.0.0-r1"
+ + The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications as + well as providing the essential structure and capability to access hardware + that is needed for a running system. +
++ An attacker can utilize an erroneous data type in the IPTables TCP option + handling code, which lies in an iterator. By making a TCP packet with a + header length larger than 127 bytes, a negative integer would be implied in + the iterator. +
++ By sending one malformed packet, the kernel could get stuck in a loop, + consuming all of the CPU resources and rendering the machine useless, + causing a Denial of Service. This vulnerability requires no local access. +
++ If users do not use the netfilter functionality or do not use any + ``--tcp-option'' rules they are not vulnerable to this exploit. Users that + are may remove netfilter support from their kernel or may remove any + ``--tcp-option'' rules they might be using. However, all users are urged to + upgrade their kernels to patched versions. +
++ Users are encouraged to upgrade to the latest available sources for their + system: +
+
+ # emerge sync
+ # emerge -pv your-favorite-sources
+ # emerge your-favorite-sources
+
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the mod_php + module or the CGI version of PHP, or can run stand-alone in a CLI. +
++ Several security vulnerabilities were found and fixed in version 4.3.8 of + PHP. The strip_tags() function, used to sanitize user input, could in + certain cases allow tags containing \0 characters (CAN-2004-0595). When + memory_limit is used, PHP might unsafely interrupt other functions + (CAN-2004-0594). The ftok and itpc functions were missing safe_mode checks. + It was possible to bypass open_basedir restrictions using MySQL's LOAD DATA + LOCAL function. Furthermore, the IMAP extension was incorrectly allocating + memory and alloca() calls were replaced with emalloc() for better stack + protection. +
++ Successfully exploited, the memory_limit problem could allow remote + excution of arbitrary code. By exploiting the strip_tags vulnerability, it + is possible to pass HTML code that would be considered as valid tags by the + Microsoft Internet Explorer and Safari browsers. Using ftok, itpc or + MySQL's LOAD DATA LOCAL, it is possible to bypass PHP configuration + restrictions. +
++ There is no known workaround that would solve all these problems. All users + are encouraged to upgrade to the latest available versions. +
++ All PHP, mod_php and php-cgi users should upgrade to the latest stable + version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-php/php-4.3.8"
+ # emerge ">=dev-php/php-4.3.8"
+
+ # emerge -pv ">=dev-php/mod_php-4.3.8"
+ # emerge ">=dev-php/mod_php-4.3.8"
+
+ # emerge -pv ">=dev-php/php-cgi-4.3.8"
+ # emerge ">=dev-php/php-cgi-4.3.8"
+ + Unreal Tournament 2003 and 2004 are popular first-person-shooter games. + They are both based on the Unreal engine, and can be used in a game server + / client setup. +
++ The Unreal-based game servers support a specific type of query called + 'secure'. Part of the Gamespy protocol, this query is used to ask if the + game server is able to calculate an exact response using a provided string. + Luigi Auriemma found that sending a long 'secure' query triggers a buffer + overflow in the game server. +
++ By sending a malicious UDP-based 'secure' query, an attacker could execute + arbitrary code on the game server. +
++ Users can avoid this vulnerability by not using Unreal Tournament to host + games as a server. All users running a server should upgrade to the latest + versions. +
++ All Unreal Tournament users should upgrade to the latest available + versions: +
+
+ # emerge sync
+
+ # emerge -pv ">=games-fps/ut2003-2225-r3"
+ # emerge ">=games-fps/ut2003-2225-r3"
+
+ # emerge -pv ">=games-server/ut2003-ded-2225-r2"
+ # emerge ">=games-server/ut2003-ded-2225-r2"
+
+ # emerge -pv ">=games-fps/ut2004-3236"
+ # emerge ">=games-fps/ut2004-3236"
+
+ # emerge -pv ">=games-fps/ut2004-demo-3120-r4"
+ # emerge ">=games-fps/ut2004-demo-3120-r4"
+ + Opera is a multi-platform web browser. +
++ Opera fails to remove illegal characters from an URI of a link and to check + that the target frame of a link belongs to the same website as the link. + Opera also updates the address bar before loading a page. Additionally, + Opera contains a certificate verification problem. +
++ These vulnerabilities could allow an attacker to impersonate legitimate + websites to steal sensitive information from users. This could be done by + obfuscating the real URI of a link or by injecting a malicious frame into + an arbitrary frame of another browser window. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All Opera users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-client/opera-7.53"
+ # emerge ">=www-client/opera-7.53"
+ + The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications + as well as providing the essential structure and capability to access + hardware that is needed for a running system. +
++ The Linux kernel allows a local attacker to mount a remote file system + on a vulnerable Linux host and modify files' group IDs. On 2.4 series + kernels this vulnerability only affects shared NFS file systems. This + vulnerability has been assigned CAN-2004-0497 by the Common + Vulnerabilities and Exposures project. +
++ Also, a flaw in the handling of /proc attributes has been found in 2.6 + series kernels; allowing the unauthorized modification of /proc + entries, especially those which rely solely on file permissions for + security to vital kernel parameters. +
++ An issue specific to the VServer Linux sources has been found, by which + /proc related changes in one virtual context are applied to other + contexts as well, including the host system. +
++ CAN-2004-0447 resolves a local DoS vulnerability on IA64 platforms + which can cause unknown behaviour and CAN-2004-0565 resolves a floating + point information leak on IA64 platforms by which registers of other + processes can be read by a local user. +
++ Finally, CAN-2004-0496 addresses some more unknown vulnerabilities in + 2.6 series Linux kernels older than 2.6.7 which were found by the + Sparse source code checking tool. +
++ Bad Group IDs can possibly cause a Denial of Service on parts of a host + if the changed files normally require a special GID to properly + operate. By exploiting this vulnerability, users in the original file + group would also be blocked from accessing the changed files. +
++ The /proc attribute vulnerability allows local users with previously no + permissions to certain /proc entries to exploit the vulnerability and + then gain read, write and execute access to entries. +
++ These new privileges can be used to cause unknown behaviour ranging + from reduced system performance to a Denial of Service by manipulating + various kernel options which are usually reserved for the superuser. + This flaw might also be used for opening restrictions set through /proc + entries, allowing further attacks to take place through another + possibly unexpected attack vector. +
++ The VServer issue can also be used to induce similar unexpected + behaviour to other VServer contexts, including the host. By successful + exploitation, a Denial of Service for other contexts can be caused + allowing only root to read certain /proc entries. Such a change would + also be replicated to other contexts, forbidding normal users on those + contexts to read /proc entries which could contain details needed by + daemons running as a non-root user, for example. +
++ Additionally, this vulnerability allows an attacker to read information + from another context, possibly hosting a different server, gaining + critical information such as what processes are running. This may be + used for furthering the exploitation of either context. +
++ CAN-2004-0447 and CAN-2004-0496 permit various local unknown Denial of + Service vulnerabilities with unknown impacts - these vulnerabilities + can be used to possibly elevate privileges or access reserved kernel + memory which can be used for further exploitation of the system. +
++ CAN-2004-0565 allows FPU register values of other processes to be read + by a local user setting the MFH bit during a floating point operation - + since no check was in place to ensure that the FPH bit was owned by the + requesting process, but only an MFH bit check, an attacker can simply + set the MFH bit and access FPU registers of processes running as other + users, possibly those running as root. +
++ 2.4 users may not be affected by CAN-2004-0497 if they do not use + remote network filesystems and do not have support for any such + filesystems in their kernel configuration. All 2.6 users are affected + by the /proc attribute issue and the only known workaround is to + disable /proc support. The VServer flaw applies only to + vserver-sources, and no workaround is currently known for the issue. + There is no known fix to CAN-2004-0447, CAN-2004-0496 or CAN-2004-0565 + other than to upgrade the kernel to a patched version. +
++ As a result, all users affected by any of these vulnerabilities should + upgrade their kernels to ensure the integrity of their systems. +
++ Users are encouraged to upgrade to the latest available sources for + their system: +
+
+ # emerge sync
+ # emerge -pv your-favorite-sources
+ # emerge your-favorite-sources
+
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.
+ + l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol. +
++ Thomas Walpuski discovered a buffer overflow that may be exploitable by + sending a specially crafted packet. In order to exploit the vulnerable + code, an attacker would need to fake the establishment of an L2TP tunnel. +
++ A remote attacker may be able to execute arbitrary code with the privileges + of the user running l2tpd. +
++ There is no known workaround for this vulnerability. +
++ All users are recommended to upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-l2tpd-0.69-r2"
+ # emerge ">=net-l2tpd-0.69-r2"
+ + mod_ssl provides Secure Sockets Layer encryption and authentication to + Apache 1.3. +
++ A bug in ssl_engine_ext.c makes mod_ssl vulnerable to a ssl_log() related + format string vulnerability in the mod_proxy hook functions. +
++ Given the right server configuration, an attacker could execute code as the + user running Apache, usually "apache". +
++ A server should not be vulnerable if it is not using both mod_ssl and + mod_proxy. Otherwise there is no workaround other than to disable mod_ssl. +
++ All mod_ssl users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-www/mod_ssl-2.8.19"
+ # emerge ">=net-www/mod_ssl-2.8.19"
+ + Pavuk is web spider and website mirroring tool. +
++ Pavuk contains several buffer overflow vulnerabilities in the code + handling digest authentication. +
++ An attacker could cause a buffer overflow, leading to arbitrary code + execution with the rights of the user running Pavuk. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Pavuk. +
++ All Pavuk users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/pavuk-0.9.28-r3"
+ # emerge ">=net-misc/pavuk-0.9.28-r3"
+ + Subversion is an advanced version control system, similar to CVS, which + supports additional functionality such as the ability to move, copy and + delete files and directories. A Subversion server may be run as an + Apache module, a standalone server (svnserve), or on-demand over ssh (a + la CVS' ":ext:" protocol). The mod_authz_svn Apache module works with + Subversion in Apache to limit access to parts of Subversion + repositories based on policy set by the administrator. +
++ Users with write access to part of a Subversion repository may bypass + read restrictions on any part of that repository. This can be done + using an "svn copy" command to copy the portion of a repository the + user wishes to read into an area where they have write access. +
++ Since copies are versioned, any such copy attempts will be readily + apparent. +
++ This is a low-risk vulnerability. It affects only users of Subversion + who are running servers inside Apache and using mod_authz_svn. + Additionally, this vulnerability may be exploited only by users with + write access to some portion of a repository. +
++ Keep sensitive content separated into different Subversion + repositories, or disable the Apache Subversion server and use svnserve + instead. +
++ All Subversion users should upgrade to the latest available version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/subversion-1.0.6"
+ # emerve ">=dev-util/subversion-1.0.6"
+ + Samba is a package which allows *nix systems to act as file servers for + Windows computers. It also allows *nix systems to mount shares exported by + a Samba/CIFS/Windows server. The Samba Web Administration Tool (SWAT) is a + web-based configuration tool part of the Samba package. +
++ Evgeny Demidov found a buffer overflow in SWAT, located in the base64 data + decoder used to handle HTTP basic authentication (CAN-2004-0600). The same + flaw is present in the code used to handle the sambaMungedDial attribute + value, when using the ldapsam passdb backend. Another buffer overflow was + found in the code used to support the 'mangling method = hash' smb.conf + option (CAN-2004-0686). Note that the default Samba value for this option + is 'mangling method = hash2' which is not vulnerable. +
++ The SWAT authentication overflow could be exploited to execute arbitrary + code with the rights of the Samba daemon process. The overflow in the + sambaMungedDial handling code is not thought to be exploitable. The buffer + overflow in 'mangling method = hash' code could also be used to execute + arbitrary code on vulnerable configurations. +
++ Users disabling SWAT, not using ldapsam passdb backends and not using the + 'mangling method = hash' option are not vulnerable. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-fs/samba-3.0.5"
+ # emerge ">=net-fs/samba-3.0.5"
+ + phpMyAdmin is a popular, web-based MySQL administration tool written in + PHP. It allows users to administer a MySQL database from a web-browser. +
++ Two serious vulnerabilities exist in phpMyAdmin. The first allows any + user to alter the server configuration variables (including host, name, + and password) by appending new settings to the array variables that + hold the configuration in a GET statement. The second allows users to + include arbitrary PHP code to be executed within an eval() statement in + table name configuration settings. This second vulnerability is only + exploitable if $cfg['LeftFrameLight'] is set to FALSE. +
++ Authenticated users can alter configuration variables for their running + copy of phpMyAdmin. The impact of this should be minimal. However, the + second vulnerability would allow an authenticated user to execute + arbitrary PHP code with the permissions of the webserver, potentially + allowing a serious Denial of Service or further remote compromise. +
++ The second, more serious vulnerability is only exploitable if + $cfg['LeftFrameLight'] is set to FALSE. In the default Gentoo + installation, this is set to TRUE. There is no known workaround for the + first. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-db/phpmyadmin-2.5.7_p1"
+ # emerge ">=dev-db/phpmyadmin-2.5.7_p1"
+ + SoX is a command line utility that can convert various formats of + computer audio files in to other formats. +
++ Ulf Harnhammar discovered two buffer overflows in the sox and play + commands when handling WAV files with specially crafted header fields. +
++ By enticing a user to play or convert a specially crafted WAV file an + attacker could execute arbitrary code with the permissions of the user + running SoX. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of SoX. +
++ All SoX users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-sound/sox-12.17.4-r2"
+ # emerge ">=media-sound/sox-12.17.4-r2"
+ + MPlayer is a media player capable of handling multiple multimedia file + formats. +
++ The MPlayer GUI code contains several buffer overflow vulnerabilities, + and at least one in the TranslateFilename() function is exploitable. +
++ By enticing a user to play a file with a carefully crafted filename an + attacker could execute arbitrary code with the permissions of the user + running MPlayer. +
++ To work around this issue, users can compile MPlayer without GUI + support by disabling the gtk USE flag. All users are encouraged to + upgrade to the latest available version of MPlayer. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-video/mplayer-1.0_pre4-r7"
+ # emerge ">=media-video/mplayer-1.0_pre4-r7"
+ + Courier is an integrated mail and groupware server based on open protocols. + It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a + single framework. The webmail functionality included in Courier called + SqWebMail allows you to access mailboxes from a web browser. +
++ Luca Legato found that SqWebMail is vulnerable to a cross-site scripting + (XSS) attack. An XSS attack allows an attacker to insert malicious code + into a web-based application. SqWebMail doesn't filter appropriately data + coming from message headers before displaying them. +
++ By sending a carefully crafted message, an attacker can inject and execute + script code in the victim's browser window. This allows to modify the + behaviour of the SqWebMail application, and/or leak session information + such as cookies to the attacker. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Courier. +
++ All Courier users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=mail-mta/courier-0.45.6.20040618"
+ # emerge ">=mail-mta/courier-0.45.6.20040618"
+ + libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several other programs, including web + browsers and potentially server processes. +
++ libpng contains numerous vulnerabilities including null pointer dereference + errors and boundary errors in various functions. +
++ An attacker could exploit these vulnerabilities to cause programs linked + against the library to crash or execute arbitrary code with the permissions + of the user running the vulnerable program, which could be the root user. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All libpng users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/libpng-1.2.5-r8"
+ # emerge ">=media-libs/libpng-1.2.5-r8"
+ + You should also run revdep-rebuild to rebuild any packages that depend on + older versions of libpng : +
+
+ # revdep-rebuild
+ + PuTTY is a free implementation of Telnet and SSH for Win32 and Unix + platforms, along with an xterm terminal emulator. +
++ PuTTY contains a vulnerability allowing a malicious server to execute + arbitrary code on the connecting client before host key verification. +
++ When connecting to a server using the SSH2 protocol an attacker is able + to execute arbitrary code with the permissions of the user running + PuTTY by sending specially crafted packets to the client during the + authentication process but before host key verification. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of PuTTY. +
++ All PuTTY users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/putty-0.55"
+ # emerge ">=net-misc/putty-0.55"
+ + Opera is a multi-platform web browser. +
++ Multiple vulnerabilities have been found in the Opera web browser. + Opera fails to deny write access to the "location" browser object. An + attacker can overwrite methods in this object and gain script access to + any page that uses one of these methods. Furthermore, access to file:// + URLs is possible even from pages loaded using other protocols. Finally, + spoofing a legitimate web page is still possible, despite the fixes + announced in GLSA 200407-15. +
++ By enticing an user to visit specially crafted web pages, an attacker + can read files located on the victim's file system, read emails written + or received by M2, Opera's mail program, steal cookies, spoof URLs, + track user browsing history, etc. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +
++ All Opera users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-client/opera-7.54"
+ # emerge ">=www-client/opera-7.54"
+ + SpamAssassin is an extensible email filter which is used to identify + spam. +
++ SpamAssassin contains an unspecified Denial of Service vulnerability. +
++ By sending a specially crafted message an attacker could cause a Denial + of Service attack against the SpamAssassin service. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of SpamAssassin. +
++ All SpamAssassin users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=mail-filter/spamassassin-2.64"
+ # emerge ">=mail-filter/spamassassin-2.64"
+ + Horde-IMP is the Internet Messaging Program. It is written in PHP and + provides webmail access to IMAP and POP3 accounts. +
++ Horde-IMP fails to properly sanitize email messages that contain + malicious HTML or script code so that it is not safe for users of + Internet Explorer when using the inline MIME viewer for HTML messages. +
++ By enticing a user to read a specially crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +
++ Do not use Internet Explorer to access Horde-IMP. +
++ All Horde-IMP users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/horde-imp-3.2.5"
+ # emerge ">=www-apps/horde-imp-3.2.5"
+ + Cfengine is an agent/software robot and a high level policy language + for building expert systems to administrate and configure large + computer networks. +
++ Two vulnerabilities have been found in cfservd. One is a buffer + overflow in the AuthenticationDialogue function and the other is a + failure to check the proper return value of the ReceiveTransaction + function. +
++ An attacker could use the buffer overflow to execute arbitrary code + with the permissions of the user running cfservd, which is usually the + root user. However, before such an attack could be mounted, the + IP-based ACL would have to be bypassed. With the second vulnerability, + an attacker could cause a denial of service attack. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Cfengine. (It should be + noted that disabling cfservd will work around this particular problem. + However, in many cases, doing so will cripple your Cfengine setup. + Upgrading is strongly recommended.) +
++ All Cfengine users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/cfengine-2.1.8"
+ # emerge ">=net-misc/cfengine-2.1.8"
+ + Roundup is a simple to use issue-tracking system with command-line, + web, and e-mail interfaces. +
++ Improper handling of a specially crafted URL allows access to the + server's filesystem, which could contain sensitive information. +
++ An attacker could view files owned by the user running Roundup. This + will never be root however, as Roundup will not run as root. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Roundup. +
++ All Roundup users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/roundup-0.7.6"
+ # emerge ">=www-apps/roundup-0.7.6"
+ + gv is a PostScript and PDF viewer for X which provides a user interface for + the ghostscript interpreter. +
++ gv contains a buffer overflow vulnerability where an unsafe sscanf() call + is used to interpret PDF and PostScript files. +
++ By enticing a user to view a malformed PDF or PostScript file an attacker + could execute arbitrary code with the permissions of the user running gv. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of gv. +
++ All gv users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-text/gv-3.5.8-r4"
+ # emerge ">=app-text/gv-3.5.8-r4"
+ + Nessus is a free and powerful network security scanner. +
++ A race condition can occur in "nessus-adduser" if the user has not + configured their TMPDIR variable. +
++ A malicious user could exploit this bug to escalate privileges to the + rights of the user running "nessus-adduser". +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Nessus. +
++ All Nessus users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-analyzer/nessus-2.0.12"
+ # emerge ">=net-analyzer/nessus-2.0.12"
+ + Gaim is a multi-protocol instant messaging client for Linux which + supports many instant messaging protocols. +
++ Sebastian Krahmer of the SuSE Security Team has discovered a remotely + exploitable buffer overflow vulnerability in the code handling MSN + protocol parsing. +
++ By sending a carefully-crafted message, an attacker may execute + arbitrary code with the permissions of the user running Gaim. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Gaim. +
++ All Gaim users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-im/gaim-0.81-r1"
+ # emerge ">=net-im/gaim-0.81-r1"
+ + KDE is a powerful Free Software graphical desktop environment for Linux and + Unix-like Operating Systems. +
++ KDE contains three security issues: +
++ An attacker could exploit these vulnerabilities to create or overwrite + files with the permissions of another user, compromise the account of users + running a KDE application and insert arbitrary frames into an otherwise + trusted webpage. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of kdebase. +
++ All KDE users should upgrade to the latest versions of kdelibs and kdebase: +
+
+ # emerge sync
+
+ # emerge -pv ">=kde-base/kdebase-3.2.3-r1"
+ # emerge ">=kde-base/kdebase-3.2.3-r1"
+
+ # emerge -pv ">=kde-base/kdelibs-3.2.3-r1"
+ # emerge ">=kde-base/kdelibs-3.2.3-r1"
+ + acroread is Adobe's Acrobat PDF reader for Linux. +
++ acroread contains two errors in the handling of UUEncoded filenames. + First, it fails to check the length of a filename before copying it + into a fixed size buffer and, secondly, it fails to check for the + backtick shell metacharacter in the filename before executing a command + with a shell. +
++ By enticing a user to open a PDF with a specially crafted filename, an + attacker could execute arbitrary code or programs with the permissions + of the user running acroread. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of acroread. +
++ All acroread users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-text/acroread-5.09"
+ # emerge ">=app-text/acroread-5.09"
+ + Tomcat is the Apache Jakarta Project's official implementation of Java + Servlets and Java Server Pages. +
++ The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init + scripts as tomcat:tomcat, but those scripts are executed with root + privileges when the system is started. This may allow a member of the + tomcat group to run arbitrary code with root privileges when the Tomcat + init scripts are run. +
++ This could lead to a local privilege escalation or root compromise by + authenticated users. +
++ Users may change the ownership of /etc/init.d/tomcat* and + /etc/conf.d/tomcat* to be root:root: +
+
+ # chown -R root:root /etc/init.d/tomcat*
+ # chown -R root:root /etc/conf.d/tomcat*
+ + All Tomcat users can upgrade to the latest stable version, or simply + apply the workaround: +
+
+ # emerge sync
+ # emerge -pv ">=www-servers/tomcat-5.0.27-r3"
+ # emerge ">=www-servers/tomcat-5.0.27-r3"
+ + The GNU C library defines various Unix-like "system calls" and other + basic facilities needed for a standard POSIX-like application to + operate. +
++ Silvio Cesare discovered a potential information leak in glibc. It + allows LD_DEBUG on SUID binaries where it should not be allowed. This + has various security implications, which may be used to gain + confidentional information. +
++ An attacker can gain the list of symbols a SUID application uses and + their locations and can then use a trojaned library taking precendence + over those symbols to gain information or perform further exploitation. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of glibc. +
++ All glibc users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv your_version
+ # emerge your_version
+ + rsync is a utility that provides fast incremental file transfers. It is + used to efficiently synchronize files between hosts and is used by + emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, + which listens to connections from rsync clients. +
++ The paths sent by the rsync client are not checked thoroughly enough. + It does not affect the normal send/receive filenames that specify what + files should be transferred. It does affect certain option paths that + cause auxilliary files to be read or written. +
++ When rsyncd is used without chroot ("use chroot = false" in the + rsyncd.conf file), this vulnerability could allow the listing of + arbitrary files outside module's path and allow file overwriting + outside module's path on rsync server configurations that allows + uploading. Both possibilities are exposed only when chroot option is + disabled. +
++ You should never set the rsync daemon to run with "use chroot = false". +
++ All users should update to the latest version of the rsync package. +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/rsync-2.6.0-r3"
+ # emerge ">=net-misc/rsync-2.6.0-r3"
+ + xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +
++ xine-lib contains a bug where it is possible to overflow the vcd:// + input source identifier management buffer through carefully crafted + playlists. +
++ An attacker may construct a carefully-crafted playlist file which will + cause xine-lib to execute arbitrary code with the permissions of the + user. In order to conform with the generic naming standards of most + Unix-like systems, playlists can have extensions other than .asx (the + standard xine playlist format), and made to look like another file + (MP3, AVI, or MPEG for example). If an attacker crafts a playlist with + a valid header, they can insert a VCD playlist line that can cause a + buffer overflow and possible shellcode execution. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of xine-lib. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/xine-lib-1_rc5-r3"
+ # emerge ">=media-libs/xine-lib-1_rc5-r3"
+ + Courier-IMAP is an IMAP server which is part of the Courier mail + system. It provides access only to maildirs. +
++ There is a format string vulnerability in the auth_debug() function + which can be exploited remotely, potentially leading to arbitrary code + execution as the user running the IMAP daemon (oftentimes root). A + remote attacker may send username or password information containing + printf() format tokens (such as "%s"), which will crash the server or + cause it to execute arbitrary code. +
++ This vulnerability can only be exploited if DEBUG_LOGIN is set to + something other than 0 in the imapd config file. +
++ If DEBUG_LOGIN is enabled in the imapd configuration, a remote attacker + may execute arbitrary code as the root user. +
++ Set the DEBUG_LOGIN option in /etc/courier-imap/imapd to 0. (This is + the default value.) +
++ All courier-imap users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-mail/courier-imap-3.0.5"
+ # emerge ">=net-mail/courier-imap-3.0.5"
+ + Qt is a cross-platform GUI toolkit used by KDE. +
++ There are several unspecified bugs in the QImage class which may cause + crashes or allow execution of arbitrary code as the user running the Qt + application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image + types. +
++ An attacker may exploit these bugs by causing a user to open a + carefully-constructed image file in any one of these formats. This may + be accomplished through e-mail attachments (if the user uses KMail), or + by simply placing a malformed image on a website and then convicing the + user to load the site in a Qt-based browser (such as Konqueror). +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Qt. +
++ All Qt users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-libs/qt-3.3.3"
+ # emerge ">=x11-libs/qt-3.3.3"
+ + Cacti is a complete web-based front end to rrdtool. +
++ Cacti is vulnerable to a SQL injection attack where an attacker may + inject SQL into the Username field. +
++ An attacker could compromise the Cacti service and potentially execute + programs with the permissions of the user running Cacti. Only systems + with php_flag magic_quotes_gpc set to Off are vulnerable. By default, + Gentoo Linux installs PHP with this option set to On. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Cacti. +
++ All users should upgrade to the latest available version of Cacti, as + follows: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-analyzer/cacti-0.8.5a-r1"
+ # emerge ">=net-analyzer/cacti-0.8.5a-r1"
+ + Mozilla is a popular web browser that includes a mail and newsreader. + Galeon and Epiphany are both web browsers that use gecko, the Mozilla + rendering engine. Mozilla Firefox is the next-generation browser from + the Mozilla project that incorporates advanced features that are yet to + be incorporated into Mozilla. Mozilla Thunderbird is the + next-generation mail client from the Mozilla project. +
++ Mozilla, Galeon, Epiphany, Mozilla Firefox and Mozilla Thunderbird + contain the following vulnerabilities: +
++ Mozilla, Mozilla Firefox, and other gecko-based browsers also contain a + bug in their caching which may allow the SSL icon to remain visible, + even when the site in question is an insecure site. +
++ Users of Mozilla, Mozilla Firefox, and other gecko-based browsers are + susceptible to SSL certificate spoofing, a Denial of Service against + legitimate SSL sites, crashes, and arbitrary code execution. Users of + Mozilla Thunderbird are susceptible to crashes and arbitrary code + execution via malicious e-mails. +
++ There is no known workaround for most of these vulnerabilities. All + users are advised to upgrade to the latest available version. +
++ All users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv your-version
+ # emerge your-version
+ + KDE is a widely-used desktop environment based on the Qt toolkit. + kcookiejar in kdelibs is responsible for storing and managing HTTP cookies. + Konqueror uses kcookiejar for storing and managing cookies. +
++ kcookiejar contains a vulnerability which may allow a malicious website to + set cookies for other websites under the same second-level domain. +
++ This vulnerability applies to country-specific secondary top level domains + that use more than 2 characters in the secondary part of the domain name, + and that use a secondary part other than com, net, mil, org, gov, edu or + int. However, certain popular domains, such as co.uk, are not affected. +
++ Users visiting a malicious website using the Konqueror browser may have a + session cookie set for them by that site. Later, when the user visits + another website under the same domain, the attacker's session cookie will + be used instead of the cookie issued by the legitimate site. Depending on + the design of the legitimate site, this may allow an attacker to gain + access to the user's session. For further explanation on this type of + attack, see the paper titled "Session Fixation Vulnerability in + Web-based Applications" (reference 2). +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of kdelibs. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=kde-base/kdelibs-3.2.3-r2"
+ # emerge ">=kde-base/kdelibs-3.2.3-r2"
+ + The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications + as well as providing the essential structure and capability to access + hardware that is needed for a running system. +
++ The Linux kernel allows a local attacker to obtain sensitive kernel + information by gaining access to kernel memory via several leaks in the + /proc interfaces. These vulnerabilities exist in various drivers which + make up a working Linux kernel, some of which are present across all + architectures and configurations. +
++ CAN-2004-0415 deals with addressing invalid 32 to 64 bit conversions in + the kernel, as well as insecure direct access to file offset pointers + in kernel code which can be modified by the open(...), lseek(...) and + other core system I/O functions by an attacker. +
++ CAN-2004-0685 deals with certain USB drivers using uninitialized + structures and then using the copy_to_user(...) kernel call to copy + these structures. This may leak uninitialized kernel memory, which can + contain sensitive information from user applications. +
++ Finally, a race condition with the /proc/.../cmdline node was found, + allowing environment variables to be read while the process was still + spawning. If the race is won, environment variables of the process, + which might not be owned by the attacker, can be read. +
++ These vulnerabilities allow a local unprivileged attacker to access + segments of kernel memory or environment variables which may contain + sensitive information. Kernel memory may contain passwords, data + transferred between processes and any memory which applications did not + clear upon exiting as well as the kernel cache and kernel buffers. +
++ This information may be used to read sensitive data, open other attack + vectors for further exploitation or cause a Denial of Service if the + attacker can gain superuser access via the leaked information. +
++ There is no temporary workaround for any of these information leaks + other than totally disabling /proc support - otherwise, a kernel + upgrade is required. A list of unaffected kernels is provided along + with this announcement. +
++ Users are encouraged to upgrade to the latest available sources for + their system: +
+
+ # emerge sync
+ # emerge -pv your-favorite-sources
+ # emerge your-favorite-sources
+
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would normally.
+ + MoinMoin is a Python clone of WikiWiki, based on PikiPiki. +
++ MoinMoin contains two unspecified bugs, one allowing anonymous users + elevated access when not using ACLs, and the other in the ACL handling + in the PageEditor. +
++ Restrictions on anonymous users were not properly enforced. This could + lead to unauthorized users gaining administrative access to functions + such as "revert" and "delete". Sites are vulnerable whether or not they + are using ACLs. +
++ There is no known workaround. +
++ All users should upgrade to the latest available version of MoinMoin, + as follows: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/moinmoin-1.2.3"
+ # emerge ">=www-apps/moinmoin-1.2.3"
+ + zlib is a general-purpose data-compression library. +
++ zlib contains a bug in the handling of errors in the "inflate()" and + "inflateBack()" functions. +
++ An attacker could exploit this vulnerability to launch a Denial of + Service attack on any application using the zlib library. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of zlib. +
++ All zlib users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=sys-libs/zlib-1.2.1-r3"
+ # emerge ">=sys-libs/zlib-1.2.1-r3"
+ + You should also run revdep-rebuild to rebuild any packages that depend + on older versions of zlib : +
+
+ # revdep-rebuild
+ + Gaim is a multi-protocol instant messaging client for Linux which + supports many instant messaging protocols. +
++ Gaim fails to do proper bounds checking when: +
++ Furthermore Gaim fails to escape filenames when using drag and drop + installation of smiley themes. +
++ These vulnerabilities could allow an attacker to crash Gaim or execute + arbitrary code or commands with the permissions of the user running + Gaim. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Gaim. +
++ All gaim users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-im/gaim-0.81-r5"
+ # emerge ">=net-im/gaim-0.81-r5"
+ + vpopmail handles virtual mail domains for qmail and Postfix. +
++ vpopmail is vulnerable to several unspecified SQL injection exploits. + Furthermore when using Sybase as the backend database vpopmail is + vulnerable to a buffer overflow and format string exploit. +
++ These vulnerabilities could allow an attacker to execute code with the + permissions of the user running vpopmail. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of vpopmail. +
++ All vpopmail users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-mail/vpopmail-5.4.6"
+ # emerge ">=net-mail/vpopmail-5.4.6"
+ + MySQL is a popular open-source multi-threaded, multi-user SQL database + server. +
++ Jeroen van Wolffelaar discovered that the MySQL database hot copy utility + (mysqlhotcopy.sh), when using the scp method, uses temporary files with + predictable names. A malicious local user with write access to the /tmp + directory could create a symbolic link pointing to a file, which may then + be overwritten. In cases where mysqlhotcopy is run as root, a malicious + user could create a symlink to a critical file such as /etc/passwd and + cause it to be overwritten. +
++ A local attacker could use this vulnerability to destroy other users' data + or corrupt and destroy system files, possibly leading to a denial of + service condition. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-db/mysql-4.0.20-r1"
+ # emerge ">=dev-db/mysql-4.0.20-r1"
+ + Python is an interpreted, interactive, object-oriented, cross-platform + programming language. +
++ If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6 + DNS requests properly and a buffer overflow occurs. +
++ An attacker can execute arbitrary code as the user running python. +
++ Users with IPV6 enabled are not affected by this vulnerability. +
++ All Python 2.2 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-lang/python-2.2.2"
+ # emerge ">=dev-lang/python-2.2.2"
+ + Squid is a full-featured Web Proxy Cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +
++ Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() + and ntlm_get_string() which lack checking the int32_t offset "o" for + negative values. +
++ A remote attacker could cause a denial of service situation by sending + certain malformed NTLMSSP packets if NTLM authentication is enabled. +
++ Disable NTLM authentication by removing any "auth_param ntlm program + ..." directives from squid.conf or use ntlm_auth from Samba-3.x. +
++ All Squid users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-www/squid-2.5.6-r2"
+ # emerge ">=net-www/squid-2.5.6-r2"
+ + Gallery is a PHP script for maintaining online photo albums. +
++ The upload handling code in Gallery places uploaded files in a + temporary directory. After 30 seconds, these files are deleted if they + are not valid images. However, since the file exists for 30 seconds, a + carefully crafted script could be initiated by the remote attacker + during this 30 second timeout. Note that the temporary directory has to + be located inside the webroot and an attacker needs to have upload + rights either as an authenticated user or via "EVERYBODY". +
++ An attacker could run arbitrary code as the user running PHP. +
++ There are several workarounds to this vulnerability: +
++ All Gallery users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/gallery-1.4.4_p2"
+ # emerge ">=www-apps/gallery-1.4.4_p2"
+ + eGroupWare is a suite of web-based group applications including + calendar, address book, messenger and email. +
++ Joxean Koret recently discovered multiple cross site scripting + vulnerabilities in various modules for the eGroupWare suite. This + includes the calendar, address book, messenger and ticket modules. +
++ These vulnerabilities give an attacker the ability to inject and + execute malicious script code, potentially compromising the victim's + browser. +
++ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of eGroupWare. +
++ All eGroupWare users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/egroupware-1.0.00.004"
+ # emerge ">=www-apps/egroupware-1.0.00.004"
+ + xv is a multi-format image manipulation utility. +
++ Multiple buffer overflow and integer handling vulnerabilities have been + discovered in xv's image processing code. These vulnerabilities have been + found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files. +
++ An attacker might be able to embed malicious code into an image, which + would lead to the execution of arbitrary code under the privileges of the + user viewing the image. +
++ There is no known workaround at this time. +
++ All xv users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-gfx/xv-3.10a-r7"
+ # emerge ">=media-gfx/xv-3.10a-r7"
+ + Ruby is an Object Oriented, interpreted scripting language used for many + system scripting tasks. It can also be used for CGI web applications. +
++ The CGI::Session::FileStore implementation (and presumably + CGI::Session::PStore), which allow data associated with a particular + Session instance to be written to a file, writes to a file in /tmp with no + regard for secure permissions. As a result, the file is left with whatever + the default umask permissions are, which commonly would allow other local + users to read the data from that session file. +
++ Depending on the default umask, any data stored using these methods could + be read by other users on the system. +
++ By changing the default umask on the system to not permit read access to + other users (e.g. 0700), one can prevent these files from being readable by + other users. +
++ All Ruby users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-lang/ruby-your_version"
+ # emerge ">=dev-lang/ruby-your_version"
+ + MIT krb5 is the free implementation of the Kerberos network authentication + protocol by the Massachusetts Institute of Technology. +
++ The implementation of the Key Distribution Center (KDC) and the MIT krb5 + library contain double-free vulnerabilities, making client programs as well + as application servers vulnerable. +
++ The ASN.1 decoder library is vulnerable to a denial of service attack, + including the KDC. +
++ The double-free vulnerabilities could allow an attacker to execute + arbitrary code on a KDC host and hosts running krb524d or vulnerable + services. In the case of a KDC host, this can lead to a compromise of the + entire Kerberos realm. Furthermore, an attacker impersonating a legitimate + KDC or application server can potentially execute arbitrary code on + authenticating clients. +
++ An attacker can cause a denial of service for a KDC or application server + and clients, the latter if impersonating a legitimate KDC or application + server. +
++ There is no known workaround at this time. +
++ All mit-krb5 users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-crypt/mit-krb5-1.3.4"
+ # emerge ">=app-crypt/mit-krb5-1.3.4"
+ + multi-gnome-terminal is an enhanced terminal emulator that is derived from + gnome-terminal. +
++ multi-gnome-terminal contains debugging code that has been known to output + active keystrokes to a potentially unsafe location. Output has been seen to + show up in the '.xsession-errors' file in the users home directory. Since + this file is world-readable on many machines, this bug has the potential to + leak sensitive information to anyone using the system. +
++ Any authorized user on the local machine has the ability to read any + critical data that has been entered into the terminal, including passwords. +
++ There is no known workaround at this time. +
++ All multi-gnome-terminal users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-terms/multi-gnome-terminal-1.6.2-r1"
+ # emerge ">=x11-terms/multi-gnome-terminal-1.6.2-r1"
+ + star is an enhanced tape archiver, much like tar, that is recognized + for it's speed as well as it's enhanced mt/rmt support. +
++ A suid root vulnerability exists in versions of star that are + configured to use ssh for remote tape access. +
++ Attackers with local user level access could potentially gain root + level access. +
++ There is no known workaround at this time. +
++ All star users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-arch/star-1.5_alpha46"
+ # emerge ">=app-arch/star-1.5_alpha46"
+ + ImageMagick is a suite of image manipulation utilities and libraries used + for a wide variety of image formats. imlib is a general image loading and + rendering library. +
++ Due to improper bounds checking, ImageMagick and imlib are vulnerable to a + buffer overflow when decoding runlength-encoded bitmaps. This bug can be + exploited using a specially-crafted BMP image and could potentially allow + remote code execution when this image is decoded by the user. +
++ A specially-crafted runlength-encoded BMP could lead ImageMagick and imlib + to crash or potentially execute arbitrary code. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-gfx/imagemagick-6.0.7.1"
+ # emerge ">=media-gfx/imagemagick-6.0.7.1"
+ + All imlib users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/imlib-1.9.14-r2"
+ # emerge ">=media-libs/imlib-1.9.14-r2"
+ + All imlib2 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/imlib2-1.1.2"
+ # emerge ">=media-libs/imlib2-1.1.2"
+ + LHa is a console-based program for packing and unpacking LHarc archives. +
++ The command line argument as well as the archive parsing code of LHa lack + sufficient bounds checking. Furthermore, a shell meta character command + execution vulnerability exists in LHa, since it does no proper filtering on + directory names. +
++ Using a specially crafted command line argument or archive, an attacker can + cause a buffer overflow and could possibly run arbitrary code. The shell + meta character command execution could lead to the execution of arbitrary + commands by an attacker using directories containing shell meta characters + in their names. +
++ There is no known workaround at this time. +
++ All LHa users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-arch/lha-114i-r4"
+ # emerge ">=app-arch/lha-114i-r4"
+ + Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +
++ Due to a bug in the printer_notify_info() function, authorized users + could potentially crash their smbd process by sending improperly + handled print change notification requests in an invalid order. Windows + XP SP2 clients can trigger this behavior by sending a + FindNextPrintChangeNotify() request before previously sending a + FindFirstPrintChangeNotify() request. +
++ We incorrectly thought that this bug could be exploited to deny service + to all Samba users. It is not the case, this bug has no security impact + whatsoever. Many thanks to Jerry Carter from the Samba team for + correcting our mistake. +
++ There is no need for a workaround. +
++ Samba users can keep their current versions. +
++ Webmin and Usermin are web-based system administration consoles. Webmin + allows an administrator to easily configure servers and other features. + Usermin allows users to configure their own accounts, execute commands, + and read e-mail. The Usermin functionality, including webmail, is also + included in Webmin. +
++ There is an input validation bug in the webmail feature of Usermin. +
++ Additionally, the Webmin and Usermin installation scripts write to + /tmp/.webmin without properly checking if it exists first. +
++ The first vulnerability allows a remote attacker to inject arbitrary + shell code in a specially-crafted e-mail. This could lead to remote + code execution with the privileges of the user running Webmin or + Usermin. +
++ The second could allow local users who know Webmin or Usermin is going + to be installed to have arbitrary files be overwritten by creating a + symlink by the name /tmp/.webmin that points to some target file, e.g. + /etc/passwd. +
++ There is no known workaround at this time. +
++ All Usermin users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/usermin-1.090"
+ # emerge ">=app-admin/usermin-1.090"
+ + All Webmin users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/webmin-1.160"
+ # emerge ">=app-admin/webmin-1.160"
+ + Samba is a freely available SMB/CIFS implementation which allows seamless + interoperability of file and print services to other SMB/CIFS clients. smbd + and nmbd are two daemons used by the Samba server. +
++ There is a defect in smbd's ASN.1 parsing. A bad packet received during the + authentication request could throw newly-spawned smbd processes into an + infinite loop (CAN-2004-0807). Another defect was found in nmbd's + processing of mailslot packets, where a bad NetBIOS request could crash the + nmbd process (CAN-2004-0808). +
++ A remote attacker could send specially crafted packets to trigger both + defects. The ASN.1 parsing issue can be exploited to exhaust all available + memory on the Samba host, potentially denying all service to that server. + The nmbd issue can be exploited to crash the nmbd process, resulting in a + Denial of Service condition on the Samba server. +
++ There is no known workaround at this time. +
++ All Samba 3.x users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-fs/samba-3.0.7"
+ # emerge ">=net-fs/samba-3.0.7"
+ + SUS is a utility that allows regular users to be able to execute + certain commands as root. +
++ Leon Juranic found a bug in the logging functionality of SUS that can + lead to local privilege escalation. A format string vulnerability + exists in the log() function due to an incorrect call to the syslog() + function. +
++ An attacker with local user privileges can potentially exploit this + vulnerability to gain root access. +
++ There is no known workaround at this time. +
++ All SUS users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-admin/sus-2.0.2-r1"
+ # emerge ">=app-admin/sus-2.0.2-r1"
+ + The cdrtools package is a set of tools for CD recording, including the + popular cdrecord command-line utility. +
++ Max Vozeler discovered that the cdrecord utility, when set to SUID root, + fails to drop root privileges before executing a user-supplied RSH program. + By default, Gentoo does not ship the cdrecord utility as SUID root and + therefore is not vulnerable. However, many users (and CD-burning + front-ends) set this manually after installation. +
++ A local attacker could specify a malicious program using the $RSH + environment variable and have it executed by the SUID cdrecord, resulting + in root privileges escalation. +
++ As a workaround, you could remove the SUID rights from your cdrecord + utility : +
+
+ # chmod a-s /usr/bin/cdrecord
+ + All cdrtools users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-cdr/cdrtools-2.01_alpha37-r1"
+ # emerge ">=app-cdr/cdrtools-2.01_alpha37-r1"
+ + Heimdal is an implementation of Kerberos 5. +
++ Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply + to Heimdal ftpd's out-of-band signal handling code. +
++ Additionally, a potential vulnerability that could lead to Denial of + Service by the Key Distribution Center (KDC) has been fixed in this + version. +
++ A remote attacker could be able to run arbitrary code with escalated + privileges, which can result in a total compromise of the server. +
++ There is no known workaround at this time. +
++ All Heimdal users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-crypt/heimdal-0.6.3"
+ # emerge ">=app-crypt/heimdal-0.6.3"
+ + mpg123 is a MPEG Audio Player. +
++ mpg123 contains a buffer overflow in the code that handles layer2 + decoding of media files. +
++ An attacker can possibly exploit this bug with a specially-crafted mp3 or mp2 file + to execute arbitrary code with the permissions of the user running mpg123. +
++ There is no known workaround at this time. +
++ All mpg123 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-sound/mpg123-0.59s-r4"
+ # emerge ">=media-sound/mpg123-0.59s-r4"
+ + The Apache HTTP server is one of most popular web servers on the internet. + mod_ssl provides SSL v2/v3 and TLS v1 support for it and mod_dav is the + Apache module for Distributed Authoring and Versioning (DAV). +
++ A potential infinite loop has been found in the input filter of mod_ssl + (CAN-2004-0748) as well as a possible segmentation fault in the + char_buffer_read function if reverse proxying to a SSL server is being used + (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or + mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can + be triggered remotely (CAN-2004-0809). The third issue is an input + validation error found in the IPv6 URI parsing routines within the apr-util + library (CAN-2004-0786). Additionally a possible buffer overflow has been + reported when expanding environment variables during the parsing of + configuration files (CAN-2004-0747). +
++ A remote attacker could cause a Denial of Service either by aborting a SSL + connection in a special way, resulting in CPU consumption, by exploiting + the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker + could also crash a httpd child process by sending a specially crafted URI. + The last vulnerabilty could be used by a local user to gain the privileges + of a httpd child, if the server parses a carefully prepared .htaccess file. +
++ There is no known workaround at this time. +
++ All Apache 2 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/apache-2.0.51"
+ # emerge ">=www-servers/apache-2.0.51"
+ + All mod_dav users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-www/mod_dav-1.0.3-r2"
+ # emerge ">=net-www/mod_dav-1.0.3-r2"
+ + phpGroupWare is a web-based suite of group applications including + calendar, todo-list, addressbook, email, wiki, news headlines, and a + file manager. +
++ Due to an input validation error, the wiki module in the phpGroupWare + suite is vulnerable to cross site scripting attacks. +
++ This vulnerability gives an attacker the ability to inject and execute + malicious script code, potentially compromising the victim's browser. +
++ The is no known workaround at this time. +
++ All phpGroupWare users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-apps/phpgroupware-0.9.16.003"
+ # emerge ">=www-apps/phpgroupware-0.9.16.003"
+ + SnipSnap is a user friendly content management system with features + such as wiki and weblog. +
++ SnipSnap contains various HTTP response splitting vulnerabilities that + could potentially compromise the sites data. Some of these attacks + include web cache poisoning, cross-user defacement, hijacking pages + with sensitive user information, and cross-site scripting. This + vulnerability is due to the lack of illegal input checking in the + software. +
++ A malicious user could inject and execute arbitrary script code, + potentially compromising the victim's data or browser. +
++ There is no known workaround at this time. +
++ All SnipSnap users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-java/snipsnap-bin-1.0_beta1"
+ # emerge ">=dev-java/snipsnap-bin-1.0beta1"
+ + Foomatic is a system for connecting printer drivers with spooler systems + such as CUPS and LPD. The foomatic-filters package contains wrapper scripts + which are designed to be used with Foomatic. +
++ There is a vulnerability in the foomatic-filters package. This + vulnerability is due to insufficient checking of command-line parameters + and environment variables in the foomatic-rip filter. +
++ This vulnerability may allow both local and remote attackers to execute + arbitrary commands on the print server with the permissions of the spooler + (oftentimes the "lp" user). +
++ There is no known workaround at this time. +
++ All foomatic users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-print/foomatic-3.0.2"
+ # emerge ">=net-print/foomatic-3.0.2"
+ + PLEASE NOTE: You should update foomatic, instead of foomatic-filters. This + will help to ensure that all other foomatic components remain functional. +
++ The Common UNIX Printing System (CUPS) is a cross-platform print spooler. +
++ Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing + Protocol (IPP) implementation that allows remote attackers to cause CUPS to + stop listening on the IPP port. +
++ A remote user with malicious intent can easily cause a denial of service to + the CUPS daemon by sending a specially-crafted UDP datagram packet to the + IPP port. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-print/cups-1.1.20-r2"
+ # emerge ">=net-print/cups-1.1.20-r2"
+ + Mozilla is a popular web browser that includes a mail and newsreader. + Epiphany is a web browser that uses Gecko, the Mozilla rendering + engine. Mozilla Firefox and Mozilla Thunderbird are respectively the + next-generation browser and mail client from the Mozilla project. +
++ Mozilla-based products are vulnerable to multiple security issues. + Firstly routines handling the display of BMP images and VCards contain + an integer overflow and a stack buffer overrun. Specific pages with + long links, when sent using the "Send Page" function, and links with + non-ASCII hostnames could both cause heap buffer overruns. +
++ Several issues were found and fixed in JavaScript rights handling: + untrusted script code could read and write to the clipboard, signed + scripts could build confusing grant privileges dialog boxes, and when + dragged onto trusted frames or windows, JavaScript links could access + information and rights of the target frame or window. Finally, + Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are + vulnerable to a heap overflow caused by invalid POP3 mail server + responses. +
++ An attacker might be able to run arbitrary code with the rights of the + user running the software by enticing the user to perform one of the + following actions: view a specially-crafted BMP image or VCard, use the + "Send Page" function on a malicious page, follow links with malicious + hostnames, drag multiple JavaScript links in a row to another window, + or connect to an untrusted POP3 mail server. An attacker could also use + a malicious page with JavaScript to disclose clipboard contents or + abuse previously-given privileges to request XPI installation + privileges through a confusing dialog. +
++ There is no known workaround covering all vulnerabilities. +
++ All users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv your-version
+ # emerge your-version
+ + glFTPd is a highly configurable FTP server with many features. +
++ The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' + program. This vulnerability is due to an unsafe strcpy() call which can + cause the program to crash when a large argument is passed. +
++ A local user with malicious intent can pass a parameter to the dupescan + program that exceeds the size of the buffer, causing it to overflow. This + can lead the program to crash, and potentially allow arbitrary code + execution with the permissions of the user running glFTPd, which could be + the root user. +
++ There is no known workaround at this time. +
++ All glFTPd users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-ftp/glftpd-1.32-r1"
+ # emerge ">=net-ftp/glftpd-1.32-r1"
+ + GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user interfaces. + The GdkPixbuf library provides facilities for image handling. It is + available as a standalone library as well as shipped with GTK+ 2. +
++ A vulnerability has been discovered in the BMP image preprocessor + (CAN-2004-0753). Furthermore, Chris Evans found a possible integer overflow + in the pixbuf_create_from_xpm() function, resulting in a heap overflow + (CAN-2004-0782). He also found a potential stack-based buffer overflow in + the xpm_extract_color() function (CAN-2004-0783). A possible integer + overflow has also been found in the ICO decoder. +
++ With a specially crafted BMP image an attacker could cause an affected + application to enter an infinite loop when that image is being processed. + Also, by making use of specially crafted XPM or ICO images an attacker + could trigger the overflows, which potentially allows the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All GTK+ 2 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-libs/gtk+-2.4.9-r1"
+ # emerge ">=x11-libs/gtk+-2.4.9-r1"
+ + All GdkPixbuf users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/gdk-pixbuf-0.22.0-r3"
+ # emerge ">=media-libs/gdk-pixbuf-0.22.0-r3"
+ + FreeRADIUS is an open source RADIUS authentication server + implementation. +
++ There are undisclosed defects in the way FreeRADIUS handles incorrect + received packets. +
++ A remote attacker could send specially-crafted packets to the + FreeRADIUS server to deny service to other users by crashing the + server. +
++ There is no known workaround at this time. +
++ All FreeRADIUS users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-dialup/freeradius-1.0.1"
+ # emerge ">=net-dialup/freeradius-1.0.1"
+ + xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +
++ xine-lib contains two stack-based overflows and one heap-based + overflow. In the code reading VCD disc labels, the ISO disc label is + copied into an unprotected stack buffer of fixed size. Also, there is a + buffer overflow in the code that parses subtitles and prepares them for + display (XSA-2004-4). Finally, xine-lib contains a heap-based overflow + in the DVD sub-picture decoder (XSA-2004-5). +
++ (Please note that the VCD MRL issue mentioned in XSA-2004-4 was fixed + with GLSA 200408-18.) +
++ With carefully-crafted VCDs, DVDs, MPEGs or subtitles, an attacker may + cause xine-lib to execute arbitrary code with the permissions of the + user. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/xine-lib-1_rc6"
+ # emerge ">=media-libs/xine-lib-1_rc6"
+ + Jabber is a set of streaming XML protocols enabling message, presence, + and other structured information exchange between two hosts. jabberd is + the original implementation of the Jabber protocol server. +
++ Jose Antonio Calvo found a defect in routines handling XML parsing of + incoming data. jabberd 1.x may crash upon reception of invalid data on + any socket connection on which XML is parsed. +
++ A remote attacker may send a specific sequence of bytes to an open + socket to crash the jabberd server, resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All jabberd users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-im/jabberd-1.4.3-r4"
+ # emerge ">=net-im/jabberd-1.4.3-r4"
+ + getmail is a reliable fetchmail replacement that supports Maildir, + Mboxrd and external MDA delivery. +
++ David Watson discovered a vulnerability in getmail when it is + configured to run as root and deliver mail to the maildirs/mbox files + of untrusted local users. A malicious local user can then exploit a + race condition, or a similar symlink attack, and potentially cause + getmail to create or overwrite files in any directory on the system. +
++ An untrusted local user could potentially create or overwrite files in + any directory on the system. This vulnerability may also be exploited + to have arbitrary commands executed as root. +
++ Do not run getmail as a privileged user; or, in version 4, use an + external MDA with explicitly configured user and group privileges. +
++ All getmail users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-mail/getmail-4.2.0"
+ # emerge ">=net-mail/getmail-4.2.0"
+ + The Apache HTTP server is one of most popular web servers on the Internet. +
++ A bug in the way Apache handles the Satisfy directive, which is used to + require that certain conditions (client host, client authentication, etc) + be met before access to a certain directory is granted, could allow the + exposure of protected directories to unauthorized clients. +
++ Directories containing protected data could be exposed to all visitors to + the webserver. +
++ There is no known workaround at this time. +
++ All Apache users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/apache-2.0.51-r1"
+ # emerge ">=www-servers/apache-2.0.51-r1"
+ + XFree86 and X.org are both implementations of the X Window System. +
++ Chris Evans has discovered multiple integer and stack overflow + vulnerabilities in the X Pixmap library, libXpm, which is a part of the + X Window System. These overflows can be exploited by the execution of a + malicious XPM file, which can crash applications that are dependent on + libXpm. +
++ A carefully-crafted XPM file could crash applications that are linked + against libXpm, potentially allowing the execution of arbitrary code + with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All X.org users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-base/xorg-x11-6.7.0-r2"
+ # emerge ">=x11-base/xorg-x11-6.7.0-r2"
+ + All XFree86 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-base/xfree-4.3.0-r7"
+ # emerge ">=x11-base/xfree-4.3.0-r7"
+ + Note: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS, + PPC and SPARC architectures: XFree86 users on those architectures + should switch to X.org rather than upgrading XFree86. +
++ Subversion is a versioning system designed to be a replacement for CVS. + mod_authz_svn is an Apache module to do path-based authentication for + Subversion repositories. +
++ There is a bug in mod_authz_svn that causes it to reveal logged metadata + regarding commits to protected areas. +
++ Protected files themselves will not be revealed, but an attacker could use + the metadata to reveal the existence of protected areas, such as paths, + file versions, and the commit logs from those areas. +
++ Rather than using mod_authz_svn, move protected areas into seperate + repositories and use native Apache authentication to make these + repositories unreadable. +
++ All Subversion users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-util/subversion-1.0.8"
+ # emerge ">=dev-util/subversion-1.0.8"
+ + sharutils contains utilities to manage shell archives. +
++ sharutils contains two buffer overflows. Ulf Harnhammar discovered a + buffer overflow in shar.c, where the length of data returned by the wc + command is not checked. Florian Schilhabel discovered another buffer + overflow in unshar.c. +
++ An attacker could exploit these vulnerabilities to execute arbitrary + code as the user running one of the sharutils programs. +
++ There is no known workaround at this time. +
++ All sharutils users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-arch/sharutils-4.2.1-r10"
+ # emerge ">=app-arch/sharutils-4.2.1-r10"
+ + Netpbm is a toolkit containing more than 200 separate utilities for + manipulation and conversion of graphic images. +
++ Utilities contained in the Netpbm package prior to the 9.25 version contain + defects in temporary file handling. They create temporary files with + predictable names without checking first that the target file doesn't + already exist. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When a + user or a tool calls one of the affected utilities, this would result in + file overwriting with the rights of the user running the utility. +
++ There is no known workaround at this time. +
++ All Netpbm users should upgrade to an unaffected version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/netpbm-10.0"
+ # emerge ">=media-libs/netpbm-10.0"
+ + NetKit-telnetd is a standard Linux telnet client and server from the NetKit + utilities. +
++ A possible buffer overflow exists in the parsing of option strings by the + telnet daemon, where proper bounds checking is not applied when writing to + a buffer. Additionaly, another possible buffer overflow has been found by + Josh Martin in the handling of the environment variable HOME. +
++ A remote attacker sending a specially-crafted options string to the telnet + daemon could be able to run arbitrary code with the privileges of the user + running the telnet daemon, usually root. Furthermore, an attacker could + make use of an overlong HOME variable to cause a buffer overflow in the + telnet client, potentially leading to the local execution of arbitrary + code. +
++ There is no known workaround at this time. +
++ All NetKit-telnetd users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-misc/netkit-telnetd-0.17-r4"
+ # emerge ">=net-misc/netkit-telnetd-0.17-r4"
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the mod_php + module or the CGI version of PHP, or can run stand-alone in a CLI. +
++ Stefano Di Paola discovered two bugs in PHP. The first is a parse error in + php_variables.c that could allow a remote attacker to view the contents of + the target machine's memory. Additionally, an array processing error in the + SAPI_POST_HANDLER_FUNC() function inside rfc1867.c could lead to the + $_FILES array being overwritten. +
++ A remote attacker could exploit the first vulnerability to view memory + contents. On a server with a script that provides file uploads, an attacker + could exploit the second vulnerability to upload files to an arbitrary + location. On systems where the HTTP server is allowed to write in a + HTTP-accessible location, this could lead to remote execution of arbitrary + commands with the rights of the HTTP server. +
++ There is no known workaround at this time. +
++ All PHP, mod_php and php-cgi users should upgrade to the latest stable + version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-php/php-4.3.9"
+ # emerge ">=dev-php/php-4.3.9"
+
+ # emerge -pv ">=dev-php/mod_php-4.3.9"
+ # emerge ">=dev-php/mod_php-4.3.9"
+
+ # emerge -pv ">=dev-php/php-cgi-4.3.9"
+ # emerge ">=dev-php/php-cgi-4.3.9"
+ + Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +
++ Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. + Additionally, under certain conditions it is possible for a local user + to exploit a vulnerability in the way the SASL_PATH environment + variable is honored (CAN-2004-0884). +
++ An attacker might be able to execute arbitrary code with the Effective + ID of the application calling the Cyrus-SASL libraries. +
++ There is no known workaround at this time. +
++ All Cyrus-SASL users should upgrade to the latest stable version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-libs/cyrus-sasl-2.1.18-r2"
+ # emerge ">=dev-libs/cyrus-sasl-2.1.18-r2"
+ + The Common UNIX Printing System (CUPS) is a cross-platform print spooler. +
++ When printing to a SMB-shared printer requiring authentication, CUPS leaks + the user name and password to a logfile. +
++ A local user could gain knowledge of sensitive authentication data. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-print/cups-1.1.20-r3"
+ # emerge ">=net-print/cups-1.1.20-r3"
+ + ed is a line-oriented text editor, used to create or modify text files, + both interactively and via shell scripts. +
++ ed insecurely creates temporary files in world-writeable directories with + predictable names. Given that ed is used in various system shell scripts, + they are by extension affected by the same vulnerability. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When ed is + called, this would result in file access with the rights of the user + running the utility, which could be the root user. +
++ There is no known workaround at this time. +
++ All ed users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=sys-apps/ed-0.2-r4"
+ # emerge ">=sys-apps/ed-0.2-r4"
+ + ncompress is a utility handling compression and decompression of + Lempel-Ziv archives, compatible with the original *nix compress and + uncompress utilities (.Z extensions). +
++ compress and uncompress do not properly check bounds on command line + options, including the filename. Large parameters would trigger a + buffer overflow. +
++ By supplying a carefully crafted filename or other option, an attacker + could execute arbitrary code on the system. A local attacker could only + execute code with his own rights, but since compress and uncompress are + called by various daemon programs, this might also allow a remote + attacker to execute code with the rights of the daemon making use of + ncompress. +
++ There is no known workaround at this time. +
++ All ncompress users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-arch/ncompress-4.2.4-r1"
+ # emerge ">=app-arch/ncompress-4.2.4-r1"
+ + LessTif is a clone of OSF/Motif, which is the standard user interface + toolkit available on Unix and Linux. +
++ Chris Evans has discovered various integer and stack overflows in libXpm, + which is shipped as a part of the X Window System. LessTif, an application + that includes this library, is susceptible to the same issues. +
++ A carefully-crafted XPM file could crash applications that are linked + against libXpm, such as LessTif, potentially allowing the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All LessTif users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=x11-libs/lesstif-0.93.97"
+ # emerge ">=x11-libs/lesstif-0.93.97"
+ + gettext is a set of utilities for the GNU Translation Project which + provides a set of tools and documentation to help produce multi-lingual + messages in programs. +
++ gettext insecurely creates temporary files in world-writeable + directories with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + gettext is called, this would result in file access with the rights of + the user running the utility, which could be the root user. +
++ There is no known workaround at this time. +
++ All gettext users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.14.1-r1"
+ + The tiff library contains encoding and decoding routines for the Tag Image + File Format. It is called by numerous programs, including GNOME and KDE, to + help in displaying TIFF images. xv is a multi-format image manipulation + utility that is statically linked to the tiff library. +
++ Chris Evans found heap-based overflows in RLE decoding routines in + tif_next.c, tif_thunder.c and potentially tif_luv.c. +
++ A remote attacker could entice a user to view a carefully crafted TIFF + image file, which would potentially lead to execution of arbitrary code + with the rights of the user viewing the image. This affects any program + that makes use of the tiff library, including GNOME and KDE web browsers or + mail readers. +
++ There is no known workaround at this time. +
++ All tiff library users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-libs/tiff-3.6.1-r2"
+ # emerge ">=media-libs/tiff-3.6.1-r2"
+ + xv makes use of the tiff library and needs to be recompiled to receive the + new patched version of the library. All xv users should also upgrade to the + latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=media-gfx/xv-3.10a-r8"
+ # emerge ">=media-gfx/xv-3.10a-r8"
+ + WordPress is a PHP and MySQL based content management and publishing + system. +
++ Due to the lack of input validation in the administration panel + scripts, WordPress is vulnerable to HTTP response splitting and + cross-site scripting attacks. +
++ A malicious user could inject arbitrary response data, leading to + content spoofing, web cache poisoning and other cross-site scripting or + HTTP response splitting attacks. This could result in compromising the + victim's data or browser. +
++ There is no known workaround at this time. +
++ All WordPress users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.2.2"
+ + BNC is an IRC proxying server +
++ A flaw exists in the input parsing of BNC where part of the + sbuf_getmsg() function handles the backspace character incorrectly. +
++ A remote user could issue commands using fake authentication + credentials and possibly gain access to scripts running on the client + side. +
++ There is no known workaround at this time. +
++ All BNC users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-irc/bnc-2.8.9"
+ # emerge ">=net-irc/bnc-2.8.9"
+ + phpMyAdmin is a popular web-based MySQL administration tool written in + PHP. It allows users to browse and administer a MySQL database from a + web-browser. Transformations are a phpMyAdmin feature allowing plug-ins + to rewrite the contents of any column seen in phpMyAdmin's Browsing + mode, including using insertion of PHP or JavaScript code. +
++ A defect was found in phpMyAdmin's MIME-based transformation system, + when used with "external" transformations. +
++ A remote attacker could exploit this vulnerability to execute arbitrary + commands on the server with the rights of the HTTP server user. +
++ Enabling PHP safe mode ("safe_mode = On" in php.ini) may serve as a + temporary workaround. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-db/phpmyadmin-2.6.0_p2"
+ # emerge ">=dev-db/phpmyadmin-2.6.0_p2"
+ + Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +
++ A parsing error exists in the SNMP module of Squid where a + specially-crafted UDP packet can potentially cause the server to + restart, closing all current connections. This vulnerability only + exists in versions of Squid compiled with the 'snmp' USE flag. +
++ An attacker can repeatedly send these malicious UDP packets to the + Squid server, leading to a denial of service. +
++ Disable SNMP support or filter the port that has SNMP processing + (default is 3401) to allow only SNMP data from trusted hosts. +
++ To disable SNMP support put the entry snmp_port 0 in the squid.conf + configuration file. +
++ To allow only the local interface to process SNMP, add the entry + "snmp_incoming_address 127.0.0.1" in the squid.conf configuration file. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-proxy/squid-2.5.7"
+ # emerge ">=net-proxy/squid-2.5.7"
+ + PostgreSQL is an open source database based on the POSTGRES database + management system. It includes several contributed scripts including + the make_oidjoins_check script. +
++ The make_oidjoins_check script insecurely creates temporary files in + world-writeable directories with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + make_oidjoins_check is called, this would result in file overwrite with + the rights of the user running the utility, which could be the root + user. +
++ There is no known workaround at this time. +
++ All PostgreSQL users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-db/postgresql-7.4.5-r2"
+ # emerge ">=dev-db/postgresql-7.4.5-r2"
+ + Upgrade notes: PostgreSQL 7.3.x users should upgrade to the latest + available 7.3.x version to retain database compatibility. +
++ OpenOffice.org is an office productivity suite, including word processing, + spreadsheets, presentations, drawings, data charting, formula editing, and + file conversion facilities. +
++ On start-up, OpenOffice.org 1.1.2 creates a temporary directory with + insecure permissions. When a document is saved, a compressed copy of it can + be found in that directory. +
++ A malicious local user could obtain the temporary files and thus read + documents belonging to other users. +
++ There is no known workaround at this time. +
++ All affected OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-1.1.3"
+ # emerge ">=app-office/openoffice-1.1.3"
+ + All affected OpenOffice.org binary users should upgrade to the latest + version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-bin-1.1.3"
+ # emerge ">=app-office/openoffice-bin-1.1.3"
+ + All affected OpenOffice.org Ximian users should upgrade to the latest + version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-office/openoffice-ximian-1.3.4"
+ # emerge ">=app-office/openoffice-1.3.4"
+ + Ghostscript is a software package providing an interpreter for the + PostScript language and the PDF file format. It also provides output + drivers for various file formats and printers. +
++ The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files + in world-writeable directories with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When an + affected script is called, this would result in the file to be overwritten + with the rights of the user running the script, which could be the root + user. +
++ There is no known workaround at this time. +
++ Ghostscript users on all architectures except PPC should upgrade to the + latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-text/ghostscript-esp-7.07.1-r7"
+ # emerge ">=app-text/ghostscript-esp-7.07.1-r7"
+ + Ghostscript users on the PPC architecture should upgrade to the latest + stable version on their architecture: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-text/ghostscript-esp-7.05.6-r2"
+ # emerge ">=app-text/ghostscript-esp-7.05.6-r2"
+ + glibc is a package that contains the GNU C library. +
++ The catchsegv script creates temporary files in world-writeable directories + with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + catchsegv script is called, this would result in the file being overwritten + with the rights of the user running the utility, which could be the root + user. +
++ There is no known workaround at this time. +
++ All glibc users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv sys-libs/glibc
+ # emerge sys-libs/glibc
+ + Xpdf is an open source viewer for Portable Document Format (PDF) files. The + Common UNIX Printing System (CUPS) is a cross-platform print spooler that + includes some Xpdf code. +
++ Chris Evans discovered multiple integer overflow issues in Xpdf. +
++ An attacker could entice an user to open a specially-crafted PDF file, + potentially resulting in execution of arbitrary code with the rights of the + user running Xpdf. By enticing an user to directly print the PDF file to a + CUPS printer, an attacker could also crash the CUPS spooler or execute + arbitrary code with the rights of the CUPS spooler, which is usually the + "lp" user. +
++ There is no known workaround at this time. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r5"
+ + All CUPS users should also upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.20-r5"
+ + The Apache HTTP server is one of the most popular web servers on the + internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and + is also included in Apache 2. +
++ A flaw has been found in mod_ssl where the "SSLCipherSuite" directive could + be bypassed in certain configurations if it is used in a directory or + location context to restrict the set of allowed cipher suites. +
++ A remote attacker could gain access to a location using any cipher suite + allowed by the server/virtual host configuration, disregarding the + restrictions by "SSLCipherSuite" for that location. +
++ There is no known workaround at this time. +
++ All Apache 2 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=www-servers/apache-2.0.52"
+ # emerge ">=www-servers/apache-2.0.52"
+ + All mod_ssl users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-www/mod_ssl-2.8.20"
+ # emerge ">=net-www/mod_ssl-2.8.20"
+ + MySQL is a popular open-source, multi-threaded, multi-user SQL database + server. +
++ The following vulnerabilities were found and fixed in MySQL: +
++ Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT + rights of the old table instead of the new one (CAN-2004-0835). Another + privilege checking bug allowed users to grant rights on a database they had + no rights on. +
++ Dean Ellis found a defect where multiple threads ALTERing the MERGE tables + to change the UNION could cause the server to crash (CAN-2004-0837). + Another crash was found in MATCH ... AGAINST() queries with missing closing + double quote. +
++ Finally, a buffer overrun in the mysql_real_connect function was found by + Lukasz Wojtow (CAN-2004-0836). +
++ The privilege checking issues could be used by remote users to bypass their + rights on databases. The two crashes issues could be exploited by a remote + user to perform a Denial of Service attack on MySQL server. The buffer + overrun issue could also be exploited as a Denial of Service attack, and + may allow to execute arbitrary code with the rights of the MySQL daemon + (typically, the "mysql" user). +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=dev-db/mysql-4.0.21"
+ # emerge ">=dev-db/mysql-4.0.21"
+ + Gaim is a full featured instant messaging client which handls a variety of + instant messaging protocols. +
++ A possible buffer overflow exists in the code processing MSN SLP messages + (CAN-2004-0891). memcpy() was used without validating the size of the + buffer, and an incorrect buffer was used as destination under certain + circumstances. Additionally, memory allocation problems were found in the + processing of MSN SLP messages and the receiving of files. These issues + could lead Gaim to try to allocate more memory than available, resulting in + the crash of the application. +
++ A remote attacker could crash Gaim and possibly execute arbitrary code by + exploiting the buffer overflow. +
++ There is no known workaround at this time. +
++ All Gaim users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-im/gaim-1.0.2"
+ # emerge ">=net-im/gaim-1.0.2"
+ + MIT krb5 is the free implementation of the Kerberos network + authentication protocol written by the Massachusetts Institute of + Technology. +
++ The send-pr.sh script creates temporary files in world-writeable + directories with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + send-pr.sh is called, this would result in the file being overwritten + with the rights of the user running the utility, which could be the + root user. +
++ There is no known workaround at this time. +
++ All MIT krb5 users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=app-crypt/mit-krb5-1.3.4-r1"
+ # emerge ">=app-crypt/mit-krb5-1.3.4-r1"
+ + Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, + which allows Unix hosts to act as file, print, and time servers for Apple + computers. It includes several script utilities, including etc2ps.sh. +
++ The etc2ps.sh script creates temporary files in world-writeable directories + with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + etc2ps.sh is executed, this would result in the file being overwritten with + the rights of the user running the utility, which could be the root user. +
++ There is no known workaround at this time. +
++ All Netatalk users should upgrade to the latest version: +
+
+ # emerge sync
+
+ # emerge -pv ">=net-fs/netatalk-1.6.4-r1"
+ # emerge ">=net-fs/netatalk-1.6.4-r1"
+ + socat is a multipurpose bidirectional relay, similar to netcat. +
++ socat contains a syslog() based format string vulnerablility in the + '_msg()' function of 'error.c'. Exploitation of this bug is only + possible when socat is run with the '-ly' option, causing it to log + messages to syslog. +
++ Remote exploitation is possible when socat is used as a HTTP proxy + client and connects to a malicious server. Local privilege escalation + can be achieved when socat listens on a UNIX domain socket. Potential + execution of arbitrary code with the privileges of the socat process is + possible with both local and remote exploitations. +
++ Disable logging to syslog by not using the '-ly' option when starting + socat. +
++ All socat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/socat-1.4.0.3"
+ + mpg123 is a MPEG Audio Player. +
++ Buffer overflow vulnerabilities in the getauthfromURL() and http_open() + functions have been reported by Carlos Barros. Additionally, the Gentoo + Linux Sound Team fixed additional boundary checks which were found to + be lacking. +
++ By enticing a user to open a malicious playlist or URL or making use of + a specially-crafted symlink, an attacker could possibly execute + arbitrary code with the rights of the user running mpg123. +
++ There is no known workaround at this time. +
++ All mpg123 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r5"
+ + rssh is a restricted shell, allowing only a few commands like scp or + sftp. It is often used as a complement to OpenSSH to provide limited + access to users. +
++ Florian Schilhabel from the Gentoo Linux Security Audit Team found a + format string vulnerability in rssh syslogging of failed commands. +
++ Using a malicious command, it may be possible for a remote + authenticated user to execute arbitrary code on the target machine with + user rights, effectively bypassing any restriction of rssh. +
++ There is no known workaround at this time. +
++ All rssh users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/rssh-2.2.2"
+ + PuTTY is a free implementation of Telnet and SSH for Win32 and Unix + platforms, along with an xterm terminal emulator. +
++ PuTTY fails to do proper bounds checking on SSH2_MSG_DEBUG packets. The + "stringlen" parameter value is incorrectly checked due to signedness + issues. Note that this vulnerability is similar to the one described in + GLSA 200408-04 but not the same. +
++ When PuTTY connects to a server using the SSH2 protocol, an attacker + may be able to send specially crafted packets to the client, resulting + in the execution of arbitrary code with the permissions of the user + running PuTTY. Note that this is possible during the authentication + process but before host key verification. +
++ There is no known workaround at this time. +
++ All PuTTY users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/putty-0.56"
+ + GPdf is a Gnome-based PDF viewer. KPDF, part of the kdegraphics package, is + a KDE-based PDF viewer. KOffice is an integrated office suite for KDE. +
++ GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is + vulnerable to multiple integer overflows, as described in GLSA 200410-20. +
++ An attacker could entice a user to open a specially-crafted PDF file, + potentially resulting in execution of arbitrary code with the rights of the + user running the affected utility. +
++ There is no known workaround at this time. +
++ All GPdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gpdf-0.132-r2"
+ + All KDE users should upgrade to the latest version of kdegraphics: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.0-r2"
+ + All KOffice users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/koffice-1.3.3-r2"
+ + Archive::Zip is a Perl module containing functions to handle ZIP + archives. +
++ Archive::Zip can be used by email scanning software (like amavisd-new) + to uncompress attachments before virus scanning. By modifying the + uncompressed size of archived files in the global header of the ZIP + file, it is possible to fool Archive::Zip into thinking some files + inside the archive have zero length. +
++ An attacker could send a carefully crafted ZIP archive containing a + virus file and evade detection on some email virus-scanning software + relying on Archive::Zip for decompression. +
++ There is no known workaround at this time. +
++ All Archive::Zip users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/Archive-Zip-1.14"
+ + ppp is a Unix implementation of the Point-to-Point Protocol. +
++ The pppd server improperly verifies header fields, potentially leading to a + crash of the pppd process handling the connection. However, since a + separate pppd process handles each ppp connection, this would not affect + any other connection, or prevent new connections from being established. +
++ We incorrectly thought that this bug could be exploited to deny service to + all ppp users. It is not the case, this bug has no security impact + whatsoever. Many thanks to Paul Mackerras from the Samba team for + correcting our mistake. +
++ There is no need for a workaround. +
++ ppp users can keep their current versions. +
++ Cherokee is an extra-light web server. +
++ Florian Schilhabel from the Gentoo Linux Security Audit Team found a + format string vulnerability in the cherokee_logger_ncsa_write_string() + function. +
++ Using a specially crafted URL when authenticating via auth_pam, a + malicious user may be able to crash the server or execute arbitrary + code on the target machine with permissions of the user running + Cherokee. +
++ There is no known workaround at this time. +
++ All Cherokee users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/cherokee-0.4.17.1"
+ + The Apache HTTP server is one of the most popular web servers on the + internet. mod_include is an Apache module to handle Server Side Includes + (SSI). +
++ A possible buffer overflow exists in the get_tag() function of + mod_include.c. +
++ If Server Side Includes (SSI) are enabled, a local attacker may be able to + run arbitrary code with the rights of an httpd child process by making use + of a specially-crafted document with malformed SSI. +
++ There is no known workaround at this time. +
++ All Apache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-1.3.32-r1"
+ + The speedtouch package contains a driver for the ADSL SpeedTouch USB modem. +
++ The Speedtouch USB driver contains multiple format string vulnerabilities + in modem_run, pppoa2 and pppoa3. This flaw is due to an improperly made + syslog() system call. +
++ A malicious local user could exploit this vulnerability by causing a buffer + overflow, and potentially allowing the execution of arbitrary code with + escalated privileges. +
++ There is no known workaround at this time. +
++ All Speedtouch USB driver users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/speedtouch-1.3.1"
+ + libxml2 is an XML parsing library written in C. +
++ Multiple buffer overflows have been detected in the nanoftp and nanohttp + modules. These modules are responsible for parsing URLs with ftp + information, and resolving names via DNS. +
++ An attacker could exploit an application that uses libxml2 by forcing it to + parse a specially-crafted XML file, potentially causing remote execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All libxml2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.6.15"
+ + MIME-tools is a Perl module containing functions to handle MIME + attachments. +
++ MIME-tools doesn't correctly parse attachment boundaries with an empty + name (boundary=""). +
++ An attacker could send a carefully crafted email and evade detection on + some email virus-scanning programs using MIME-tools for attachment + decoding. +
++ There is no known workaround at this time. +
++ All MIME-tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/MIME-tools-5.415"
+ + Proxytunnel is a program that tunnels connections to a remote server + through a standard HTTPS proxy. +
++ Florian Schilhabel of the Gentoo Linux Security Audit project found a + format string vulnerability in Proxytunnel. When the program is started in + daemon mode (-a [port]), it improperly logs invalid proxy answers to + syslog. +
++ A malicious remote server could send specially-crafted invalid answers to + exploit the format string vulnerability, potentially allowing the execution + of arbitrary code on the tunnelling host with the rights of the Proxytunnel + process. +
++ You can mitigate the issue by only allowing connections to trusted remote + servers. +
++ All Proxytunnel users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3"
+ + The GD graphics library is an open source library which allows programmers + to easily generate PNG, JPEG, GIF and WBMP images from many different + programming languages. +
++ infamous41md found an integer overflow in the memory allocation procedure + of the GD routine that handles loading PNG image files. +
++ A remote attacker could entice a user to load a carefully crafted PNG image + file in a GD-powered application, or send a PNG image to a web application + which uses GD PNG decoding functions. This could potentially lead to + execution of arbitrary code with the rights of the program loading the + image. +
++ There is no known workaround at this time. +
++ All GD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gd-2.0.32"
+ + shadow provides a set of utilities to deal with user accounts. +
++ Martin Schulze reported a flaw in the passwd_check() function in + "libmisc/pwdcheck.c" which is used by chfn and chsh. +
++ A logged-in local user with an expired password may be able to use chfn and + chsh to change his standard shell or GECOS information (full name, phone + number...) without being required to change his password. +
++ There is no known workaround at this time. +
++ All shadow users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.0.5-r1"
+ + Gallery is a web application written in PHP which is used to organize + and publish photo albums. It allows multiple users to build and + maintain their own albums. It also supports the mirroring of images on + other servers. +
++ Jim Paris has discovered a cross-site scripting vulnerability in + Gallery. +
++ By sending a carefully crafted URL, an attacker can inject and execute + script code in the victim's browser window, and potentially compromise + the users gallery. +
++ There is no known workaround at this time. +
++ All Gallery users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p4"
+ + ImageMagick is a collection of tools to read, write and manipulate images + in many formats. +
++ ImageMagick fails to do proper bounds checking when handling image files + with EXIF information. +
++ An attacker could use an image file with specially-crafted EXIF information + to cause arbitrary code execution with the permissions of the user running + ImageMagick. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.3.2"
+ + zgv is a console image viewer based on svgalib. +
++ Multiple arithmetic overflows have been detected in the image + processing code of zgv. +
++ An attacker could entice a user to open a specially-crafted image file, + potentially resulting in execution of arbitrary code with the rights of + the user running zgv. +
++ There is no known workaround at this time. +
++ All zgv users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8"
+ + Portage is Gentoo's package management tool. The dispatch-conf utility + allows for easy rollback of configuration file changes and automatic + updates of configurations files never modified by users. Gentoolkit is + a collection of Gentoo specific administration scripts, one of which is + the portage querying tool qpkg. +
++ dispatch-conf and qpkg use predictable filenames for temporary files. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + an affected script is called, this would result in the file to be + overwritten with the rights of the user running the dispatch-conf or + qpkg, which could be the root user. +
++ There is no known workaround at this time. +
++ All Portage users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.0.51-r3"
+ + All Gentoolkit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-portage/gentoolkit-0.2.0_pre8-r1"
+ + Kaffeine and gxine are graphical front-ends for xine-lib multimedia + library. +
++ KF of Secure Network Operations has discovered an overflow that occurs + during the Content-Type header processing of Kaffeine. The vulnerable + code in Kaffeine is reused from gxine, making gxine vulnerable as well. +
++ An attacker could create a specially-crafted Content-type header from a + malicious HTTP server, and crash a user's instance of Kaffeine or + gxine, potentially allowing the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Kaffeine users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.4.3b-r1"
+ + All gxine users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/gxine-0.3.3-r1"
+ + OpenSSL is a toolkit implementing the Secure Sockets Layer and + Transport Layer Security protocols as well as a general-purpose + cryptography library. It includes the der_chop script, which is used to + convert DER-encoded certificates to PEM format. Groff (GNU Troff) is a + typesetting package which reads plain text mixed with formatting + commands and produces formatted output. It includes groffer, a command + used to display groff files and man pages on X and tty. +
++ groffer and the der_chop script create temporary files in + world-writeable directories with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + groffer or der_chop is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +
++ There is no known workaround at this time. +
++ All Groff users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose sys-apps/groff
+ + All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7d-r2"
+ + Note: /etc/ssl/misc/der_chop is protected by Portage as a configuration + file. Don't forget to use etc-update and overwrite the old version with + the new one. +
++ zip is a compression and file packaging utility. +
++ zip does not check the resulting path length when doing recursive + folder compression. +
++ An attacker could exploit this by enticing another user or web + application to create an archive including a specially-crafted path + name, potentially resulting in the execution of arbitrary code with the + permissions of the user running zip. +
++ There is no known workaround at this time. +
++ All zip users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/zip-2.3-r4"
+ + mtink is a status monitor and inkjet cartridge changer for some Epson + printers. +
++ Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure + permissions on temporary files. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + mtink is executed, this would result in the file being overwritten with + the rights of the user running the utility, which could be the root + user. +
++ There is no known workaround at this time. +
++ All mtink users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/mtink-1.0.5"
+ + The Apache HTTP Server is one of the most popular web servers on the Internet. +
++ Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. +
++ By sending a large amount of specially-crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system. +
++ There is no known workaround at this time. +
++ All Apache 2.0 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.52-r1"
+ + Pavuk is web spider and website mirroring tool. +
++ Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. +
++ A remote attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk. +
++ There is no known workaround at this time. +
++ All Pavuk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/pavuk-0.9.31"
+ + ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services. +
++ Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate. +
++ An attacker could exploit this to execute arbitrary code with the permissions of the user running ez-ipupdate, which could be the root user. +
++ There is no known workaround at this time. +
++ All ez-ipupdate users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/ez-ipupdate-3.0.11_beta8-r1"
+ + Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +
++ Samba fails to do proper bounds checking when handling + TRANSACT2_QFILEPATHINFO replies. Additionally an input validation flaw + exists in ms_fnmatch.c when matching filenames that contain wildcards. +
++ An attacker may be able to execute arbitrary code with the permissions + of the user running Samba. A remote attacker may also be able to cause + an abnormal consumption of CPU resources, resulting in slower + performance of the server or even a Denial of Service. +
++ There is no known workaround at this time. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.8"
+ + Davfs2 is a file system driver that allows you to mount a WebDAV + server as a local disk drive. lvm-user is a package providing userland + utilities for LVM (Logical Volume Management) 1.x features. +
++ Florian Schilhabel from the Gentoo Linux Security Audit Team found + that Davfs2 insecurely created .pid files in /tmp. Furthermore, Trustix + Secure Linux found that the lvmcreate_initrd script, included in the + lvm-user Gentoo package, also creates temporary files in + world-writeable directories with predictable names. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When Davfs2 or lvmcreate_initrd is called, this would result in the + file being overwritten with the rights of the user running the + software, which could be the root user. +
++ There is no known workaround at this time. +
++ All Davfs2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/davfs2-0.2.2-r1"
+ + All lvm-user users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/lvm-user-1.0.7-r2"
+ + Ruby is an interpreted scripting language for quick and easy + object-oriented programming. Ruby's CGI module can be used to build web + applications. +
++ Ruby's developers found and fixed an issue in the CGI module that + can be triggered remotely and cause an infinite loop. +
++ A remote attacker could trigger the vulnerability through an + exposed Ruby web application and cause the server to use unnecessary + CPU resources, potentially resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All Ruby 1.6.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12"
+ + All Ruby 1.8.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3"
+ + BNC (BouNCe) is an IRC proxy server. +
++ Leon Juranic discovered that BNC fails to do proper bounds + checking when checking server response. +
++ An attacker could exploit this to cause a Denial of Service and + potentially execute arbitary code with the permissions of the user + running BNC. +
++ There is no known workaround at this time. +
++ All BNC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1"
+ + SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP, and can optionally be installed with SQL support. +
++ SquirrelMail fails to properly sanitize certain strings when decoding + specially-crafted headers. +
++ By enticing a user to read a specially-crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +
++ There is no known workaround at this time. +
++ All SquirrelMail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.3a-r2"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ GIMPS is a client for the distributed Great Internet Mersenne Prime + Search. SETI@home is the client for the Search for Extraterrestrial + Intelligence (SETI) project. ChessBrain is the client for the + distributed chess supercomputer. +
++ GIMPS, SETI@home and ChessBrain ebuilds install user-owned binaries and + init scripts which are executed with root privileges. +
++ This could lead to a local privilege escalation or root compromise. +
++ There is no known workaround at this time. +
++ All GIMPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-misc/gimps-23.9-r1"
+ + All SETI@home users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-misc/setiathome-3.03-r2"
+ + All ChessBrain users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-misc/chessbrain-20407-r1"
+ + Fcron is a command scheduler with extended capabilities over cron + and anacron. +
++ Due to design errors in the fcronsighup program, Fcron may allow a + local user to bypass access restrictions (CAN-2004-1031), view the + contents of root owned files (CAN-2004-1030), remove arbitrary files or + create empty files (CAN-2004-1032), and send a SIGHUP to any process. A + vulnerability also exists in fcrontab which may allow local users to + view the contents of fcron.allow and fcron.deny (CAN-2004-1033). +
++ A local attacker could exploit these vulnerabilities to perform a + Denial of Service on the system running Fcron. +
++ Make sure the fcronsighup and fcrontab binaries are only + executable by trusted users. +
++ All Fcron users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/fcron-2.0.2"
+ + libXpm is a pixmap manipulation library for the X Window System, + included in both X.Org and XFree86. +
++ Several issues were discovered in libXpm, including integer + overflows, out-of-bounds memory accesses, insecure path traversal and + an endless loop. +
++ An attacker could craft a malicious pixmap file and entice a user + to use it with an application linked against libXpm. This could lead to + Denial of Service or arbitrary code execution. +
++ There is no known workaround at this time. +
++ All X.Org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.7.0-r3"
+ + All XFree86 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xfree-x11-4.3.0-r8"
+ + unarj is an ARJ archive decompressor. +
++ unarj has a bounds checking vulnerability within the handling of + long filenames in archives. It also fails to properly sanitize paths + when extracting an archive (if the "x" option is used to preserve + paths). +
++ An attacker could trigger a buffer overflow or a path traversal by + enticing a user to open an archive containing specially-crafted path + names, potentially resulting in the overwrite of files or execution of + arbitrary code with the permissions of the user running unarj. +
++ There is no known workaround at this time. +
++ All unarj users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unarj-2.63a-r2"
+ + pdftohtml is a utility to convert PDF files to HTML or XML + formats. It makes use of Xpdf code to decode PDF files. +
++ Xpdf is vulnerable to multiple integer overflows, as described in + GLSA 200410-20. +
++ An attacker could entice a user to convert a specially-crafted PDF + file, potentially resulting in execution of arbitrary code with the + rights of the user running pdftohtml. +
++ There is no known workaround at this time. +
++ All pdftohtml users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r1"
+ + ProZilla is a download accelerator for Linux. +
++ ProZilla contains several exploitable buffer overflows in the code + handling the network protocols. +
++ A remote attacker could setup a malicious server and entice a user to + retrieve files from that server using ProZilla. This could lead to the + execution of arbitrary code with the rights of the user running + ProZilla. +
++ There is no known workaround at this time. +
++ Currently, there is no released version of ProZilla that contains a fix + for these issues. The original author did not respond to our queries, + the code contains several other problems and more secure alternatives + exist. Therefore, the ProZilla package has been hard-masked prior to + complete removal from Portage, and current users are advised to unmerge + the package. +
++ phpBB is an Open Source bulletin board package. +
++ phpBB contains a vulnerability in the highlighting code and several + vulnerabilities in the username handling code. +
++ An attacker can exploit the highlighting vulnerability to access the + PHP exec() function without restriction, allowing them to run arbitrary + commands with the rights of the web server user (for example the apache + user). Furthermore, the username handling vulnerability might be abused + to execute SQL statements on the phpBB database. +
++ There is a one-line patch which will remediate the remote execution + vulnerability. +
++ Locate the following block of code in viewtopic.php: +
+
+ //
+ // Was a highlight request part of the URI?
+ //
+ $highlight_match = $highlight = '';
+ if (isset($HTTP_GET_VARS['highlight']))
+ {
+ // Split words and phrases
+ $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
+
+ for($i = 0; $i < sizeof($words); $i++)
+ {
+ + Replace with the following: +
+
+ //
+ // Was a highlight request part of the URI?
+ //
+ $highlight_match = $highlight = '';
+ if (isset($HTTP_GET_VARS['highlight']))
+ {
+ // Split words and phrases
+ $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
+
+ for($i = 0; $i < sizeof($words); $i++)
+ {
+ + All phpBB users should upgrade to the latest version to fix all known + vulnerabilities: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpbb-2.0.11"
+ + TWiki is a Web-based groupware tool based around the concept of wiki + pages that can be edited by anybody with a Web browser. +
++ The TWiki search function, which uses a shell command executed via the + Perl backtick operator, does not properly escape shell metacharacters + in the user-provided search string. +
++ An attacker can insert malicious commands into a search request, + allowing the execution of arbitrary commands with the privileges of the + user running TWiki (usually the Web server user). +
++ There is no known workaround at this time. +
++ All TWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/twiki-20040902"
+ + The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail + server. +
++ Multiple vulnerabilities have been discovered in the argument + parsers of the 'partial' and 'fetch' commands of the Cyrus IMAP Server + (CAN-2004-1012, CAN-2004-1013). There are also buffer overflows in the + 'imap magic plus' code that are vulnerable to exploitation as well + (CAN-2004-1011, CAN-2004-1015). +
++ An attacker can exploit these vulnerabilities to execute arbitrary + code with the rights of the user running the Cyrus IMAP Server. +
++ There is no known workaround at this time. +
++ All Cyrus-IMAP Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.10"
+ + phpWebSite is a web site content management system. +
++ Due to lack of proper input validation, phpWebSite has been found to be + vulnerable to HTTP response splitting attacks. +
++ A malicious user could inject arbitrary response data, leading to + content spoofing, web cache poisoning and other cross-site scripting or + HTTP response splitting attacks. This could result in compromising the + victim's data or browser. +
++ There is no known workaround at this time. +
++ All phpWebSite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.9.3_p4-r2"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +
++ Cedric Cochin has discovered multiple cross-site scripting + vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited + through the PmaAbsoluteUri parameter, the zero_rows parameter in + read_dump.php, the confirm form, or an error message generated by the + internal phpMyAdmin parser. +
++ By sending a specially-crafted request, an attacker can inject and + execute malicious script code, potentially compromising the victim's + browser. +
++ There is no known workaround at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.0_p3"
+ + Open DC Hub is the hub software for the Direct Connect file sharing + network. +
++ Donato Ferrante discovered a buffer overflow vulnerability in the + RedirectAll command of the Open DC Hub. +
++ Upon exploitation, a remote user with administrative privileges can + execute arbitrary code on the system running the Open DC Hub. +
++ Only give administrative rights to trusted users. +
++ All Open DC Hub users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.7.14-r2"
+ + Sun and Blackdown both provide implementations of Java Development Kits + (JDK) and Java Runtime Environments (JRE). All these implementations + provide a Java plug-in that can be used to execute Java applets in a + restricted environment for web browsers. +
++ All Java plug-ins are subject to a vulnerability allowing unrestricted + Java package access. +
++ A remote attacker could embed a malicious Java applet in a web page and + entice a victim to view it. This applet can then bypass security + restrictions and execute any command or access any file with the rights + of the user running the web browser. +
++ As a workaround you could disable Java applets on your web browser. +
++ All Sun JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.06"
+ + All Sun JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.06"
+ + All Blackdown JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.01"
+ + All Blackdown JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.01"
+ + Note: You should unmerge all vulnerable versions to be fully protected. +
++ rssh and scponly are two restricted shells, allowing only a few + predefined commands. They are often used as a complement to OpenSSH to + provide access to remote users without providing any remote execution + privileges. +
++ Jason Wies discovered that when receiving an authorized command from an + authorized user, rssh and scponly do not filter command-line options + that can be used to execute any command on the target host. +
++ Using a malicious command, it is possible for a remote authenticated + user to execute any command (or upload and execute any file) on the + target machine with user rights, effectively bypassing any restriction + of scponly or rssh. +
++ There is no known workaround at this time. +
++ All scponly users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/scponly-4.0"
+ + All rssh users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/rssh/rssh-2.2.3"
+ + PDFlib is a library providing functions to handle PDF files. It + includes a modified TIFF library used to process TIFF images. +
++ The TIFF library is subject to several known vulnerabilities (see + GLSA 200410-11). Most of these overflows also apply to PDFlib. +
++ A remote attacker could entice a user or web application to + process a carefully crafted PDF file or TIFF image using a + PDFlib-powered program. This can potentially lead to the execution of + arbitrary code with the rights of the program processing the file. +
++ There is no known workaround at this time. +
++ All PDFlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/pdflib-5.0.4_p1"
+ + imlib is an advanced replacement library for image manipulation + libraries like libXpm. It is called by numerous programs, including + gkrellm and several window managers, to help in displaying images. +
++ Pavel Kankovsky discovered that several overflows found in the + libXpm library (see GLSA 200409-34) also applied to imlib. He also + fixed a number of other potential flaws. +
++ A remote attacker could entice a user to view a carefully-crafted + image file, which would potentially lead to execution of arbitrary code + with the rights of the user viewing the image. This affects any program + that makes use of the imlib library. +
++ There is no known workaround at this time. +
++ All imlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/imlib-1.9.14-r3"
+ + Perl is a stable, cross-platform programming language created by + Larry Wall. +
++ Some Perl modules create temporary files in world-writable + directories with predictable names. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When a Perl script is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +
++ There is no known workaround at this time. +
++ All Perl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=perl-5.8.5-r2"
+ + mirrorselect is a tool to help select distfiles mirrors for Gentoo. +
++ Ervin Nemeth discovered that mirrorselect creates temporary files in + world-writable directories with predictable names. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + mirrorselect is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +
++ There is no known workaround at this time. +
++ All mirrorselect users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-portage/mirrorselect-0.89"
+ + PHProjekt is a modular groupware web application used to + coordinate group activities and share files. +
++ Martin Muench, from it.sec, found a flaw in the setup.php file. +
++ Successful exploitation of the flaw allows a remote attacker + without admin rights to make unauthorized changes to PHProjekt + configuration. +
++ As a workaround, you could replace the existing setup.php file in + PHProjekt root directory by the one provided on the PHProjekt Advisory + (see References). +
++ All PHProjekt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1"
+ + file is a utility used to identify the type of a file. +
++ A possible stack overflow has been found in the ELF header parsing code + of file. +
++ An attacker may be able to create a specially crafted ELF file which, + when processed with file, may allow the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All file users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-4.12"
+ + nfs-utils is a package containing the client and daemon + implementations for the NFS protocol. +
++ Arjan van de Ven has discovered a buffer overflow on 64-bit + architectures in 'rquota_server.c' of nfs-utils (CAN-2004-0946). A + remotely exploitable flaw on all architectures also exists in the + 'statd.c' file of nfs-utils (CAN-2004-1014), which can be triggered by + a mishandled SIGPIPE. +
++ A remote attacker could potentially cause a Denial of Service, or + even execute arbitrary code (64-bit architectures only) on a remote NFS + server. +
++ There is no known workaround at this time. +
++ All nfs-utils users should upgarde to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.0.6-r6"
+ + ncpfs is a NCP protocol network filesystem that allows access to + Netware services, for example to mount volumes of NetWare servers or + print to NetWare print queues. +
++ Karol Wiesek discovered a buffer overflow in the handling of the + '-T' option in the ncplogin and ncpmap utilities, which are both + installed as SUID root by default. +
++ A local attacker could trigger the buffer overflow by calling one + of these utilities with a carefully crafted command line, potentially + resulting in execution of arbitrary code with root privileges. +
++ There is no known workaround at this time. +
++ All ncpfs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/ncpfs-2.2.5"
+ + Vim is an efficient, highly configurable improved version of the + classic 'vi' text editor. gVim is the GUI version of Vim. +
++ Gentoo's Vim maintainer, Ciaran McCreesh, found several + vulnerabilities related to the use of options in Vim modelines. Options + like 'termcap', 'printdevice', 'titleold', 'filetype', 'syntax', + 'backupext', 'keymap', 'patchmode' or 'langmenu' could be abused. +
++ A local attacker could write a malicious file in a world readable + location which, when opened in a modeline-enabled Vim, could trigger + arbitrary commands with the rights of the user opening the file, + resulting in privilege escalation. Please note that modelines are + disabled by default in the /etc/vimrc file provided in Gentoo. +
++ There is no known workaround at this time. +
++ All Vim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/vim-6.3-r2"
+ + All gVim users should also upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/gvim-6.3-r2"
+ + Cscope is a developer utility used to browse and manage source + code. +
++ Cscope creates temporary files in world-writable directories with + predictable names. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When Cscope is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +
++ There is no known workaround at this time. +
++ All Cscope users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5-r2"
+ + Adobe Acrobat Reader is a utility used to view PDF files. +
++ A buffer overflow has been discovered in the email processing of + Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function, + which checks if the input file is an email message containing a PDF + file. +
++ A remote attacker could send the victim a specially-crafted email + and PDF attachment, which would trigger the buffer overflow and + possibly lead to the execution of arbitrary code with the permissions + of the user running Adobe Acrobat Reader. +
++ There is no known workaround at this time. +
++ All Adobe Acrobat Reader users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-5.10"
+ + Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +
++ Samba contains a bug when unmarshalling specific MS-RPC requests from + clients. +
++ A remote attacker may be able to execute arbitrary code with the + permissions of the user running Samba, which could be the root user. +
++ There is no known workaround at this time. +
++ All samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.9-r1"
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +
++ Stefan Esser and Marcus Boerger reported several different issues in + the unserialize() function, including serious exploitable bugs in the + way it handles negative references (CAN-2004-1019). +
++ Stefan Esser also discovered that the pack() and unpack() functions are + subject to integer overflows that can lead to a heap buffer overflow + and a heap information leak. Finally, he found that the way + multithreaded PHP handles safe_mode_exec_dir restrictions can be + bypassed, and that various path truncation issues also allow to bypass + path and safe_mode restrictions. +
++ Ilia Alshanetsky found a stack overflow issue in the exif_read_data() + function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes + and magic_quotes_gpc do not properly escape null characters and that + magic_quotes_gpc contains a bug that could lead to one level directory + traversal. +
++ These issues could be exploited by a remote attacker to retrieve web + server heap information, bypass safe_mode or path restrictions and + potentially execute arbitrary code with the rights of the web server + running a PHP application. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/php-4.3.10"
+ + All mod_php users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.10"
+ + All php-cgi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.10"
+ + Ethereal is a feature rich network protocol analyzer. +
++ There are multiple vulnerabilities in versions of Ethereal earlier + than 0.10.8, including: +
++ An attacker might be able to use these vulnerabilities to crash + Ethereal, perform DoS by CPU and disk space utilization or even execute + arbitrary code with the permissions of the user running Ethereal, which + could be the root user. +
++ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. However, it is strongly recommended to upgrade to + the latest stable version. +
++ All ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.8"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. The KDE core libraries (kdebase and + kdelibs) provide native support for many protocols. Konqueror is the + KDE web browser and filemanager. +
++ Daniel Fabian discovered that the KDE core libraries contain a + flaw allowing password disclosure by making a link to a remote file. + When creating this link, the resulting URL contains authentication + credentials used to access the remote file (CAN 2004-1171). +
++ The Konqueror webbrowser allows websites to load webpages into a window + or tab currently used by another website (CAN-2004-1158). +
++ A malicious user could have access to the authentication + credentials of other users depending on the file permissions. +
++ A malicious website could use the window injection vulnerability to + load content in a window apparently belonging to another website. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.2.3-r4"
+ + All kdebase users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdebase-3.2.3-r3"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. kfax (part of kdegraphics) is the KDE fax + file viewer. +
++ Than Ngo discovered that kfax contains a private copy of the TIFF + library and is therefore subject to several known vulnerabilities (see + References). +
++ A remote attacker could entice a user to view a carefully-crafted TIFF + image file with kfax, which would potentially lead to execution of + arbitrary code with the rights of the user running kfax. +
++ The KDE Team recommends to remove the kfax binary as well as the + kfaxpart.la KPart: +
+
+ rm /usr/kde/3.*/lib/kde3/kfaxpart.la
+ rm /usr/kde/3.*/bin/kfax
+ + Note: This will render the kfax functionality useless, if kfax + functionality is needed you should upgrade to the KDE 3.3.2 which is + not stable at the time of this writing. +
++ There is no known workaround at this time. +
++ All kfax users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.2"
+ + abcm2ps is a utility used to convert ABC music sheet files into + PostScript format. +
++ Limin Wang has located a buffer overflow inside the put_words() + function in the abcm2ps code. +
++ A remote attacker could convince the victim to download a + specially-crafted ABC file. Upon execution, this file would trigger the + buffer overflow and lead to the execution of arbitrary code with the + permissions of the user running abcm2ps. +
++ There is no known workaround at this time. +
++ All abcm2ps users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/abcm2ps-3.7.21"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +
++ Nicolas Gregoire (exaprobe.com) has discovered two vulnerabilities + that exist only on a webserver where PHP safe_mode is off. These + vulnerabilities could lead to command execution or file disclosure. +
++ On a system where external MIME-based transformations are enabled, + an attacker can insert offensive values in MySQL, which would start a + shell when the data is browsed. On a system where the UploadDir is + enabled, read_dump.php could use the unsanitized sql_localfile variable + to disclose a file. +
++ You can temporarily enable PHP safe_mode or disable external + MIME-based transformation AND disable the UploadDir. But instead, we + strongly advise to update your version to 2.6.1_rc1. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_rc1"
+ + NASM is a 80x86 assembler that has been created for portability + and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow + extensions. It also supports a wide range of objects formats (ELF, + a.out, COFF, ...), and has its own disassembler. +
++ Jonathan Rockway discovered that NASM-0.98.38 has an unprotected + vsprintf() to an array in preproc.c. This code vulnerability may lead + to a buffer overflow and potential execution of arbitrary code. +
++ A remote attacker could craft a malicious object file which, when + supplied in NASM, would result in the execution of arbitrary code with + the rights of the user running NASM. +
++ There is no known workaround at this time. +
++ All NASM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/nasm-0.98.38-r1"
+ + MPlayer is a media player capable of handling multiple multimedia + file formats. +
++ iDEFENSE, Ariel Berkman and the MPlayer development team found + multiple vulnerabilities in MPlayer. These include potential heap + overflows in Real RTSP and pnm streaming code, stack overflows in MMST + streaming code and multiple buffer overflows in BMP demuxer and mp3lib + code. +
++ A remote attacker could craft a malicious file or design a + malicious streaming server. Using MPlayer to view this file or connect + to this server could trigger an overflow and execute + attacker-controlled code. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre5-r5"
+ + mpg123 is a MPEG Audio Player. +
++ Bartlomiej Sieka discovered that mpg123 contains an unsafe + strcat() to an array in playlist.c. This code vulnerability may lead to + a buffer overflow. +
++ A remote attacker could craft a malicious playlist which, when + used, would result in the execution of arbitrary code with the rights + of the user running mpg123. +
++ There is no known workaround at this time. +
++ All mpg123 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r8"
+ + Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. +
++ Due to improper input validation, Zwiki can be exploited to perform + cross-site scripting attacks. +
++ By enticing a user to read a specially-crafted wiki entry, an attacker + can execute arbitrary script code running in the context of the + victim's browser. +
++ There is no known workaround at this time. +
++ All Zwiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1"
+ + Xpdf is an open source viewer for Portable Document Format (PDF) + files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code. +
++ A new integer overflow issue was discovered in Xpdf's + Gfx::doImage() function. +
++ An attacker could entice an user to open a specially-crafted PDF + file, potentially resulting in execution of arbitrary code with the + rights of the user running Xpdf or GPdf. +
++ There is no known workaround at this time. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r7"
+ + All GPdf users should also upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.8.1-r1"
+ + The Common UNIX Printing System (CUPS) is a cross-platform print + spooler, hpgltops is a CUPS filter handling printing of HPGL files and + lppasswd is a program used locally to manage spooler passwords. +
++ CUPS makes use of vulnerable Xpdf code to handle PDF files + (CAN-2004-1125). Furthermore, Ariel Berkman discovered a buffer + overflow in the ParseCommand function in hpgl-input.c in the hpgltops + program (CAN-2004-1267). Finally, Bartlomiej Sieka discovered several + problems in the lppasswd program: it ignores some write errors + (CAN-2004-1268), it can leave the passwd.new file in place + (CAN-2004-1269) and it does not verify that passwd.new file is + different from STDERR (CAN-2004-1270). +
++ The Xpdf and hpgltops vulnerabilities may be exploited by a remote + attacker to execute arbitrary code by sending specific print jobs to a + CUPS spooler. The lppasswd vulnerabilities may be exploited by a local + attacker to write data to the CUPS password file or deny further + password modifications. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23"
+ + ViewCVS is a browser interface for viewing CVS and Subversion + version control repositories through a web browser. +
++ The tar export functions in ViewCVS bypass the 'hide_cvsroot' and + 'forbidden' settings and therefore expose information that should be + kept secret (CAN-2004-0915). Furthermore, some error messages in + ViewCVS do not filter user-provided information, making it vulnerable + to a cross-site scripting attack (CAN-2004-1062). +
++ By using the tar export functions, a remote attacker could access + information that is configured as restricted. Through the use of a + malicious request, an attacker could also inject and execute malicious + script code, potentially compromising another user's browser. +
++ There is no known workaround at this time. +
++ All ViewCVS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/viewcvs-0.9.2_p20041207-r1"
+ + PHProjekt is a modular groupware web application used to + coordinate group activities and share files. +
++ cYon discovered that the authform.inc.php script allows a remote + user to define the global variable $path_pre. +
++ A remote attacker can exploit this vulnerability to force + authform.inc.php to download and execute arbitrary PHP code with the + privileges of the web server user. +
++ There is no known workaround at this time. +
++ All PHProjekt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r2"
+ + LinPopUp is a graphical application that acts as a frontend to + Samba client messaging functions, allowing a Linux desktop to + communicate with a Microsoft Windows computer that runs Winpopup. +
++ Stephen Dranger discovered that LinPopUp contains a buffer + overflow in string.c, triggered when replying to a remote user message. +
++ A remote attacker could craft a malicious message that, when + replied using LinPopUp, would exploit the buffer overflow. This would + result in the execution of arbitrary code with the privileges of the + user running LinPopUp. +
++ There is no known workaround at this time. +
++ All LinPopUp users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/linpopup-2.0.4-r1"
+ + a2ps is an Any to Postscript filter that can convert to Postscript from + many filetypes. fixps is a script that fixes errors in Postscript + files. psmandup produces a Postscript file for printing in manual + duplex mode. +
++ Javier Fernandez-Sanguino Pena discovered that the a2ps package + contains two scripts that create insecure temporary files (fixps and + psmandup). Furthermore, we fixed in a previous revision a vulnerability + in a2ps filename handling (CAN-2004-1170). +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + fixps or psmandup is executed, this would result in the file being + overwritten with the rights of the user running the utility. By + enticing a user or script to run a2ps on a malicious filename, an + attacker could execute arbitrary commands on the system with the rights + of that user or script. +
++ There is no known workaround at this time. +
++ All a2ps users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/a2ps-4.13c-r2"
+ + Mozilla is a popular web browser that includes a mail and newsreader. + Mozilla Firefox and Mozilla Thunderbird are respectively the + next-generation browser and mail client from the Mozilla project. +
++ Maurycy Prodeus from isec.pl found a potentially exploitable buffer + overflow in the handling of NNTP URLs. Furthermore, Martin (from + ptraced.net) discovered that temporary files in recent versions of + Mozilla-based products were sometimes stored world-readable with + predictable names. The Mozilla Team also fixed a way of spoofing + filenames in Firefox's "What should Firefox do with this file" dialog + boxes and a potential information leak about the existence of local + filenames. +
++ A remote attacker could craft a malicious NNTP link and entice a user + to click it, potentially resulting in the execution of arbitrary code + with the rights of the user running the browser. A local attacker could + leverage the temporary file vulnerability to read the contents of + another user's attachments or downloads. A remote attacker could also + design a malicious web page that would allow to spoof filenames if the + user uses the "Open with..." function in Firefox, or retrieve + information on the presence of specific files in the local filesystem. +
++ There is no known workaround at this time. +
++ All Mozilla users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.5"
+ + All Mozilla binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.5"
+ + All Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0"
+ + All Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0"
+ + All Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-0.9"
+ + All Thunderbird binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-0.9"
+ + Shoutcast Server is Nullsoft's streaming audio server. It runs on a + variety of platforms, including Linux, and is extremely popular with + Internet broadcasters. +
++ Part of the Shoutcast Server Linux binary has been found to improperly + handle sprintf() parsing. +
++ A malicious attacker could send a formatted URL request to the + Shoutcast Server. This formatted URL would cause either the server + process to crash, or the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Shoutcast Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/shoutcast-server-bin-1.9.5"
+ + MIT krb5 is the free implementation of the Kerberos network + authentication protocol by the Massachusetts Institute of Technology. +
++ The MIT Kerberos 5 administration library libkadm5srv contains a + heap overflow in the code handling password changing. +
++ Under specific circumstances an attacker could execute arbitary + code with the permissions of the user running mit-krb5, which could be + the root user. +
++ There is no known workaround at this time. +
++ All mit-krb5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6"
+ + The TIFF library contains encoding and decoding routines for the + Tag Image File Format. It is called by numerous programs, including + GNOME and KDE applications, to interpret TIFF images. +
++ infamous41md found a potential integer overflow in the directory + entry count routines of the TIFF library (CAN-2004-1308). Dmitry V. + Levin found another similar issue in the tiffdump utility + (CAN-2004-1183). +
++ A remote attacker could entice a user to view a carefully crafted + TIFF image file, which would potentially lead to execution of arbitrary + code with the rights of the user viewing the image. This affects any + program that makes use of the TIFF library, including many web browsers + or mail readers. +
++ There is no known workaround at this time. +
++ All TIFF library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.1-r1"
+ + xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +
++ Ariel Berkman discovered that xine-lib reads specific input data + into an array without checking the input size in demux_aiff.c, making + it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense + discovered that the PNA_TAG handling code in pnm_get_chunk() does not + check if the input size is larger than the buffer size (CAN-2004-1187). + iDefense also discovered that in this same function, a negative value + could be given to an unsigned variable that specifies the read length + of input data (CAN-2004-1188). +
++ A remote attacker could craft a malicious movie or convince a + targeted user to connect to a malicious PNM server, which could result + in the execution of arbitrary code with the rights of the user running + any xine-lib frontend. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose media-libs/xine-lib
+ + phpGroupWare is a web-based suite of group applications including a + calendar, todo-list, addressbook, email, wiki, news headlines, and a + file manager. +
++ Several flaws were discovered in phpGroupWare making it vulnerable to + cross-site scripting attacks, SQL injection, and full path disclosure. +
++ These vulnerabilities could allow an attacker to perform cross-site + scripting attacks, execute SQL queries, and disclose the full path of + the web directory. +
++ There is no known workaround at this time. +
++ All phpGroupWare users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.004"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ xzgv is a picture viewer for X, with a thumbnail-based file + selector. +
++ Multiple overflows have been found in the image processing code of + xzgv, including an integer overflow in the PRF parsing code + (CAN-2004-0994). +
++ An attacker could entice a user to open or browse a + specially-crafted image file, potentially resulting in the execution of + arbitrary code with the rights of the user running xzgv. +
++ There is no known workaround at this time. +
++ All xzgv users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r1"
+ + Vilistextum is an HTML to text converter. +
++ Ariel Berkman discovered that Vilistextum unsafely reads data into + an array without checking the length. This code vulnerability may lead + to a buffer overflow. +
++ A remote attacker could craft a malicious webpage which, when + converted, would result in the execution of arbitrary code with the + rights of the user running Vilistextum. +
++ There is no known workaround at this time. +
++ All Vilistextum users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/vilistextum-2.6.7"
+ + Dillo is a small and fast multi-platform web browser based on + GTK+. +
++ Gentoo Linux developer Tavis Ormandy found a format string bug in + Dillo's handling of messages in a_Interface_msg(). +
++ An attacker could craft a malicious web page which, when accessed + using Dillo, would trigger the format string vulnerability and + potentially execute arbitrary code with the rights of the user running + Dillo. +
++ There is no known workaround at this time. +
++ All Dillo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/dillo-0.8.3-r4"
+ + TikiWiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +
++ TikiWiki lacks a check on uploaded images in the Wiki edit page. +
++ A malicious user could run arbitrary commands on the server by + uploading and calling a PHP script. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.4.1"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ pdftohtml is a utility to convert PDF files to HTML or XML + formats. It makes use of Xpdf code to decode PDF files. +
++ Xpdf is vulnerable to integer overflows, as described in GLSA + 200412-24. +
++ An attacker could entice a user to convert a specially-crafted PDF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running pdftohtml. +
++ There is no known workaround at this time. +
++ All pdftohtml users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r2"
+ + mpg123 is a real-time MPEG audio player. +
++ mpg123 improperly parses frame headers in input streams. +
++ By inducing a user to play a malicious file, an attacker may be + able to exploit a buffer overflow to execute arbitrary code with the + permissions of the user running mpg123. +
++ There is no known workaround at this time. +
++ All mpg123 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r9"
+ + UnRTF is a utility to convert files in the Rich Text Format into + other formats. +
++ An unchecked strcat() in unrtf may overflow the bounds of a static + buffer. +
++ Using a specially crafted file, possibly delivered by e-mail or + over the web, an attacker may execute arbitrary code with the + permissions of the user running UnRTF. +
++ There is no known workaround at this time. +
++ All unrtf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/unrtf-0.19.3-r1"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. Konqueror is the KDE web browser and file + manager. +
++ Konqueror contains two errors that allow JavaScript scripts and Java + applets to have access to restricted Java classes. +
++ A remote attacker could embed a malicious Java applet in a web page and + entice a victim to view it. This applet can then bypass security + restrictions and execute any command, or access any file with the + rights of the user running Konqueror. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdelibs
+ + KPdf is a KDE-based PDF viewer included in the kdegraphics package. + KOffice is an integrated office suite for KDE. +
++ KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is + vulnerable to multiple new integer overflows, as described in GLSA + 200412-24. +
++ An attacker could entice a user to open a specially-crafted PDF file, + potentially resulting in the execution of arbitrary code with the + rights of the user running the affected utility. +
++ There is no known workaround at this time. +
++ All KPdf users should upgrade to the latest version of kdegraphics: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdegraphics
+ + All KOffice users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-office/koffice
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KDE provided KIOslaves for many protocols + in the kdelibs package, one of them being FTP. These are used by KDE + applications such as Konqueror. +
++ The FTP KIOslave fails to properly parse URL-encoded newline + characters. +
++ An attacker could exploit this to execute arbitrary FTP commands on the + server and due to similiarities between the FTP and the SMTP protocol, + this vulnerability also allows an attacker to connect to a SMTP server + and issue arbitrary commands, for example sending an email. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdelibs
+ + imlib2 is an advanced replacement for image manipulation libraries + such as libXpm. It is utilized by numerous programs, including gkrellm + and several window managers, to display images. +
++ Pavel Kankovsky discovered that several buffer overflows found in + the libXpm library (see GLSA 200409-34) also apply to imlib (see GLSA + 200412-03) and imlib2. He also fixed a number of other potential + security vulnerabilities. +
++ A remote attacker could entice a user to view a carefully-crafted + image file, which would potentially lead to the execution of arbitrary + code with the rights of the user viewing the image. This affects any + program that utilizes of the imlib2 library. +
++ There is no known workaround at this time. +
++ All imlib2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.2.0"
+ + o3read is a standalone converter for OpenOffice.org files. It + allows a user to dump the contents tree (o3read) and convert to plain + text (o3totxt) or to HTML (o3tohtml) Writer and Calc files. +
++ Wiktor Kopec discovered that the parse_html function in o3read.c + copies any number of bytes into a 1024-byte t[] array. +
++ Using a specially crafted file, possibly delivered by e-mail or + over the Web, an attacker may execute arbitrary code with the + permissions of the user running o3read. +
++ There is no known workaround at this time. +
++ All o3read users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"
+ + HylaFAX is a software package for sending and receiving facsimile + messages. +
++ The code used by hfaxd to match a given username and hostname with + an entry in the hosts.hfaxd file is insufficiently protected against + malicious entries. +
++ If the HylaFAX installation uses a weak hosts.hfaxd file, a remote + attacker could authenticate using a malicious username or hostname and + bypass the intended access restrictions. +
++ As a workaround, administrators may consider adding passwords to + all entries in the hosts.hfaxd file. +
++ All HylaFAX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.0-r2"
+ + Note: Due to heightened security, weak entries in the + hosts.hfaxd file may no longer work. Please see the HylaFAX + documentation for details of accepted syntax in the hosts.hfaxd file. +
++ poppassd_pam is a PAM-enabled server for changing system passwords + that can be used to change POP server passwords. +
++ Gentoo Linux developer Marcus Hanwell discovered that poppassd_pam + did not check that the old password was valid before changing + passwords. Our investigation revealed that poppassd_pam did not call + pam_authenticate before calling pam_chauthtok. +
++ A remote attacker could change the system password of any user, + including root. This leads to a complete compromise of the POP + accounts, and may also lead to a complete root compromise of the + affected server, if it also provides shell access authenticated using + system passwords. +
++ There is no known workaround at this time. +
++ All poppassd_pam users should migrate to the new package called + poppassd_ceti: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/poppassd_ceti-1.8.4"
+ + Note: Portage will automatically replace the poppassd_pam + package by the poppassd_ceti package. +
++ Exim is an highly configurable message transfer agent (MTA) + developed at the University of Cambridge. +
++ Buffer overflows have been found in the host_aton() function + (CAN-2005-0021) as well as in the spa_base64_to_bits() function + (CAN-2005-0022), which is part of the SPA authentication code. +
++ A local attacker could trigger the buffer overflow in host_aton() + by supplying an illegal IPv6 address with more than 8 components, using + a command line option. The second vulnerability could be remotely + exploited during SPA authentication, if it is enabled on the server. + Both buffer overflows can potentially lead to the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All Exim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.43-r2"
+ + tnftp is a NetBSD FTP client with several advanced features. +
++ The 'mget' function in cmds.c lacks validation of the filenames + that are supplied by the server. +
++ An attacker running an FTP server could supply clients with + malicious filenames, potentially allowing the overwriting of arbitrary + files with the permission of the connected user. +
++ There is no known workaround at this time. +
++ All tnftp users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/tnftp-20050103"
+ + Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +
++ Squid contains a vulnerability in the gopherToHTML function + (CAN-2005-0094) and incorrectly checks the 'number of caches' field + when parsing WCCP_I_SEE_YOU messages (CAN-2005-0095). Furthermore the + NTLM code contains two errors. One is a memory leak in the + fakeauth_auth helper (CAN-2005-0096) and the other is a NULL pointer + dereferencing error (CAN-2005-0097). Finally Squid also contains an + error in the ACL parsing code (CAN-2005-0194). +
++ With the WCCP issue an attacker could cause denial of service by + sending a specially crafted UDP packet. With the Gopher issue an + attacker might be able to execute arbitrary code by enticing a user to + connect to a malicious Gopher server. The NTLM issues could lead to + denial of service by memory consumption or by crashing Squid. The ACL + issue could lead to ACL bypass. +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.7-r2"
+ + ImageMagick is a collection of tools to read, write and manipulate + images in many formats. +
++ Andrei Nigmatulin discovered that a Photoshop Document (PSD) file + with more than 24 layers could trigger a heap overflow. +
++ An attacker could potentially design a mailicous PSD image file to + cause arbitrary code execution with the permissions of the user running + ImageMagick. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.8.8"
+ + Ethereal is a feature rich network protocol analyzer. +
++ There are multiple vulnerabilities in versions of Ethereal earlier + than 0.10.9, including: +
++ An attacker might be able to use these vulnerabilities to crash + Ethereal, perform DoS by CPU and disk space utilization or even execute + arbitrary code with the permissions of the user running Ethereal, which + could be the root user. +
++ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. However, it is strongly recommended to upgrade to + the latest stable version. +
++ All Ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.9"
+ + Xpdf is an open source viewer for Portable Document Format (PDF) + files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code. +
++ iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf's + Decrypt.cc insufficiently checks boundaries when processing /Encrypt + /Length tags in PDF files. +
++ An attacker could entice an user to open a specially-crafted PDF + file which would trigger a stack overflow, potentially resulting in + execution of arbitrary code with the rights of the user running Xpdf or + GPdf. +
++ There is no known workaround at this time. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r8"
+ + All GPdf users should also upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.8.2"
+ + Mailman is a Python-based mailing list server with an extensive + web interface. +
++ Florian Weimer has discovered a cross-site scripting vulnerability + in the error messages that are produced by Mailman. +
++ By enticing a user to visiting a specially-crafted URL, an + attacker can execute arbitrary script code running in the context of + the victim's browser. +
++ There is no known workaround at this time. +
++ All Mailman users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
+ + The Common UNIX Printing System (CUPS) is a cross-platform print + spooler. It makes use of Xpdf code to handle PDF files. +
++ The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc + insufficiently checks boundaries when processing /Encrypt /Length tags + in PDF files (GLSA 200501-28). +
++ This issue could be exploited by a remote attacker to execute + arbitrary code by sending a malicious print job to a CUPS spooler. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1"
+ + teTeX is a complete and open source TeX distribution. CSTeX is + another TeX distribution including Czech and Slovak support. pTeX is + another alternative that allows Japanese publishing with TeX. xdvizilla + is an auxiliary script used to integrate DVI file viewing in + Mozilla-based browsers. +
++ teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore + be vulnerable to the various overflows that were discovered in Xpdf + code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). + Furthermore, Javier Fernandez-Sanguino Pena discovered that the + xdvizilla script does not handle temporary files correctly. +
++ An attacker could design a malicious input file which, when + processed using one of the TeX distributions, could lead to the + execution of arbitrary code. Furthermore, a local attacker could create + symbolic links in the temporary files directory, pointing to a valid + file somewhere on the filesystem. When xdvizilla is called, this would + result in the file being overwritten with the rights of the user + running the script. +
++ There is no known workaround at this time. +
++ All teTeX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r5"
+ + All CSTeX users should also upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r1"
+ + Finally, all pTeX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.4-r2"
+ + KPdf is a KDE-based PDF viewer included in the kdegraphics + package. KOffice is an integrated office suite for KDE. +
++ KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf + is vulnerable to a new stack overflow, as described in GLSA 200501-28. +
++ An attacker could entice a user to open a specially-crafted PDF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running the affected application. +
++ There is no known workaround at this time. +
++ All KPdf users should upgrade to the latest version of + kdegraphics: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdegraphics
+ + All KOffice users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-office/koffice
+ + MySQL is a fast, multi-threaded, multi-user SQL database server. +
++ Javier Fernandez-Sanguino Pena from the Debian Security Audit + Project discovered that the 'mysqlaccess' script creates temporary + files in world-writeable directories with predictable names. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When the mysqlaccess script is executed, this would result in the file + being overwritten with the rights of the user running the software, + which could be the root user. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.22-r2"
+ + Konversation is a user-friendly IRC client for KDE. +
++ Wouter Coekaerts has discovered three vulnerabilities within + Konversation: +
++ A malicious server could create specially-crafted channels, which + would exploit certain flaws in Konversation, potentially leading to the + execution of shell commands. A user could also unintentionally input + their password into the 'Nick' field in the Quick Connect dialog, + exposing his password to IRC users, and log files. +
++ There is no known workaround at this time. +
++ All Konversation users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/konversation-0.15.1"
+ + Evolution is a GNOME groupware application similar to Microsoft + Outlook. +
++ Max Vozeler discovered an integer overflow in the + camel-lock-helper application, which is installed as setgid mail by + default. +
++ A local attacker could exploit this vulnerability to execute + malicious code with the privileges of the 'mail' group. A remote + attacker could also setup a malicious POP server to execute arbitrary + code when an Evolution user connects to it. +
++ There is no known workaround at this time. +
++ All Evolution users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.0.2-r1"
+ + AWStats is an advanced log file analyzer and statistics generator. +
++ When 'awstats.pl' is run as a CGI script, it fails to validate specific + inputs which are used in a Perl open() function call. Furthermore, a + user could read log file content even when plugin rawlog was not + enabled. +
++ A remote attacker could supply AWStats malicious input, potentially + allowing the execution of arbitrary code with the rights of the web + server. He could also access raw log contents. +
++ Making sure that AWStats does not run as a CGI script will avoid the + issue, but we recommend that users upgrade to the latest version, which + fixes these bugs. +
++ All AWStats users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-misc/awstats-6.3-r2"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ GraphicsMagick is a collection of tools to read, write and + manipulate images in many formats. GraphicsMagick is originally derived + from ImageMagick 5.5.2. +
++ Andrei Nigmatulin discovered that handling a Photoshop Document + (PSD) file with more than 24 layers in ImageMagick could trigger a heap + overflow (GLSA 200501-26). GraphicsMagick is based on the same code and + therefore suffers from the same flaw. +
++ An attacker could potentially design a malicious PSD image file to + cause arbitrary code execution with the permissions of the user running + GraphicsMagick. +
++ There is no known workaround at this time. +
++ All GraphicsMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.5"
+ + Perl is a cross platform programming language. The DBI is the standard + database interface module for Perl. +
++ Javier Fernandez-Sanguino Pena discovered that the DBI library creates + temporary files in an insecure, predictable way (CAN-2005-0077). Paul + Szabo found out that "File::Path::rmtree" is vulnerable to various race + conditions (CAN-2004-0452, CAN-2005-0448). +
++ A local attacker could create symbolic links in the temporary files + directory that point to a valid file somewhere on the filesystem. When + the DBI library or File::Path::rmtree is executed, this could be used + to overwrite or remove files with the rights of the user calling these + functions. +
++ There are no known workarounds at this time. +
++ All Perl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-lang/perl
+ + All DBI library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-perl/DBI
+ + SquirrelMail is a webmail package written in PHP. It supports IMAP + and SMTP and can optionally be installed with SQL support. +
++ SquirrelMail fails to properly sanitize certain strings when + decoding specially-crafted strings, which can lead to PHP file + inclusion and XSS. +
++ By sending a specially-crafted URL, an attacker can execute + arbitrary code from the local system with the permissions of the web + server. Furthermore by enticing a user to load a specially-crafted URL, + it is possible to display arbitrary remote web pages in Squirrelmail's + frameset and execute arbitrary scripts running in the context of the + victim's browser. This could lead to a compromise of the user's webmail + account, cookie theft, etc. +
++ The arbitrary code execution is only possible with + "register_globals" set to "On". Gentoo ships PHP with + "register_globals" set to "Off" by default. There are no known + workarounds for the other issues at this time. +
++ All SquirrelMail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.4"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ ngIRCd is a free open source daemon for Internet Relay Chat (IRC). +
++ Florian Westphal discovered a buffer overflow caused by an integer + underflow in the Lists_MakeMask() function of lists.c. +
++ A remote attacker can exploit this buffer overflow to crash the ngIRCd + daemon and possibly execute arbitrary code with the rights of the + ngIRCd daemon process. +
++ There is no known workaround at this time. +
++ All ngIRCd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/ngIRCd-0.8.2"
+ + TikiWiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +
++ TikiWiki does not validate files uploaded to the "temp" directory. +
++ A malicious user could run arbitrary commands on the server by + uploading and calling a PHP script. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5"
+ + Video Disk Recorder (VDR) is a Linux-based digital video recorder. + The VDR program handles the On Screen Menu system that offers complete + control over channel settings, timers and recordings. +
++ Javier Fernandez-Sanguino Pena from the Debian Security Audit Team + discovered that VDR accesses user-controlled files insecurely. +
++ A local attacker could create malicious links and invoke a VDR + recording that would overwrite arbitrary files on the system. +
++ There is no known workaround at this time. +
++ All VDR users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vdr-1.2.6-r1"
+ + f2c is a Fortran to C translator. Portage uses this package in + some ebuilds to build Fortran sources. +
++ Javier Fernandez-Sanguino Pena from the Debian Security Audit Team + discovered that f2c creates temporary files in world-writeable + directories with predictable names. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When f2c is executed, this would result in the file being overwritten + with the rights of the user running the software, which could be the + root user. +
++ There is no known workaround at this time. +
++ All f2c users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/f2c-20030320-r1"
+ + ncpfs is a NCP protocol network filesystem driver that allows + access to NetWare services, to mount volumes of NetWare servers or + print to NetWare print queues. +
++ Erik Sjolund discovered two vulnerabilities in the programs + bundled with ncpfs: there is a potentially exploitable buffer overflow + in ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities + using the NetWare client functions insecurely access files with + elevated privileges (CAN-2005-0013). +
++ The buffer overflow might allow a malicious remote NetWare server + to execute arbitrary code on the NetWare client. Furthermore, a local + attacker may be able to create links and access files with elevated + privileges using SUID ncpfs utilities. +
++ There is no known workaround at this time. +
++ All ncpfs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/ncpfs-2.2.6"
+ + Gallery is a web application written in PHP which is used to organize + and publish photo albums. It allows multiple users to build and + maintain their own albums. It also supports the mirroring of images on + other servers. +
++ Rafel Ivgi has discovered a cross-site scripting vulnerability where + the 'username' parameter is not properly sanitized in 'login.php'. +
++ By sending a carefully crafted URL, an attacker can inject and execute + script code in the victim's browser window, and potentially compromise + the user's gallery. +
++ There is no known workaround at this time. +
++ All Gallery users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p6"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ ClamAV is an antivirus toolkit. It includes a multi-threaded daemon and + a command line scanner. +
++ ClamAV fails to properly scan ZIP files with special headers + (CAN-2005-0133) and base64 encoded images in URLs. +
++ By sending a base64 encoded image file in a URL an attacker could evade + virus scanning. By sending a specially-crafted ZIP file an attacker + could cause a Denial of Service by crashing the clamd daemon. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.81"
+ + FireHOL is an iptables rules generator. +
++ FireHOL insecurely creates temporary files with predictable names. +
++ A local attacker could create malicious symbolic links to arbitrary + system files. When FireHOL is executed, this could lead to these files + being overwritten with the rights of the user launching FireHOL, + usually the root user. +
++ There is no known workaround at this time. +
++ All FireHOL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/firehol-1.224"
+ + UW IMAP is the University of Washington IMAP toolkit which includes + POP3 and IMAP daemons. +
++ A logic bug in the code handling CRAM-MD5 authentication incorrectly + specifies the condition for successful authentication. +
++ An attacker could exploit this vulnerability to authenticate as any + mail user on a server with CRAM-MD5 authentication enabled. +
++ Disable CRAM-MD5 authentication. +
++ All UW IMAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004b"
+ + enscript is a powerful ASCII to PostScript file converter. +
++ Erik Sjolund discovered several issues in enscript: it suffers + from several buffer overflows (CAN-2004-1186), quotes and shell escape + characters are insufficiently sanitized in filenames (CAN-2004-1185), + and it supported taking input from an arbitrary command pipe, with + unwanted side effects (CAN-2004-1184). +
++ An attacker could design malicious files or input data which, once + feeded into enscript, would trigger the execution of arbitrary code + with the rights of the user running enscript. +
++ There is no known workaround at this time. +
++ All enscript users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.3-r3"
+ + Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other + protocols, as well as SSL support, cache hierarchies, transparent + caching, access control lists and many other features. +
++ Squid contains several vulnerabilities: +
++ An attacker could exploit: +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.7-r5"
+ + Newspost is a Usenet News binary autoposter. +
++ Niels Heinen has discovered a buffer overflow in the socket_getline() + function of Newspost, which can be triggered by providing long strings + that do not end with a newline character. +
++ A remote attacker could setup a malicious NNTP server and entice a + Newspost user to post to it, leading to the crash of the Newspost + process and potentially the execution of arbitrary code with the rights + of the Newspost user. +
++ There is no known workaround at this time. +
++ All Newspost users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nntp/newspost-2.0-r1"
+ + LessTif is a clone of OSF/Motif, which is a standard user + interface toolkit available on Unix and Linux. +
++ Multiple vulnerabilities, including buffer overflows, out of + bounds memory access and directory traversals, have been discovered in + libXpm, which is shipped as a part of the X Window System. LessTif, an + application that includes libXpm, suffers from the same issues. +
++ A carefully-crafted XPM file could crash applications making use + of the LessTif toolkit, potentially allowing the execution of arbitrary + code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All LessTif users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0"
+ + OpenMotif provides a free version of the Motif toolkit for open source + applications. +
++ Multiple vulnerabilities, such as buffer overflows, out of bounds + memory access or directory traversals, have been discovered in libXpm + that is shipped as a part of the X Window System (see GLSA 200409-34 + and 200411-28). OpenMotif, an application that includes this library, + suffers from the same issues. +
++ A carefully-crafted XPM file could crash applications making use of the + OpenMotif toolkit, potentially allowing the execution of arbitrary code + with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All OpenMotif users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose x11-libs/openmotif
+ + Note: You should run 'revdep-rebuild' to ensure that all applications + linked to OpenMotif are properly rebuilt. +
++ PostgreSQL is a SQL compliant, open source object-relational database + management system. +
++ PostgreSQL's contains several vulnerabilities: +
++ An attacker could exploit this to execute arbitrary code with the + privileges of the PostgreSQL server, bypass security restrictions and + crash the server. +
++ There is no know workaround at this time. +
++ All PostgreSQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-db/postgresql
+ + Python is an interpreted, interactive, object-oriented, + cross-platform programming language. +
++ Graham Dumpleton discovered that XML-RPC servers making use of the + SimpleXMLRPCServer library that use the register_instance() method to + register an object without a _dispatch() method are vulnerable to a + flaw allowing to read or modify globals of the associated module. +
++ A remote attacker may be able to exploit the flaw in such XML-RPC + servers to execute arbitrary code on the server host with the rights of + the XML-RPC server. +
++ Python users that don't make use of any SimpleXMLRPCServer-based + XML-RPC servers, or making use of servers using only the + register_function() method are not affected. +
++ All Python users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-lang/python
+ + pdftohtml is a utility to convert PDF files to HTML or XML + formats. It makes use of Xpdf code to decode PDF files. +
++ Xpdf is vulnerable to a buffer overflow, as described in GLSA + 200501-28. +
++ An attacker could entice a user to convert a specially-crafted PDF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running pdftohtml. +
++ There is no known workaround at this time. +
++ All pdftohtml users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r3"
+ + Mailman is a Python-based mailing list server with an extensive + web interface. +
++ Mailman contains an error in private.py which fails to properly + sanitize input paths. +
++ An attacker could exploit this flaw to obtain arbitrary files on + the web server. +
++ There is no known workaround at this time. +
++ All Mailman users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r4"
+ + Webmin is a web-based system administration console allowing an + administrator to easily configure servers and other features. Using the + 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build + reusable binary packages for any of the packages available through the + Portage tree. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + the Webmin ebuild contains a design flaw. It imports the encrypted + local root password into the miniserv.users file before building binary + packages that include this file. +
++ A remote attacker could retrieve Portage-built Webmin binary packages + and recover the encrypted root password from the build host. +
++ Users who never built or shared a Webmin binary package are unaffected + by this. +
++ Webmin users should delete any old shared Webmin binary package as soon + as possible. They should also consider their buildhost root password + potentially exposed and follow proper audit procedures. +
++ If you plan to build binary packages, you should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/webmin-1.170-r3"
+ + Perl is a stable, cross-platform programming language created by + Larry Wall. The perl-suid wrapper allows the use of setuid perl + scripts, i.e. user-callable Perl scripts which have elevated + privileges. This function is enabled only if you have the perlsuid USE + flag set. +
++ perl-suid scripts honor the PERLIO_DEBUG environment variable and + write to that file with elevated privileges (CAN-2005-0155). + Furthermore, calling a perl-suid script with a very long path while + PERLIO_DEBUG is set could trigger a buffer overflow (CAN-2005-0156). +
++ A local attacker could set the PERLIO_DEBUG environment variable + and call existing perl-suid scripts, resulting in file overwriting and + potentially the execution of arbitrary code with root privileges. +
++ You are not vulnerable if you do not have the perlsuid USE flag + set or do not use perl-suid scripts. +
++ All Perl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-lang/perl
+ + mod_python is an Apache module that embeds the Python interpreter + within the server allowing Python-based web-applications to be created. +
++ Graham Dumpleton discovered a vulnerability in mod_python's Publisher + Handler. +
++ By requesting a specially crafted URL for a published module page, an + attacker could obtain information about restricted variables. +
++ There is no known workaround at this time. +
++ All mod_python users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose www-apache/mod_python
+ + The PowerDNS Nameserver is an authoritative-only nameserver which uses + a flexible backend architecture. +
++ A vulnerability has been reported in the DNSPacket::expand method of + dnspacket.cc. +
++ An attacker could cause a temporary Denial of Service by sending a + random stream of bytes to the PowerDNS Daemon. +
++ There is no known workaround at this time. +
++ All PowerDNS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/pdns-2.9.17"
+ + ht://Dig is an HTTP/HTML indexing and searching system. +
++ Michael Krax discovered that ht://Dig fails to validate the + 'config' parameter before displaying an error message containing the + parameter. This flaw could allow an attacker to conduct cross-site + scripting attacks. +
++ By sending a carefully crafted message, an attacker can inject and + execute script code in the victim's browser window. This allows to + modify the behaviour of ht://Dig, and/or leak session information such + as cookies to the attacker. +
++ There is no known workaround at this time. +
++ All ht://Dig users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-misc/htdig-3.1.6-r7"
+ + Opera is a multi-platform web browser. +
++ Opera contains several vulnerabilities: +
++ An attacker could exploit these vulnerabilities to: +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-7.54-r3"
+ + VMware Workstation is a powerful virtual machine for developers and + system administrators. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered + that VMware Workstation searches for gdk-pixbuf loadable modules in an + untrusted, world-writable directory. +
++ A local attacker could create a malicious shared object that would be + loaded by VMware, resulting in the execution of arbitrary code with the + privileges of the user running VMware. +
++ The system administrator may create the file /tmp/rrdharan to prevent + malicious users from creating a directory at that location: +
+
+ # touch /tmp/rrdharan
+ + All VMware Workstation users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/vmware-workstation-3.2.1.2242-r4"
+ + PostgreSQL is a SQL compliant, open source object-relational database + management system. +
++ PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL + parser. +
++ A remote attacker could send a malicious query resulting in the + execution of arbitrary code with the permissions of the user running + PostgreSQL. +
++ There is no known workaround at this time. +
++ All PostgreSQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-db/postgresql
+ + GNU Emacs and XEmacs are highly extensible and customizable text + editors. movemail is an Emacs utility that can fetch mail on remote + mail servers. +
++ Max Vozeler discovered that the movemail utility contains several + format string errors. +
++ An attacker could set up a malicious POP server and entice a user to + connect to it using movemail, resulting in the execution of arbitrary + code with the rights of the victim user. +
++ There is no known workaround at this time. +
++ All Emacs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-21.4"
+ + All XEmacs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/xemacs-21.4.15-r3"
+ + lighttpd is a small-footprint, fast, compliant and very flexible + web-server which is optimized for high-performance environments. +
++ lighttpd uses file extensions to determine which elements are programs + that should be executed and which are static pages that should be sent + as-is. By appending %00 to the filename, you can evade the extension + detection mechanism while still accessing the file. +
++ A remote attacker could send specific queries and access the source of + scripts that should have been executed as CGI or FastCGI applications. +
++ There is no known workaround at this time. +
++ All lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.3.10-r1"
+ + wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE + 802.11i / RSN). +
++ wpa_supplicant contains a possible buffer overflow due to the lacking + validation of received EAPOL-Key frames. +
++ An attacker could cause the crash of wpa_supplicant using a specially + crafted packet. +
++ There is no known workaround at this time. +
++ All wpa_supplicant users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-0.2.7"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KStars is a desktop planetarium for KDE. + It includes support for the Instrument Neutral Distributed Interface + (INDI). +
++ Erik Sjolund discovered a buffer overflow in fliccd which is part + of the INDI support in KStars. +
++ An attacker could exploit this vulnerability to execute code with + elevated privileges. If fliccd does not run as daemon remote + exploitation of this vulnerability is not possible. KDE as shipped by + Gentoo does not start the daemon in the default installation. +
++ There is no known workaround at this time. +
++ All KStars users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdeedu-3.3.2-r1"
+ + Midnight Commander is a visual console file manager. +
++ Midnight Commander contains several format string vulnerabilities + (CAN-2004-1004), buffer overflows (CAN-2004-1005), a memory + deallocation error (CAN-2004-1092) and a buffer underflow + (CAN-2004-1176). +
++ An attacker could exploit these vulnerabilities to execute + arbitrary code with the permissions of the user running Midnight + Commander or cause Denial of Service by freeing unallocated memory. +
++ There is no known workaround at this time. +
++ All Midnight Commander users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/mc-4.6.0-r13"
+ + Squid is a full-featured Web proxy cache designed to run on + Unix-like systems. It supports proxying and caching of HTTP, FTP, and + other protocols, as well as SSL support, cache hierarchies, transparent + caching, access control lists and many other features. +
++ Handling of certain DNS responses trigger assertion failures. +
++ By returning a specially crafted DNS response an attacker could + cause Squid to crash by triggering an assertion failure. +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.8"
+ + GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD + is distributed with gprostats, a utility to parse ProFTPD transfer + logs. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a + format string vulnerability in the gprostats utility. +
++ An attacker could exploit the vulnerability by performing a specially + crafted FTP transfer, the resulting ProFTPD transfer log could + potentially trigger the execution of arbitrary code when parsed by + GProFTPD. +
++ There is no known workaround at this time. +
++ All GProFTPD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/gproftpd-8.1.9"
+ + gFTP is a GNOME based, multi-threaded file transfer client. +
++ gFTP lacks input validation of filenames received by remote + servers. +
++ An attacker could entice a user to connect to a malicious FTP + server and conduct a directory traversal attack by making use of + specially crafted filenames. This could lead to arbitrary files being + created or overwritten. +
++ There is no known workaround at this time. +
++ All gFTP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/gftp-2.0.18-r1"
+ + PuTTY is a popular SSH client, PSCP is a secure copy + implementation, and PSFTP is a SSH File Transfer Protocol client. +
++ Two vulnerabilities have been discovered in the PSCP and PSFTP + clients, which can be triggered by the SFTP server itself. These issues + are caused by the improper handling of the FXP_READDIR response, along + with other string fields. +
++ An attacker can setup a malicious SFTP server that would send + these malformed responses to a client, potentially allowing the + execution of arbitrary code on their system. +
++ There is no known workaround at this time. +
++ All PuTTY users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/putty-0.57"
+ + The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail + server. +
++ Possible single byte overflows have been found in the imapd annotate + extension and mailbox handling code. Furthermore stack buffer overflows + have been found in fetchnews, the backend and imapd. +
++ An attacker, who could be an authenticated user or an admin of a + peering news server, could exploit these vulnerabilities to execute + arbitrary code with the rights of the user running the Cyrus IMAP + Server. +
++ There is no known workaround at this time. +
++ All Cyrus IMAP Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.12"
+ + cmd5checkpw is a checkpassword compatible authentication program that + uses CRAM-MD5 authentication mode. +
++ Florian Westphal discovered that cmd5checkpw is installed setuid + cmd5checkpw but does not drop privileges before calling execvp(), so + the invoked program retains the cmd5checkpw euid. +
++ Local users that know at least one valid /etc/poppasswd user/password + combination can read the /etc/poppasswd file. +
++ There is no known workaround at this time. +
++ All cmd5checkpw users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"
+ + uim is a simple, secure and flexible input method library. +
++ Takumi Asaki discovered that uim insufficiently checks environment + variables. setuid/setgid applications linked against libuim could end + up executing arbitrary code. This vulnerability only affects + immodule-enabled Qt (if you build Qt 3.3.2 or later versions with + USE="immqt" or USE="immqt-bc"). +
++ A malicious local user could exploit this vulnerability to execute + arbitrary code with escalated privileges. +
++ There is no known workaround at this time. +
++ All uim users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-i18n/uim-0.4.5.1"
+ UnAce is an utility to extract, view and test the contents of an ACE + archive. +
+Ulf Harnhammar discovered that UnAce suffers from buffer overflows when + testing, unpacking or listing specially crafted ACE archives + (CAN-2005-0160). He also found out that UnAce is vulnerable to directory + traversal attacks, if an archive contains “./..” sequences or + absolute filenames (CAN-2005-0161). +
+An attacker could exploit the buffer overflows to execute malicious code + or the directory traversals to overwrite arbitrary files. +
+There is no known workaround at this time.
+All UnAce users should upgrade to the latest available version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unace-2.5-r3"
+
+
+ + MediaWiki is a collaborative editing software, used by big + projects like Wikipedia. +
++ A security audit of the MediaWiki project discovered that + MediaWiki is vulnerable to several cross-site scripting and cross-site + request forgery attacks, and that the image deletion code does not + sufficiently sanitize input parameters. +
++ By tricking a user to load a carefully crafted URL, a remote + attacker could hijack sessions and authentication cookies to inject + malicious script code that will be executed in a user's browser session + in context of the vulnerable site, or use JavaScript submitted forms to + perform restricted actions. Using the image deletion flaw, it is also + possible for authenticated administrators to delete arbitrary files via + directory traversal. +
++ There is no known workaround at this time. +
++ All MediaWiki users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.3.11"
+ + Qt is a cross-platform GUI toolkit used by KDE. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered + that Qt searches for shared libraries in an untrusted, world-writable + directory. +
++ A local attacker could create a malicious shared object that would be + loaded by Qt, resulting in the execution of arbitrary code with the + privileges of the Qt application. +
++ There is no known workaround at this time. +
++ All Qt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r2"
+ + phpBB is an Open Source bulletin board package. +
++ It was discovered that phpBB contains a flaw in the session + handling code and a path disclosure bug. AnthraX101 discovered that + phpBB allows local users to read arbitrary files, if the "Enable remote + avatars" and "Enable avatar uploading" options are set (CAN-2005-0259). + He also found out that incorrect input validation in + "usercp_avatar.php" and "usercp_register.php" makes phpBB vulnerable to + directory traversal attacks, if the "Gallery avatars" setting is + enabled (CAN-2005-0258). +
++ Remote attackers can exploit the session handling flaw to gain + phpBB administrator rights. By providing a local and a remote location + for an avatar and setting the "Upload Avatar from a URL:" field to + point to the target file, a malicious local user can read arbitrary + local files. By inserting "/../" sequences into the "avatarselect" + parameter, a remote attacker can exploit the directory traversal + vulnerability to delete arbitrary files. A flaw in the "viewtopic.php" + script can be exploited to expose the full path of PHP scripts. +
++ There is no known workaround at this time. +
++ All phpBB users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.13"
+ + Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +
++ Specially crafted SNAC packets sent by other instant-messaging + users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML + code could lead to invalid memory accesses (CAN-2005-0208 and + CAN-2005-0473). +
++ Remote attackers could exploit these issues, resulting in a Denial + of Service. +
++ There is no known workaround at this time. +
++ All Gaim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gaim-1.1.4"
+ + phpWebSite provides a complete web site content management system. +
++ NST discovered that, when submitting an announcement, uploaded files + aren't correctly checked for malicious code. They also found out that + phpWebSite is vulnerable to a path disclosure. +
++ A remote attacker can exploit this issue to upload files to a directory + within the web root. By calling the uploaded script the attacker could + then execute arbitrary PHP code with the rights of the web server. By + passing specially crafted requests to the search module, remote + attackers can also find out the full path of PHP scripts. +
++ There is no known workaround at this time. +
++ All phpWebSite users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.0-r2"
+ + xli and xloadimage are X11 utilities for displaying and manipulating a + wide range of image formats. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that + xli and xloadimage contain a flaw in the handling of compressed images, + where shell meta-characters are not adequately escaped. Rob Holland of + the Gentoo Linux Security Audit Team has reported that an xloadimage + vulnerability in the handling of Faces Project images discovered by + zen-parse in 2001 remained unpatched in xli. Additionally, it has been + reported that insufficient validation of image properties in xli could + potentially result in buffer management errors. +
++ Successful exploitation would permit a remote attacker to execute + arbitrary shell commands, or arbitrary code with the privileges of the + xloadimage or xli user. +
++ There is no known workaround at this time. +
++ All xli users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r1"
+ + All xloadimage users should also upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r2"
+ + BidWatcher is a free auction tool for eBay users to keep track of + their auctions. +
++ Ulf Harnhammar discovered a format string vulnerability in + "netstuff.cpp". +
++ Remote attackers can potentially exploit this vulnerability by + sending specially crafted responses via an eBay HTTP server or a + man-in-the-middle attack to execute arbitrary malicious code. +
++ There is no known workaround at this time. +
++ All BidWatcher users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/bidwatcher-1.13.17"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +
++ phpMyAdmin contains several security issues: +
++ By sending a specially-crafted request, an attacker can include and + execute arbitrary PHP code or cause path information disclosure. + Furthermore the XSS issue allows an attacker to inject malicious script + code, potentially compromising the victim's browser. Lastly the + improper escaping of special characters results in unintended privilege + settings for MySQL. +
++ There is no known workaround at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_p2-r1"
+ + LessTif is a clone of OSF/Motif, which is a standard user + interface toolkit available on Unix and Linux. OpenMotif also provides + a free version of the Motif toolkit for open source applications. +
++ Chris Gilbert discovered potentially exploitable buffer overflow + cases in libXpm that weren't fixed in previous libXpm security + advisories. +
++ A carefully-crafted XPM file could crash applications making use + of the OpenMotif or LessTif toolkits, potentially allowing the + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All OpenMotif users should upgrade to an unaffected version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose x11-libs/openmotif
+ + All LessTif users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0-r2"
+ + xv is an interactive image manipulation package for X11. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw + in the handling of image filenames by xv. +
++ Successful exploitation would require a victim to process a specially + crafted image with a malformed filename, potentially resulting in the + execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All xv users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r10"
+ + Mozilla Firefox is the popular next-generation browser from the + Mozilla project. +
++ The following vulnerabilities were found and fixed in Mozilla + Firefox: +
++ There is no known workaround at this time. +
++ All Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.1"
+ + All Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.1"
+ + ImageMagick is a collection of tools and libraries for manipulating a + wide variety of image formats. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a + flaw in the handling of filenames by the ImageMagick utilities. +
++ Successful exploitation may disrupt web applications that depend on + ImageMagick for image processing, potentially executing arbitrary code. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.0.4"
+ + Hashcash is a utility for generating Hashcash tokens, a proof-of-work + system to reduce the impact of spam. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw + in the Hashcash utility that an attacker could expose by specifying a + malformed reply address. +
++ Successful exploitation would permit an attacker to disrupt Hashcash + users, and potentially execute arbitrary code. +
++ There is no known workaround at this time. +
++ All Hashcash users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.16-r1"
+ + mlterm is a multi-lingual terminal emulator. +
++ mlterm is vulnerable to an integer overflow that can be triggered by + specifying a large image file as a background. This only effects users + that have compiled mlterm with the 'gtk' USE flag, which enables + gdk-pixbuf support. +
++ An attacker can create a specially-crafted image file which, when used + as a background by the victim, can lead to the execution of arbitrary + code with the privileges of the user running mlterm. +
++ Re-compile mlterm without the 'gtk' USE flag. +
++ All mlterm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/mlterm-2.9.2"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. + dcopidlng is a DCOP helper script. +
++ Davide Madrisan has discovered that the dcopidlng script creates + temporary files in a world-writable directory with predictable names. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When dcopidlng is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdelibs
+ + libXpm is a pixmap manipulation library for the X Window System, + included in X.org. +
++ Chris Gilbert has discovered potentially exploitable buffer overflow + cases in libXpm that weren't fixed in previous libXpm versions. +
++ A carefully-crafted XPM file could crash X.org, potentially allowing + the execution of arbitrary code with the privileges of the user running + the application. +
++ There is no known workaround at this time. +
++ All X.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose x11-base/xorg-x11
+ + Ethereal is a feature rich network protocol analyzer. +
++ There are multiple vulnerabilities in versions of Ethereal earlier than + 0.10.10, including: +
++ An attacker might be able to use these vulnerabilities to crash + Ethereal and execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +
++ For a temporary workaround you can disable all affected protocol + dissectors. However, it is strongly recommended that you upgrade to the + latest stable version. +
++ All Ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.10"
+ + libexif is a library for parsing, editing and saving EXIF data. +
++ libexif contains a buffer overflow vulnerability in the EXIF tag + validation code. When opening an image with a specially crafted EXIF + tag, the lack of validation can cause applications linked to libexif to + crash. +
++ A specially crafted EXIF file could crash applications making use + of libexif, potentially allowing the execution of arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All libexif users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.5.12-r1"
+ + Ringtone Tools is a program for creating ringtones and logos for + mobile phones. +
++ Qiao Zhang has discovered a buffer overflow vulnerability in the + 'parse_emelody' function in 'parse_emelody.c'. +
++ A remote attacker could entice a Ringtone Tools user to open a + specially crafted eMelody file, which would potentially lead to the + execution of arbitrary code with the rights of the user running the + application. +
++ There is no known workaround at this time. +
++ All Ringtone Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-mobilephone/ringtonetools-2.23"
+ + MySQL is a fast, multi-threaded, multi-user SQL database server. +
++ MySQL fails to properly validate input for authenticated users with + INSERT and DELETE privileges (CAN-2005-0709 and CAN-2005-0710). + Furthermore MySQL uses predictable filenames when creating temporary + files with CREATE TEMPORARY TABLE (CAN-2005-0711). +
++ An attacker with INSERT and DELETE privileges could exploit this to + manipulate the mysql table or accessing libc calls, potentially leading + to the execution of arbitrary code with the permissions of the user + running MySQL. An attacker with CREATE TEMPORARY TABLE privileges could + exploit this to overwrite arbitrary files via a symlink attack. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.24"
+ + curl is a command line tool for transferring files via many + different protocols. +
++ curl fails to properly check boundaries when handling NTLM + authentication. +
++ With a malicious server an attacker could send a carefully crafted + NTLM response to a connecting client leading to the execution of + arbitrary code with the permissions of the user running curl. +
++ Disable NTLM authentication by not using the --anyauth or --ntlm + options. +
++ All curl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1"
+ + Grip is a GTK+ based audio CD player/ripper. +
++ Joseph VanAndel has discovered a buffer overflow in Grip when + processing large CDDB results. +
++ A malicious CDDB server could cause Grip to crash by returning + more then 16 matches, potentially allowing the execution of arbitrary + code with the privileges of the user running the application. +
++ Disable automatic CDDB queries, but we highly encourage users to + upgrade to 3.3.0. +
++ All Grip users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/grip-3.3.0"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. +
++ Sebastian Krahmer discovered that it is possible to stall the + dcopserver of other users. +
++ An attacker could exploit this to cause a local Denial of Service + by stalling the dcopserver in the authentication process. As a result + all desktop functionality relying on DCOP will cease to function. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdelibs
+ + rxvt-unicode is a clone of the well known terminal emulator rxvt. +
++ Rob Holland of the Gentoo Linux Security Audit Team discovered + that rxvt-unicode fails to properly check input length. +
++ Successful exploitation would allow an attacker to execute + arbitrary code with the permissions of the user running rxvt-unicode. +
++ There is no known workaround at this time. +
++ All rxvt-unicode users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-5.3"
+ + LTris is a Tetris clone. +
++ LTris is vulnerable to a buffer overflow when reading the global + highscores file. +
++ By modifying the global highscores file a malicious user could + trick another user to execute arbitrary code. +
++ There is no known workaround at this time. +
++ All LTris users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"
+ + OpenSLP is an open-source implementation of Service Location Protocol + (SLP). +
++ Multiple buffer overflows have been found in OpenSLP, when handling + malformed SLP packets. +
++ By sending specially crafted SLP packets, a remote attacker could + potentially execute arbitrary code with the rights of the OpenSLP + daemon. +
++ There is no known workaround at this time. +
++ All OpenSLP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/openslp-1.2.1"
+ + Sylpheed is a lightweight email client and newsreader. + Sylpheed-claws is a 'bleeding edge' version of Sylpheed. +
++ Sylpheed and Sylpheed-claws fail to properly handle non-ASCII + characters in email headers when composing reply messages. +
++ An attacker can send an email containing a malicious non-ASCII + header which, when replied to, would cause the program to crash, + potentially allowing the execution of arbitrary code with the + privileges of the user running the software. +
++ There is no known workaround at this time. +
++ All Sylpheed users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.3"
+ + All Sylpheed-claws users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.3"
+ + dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite" + Haglund. +
++ Toby Dickenson discovered that dyndnsupdate suffers from multiple + overflows. +
++ A remote attacker, posing as a dyndns.org server, could execute + arbitrary code with the rights of the user running dyndnsupdate. +
++ There is no known workaround at this time. +
++ Currently, there is no released version of dyndnsupdate that contains a + fix for these issues. The original xzabite.org distribution site is + dead, the code contains several other problems and more secure + alternatives exist, such as the net-dns/ddclient package. Therefore, + the dyndnsupdate package has been hard-masked prior to complete removal + from Portage, and current users are advised to unmerge the package: +
+
+ # emerge --unmerge net-misc/dyndnsupdate
+ + Sun provides implementations of Java Development Kits (JDK) and Java + Runtime Environments (JRE). These implementations provide the Java Web + Start technology that can be used for easy client-side deployment of + Java applications. +
++ Jouko Pynnonen discovered that Java Web Start contains a vulnerability + in the way it handles property tags in JNLP files. +
++ By enticing a user to open a malicious JNLP file, a remote attacker + could pass command line arguments to the Java Virtual machine, which + can be used to bypass the Java "sandbox" and to execute arbitrary code + with the permissions of the user running the application. +
++ There is no known workaround at this time. +
++ All Sun JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.07"
+ + All Sun JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.07"
+ + GnuPG is complete and free replacement for PGP, a tool for secure + communication and data storage. +
++ A flaw has been identified in an integrity checking mechanism of + the OpenPGP protocol. +
++ An automated system using GnuPG that allows an attacker to + repeatedly discover the outcome of an integrity check (perhaps by + observing the time required to return a response, or via overly verbose + error messages) could theoretically reveal a small portion of + plaintext. +
++ There is no known workaround at this time. +
++ All GnuPG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.1"
+ + The Mozilla Suite is a popular all-in-one web browser that + includes a mail and news reader. +
++ The following vulnerabilities were found and fixed in the Mozilla + Suite: +
++ There is no known workaround at this time. +
++ All Mozilla Suite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"
+ + All Mozilla Suite binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"
+ + Mozilla Firefox is the popular next-generation browser from the + Mozilla project. +
++ The following vulnerabilities were found and fixed in Mozilla + Firefox: +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.2"
+ + All Mozilla Firefox binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.2"
+ + Mozilla Thunderbird is the next-generation mail client from the + Mozilla project. +
++ The following vulnerabilities were found and fixed in Mozilla + Thunderbird: +
++ The GIF heap overflow could be triggered by a malicious GIF image + that would end up executing arbitrary code with the rights of the user + running Thunderbird. The other overflow issues, while not thought to be + exploitable, would have the same impact. Furthermore, by setting up + malicious websites and convincing users to follow untrusted links, + attackers may leverage the spoofing issue to trick user into installing + malicious extensions. +
++ There is no known workaround at this time. +
++ All Mozilla Thunderbird users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.2"
+ + All Mozilla Thunderbird binary users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.2"
+ + IPsec-Tools is a port of KAME's implementation of the IPsec + utilities. It contains a collection of network monitoring tools, + including racoon, ping, and ping6. +
++ Sebastian Krahmer has reported a potential remote Denial of + Service vulnerability in the ISAKMP header parsing code of racoon. +
++ An attacker could possibly cause a Denial of Service of racoon + using a specially crafted ISAKMP packet. +
++ There is no known workaround at this time. +
++ All IPsec-Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.4-r1"
+ + mpg321 is a GPL replacement for mpg123, a command line audio + player with support for ID3. ID3 is a tagging system that allows + metadata to be embedded within media files. +
++ A routine security audit of the mpg321 package revealed a known + security issue remained unpatched. The vulnerability is a result of + mpg321 printing embedded ID3 data to the console in an unsafe manner. +
++ Successful exploitation would require a victim to play a specially + crafted audio file using mpg321, potentially resulting in the execution + of arbitrary code. +
++ There is no known workaround at this time. +
++ All mpg321 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mpg321-0.2.10-r2"
+ + Smarty is a template engine for PHP. The "template security" feature of + Smarty is designed to help reduce the risk of a system compromise when + you have untrusted parties editing templates. +
++ A vulnerability has been discovered within the regex_replace modifier + of the Smarty templates when allowing access to untrusted users. + Furthermore, it was possible to call functions from {if} statements and + {math} functions. +
++ These issues may allow a remote attacker to bypass the "template + security" feature of Smarty, and execute arbitrary PHP code. +
++ Do not grant template access to untrusted users. +
++ All Smarty users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.9"
+ + netkit-telnetd provides standard Linux telnet client and server. +
++ A buffer overflow has been identified in the slc_add_reply() + function of netkit-telnetd client, where a large number of SLC commands + can overflow a fixed size buffer. +
++ Successful explotation would require a vulnerable user to connect + to an attacker-controlled host using telnet, potentially executing + arbitrary code with the permissions of the telnet user. +
++ There is no known workaround at this time. +
++ All netkit-telnetd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/netkit-telnetd-0.17-r6"
+ + LimeWire is a Java peer-to-peer client compatible with the + Gnutella file-sharing protocol. +
++ Two input validation errors were found in the handling of Gnutella + GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789). +
++ A remote attacker can craft a specific Gnutella GET request or use + directory traversal on magnet requests to read arbitrary files on the + system with the rights of the user running LimeWire. +
++ There is no known workaround at this time. +
++ All LimeWire users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1"
+ + telnet-bsd provides a command line telnet client which is used for + remote login using the telnet protocol. +
++ A buffer overflow has been identified in the env_opt_add() + function of telnet-bsd, where a response requiring excessive escaping + can cause a heap-based buffer overflow. Another issue has been + identified in the slc_add_reply() function, where a large number of SLC + commands can overflow a fixed size buffer. +
++ Successful exploitation would require a vulnerable user to connect + to an attacker-controlled host using telnet, potentially executing + arbitrary code with the permissions of the telnet user. +
++ There is no known workaround at this time. +
++ All telnet-bsd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/telnet-bsd-1.0-r1"
+ + Sylpheed is a lightweight email client and newsreader. + Sylpheed-claws is a 'bleeding edge' version of Sylpheed. +
++ Sylpheed and Sylpheed-claws fail to properly handle messages + containing attachments with MIME-encoded filenames. +
++ An attacker can send a malicious email message which, when + displayed, would cause the program to crash, potentially allowing the + execution of arbitrary code with the privileges of the user running the + software. +
++ There is no known workaround at this time. +
++ All Sylpheed users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.4"
+ + All Sylpheed-claws users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.4"
+ + Dnsmasq is a lightweight and easily-configurable DNS forwarder and + DHCP server. +
++ Dnsmasq does not properly detect that DNS replies received do not + correspond to any DNS query that was sent. Rob Holland of the Gentoo + Linux Security Audit team also discovered two off-by-one buffer + overflows that could crash DHCP lease files parsing. +
++ A remote attacker could send malicious answers to insert arbitrary + DNS data into the Dnsmasq cache. These attacks would in turn help an + attacker to perform man-in-the-middle and site impersonation attacks. + The buffer overflows might allow an attacker on the local network to + crash Dnsmasq upon restart. +
++ There is no known workaround at this time. +
++ All Dnsmasq users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.22"
+ + The MIT Kerberos 5 implementation provides a command line telnet + client which is used for remote login via the telnet protocol. +
++ A buffer overflow has been identified in the env_opt_add() + function, where a response requiring excessive escaping can cause a + heap-based buffer overflow. Another issue has been identified in the + slc_add_reply() function, where a large number of SLC commands can + overflow a fixed size buffer. +
++ Successful exploitation would require a vulnerable user to connect + to an attacker-controlled telnet host, potentially executing arbitrary + code with the permissions of the telnet user on the client. +
++ There is no known workaround at this time. +
++ All mit-krb5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6-r2"
+ + Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +
++ Multiple vulnerabilities have been addressed in the latest release of + Gaim: +
++ An attacker could possibly cause a Denial of Service by exploiting any + of these vulnerabilities. +
++ There is no known workaround at this time. +
++ All Gaim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1"
+ + sharutils is a collection of tools to deal with shar archives. +
++ Joey Hess has discovered that the program unshar, which is a part + of sharutils, creates temporary files in a world-writable directory + with predictable names. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When unshar is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +
++ There is no known workaround at this time. +
++ All sharutils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/sharutils-4.2.1-r11"
+ + GnomeVFS is a filesystem abstraction library for the GNOME desktop + environment. libcdaudio is a multi-platform CD player development + library. They both include code to query CDDB servers to get Audio CD + track titles. +
++ Joseph VanAndel has discovered a buffer overflow in Grip when + processing large CDDB results (see GLSA 200503-21). The same overflow + is present in GnomeVFS and libcdaudio code. +
++ A malicious CDDB server could cause applications making use of GnomeVFS + or libcdaudio libraries to crash, potentially allowing the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All GnomeVFS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose gnome-base/gnome-vfs
+ + All libcdaudio users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libcdaudio-0.99.10-r1"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +
++ Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate + input to the "convcharset" variable, rendering it vulnerable to + cross-site scripting attacks. +
++ By sending a specially-crafted request, an attacker can inject and + execute malicious script code, potentially compromising the victim's + browser. +
++ There is no known workaround at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2_rc1"
+ + Axel is a console-based FTP/HTTP download accelerator. +
++ A possible buffer overflow has been reported in the HTTP + redirection handling code in conn.c. +
++ A remote attacker could exploit this vulnerability by setting up a + malicious site and enticing a user to connect to it. This could + possibly lead to the execution of arbitrary code with the permissions + of the user running Axel. +
++ There is no known workaround at this time. +
++ All Axel users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/axel-1.0b"
+ + Gld is a standalone greylisting server for Postfix. +
++ dong-hun discovered several buffer overflows in server.c, as well as + several format string vulnerabilities in cnf.c. +
++ An attacker could exploit this vulnerability to execute arbitrary code + with the permissions of the user running Gld, the default user being + root. +
++ There is no known workaround at this time. +
++ All Gld users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/gld-1.5"
+ + JunkBuster is a filtering HTTP proxy, designed to enhance privacy and + remove unwanted content. +
++ James Ranson reported a vulnerability when JunkBuster is configured to + run in single-threaded mode, an attacker can modify the referrer + setting by getting a victim to request a specially crafted URL + (CAN-2005-1108). Tavis Ormandy of the Gentoo Linux Security Audit Team + identified a heap corruption issue in the filtering of URLs + (CAN-2005-1109). +
++ If JunkBuster has been configured to run in single-threaded mode, an + attacker can disable or modify the filtering of Referrer: HTTP headers, + potentially compromising the privacy of users. The heap corruption + vulnerability could crash or disrupt the operation of the proxy, + potentially executing arbitrary code. +
++ There is no known workaround at this time. +
++ All JunkBuster users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/junkbuster-2.0.2-r3"
+ + rsnapshot is a filesystem snapshot utility based on rsync, allowing + local and remote systems backups. +
++ The copy_symlink() subroutine in rsnapshot follows symlinks when + changing file ownership, instead of changing the ownership of the + symlink itself. +
++ Under certain circumstances, local attackers can exploit this + vulnerability to take ownership of arbitrary files, resulting in local + privilege escalation. +
++ The copy_symlink() subroutine is not called if the cmd_cp parameter has + been enabled. +
++ All rsnapshot users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-backup/rsnapshot
+ + OpenOffice.org is an office productivity suite, including word + processing, spreadsheets, presentations, drawings, data charting, + formula editing, and file conversion facilities. +
++ AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load()" + function when processing DOC documents. +
++ An attacker could design a malicious DOC document containing a + specially crafted header which, when processed by OpenOffice.Org, would + result in the execution of arbitrary code with the rights of the user + running the application. +
++ There is no known workaround at this time. +
++ All OpenOffice.Org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-1.1.4-r1"
+ + All OpenOffice.Org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-1.1.4-r1"
+ + All OpenOffice.Org Ximian users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-office/openoffice-ximian
+ + Note to PPC users: There is no stable OpenOffice.Org fixed version for + the PPC architecture. Affected users should switch to the latest + OpenOffice.Org Ximian version. +
++ Note to SPARC users: There is no stable OpenOffice.Org fixed version + for the SPARC architecture. Affected users should switch to the latest + OpenOffice.Org Ximian version. +
++ monkeyd is a fast, efficient, small and easy to configure web server + for Linux. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + double expansion error in monkeyd, resulting in a format string + vulnerability. Ciaran McCreesh of Gentoo Linux discovered a Denial of + Service vulnerability, a syntax error caused monkeyd to zero out + unallocated memory should a zero byte file be requested. +
++ The format string vulnerability could allow an attacker to send a + specially crafted request to the monkeyd server, resulting in the + execution of arbitrary code with the permissions of the user running + monkeyd. The DoS vulnerability could allow an attacker to disrupt the + operation of the web server, should a zero byte file be accessible. +
++ There is no known workaround at this time. +
++ All monkeyd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/monkeyd-0.9.1"
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +
++ An integer overflow and an unbound recursion were discovered in + the processing of Image File Directory tags in PHP's EXIF module + (CAN-2005-1042, CAN-2005-1043). Furthermore, two infinite loops have + been discovered in the getimagesize() function when processing IFF or + JPEG images (CAN-2005-0524, CAN-2005-0525). +
++ A remote attacker could craft an image file with a malicious EXIF + IFD tag, a large IFD nesting level or invalid size parameters and send + it to a web application that would process this user-provided image + using one of the affected functions. This could result in denying + service on the attacked server and potentially executing arbitrary code + with the rights of the web server. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11"
+ + All mod_php users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11"
+ + All php-cgi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11"
+ + CVS (Concurrent Versions System) is an open-source network-transparent + version control system. It contains both a client utility and a server. +
++ Alen Zukich has discovered several serious security issues in CVS, + including at least one buffer overflow (CAN-2005-0753), memory leaks + and a NULL pointer dereferencing error. Furthermore when launching + trigger scripts CVS includes a user controlled directory. +
++ An attacker could exploit these vulnerabilities to cause a Denial of + Service or execute arbitrary code with the permissions of the CVS + pserver or the authenticated user (depending on the connection method + used). +
++ There is no known workaround at this time. +
++ All CVS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.20"
+ + XV is an interactive image manipulation program for the X Window + System. +
++ Greg Roelofs has reported multiple input validation errors in XV + image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team + has reported insufficient validation in the PDS (Planetary Data System) + image decoder, format string vulnerabilities in the TIFF and PDS + decoders, and insufficient protection from shell meta-characters in + malformed filenames. +
++ Successful exploitation would require a victim to view a specially + created image file using XV, potentially resulting in the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All XV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
+ + The Mozilla Suite is a popular all-in-one web browser that includes a + mail and news reader. Mozilla Firefox is the next-generation browser + from the Mozilla project. +
++ The following vulnerabilities were found and fixed in the Mozilla Suite + and Mozilla Firefox: +
++ The following Firefox-specific vulnerabilities have also been + discovered: +
++ The various JavaScript execution with elevated privileges issues can be + exploited by a remote attacker to install malicious code or steal data. + The memory disclosure issue can be used to reveal potentially sensitive + information. Finally, the cache pollution issue and search plugin abuse + can be leveraged in cross-site-scripting attacks. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.3"
+ + All Mozilla Suite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7"
+ + All Mozilla Suite binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7"
+ + MPlayer is a media player capable of handling multiple multimedia file + formats. +
++ Heap overflows have been found in the code handling RealMedia RTSP and + Microsoft Media Services streams over TCP (MMST). +
++ By setting up a malicious server and enticing a user to use its + streaming data, a remote attacker could possibly execute arbitrary code + on the client computer with the permissions of the user running + MPlayer. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre6-r4"
+ + The openMosixview package contains several tools used to manage + openMosix clusters, including openMosixview (the main monitoring and + administration application) and openMosixcollector (a daemon collecting + cluster and node information). +
++ Gangstuck and Psirac from Rexotec discovered that openMosixview + insecurely creates several temporary files with predictable filenames. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When openMosixView or the openMosixcollector daemon runs, this would + result in the file being overwritten with the rights of the user + running the utility, which could be the root user. +
++ There is no known workaround at this time. +
++ All openMosixview users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/openmosixview-1.5-r1"
+ + RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. Helix Player is the Open Source version of + RealPlayer. +
++ Piotr Bania has discovered a buffer overflow vulnerability in + RealPlayer and Helix Player when processing malicious RAM files. +
++ By enticing a user to play a specially crafted RAM file an + attacker could execute arbitrary code with the permissions of the user + running the application. +
++ There is no known workaround at this time. +
++ All RealPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.4"
+ + All Helix Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/helixplayer-1.0.4"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. kimgio is the KDE image handler provided + by kdelibs. +
++ kimgio fails to properly validate input when handling PCX files. +
++ By enticing a user to load a specially-crafted PCX image in a KDE + application, an attacker could execute arbitrary code. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdelibs
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. Kommander is a visual dialog editor and + interpreter for KDE applications, part of the kdewebdev package. +
++ Kommander executes data files from possibly untrusted locations without + user confirmation. +
++ An attacker could exploit this to execute arbitrary code with the + permissions of the user running Kommander. +
++ There is no known workaround at this time. +
++ All kdewebdev users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2"
+ + eGroupWare is a suite of web-based group applications including + calendar, address book, messenger and email. +
++ Multiple SQL injection and cross-site scripting vulnerabilities have + been found in several eGroupWare modules. +
++ An attacker could possibly use the SQL injection vulnerabilities to gain + information from the database. Furthermore the cross-site scripting + issues give an attacker the ability to inject and execute malicious + script code or to steal cookie based authentication credentials, + potentially compromising the victim's browser. +
++ There is no known workaround at this time. +
++ All eGroupWare users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.0.0.007"
+ + Rootkit Hunter is a scanning tool to detect rootkits, backdoors + and local exploits on a local machine. Rootkit Hunter uses downloaded + data files to check file integrity. These files are updated via the + check_update.sh script. +
++ Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux + Security Team have reported that the check_update.sh script and the + main rkhunter script insecurely creates several temporary files with + predictable filenames. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When rkhunter or the check_update.sh script runs, this would result in + the file being overwritten with the rights of the user running the + utility, which could be the root user. +
++ There is no known workaround at this time. +
++ All Rootkit Hunter users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.2.3-r1"
+ + Convert-UUlib provides a Perl interface to the uulib library, allowing + Perl applications to access data encoded in a variety of formats. +
++ A vulnerability has been reported in Convert-UUlib where a malformed + parameter can be provided by an attacker allowing a read operation to + overflow a buffer. The vendor credits Mark Martinec and Robert Lewis + with the discovery. +
++ Successful exploitation would permit an attacker to run arbitrary code + with the privileges of the user running the Perl application. +
++ There is no known workaround at this time. +
++ All Convert-UUlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/Convert-UUlib-1.051"
+ + xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +
++ Heap overflows have been found in the code handling RealMedia RTSP + and Microsoft Media Services streams over TCP (MMST). +
++ By setting up a malicious server and enticing a user to use its + streaming data, a remote attacker could possibly execute arbitrary code + on the client computer with the permissions of the user running any + multimedia frontend making use of the xine-lib library. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose media-libs/xine-lib
+ + Heimdal is a free implementation of Kerberos 5 that includes a + telnet client program. +
++ Buffer overflow vulnerabilities in the slc_add_reply() and + env_opt_add() functions have been discovered by Gael Delalleau in the + telnet client in Heimdal. +
++ Successful exploitation would require a vulnerable user to connect + to an attacker-controlled host using the telnet client, potentially + executing arbitrary code with the permissions of the user running the + application. +
++ There is no known workaround at this time. +
++ All Heimdal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.4"
+ + Pound is a reverse proxy, load balancer and HTTPS front-end. +
++ Steven Van Acker has discovered a buffer overflow vulnerability in the + "add_port()" function in Pound. +
++ A remote attacker could send a request for an overly long hostname + parameter, which could lead to the remote execution of arbitrary code + with the rights of the Pound daemon process (by default, Gentoo uses + the "nobody" user to run the Pound daemon). +
++ There is no known workaround at this time. +
++ All Pound users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/pound-1.8.3"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. phpMyAdmin uses a + pma MySQL user to control the linked-tables infrastructure. The SQL + install script sets the initial password for the pma user. +
++ The phpMyAdmin installation process leaves the SQL install script with + insecure permissions. +
++ A local attacker could exploit this vulnerability to obtain the initial + phpMyAdmin password and from there obtain information about databases + accessible by phpMyAdmin. +
++ Change the password for the phpMyAdmin MySQL user (pma): +
+
+ mysql -u root -p
+ SET PASSWORD FOR 'pma'@'localhost' = PASSWORD('MyNewPassword');
+ + Update your phpMyAdmin config.inc.php: +
+
+ $cfg['Servers'][$i]['controlpass'] = 'MyNewPassword';
+ + All phpMyAdmin users should change password for the pma user as + described above and upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2-r1"
+ + The Horde Framework is a PHP based framework for building web + applications. It provides many modules including calendar, address + book, CVS viewer and Internet Messaging Program. +
++ Cross-site scripting vulnerabilities have been discovered in + various modules of the Horde Framework. +
++ These vulnerabilities could be exploited by an attacker to execute + arbitrary HTML and script code in context of the victim's browser. +
++ There is no known workaround at this time. +
++ All Horde users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.8"
+ + All Horde Vacation users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-vacation-2.2.2"
+ + All Horde Turba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-turba-1.2.5"
+ + All Horde Passwd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-passwd-2.2.2"
+ + All Horde Nag users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-nag-1.1.3"
+ + All Horde Mnemo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-1.1.4"
+ + All Horde Kronolith users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-1.1.4"
+ + All Horde IMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-3.2.8"
+ + All Horde Accounts users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-accounts-2.1.2"
+ + All Horde Forwards users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-forwards-2.2.2"
+ + All Horde Chora users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-chora-1.2.3"
+ + Oops! is an advanced, multithreaded caching web proxy. +
++ A format string flaw has been detected in the my_xlog() function of the + Oops! proxy, which is called by the passwd_mysql and passwd_pgsql + module's auth() functions. +
++ A remote attacker could send a specially crafted HTTP request to the + Oops! proxy, potentially triggering this vulnerability and leading to + the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Oops! users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/oops-1.5.24_pre20050503"
+ + Ethereal is a feature rich network protocol analyzer. +
++ There are numerous vulnerabilities in versions of Ethereal prior + to 0.10.11, including: +
++ An attacker might be able to use these vulnerabilities to crash + Ethereal and execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +
++ There is no known workaround at this time. +
++ All Ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.11"
+ + GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU + project. +
++ A vulnerability has been discovered in the record packet parsing + in the GnuTLS library. Additionally, a flaw was also found in the RSA + key export functionality. +
++ A remote attacker could exploit this vulnerability and cause a + Denial of Service to any application that utilizes the GnuTLS library. +
++ There is no known workaround at this time. +
++ All GnuTLS users should remove the existing installation and + upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --unmerge gnutls
+ # emerge --ask --oneshot --verbose net-libs/gnutls
+ + Due to small API changes with the previous version, please do + the following to ensure your applications are using the latest GnuTLS + that you just emerged. +
+
+ # revdep-rebuild --soname-regexp libgnutls.so.1[0-1]
+ + Previously exported RSA keys can be fixed by executing the + following command on the key files: +
+
+ # certtool -k infile outfile
+ + gzip (GNU zip) is a popular compression program. The included + zgrep utility allows you to grep gzipped files in place. +
++ The gzip and gunzip programs are vulnerable to a race condition + when setting file permissions (CAN-2005-0988), as well as improper + handling of filename restoration (CAN-2005-1228). The zgrep utility + improperly sanitizes arguments, which may come from an untrusted source + (CAN-2005-0758). +
++ These vulnerabilities could allow arbitrary command execution, + changing the permissions of arbitrary files, and installation of files + to an aribitrary location in the filesystem. +
++ There is no known workaround at this time. +
++ All gzip users should upgrade to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6"
+ + TCPDump is a tool for network monitoring and data acquisition. +
++ TCPDump improperly handles and decodes ISIS (CAN-2005-1278), BGP + (CAN-2005-1267, CAN-2005-1279), LDP (CAN-2005-1279) and RSVP + (CAN-2005-1280) packets. TCPDump might loop endlessly after receiving + malformed packets. +
++ A malicious remote attacker can exploit the decoding issues for a + Denial of Service attack by sending specially crafted packets, possibly + causing TCPDump to loop endlessly. +
++ There is no known workaround at this time. +
++ All TCPDump users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r3"
+ + libTIFF provides support for reading and manipulating TIFF (Tag Image + File Format) images. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + stack based buffer overflow in the libTIFF library when reading a TIFF + image with a malformed BitsPerSample tag. +
++ Successful exploitation would require the victim to open a specially + crafted TIFF image, resulting in the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All libTIFF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2"
+ + HT is a hex editor, designed to help analyse and modify executable + files. +
++ Tavis Ormandy of the Gentoo Linux Security Team discovered an integer + overflow in the ELF parser, leading to a heap-based buffer overflow. + The vendor has reported that an unrelated buffer overflow has been + discovered in the PE parser. +
++ Successful exploitation would require the victim to open a specially + crafted file using HT, potentially permitting an attacker to execute + arbitrary code. +
++ There is no known workaround at this time. +
++ All hteditor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2"
+ + Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +
++ Stu Tomlinson discovered that Gaim is vulnerable to a remote stack + based buffer overflow when receiving messages in certain protocols, + like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe + Tolsma discovered that Gaim is also vulnerable to a remote Denial of + Service attack when receiving a specially crafted MSN message + (CAN-2005-1262). +
++ A remote attacker could cause a buffer overflow by sending an + instant message with a very long URL, potentially leading to the + execution of malicious code. By sending a SLP message with an empty + body, a remote attacker could cause a Denial of Service or crash of the + Gaim client. +
++ There are no known workarounds at this time. +
++ All Gaim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0"
+ + phpBB is an Open Source bulletin board package. +
++ phpBB is vulnerable to a cross-site scripting vulnerability due to + improper sanitization of user supplied input. Coupled with poor + validation of BBCode URLs which may be included in a forum post, an + unsuspecting user may follow a posted link triggering the + vulnerability. +
++ Successful exploitation of the vulnerability could cause arbitrary + scripting code to be executed in the browser of a user. +
++ There are no known workarounds at this time. +
++ All phpBB users should upgrade to the latest version: +
+
+ emerge --sync
+ emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.15"
+ + The Mozilla Suite is a popular all-in-one web browser that + includes a mail and news reader. Mozilla Firefox is the next-generation + browser from the Mozilla project. +
++ The Mozilla Suite and Firefox do not properly protect "IFRAME" + JavaScript URLs from being executed in context of another URL in the + history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail + to verify the "IconURL" parameter of the "InstallTrigger.install()" + function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered + that it is possible to bypass JavaScript-injection security checks by + wrapping the javascript: URL within the view-source: or jar: + pseudo-protocols (MFSA2005-43). +
++ A malicious remote attacker could use the "IFRAME" issue to + execute arbitrary JavaScript code within the context of another + website, allowing to steal cookies or other sensitive data. By + supplying a javascript: URL as the "IconURL" parameter of the + "InstallTrigger.Install()" function, a remote attacker could also + execute arbitrary JavaScript code. Combining both vulnerabilities with + a website which is allowed to install software or wrapping javascript: + URLs within the view-source: or jar: pseudo-protocols could possibly + lead to the execution of arbitrary code with user privileges. +
++ Affected systems can be protected by disabling JavaScript. + However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade + to the latest available version. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.4"
+ + All Mozilla Firefox binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.4"
+ + All Mozilla Suite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.8"
+ + All Mozilla Suite binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.8"
+ + PostgreSQL is a SQL compliant, open source object-relational database + management system. +
++ PostgreSQL gives public EXECUTE access to a number of character + conversion routines, but doesn't validate the given arguments + (CAN-2005-1409). It has also been reported that the contrib/tsearch2 + module of PostgreSQL misdeclares the return value of some functions as + "internal" (CAN-2005-1410). +
++ An attacker could call the character conversion routines with specially + setup arguments to crash the backend process of PostgreSQL or to + potentially gain administrator rights. A malicious user could also call + the misdeclared functions of the contrib/tsearch2 module, resulting in + a Denial of Service or other, yet uninvestigated, impacts. +
++ There is no known workaround at this time. +
+
+ All PostgreSQL users should update to the latest available version and
+ follow the guide at
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-db/postgresql
+ + FreeRADIUS is an open source RADIUS authentication server + implementation. +
++ Primoz Bratanic discovered that the sql_escape_func function of + FreeRADIUS may be vulnerable to a buffer overflow (BID 13541). He also + discovered that FreeRADIUS fails to sanitize user-input before using it + in a SQL query, possibly allowing SQL command injection (BID 13540). +
++ By supplying carefully crafted input, a malicious user could cause an + SQL injection or a buffer overflow, possibly leading to the disclosure + and the modification of sensitive data or Denial of Service by crashing + the server. +
++ There are no known workarounds at this time. +
++ All FreeRADIUS users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.0.2-r4"
+ + Cheetah is a Python powered template engine and code generator. +
++ Brian Bird discovered that Cheetah searches for modules in the + world-writable /tmp directory. +
++ A malicious local user could place a module containing arbitrary code + in /tmp, which when imported would run with escalated privileges. +
++ There are no known workarounds at this time. +
++ All Cheetah users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/cheetah-0.9.17_rc1"
+ + gdb is the GNU project's debugger, facilitating the analysis and + debugging of applications. The BFD library provides a uniform method of + accessing a variety of object file formats. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an + integer overflow in the BFD library, resulting in a heap overflow. A + review also showed that by default, gdb insecurely sources + initialisation files from the working directory. +
++ Successful exploitation would result in the execution of arbitrary code + on loading a specially crafted object file or the execution of + arbitrary commands. +
++ There is no known workaround at this time. +
++ All gdb users should upgrade to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/gdb-6.3-r3"
+ + Both ImageMagick and GraphicsMagick are collection of tools to read, + write and manipulate images in many formats. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + Denial of Service vulnerability in the XWD decoder of ImageMagick and + GraphicsMagick when setting a color mask to zero. +
++ A remote attacker could submit a specially crafted image to a user or + an automated system making use of an affected utility, resulting in a + Denial of Service by consumption of CPU time. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.2.3"
+ + All GraphicsMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.6-r1"
+ + Qpopper is a widely used server for the POP3 protocol. +
++ Jens Steube discovered that Qpopper doesn't drop privileges to + process local files from normal users (CAN-2005-1151). The upstream + developers discovered that Qpopper can be forced to create group or + world writeable files (CAN-2005-1152). +
++ A malicious local attacker could exploit Qpopper to overwrite + arbitrary files as root or create new files which are group or world + writeable. +
++ There is no known workaround at this time. +
++ All Qpopper users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/qpopper-4.0.5-r3"
+ + Net-SNMP is a suite of applications used to implement the Simple + Network Management Protocol. +
++ The fixproc application of Net-SNMP creates temporary files with + predictable filenames. +
++ A malicious local attacker could exploit a race condition to change the + content of the temporary files before they are executed by fixproc, + possibly leading to the execution of arbitrary code. A local attacker + could also create symbolic links in the temporary files directory, + pointing to a valid file somewhere on the filesystem. When fixproc is + executed, this would result in the file being overwritten. +
++ There is no known workaround at this time. +
++ All Net-SNMP users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1-r1"
+ + gxine is a GTK+ and xine-lib based media player. +
++ Exworm discovered that gxine insecurely implements formatted + printing in the hostname decoding function. +
++ A remote attacker could entice a user to open a carefully crafted + file with gxine, possibly leading to the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All gxine users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose media-video/gxine
+ + GNU Mailutils is a collection of mail-related utilities, including + an IMAP4 server (imap4d) and a Mail User Agent (mail). +
++ infamous41d discovered several vulnerabilities in GNU Mailutils. + imap4d does not correctly implement formatted printing of command tags + (CAN-2005-1523), fails to validate the range sequence of the "FETCH" + command (CAN-2005-1522), and contains an integer overflow in the + "fetch_io" routine (CAN-2005-1521). mail contains a buffer overflow in + "header_get_field_name()" (CAN-2005-1520). +
++ A remote attacker can exploit the format string and integer + overflow in imap4d to execute arbitrary code as the imap4d user, which + is usually root. By sending a specially crafted email message, a remote + attacker could exploit the buffer overflow in the "mail" utility to + execute arbitrary code with the rights of the user running mail. + Finally, a remote attacker can also trigger a Denial of Service by + sending a malicious FETCH command to an affected imap4d, causing + excessive resource consumption. +
++ There are no known workarounds at this time. +
++ All GNU Mailutils users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r1"
+ + The GNU Binutils are a collection of tools to create, modify and + analyse binary files. Many of the files use BFD, the Binary File + Descriptor library, to do low-level manipulation. Elfutils provides a + library and utilities to access, modify and analyse ELF objects. +
++ Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team + discovered an integer overflow in the BFD library and elfutils, + resulting in a heap based buffer overflow. +
++ Successful exploitation would require a user to access a specially + crafted binary file, resulting in the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All GNU Binutils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose sys-devel/binutils
+ + All elfutils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.108"
+ + GNU Mailutils is a collection of mail-related utilities. +
++ When GNU Mailutils is built with the "mysql" or "postgres" USE + flag, the sql_escape_string function of the authentication module fails + to properly escape the "\" character, rendering it vulnerable to a SQL + command injection. +
++ A malicious remote user could exploit this vulnerability to inject + SQL commands to the underlying database. +
++ There is no known workaround at this time. +
++ All GNU Mailutils users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r1"
+ + Dzip is a compressor and uncompressor especially made for demo + recordings of id's Quake. +
++ Dzip is vulnerable to a directory traversal attack when extracting + archives. +
++ An attacker could exploit this vulnerability by creating a specially + crafted archive to extract files to arbitrary locations. +
++ There is no known workaround at this time. +
++ All Dzip users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-utils/dzip-2.9-r1"
+ + WordPress is a PHP and MySQL based content management and publishing + system. +
++ Due to a lack of input validation, WordPress is vulnerable to SQL + injection and XSS attacks. +
++ An attacker could use the SQL injection vulnerabilities to gain + information from the database. Furthermore the cross-site scripting + issues give an attacker the ability to inject and execute malicious + script code or to steal cookie-based authentication credentials, + potentially compromising the victim's browser. +
++ There is no known workaround at this time. +
++ All Wordpress users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.2"
+ + SilverCity provides lexical analysis for over 20 programming and markup + languages. +
++ The SilverCity package installs three executable files with insecure + permissions. +
++ A local attacker could modify the executable files, causing arbitrary + code to be executed with the permissions of an unsuspecting SilverCity + user. +
++ There are no known workarounds at this time. +
++ All SilverCity users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/silvercity-0.9.5-r1"
+ + libextractor is a library used to extract meta-data from files. It + makes use of Xpdf code to extract information from PDF files. +
++ Xpdf is vulnerable to multiple overflows, as described in GLSA + 200501-28. Also, integer overflows were discovered in Real and PNG + extractors. +
++ An attacker could design malicious PDF, PNG or Real files which, + when processed by an application making use of libextractor, would + result in the execution of arbitrary code with the rights of the user + running the application. +
++ There is no known workaround at this time. +
++ All libextractor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.0"
+ + Ettercap is a suite of tools for content filtering, sniffing and + man in the middle attacks on a LAN. +
++ The curses_msg function of Ettercap's Ncurses-based user interface + insecurely implements formatted printing. +
++ A remote attacker could craft a malicious network flow that would + result in executing arbitrary code with the rights of the user running + the Ettercap tool, which is often root. +
++ There is no known workaround at this time. +
++ All Ettercap users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.3"
+ + GNU shtool is a compilation of small shell scripts into a single + shell tool. The ocaml-mysql package includes the GNU shtool code. +
++ Eric Romang has discovered that GNU shtool insecurely creates + temporary files with predictable filenames (CAN-2005-1751). On closer + inspection, Gentoo Security discovered that the shtool temporary file, + once created, was being reused insecurely (CAN-2005-1759). +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When a GNU shtool script is executed, this would result in the file + being overwritten with the rights of the user running the script, which + could be the root user. +
++ There is no known workaround at this time. +
++ All GNU shtool users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/shtool-2.0.1-r2"
+ + All ocaml-mysql users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ml/ocaml-mysql-1.0.3-r1"
+ + gedit is the official text editor of the GNOME desktop environement. +
++ A format string vulnerability exists when opening files with names + containing format specifiers. +
++ A specially crafted file with format specifiers in the filename can + cause arbitrary code execution. +
++ There are no known workarounds at this time. +
++ All gedit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.10.3"
+ + LutelWall is a high-level Linux firewall configuration tool. +
++ Eric Romang has discovered that the new_version_check() function + in LutelWall insecurely creates a temporary file when updating to a new + version. +
++ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + the update script is executed (usually by the root user), this would + result in the file being overwritten with the rights of this user. +
++ There is no known workaround at this time. +
++ All LutelWall users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/lutelwall-0.98"
+ + Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +
++ Jacopo Ottaviani discovered a vulnerability in the Yahoo! file + transfer code when being offered files with names containing non-ASCII + characters (CAN-2005-1269). +
++ Hugo de Bokkenrijder discovered a + vulnerability when receiving malformed MSN messages (CAN-2005-1934). +
++ Both vulnerabilities cause Gaim to crash, resulting in a Denial of + Service. +
++ There are no known workarounds at this time. +
++ All Gaim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.1"
+ + MediaWiki is a collaborative editing software, used by big + projects like Wikipedia. +
++ MediaWiki incorrectly handles page template inclusions, rendering + it vulnerable to cross-site scripting attacks. +
++ A remote attacker could exploit this vulnerability to inject + malicious script code that will be executed in a user's browser session + in the context of the vulnerable site. +
++ There is no known workaround at this time. +
++ All MediaWiki users should upgrade to the latest available + versions: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose www-apps/mediawiki
+ + webapp-config is a Gentoo Linux utility to help manage the installation + of web-based applications. +
++ Eric Romang discovered webapp-config uses a predictable temporary + filename while processing certain options, resulting in a race + condition. +
++ Successful exploitation of the race condition would allow an attacker + to disrupt the operation of webapp-config, or execute arbitrary shell + commands with the privileges of the user running webapp-config. A local + attacker could use a symlink attack to create or overwrite files with + the permissions of the user running webapp-config. +
++ There is no known workaround at this time. +
++ All webapp-config users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/webapp-config-1.11"
+ + Sun and Blackdown both provide implementations of the Java + Development Kit (JDK) and Java Runtime Environment (JRE). +
++ Both Sun's and Blackdown's JDK and JRE may allow untrusted applets + to elevate privileges. +
++ A remote attacker could embed a malicious Java applet in a web + page and entice a victim to view it. This applet can then bypass + security restrictions and execute any command or access any file with + the rights of the user running the web browser. +
++ There are no known workarounds at this time. +
++ All Sun JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.08"
+ + All Sun JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.08"
+ + All Blackdown JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.02"
+ + All Blackdown JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.02"
+ + Note to SPARC users: There is no stable secure Blackdown Java + for the SPARC architecture. Affected users should remove the package + until a SPARC package is released. +
++ PeerCast is a media streaming system based on P2P technology. +
++ James Bercegay of the GulfTech Security Research Team discovered that + PeerCast insecurely implements formatted printing when receiving a + request with a malformed URL. +
++ A remote attacker could exploit this vulnerability by sending a request + with a specially crafted URL to a PeerCast server to execute arbitrary + code. +
++ There is no known workaround at this time. +
++ All PeerCast users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1212"
+ + cpio is a file archival tool which can also read and write tar + files. +
++ A vulnerability has been found in cpio that can potentially allow + a cpio archive to extract its files to an arbitrary directory of the + creator's choice. +
++ An attacker could create a malicious cpio archive which would + create files in arbitrary locations on the victim's system. This issue + could also be used in conjunction with a previous race condition + vulnerability (CAN-2005-1111) to change permissions on files owned by + the victim. +
++ There is no known workaround at this time. +
++ All cpio users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.6-r3"
+ + SpamAssassin is an extensible email filter which is used to identify + junk email. Vipul's Razor is a client for a distributed, collaborative + spam detection and filtering network. +
++ SpamAssassin and Vipul's Razor contain a Denial of Service + vulnerability when handling special misformatted long message headers. +
++ By sending a specially crafted message an attacker could cause a Denial + of Service attack against the SpamAssassin/Vipul's Razor server. +
++ There is no known workaround at this time. +
++ All SpamAssassin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4"
+ + All Vipul's Razor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/razor-2.74"
+ + Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
++ A bug in Tor allows attackers to view arbitrary memory contents from an + exit server's process space. +
++ A remote attacker could exploit the memory disclosure to gain sensitive + information and possibly even private keys. +
++ There is no known workaround at this time. +
++ All Tor users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.0.9.10"
+ + SquirrelMail is a webmail package written in PHP. It supports IMAP + and SMTP protocols. +
++ SquirrelMail is vulnerable to several cross-site scripting issues, + most reported by Martijn Brinkers. +
++ By enticing a user to read a specially-crafted e-mail or using a + manipulated URL, an attacker can execute arbitrary scripts running in + the context of the victim's browser. This could lead to a compromise of + the user's webmail account, cookie theft, etc. +
++ There is no known workaround at this time. +
++ All SquirrelMail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.4"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ Cacti is a complete web-based frontend to rrdtool. +
++ Cacti fails to properly sanitize input which can lead to SQL injection, + authentication bypass as well as PHP file inclusion. +
++ An attacker could potentially exploit the file inclusion to execute + arbitrary code with the permissions of the web server. An attacker + could exploit these vulnerabilities to bypass authentication or inject + SQL queries to gain information from the database. Only systems with + register_globals set to "On" are affected by the file inclusion and + authentication bypass vulnerabilities. Gentoo Linux ships with + register_globals set to "Off" by default. +
++ There is no known workaround at this time. +
++ All Cacti users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6f"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ Trac is a minimalistic web-based project management, wiki and bug + tracking system including a Subversion interface. +
++ Stefan Esser of the Hardened-PHP project discovered that Trac + fails to validate the "id" parameter when uploading attachments to the + wiki or the bug tracking system. +
++ A remote attacker could exploit the vulnerability to upload + arbitrary files to a directory where the webserver has write access to, + possibly leading to the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Trac users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/trac-0.8.4"
+ + sudo allows a system administrator to give users the ability to + run commands as other users. +
++ The sudoers file is used to define the actions sudo users are + permitted to perform. Charles Morris discovered that a specific layout + of the sudoers file could cause the results of an internal check to be + clobbered, leaving sudo vulnerable to a race condition. +
++ Successful exploitation would permit a local sudo user to execute + arbitrary commands as another user. +
++ Reorder the sudoers file using the visudo utility to ensure the + 'ALL' pseudo-command precedes other command definitions. +
++ All sudo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.6.8_p9"
+ + Clam AntiVirus is a GPL anti-virus toolkit, designed for integration + with mail servers to perform attachment scanning. Clam AntiVirus also + provides a command line scanner and a tool for fetching updates of the + virus database. +
++ Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's + Quantum archive decompressor renders Clam AntiVirus vulnerable to a + Denial of Service attack. +
++ A remote attacker could exploit this vulnerability to cause a Denial of + Service by sending a specially crafted Quantum archive to the server. +
++ There is no known workaround at this time. +
++ All Clam AntiVirus users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.86.1"
+ + Heimdal is a free implementation of Kerberos 5 that includes a + telnetd server. +
++ It has been reported that the "getterminaltype" function of + Heimdal's telnetd server is vulnerable to buffer overflows. +
++ An attacker could exploit this vulnerability to execute arbitrary + code with the permission of the telnetd server program. +
++ There is no known workaround at this time. +
++ All users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5"
+ + The PEAR XML-RPC and phpxmlrpc libraries are both PHP + implementations of the XML-RPC protocol. +
++ James Bercegay of GulfTech Security Research discovered that the + PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using + the "POST" method. +
++ A remote attacker could exploit this vulnerability to execute + arbitrary PHP script code by sending a specially crafted XML document + to web applications making use of these libraries. +
++ There are no known workarounds at this time. +
++ All PEAR-XML_RPC users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/PEAR-XML_RPC-1.3.1"
+ + All phpxmlrpc users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/phpxmlrpc-1.1.1"
+ + WordPress is a PHP and MySQL based content management and + publishing system. +
++ James Bercegay of the GulfTech Security Research Team discovered + that WordPress insufficiently checks data passed to the XML-RPC server. + He also discovered that WordPress has several cross-site scripting and + full path disclosure vulnerabilities. +
++ An attacker could use the PHP script injection vulnerabilities to + execute arbitrary PHP script commands. Furthermore the cross-site + scripting vulnerabilities could be exploited to execute arbitrary + script code in a user's browser session in context of a vulnerable + site. +
++ There are no known workarounds at this time. +
++ All WordPress users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.3"
+ + phpBB is an Open Source bulletin board package. +
++ Ron van Daal discovered that phpBB contains a vulnerability in the + highlighting code. +
++ Successful exploitation would grant an attacker unrestricted access to + the PHP exec() or system() functions, allowing the execution of + arbitrary commands with the rights of the web server. +
++ Please follow the instructions given in the phpBB announcement. +
++ The phpBB package is no longer supported by Gentoo Linux and has been + masked in the Portage repository, no further announcements will be + issued regarding phpBB updates. Users who wish to continue using phpBB + are advised to monitor and refer to www.phpbb.com for more information. +
++ To continue using the Gentoo-provided phpBB package, please refer to + the Portage documentation on unmasking packages and upgrade to 2.0.16. +
++ RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +
++ RealPlayer is vulnerable to a heap overflow when opening RealMedia + files which make use of RealText. +
++ By enticing a user to play a specially crafted RealMedia file an + attacker could execute arbitrary code with the permissions of the user + running the application. +
++ There is no known workaround at this time. +
++ All RealPlayer users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.5"
+ + zlib is a widely used free and patent unencumbered data + compression library. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + buffer overflow in zlib. A bounds checking operation failed to take + invalid data into account, allowing a specifically malformed deflate + data stream to overrun a buffer. +
++ An attacker could construct a malformed data stream, embedding it + within network communication or an application file format, potentially + resulting in the execution of arbitrary code when decoded by the + application using the zlib library. +
++ There is no known workaround at this time. +
++ All zlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.2-r1"
+ + TikiWiki is a web-based groupware and content management system + (CMS), using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP + XML-RPC code. +
++ TikiWiki is vulnerable to arbitrary command execution as described + in GLSA 200507-01. +
++ A remote attacker could exploit this vulnerability to execute + arbitrary PHP code by sending specially crafted XML data. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r1"
+ + phpWebSite is a content management system written in PHP. +
++ phpWebSite fails to sanitize input sent to the XML-RPC server + using the "POST" method. Other unspecified vulnerabilities have been + discovered by Diabolic Crab of Hackers Center. +
++ A remote attacker could exploit the XML-RPC vulnerability to + execute arbitrary PHP script code by sending specially crafted XML data + to phpWebSite. The undisclosed vulnerabilities do have an unknown + impact. +
++ There is no known workaround at this time. +
++ All phpWebSite users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-app/phpwebsite-0.10.1-r1"
+ + phpGroupWare and eGroupWare are web based collaboration software + suites. +
++ The XML-RPC implementations of phpGroupWare and eGroupWare fail to + sanitize input sent to the XML-RPC server using the "POST" method. +
++ A remote attacker could exploit the XML-RPC vulnerability to + execute arbitrary PHP script code by sending specially crafted XML data + to the XML-RPC servers of phpGroupWare or eGroupWare. +
++ There are no known workarounds at this time. +
++ All phpGroupWare users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-app/phpgroupware-0.9.16.006"
+ + All eGroupWare users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-app/egroupware-1.0.0.008"
+ + Adobe Acrobat Reader is a utility used to view PDF files. +
++ A buffer overflow has been discovered in the + UnixAppOpenFilePerform() function, which is called when Adobe Acrobat + Reader tries to open a file with the "\Filespec" tag. +
++ By enticing a user to open a specially crafted PDF document, a + remote attacker could exploit this vulnerability to execute arbitrary + code. +
++ There is no known workaround at this time. +
++ Since Adobe will most likely not update the 5.0 series of Adobe + Acrobat Reader for Linux, all users should upgrade to the latest + available version of the 7.0 series: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-7.0"
+ + Ruby is an interpreted scripting language for quick and easy + object-oriented programming. XML-RPC is a remote procedure call + protocol encoded in XML. +
++ Nobuhiro IMAI reported that an invalid default value in "utils.rb" + causes the security protections of the XML-RPC server to fail. +
++ A remote attacker could exploit this vulnerability to execute + arbitrary commands. +
++ There is no known workaround at this time. +
++ All Ruby users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2-r2"
+ + MIT Kerberos 5 is the free implementation of the Kerberos network + authentication protocol by the Massachusetts Institute of Technology. +
++ Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the + heap by freeing unallocated memory when receiving a special TCP request + (CAN-2005-1174). He also discovered that the same request could lead to + a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered + that krb5_recvauth() function of MIT Kerberos 5 might try to + double-free memory (CAN-2005-1689). +
++ Although exploitation is considered difficult, a remote attacker + could exploit the single-byte heap overflow and the double-free + vulnerability to execute arbitrary code, which could lead to the + compromise of the whole Kerberos realm. A remote attacker could also + use the heap corruption to cause a Denial of Service. +
++ There are no known workarounds at this time. +
++ All MIT Kerberos 5 users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.4.1-r1"
+ + Bugzilla is a web-based bug-tracking system used by many projects. +
++ Bugzilla allows any user to modify the flags of any bug + (CAN-2005-2173). Bugzilla inserts bugs into the database before marking + them as private, in connection with MySQL replication this could lead + to a race condition (CAN-2005-2174). +
++ By manually changing the URL to process_bug.cgi, a remote attacker + could modify the flags of any given bug, which could trigger an email + including the bug summary to be sent to the attacker. The race + condition when using Bugzilla with MySQL replication could lead to a + short timespan (usually less than a second) where the summary of + private bugs is exposed to all users. +
++ There are no known workarounds at this time. +
++ All Bugzilla users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.3"
+ + pam_ldap is a Pluggable Authentication Module which allows + authentication against an LDAP directory. nss_ldap is a Name Service + Switch module which allows 'passwd', 'group' and 'host' database + information to be pulled from LDAP. TLS is Transport Layer Security, a + protocol that allows encryption of network communications. +
++ Rob Holland of the Gentoo Security Audit Team discovered that + pam_ldap and nss_ldap fail to use TLS for referred connections if they + are referred to a master after connecting to a slave, regardless of the + "ssl start_tls" ldap.conf setting. +
++ An attacker could sniff passwords or other sensitive information + as the communication is not encrypted. +
++ pam_ldap and nss_ldap can be set to force the use of SSL instead + of TLS. +
++ All pam_ldap users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-178-r1"
+ + All nss_ldap users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose sys-auth/nss_ldap
+ + Mozilla Firefox is the next-generation web browser from the + Mozilla project. +
++ The following vulnerabilities were found and fixed in Mozilla + Firefox: +
++ A remote attacker could craft malicious web pages that would + leverage these issues to inject and execute arbitrary script code with + elevated privileges, steal cookies or other information from web pages, + or spoof content. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.5"
+ + All Mozilla Firefox binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.5"
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +
++ James Bercegay has discovered that the XML-RPC implementation in + PHP fails to sanitize input passed in an XML document, which is used in + an "eval()" statement. +
++ A remote attacker could exploit the XML-RPC vulnerability to + execute arbitrary PHP script code by sending specially crafted XML data + to applications making use of this XML-RPC implementation. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/php-4.4.0"
+ + dhcpcd is a standards compliant DHCP client daemon. It requests an + IP address and other information from the DHCP server, automatically + configures the network interface, and tries to renew the lease time. +
++ infamous42md discovered that dhcpcd can be tricked to read past + the end of the supplied DHCP buffer. As a result, this might lead to a + crash of the daemon. +
++ With a malicious DHCP server an attacker could cause a Denial of + Service by crashing the DHCP client. +
++ There is no known workaround at this time. +
++ All dhcpcd users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-1.3.22_p4-r11"
+ + Mozilla Thunderbird is the next-generation mail client from the + Mozilla project. +
++ The following vulnerabilities were found and fixed in Mozilla + Thunderbird: +
++ A remote attacker could craft malicious email messages that would + leverage these issues to inject and execute arbitrary script code with + elevated privileges or help in stealing information. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Thunderbird users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.5"
+ + All Mozilla Thunderbird binary users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.5"
+ + MediaWiki is a collaborative editing software, used by big projects + like Wikipedia. +
++ MediaWiki fails to escape a parameter in the page move template + correctly. +
++ By enticing a user to visit a specially crafted URL, a remote attacker + could exploit this vulnerability to inject malicious JavaScript code + that will be executed in a user's browser session in the context of the + vulnerable site. +
++ There is no known workaround at this time. +
++ All MediaWiki users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.4.7"
+ + zlib is a widely used free and patent unencumbered data + compression library. +
++ zlib improperly handles invalid data streams which could lead to a + buffer overflow. +
++ By creating a specially crafted compressed data stream, attackers + can overwrite data structures for applications that use zlib, resulting + in arbitrary code execution or a Denial of Service. +
++ There is no known workaround at this time. +
++ All zlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.3"
+ + Shorewall is a high level tool for configuring Netfilter, the firewall + facility included in the Linux Kernel. +
++ Shorewall fails to enforce security policies if configured with + "MACLIST_DISPOSITION" set to "ACCEPT" or "MACLIST_TTL" set to a value + greater or equal to 0. +
++ A client authenticated by MAC address filtering could bypass all + security policies, possibly allowing him to gain access to restricted + services. The default installation has MACLIST_DISPOSITION=REJECT and + MACLIST_TTL=(blank) (equivalent to 0). This can be checked by looking + at the settings in /etc/shorewall/shorewall.conf +
++ Set "MACLIST_TTL" to "0" and "MACLIST_DISPOSITION" to "REJECT" in the + Shorewall configuration file (usually /etc/shorewall/shorewall.conf). +
++ All Shorewall users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-firewall/shorewall
+ + fetchmail is a utility that retrieves and forwards mail from + remote systems using IMAP, POP, and other protocols. +
++ fetchmail does not properly validate UIDs coming from a POP3 mail + server. The UID is placed in a fixed length buffer on the stack, which + can be overflown. +
++ Very long UIDs returned from a malicious or compromised POP3 + server can cause fetchmail to crash, resulting in a Denial of Service, + or allow arbitrary code to be placed on the stack. +
++ There are no known workarounds at this time. +
++ All fetchmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2"
+ + sandbox is a Gentoo Linux utility used by the Portage package + management system. +
++ The Gentoo Linux Security Audit Team discovered that the sandbox + utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use) + file creation race conditions. +
++ Local users may be able to create or overwrite arbitrary files with the + permissions of the root user. +
++ There is no known workaround at this time. +
++ All sandbox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. Kopete (also part of kdenetwork) is the + KDE Instant Messenger. +
++ Kopete contains an internal copy of libgadu and is therefore + subject to several input validation vulnerabilities in libgadu. +
++ A remote attacker could exploit this vulnerability to execute + arbitrary code or crash Kopete. +
++ Delete all Gadu Gadu contacts. +
++ All Kopete users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdenetwork
+ + All KDE Split Ebuild Kopete users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kopete-3.4.1-r1"
+ + The Mozilla Suite is an all-in-one Internet application suite + including a web browser, an advanced e-mail and newsgroup client, IRC + client and HTML editor. +
++ The following vulnerabilities were found and fixed in the Mozilla + Suite: +
++ A remote attacker could craft malicious web pages that would + leverage these issues to inject and execute arbitrary javascript code + with elevated privileges, steal cookies or other information from web + pages, or spoof content. +
++ There is no known workaround at this time. +
++ All Mozilla Suite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.10"
+ + All Mozilla Suite binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.10"
+ + Clam AntiVirus is a GPL anti-virus toolkit, designed for integration + with mail servers to perform attachment scanning. Clam AntiVirus also + provides a command line scanner and a tool for fetching updates of the + virus database. +
++ Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is + vulnerable to integer overflows when handling the TNEF, CHM and FSG + file formats. +
++ By sending a specially-crafted file an attacker could execute arbitrary + code with the permissions of the user running Clam AntiVirus. +
++ There is no known workaround at this time. +
++ All Clam AntiVirus users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.86.2"
+ + GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications + created to support Gadu Gadu instant messaging protocol. libgadu is a + library that implements the client side of the Gadu-Gadu protocol. +
++ GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer + overflow. +
++ A remote attacker could exploit the integer overflow to execute + arbitrary code or cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All GNU Gadu users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gnugadu-2.2.6-r1"
+ + All Kadu users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/kadu-0.4.1"
+ + All EKG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/ekg-1.6_rc3"
+ + All libgadu users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libgadu-20050719"
+ + All CenterICQ users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/centericq-4.20.0-r3"
+ + CenterICQ is no longer distributed with Gadu Gadu support, affected + users are encouraged to migrate to an alternative package. +
++ Ethereal is a feature-rich network protocol analyzer. +
++ There are numerous vulnerabilities in versions of Ethereal prior + to 0.10.12, including: +
++ An attacker might be able to use these vulnerabilities to crash + Ethereal or execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +
++ There is no known workaround at this time. +
++ All Ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.12"
+ + The x86 emulation base libraries for AMD64 emulate the x86 (32-bit) + architecture on the AMD64 (64-bit) architecture. +
++ Earlier versions of emul-linux-x86-baselibs contain a vulnerable + version of zlib, which may lead to a buffer overflow. +
++ By creating a specially crafted compressed data stream, attackers can + overwrite data structures for applications that use the x86 emulation + base libraries for AMD64, resulting in a Denial of Service and + potentially arbitrary code execution. +
++ There is no known workaround at this time. +
++ All AMD64 x86 emulation base libraries users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-baselibs
+ + pstotext is a program that works with GhostScript to extract plain text + from PostScript and PDF files. +
++ Max Vozeler reported that pstotext calls the GhostScript interpreter on + untrusted PostScript files without specifying the -dSAFER option. +
++ An attacker could craft a malicious PostScript file and entice a user + to run pstotext on it, resulting in the execution of arbitrary commands + with the permissions of the user running pstotext. +
++ There is no known workaround at this time. +
++ All pstotext users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/pstotext-1.8g-r1"
+ + The Compress::Zlib is a Perl module which provides an interface to + the zlib compression library. +
++ Compress::Zlib 1.34 contains a local vulnerable version of zlib, + which may lead to a buffer overflow. +
++ By creating a specially crafted compressed data stream, attackers + can overwrite data structures for applications that use Compress::Zlib, + resulting in a Denial of Service and potentially arbitrary code + execution. +
++ There is no known workaround at this time. +
++ All Compress::Zlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=perl-core/Compress-Zlib-1.35"
+ + ProFTPD is a configurable GPL-licensed FTP server software. +
+"infamous42md" reported that ProFTPD is vulnerable to format + string vulnerabilities when displaying a shutdown message containing + the name of the current directory, and when displaying response + messages to the client using information retrieved from a database + using mod_sql. +
++ A remote attacker could create a directory with a malicious name + that would trigger the format string issue if specific variables are + used in the shutdown message, potentially resulting in a Denial of + Service or the execution of arbitrary code with the rights of the user + running the ProFTPD server. An attacker with control over the database + contents could achieve the same result by introducing malicious + messages that would trigger the other format string issue when used in + server responses. +
++ Do not use the "%C", "%R", or "%U" in shutdown messages, and do + not set the "SQLShowInfo" directive. +
++ All ProFTPD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.2.10-r7"
+ + nbSMTP is an SMTP client suitable to run in chroot jails, in embedded + systems, laptops and workstations. +
++ Niels Heinen discovered a format string vulnerability. +
++ An attacker can setup a malicious SMTP server and exploit this + vulnerability to execute arbitrary code with the permissions of the + user running nbSMTP. +
++ There is no known workaround at this time. +
++ All nbSMTP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/nbsmtp-1.0"
+ + Netpbm is a package of 220 graphics programs and a programming + libraries, including pstopnm. pstopnm is a tool which converts + PostScript files to PNM image files. +
++ Max Vozeler reported that pstopnm calls the GhostScript interpreter on + untrusted PostScript files without specifying the -dSAFER option, to + convert a PostScript file into a PBM, PGM, or PNM file. +
++ An attacker could craft a malicious PostScript file and entice a user + to run pstopnm on it, resulting in the execution of arbitrary commands + with the permissions of the user running pstopnm. +
++ There is no known workaround at this time. +
++ All Netpbm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose media-libs/netpbm
+ + Heartbeat is a component of the High-Availability Linux project. + It it used to perform death-of-node detection, communications and + cluster management. +
++ Eric Romang has discovered that Heartbeat insecurely creates + temporary files with predictable filenames. +
++ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When a + vulnerable script is executed, this could lead to the file being + overwritten with the rights of the user running the affected + application. +
++ There is no known workaround at this time. +
++ All Heartbeat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/heartbeat-1.2.3-r1"
+ + Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +
++ Brandon Perry discovered that Gaim is vulnerable to a heap-based + buffer overflow when handling away messages (CAN-2005-2103). + Furthermore, Daniel Atallah discovered a vulnerability in the handling + of file transfers (CAN-2005-2102). +
++ A remote attacker could create a specially crafted away message + which, when viewed by the target user, could lead to the execution of + arbitrary code. Also, an attacker could send a file with a non-UTF8 + filename to a user, which would result in a Denial of Service. +
++ There is no known workaround at this time. +
++ All Gaim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gaim-1.5.0"
+ + AWStats is an advanced log file analyzer and statistics generator. + In HTTP reports it parses Referrer information in order to display the + most common Referrer values that caused users to visit the website. +
++ When using a URLPlugin, AWStats fails to sanitize Referrer URL + data before using them in a Perl eval() routine. +
++ A remote attacker can include arbitrary Referrer information in a + HTTP request to a web server, therefore injecting tainted data in the + log files. When AWStats is run on this log file, this can result in the + execution of arbitrary Perl code with the rights of the user running + AWStats. +
++ Disable all URLPlugins in the AWStats configuration. +
++ All AWStats users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-misc/awstats-6.5"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ Xpdf, Kpdf and GPdf are PDF file viewers that run under the X + Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part + of kdegraphics. +
++ Xpdf, Kpdf and GPdf do not handle a broken table of embedded + TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and + GPdf attempt to reconstruct the information in it by decoding the PDF + file, which causes the generation of a huge temporary file. +
++ A remote attacker may cause a Denial of Service by creating a + specially crafted PDF file, sending it to a CUPS printing system (which + uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf. +
++ There is no known workaround at this time. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r10"
+ + All GPdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r1"
+ + All Kpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.2-r3"
+ + All KDE Split Ebuild Kpdf users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.1-r1"
+ + bluez-utils are the utilities for use with the BlueZ + implementation of the Bluetooth wireless standards for Linux. +
++ The name of a Bluetooth device is improperly validated by the hcid + utility when a remote device attempts to pair itself with a computer. +
++ An attacker could create a malicious device name on a Bluetooth + device resulting in arbitrary commands being executed as root upon + attempting to pair the device with the computer. +
++ There are no known workarounds at this time. +
++ All bluez-utils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-2.19"
+ + Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and + intrusion detection system. +
++ Kismet is vulnerable to a heap overflow when handling pcap captures and + to an integer underflow in the CDP protocol dissector. +
++ With a specially crafted packet an attacker could cause Kismet to + execute arbitrary code with the rights of the user running the program. +
++ There is no known workaround at this time. +
++ All Kismet users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/kismet-2005.08.1"
+ + Adobe Reader is a utility used to view PDF files. +
++ A buffer overflow has been reported within a core application + plug-in, which is part of Adobe Reader. +
++ An attacker may create a specially-crafted PDF file, enticing a + user to open it. This could trigger a buffer overflow as the file is + being loaded, resulting in the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-7.0.1.1"
+ + Evolution is a GNOME groupware application. +
++ Ulf Harnhammar discovered that Evolution is vulnerable to format + string bugs when viewing attached vCards and when displaying contact + information from remote LDAP servers or task list data from remote + servers (CAN-2005-2549). He also discovered that Evolution fails to + handle special calendar entries if the user switches to the Calendars + tab (CAN-2005-2550). +
++ An attacker could attach specially crafted vCards to emails or + setup malicious LDAP servers or calendar entries which would trigger + the format string vulnerabilities when viewed or accessed from + Evolution. This could potentially result in the execution of arbitrary + code with the rights of the user running Evolution. +
++ There is no known workaround at this time. +
++ All Evolution users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.2.3-r3"
+ + The PEAR XML-RPC and phpxmlrpc libraries are both PHP + implementations of the XML-RPC protocol. +
++ Stefan Esser of the Hardened-PHP Project discovered that the PEAR + XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC + requests and responses with malformed nested tags. +
++ A remote attacker could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document to web applications making use of these libraries. +
++ There are no known workarounds at this time. +
++ All PEAR-XML_RPC users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/PEAR-XML_RPC-1.4.0"
+ + All phpxmlrpc users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/phpxmlrpc-1.2-r1"
+ + TikiWiki is a full featured Free Software Wiki, CMS and Groupware + written in PHP. eGroupWare is a web-based collaboration software suite. + Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC + requests. +
++ The XML-RPC library shipped in TikiWiki and eGroupWare improperly + handles XML-RPC requests and responses with malformed nested tags. +
++ A remote attacker could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document to TikiWiki or eGroupWare. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r2"
+ + All eGroupWare users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.0.0.009"
+ + The Apache HTTP Server Project is a featureful, freely-available HTTP + (Web) server. +
++ Filip Sneppe discovered that Apache improperly handles byterange + requests to CGI scripts. +
++ A remote attacker may access vulnerable scripts in a malicious way, + exhausting all RAM and swap space on the server, resulting in a Denial + of Service of the Apache server. +
++ There is no known workaround at this time. +
++ All apache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r9"
+ + Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
++ The Diffie-Hellman implementation of Tor fails to verify the + cryptographic strength of keys which are used during handshakes. +
++ By setting up a malicious Tor server and enticing users to use + this server as first hop, a remote attacker could read and modify all + traffic of the user. +
++ There is no known workaround at this time. +
++ All Tor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.1.0.14"
+ + libpcre is a library providing functions for Perl-compatible + regular expressions. +
++ libpcre fails to check certain quantifier values in regular + expressions for sane values. +
++ An attacker could possibly exploit this vulnerability to execute + arbitrary code by sending specially crafted regular expressions to + applications making use of the libpcre library. +
++ There is no known workaround at this time. +
++ All libpcre users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-6.3"
+ + PhpWiki is an application that creates a web site where anyone can + edit the pages through HTML forms. +
++ Earlier versions of PhpWiki contain an XML-RPC library that + improperly handles XML-RPC requests and responses with malformed nested + tags. +
++ A remote attacker could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document to PhpWiki. +
++ There is no known workaround at this time. +
++ All PhpWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r2"
+ + lm_sensors is a software package that provides drivers for + monitoring the temperatures, voltages, and fans of Linux systems with + hardware monitoring devices. +
++ Javier Fernandez-Sanguino Pena has discovered that lm_sensors + insecurely creates temporary files with predictable filenames when + saving configurations. +
++ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + the pwmconfig script of lm_sensors is executed, this would result in + the file being overwritten with the rights of the user running the + script, which typically is the root user. +
++ There is no known workaround at this time. +
++ All lm_sensors users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/lm_sensors-2.9.1-r1"
+ + phpGroupWare is a multi-user groupware suite written in PHP. +
++ phpGroupWare improperly validates the "mid" parameter retrieved + via a forum post. The current version of phpGroupWare also adds several + safeguards to prevent XSS issues, and disables the use of a potentially + vulnerable XML-RPC library. +
++ A remote attacker may leverage the XML-RPC vulnerability to + execute arbitrary PHP script code. He could also create a specially + crafted request that will reveal private posts. +
++ There is no known workaround at this time. +
++ All phpGroupWare users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"
+ + phpWebSite is a web site content management system. +
++ phpWebSite uses an XML-RPC library that improperly handles XML-RPC + requests and responses with malformed nested tags. Furthermore, + "matrix_killer" reported that phpWebSite is vulnerable to an SQL + injection attack. +
++ A malicious remote user could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document, and also inject SQL commands to access the + underlying database directly. +
++ There is no known workaround at this time. +
++ All phpWebSite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2_rc2"
+ + pam_ldap is a Pluggable Authentication Module which allows + authentication against LDAP directories. +
++ When a pam_ldap client attempts to authenticate against an LDAP + server that omits the optional error value from the + PasswordPolicyResponseValue, the authentication attempt will always + succeed. +
++ A remote attacker may exploit this vulnerability to bypass the + LDAP authentication mechanism, gaining access to the system possibly + with elevated privileges. +
++ There is no known workaround at this time. +
++ All pam_ldap users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-180"
+ + MPlayer is a media player capable of handling multiple multimedia + file formats. +
++ Sven Tantau discovered a heap overflow in the code handling the + strf chunk of PCM audio streams. +
++ An attacker could craft a malicious video or audio file which, + when opened using MPlayer, would end up executing arbitrary code on the + victim's computer with the permissions of the user running MPlayer. +
++ You can mitigate the issue by adding "ac=-pcm," to your MPlayer + configuration file (note that this will prevent you from playing + uncompressed audio). +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre7-r1"
+ + The Gnumeric spreadsheet is a versatile application developed as + part of the GNOME Office project. libpcre is a library providing + functions for Perl-compatible regular expressions. +
++ Gnumeric contains a private copy of libpcre which is subject to an + integer overflow leading to a heap overflow (see GLSA 200508-17). +
++ An attacker could potentially exploit this vulnerability by + tricking a user into opening a specially crafted spreadsheet, which + could lead to the execution of arbitrary code with the privileges of + the user running Gnumeric. +
++ There is no known workaround at this time. +
++ All Gnumeric users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2"
+ + OpenTTD is an open source clone of the simulation game "Transport + Tycoon Deluxe" by Microprose. +
++ Alexey Dobriyan discovered several format string vulnerabilities in + OpenTTD. +
++ A remote attacker could exploit these vulnerabilities to crash the + OpenTTD server or client and possibly execute arbitrary code with the + rights of the user running OpenTTD. +
++ There are no known workarounds at this time. +
++ All OpenTTD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.0.1-r1"
+ + phpLDAPadmin is a web-based LDAP client allowing to easily manage + LDAP servers. +
++ Alexander Gerasiov discovered a flaw in login.php preventing the + application from validating whether anonymous bind has been disabled in + the target LDAP server configuration. +
++ Anonymous users can access the LDAP server, even if the + "disable_anon_bind" parameter was explicitly set to avoid this. +
++ There is no known workaround at this time. +
++ All phpLDAPadmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nds/phpldapadmin-0.9.7_alpha6"
+ + Net-SNMP is a suite of applications used to implement the Simple + Network Management Protocol. +
++ James Cloos reported that Perl modules from the Net-SNMP package look + for libraries in an untrusted location. This is due to a flaw in the + Gentoo package, and not the Net-SNMP suite. +
++ A local attacker (member of the portage group) may be able to create a + shared object that would be loaded by the Net-SNMP Perl modules, + executing arbitrary code with the privileges of the user invoking the + Perl script. +
++ Limit group portage access to trusted users. +
++ All Net-SNMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1.2-r1"
+ + Squid is a full-featured Web proxy cache designed to run on Unix-like + systems. It supports proxying and caching of HTTP, FTP, and other + protocols, as well as SSL support, cache hierarchies, transparent + caching, access control lists and many more features. +
++ Certain malformed requests result in a segmentation fault in the + sslConnectTimeout function, handling of other certain requests trigger + assertion failures. +
++ By performing malformed requests an attacker could cause Squid to crash + by triggering an assertion failure or invalid memory reference. +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.10-r2"
+ + X.Org is X.Org Foundation's Public Implementation of the X Window + System. +
++ X.Org is missing an integer overflow check during pixmap memory + allocation. +
++ An X.Org user could exploit this issue to make the X server + execute arbitrary code with elevated privileges. +
++ There is no known workaround at this time. +
++ All X.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.8.2-r3"
+ + Python is an interpreted, interactive, object-oriented, + cross-platform programming language. The "re" Python module provides + regular expression functions. +
++ The "re" Python module makes use of a private copy of libpcre + which is subject to an integer overflow leading to a heap overflow (see + GLSA 200508-17). +
++ An attacker could target a Python-based web application (or SUID + application) that would use untrusted data as regular expressions, + potentially resulting in the execution of arbitrary code (or privilege + escalation). +
++ Python users that don't run any Python web application or SUID + application (or that run one that wouldn't use untrusted inputs as + regular expressions) are not affected by this issue. +
++ All Python users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.5-r2"
+ + Py2Play is a peer-to-peer network game engine written in Python. + Pickling is a Python feature allowing to serialize Python objects into + string representations (called pickles) that can be sent over the + network. +
++ Arc Riley discovered that Py2Play uses Python pickles to send objects + over a peer-to-peer game network, and that clients accept without + restriction the objects and code sent by peers. +
++ A remote attacker participating in a Py2Play-powered game can send + malicious Python pickles, resulting in the execution of arbitrary + Python code on the targeted game client. +
++ There is no known workaround at this time. +
++ All py2play users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/py2play-0.1.8"
+ + The GNU Mailutils are a collection of mail-related utilities, including + an IMAP4 server (imap4d). +
++ The imap4d server contains a format string bug in the handling of IMAP + SEARCH requests. +
++ An authenticated IMAP user could exploit the format string error in + imap4d to execute arbitrary code as the imap4d user, which is usually + root. +
++ There are no known workarounds at this time. +
++ All GNU Mailutils users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r2"
+ + The Mozilla Suite is a popular all-in-one web browser that includes a + mail and news reader. Mozilla Firefox is the next-generation browser + from the Mozilla project. Gecko is the layout engine used in both + products. +
++ The Mozilla Suite and Firefox are both vulnerable to the following + issues: +
++ The Gecko engine in itself is also affected by some of these issues and + has been updated as well. +
++ A remote attacker could setup a malicious site and entice a victim to + visit it, potentially resulting in arbitrary code execution with the + victim's privileges or facilitated spoofing of known websites. +
++ There is no known workaround for all the issues. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.7-r2"
+ + All Mozilla Suite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.12-r2"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.7"
+ + All Mozilla Suite binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.12"
+ + All Gecko library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gecko-sdk-1.7.12"
+ + +
++ The Apache HTTP server is one of the most popular web servers on the + Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 + and is also included in Apache 2. +
++ mod_ssl contains a security issue when "SSLVerifyClient optional" is + configured in the global virtual host configuration (CAN-2005-2700). + Also, Apache's httpd includes a PCRE library, which makes it vulnerable + to an integer overflow (CAN-2005-2491). +
++ Under a specific configuration, mod_ssl does not properly enforce the + client-based certificate authentication directive, "SSLVerifyClient + require", in a per-location context, which could be potentially used by + a remote attacker to bypass some restrictions. By creating a specially + crafted ".htaccess" file, a local attacker could possibly exploit + Apache's vulnerability, which would result in a local privilege + escalation. +
++ There is no known workaround at this time. +
++ All mod_ssl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-www/mod_ssl-2.8.24"
+ + All Apache 2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r15"
+ + Clam AntiVirus is a GPL anti-virus toolkit, designed for + integration with mail servers to perform attachment scanning. Clam + AntiVirus also provides a command line scanner and a tool for fetching + updates of the virus database. +
++ Clam AntiVirus is vulnerable to a buffer overflow in + "libclamav/upx.c" when processing malformed UPX-packed executables. It + can also be sent into an infinite loop in "libclamav/fsg.c" when + processing specially-crafted FSG-packed executables. +
++ By sending a specially-crafted file an attacker could execute + arbitrary code with the permissions of the user running Clam AntiVirus, + or cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All Clam AntiVirus users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87"
+ + Zebedee is an application that establishes an encrypted, compressed + tunnel for TCP/IP or UDP data transfer between two systems. +
++ "Shiraishi.M" reported that Zebedee crashes when "0" is received as the + port number in the protocol option header. +
++ By performing malformed requests a remote attacker could cause Zebedee + to crash. +
++ There is no known workaround at this time. +
++ All Zebedee users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-misc/zebedee
+ + util-linux is a suite of useful Linux programs including umount, a + program used to unmount filesystems. +
++ When a regular user mounts a filesystem, they are subject to + restrictions in the /etc/fstab configuration file. David Watson + discovered that when unmounting a filesystem with the '-r' option, the + read-only bit is set, while other bits, such as nosuid or nodev, are + not set, even if they were previously. +
++ An unprivileged user facing nosuid or nodev restrictions can + umount -r a filesystem clearing those bits, allowing applications to be + executed suid, or have device nodes interpreted. In the case where the + user can freely modify the contents of the filesystem, privilege + escalation may occur as a custom program may execute with suid + permissions. +
++ Two workarounds exist, first, the suid bit can be removed from the + umount utility, or users can be restricted from mounting and unmounting + filesystems in /etc/fstab. +
++ All util-linux users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.12q-r3"
+ + Mantis is a web-based bugtracking system written in PHP. +
++ Mantis fails to properly sanitize untrusted input before using it. + This leads to an SQL injection and several cross-site scripting + vulnerabilities. +
++ An attacker could possibly use the SQL injection vulnerability to + access or modify information from the Mantis database. Furthermore the + cross-site scripting issues give an attacker the ability to inject and + execute malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +
++ There is no known workaround at this time. +
++ All Mantis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.2"
+ + Webmin and Usermin are web-based system administration consoles. + Webmin allows an administrator to easily configure servers and other + features. Usermin allows users to configure their own accounts, execute + commands, and read e-mails. +
++ Keigo Yamazaki discovered that the miniserv.pl webserver, used in + both Webmin and Usermin, does not properly validate authentication + credentials before sending them to the PAM (Pluggable Authentication + Modules) authentication process. The default configuration shipped with + Gentoo does not enable the "full PAM conversations" option and is + therefore unaffected by this flaw. +
++ A remote attacker could bypass the authentication process and run + any command as the root user on the target server. +
++ Do not enable "full PAM conversations" in the Authentication + options of Webmin and Usermin. +
++ All Webmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/webmin-1.230"
+ + All Usermin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/usermin-1.160"
+ + Qt is a cross-platform GUI toolkit used by KDE. +
++ Qt links to a bundled vulnerable version of zlib when emerged with the + zlib USE-flag disabled. This may lead to a buffer overflow. +
++ By creating a specially crafted compressed data stream, attackers can + overwrite data structures for applications that use Qt, resulting in a + Denial of Service or potentially arbitrary code execution. +
++ Emerge Qt with the zlib USE-flag enabled. +
++ All Qt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r8"
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +
++ PHP makes use of a private copy of libpcre which is subject to an + integer overflow leading to a heap overflow (see GLSA 200508-17). It + also ships with an XML-RPC library affected by a script injection + vulnerability (see GLSA 200508-13). +
++ An attacker could target a PHP-based web application that would + use untrusted data as regular expressions, potentially resulting in the + execution of arbitrary code. If web applications make use of the + XML-RPC library shipped with PHP, they are also vulnerable to remote + execution of arbitrary PHP code. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-php/php
+ + All mod_php users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-php/mod_php
+ + All php-cgi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-php/php-cgi
+ + AbiWord is a free and cross-platform word processing program. It + allows to import RTF files into AbiWord documents. +
++ Chris Evans discovered that the RTF import function in AbiWord is + vulnerable to a stack-based buffer overflow. +
++ An attacker could design a malicious RTF file and entice the user + to import it in AbiWord, potentially resulting in the execution of + arbitrary code with the rights of the user running AbiWord. +
++ There is no known workaround at this time. +
++ All AbiWord users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/abiword-2.2.10"
+ + Hylafax is a client-server fax package for class 1 and 2 fax modems. +
++ Javier Fernandez-Sanguino has discovered that xferfaxstats cron script + supplied by Hylafax insecurely creates temporary files with predictable + filenames. +
++ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + the xferfaxstats script of Hylafax is executed, this would result in + the file being overwritten with the rights of the user running the + script, which typically is the root user. +
++ There is no known workaround at this time. +
++ All Hylafax users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-misc/hylafax
+ + gtkdiskfree is a GTK-based GUI to show free disk space. +
++ Eric Romang discovered that gtkdiskfree insecurely creates a + predictable temporary file to handle command output. +
++ A local attacker could create a symbolic link in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When gtkdiskfree is executed, this would result in the file being + overwritten with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All gtkdiskfree users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/gtkdiskfree-1.9.3-r1"
+ + The Berkeley MPEG Tools are a collection of utilities for + manipulating MPEG video technology, including an encoder (mpeg_encode) + and various conversion utilities. +
++ Mike Frysinger of the Gentoo Security Team discovered that + mpeg_encode and the conversion utilities were creating temporary files + with predictable or fixed filenames. The 'test' make target of the MPEG + Tools also relied on several temporary files created insecurely. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When the utilities are executed (or 'make test' is run), this would + result in the file being overwritten with the rights of the user + running the command. +
++ There is no known workaround at this time. +
++ All Berkeley MPEG Tools users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mpeg-tools-1.5b-r2"
+ + Uim is a multilingual input method library which provides secure and + useful input method for all languages. +
++ Masanari Yamamoto discovered that Uim uses environment variables + incorrectly. This bug causes a privilege escalation if setuid/setgid + applications are linked to libuim. This bug only affects + immodule-enabled Qt (if you build Qt 3.3.2 or later versions with + USE="immqt" or USE="immqt-bc"). +
++ A malicious local user could exploit this vulnerability to execute + arbitrary code with escalated privileges. +
++ There is no known workaround at this time. +
++ All Uim users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-i18n/uim-0.4.9.1"
+ + Texinfo is the official documentation system created by the GNU + project. +
++ Frank Lichtenheld has discovered that the "sort_offline()" + function in texindex insecurely creates temporary files with + predictable filenames. +
++ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When texindex is executed, this would result in the file being + overwritten with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All Texinfo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/texinfo-4.8-r1"
+ + Ruby is an interpreted scripting language for quick and easy + object-oriented programming. Ruby supports the safe execution of + untrusted code using a safe level and taint flag mechanism. +
++ Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce + safe level protections. +
++ An attacker could exploit this vulnerability to execute arbitrary + code beyond the restrictions specified in each safe level. +
++ There is no known workaround at this time. +
++ All Ruby users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.3"
+ + Dia is a gtk+ based diagram creation program released under the + GPL license. +
++ Joxean Koret discovered that the SVG import plugin in Dia fails to + properly sanitise data read from an SVG file. +
++ An attacker could create a specially crafted SVG file, which, when + imported into Dia, could lead to the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Dia users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r3"
+ + RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. Helix Player is an open source media player + for Linux. +
++ "c0ntex" reported that RealPlayer and Helix Player suffer from a heap + overflow. +
++ By enticing a user to play a specially crafted realpix (.rp) or + realtext (.rt) file, an attacker could execute arbitrary code with the + permissions of the user running the application. +
++ There is no known workaround at this time. +
++ All RealPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.6"
+ + Note to Helix Player users: There is currently no stable secure Helix + Player package. Affected users should remove the package until an + updated Helix Player package is released. +
++ xine-lib is a multimedia library which can be utilized to create + multimedia frontends. It includes functions to retrieve information + about audio CD contents from public CDDB servers. +
++ Ulf Harnhammar discovered a format string bug in the routines + handling CDDB server response contents. +
++ An attacker could submit malicious information about an audio CD + to a public CDDB server (or impersonate a public CDDB server). When the + victim plays this CD on a multimedia frontend relying on xine-lib, it + could end up executing arbitrary code. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose media-libs/xine-lib
+ + Weex is a non-interactive FTP client typically used to update web + pages. +
++ Ulf Harnhammar discovered a format string bug in Weex that can be + triggered when it is first run (or when its cache files are rebuilt, + using the -r option). +
++ An attacker could setup a malicious FTP server which, when + accessed using Weex, could trigger the format string bug and end up + executing arbitrary code with the rights of the user running Weex. +
++ There is no known workaround at this time. +
++ All Weex users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/weex-2.6.1.5-r1"
+ + uw-imap is the University of Washington's IMAP and POP server + daemons. +
++ Improper bounds checking of user supplied data while parsing IMAP + mailbox names can lead to overflowing the stack buffer. +
++ Successful exploitation requires an authenticated IMAP user to + request a malformed mailbox name. This can lead to execution of + arbitrary code with the permissions of the IMAP server. +
++ There are no known workarounds at this time. +
++ All uw-imap users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004g"
+ + OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. +
++ Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the + SSL_OP_ALL option, that implies it) can be forced by a third-party to + fallback to the less secure SSL 2.0 protocol, even if both parties + support the more secure SSL 3.0 or TLS 1.0 protocols. +
++ A man-in-the-middle attacker can weaken the encryption used to + communicate between two parties, potentially revealing sensitive + information. +
++ If possible, disable the use of SSL 2.0 in all OpenSSL-enabled + applications. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-libs/openssl
+ + KOffice is an integrated office suite for KDE. KWord is the + KOffice word processor. +
++ Chris Evans discovered that the KWord RTF importer was vulnerable + to a heap-based buffer overflow. +
++ An attacker could entice a user to open a specially-crafted RTF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running the affected application. +
++ There is no known workaround at this time. +
++ All KOffice users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.1-r1"
+ + All KWord users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.1-r1"
+ + SPE is a cross-platform Python Integrated Development Environment + (IDE). +
++ It was reported that due to an oversight all SPE's files are set as + world-writeable. +
++ A local attacker could modify the executable files, causing arbitrary + code to be executed with the permissions of the user running SPE. +
++ There is no known workaround at this time. +
++ All SPE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-util/spe
+ + Perl is a stable, cross-platform programming language created by Larry + Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform + build environment. +
++ Some packages may introduce insecure paths into the list of directories + that are searched for libraries at runtime. Furthermore, packages + depending on the MakeMaker Perl module for build configuration may have + incorrectly copied the LD_RUN_PATH into the DT_RPATH. +
++ A local attacker, who is a member of the "portage" group, could create + a malicious shared object in the Portage temporary build directory that + would be loaded at runtime by a dependent executable, potentially + resulting in privilege escalation. +
++ Only grant "portage" group rights to trusted users. +
++ All Perl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-lang/perl
+ + All Qt-UnixODBC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/qt-unixODBC-3.3.4-r1"
+ + All CMake users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-util/cmake
+ + Lynx is a text-mode browser for the World Wide Web. It supports + multiple URL types, including HTTP and NNTP URLs. +
++ When accessing a NNTP URL, Lynx connects to a NNTP server and + retrieves information about the available articles in the target + newsgroup. Ulf Harnhammar discovered a buffer overflow in a function + that handles the escaping of special characters. +
++ An attacker could setup a malicious NNTP server and entice a user + to access it using Lynx (either by creating NNTP links on a web page or + by forcing a redirect for Lynx users). The data returned by the NNTP + server would trigger the buffer overflow and execute arbitrary code + with the rights of the user running Lynx. +
++ There is no known workaround at this time. +
++ All Lynx users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.5-r1"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL over the web. +
++ Maksymilian Arciemowicz reported that in + libraries/grab_globals.lib.php, the $__redirect parameter was not + correctly validated. Systems running PHP in safe mode are not affected. +
++ A local attacker may exploit this vulnerability by sending malicious + requests, causing the execution of arbitrary code with the rights of + the user running the web server. +
++ Run PHP in safe mode. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.4_p2"
+ + AbiWord is a free and cross-platform word processing program. It + allows to import RTF files into AbiWord documents. +
++ Chris Evans discovered a different set of buffer overflows than + the one described in GLSA 200509-20 in the RTF import function in + AbiWord. +
++ An attacker could design a malicious RTF file and entice a user to + import it in AbiWord, potentially resulting in the execution of + arbitrary code with the rights of the user running AbiWord. +
++ There is no known workaround at this time. +
++ All AbiWord users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/abiword-2.2.11"
+ + Netpbm is a package of 220 graphics programs and a programming library, + including pnmtopng, a tool to convert PNM image files to the PNG + format. +
++ RedHat reported that pnmtopng is vulnerable to a buffer overflow. +
++ An attacker could craft a malicious PNM file and entice a user to run + pnmtopng on it, potentially resulting in the execution of arbitrary + code with the permissions of the user running pnmtopng. +
++ There is no known workaround at this time. +
++ All Netpbm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose media-libs/netpbm
+ + cURL is a command line tool and library for transferring files via + many different protocols. It supports NTLM authentication to retrieve + files from Windows-based systems. +
++ iDEFENSE reported that insufficient bounds checking on a memcpy() + of the supplied NTLM username can result in a stack overflow. +
++ A remote attacker could setup a malicious server and entice an + user to connect to it using a cURL client, potentially leading to the + execution of arbitrary code with the permissions of the user running + cURL. +
++ Disable NTLM authentication by not using the --anyauth or --ntlm + options when using cURL (the command line version). Workarounds for + programs that use the cURL library depend on the configuration options + presented by those programs. +
++ All cURL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.0"
+ + Zope is an application server that can be used to build content + management systems, intranets, portals or other custom applications. +
++ Zope honors file inclusion directives in RestructuredText objects by + default. +
++ An attacker could exploit the vulnerability by sending malicious input + that would be interpreted in a RestructuredText Zope object, + potentially resulting in the execution of arbitrary Zope code with the + rights of the Zope server. +
++ There is no known workaround at this time. +
++ All Zope users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-zope/zope
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL over the web. +
++ Stefan Esser discovered that by calling certain PHP files directly, it + was possible to workaround the grab_globals.lib.php security model and + overwrite the $cfg configuration array. Systems running PHP in safe + mode are not affected. Futhermore, Tobias Klein reported several + cross-site-scripting issues resulting from insufficient user input + sanitizing. +
++ A local attacker may exploit this vulnerability by sending malicious + requests, causing the execution of arbitrary code with the rights of + the user running the web server. Furthermore, the cross-site scripting + issues give a remote attacker the ability to inject and execute + malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +
++ There is no known workaround for all those issues at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.4_p3"
+ + PAM (Pluggable Authentication Modules) is an architecture allowing + the separation of the development of privilege granting software from + the development of secure and appropriate authentication schemes. + SELinux is an operating system based on Linux which includes Mandatory + Access Control. +
++ The SELinux patches for PAM introduce a vulnerability allowing a + password to be checked with the unix_chkpwd utility without delay or + logging. This vulnerability doesn't affect users who do not run + SELinux. +
++ A local attacker could exploit this vulnerability to brute-force + passwords and escalate privileges on an SELinux system. +
++ There is no known workaround at this time. +
++ All SELinux PAM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/pam-0.78-r3"
+ + TikiWiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +
++ Due to improper input validation, TikiWiki can be exploited to perform + cross-site scripting attacks. +
++ A remote attacker could exploit this to inject and execute malicious + script code or to steal cookie-based authentication credentials, + potentially compromising the victim's browser. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.1.1"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ Mantis is a web-based bugtracking system written in PHP. +
++ Mantis contains several vulnerabilities, including: +
++ An attacker could exploit the remote file inclusion vulnerability to + execute arbitrary script code, and the SQL injection vulnerability to + access or modify sensitive information from the Mantis database. + Furthermore the cross-site scripting issues give an attacker the + ability to inject and execute malicious script code or to steal + cookie-based authentication credentials, potentially compromising the + victim's browser. An attacker could exploit other vulnerabilities to + disclose information. +
++ There is no known workaround at this time. +
++ All Mantis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.3"
+ + Ethereal is a feature-rich network protocol analyzer. +
++ There are numerous vulnerabilities in versions of Ethereal prior + to 0.10.13, including: +
++ Furthermore an infinite + loop was discovered in the IRC protocol dissector of the 0.10.13 + release (CVE-2005-3313). +
++ An attacker might be able to use these vulnerabilities to crash + Ethereal or execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +
++ There is no known workaround at this time. +
++ All Ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.13-r1"
+ + XLI and Xloadimage are X11 image manipulation utilities. +
++ When XLI or Xloadimage process an image, they create a new image + object to contain the new image, copying the title from the old image + to the newly created image. Ariel Berkman reported that the 'zoom', + 'reduce', and 'rotate' functions use a fixed length buffer to contain + the new title, which could be overwritten by the NIFF or XPM image + processors. +
++ A malicious user could craft a malicious XPM or NIFF file and + entice a user to view it using XLI, or manipulate it using Xloadimage, + potentially resulting in the execution of arbitrary code with the + permissions of the user running XLI or Xloadimage. +
++ There is no known workaround at this time. +
++ All XLI users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r2"
+ + All Xloadimage users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r4"
+ + libgda is the library handling the data abstraction layer in the + Gnome data access architecture (GNOME-DB). It can also be used by + non-GNOME applications to manage data stored in databases or XML files. +
++ Steve Kemp discovered two format string vulnerabilities in the + gda_log_error and gda_log_message functions. Some applications may pass + untrusted input to those functions and be vulnerable. +
++ An attacker could pass malicious input to an application making + use of the vulnerable libgda functions, potentially resulting in the + execution of arbitrary code with the rights of that application. +
++ There is no known workaround at this time. +
++ All libgda users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/libgda-1.2.2-r1"
+ + QDBM is a library of routines for managing a database. ImageMagick is a + collection of tools to read, write and manipulate images. GDAL is a + geospatial data abstraction library. +
++ Some packages may introduce insecure paths into the list of directories + that are searched for libraries at runtime. Furthermore, packages + depending on the MakeMaker Perl module for build configuration may have + incorrectly copied the LD_RUN_PATH into the DT_RPATH. +
++ A local attacker, who is a member of the "portage" group, could create + a malicious shared object in the Portage temporary build directory that + would be loaded at runtime by a dependent executable, potentially + resulting in privilege escalation. +
++ Only grant "portage" group rights to trusted users. +
++ All QDBM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/qdbm-1.8.33-r2"
+ + All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.4.2-r1"
+ + All GDAL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose sci-libs/gdal
+ + giflib is a library for reading and writing GIF images. +
++ Chris Evans and Daniel Eisenbud independently discovered two + out-of-bounds memory write operations and a NULL pointer dereference in + giflib. +
++ An attacker could craft a malicious GIF image and entice users to + load it using an application making use of the giflib library, + resulting in an application crash or potentially the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All giflib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/giflib-4.1.4"
+ + ClamAV is a GPL anti-virus toolkit, designed for integration with mail + servers to perform attachment scanning. ClamAV also provides a command + line scanner and a tool for fetching updates of the virus database. +
++ ClamAV has multiple security flaws: a boundary check was performed + incorrectly in petite.c, a buffer size calculation in unfsg_133 was + incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a + possible infinite loop in cabd_find was fixed in cabd.c . In addition + to this, Marcin Owsiany reported that a corrupted DOC file causes a + segmentation fault in ClamAV. +
++ By sending a malicious attachment to a mail server that is hooked with + ClamAV, a remote attacker could cause a Denial of Service or the + execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87.1"
+ + GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and + other media formats. +
++ Steve Kemp reported about two cross-site scripting attacks that are + related to the handling of files (CVE-2005-3424, CVE-2005-3425). Also + reported is a directory traversal vulnerability which comes from the + attempt to sanitize input paths (CVE-2005-3123). +
++ A remote attacker could exploit this to disclose sensitive information + or inject and execute malicious script code, potentially compromising + the victim's browser. +
++ There is no known workaround at this time. +
++ All GNUMP3d users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9_pre7"
+ + fetchmail is a utility that retrieves and forwards mail from + remote systems using IMAP, POP, and other protocols. It ships with + fetchmailconf, a graphical utility used to create configuration files. +
++ Thomas Wolff discovered that fetchmailconf opens the configuration + file with default permissions, writes the configuration to it, and only + then restricts read permissions to the owner. +
++ A local attacker could exploit the race condition to retrieve + sensitive information like IMAP/POP passwords. +
++ Run "umask 077" to temporarily strengthen default permissions, + then run "fetchmailconf" from the same shell. +
++ All fetchmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2-r1"
+ + OpenVPN is a multi-platform, full-featured SSL VPN solution. +
++ The OpenVPN client contains a format string bug in the handling of + the foreign_option in options.c. Furthermore, when the OpenVPN server + runs in TCP mode, it may dereference a NULL pointer under specific + error conditions. +
++ A remote attacker could setup a malicious OpenVPN server and trick + the user into connecting to it, potentially executing arbitrary code on + the client's computer. A remote attacker could also exploit the NULL + dereference issue by sending specific packets to an OpenVPN server + running in TCP mode, resulting in a Denial of Service condition. +
++ Do not use "pull" or "client" options in the OpenVPN client + configuration file, and use UDP mode for the OpenVPN server. +
++ All OpenVPN users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.0.4"
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version and also stand-alone in a CLI. +
++ Multiple vulnerabilities have been found and fixed in PHP: +
++ Attackers could leverage these issues to exploit applications that + are assumed to be secure through the use of proper register_globals, + safe_mode or open_basedir parameters. Remote attackers could also + conduct cross-site scripting attacks if a page calling phpinfo() was + available. Finally, a local attacker could cause a local Denial of + Service using malicious session.save_path options. +
++ There is no known workaround that would solve all issues at this + time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-php/php
+ + All mod_php users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-php/mod_php
+ + All php-cgi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-php/php-cgi
+ + Lynx is a fully-featured WWW client for users running + cursor-addressable, character-cell display devices such as vt100 + terminals and terminal emulators. +
++ iDefense labs discovered a problem within the feature to execute + local cgi-bin programs via the "lynxcgi:" URI handler. Due to a + configuration error, the default settings allow websites to specify + commands to run as the user running Lynx. +
++ A remote attacker can entice a user to access a malicious HTTP + server, causing Lynx to execute arbitrary commands. +
++ Disable "lynxcgi" links by specifying the following directive in + lynx.cfg: +
+
+ TRUSTED_LYNXCGI:none
+ + All Lynx users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.5-r2"
+ + RAR is a powerful archive manager that can decompress RAR, ZIP and + other files, and can create new archives in RAR and ZIP file format. +
++ Tan Chew Keong reported about two vulnerabilities found in RAR: +
++ A remote attacker could exploit these vulnerabilities by enticing + a user to: +
++ When the user performs these + actions, the arbitrary code of the attacker's choice will be executed. +
++ There is no known workaround at this time. +
++ All RAR users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/rar-3.5.1"
+ + linux-ftpd-ssl is the netkit FTP server with encryption support. +
++ A buffer overflow vulnerability has been found in the + linux-ftpd-ssl package. A command that generates an excessively long + response from the server may overrun a stack buffer. +
++ An attacker that has permission to create directories that are + accessible via the FTP server could exploit this vulnerability. + Successful exploitation would execute arbitrary code on the local + machine with root privileges. +
++ There is no known workaround at this time. +
++ All ftpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r3"
+ + Scorched 3D is a clone of the classic "Scorched Earth" DOS game, adding + features like a 3D island environment and Internet multiplayer + capabilities. +
++ Luigi Auriemma discovered multiple flaws in the Scorched 3D game + server, including a format string vulnerability and several buffer + overflows. +
++ A remote attacker can exploit these vulnerabilities to crash a game + server or execute arbitrary code with the rights of the game server + user. Users not running a Scorched 3D game server are not affected by + these flaws. +
++ There is no known workaround at this time. +
++ All Scorched 3D users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-strategy/scorched3d-40"
+ + Sylpheed is a lightweight email client and newsreader. + Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both + support the import of address books in LDIF (Lightweight Directory + Interchange Format). +
++ Colin Leroy reported buffer overflow vulnerabilities in Sylpheed + and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to + store data of variable length. Two similar problems exist also in the + Mutt and Pine addressbook importers of Sylpheed-Claws. +
++ By convincing a user to import a specially-crafted LDIF file into + the address book, a remote attacker could cause the program to crash, + potentially allowing the execution of arbitrary code with the + privileges of the user running the software. +
++ There is no known workaround at this time. +
++ All Sylpheed users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-2.0.4"
+ + All Sylpheed-Claws users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.5-r1"
+ + GTK+ (the GIMP Toolkit) is a toolkit for creating graphical user + interfaces. The GdkPixbuf library provides facilities for image + handling. It is available as a standalone library and also packaged + with GTK+ 2. +
++ iDEFENSE reported a possible heap overflow in the XPM loader + (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two + additional issues in the XPM processing functions : an integer overflow + (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop + (CVE-2005-2975). +
++ Using a specially crafted XPM image an attacker could cause an + affected application to enter an infinite loop or trigger the + overflows, potentially allowing the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All GTK+ 2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose x11-libs/gtk+
+ + All GdkPixbuf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gdk-pixbuf-0.22.0-r5"
+ + Smb4K is a SMB/CIFS share browser for KDE. +
++ A vulnerability leading to unauthorized file access has been + found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a + textfile will cause Smb4k to write the contents of these files to the + target of the symlink, as Smb4k does not check for the existence of + these files before writing to them. +
++ An attacker could acquire local privilege escalation by adding + username(s) to the list of sudoers. +
++ There is no known workaround at this time. +
++ All smb4k users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.4"
+ + GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and + other media formats. +
++ Ludwig Nussel from SUSE Linux has identified two vulnerabilities in + GNUMP3d. GNUMP3d fails to properly check for the existence of + /tmp/index.lok before writing to the file, allowing for local + unauthorized access to files owned by the user running GNUMP3d. GNUMP3d + also fails to properly validate the "theme" GET variable from CGI + input, allowing for unauthorized file inclusion. +
++ An attacker could overwrite files owned by the user running GNUMP3d by + symlinking /tmp/index.lok to the file targeted for overwrite. An + attacker could also include arbitrary files by traversing up the + directory tree (at most two times, i.e. "../..") with the "theme" GET + variable. +
++ There is no known workaround at this time. +
++ All GNUMP3d users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9_pre7"
+ + FUSE (Filesystem in Userspace) allows implementation of a fully + functional filesystem in a userspace program. The fusermount utility is + used to mount/unmount FUSE file systems. +
++ Thomas Biege discovered that fusermount fails to securely handle + special characters specified in mount points. +
++ A local attacker could corrupt the contents of the /etc/mtab file + by mounting over a maliciously-named directory using fusermount, + potentially allowing the attacker to set unauthorized mount options. + This is possible only if fusermount is installed setuid root, which is + the default in Gentoo. +
++ There is no known workaround at this time. +
++ All FUSE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/fuse-2.4.1-r1"
+ + phpSysInfo displays various system stats via PHP scripts. +
++ Christopher Kunz from the Hardened-PHP Project discovered + that phpSysInfo is vulnerable to local file inclusion, cross-site + scripting and a HTTP Response Splitting attacks. +
++ A local attacker may exploit the file inclusion vulnerability by + sending malicious requests, causing the execution of arbitrary code + with the rights of the user running the web server. A remote attacker + could exploit the vulnerability to disclose local file content. + Furthermore, the cross-site scripting issues gives a remote attacker + the ability to inject and execute malicious script code in the user's + browser context or to steal cookie-based authentication credentials. + The HTTP response splitting issue give an attacker the ability to + perform site hijacking and cache poisoning. +
++ There is no known workaround at this time. +
++ All phpSysInfo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpsysinfo-2.4.1"
+ + eix is a small utility for searching ebuilds with indexing for fast + results. +
++ Eric Romang discovered that eix creates a temporary file with a + predictable name. eix creates a temporary file in /tmp/eix.*.sync where + * is the process ID of the shell running eix. +
++ A local attacker can watch the process list and determine the process + ID of the shell running eix while the "emerge --sync" command is + running, then create a link from the corresponding temporary file to a + system file, which would result in the file being overwritten with the + rights of the user running the application. +
++ There is no known workaround at this time. +
++ All eix users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-portage/eix
+ + The Horde Application Framework is a general-purpose web + application framework written in PHP, providing classes for handling + preferences, compression, browser detection, connection tracking, MIME, + and more. +
++ The Horde Team reported a potential XSS vulnerability. Horde fails + to properly escape error messages which may lead to displaying + unsanitized error messages via Notification_Listener::getMessage() +
++ By enticing a user to read a specially-crafted e-mail or using a + manipulated URL, an attacker can execute arbitrary scripts running in + the context of the victim's browser. This could lead to a compromise of + the user's browser content. +
++ There is no known workaround at this time. +
++ All Horde Application Framework users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.9"
+ + The Macromedia Flash Player is a renderer for the popular SWF + filetype which is commonly used to provide interactive websites, + digital experiences and mobile content. +
++ When handling a SWF file, the Macromedia Flash Player incorrectly + validates the frame type identifier stored in the SWF file which is + used as an index to reference an array of function pointers. A + specially crafted SWF file can cause this index to reference memory + outside of the scope of the Macromedia Flash Player, which in turn can + cause the Macromedia Flash Player to use unintended memory address(es) + as function pointers. +
++ An attacker serving a maliciously crafted SWF file could entice a + user to view the SWF file and execute arbitrary code on the user's + machine. +
++ There is no known workaround at this time. +
++ All Macromedia Flash Player users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-7.0.61"
+ + Inkscape is an Open Source vector graphics editor using the W3C + standard Scalable Vector Graphics (SVG) file format. +
++ Joxean Koret has discovered that Inkscape incorrectly allocates + memory when opening an SVG file, creating the possibility of a buffer + overflow if the SVG file being opened is specially crafted. +
++ An attacker could entice a user into opening a maliciously crafted + SVG file, allowing for the execution of arbitrary code on a machine + with the privileges of the user running Inkscape. +
++ There is no known workaround at this time. +
++ All Inkscape users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/inkscape-0.43"
+ + chmlib is a library for dealing with Microsoft ITSS and CHM format + files. KchmViewer is a CHM viewer that includes its own copy of the + chmlib library. +
++ Sven Tantau reported about a buffer overflow vulnerability in + chmlib. The function "_chm_decompress_block()" does not properly + perform boundary checking, resulting in a stack-based buffer overflow. +
++ By convincing a user to open a specially crafted ITSS or CHM file, + using KchmViewer or a program makes use of chmlib, a remote attacker + could execute arbitrary code with the privileges of the user running + the software. +
++ There is no known workaround at this time. +
++ All chmlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/chmlib-0.37.4"
+ + All KchmViewer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/kchmviewer-1.1"
+ + Perl is a stable, cross-platform programming language created by + Larry Wall. It contains printf functions that allows construction of + strings from format specifiers and parameters, like the C printf + functions. A well-known class of vulnerabilities, called format string + errors, result of the improper use of the printf functions in C. Perl + in itself is vulnerable to a limited form of format string errors + through its own sprintf function, especially through wrapper functions + that call sprintf (for example the syslog function) and by taking + advantage of Perl powerful string expansion features rather than using + format string specifiers. +
++ Jack Louis discovered a new way to exploit format string errors in + Perl that could lead to the execution of arbitrary code. This is + perfomed by causing an integer wrap overflow in the efix variable + inside the function Perl_sv_vcatpvfn. The proposed fix closes that + specific exploitation vector to mitigate the risk of format string + programming errors in Perl. This fix does not remove the need to fix + such errors in Perl code. +
++ Perl applications making improper use of printf functions (or + derived functions) using untrusted data may be vulnerable to the + already-known forms of Perl format string exploits and also to the + execution of arbitrary code. +
++ Fix all misbehaving Perl applications so that they make proper use + of the printf and derived Perl functions. +
++ All Perl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-lang/perl
+ + Webmin is a web-based interface for Unix-like systems. Usermin is + a simplified version of Webmin designed for use by normal users rather + than system administrators. +
++ Jack Louis discovered that the Webmin and Usermin "miniserv.pl" + web server component is vulnerable to a Perl format string + vulnerability. Login with the supplied username is logged via the Perl + "syslog" facility in an unsafe manner. +
++ A remote attacker can trigger this vulnerability via a specially + crafted username containing format string data. This can be exploited + to consume a large amount of CPU and memory resources on a vulnerable + system, and possibly to execute arbitrary code of the attacker's choice + with the permissions of the user running Webmin. +
++ There is no known workaround at this time. +
++ All Webmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/webmin-1.250"
+ + All Usermin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/usermin-1.180"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL over the web. +
++ Stefan Esser from Hardened-PHP reported about multiple + vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows + modifying the global variable import_blacklist to open phpMyAdmin to + local and remote file inclusion, depending on your PHP version + (CVE-2005-4079, PMASA-2005-9). Furthermore, it is also possible to + conduct an XSS attack via the $HTTP_HOST variable and a local and + remote file inclusion because the contents of the variable are under + total control of the attacker (CVE-2005-3665, PMASA-2005-8). +
++ A remote attacker may exploit these vulnerabilities by sending + malicious requests, causing the execution of arbitrary code with the + rights of the user running the web server. The cross-site scripting + issues allow a remote attacker to inject and execute malicious script + code or to steal cookie-based authentication credentials, potentially + allowing unauthorized access to phpMyAdmin. +
++ There is no known workaround at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.7.0_p1"
+ + Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port + of KAME's implementation of the IPsec utilities, including racoon, an + Internet Key Exchange daemon. Internet Key Exchange version 1 (IKEv1), + a derivate of ISAKMP, is an important part of IPsec. IPsec is widely + used to secure exchange of packets at the IP layer and mostly used to + implement Virtual Private Networks (VPNs). +
++ The Oulu University Secure Programming Group (OUSPG) discovered that + various ISAKMP implementations, including Openswan and racoon (included + in the IPsec-Tools package), behave in an anomalous way when they + receive and handle ISAKMP Phase 1 packets with invalid or abnormal + contents. +
++ A remote attacker could craft specific packets that would result in a + Denial of Service attack, if Openswan and racoon are used in specific, + weak configurations. +
++ There is no known workaround at this time. +
++ All Openswan users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.4"
+ + All IPsec-Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-firewall/ipsec-tools
+ + Xmail is an Internet and intranet mail server. +
++ iDEFENSE reported that the AddressFromAtPtr function in the + sendmail program fails to check bounds on arguments passed from other + functions, and as a result an exploitable stack overflow condition + occurs when specifying the "-t" command line option. +
++ A local attacker can make a malicious call to sendmail, + potentially resulting in code execution with elevated privileges. +
++ There is no known workaround at this time. +
++ All Xmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/xmail-1.22"
+ + Ethereal is a feature-rich network protocol analyzer. It provides + protocol analyzers for various network flows, including one for Open + Shortest Path First (OSPF) Interior Gateway Protocol. +
++ iDEFENSE reported a possible overflow due to the lack of bounds + checking in the dissect_ospf_v3_address_prefix() function, part of the + OSPF protocol dissector. +
++ An attacker might be able to craft a malicious network flow that + would crash Ethereal. It may be possible, though unlikely, to exploit + this flaw to execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +
++ There is no known workaround at this time. +
++ All Ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.13-r2"
+ + OpenLDAP is a suite of LDAP-related application and development tools. + Gauche is an R5RS Scheme interpreter. +
++ Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths + into the list of directories that are searched for libraries at + runtime. +
++ A local attacker, who is a member of the "portage" group, could create + a malicious shared object in the Portage temporary build directory that + would be loaded at runtime by a dependent binary, potentially resulting + in privilege escalation. +
++ Only grant "portage" group rights to trusted users. +
++ All OpenLDAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-nds/openldap
+ + All Gauche users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-scheme/gauche-0.8.6-r1"
+ + Xpdf and GPdf are PDF file viewers that run under the X Window System. + Poppler is a PDF rendering library based on Xpdf code. The Common UNIX + Printing System (CUPS) is a cross-platform print spooler. It makes use + of Xpdf code to handle PDF files. +
++ infamous41md discovered that several Xpdf functions lack sufficient + boundary checking, resulting in multiple exploitable buffer overflows. +
++ An attacker could entice a user to open a specially-crafted PDF file + which would trigger an overflow, potentially resulting in execution of + arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or + Poppler. +
++ There is no known workaround at this time. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r2"
+ + All GPdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r2"
+ + All Poppler users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-text/poppler
+ + All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r3"
+ + cURL is a command line tool for transferring files with URL + syntax, supporting numerous protocols. +
++ Stefan Esser from the Hardened-PHP Project has reported a + vulnerability in cURL that allows for a local buffer overflow when cURL + attempts to parse specially crafted URLs. The URL can be specially + crafted in one of two ways: the URL could be malformed in a way that + prevents a terminating null byte from being added to either a hostname + or path buffer; or the URL could contain a "?" separator in the + hostname portion, which causes a "/" to be prepended to the resulting + string. +
++ An attacker capable of getting cURL to parse a maliciously crafted + URL could cause a denial of service or execute arbitrary code with the + privileges of the user making the call to cURL. An attacker could also + escape open_basedir or safe_mode pseudo-restrictions when exploiting + this problem from within a PHP program when PHP is compiled with + libcurl. +
++ There is no known workaround at this time. +
++ All cURL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.1"
+ + Opera is a multi-platform web browser. +
++ Peter Zelezny discovered that the shell script used to launch + Opera parses shell commands that are enclosed within backticks in the + URL provided via the command line. +
++ A remote attacker could exploit this vulnerability by enticing a + user to follow a specially crafted URL from a tool that uses Opera to + open URLs, resulting in the execution of arbitrary commands on the + targeted machine. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-8.51"
+ + CenterICQ is a text-based instant messaging interface that + supports multiple protocols. It includes the ktools library, which + provides text-mode user interface controls. +
++ Gentoo developer Wernfried Haas discovered that when the "Enable + peer-to-peer communications" option is enabled, CenterICQ opens a port + that insufficiently validates whatever is sent to it. Furthermore, + Zone-H Research reported a buffer overflow in the ktools library. +
++ A remote attacker could cause a crash of CenterICQ by sending + packets to the peer-to-peer communications port, and potentially cause + the execution of arbitrary code by enticing a CenterICQ user to edit + overly long contact details. +
++ There is no known workaround at this time. +
++ All CenterICQ users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/centericq-4.21.0-r2"
+ + Mantis is a web-based bugtracking system written in PHP. +
++ Tobias Klein discovered that Mantis contains several vulnerabilities, + including: +
++ An attacker could possibly exploit the file upload vulnerability to + execute arbitrary script code, and the SQL injection vulnerability to + access or modify sensitive information from the Mantis database. + Furthermore, the cross-site scripting and HTTP response splitting may + allow an attacker to inject and execute malicious script code or to + steal cookie-based authentication credentials, potentially compromising + the victim's browser. +
++ There is no known workaround at this time. +
++ All Mantis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.4"
+ + Dropbear is an SSH server and client with a small memory + footprint. +
++ Under certain conditions Dropbear could fail to allocate a + sufficient amount of memory, possibly resulting in a buffer overflow. +
++ By sending specially crafted data to the server, authenticated + users could exploit this vulnerability to execute arbitrary code with + the permissions of the SSH server user, which is the root user by + default. +
++ There is no known workaround at this time. +
++ All Dropbear users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dropbear-0.47"
+ + The NBD Tools are the Network Block Device utilities allowing one + to use remote block devices over a TCP/IP network. It includes a + userland NBD server. +
++ Kurt Fitzner discovered that the NBD server allocates a request + buffer that fails to take into account the size of the reply header. +
++ A remote attacker could send a malicious request that can result + in the execution of arbitrary code with the rights of the NBD server. +
++ There is no known workaround at this time. +
++ All NBD Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-block/nbd-2.8.2-r1"
+ + rssh is a restricted shell, allowing only a few commands like scp + or sftp. It is often used as a complement to OpenSSH to provide limited + access to users. +
++ Max Vozeler discovered that the rssh_chroot_helper command allows + local users to chroot into arbitrary directories. +
++ A local attacker could exploit this vulnerability to gain root + privileges by chrooting into arbitrary directories. +
++ There is no known workaround at this time. +
++ All rssh users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.0"
+ + OpenMotif provides a free version of the Motif toolkit for open source + applications. The OpenMotif libraries are included in the AMD64 x86 + emulation X libraries, which emulate the x86 (32-bit) architecture on + the AMD64 (64-bit) architecture. +
++ xfocus discovered two potential buffer overflows in the libUil library, + in the diag_issue_diagnostic and open_source_file functions. +
++ Remotely-accessible or SUID applications making use of the affected + functions might be exploited to execute arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All OpenMotif users should upgrade to an unaffected version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --unmerge --verbose x11-libs/openmotif
+ # emerge --ask --oneshot --verbose x11-libs/openmotif
+ + All AMD64 x86 emulation X libraries users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-xlibs
+ + scponly is a restricted shell, allowing only a few predefined commands. + It is often used as a complement to OpenSSH to provide access to remote + users without providing any remote execution privileges. +
++ Max Vozeler discovered that the scponlyc command allows users to chroot + into arbitrary directories. Furthermore, Pekka Pessi reported that + scponly insufficiently validates command-line parameters to a scp or + rsync command. +
++ A local attacker could gain root privileges by chrooting into arbitrary + directories containing hardlinks to setuid programs. A remote scponly + user could also send malicious parameters to a scp or rsync command + that would allow to escape the shell restrictions and execute arbitrary + programs. +
++ There is no known workaround at this time. +
++ All scponly users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/scponly-4.2"
+ + XnView is an efficient multimedia viewer, browser and converter, + distributed free for non-commercial use. +
++ Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for + IA32 used the DT_RPATH field insecurely, causing the dynamic loader to + search for shared libraries in potentially untrusted directories. +
++ A local attacker could create a malicious shared object that would be + loaded and executed when a user attempted to use an XnView utility. + This would allow a malicious user to effectively hijack XnView and + execute arbitrary code with the privileges of the user running the + program. +
++ The system administrator may use the chrpath utility to remove the + DT_RPATH field from the XnView utilities: +
+
+ # emerge app-admin/chrpath
+ # chrpath --delete /opt/bin/nconvert /opt/bin/nview /opt/bin/xnview
+ + All XnView users on the x86 platform should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/xnview-1.70-r1"
+ + pinentry is a collection of simple PIN or passphrase entry dialogs + which utilize the Assuan protocol. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team has + discovered that the pinentry ebuild incorrectly sets the permissions of + the pinentry binaries upon installation, so that the sgid bit is set + making them execute with the privileges of group ID 0. +
++ A user of pinentry could potentially read and overwrite files with + a group ID of 0. +
++ There is no known workaround at this time. +
++ All pinentry users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/pinentry-0.7.2-r2"
+ + KPdf is a KDE-based PDF viewer included in the kdegraphics package. + KWord is a KDE-based word processor also included in the koffice + package. +
++ KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf + code is vulnerable to several heap overflows (GLSA 200512-08) as well + as several buffer and integer overflows discovered by Chris Evans + (CESA-2005-003). +
++ An attacker could entice a user to open a specially crafted PDF file + with Kpdf or KWord, potentially resulting in the execution of arbitrary + code with the rights of the user running the affected application. +
++ There is no known workaround at this time. +
++ All kdegraphics users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r3"
+ + All Kpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r3"
+ + All KOffice users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.2-r6"
+ + All KWord users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.2-r6"
+ + HylaFAX is an enterprise-class system for sending and receiving + facsimile messages and for sending alpha-numeric pages. +
++ Patrice Fournier discovered that HylaFAX runs the notify script on + untrusted user input. Furthermore, users can log in without a password + when HylaFAX is installed with the pam USE-flag disabled. +
++ An attacker could exploit the input validation vulnerability to + run arbitrary code as the user running HylaFAX, which is usually uucp. + The password vulnerability could be exploited to log in without proper + user credentials. +
++ There is no known workaround at this time. +
++ All HylaFAX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.3-r1"
+ + VMware Workstation is a powerful virtual machine for developers and + system administrators. +
++ Tim Shelton discovered that vmnet-natd, the host module providing + NAT-style networking for VMware guest operating systems, is unable to + process incorrect 'EPRT' and 'PORT' FTP requests. +
++ Malicious guest operating systems using the NAT networking feature or + local VMware Workstation users could exploit this vulnerability to + execute arbitrary code on the host system with elevated privileges. +
+
+ Disable the NAT service by following the instructions at
+ All VMware Workstation users should upgrade to a fixed version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose app-emulation/vmware-workstation
+ + mod_auth_pgsql is an Apache2 module that allows user authentication + against a PostgreSQL database. +
++ The error logging functions of mod_auth_pgsql fail to validate certain + strings before passing them to syslog, resulting in format string + vulnerabilities. +
++ An unauthenticated remote attacker could exploit these vulnerabilities + to execute arbitrary code with the rights of the user running the + Apache2 server by sending specially crafted login names. +
++ There is no known workaround at this time. +
++ All mod_auth_pgsql users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_auth_pgsql-2.0.3"
+ + xine is a GPL high-performance, portable and reusable multimedia + playback engine. xine-lib is xine's core engine. FFmpeg is a very fast + video and audio converter and is used in xine-lib. +
++ Simon Kilvington has reported a vulnerability in FFmpeg + libavcodec. The flaw is due to a buffer overflow error in the + "avcodec_default_get_buffer()" function. This function doesn't properly + handle specially crafted PNG files as a result of a heap overflow. +
++ A remote attacker could entice a user to run an FFmpeg based + application on a maliciously crafted PNG file, resulting in the + execution of arbitrary code with the permissions of the user running + the application. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.1-r3"
+ + All FFmpeg users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20051216"
+ + ClamAV is a GPL virus scanner. +
++ Zero Day Initiative (ZDI) reported a heap buffer overflow + vulnerability. The vulnerability is due to an incorrect boundary check + of the user-supplied data prior to copying it to an insufficiently + sized memory buffer. The flaw occurs when the application attempts to + handle compressed UPX files. +
++ For example by sending a maliciously crafted UPX file into a mail + server that is integrated with ClamAV, a remote attacker's supplied + code could be executed with escalated privileges. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88"
+ + Blender is an open source software for 3D modeling, animation, + rendering, post-production, interactive creation and playback. +
++ Damian Put has reported a flaw due to an integer overflow in the + "get_bhead()" function, leading to a heap overflow when processing + malformed ".blend" files. +
++ A remote attacker could entice a user into opening a specially + crafted ".blend" file, resulting in the execution of arbitrary code + with the permissions of the user running Blender. +
++ There is no known workaround at this time. +
++ All Blender users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.40"
+ + Wine is a free implementation of Windows APIs for Unix-like systems. +
++ H D Moore discovered that Wine implements the insecure-by-design + SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. +
++ An attacker could entice a user to open a specially crafted Windows + Metafile (WMF) file from within a Wine executed Windows application, + possibly resulting in the execution of arbitrary code with the rights + of the user running Wine. +
++ There is no known workaround at this time. +
++ All Wine users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0"
+ + Sun and Blackdown both provide implementations of the Java + Development Kit (JDK) and Java Runtime Environment (JRE). +
++ Adam Gowdiak discovered multiple vulnerabilities in the Java + Runtime Environment's Reflection APIs that may allow untrusted applets + to elevate privileges. +
++ A remote attacker could embed a malicious Java applet in a web + page and entice a victim to view it. This applet can then bypass + security restrictions and execute any command or access any file with + the rights of the user running the web browser. +
++ There are no known workarounds at this time. +
++ All Sun JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.09"
+ + All Sun JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.09"
+ + All Blackdown JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.03"
+ + All Blackdown JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.03"
+ + Note to SPARC and PPC users: There is no stable secure + Blackdown Java for the SPARC or PPC architectures. Affected users on + the PPC architecture should consider switching to the IBM Java packages + (ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should + remove the package until a SPARC package is released. +
++ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. kjs is the javascript interpreter used in + Konqueror and other parts of KDE. +
++ Maksim Orlovich discovered an incorrect bounds check in kjs when + handling URIs. +
++ By enticing a user to load a specially crafted webpage containing + malicious javascript, an attacker could execute arbitrary code with the + rights of the user running kjs. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdelibs-3.4.3-r1
+ + Trac is a minimalistic web-based project management, wiki and bug + tracking system including a Subversion interface. +
++ Christophe Truc discovered that Trac fails to properly sanitize + input passed in the URL. +
++ A remote attacker could exploit this to inject and execute + malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +
++ There is no known workaround at this time. +
++ All Trac users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/trac-0.9.3"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ Gallery is a web application written in PHP which is used to + organize and publish photo albums. It allows multiple users to build + and maintain their own albums. It also supports the mirroring of images + on other servers. +
++ Peter Schumacher discovered that Gallery fails to sanitize the + fullname set by users, possibly leading to a cross-site scripting + vulnerability. +
++ By setting a specially crafted fullname, an attacker can inject + and execute script code in the victim's browser window and potentially + compromise the user's gallery. +
++ There is no known workaround at this time. +
++ All Gallery users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.2"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ LibAST is a utility library that was originally intended to accompany + Eterm, but may be used by various other applications. +
++ Michael Jennings discovered an exploitable buffer overflow in the + configuration engine of LibAST. +
++ The vulnerability can be exploited to gain escalated privileges if the + application using LibAST is setuid/setgid and passes a specifically + crafted filename to LibAST's configuration engine. +
++ Identify all applications linking against LibAST and verify they are + not setuid/setgid. +
++ All users should upgrade to the latest version and run revdep-rebuild: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libast-0.7"
+ # revdep-rebuild
+ + Paros is an intercepting proxy between a web server and a client + meant to be used for security assessments. It allows the user to watch + and modify the HTTP(S) traffic. +
++ Andrew Christensen discovered that in older versions of Paros the + database component HSQLDB is installed with an empty password for the + database administrator "sa". +
++ Since the database listens globally by default, an attacker can + connect and issue arbitrary commands, including execution of binaries + installed on the host. +
++ There is no known workaround at this time. +
++ All Paros users should upgrade to the latest version: +
+
+ # emerge --snyc
+ # emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8"
+ + MyDNS is a DNS server using a MySQL database as a backend. It is + designed to allow for fast updates and small resource usage. +
++ MyDNS contains an unspecified flaw that may allow a remote Denial + of Service. +
++ An attacker could cause a Denial of Service by sending malformed + DNS queries to the MyDNS server. +
++ There is no known workaround at this time. +
++ All MyDNS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/mydns-1.1.0"
+ + Xpdf is a PDF file viewer that runs under the X Window System. + Poppler is a PDF rendering library based on the Xpdf 3.0 code base. + GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. + libextractor is a library which includes Xpdf code to extract arbitrary + meta-data from files. pdftohtml is a utility to convert PDF files to + HTML or XML formats that makes use of Xpdf code to decode PDF files. +
++ Chris Evans has reported some integer overflows in Xpdf when + attempting to calculate buffer sizes for memory allocation, leading to + a heap overflow and a potential infinite loop when handling malformed + input files. +
++ By sending a specially crafted PDF file to a victim, an attacker + could cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5"
+ + All Poppler users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4"
+ + All GPdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3"
+ + All libextractor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9"
+ + All pdftohtml users should migrate to the latest stable version + of Poppler. +
++ The GStreamer FFmpeg plugin uses code from the FFmpeg library to + provide fast colorspace conversion and multimedia decoders to the + GStreamer open source media framework. +
++ The GStreamer FFmpeg plugin contains derived code from the FFmpeg + library, which is vulnerable to a heap overflow in the + "avcodec_default_get_buffer()" function discovered by Simon Kilvington + (see GLSA 200601-06). +
++ A remote attacker could entice a user to run an application using + the GStreamer FFmpeg plugin on a maliciously crafted PIX_FMT_PAL8 + format image file (like PNG images), possibly leading to the execution + of arbitrary code with the permissions of the user running the + application. +
++ There is no known workaround at this time. +
++ All GStreamer FFmpeg plugin users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-ffmpeg-0.8.7-r1"
+ + ADOdb is an abstraction library for PHP creating a common API for + a wide range of database backends. +
++ Andy Staudacher discovered that ADOdb does not properly sanitize + all parameters. +
++ By sending specifically crafted requests to an application that + uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw + to execute arbitrary SQL queries on the host. +
++ There is no known workaround at this time. +
++ All ADOdb users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71"
+ + The Apache HTTP server is one of the most popular web servers on the + Internet. mod_imap provides support for server-side image maps; mod_ssl + provides secure HTTP connections. +
++ Apache's mod_imap fails to properly sanitize the "Referer" directive of + imagemaps in some cases, leaving the HTTP Referer header unescaped. A + flaw in mod_ssl can lead to a NULL pointer dereference if the site uses + a custom "Error 400" document. These vulnerabilities were reported by + Marc Cox and Hartmut Keil, respectively. +
++ A remote attacker could exploit mod_imap to inject arbitrary HTML or + JavaScript into a user's browser to gather sensitive information. + Attackers could also cause a Denial of Service on hosts using the SSL + module (Apache 2.0.x only). +
++ There is no known workaround at this time. +
++ All Apache users should upgrade to the latest version, depending on + whether they still use the old configuration style + (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf). +
++ 2.0.x users, new style config: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.55-r1"
+ + 2.0.x users, old style config: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=www-servers/apache-2.0.54-r16"
+ + 1.x users, new style config: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=www-servers/apache-1.3.34-r11"
+ + 1.x users, old style config: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=www-servers/apache-1.3.34-r2"
+ + Xpdf is a PDF file viewer that runs under the X Window System. + Poppler is a PDF rendering library based on the Xpdf 3.0 code base. +
++ Dirk Mueller has reported a vulnerability in Xpdf. It is caused by + a missing boundary check in the splash rasterizer engine when handling + PDF splash images with overly large dimensions. +
++ By sending a specially crafted PDF file to a victim, an attacker + could cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r7"
+ + All Poppler users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.5.0-r4"
+ +
++ KPdf is a KDE-based PDF viewer included in the kdegraphics + package. +
++ KPdf includes Xpdf code to handle PDF files. Dirk Mueller + discovered that the Xpdf code is vulnerable a heap based overflow in + the splash rasterizer engine. +
++ An attacker could entice a user to open a specially crafted PDF + file with Kpdf, potentially resulting in the execution of arbitrary + code with the rights of the user running the affected application. +
++ There is no known workaround at this time. +
++ All kdegraphics users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r4"
+ + All Kpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r4"
+ + ImageMagick is an application suite to manipulate and convert + images. It is often used as a utility backend by web applications like + forums, content management systems or picture galleries. +
++ The SetImageInfo function was found vulnerable to a format string + mishandling. Daniel Kobras discovered that the handling of "%"-escaped + sequences in filenames passed to the function is inadequate. This is a + new vulnerability that is not addressed by GLSA 200503-11. +
++ By feeding specially crafted file names to ImageMagick, an + attacker can crash the program and possibly execute arbitrary code with + the privileges of the user running ImageMagick. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.5.5"
+ + Sun's JDK and JRE provide interpreters for Java Applets in a + sandboxed environment. These implementations provide the Java Web Start + technology that can be used for easy client-side deployment of Java + applications. +
++ Applets executed using JRE or JDK can use "reflection" APIs + functions to elevate its privileges beyond the sandbox restrictions. + Adam Gowdiak discovered five vulnerabilities that use this method for + privilege escalation. Two more vulnerabilities were discovered by the + vendor. Peter Csepely discovered that Web Start Java applications also + can an escalate their privileges. +
++ A malicious Java applet can bypass Java sandbox restrictions and + hence access local files, connect to arbitrary network locations and + execute arbitrary code on the user's machine. Java Web Start + applications are affected likewise. +
++ Select another Java implementation using java-config. +
++ All Sun JDK users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.10"
+ + All Sun JRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.10"
+ + Libtasn1 is a library used to parse ASN.1 (Abstract Syntax + Notation One) objects, and perform DER (Distinguished Encoding Rules) + decoding. Libtasn1 is included with the GNU TLS library, which is used + by applications to provide a cryptographically secure communications + channel. +
++ Evgeny Legerov has reported a flaw in the DER decoding routines + provided by libtasn1, which could cause an out of bounds access to + occur. +
++ A remote attacker could cause an application using libtasn1 to + crash and potentially execute arbitrary code by sending specially + crafted input. +
++ There is no known workaround at this time. +
++ All libtasn1 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-0.2.18"
+ + All GNU TLS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-1.2.10"
+ + BomberClone is a remake of the classic game "BomberMan". It + supports multiple players via IP network connection. +
++ Stefan Cornelius of the Gentoo Security team discovered multiple + missing buffer checks in BomberClone's code. +
++ By sending overly long error messages to the game via network, a + remote attacker may exploit buffer overflows to execute arbitrary code + with the rights of the user running BomberClone. +
++ There is no known workaround at this time. +
++ All BomberClone users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-action/bomberclone-0.11.6.2-r1"
+ + GnuPG (The GNU Privacy Guard) is a free replacement for PGP + (Pretty Good Privacy). As GnuPG does not rely on any patented + algorithms, it can be used without any restrictions. gpgv is the + OpenPGP signature verification tool provided by the GnuPG system. +
++ Tavis Ormandy of the Gentoo Linux Security Auditing Team + discovered that automated systems relying on the return code of GnuPG + or gpgv to authenticate digital signatures may be misled by malformed + signatures. GnuPG documentation states that a return code of zero (0) + indicates success, however gpg and gpgv may also return zero if no + signature data was found in a detached signature file. +
++ An attacker may be able to bypass authentication in automated + systems relying on the return code of gpg or gpgv to authenticate + digital signatures. +
++ There is no known workaround at this time. +
++ All GnuPG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.2.1"
+ + OpenSSH is a free application suite consisting of server and + clients that replace tools like telnet, rlogin, rcp and ftp with more + secure versions offering additional functionality. Dropbear is an SSH + server and client designed with a small memory footprint that includes + OpenSSH scp code. +
++ To copy from a local filesystem to another local filesystem, scp + constructs a command line using 'cp' which is then executed via + system(). Josh Bressers discovered that special characters are not + escaped by scp, but are simply passed to the shell. +
++ By tricking other users or applications to use scp on maliciously + crafted filenames, a local attacker user can execute arbitrary commands + with the rights of the user running scp. +
++ There is no known workaround at this time. +
++ All OpenSSH users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.2_p1-r1"
+ + All Dropbear users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dropbear-0.47-r1"
+ + GPdf is a Gnome PDF viewer. +
++ Dirk Mueller found a heap overflow vulnerability in the XPdf + codebase when handling splash images that exceed size of the associated + bitmap. +
++ An attacker could entice a user to open a specially crafted PDF + file with GPdf, potentially resulting in the execution of arbitrary + code with the rights of the user running the affected application. +
++ There is no known workaround at this time. +
++ All GPdf users should upgrade to the latest version. +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r4"
+ + GraphicsMagick is a collection of tools to read, write and + manipulate images in many formats. +
++ The SetImageInfo function was found vulnerable to a format string + mishandling. Daniel Kobras discovered that the handling of "%"-escaped + sequences in filenames passed to the function is inadequate in + ImageMagick GLSA 200602-06 and the same vulnerability exists in + GraphicsMagick. +
++ By feeding specially crafted file names to GraphicsMagick an + attacker can crash the program and possibly execute arbitrary code with + the privileges of the user running GraphicsMagick. +
++ There is no known workaround at this time. +
++ All GraphicsMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.7"
+ + noweb is a simple, extensible, and language independent literate + programming tool. +
++ Javier Fernandez-Sanguino has discovered that the lib/toascii.nw + and shell/roff.mm scripts insecurely create temporary files with + predictable filenames. +
++ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + an affected script is called, this would result in the file being + overwritten with the rights of the user running the script. +
++ There is no known workaround at this time. +
++ All noweb users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/noweb-2.9-r5"
+ + WordPress is a PHP and MySQL based content management and + publishing system. +
++ Patrik Karlsson reported that WordPress 1.5.2 makes use of an + insufficiently filtered User Agent string in SQL queries related to + comments posting. This vulnerability was already fixed in the + 2.0-series of WordPress. +
++ An attacker could send a comment with a malicious User Agent + parameter, resulting in SQL injection and potentially in the subversion + of the WordPress database. This vulnerability wouldn't affect WordPress + sites which do not allow comments or which require that comments go + through a moderator. +
++ Disable or moderate comments on your WordPress blogs. +
++ All WordPress users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.1"
+ + teTex is a complete TeX distribution. It is used for creating and + manipulating LaTeX documents. CSTeX is a TeX distribution with Czech + and Slovak support. pTeX is and ASCII publishing TeX distribution. +
++ CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This + XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as + well as several buffer and integer overflows discovered by Chris Evans + (CESA-2005-003). +
++ An attacker could entice a user to open a specially crafted PDF + file with teTeX, pTeX or CSTeX, potentially resulting in the execution + of arbitrary code with the rights of the user running the affected + application. +
++ There is no known workaround at this time. +
++ All teTex users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8"
+ + All CSTeX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2"
+ + All pTeX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1"
+ + MPlayer is a media player capable of handling multiple multimedia file + formats. +
++ MPlayer makes use of the FFmpeg library, which is vulnerable to a heap + overflow in the avcodec_default_get_buffer() function discovered by + Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security + Research discovered two integer overflows in ASF file format decoding, + in the new_demux_packet() function from libmpdemux/demuxer.h and the + demux_asf_read_packet() function from libmpdemux/demux_asf.c. +
++ An attacker could craft a malicious media file which, when opened using + MPlayer, would lead to a heap-based buffer overflow. This could result + in the execution of arbitrary code with the permissions of the user + running MPlayer. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060217"
+ + IMAP Proxy (also known as up-imapproxy) proxies IMAP transactions + between an IMAP client and an IMAP server. +
++ Steve Kemp discovered two format string errors in IMAP Proxy. +
++ A remote attacker could design a malicious IMAP server and entice + someone to connect to it using IMAP Proxy, resulting in the execution + of arbitrary code with the rights of the victim user. +
++ Only connect to trusted IMAP servers using IMAP Proxy. +
++ All IMAP Proxy users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/up-imapproxy-1.2.4"
+ + zoo is a file archiving utility for maintaining collections of + files, written by Rahul Dhesi. +
++ Jean-Sebastien Guay-Leroux discovered a boundary error in the + fullpath() function in misc.c when processing overly long file and + directory names in ZOO archives. +
++ An attacker could craft a malicious ZOO archive and entice someone + to open it using zoo. This would trigger a stack-based buffer overflow + and potentially allow execution of arbitrary code with the rights of + the victim user. +
++ There is no known workaround at this time. +
++ All zoo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/zoo-2.10-r1"
+ + GNU tar is the standard GNU utility for creating and manipulating + tar archives, a common format used for creating backups and + distributing files on UNIX-like systems. +
++ Jim Meyering discovered a flaw in the handling of certain header + fields that could result in a buffer overflow when extracting or + listing the contents of an archive. +
++ A remote attacker could construct a malicious tar archive that + could potentially execute arbitrary code with the privileges of the + user running GNU tar. +
++ There is no known workaround at this time. +
++ All GNU tar users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/tar-1.15.1-r1"
+ + flex is a programming tool used to generate scanners (programs + which recognize lexical patterns in text). +
++ Chris Moore discovered a buffer overflow in a special class of + lexicographical scanners generated by flex. Only scanners generated by + grammars which use either REJECT, or rules with a "variable trailing + context" might be at risk. +
++ An attacker could feed malicious input to an application making + use of an affected scanner and trigger the buffer overflow, potentially + resulting in the execution of arbitrary code. +
++ Avoid using vulnerable grammar in your flex scanners. +
++ All flex users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/flex-2.5.33-r1"
+ + The GNU Privacy Guard, GnuPG, is a free replacement for the PGP + suite of cryptographic software that may be used without restriction, + as it does not rely on any patented algorithms. GnuPG can be used to + digitally sign messages, a method of ensuring the authenticity of a + message using public key cryptography. +
++ OpenPGP is the standard that defines the format of digital + signatures supported by GnuPG. OpenPGP signatures consist of multiple + sections, in a strictly defined order. Tavis Ormandy of the Gentoo + Linux Security Audit Team discovered that certain illegal signature + formats could allow signed data to be modified without detection. GnuPG + has previously attempted to be lenient when processing malformed or + legacy signature formats, but this has now been found to be insecure. +
++ A remote attacker may be able to construct or modify a + digitally-signed message, potentially allowing them to bypass + authentication systems, or impersonate another user. +
++ There is no known workaround at this time. +
++ All GnuPG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.2.2"
+ + SquirrelMail is a webmail package written in PHP. It supports IMAP + and SMTP protocols. +
++ SquirrelMail does not validate the right_frame parameter in + webmail.php, possibly allowing frame replacement or cross-site + scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered + that MagicHTML fails to handle certain input correctly, potentially + leading to cross-site scripting (only Internet Explorer, + CVE-2006-0195). Vicente Aguilera reported that the + sqimap_mailbox_select function did not strip newlines from the mailbox + or subject parameter, possibly allowing IMAP command injection + (CVE-2006-0377). +
++ By exploiting the cross-site scripting vulnerabilities, an + attacker can execute arbitrary scripts running in the context of the + victim's browser. This could lead to a compromise of the user's webmail + account, cookie theft, etc. A remote attacker could exploit the IMAP + command injection to execute arbitrary IMAP commands on the configured + IMAP server. +
++ There is no known workaround at this time. +
++ All SquirrelMail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.6"
+ + Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +
++ Cube is an open source first person shooter game engine supporting + multiplayer via LAN or internet. +
++ Luigi Auriemma reported that Cube is vulnerable to a buffer + overflow in the sgetstr() function (CVE-2006-1100) and that the + sgetstr() and getint() functions fail to verify the length of the + supplied argument, possibly leading to the access of invalid memory + regions (CVE-2006-1101). Furthermore, he discovered that a client + crashes when asked to load specially crafted mapnames (CVE-2006-1102). +
++ A remote attacker could exploit the buffer overflow to execute + arbitrary code with the rights of the user running cube. An attacker + could also exploit the other vulnerabilities to crash a Cube client or + server, resulting in a Denial of Service. +
++ Play solo games or restrict your multiplayer games to trusted + parties. +
++ Upstream stated that there will be no fixed version of Cube, thus + the Gentoo Security Team decided to hardmask Cube for security reasons. + All Cube users are encouraged to uninstall Cube: +
+
+ # emerge --ask --unmerge games-fps/cube
+ + Freeciv is an open source turn-based multiplayer strategy game, + similar to the famous Civilization series. +
++ Luigi Auriemma discovered that Freeciv could be tricked into the + allocation of enormous chunks of memory when trying to uncompress + malformed data packages, possibly leading to an out of memory condition + which causes Freeciv to crash or freeze. +
++ A remote attacker could exploit this issue to cause a Denial of + Service by sending specially crafted data packages to the Freeciv game + server. +
++ Play solo games or restrict your multiplayer games to trusted + parties. +
++ All Freeciv users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-strategy/freeciv-2.0.8"
+ + zoo is a file archiving utility for maintaining collections of + files, written by Rahul Dhesi. +
++ zoo is vulnerable to a new buffer overflow due to insecure use of + the strcpy() function when trying to create an archive from certain + directories or filenames. +
++ An attacker could exploit this issue by enticing a user to create + a zoo archive of specially crafted directories and filenames, possibly + leading to the execution of arbitrary code with the rights of the user + running zoo. +
++ There is no known workaround at this time. +
++ All zoo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/zoo-2.10-r2"
+ + PEAR-Auth is a PEAR package that provides methods to create a PHP + based authentication system. +
++ Matt Van Gundy discovered that PEAR-Auth did not correctly + validate data passed to the DB and LDAP containers. +
++ A remote attacker could possibly exploit this vulnerability to + bypass the authentication mechanism by injecting specially crafted + input to the underlying storage containers. +
++ There is no known workaround at this time. +
++ All PEAR-Auth users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Auth-1.2.4"
+ + Heimdal is a free implementation of Kerberos 5. +
++ An unspecified privilege escalation vulnerability in the rshd + server of Heimdal has been reported. +
++ Authenticated users could exploit the vulnerability to escalate + privileges or to change the ownership and content of arbitrary files. +
++ There is no known workaround at this time. +
++ All Heimdal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2"
+ + Crypt::CBC is a Perl module to encrypt data using cipher block + chaining (CBC). +
++ Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes + long initializiation vectors correctly when running in the RandomIV + mode, resulting in a weaker encryption because the second part of every + block will always be encrypted with zeros if the blocksize of the + cipher is greater than 8 bytes. +
++ An attacker could exploit weak ciphertext produced by Crypt::CBC + to bypass certain security restrictions or to gain access to sensitive + data. +
++ There is no known workaround at this time. +
++ All Crypt::CBC users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/crypt-cbc-2.17"
+ + Metamail is a program that decodes MIME encoded mail. +
++ Ulf Harnhammar discovered a buffer overflow in Metamail when + processing mime boundraries. +
++ By sending a specially crafted email, attackers could potentially + exploit this vulnerability to crash Metamail or to execute arbitrary + code. +
++ There is no known workaround at this time. +
++ All Metamail users should update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/metamail-2.7.45.3-r1"
+ + PeerCast is a Peer to Peer broadcasting technology for listening + to radio and watching video on the Internet. +
++ INFIGO discovered a problem in the URL handling code. Buffers that + are allocated on the stack can be overflowed inside of nextCGIarg() + function. +
++ By sending a specially crafted request to the HTTP server, a + remote attacker can cause a stack overflow, resulting in the execution + of arbitrary code. +
++ There is no known workaround at this time. +
++ All PeerCast users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1217"
+ + Pngcrush is an optimizer for PNG files. +
++ Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a + vulnerable version of zlib (GLSA 200507-19). +
++ By creating a specially crafted data stream, attackers can + overwrite data structures for applications that use Pngcrush, resulting + in a Denial of Service and potentially arbitrary code execution. +
++ There is no known workaround at this time. +
++ All Pngcrush users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/pngcrush-1.6.2"
+ + cURL is a command line tool for transferring files with URL + syntax, supporting numerous protocols. libcurl is the corresponding + client-side library. +
++ Ulf Harnhammar reported a possible buffer overflow in the handling + of TFTP URLs in libcurl due to the lack of boundary checks. +
++ An attacker could exploit this vulnerability to compromise a + user's system by enticing the user to request a malicious URL with + cURL/libcurl or to use a HTTP server redirecting to a malicious TFTP + URL. +
++ There is no known workaround at this time. +
++ All cURL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.1-r1"
+ + The Macromedia Flash Player is a renderer for the popular SWF + filetype which is commonly used to provide interactive websites, + digital experiences and mobile content. +
++ The Macromedia Flash Player contains multiple unspecified + vulnerabilities. +
++ An attacker serving a maliciously crafted SWF file could entice a + user to view the SWF file and execute arbitrary code on the user's + machine. +
++ There is no known workaround at this time. +
++ All Macromedia Flash Player users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-7.0.63"
+ + Sendmail is a popular mail transfer agent (MTA). +
++ ISS discovered that Sendmail is vulnerable to a race condition in + the handling of asynchronous signals. +
++ An attacker could exploit this via certain crafted timing + conditions. +
++ There is no known workaround at this time. +
++ All Sendmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6"
+ + PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run on a web server with the mod_php + module or the CGI version and also stand-alone in a CLI. +
++ Stefan Esser of the Hardened PHP project has reported a few + vulnerabilities found in PHP: +
++ By sending a specially crafted request, a remote attacker can + exploit this vulnerability to inject arbitrary HTTP headers, which will + be included in the response sent to the user. The format string + vulnerability may be exploited to execute arbitrary code. +
++ There is no known workaround at this time. +
++ All PHP 5.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.2"
+ + All PHP 4.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.2"
+ + NetHack is the classic single player dungeon exploration game. Slash'EM + and Falcon's Eye are NetHack variants. +
++ NetHack, Slash'EM and Falcon's Eye have been found to be incompatible + with the system used for managing games on Gentoo Linux. As a result, + they cannot be played securely on systems with multiple users. +
++ A local user who is a member of group "games" may be able to modify the + state data used by NetHack, Slash'EM or Falcon's Eye to trigger the + execution of arbitrary code with the privileges of other players. + Additionally, the games may create save game files in a manner not + suitable for use on Gentoo Linux, potentially allowing a local user to + create or overwrite files with the permissions of other players. +
++ Do not add untrusted users to the "games" group. +
++ NetHack has been masked in Portage pending the resolution of these + issues. Vulnerable NetHack users are advised to uninstall the package + until further notice. +
+
+ # emerge --ask --verbose --unmerge "games-roguelike/nethack"
+ + Slash'EM has been masked in Portage pending the resolution of these + issues. Vulnerable Slash'EM users are advised to uninstall the package + until further notice. +
+
+ # emerge --ask --verbose --unmerge "games-roguelike/slashem"
+ + Falcon's Eye has been masked in Portage pending the resolution of these + issues. Vulnerable Falcon's Eye users are advised to uninstall the + package until further notice. +
+
+ # emerge --ask --verbose --unmerge "games-roguelike/falconseye"
+ + RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +
++ RealPlayer is vulnerable to a buffer overflow when processing + malicious SWF files. +
++ By enticing a user to open a specially crafted SWF file an + attacker could execute arbitrary code with the permissions of the user + running the application. +
++ There is no known workaround at this time. +
++ All RealPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.7"
+ + OpenOffice.org is an office productivity suite, including word + processing, spreadsheet, presentation, data charting, formula editing + and file conversion facilities. libcurl, which is included in + OpenOffice.org, is a free and easy-to-use client-side library for + transferring files with URL syntaxes, supporting numerous protocols. +
++ OpenOffice.org includes libcurl code. This libcurl code is + vulnerable to a heap overflow when it tries to parse a URL that exceeds + a 256-byte limit (GLSA 200512-09). +
++ An attacker could entice a user to call a specially crafted URL + with OpenOffice.org, potentially resulting in the execution of + arbitrary code with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All OpenOffice.org binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.0.2"
+ + All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.1-r1"
+ + bsd-games is a collection of NetBSD games ported to Linux. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + the checkscores() function in scores.c reads in the data from the + /var/games/tetris-bsd.scores file without validation, rendering it + vulnerable to buffer overflows and incompatible with the system used + for managing games on Gentoo Linux. As a result, it cannot be played + securely on systems with multiple users. Please note that this is + probably a Gentoo-specific issue. +
++ A local user who is a member of group "games" may be able to modify the + tetris-bsd.scores file to trigger the execution of arbitrary code with + the privileges of other players. +
++ Do not add untrusted users to the "games" group. +
++ All bsd-games users are advised to update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-misc/bsd-games-2.17-r1"
+ + MediaWiki is a collaborative editing software, used by big + projects like Wikipedia. +
++ MediaWiki fails to decode certain encoded URLs correctly. +
++ By supplying specially crafted links, a remote attacker could + exploit this vulnerability to inject malicious HTML or JavaScript code + that will be executed in a user's browser session in the context of the + vulnerable site. +
++ There is no known workaround at this time. +
++ All MediaWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.4.15"
+ + The Horde Application Framework is a general-purpose web + application framework written in PHP, providing classes for handling + preferences, compression, browser detection, connection tracking, MIME + and more. +
++ Jan Schneider of the Horde team discovered a vulnerability in the + help viewer of the Horde Application Framework that could allow remote + code execution (CVE-2006-1491). Paul Craig reported that + "services/go.php" fails to validate the passed URL parameter correctly + (CVE-2006-1260). +
++ An attacker could exploit the vulnerability in the help viewer to + execute arbitrary code with the privileges of the web server user. By + embedding a NULL character in the URL parameter, an attacker could + exploit the input validation issue in go.php to read arbitrary files. +
++ There are no known workarounds at this time. +
++ All Horde Application Framework users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.1"
+ + FreeRADIUS is an open source RADIUS authentication server + implementation. +
++ FreeRADIUS suffers from insufficient input validation in the + EAP-MSCHAPv2 state machine. +
++ An attacker could cause the server to bypass authentication checks + by manipulating the EAP-MSCHAPv2 client state machine. +
++ There is no known workaround at this time. +
++ All FreeRADIUS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.1"
+ + Kaffeine is a graphical front-end for the xine-lib multimedia + library. +
++ Kaffeine uses an unchecked buffer when fetching remote RAM + playlists via HTTP. +
++ A remote attacker could entice a user to play a specially-crafted + RAM playlist resulting in the execution of arbitrary code with the + permissions of the user running the application. +
++ There is no known workaround at this time. +
++ All Kaffeine users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.7.1-r2"
+ + Doomsday is a modern gaming engine for popular ID games like Doom, + Heretic and Hexen. +
++ Luigi Auriemma discovered that Doomsday incorrectly implements + formatted printing. +
++ A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the rights of the user running the Doomsday server + or client by sending specially crafted strings. +
++ There is no known workaround at this time. +
++ All Doomsday users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-fps/doomsday-1.9.0_beta4"
+ + ClamAV is a GPL virus scanner. +
++ ClamAV contains format string vulnerabilities in the logging code + (CVE-2006-1615). Furthermore Damian Put discovered an integer overflow + in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered + that ClamAV can be tricked into performing an invalid memory access + (CVE-2006-1630). +
++ By sending a malicious attachment to a mail server running ClamAV, + a remote attacker could cause a Denial of Service or the execution of + arbitrary code. Note that the overflow in the PE header parser is only + exploitable when the ArchiveMaxFileSize option is disabled. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.1"
+ + Cacti is a complete web-based frontend to rrdtool. ADOdb is a + PHP-based database abstraction layer which is included in Cacti. +
++ Several vulnerabilities have been identified in the copy of ADOdb + included in Cacti. Andreas Sandblad discovered a dynamic code + evaluation vulnerability (CVE-2006-0147) and a potential SQL injection + vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL + injection vulnerability (CVE-2006-0410), and Gulftech Security + discovered multiple cross-site-scripting issues (CVE-2006-0806). +
++ Remote attackers could trigger these vulnerabilities by sending + malicious queries to the Cacti web application, resulting in arbitrary + code execution, database compromise through arbitrary SQL execution, + and malicious HTML or JavaScript code injection. +
++ There is no known workaround at this time. +
++ All Cacti users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6h_p20060108-r2"
+ + libapreq is a shared library with associated modules for + manipulating client request data via the Apache API. +
++ A vulnerability has been reported in the apreq_parse_headers() and + apreq_parse_urlencoded() functions of Apache2::Request. +
++ A remote attacker could possibly exploit the vulnerability to + cause a Denial of Service by CPU consumption. +
++ There is no known workaround at this time. +
++ All libapreq2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.07"
+ + Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +
++ Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 + process that could lead to a Denial of Service. +
++ An attacker could possibly exploit this vulnerability by sending + specially crafted data stream to the Cyrus-SASL server, resulting in a + Denial of Service even if the attacker is not able to authenticate. +
++ There is no known workaround at this time. +
++ All Cyrus-SASL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.21-r2"
+ + xzgv and zgv are picture viewing utilities with a thumbnail based file + selector. +
++ Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate + insufficient memory when rendering images with more than 3 output + components, such as images using the YCCK or CMYK colour space. When + xzgv or zgv attempt to render the image, data from the image overruns a + heap allocated buffer. +
++ An attacker may be able to construct a malicious image that executes + arbitrary code with the permissions of the xzgv or zgv user when + attempting to render the image. +
++ There is no known workaround at this time. +
++ All xzgv users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r2"
+ + All zgv users should also upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.9"
+ + Crossfire is a cooperative multiplayer graphical adventure and + role-playing game. The Crossfire game server allows various compatible + clients to connect to participate in a cooperative game. +
++ Luigi Auriemma discovered a vulnerability in the Crossfire game + server, in the handling of the "oldsocketmode" option when processing + overly large requests. +
++ An attacker can set up a malicious Crossfire client that would + send a large request in "oldsocketmode", resulting in a Denial of + Service on the Crossfire server and potentially in the execution of + arbitrary code on the server with the rights of the game server. +
++ There is no known workaround at this time. +
++ All Crossfire server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-server/crossfire-server-1.9.0"
+ + Mozilla Firefox is the next-generation web browser from the + Mozilla project. +
++ Several vulnerabilities were found in Mozilla Firefox. Versions + 1.0.8 and 1.5.0.2 were released to fix them. +
++ A remote attacker could craft malicious web pages that would + leverage these issues to inject and execute arbitrary script code with + elevated privileges, steal local files, cookies or other information + from web pages, and spoof content. Some of these vulnerabilities might + even be exploited to execute arbitrary code with the rights of the + browser user. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.8"
+ + All Mozilla Firefox binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.8"
+ + fbida is a collection of image viewers and editors for the + framebuffer console and X11. +
++ Jan Braun has discovered that the "fbgs" script provided by fbida + insecurely creates temporary files in the "/var/tmp" directory. +
++ A local attacker could create links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + an affected script is called, this could result in the file being + overwritten with the rights of the user running the script. +
++ There is no known workaround at this time. +
++ All fbida users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r3"
+ + Dia is a GTK+ based diagram creation program. +
++ infamous41md discovered multiple buffer overflows in Dia's XFig + file import plugin. +
++ By enticing a user to import a specially crafted XFig file into + Dia, an attacker could exploit this issue to execute arbitrary code + with the rights of the user running Dia. +
++ There is no known workaround at this time. +
++ All Dia users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r5"
+ + xine-ui is a skin-based user interface for xine. xine is a free + multimedia player. It plays CDs, DVDs, and VCDs, and can also decode + other common multimedia formats. +
++ Ludwig Nussel discovered that xine-ui incorrectly implements + formatted printing. +
++ By constructing a malicious playlist file, a remote attacker could + exploit these vulnerabilities to execute arbitrary code with the rights + of the user running the application. +
++ There is no known workaround at this time. +
++ All xine-ui users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.4-r5"
+ + xine-lib is the xine core engine. xine is a free multimedia + player. It plays CDs, DVDs, and VCDs, and can also decode other common + multimedia formats. +
++ Federico L. Bossi Bonin discovered that when handling MPEG streams + xine-lib fails to make a proper boundary check of the input data + supplied by the user before copying it to an insufficiently sized + memory buffer. +
++ A remote attacker could entice a user to play a specially-crafted + MPEG file, resulting in the execution of arbitrary code with the + permissions of the user running the application. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2_pre20060328-r1"
+ + Ethereal is a feature-rich network protocol analyzer. +
++ Coverity discovered numerous vulnerabilities in versions of + Ethereal prior to 0.99.0, including: +
++ For further details please consult the + references below. +
++ An attacker might be able to exploit these vulnerabilities to crash + Ethereal or execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +
++ There is no known workaround at this time. +
++ All Ethereal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.99.0"
+ + The Mozilla Suite is a popular all-in-one web browser that + includes a mail and news reader. +
++ Several vulnerabilities were found in Mozilla Suite. Version + 1.7.13 was released to fix them. +
++ A remote attacker could craft malicious web pages or emails that + would leverage these issues to inject and execute arbitrary script code + with elevated privileges, steal local files, cookies or other + information from web pages or emails, and spoof content. Some of these + vulnerabilities might even be exploited to execute arbitrary code with + the rights of the user running the client. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Suite users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.13"
+ + All Mozilla Suite binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.13"
+ + MPlayer is a media player that supports many multimedia file types. +
++ Xfocus Team discovered multiple integer overflows that may lead to a + heap-based buffer overflow. +
++ An attacker could entice a user to play a specially crafted multimedia + file, potentially resulting in the execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060415"
+ + All MPlayer binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-bin-1.0.20060415"
+ + X.Org is X.Org Foundation's public implementation of the X Window + System. +
++ X.Org miscalculates the size of a buffer in the XRender extension. +
++ An X.Org user could exploit this issue to make the X server + execute arbitrary code with elevated privileges. +
++ There is no known workaround at this time. +
++ All X.Org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.8.2-r7"
+ + ClamAV is a GPL virus scanner. Freshclam is a utility to download + virus signature updates. +
++ Ulf Harnhammar and an anonymous German researcher discovered that + Freshclam fails to check the size of the header data returned by a + webserver. +
++ By enticing a user to connect to a malicious webserver an attacker + could cause the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.2"
+ + phpWebSite provides a complete web site content management system. +
++ rgod has reported that the "hub_dir" parameter in "index.php" + isn't properly verified. When "magic_quotes_gpc" is disabled, this can + be exploited to include arbitrary files from local ressources. +
++ If "magic_quotes_gpc" is disabled, which is not the default on + Gentoo Linux, a remote attacker could exploit this issue to include and + execute PHP scripts from local ressources with the rights of the user + running the web server, or to disclose sensitive information and + potentially compromise a vulnerable system. +
++ There is no known workaround at this time. +
++ All phpWebSite users should upgrade to the latest available + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2"
+ + rsync is a server and client utility that provides fast + incremental file transfers. It is used to efficiently synchronize files + between hosts and is used by emerge to fetch Gentoo's Portage tree. +
++ An integer overflow was found in the receive_xattr function from + the extended attributes patch (xattr.c) for rsync. The vulnerable + function is only present when the "acl" USE flag is set. +
++ A remote attacker with write access to an rsync module could craft + malicious extended attributes which would trigger the integer overflow, + potentially resulting in the execution of arbitrary code with the + rights of the rsync daemon. +
++ Do not provide write access to an rsync module to untrusted + parties. +
++ All rsync users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.8"
+ + Mozilla Firefox is the next-generation web browser from the + Mozilla project. +
++ Martijn Wargers and Nick Mott discovered a vulnerability when + rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is + not affected. +
++ If JavaScript is enabled, by tricking a user into visiting a + malicious web page which would send a specially crafted HTML script + that contains references to deleted objects with the "designMode" + property enabled, an attacker can crash the web browser and in theory + manage to execute arbitrary code with the rights of the user running + the browser. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox 1.5 users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.3"
+ + All Mozilla Firefox 1.5 binary users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.3"
+ + Nagios is an open source host, service and network monitoring program. +
++ Sebastian Krahmer of the SuSE security team discovered a buffer + overflow vulnerability in the handling of a negative HTTP + Content-Length header. +
++ A buffer overflow in Nagios CGI scripts under certain web servers + allows remote attackers to execute arbitrary code via a negative + content length HTTP header. +
++ There is no known workaround at this time. +
++ All Nagios users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-1.4.1"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo, + Tonu Samuel and Maksymilian Arciemowicz. These included a buffer + overflow in the wordwrap() function, restriction bypasses in the copy() + and tempname() functions, a cross-site scripting issue in the phpinfo() + function, a potential crash in the substr_compare() function and a + memory leak in the non-binary-safe html_entity_decode() function. +
++ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +
++ There is no known workaround at this point. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-lang/php
+ + Mozilla Thunderbird is the next-generation mail client from the + Mozilla project. +
++ Several vulnerabilities were found and fixed in Mozilla + Thunderbird. +
++ A remote attacker could craft malicious emails that would leverage + these issues to inject and execute arbitrary script code with elevated + privileges, steal local files or other information from emails, and + spoof content. Some of these vulnerabilities might even be exploited to + execute arbitrary code with the rights of the user running Thunderbird. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Thunderbird users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.8"
+ + All Mozilla Thunderbird binary users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.8"
+ + Note: There is no stable fixed version for the ALPHA + architecture yet. Users of Mozilla Thunderbird on ALPHA should consider + unmerging it until such a version is available. +
++ pdnsd is a proxy DNS server with permanent caching that is + designed to cope with unreachable DNS servers. +
++ The pdnsd team has discovered an unspecified buffer overflow + vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure + Programming Group (OUSPG), has also revealed a memory leak error within + the handling of the QTYPE and QCLASS DNS queries, leading to + consumption of large amounts of memory. +
++ An attacker can craft malicious DNS queries leading to a Denial of + Service, and potentially the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All pdnsd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/pdnsd-1.2.4-r1"
+ + Ruby is an interpreted scripting language for quick and easy + object-oriented programming. It comes bundled with HTTP ("WEBrick") and + XMLRPC server objects. +
++ Ruby uses blocking sockets for WEBrick and XMLRPC servers. +
++ An attacker could send large amounts of data to an affected server + to block the socket and thus deny other connections to the server. +
++ There is no known workaround at this time. +
++ All Ruby users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.4-r1"
+ + Quake 3 is a multiplayer first person shooter. +
++ landser discovered a vulnerability within the "remapShader" + command. Due to a boundary handling error in "remapShader", there is a + possibility of a buffer overflow. +
++ An attacker could set up a malicious game server and entice users + to connect to it, potentially resulting in the execution of arbitrary + code with the rights of the game user. +
++ Do not connect to untrusted game servers. +
++ All Quake 3 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"
+ + All RTCW users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"
+ + All Enemy Territory users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"
+ + MySQL is a popular multi-threaded, multi-user SQL database server. +
++ The processing of the COM_TABLE_DUMP command by a MySQL server fails to + properly validate packets that arrive from the client via a network + socket. +
++ By crafting specific malicious packets an attacker could gather + confidential information from the memory of a MySQL server process, for + example results of queries by other users or applications. By using PHP + code injection or similar techniques it would be possible to exploit + this flaw through web applications that use MySQL as a database + backend. +
++ Note that on 5.x versions it is possible to overwrite the stack and + execute arbitrary code with this technique. Users of MySQL 5.x are + urged to upgrade to the latest available version. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version. +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.27"
+ + libextractor is a library used to extract metadata from arbitrary + files. +
++ Luigi Auriemma has found two heap-based buffer overflows in + libextractor 0.5.13 and earlier: one of them occurs in the + asf_read_header function in the ASF plugin, and the other occurs in the + parse_trak_atom function in the Qt plugin. +
++ By enticing a user to open a malformed file using an application + that employs libextractor and its ASF or Qt plugins, an attacker could + execute arbitrary code in the context of the application running the + affected library. +
++ There is no known workaround at this time. +
++ All libextractor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.14"
+ + The Quagga Routing Suite implements three major routing protocols: + RIP (v1/v2/v3), OSPF (v2/v3) and BGP4. +
++ Konstantin V. Gavrilenko discovered two flaws in the Routing + Information Protocol (RIP) daemon that allow the processing of RIP v1 + packets (carrying no authentication) even when the daemon is configured + to use MD5 authentication or, in another case, even if RIP v1 is + completely disabled. Additionally, Fredrik Widell reported that the + Border Gateway Protocol (BGP) daemon contains a flaw that makes it lock + up and use all available CPU when a specific command is issued from the + telnet interface. +
++ By sending RIP v1 response packets, an unauthenticated attacker + can alter the routing table of a router running Quagga's RIP daemon and + disclose routing information. Additionally, it is possible to lock up + the BGP daemon from the telnet interface. +
++ There is no known workaround at this time. +
++ All Quagga users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r1"
+ + CherryPy is a Python-based, object-oriented web development + framework. +
++ Ivo van der Wijk discovered that the "staticfilter" component of + CherryPy fails to sanitize input correctly. +
++ An attacker could exploit this flaw to obtain arbitrary files from + the web server. +
++ There is no known workaround at this time. +
++ All CherryPy users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-2.1.1"
+ + libTIFF provides support for reading and manipulating TIFF images. +
++ Multiple vulnerabilities, ranging from integer overflows and NULL + pointer dereferences to double frees, were reported in libTIFF. +
++ An attacker could exploit these vulnerabilities by enticing a user + to open a specially crafted TIFF image, possibly leading to the + execution of arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All libTIFF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1"
+ + Opera is a multi-platform web browser. +
++ SEC Consult has discovered a buffer overflow in the code + processing style sheet attributes. It is caused by an integer + signedness error in a length check followed by a call to a string + function. It seems to be hard to exploit this buffer overflow to + execute arbitrary code because of the very large amount memory that has + to be copied. +
++ A remote attacker can entice a user to visit a web page containing + a specially crafted style sheet attribute that will crash the user's + browser and maybe lead to the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-8.54"
+ + shadow provides a set of utilities to deal with user accounts. +
++ When the mailbox is created in useradd, the "open()" function does + not receive the three arguments it expects while O_CREAT is present, + which leads to random permissions on the created file, before fchmod() + is executed. +
++ Depending on the random permissions given to the mailbox file + which is at this time owned by root, a local user may be able to open + this file for reading or writing, or even executing it, maybe as the + root user. +
++ There is no known workaround at this time. +
++ All shadow users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.0.15-r2"
+ + Dia is a GTK+ based diagram creation program. +
++ KaDaL-X discovered a format string error within the handling of + filenames. Hans de Goede also discovered several other format + string errors in the processing of dia files. +
++ By enticing a user to open a specially crafted file, a remote + attacker could exploit these vulnerabilities to execute arbitrary code + with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All Dia users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1"
+ + Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
++ Some integer overflows exist when adding elements to the smartlists. + Non-printable characters received from the network are not properly + sanitised before being logged. There are additional unspecified bugs in + the directory server and in the internal circuits. +
++ The possible buffer overflow may allow a remote attacker to execute + arbitrary code on the server by sending large inputs. The other + vulnerabilities can lead to a Denial of Service, a lack of logged + information, or some information disclosure. +
++ There is no known workaround at this time. +
++ All Tor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-misc/tor
+ + Pound is a reverse proxy, load balancer and HTTPS front-end. It allows + to distribute the load on several web servers and offers a SSL wrapper + for web servers that do not support SSL directly. +
++ Pound fails to handle HTTP requests with conflicting "Content-Length" + and "Transfer-Encoding" headers correctly. +
++ An attacker could exploit this vulnerability by sending HTTP requests + with specially crafted "Content-Length" and "Transfer-Encoding" headers + to bypass certain security restrictions or to poison the web proxy + cache. +
++ There is no known workaround at this time. +
++ All Pound users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose www-servers/pound
+ + AWStats is an advanced log file analyzer and statistics generator. +
++ Hendrik Weimer has found that if updating the statistics via the + web frontend is enabled, it is possible to inject arbitrary code via a + pipe character in the "migrate" parameter. Additionally, r0t has + discovered that AWStats fails to properly sanitize user-supplied input + in awstats.pl. +
++ A remote attacker can execute arbitrary code on the server in the + context of the application running the AWStats CGI script if updating + of the statistics via web frontend is allowed. Nonetheless, all + configurations are affected by a cross-site scripting vulnerability in + awstats.pl, allowing a remote attacker to execute arbitrary scripts + running in the context of the victim's browser. +
++ Disable statistics updates using the web frontend to avoid code + injection. However, there is no known workaround at this time + concerning the cross-site scripting vulnerability. +
++ All AWStats users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-misc/awstats-6.5-r1"
+ + Vixie Cron is a command scheduler with extended syntax over cron. +
++ Roman Veretelnikov discovered that Vixie Cron fails to properly + check whether it can drop privileges accordingly if setuid() in + do_command.c fails due to a user exceeding assigned resource limits. +
++ Local users can execute code with root privileges by deliberately + exceeding their assigned resource limits and then starting a command + through Vixie Cron. This requires resource limits to be in place on the + machine. +
++ There is no known workaround at this time. +
++ All Vixie Cron users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r9"
+ + WordPress is a PHP and MySQL based content management and publishing + system. +
++ rgod discovered that WordPress insufficiently checks the format of + cached username data. +
++ An attacker could exploit this vulnerability to execute arbitrary + commands by sending a specially crafted username. As of Wordpress 2.0.2 + the user data cache is disabled by default. +
++ There are no known workarounds at this time. +
++ All WordPress users should upgrade to the latest available version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3"
+ + SpamAssassin is an extensible email filter used to identify junk + email. spamd is the daemonized version of SpamAssassin. +
++ When spamd is run with both the "--vpopmail" (-v) and + "--paranoid" (-P) options, it is vulnerable to an unspecified issue. +
++ With certain configuration options, a local or even remote + attacker could execute arbitrary code with the rights of the user + running spamd, which is root by default, by sending a crafted message + to the spamd daemon. Furthermore, the attack can be remotely + performed if the "--allowed-ips" (-A) option is present and specifies + non-local adresses. Note that Gentoo Linux is not vulnerable in the + default configuration. +
++ Don't use both the "--paranoid" (-P) and the "--vpopmail" (-v) + options. +
++ All SpamAssassin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3"
+ + Cscope is a developer's tool for browsing source code. +
++ Cscope does not verify the length of file names sourced in + #include statements. +
++ A user could be enticed to source a carefully crafted file which + will allow the attacker to execute arbitrary code with the permissions + of the user running Cscope. +
++ There is no known workaround at this time. +
++ All Cscope users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5-r6"
+ + The JPEG library is able to load, handle and manipulate images in the + JPEG format. +
++ Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the + vulnerable JPEG library ebuilds compile JPEG without the --maxmem + feature which is not recommended. +
++ By enticing a user to load a specially crafted JPEG image file an + attacker could cause a Denial of Service, due to memory exhaustion. +
++ There is no known workaround at this time. +
++ JPEG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/jpeg-6b-r7"
+ + Mozilla Firefox is the next-generation web browser from the + Mozilla project. +
++ A number of vulnerabilities were found and fixed in Mozilla + Firefox. For details please consult the references below. +
++ By enticing the user to visit a malicious website, a remote + attacker can inject arbitrary HTML and JavaScript Code into the user's + browser, execute JavaScript code with elevated privileges and possibly + execute arbitrary code with the permissions of the user running the + application. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.4"
+ + All Mozilla Firefox binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.4"
+ + Note: There is no stable fixed version for the Alpha + architecture yet. Users of Mozilla Firefox on Alpha should consider + unmerging it until such a version is available. +
++ MySQL is a popular multi-threaded, multi-user SQL server. +
++ MySQL is vulnerable to an injection flaw in mysql_real_escape() when + used with multi-byte characters. +
++ Due to a flaw in the multi-byte character process, an attacker is still + able to inject arbitary SQL statements into the MySQL server for + execution. +
++ There are a few workarounds available: NO_BACKSLASH_ESCAPES mode as a + workaround for a bug in mysql_real_escape_string(): SET + sql_mode='NO_BACKSLASH_ESCAPES'; SET GLOBAL + sql_mode='NO_BACKSLASH_ESCAPES'; and server command line options: + --sql-mode=NO_BACKSLASH_ESCAPES. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.1.20"
+ + GDM is the GNOME display manager. +
++ GDM allows a normal user to access the configuration manager. +
++ When the "face browser" in GDM is enabled, a normal user can use the + "configure login manager" with his/her own password instead of the root + password, and thus gain additional privileges. +
++ There is no known workaround at this time. +
++ All GDM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-base/gdm-2.8.0.8"
+ + Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +
++ Asterisk fails to properly check the length of truncated video frames + in the IAX2 channel driver which results in a buffer overflow. +
++ An attacker could exploit this vulnerability by sending a specially + crafted IAX2 video stream resulting in the execution of arbitrary code + with the permissions of the user running Asterisk. +
++ Disable public IAX2 support. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.0.11_p1"
+ + DokuWiki is a simple to use wiki targeted at developer teams, + workgroups and small companies. +
++ Stefan Esser discovered that the DokuWiki spell checker fails to + properly sanitize PHP's "complex curly syntax". +
++ A unauthenticated remote attacker may execute arbitrary PHP commands - + and thus possibly arbitrary system commands - with the permissions of + the user running the webserver that serves DokuWiki pages. +
++ There is no known workaround at this time. +
++ All DokuWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309-r1"
+ + OpenLDAP is a suite of LDAP-related applications and development tools. + It includes slapd (the standalone LDAP server), slurpd (the standalone + LDAP replication server), various LDAP libraries, utilities and example + clients. +
++ slurpd contains a buffer overflow when reading very long hostnames from + the status file. +
++ By injecting an overly long hostname in the status file, an attacker + could possibly cause the execution of arbitrary code with the + permissions of the user running slurpd. +
++ There is no known workaround at this time. +
++ All openLDAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.22"
+ + PAM-MySQL is a PAM module used to authenticate users against a MySQL + backend. +
++ A flaw in handling the result of pam_get_item() as well as further + unspecified flaws were discovered in PAM-MySQL. +
++ By exploiting the mentioned flaws an attacker can cause a Denial of + Service and thus prevent users that authenticate against PAM-MySQL from + logging into a machine. There is also a possible additional attack + vector with more malicious impact that has not been confirmed yet. +
++ There is no known workaround at this time. +
++ All PAM-MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_mysql-0.7_rc1"
+ + Sendmail is a popular mail transfer agent (MTA). +
++ Frank Sheiness discovered that the mime8to7() function can recurse + endlessly during the decoding of multipart MIME messages until the + stack of the process is filled and the process crashes. +
++ By sending specially crafted multipart MIME messages, a remote + attacker can cause a subprocess forked by Sendmail to crash. If + Sendmail is not set to use a randomized queue processing, the attack + will effectively halt the delivery of queued mails as well as the + malformed one, incoming mail delivered interactively is not affected. + Additionally, on systems where core dumps with an individual naming + scheme (like "core.pid") are enabled, a filesystem may fill up with + core dumps. Core dumps are disabled by default in Gentoo. +
++ The Sendmail 8.13.7 release information offers some workarounds, please + see the Reference below. Note that the issue has actually been fixed in + the 8.13.6-r1 ebuild. +
++ All Sendmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6-r1"
+ + Typespeed is a game to test and practice 10-finger-typing. Network code + allows two users to compete head-to-head. +
++ Niko Tyni discovered a buffer overflow in the addnewword() function of + Typespeed's network code. +
++ By sending specially crafted network packets to a machine running + Typespeed in multiplayer mode, a remote attacker can execute arbitrary + code with the permissions of the user running the game. +
++ Do not run Typespeed in multiplayer mode. There is no known workaround + at this time for multiplayer mode. +
++ All Typespeed users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-misc/typespeed-0.5.0"
+ + Mozilla Thunderbird is the next-generation mail client from the Mozilla + project. +
++ Several vulnerabilities were found and fixed in Mozilla Thunderbird. + For details, please consult the references below. +
++ A remote attacker could craft malicious emails that would leverage + these issues to inject and execute arbitrary script code with elevated + privileges, spoof content, and possibly execute arbitrary code with the + rights of the user running the application. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.4"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.4"
+ + Note: There is no stable fixed version for the Alpha architecture yet. + Users of Mozilla Thunderbird on Alpha should consider unmerging it + until such a version is available. +
++ aRts is a real time modular system for synthesizing audio used by KDE. + artswrapper is a helper application used to start the aRts daemon. +
++ artswrapper fails to properly check whether it can drop privileges + accordingly if setuid() fails due to a user exceeding assigned resource + limits. +
++ Local attackers could exploit this vulnerability to execute arbitrary + code with elevated privileges. Note that the aRts package provided by + Gentoo is only vulnerable if the artswrappersuid USE-flag is enabled. +
++ There is no known workaround at this time. +
++ All aRts users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/arts
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KDM is the KDE Display Manager and is part + of the kdebase package. +
++ Ludwig Nussel discovered that KDM could be tricked into allowing users + to read files that would otherwise not be readable. +
++ A local attacker could exploit this issue to obtain potentially + sensitive information that is usually not accessable to the local user + such as shadow files or other user's files. The default Gentoo user + running KDM is root and, as a result, the local attacker can read any + file. +
++ There is no known workaround at this time. +
++ All kdebase users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdebase
+ + All KDE split ebuild users should upgrade to the latest KDM version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose kde-base/kdm
+ + wv2 is a filter library for Microsoft Word files, used in many Office + suites. +
++ A boundary checking error was found in wv2, which could lead to an + integer overflow. +
++ An attacker could execute arbitrary code with the rights of the user + running the program that uses the library via a maliciously crafted + Microsoft Word document. +
++ There is no known workaround at this time. +
++ All wv2 users should update to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/wv2-0.2.3"
+ + Hashcash is a utility for generating Hashcash tokens, a proof-of-work + system to reduce the impact of spam. +
++ Andreas Seltenreich has reported a possible heap overflow in the + array_push() function in hashcash.c, as a result of an incorrect amount + of allocated memory for the "ARRAY" structure. +
++ By sending malicious entries to the Hashcash utility, an attacker may + be able to cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Hashcash users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.21"
+ + EnergyMech is an IRC bot programmed in C. +
++ A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and + will cause a crash from a segmentation fault. +
++ By sending an empty CTCP NOTICE, a remote attacker could exploit this + vulnerability to cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All EnergyMech users should update to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/emech-3.0.2"
+ + Mutt is a small but very powerful text-based mail client. +
++ TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in + the "browse_get_namespace()" function in browse.c, which can be + triggered when receiving an overly long namespace from an IMAP server. +
++ A malicious IMAP server can send an overly long namespace to Mutt in + order to crash the application, and possibly execute arbitrary code + with the permissions of the user running Mutt. +
++ There is no known workaround at this time. +
++ All Mutt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mutt-1.5.11-r2"
+ + The Horde Web Application Framework is a general-purpose web + application framework written in PHP, providing classes for handling + preferences, compression, browser detection, connection tracking, MIME, + and more. +
++ Michael Marek discovered that the Horde Web Application Framework + performs insufficient input sanitizing. +
++ An attacker could exploit these vulnerabilities to execute arbitrary + scripts running in the context of the victim's browser. +
++ There is no known workaround at this time. +
++ All horde users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.1-r1"
+ + Tikiwiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +
++ Tikiwiki fails to properly sanitize user input before processing it, + including in SQL statements. +
++ An attacker could execute arbitrary SQL statements on the underlying + database, or inject arbitrary scripts into the context of a user's + browser. +
++ There is no known workaround at this time. +
++ All Tikiwiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.4"
+ + Kiax is a graphical softphone supporting the IAX protocol (Inter + Asterisk eXchange), which allows PC users to make VoIP calls to + Asterisk servers. +
++ The iax_net_read function in the iaxclient library fails to properly + handle IAX2 packets with truncated full frames or mini-frames. These + frames are detected in a length check but processed anyway, leading to + buffer overflows. +
++ By sending a specially crafted IAX2 packet, an attacker could execute + arbitrary code with the permissions of the user running Kiax. +
++ There is no known workaround at this time. +
++ All Kiax users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/kiax-0.8.5_p1"
+ + mpg123 is a real time audio player designed for the MPEG format. +
++ In httpdget.c, a variable is assigned to the heap, and is supposed to + receive a smaller allocation. As this variable was not terminated + properly, strncpy() will overwrite the data assigned next in memory. +
++ By enticing a user to visit a malicious URL, an attacker could possibly + execute arbitrary code with the rights of the user running mpg123. +
++ There is no known workaround at this time. +
++ All mpg123 users should update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r11"
+ + FreeType is a portable font engine. +
++ Multiple integer overflows exist in a variety of files (bdf/bdflib.c, + sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c). +
++ A remote attacker could exploit these buffer overflows by enticing a + user to load a specially crafted font, which could result in the + execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All FreeType users should upgrade to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r2"
+ + libTIFF provides support for reading and manipulating TIFF images. +
++ A buffer overflow has been found in the t2p_write_pdf_string function + in tiff2pdf, which can been triggered with a TIFF file containing a + DocumentName tag with UTF-8 characters. An additional buffer overflow + has been found in the handling of the parameters in tiffsplit. +
++ A remote attacker could entice a user to load a specially crafted TIFF + file, resulting in the possible execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All libTIFF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r1"
+ + PostgreSQL is an open source object-relational database management + system. +
++ PostgreSQL contains a flaw in the string parsing routines that allows + certain backslash-escaped characters to be bypassed with some multibyte + character encodings. This vulnerability was discovered by Akio Ishida + and Yasuo Ohgaki. +
++ An attacker could execute arbitrary SQL statements on the PostgreSQL + server. Be aware that web applications using PostgreSQL as a database + back-end might be used to exploit this vulnerability. +
++ There is no known workaround at this time. +
++ All PostgreSQL users should upgrade to the latest version in the + respective branch they are using: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose dev-db/postgresql
+ + Note: While a fix exists for the 7.3 branch it doesn't currently work + on Gentoo. All 7.3.x users of PostgreSQL should consider updating their + installations to the 7.4 (or higher) branch as soon as possible! +
++ SHOUTcast server is a streaming audio server. +
++ The SHOUTcast server is vulnerable to a file disclosure when the server + receives a specially crafted GET request. Furthermore it also fails to + sanitize the input passed to the "Description", "URL", "Genre", "AIM", + and "ICQ" fields. +
++ By sending a specially crafted GET request to the SHOUTcast server, the + attacker can read any file that can be read by the SHOUTcast process. + Furthermore it is possible that various request variables could also be + exploited to execute arbitrary scripts in the context of a victim's + browser. +
++ There is no known workaround at this time. +
++ All SHOUTcast server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/shoutcast-server-bin-1.9.7"
+ + libpng is an open, extensible image format library, with lossless + compression. +
++ In pngrutil.c, the function png_decompress_chunk() allocates + insufficient space for an error message, potentially overwriting stack + data, leading to a buffer overflow. +
++ By enticing a user to load a maliciously crafted PNG image, an attacker + could execute arbitrary code with the rights of the user, or crash the + application using the libpng library, such as the + emul-linux-x86-baselibs. +
++ There is no known workaround at this time. +
++ All libpng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.12"
+ + All AMD64 emul-linux-x86-baselibs users should also upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.1"
+ + xine-lib is the core library of xine, a multimedia player. +
++ There is a stack based overflow in the libmms library included with + xine-lib which can be triggered by malicious use of the send_command, + string_utf16, get_data and get_media_packet functions. +
++ A remote attacker could design a malicious media file that would + trigger the overflow, potentially resulting in the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r2"
+ + GIMP is the GNU Image Manipulation Program. XCF is the native image + file format used by GIMP. +
++ Henning Makholm discovered that the "xcf_load_vector()" function is + vulnerable to a buffer overflow when loading a XCF file with a large + "num_axes" value. +
++ An attacker could exploit this issue to execute arbitrary code by + enticing a user to open a specially crafted XCF file. +
++ There is no known workaround at this time. +
++ All GIMP users should update to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.2.12"
+ + Wireshark, formerly known as Ethereal, is a popular network protocol + analyzer. +
++ Wireshark dissectors have been found vulnerable to a large number of + exploits, including off-by-one errors, buffer overflows, format string + overflows and an infinite loop. +
++ Running an affected version of Wireshark or Ethereal could allow for a + remote attacker to execute arbitrary code on the user's computer by + sending specially crafted packets. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2"
+ + All Ethereal users should migrate to Wireshark: +
+
+ # emerge --sync
+ # emerge --ask --unmerge net-analyzer/ethereal
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2"
+ + To keep the [saved] configuration from Ethereal and reuse it with + Wireshark: +
+
+ # mv ~/.ethereal ~/.wireshark
+ + Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +
++ During an internal audit the Samba team discovered that a flaw in the + way Samba stores share connection requests could lead to a Denial of + Service. +
++ By sending a large amount of share connection requests to a vulnerable + Samba server, an attacker could cause a Denial of Service due to memory + consumption. +
++ There is no known workaround at this time. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.22-r3"
+ + The TunePimp library (also referred to as libtunepimp) is a development + library geared towards developers who wish to create MusicBrainz + enabled tagging applications. +
++ Kevin Kofler has reported a vulnerability where three stack variables + are allocated with 255, 255 and 100 bytes respectively, yet 256 bytes + are read into each. This could lead to buffer overflows. +
++ Running an affected version of TunePimp could lead to the execution of + arbitrary code by a remote attacker. +
++ There is no known workaround at this time. +
++ All tunepimp users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tunepimp-0.5."
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ Internal security audits by OpenOffice.org have discovered three + security vulnerabilities related to Java applets, macros and the XML + file format parser. +
++ An attacker might exploit these vulnerabilities to escape the Java + sandbox, execute arbitrary code or BASIC code with the permissions of + the user running OpenOffice.org. +
++ Disabling Java applets will protect against the vulnerability in the + handling of Java applets. There are no workarounds for the macro and + file format vulnerabilities. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.3"
+ + Audacious is a media player that has been forked from Beep Media + Player. +
++ Luigi Auriemma has found that the adplug library fails to verify the + size of the destination buffers in the unpacking instructions, + resulting in various possible heap and buffer overflows. +
++ An attacker can entice a user to load a specially crafted media file, + resulting in a crash or possible execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Audacious users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/audacious-1.1.0"
+ + The Apache HTTP server is one of the most popular web servers on the + Internet. The Apache module mod_rewrite provides a rule-based engine to + rewrite requested URLs on the fly. +
++ An off-by-one flaw has been found in Apache's mod_rewrite module by + Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on + the types of rewrite rules being used. +
++ A remote attacker could exploit the flaw to cause a Denial of Service + or execution of arbitrary code. Note that Gentoo Linux is not + vulnerable in the default configuration. +
++ There is no known workaround at this time. +
++ All Apache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose www-servers/apache
+ + The Mozilla SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as "Mozilla Application Suite". +
++ The following vulnerabilities have been reported: +
++ A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. +
++ There is no known workaround at this time. +
++ All Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.3"
+ + Mozilla Firefox is a redesign of the Mozilla Navigator component. The + goal is to produce a cross-platform stand-alone browser application. +
++ The following vulnerabilities have been reported: +
++ A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.5"
+ + Users of the binary package should upgrade as well: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.5"
+ + The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail + component. The goal is to produce a cross-platform stand-alone mail + application using XUL (XML User Interface Language). +
++ The following vulnerabilities have been reported: +
++ A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. +
++ There is no known workaround at this time. +
++ All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.5"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.5"
+ + LibVNCServer is a GPL'ed library for creating VNC servers. +
++ LibVNCServer fails to properly validate protocol types effectively + letting users decide what protocol to use, such as "Type 1 - None". + LibVNCServer will accept this security type, even if it is not offered + by the server. +
++ An attacker could use this vulnerability to gain unauthorized access + with the privileges of the user running the VNC server. +
++ There is no known workaround at this time. +
++ All LibVNCServer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.8.2"
+ + Courier MTA is an integrated mail and groupware server based on open + protocols. +
++ Courier MTA has fixed a security issue relating to usernames containing + the "=" character, causing high CPU utilization. +
++ An attacker could exploit this vulnerability by sending a specially + crafted email to a mail gateway running a vulnerable version of Courier + MTA. +
++ There is no known workaround at this time. +
++ All Courier MTA users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/courier-0.53.2"
+ + libTIFF provides support for reading and manipulating TIFF images. +
++ Tavis Ormandy of the Google Security Team discovered several heap and + stack buffer overflows and other flaws in libTIFF. The affected parts + include the TIFFFetchShortPair(), TIFFScanLineSize() and + EstimateStripByteCounts() functions, and the PixarLog and NeXT RLE + decoders. +
++ A remote attacker could entice a user to open a specially crafted TIFF + file, resulting in the possible execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All libTIFF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r2"
+ + The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite + of cryptographic software. +
++ Evgeny Legerov discovered a vulnerability in GnuPG that when certain + packets are handled an integer overflow may occur. +
++ By sending a specially crafted email to a user running an affected + version of GnuPG, a remote attacker could possibly execute arbitrary + code with the permissions of the user running GnuPG. +
++ There is no known workaround at this time. +
++ All GnuPG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*"
+ + MySQL is a popular multi-threaded, multi-user SQL server. +
++ Jean-David Maillefer discovered a format string vulnerability in + time.cc where MySQL fails to properly handle specially formatted user + input to the date_format function. +
++ By specifying a format string as the first parameter to the date_format + function, an authenticated attacker could cause MySQL to crash, + resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=dev-db/mysql-4.1.21"
+ + Pike is a general purpose programming language, able to be used for + multiple tasks. +
++ Some input is not properly sanitised before being used in a SQL + statement in the underlying PostgreSQL database. +
++ A remote attacker could provide malicious input to a pike program, + which might result in the execution of arbitrary SQL statements. +
++ There is no known workaround at this time. +
++ All pike users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/pike-7.6.86"
+ + Webmin is a web-based interface for Unix-like systems. Usermin is a + simplified version of Webmin designed for use by normal users rather + than system administrators. +
++ A vulnerability in both Webmin and Usermin has been discovered by Kenny + Chen, wherein simplify_path is called before the HTML is decoded. +
++ A non-authenticated user can read any file on the server using a + specially crafted URL. +
++ For a temporary workaround, IP Access Control can be setup on Webmin + and Usermin. +
++ All Webmin users should update to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=app-admin/webmin-1.290"
+ + All Usermin users should update to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=app-admin/usermin-1.220"
+ + x11vnc provides VNC servers for X displays. +
++ x11vnc includes vulnerable LibVNCServer code, which fails to properly + validate protocol types effectively letting users decide what protocol + to use, such as "Type 1 - None" (GLSA-200608-05). x11vnc will accept + this security type, even if it is not offered by the server. +
++ An attacker could exploit this vulnerability to gain unauthorized + access with the privileges of the user running the VNC server. +
++ There is no known workaround at this time. +
++ All x11vnc users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/x11vnc-0.8.1"
+ + ClamAV is a GPL virus scanner. +
++ Damian Put has discovered a boundary error in the pefromupx() function + used by the UPX extraction module, which unpacks PE Windows executable + files. Both the "clamscan" command-line utility and the "clamd" daemon + are affected. +
++ By sending a malicious attachment to a mail server running ClamAV, a + remote attacker can cause a Denial of Service and potentially the + execution of arbitrary code with the permissions of the user running + ClamAV. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.4"
+ + DUMB (Dynamic Universal Music Bibliotheque) is an IT, XM, S3M and MOD + player library. +
++ Luigi Auriemma found a heap-based buffer overflow in the + it_read_envelope function which reads the envelope values for volume, + pan and pitch of the instruments referenced in a ".it" (Impulse + Tracker) file with a large number of nodes. +
++ By enticing a user to load a malicious ".it" (Impulse Tracker) file, an + attacker may execute arbitrary code with the rights of the user running + the application that uses a vulnerable DUMB library. +
++ There is no known workaround at this time. +
++ All users of DUMB should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/dumb-0.9.3-r1"
+ + MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. It is designed to provide strong authentication for + client/server applications by using secret-key cryptography. +
++ Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked + calls to seteuid() in kftpd and in ksu, have been found in the MIT + Kerberos 5 program suite and may lead to a local root privilege + escalation. +
++ A local attacker could exploit this vulnerability to execute arbitrary + code with elevated privileges. +
++ There is no known workaround at this time. +
++ All MIT Kerberos 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.4.3-r3"
+ + Warzone 2100 Resurrection is a real-time strategy game, developed by + Pumpkin Studios and published by Eidos Interactive. +
++ Luigi Auriemma discovered two buffer overflow vulnerabilities in + Warzone 2100 Resurrection. The recvTextMessage function of the Warzone + 2100 Resurrection server and the NETrecvFile function of the client use + insufficiently sized buffers. +
++ A remote attacker could exploit these vulnerabilities by sending + specially crafted input to the server, or enticing a user to load a + specially crafted file from a malicious server. This may result in the + execution of arbitrary code with the permissions of the user running + Warzone 2100 Resurrection. +
++ There is no known workaround for this issue. +
++ There is no known workaround at this time. +
++ All Warzone 2100 Resurrection users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-strategy/warzone2100-2.0.4"
+ + libwmf is a library for reading and converting vector images in + Microsoft's native Windows Metafile Format (WMF). +
++ infamous41md discovered that libwmf fails to do proper bounds checking + on the MaxRecordSize variable in the WMF file header. This could lead + to an head-based buffer overflow. +
++ By enticing a user to open a specially crafted WMF file, a remote + attacker could cause a heap-based buffer overflow and execute arbitrary + code with the permissions of the user running the application that uses + libwmf. +
++ There is no known workaround for this issue. +
++ All libwmf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4"
+ + Net::Server is an extensible, generic Perl server engine. It is used by + several Perl applications like Postgrey. +
++ The log function of Net::Server does not handle format string + specifiers properly before they are sent to syslog. +
++ By sending a specially crafted datastream to an application using + Net::Server, an attacker could cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All Net::Server should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/net-server-0.88"
+ + WordPress is a PHP and MySQL based multiuser blogging system. +
++ The WordPress developers have confirmed a vulnerability in capability + checking for plugins. +
++ By exploiting a flaw, a user can circumvent WordPress access + restrictions when using plugins. The actual impact depends on the + configuration of WordPress and may range from trivial to critical, + possibly even the execution of arbitrary PHP code. +
++ There is no known workaround at this time. +
++ All WordPress users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.4"
+ + Ruby on Rails is an open-source web framework. +
++ The Ruby on Rails developers have corrected some weaknesses in + action_controller/, relative to the handling of the user input and the + LOAD_PATH variable. A remote attacker could inject arbitrary entries + into the LOAD_PATH variable and alter the main Ruby on Rails process. + The security hole has only been partly solved in version 1.1.5. Version + 1.1.6 now fully corrects it. +
++ A remote attacker that would exploit these weaknesses might cause a + Denial of Service of the web framework and maybe inject arbitrary Ruby + scripts. +
++ There is no known workaround at this time. +
++ All Ruby on Rails users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rails-1.1.6"
+ + Heimdal is a free implementation of Kerberos 5. +
++ The ftpd and rcp applications provided by Heimdal fail to check the + return value of calls to seteuid(). +
++ A local attacker could exploit this vulnerability to execute arbitrary + code with elevated privileges. +
++ There is no known workaround at this time. +
++ All Heimdal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2-r3"
+ + fbida is a collection of image viewers and editors for the framebuffer + console and X11. fbgs is a PostScript and PDF viewer for the linux + framebuffer console. +
++ Toth Andras has discovered a typographic mistake in the "fbgs" script, + shipped with fbida if the "fbcon" and "pdf" USE flags are both enabled. + This script runs "gs" without the -dSAFER option, thus allowing a + PostScript file to execute, delete or create any kind of file on the + system. +
++ A remote attacker can entice a vulnerable user to view a malicious + PostScript or PDF file with fbgs, which may result with the execution + of arbitrary code. +
++ There is no known workaround at this time. +
++ All fbida users with the "fbcon" and "pdf" USE flags both enabled + should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r4"
+ + Heartbeat is a component of the High-Availability Linux project. It is + used to perform death-of-node detection, communications and cluster + management. +
++ Yan Rong Ge discovered that the peel_netstring() function in + cl_netstring.c does not validate the "length" parameter of user input, + which can lead to an out-of-bounds memory access when processing + certain Heartbeat messages (CVE-2006-3121). Furthermore an unspecified + local DoS issue was fixed (CVE-2006-3815). +
++ By sending a malicious UDP Heartbeat message, even before + authentication, a remote attacker can crash the master control process + of the cluster. +
++ There is no known workaround at this time. +
++ All Heartbeat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose sys-cluster/heartbeat
+ + AlsaPlayer is a heavily multithreaded PCM player that tries to utilize + ALSA utilities and drivers. As of June 2004, the project is inactive. +
++ AlsaPlayer contains three buffer overflows: in the function that + handles the HTTP connections, the GTK interface, and the CDDB querying + mechanism. +
++ An attacker could exploit the first vulnerability by enticing a user to + load a malicious URL resulting in the execution of arbitrary code with + the permissions of the user running AlsaPlayer. +
++ There is no known workaround at this time. +
++ AlsaPlayer has been masked in Portage pending the resolution of these + issues. AlsaPlayer users are advised to uninstall the package until + further notice: +
+
+ # emerge --ask --unmerge "media-sound/alsaplayer"
+ + X.org is an implementation of the X Window System. +
++ Several X.org libraries and X.org itself contain system calls to + set*uid() functions, without checking their result. +
++ Local users could deliberately exceed their assigned resource limits + and elevate their privileges after an unsuccessful set*uid() system + call. This requires resource limits to be enabled on the machine. +
++ There is no known workaround at this time. +
++ All X.Org xdm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"
+ + All X.Org xinit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"
+ + All X.Org xload users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"
+ + All X.Org xf86dga users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"
+ + All X.Org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"
+ + All X.Org X servers users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"
+ + All X.Org X11 library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"
+ + All X.Org xtrans library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"
+ + All xterm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"
+ + All users of the X11R6 libraries for emulation of 32bit x86 on amd64 + should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"
+ + Please note that the fixed packages have been available for most + architectures since June 30th but the GLSA release was held up waiting + for the remaining architectures. +
++ Wireshark is a feature-rich network protocol analyzer. +
++ The following vulnerabilities have been discovered in Wireshark. + Firstly, if the IPsec ESP parser is used it is susceptible to + off-by-one errors, this parser is disabled by default; secondly, the + SCSI dissector is vulnerable to an unspecified crash; and finally, the + Q.2931 dissector of the SSCOP payload may use all the available memory + if a port range is configured. By default, no port ranges are + configured. +
++ An attacker might be able to exploit these vulnerabilities, resulting + in a crash or the execution of arbitrary code with the permissions of + the user running Wireshark, possibly the root user. +
++ Disable the SCSI and Q.2931 dissectors with the "Analyse" and "Enabled + protocols" menus. Make sure the ESP decryption is disabled, with the + "Edit -> Preferences -> Protocols -> ESP" menu. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.3"
+ + Motor is a text mode based programming environment for Linux, with a + syntax highlighting feature, project manager, makefile generator, gcc + and gdb front-end, and CVS integration. +
++ In November 2005, Zone-H Research reported a boundary error in the + ktools library in the VGETSTRING() macro of kkstrtext.h, which may + cause a buffer overflow via an overly long input string. +
++ A remote attacker could entice a user to use a malicious file or input, + which could lead to the crash of Motor and possibly the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All Motor 3.3.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/motor-3.3.0-r1"
+ + All motor 3.4.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/motor-3.4.0-r1"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ The sscanf() PHP function contains an array boundary error that can be + exploited to dereference a null pointer. This can possibly allow the + bypass of the safe mode protection by executing arbitrary code. +
++ A remote attacker might be able to exploit this vulnerability in PHP + applications making use of the sscanf() function, potentially resulting + in the execution of arbitrary code or the execution of scripted + contents in the context of the affected site. +
++ There is no known workaround at this time. +
++ All PHP 4.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.3-r1"
+ + All PHP 5.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.4-r6"
+ + Streamripper extracts and records individual MP3 file tracks from + SHOUTcast streams. +
++ Ulf Harnhammar, from the Debian Security Audit Project, has found that + Streamripper is vulnerable to multiple stack based buffer overflows + caused by improper bounds checking when processing malformed HTTP + headers. +
++ By enticing a user to connect to a malicious server, an attacker could + execute arbitrary code with the permissions of the user running + Streamripper +
++ There is no known workaround at this time. +
++ All Streamripper users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.61.26"
+ + GTetrinet is a networked Tetris clone for GNOME 2. +
++ Michael Gehring has found that GTetrinet fails to properly handle array + indexes. +
++ An attacker can potentially execute arbitrary code by sending a + negative number of players to the server. +
++ There is no known workaround at this time. +
++ All GTetrinet users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-puzzle/gtetrinet-0.7.10"
+ + OpenTTD is a clone of Transport Tycoon Deluxe. +
++ OpenTTD is vulnerable to a Denial of Service attack due to a flaw in + the manner the game server handles errors in command packets. +
++ An authenticated attacker can cause a Denial of Service by sending an + invalid error number to a vulnerable OpenTTD server. +
++ There is no known workaround at this time. +
++ All OpenTTD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.8"
+ + libXfont is the X.Org Xfont library, some parts are based on the + FreeType code base. +
++ Several integer overflows have been found in the PCF font parser. +
++ A local attacker could possibly execute arbitrary code or crash the + Xserver by enticing a user to load a specially crafted PCF font file. +
++ Do not use untrusted PCF Font files. +
++ All libXfont users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.0-r1"
+ + OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. + The x86 emulation base libraries for AMD64 contain a vulnerable version + of OpenSSL. +
++ Daniel Bleichenbacher discovered that it might be possible to forge + signatures signed by RSA keys with the exponent of 3. +
++ Since several CAs are using an exponent of 3 it might be possible for + an attacker to create a key with a false CA signature. +
++ There is no known workaround at this time. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k"
+ + All AMD64 x86 emulation base libraries users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.2"
+ + AdPlug is a free, cross-platform, and hardware-independent AdLib sound + player library. +
++ AdPlug is vulnerable to buffer and heap overflows when processing the + following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. +
++ By enticing a user to load a specially crafted file, an attacker could + execute arbitrary code with the privileges of the user running AdPlug. +
++ There are no known workarounds at this time. +
++ All AdPlug users should update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/adplug-2.0.1"
+ + libXfont is the X.Org Xfont library, some parts are based on the + FreeType code base. +
++ Several integer overflows have been found in the CID font parser. +
++ A remote attacker could exploit this vulnerability by enticing a user + to load a malicious font file resulting in the execution of arbitrary + code with the permissions of the user running the X server which + typically is the root user. A local user could exploit this + vulnerability to gain elevated privileges. +
++ Disable CID-encoded Type 1 fonts by removing the "type1" module and + replacing it with the "freetype" module in xorg.conf. +
++ All libXfont users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.1"
+ + All monolithic X.org users are advised to migrate to modular X.org. +
++ xine is a high performance, portable and reusable multimedia playback + engine. xine-lib is xine's core engine. +
++ xine-lib contains buffer overflows in the processing of AVI. + Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP + plugin (xineplug_inp_http.so) via a long reply from an HTTP server. +
++ An attacker could trigger the buffer overflow vulnerabilities by + enticing a user to load a specially crafted AVI file in xine. This + might result in the execution of arbitrary code with the rights of the + user running xine. Additionally, a remote HTTP server serving a xine + client a specially crafted reply could crash xine and possibly execute + arbitrary code. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r2"
+ + FFmpeg is a very fast video and audio converter. +
++ FFmpeg contains buffer overflows in the AVI processing code. +
++ An attacker could trigger the buffer overflows by enticing a user to + load a specially crafted AVI file in an application using the FFmpeg + library. This might result in the execution of arbitrary code in the + context of the running application. +
++ There is no known workaround at this time. +
++ All FFmpeg users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20060530"
+ + DokuWiki is a wiki targeted at developer teams, workgroups and small + companies. It does not use a database backend. +
++ "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR + HTTP header, allowing the injection of arbitrary contents - such as PHP + commands - into a file. Additionally, the accessory scripts installed + in the "bin" DokuWiki directory are vulnerable to directory traversal + attacks, allowing to copy and execute the previously injected code. +
++ A remote attacker may execute arbitrary PHP (and thus probably system) + commands with the permissions of the user running the process serving + DokuWiki pages. +
++ Disable remote access to the "bin" subdirectory of the DokuWiki + installation. Remove the directory if you don't use the scripts in + there. +
++ All DokuWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309d"
+ + ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +
++ Queries for SIG records will cause an assertion error if more than one + SIG RRset is returned. Additionally, an INSIST failure can be triggered + by sending multiple recursive queries if the response to the query + arrives after all the clients looking for the response have left the + recursion queue. +
++ An attacker having access to a recursive server can crash the server by + querying the SIG records where there are multiple SIG RRsets, or by + sending many recursive queries in a short time. The exposure can be + lowered by restricting the clients that can ask for recursion. An + attacker can also crash an authoritative server serving a DNSSEC zone + in which there are multiple SIG RRsets. +
++ There are no known workarounds at this time. +
++ All BIND 9.3 users should update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.3.2-r4"
+ + All BIND 9.2 users should update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.2.6-r4"
+ + Mailman is a Python based mailing list server with an extensive web + interface. +
++ Mailman fails to properly handle standards-breaking RFC 2231 formatted + headers. Furthermore, Moritz Naumann discovered several XSS + vulnerabilities and a log file injection. +
++ An attacker could exploit these vulnerabilities to cause Mailman to + stop processing mails, to inject content into the log file or to + execute arbitrary scripts running in the context of the administrator + or mailing list user's browser. +
++ There is no known workaround at this time. +
++ All Mailman users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.9_rc1"
+ + gzip, the GNU zip compression utility, is a free and patent + unencumbered replacement for the standard compress utility. +
++ Tavis Ormandy of the Google Security Team has reported multiple + vulnerabilities in gzip. A stack buffer modification vulnerability was + discovered in the LZH decompression code, where a pathological data + stream may result in the modification of stack data such as frame + pointer, return address or saved registers. A static buffer underflow + was discovered in the pack decompression support, allowing a specially + crafted pack archive to underflow a .bss buffer. A static buffer + overflow was uncovered in the LZH decompression code, allowing a data + stream consisting of pathological huffman codes to overflow a .bss + buffer. Multiple infinite loops were also uncovered in the LZH + decompression code. +
++ A remote attacker may create a specially crafted gzip archive, which + when decompressed by a user or automated system exectues arbitrary code + with the privileges of the user id invoking gzip. The infinite loops + may be abused by an attacker to disrupt any automated systems invoking + gzip to handle data decompression. +
++ There is no known workaround at this time. +
++ All gzip users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r9"
+ + ImageMagick is a free software suite to manipulate, convert, and create + many image formats. +
++ Tavis Ormandy of the Google Security Team discovered a stack and heap + buffer overflow in the GIMP XCF Image decoder and multiple heap and + integer overflows in the SUN bitmap decoder. Damian Put discovered a + heap overflow in the SGI image decoder. +
++ An attacker may be able to create a specially crafted image that, when + processed with ImageMagick, executes arbitrary code with the privileges + of the executing user. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.9.5"
+ + GnuTLS is an implementation of SSL 3.0 and TLS 1.0. +
++ verify.c fails to properly handle excess data in + digestAlgorithm.parameters field while generating a hash when using an + RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. +
++ Remote attackers could forge PKCS #1 v1.5 signatures that are signed + with an RSA key, preventing GnuTLS from correctly verifying X.509 and + other certificates that use PKCS. +
++ There is no known workaround at this time. +
++ All GnuTLS users should update both packages: +
+
+ # emerge --sync
+ # emerge --update --ask --verbose ">=net-libs/gnutls-1.4.4"
+ + Tikiwiki is a web-based groupware and content management system, + developed with PHP, ADOdb and Smarty. +
++ A vulnerability in jhot.php allows for an unrestricted file upload to + the img/wiki/ directory. Additionally, an XSS exists in the highlight + parameter of tiki-searchindex.php. +
++ An attacker could execute arbitrary code with the rights of the user + running the web server by uploading a file and executing it via a + filepath parameter. The XSS could be exploited to inject and execute + malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +
++ There is no known workaround at this time. +
++ All Tikiwiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --oneshot --verbose --ask ">=www-apps/tikiwiki-1.9.5"
+ + OpenSSH is a free suite of applications for the SSH protocol, developed + and maintained by the OpenBSD project. +
++ Tavis Ormandy of the Google Security Team discovered a Denial of + Service vulnerability in the SSH protocol version 1 CRC compensation + attack detector. +
++ A remote unauthenticated attacker may be able to trigger excessive CPU + usage by sending a pathological SSH message, denying service to other + legitimate users or processes. +
++ The system administrator may disable SSH protocol version 1 in + /etc/ssh/sshd_config. +
++ All OpenSSH users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.3_p2-r5"
+ + Opera is a multi-platform web browser. +
++ Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 + v1.5 RSA signatures signed by a key with exponent 3. Some CAs in + Opera's list of trusted signers are using root certificates with + exponent 3. +
++ An attacker could forge certificates which will appear valid and signed + by a trusted CA. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.02"
+ + Mozilla Firefox is a redesign of the Mozilla Navigator component. The + goal is to produce a cross-platform, stand-alone browser application. +
++ A number of vulnerabilities were found and fixed in Mozilla Firefox. + For details please consult the references below. +
++ The most severe vulnerability involves enticing a user to visit a + malicious website, crashing the browser and executing arbitrary code + with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.7"
+ + Users of the binary package should upgrade as well: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.7"
+ + DokuWiki is a wiki targeted at developer teams, workgroups and small + companies. It does not use a database backend. +
++ Input validation flaws have been discovered in the image handling of + fetch.php if ImageMagick is used, which is not the default method. +
++ A remote attacker could exploit the flaws to execute arbitrary shell + commands with the rights of the web server daemon or cause a Denial of + Service. +
++ There is no known workaround at this time. +
++ All DokuWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309e"
+ + The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail + component. +
++ A number of vulnerabilities have been found and fixed in Mozilla + Thunderbird. For details please consult the references below. +
++ The most severe vulnerabilities might lead to the execution of + arbitrary code with the rights of the user running the application. + Other vulnerabilities include program crashes and the acceptance of + forged certificates. +
++ There is no known workaround at this time. +
++ All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.7"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.7"
+ + The Adobe Flash Player is a renderer for Flash files - commonly used to + provide interactive websites, digital experiences and mobile content. +
++ The Adobe Flash Player contains multiple unspecified vulnerabilities. +
++ An attacker could entice a user to view a malicious Flash file and + execute arbitrary code with the rights of the user running the player. +
++ There is no known workaround at this time. +
++ All Adobe Flash Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-7.0.68"
+ + ncompress is a suite of utilities to create and extract + Lempel-Ziff-Welch (LZW) compressed archives. +
++ Tavis Ormandy of the Google Security Team discovered a static buffer + underflow in ncompress. +
++ An attacker could create a specially crafted LZW archive, that when + decompressed by a user or automated system would result in the + execution of arbitrary code with the permissions of the user invoking + the utility. +
++ There is no known workaround at this time. +
++ All ncompress users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.1"
+ + The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as 'Mozilla Application Suite'. +
++ A number of vulnerabilities have been found and fixed in Seamonkey. For + details please consult the references below. +
++ The most severe vulnerability involves enticing a user to visit a + malicious website, crashing the application and executing arbitrary + code with the rights of the user running Seamonkey. +
++ There is no known workaround at this time. +
++ All Seamonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.5"
+ + CAPI4Hylafax makes it possible to send and receive faxes via CAPI and + AVM Fritz!Cards. +
++ Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't + properly sanitize TSI strings when handling incoming calls. +
++ A remote attacker can send null (\0) and shell metacharacters in the + TSI string from an anonymous fax number, leading to the execution of + arbitrary code with the rights of the user running c2faxrecv. +
++ There is no known workaround at this time. +
++ All CAPI4Hylafax users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/capi4hylafax-01.03.00.99.300.3-r1"
+ + The Mozilla Network Security Service is a library implementing security + features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, + S/MIME and X.509 certificates. +
++ Daniel Bleichenbacher discovered that it might be possible to forge + signatures signed by RSA keys with the exponent of 3. This affects a + number of RSA signature implementations, including Mozilla's NSS. +
++ Since several Certificate Authorities (CAs) are using an exponent of 3 + it might be possible for an attacker to create a key with a false CA + signature. This impacts any software using the NSS library, like the + Mozilla products Firefox, Thunderbird and Seamonkey. +
++ There is no known workaround at this time. +
++ All NSS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3"
+ + Note: As usual after updating a library, you should run + 'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure + that all applications linked to it are properly rebuilt. +
++ Python is an interpreted, interactive, object-oriented, cross-platform + programming language. +
++ Benjamin C. Wiley Sittler discovered a buffer overflow in Python's + "repr()" function when handling UTF-32/UCS-4 encoded strings. +
++ If a Python application processes attacker-supplied data with the + "repr()" function, this could potentially lead to the execution of + arbitrary code with the privileges of the affected application or a + Denial of Service. +
++ There is no known workaround at this time. +
++ All Python users should update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.3-r4"
+ + Cscope is a developer's tool for browsing source code. +
++ Unchecked use of strcpy() and *scanf() leads to several buffer + overflows. +
++ A user could be enticed to open a carefully crafted file which would + allow the attacker to execute arbitrary code with the permissions of + the user running Cscope. +
++ There is no known workaround at this time. +
++ All Cscope users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5.20060927"
+ + libmusicbrainz is a client library used to access MusicBrainz music + meta data. +
++ Luigi Auriemma reported a possible buffer overflow in the + MBHttp::Download function of lib/http.cpp as well as several possible + buffer overflows in lib/rdfparse.c. +
++ A remote attacker could be able to execute arbitrary code or cause + Denial of Service by making use of an overly long "Location" header in + an HTTP redirect message from a malicious server or a long URL in + malicious RDF feeds. +
++ There is no known workaround at this time. +
++ All libmusicbrainz users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/musicbrainz-2.1.4"
+ + ClamAV is a GPL virus scanner. +
++ Damian Put and an anonymous researcher reported a potential heap-based + buffer overflow vulnerability in rebuildpe.c responsible for the + rebuilding of an unpacked PE file, and a possible crash in chmunpack.c + in the CHM unpacker. +
++ By sending a malicious attachment to a mail server running ClamAV, or + providing a malicious file to ClamAV through any other method, a remote + attacker could cause a Denial of Service and potentially the execution + of arbitrary code with the permissions of the user running ClamAV. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.5"
+ + OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. +
++ Tavis Ormandy and Will Drewry, both of the Google Security Team, + discovered that the SSL_get_shared_ciphers() function contains a buffer + overflow vulnerability, and that the SSLv2 client code contains a flaw + leading to a crash. Additionally Dr. Stephen N. Henson found that the + ASN.1 handler contains two Denial of Service vulnerabilities: while + parsing an invalid ASN.1 structure and while handling certain types of + public key. +
++ An attacker could trigger the buffer overflow vulnerability by sending + a malicious suite of ciphers to an application using the vulnerable + function, and thus execute arbitrary code with the rights of the user + running the application. An attacker could also consume CPU and/or + memory by exploiting the Denial of Service vulnerabilities. Finally a + malicious server could crash a SSLv2 client through the SSLv2 + vulnerability. +
++ There is no known workaround at this time. +
++ All OpenSSL 0.9.8 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
+ + All OpenSSL 0.9.7 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
+ + Apache mod_tcl is a TCL interpreting module for the Apache 2.x web + server. +
++ Sparfell discovered format string errors in calls to the set_var + function in tcl_cmds.c and tcl_core.c. +
++ A remote attacker could exploit the vulnerability to execute arbitrary + code with the rights of the user running the Apache server. +
++ There is no known workaround at this time. +
++ All mod_tcl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_tcl-1.0.1"
+ + Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music + tracker for the CT, IT, XM and S3M file formats. +
++ Luigi Auriemma reported that the XM loader of Cheese Tracker contains a + buffer overflow vulnerability in the + loader_XM::load_intrument_internal() function from + loaders/loader_xm.cpp. +
++ An attacker could execute arbitrary code with the rights of the user + running Cheese Tracker by enticing a user to load a crafted file with + large amount of extra data. +
++ There is no known workaround at this time. +
++ All Cheese Tracker users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/cheesetracker-0.9.9-r1"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ A flaw in the PHP memory handling routines allows an unserialize() call + to be executed on non-allocated memory due to a previous integer + overflow. +
++ An attacker could execute arbitrary code with the rights of the web + server user or the user running a vulnerable PHP script. +
++ There is no known workaround at this time. +
++ All PHP 5.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.6-r6"
+ + All PHP 4.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.4-r6"
+ + Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +
++ Asterisk contains buffer overflows in channels/chan_mgcp.c from the + MGCP driver and in channels/chan_skinny.c from the Skinny channel + driver for Cisco SCCP phones. It also dangerously handles + client-controlled variables to determine filenames in the Record() + function. Finally, the SIP channel driver in channels/chan_sip.c could + use more resources than necessary under unspecified circumstances. +
++ A remote attacker could execute arbitrary code by sending a crafted + audit endpoint (AUEP) response, by sending an overly large Skinny + packet even before authentication, or by making use of format strings + specifiers through the client-controlled variables. An attacker could + also cause a Denial of Service by resource consumption through the SIP + channel driver. +
++ There is no known workaround for the format strings vulnerability at + this time. You can comment the lines in /etc/asterisk/mgcp.conf, + /etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the + three vulnerable channel drivers. Please note that the MGCP channel + driver is disabled by default. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.13"
+ + Screen is a full-screen window manager that multiplexes a physical + terminal between several processes, typically interactive shells. +
++ cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining + character handling. +
++ The vulnerability can be exploited by writing a special string of + characters to a Screen window. A remote attacker could cause a Denial + of Service or possibly execute arbitrary code with the privileges of + the user running Screen through a program being run inside a Screen + session, such as an IRC client or a mail client. +
++ There is no known workaround at this time. +
++ All Screen users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/screen-4.0.3"
+ + Qt is a cross-platform GUI toolkit, which is used e.g. by KDE. +
++ An integer overflow flaw has been found in the pixmap handling of Qt. +
++ By enticing a user to open a specially crafted pixmap image in an + application using Qt, e.g. Konqueror, a remote attacker could be able + to cause an application crash or the execution of arbitrary code with + the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All Qt 3.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.6-r4"
+ + All Qt 4.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/qt-4.1.4-r2"
+ + The NVIDIA binary graphics driver from NVIDIA Corporation provides the + kernel module and the GL modules for graphic acceleration on the NVIDIA + based graphic cards. +
++ Rapid7 reported a boundary error in the NVIDIA binary graphics driver + that leads to a buffer overflow in the accelerated rendering + functionality. +
++ An X client could trigger the buffer overflow with a maliciously + crafted series of glyphs. A remote attacker could also entice a user to + open a specially crafted web page, document or X client that will + trigger the buffer overflow. This could result in the execution of + arbitrary code with root privileges or at least in the crash of the X + server. +
++ Disable the accelerated rendering functionality in the Device section + of xorg.conf : +
+Option "RenderAccel" "false"
+ + NVIDIA binary graphics driver users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-1.0.8776"
+ + Bugzilla is a bug tracking system used to allow developers to more + easily track outstanding bugs in products. +
++ The vulnerabilities identified in Bugzilla are as follows: +
++ An attacker could inject scripts into the content loaded by a user's + browser in order to have those scripts executed in a user's browser in + the context of the site currently being viewed. This could include + gaining access to privileged session information for the site being + viewed. Additionally, a user could forge an HTTP request in order to + create, modify, or delete bugs within a Bugzilla instance. Lastly, an + unauthorized user could view sensitive information about bugs or bug + attachments. +
++ There is no known workaround at this time. +
++ All Bugzilla users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.6"
+ + net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. +
++ Paul Szabo reported that an incorrect seteuid() call after the chdir() + function can allow an attacker to access a normally forbidden + directory, in some very particular circumstances, for example when the + NFS-hosted targetted directory is not reachable by the client-side root + user. Additionally, some potentially exploitable unchecked setuid() + calls were also fixed. +
++ A local attacker might craft his home directory to gain access through + ftpd to normally forbidden directories like /root, possibly with + writing permissions if seteuid() fails and if the ftpd configuration + allows that. The unchecked setuid() calls could also lead to a root FTP + login, depending on the FTP server configuration. +
++ There is no known workaround at this time. +
++ All Netkit FTP Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r4"
+ + OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 + implementation and includes sftp client and server support. +
++ Tavis Ormandy of the Google Security Team has discovered a + pre-authentication vulnerability, causing sshd to spin until the login + grace time has been expired. Mark Dowd found an unsafe signal handler + that was vulnerable to a race condition. It has also been discovered + that when GSSAPI authentication is enabled, GSSAPI will in certain + cases incorrectly abort. +
++ The pre-authentication and signal handler vulnerabilities can cause a + Denial of Service in OpenSSH. The vulnerability in the GSSAPI + authentication abort could be used to determine the validity of + usernames on some platforms. +
++ There is no known workaround at this time. +
++ All OpenSSH users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.4_p1-r5"
+ + GraphicsMagick is a collection of tools and libraries which support + reading, writing, and manipulating images in many major formats. +
++ M. Joonas Pihlaja has reported that a boundary error exists within the + ReadDCMImage() function of coders/dcm.c, causing the improper handling + of DCM images. Pihlaja also reported that there are several boundary + errors in the ReadPALMImage() function of coders/palm.c, similarly + causing the improper handling of PALM images. +
++ An attacker could entice a user to open a specially crafted DCM or PALM + image with GraphicsMagick, and possibly execute arbitrary code with the + privileges of the user running GraphicsMagick. +
++ There is no known workaround at this time. +
++ All GraphicsMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.7-r3"
+ + The Red Hat Package Manager (RPM) is a command line driven package + management system capable of installing, uninstalling, verifying, + querying, and updating computer software packages. +
++ Vladimir Mosgalin has reported that when processing certain packages, + RPM incorrectly allocates memory for the packages, possibly causing a + heap-based buffer overflow. +
++ An attacker could entice a user to open a specially crafted RPM package + and execute code with the privileges of that user if certain locales + are set. +
++ There is no known workaround at this time. +
++ All RPM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.4.6-r3"
+ + libpng is a free ANSI C library used to process and manipulate PNG + images. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a + vulnerability exists in the sPLT chunk handling code of libpng, a large + sPLT chunk may cause an application to attempt to read out of bounds. +
++ A remote attacker could craft an image that when processed or viewed by + an application using libpng causes the application to terminate + abnormally. +
++ There is no known workaround at this time. +
++ All libpng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.13"
+ + WordPress is a PHP and MySQL based multiuser blogging system. +
++ "random" discovered that users can enter serialized objects as strings + in their profiles that will be harmful when unserialized. "adapter" + found out that user-edit.php fails to effectively deny non-permitted + users access to other user's metadata. Additionally, a directory + traversal vulnerability in the wp-db-backup module was discovered. +
++ By entering specially crafted strings in his profile, an attacker can + crash PHP or even the web server running WordPress. Additionally, by + crafting a simple URL, an attacker can read metadata of any other user, + regardless of their own permissions. A user with the permission to use + the database backup plugin can possibly overwrite files he otherwise + has no access to. +
++ There is no known workaround at this time. +
++ All WordPress users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.5"
+ + TikiWiki is an open source content management system written in PHP. +
++ In numerous files TikiWiki provides an empty sort_mode parameter, + causing TikiWiki to display additional information, including database + authentication credentials, in certain error messages. TikiWiki also + improperly sanitizes the "url" request variable sent to + tiki-featured_link.php. +
++ An attacker could cause a database error in various pages of a TikiWiki + instance by providing an empty sort_mode request variable, and gain + unauthorized access to credentials of the MySQL databases used by + TikiWiki. An attacker could also entice a user to browse to a specially + crafted URL that could run scripts in the scope of the user's browser. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.6"
+ + Ruby is a dynamic, open source programming language with a focus on + simplicity and productivity. +
++ Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported + that the CGI library shipped with Ruby is vulnerable to a remote Denial + of Service by an unauthenticated user. +
++ The vulnerability can be exploited by sending the cgi.rb library an + HTTP request with multipart MIME encoding that contains a malformed + MIME boundary specifier beginning with "-" instead of "--". Successful + exploitation of the vulnerability causes the library to go into an + infinite loop waiting for additional nonexistent input. +
++ There is no known workaround at this time. +
++ All Ruby users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.5-r3"
+ + Avahi is a system that facilitates service discovery on a local + network. +
++ Avahi does not check that the netlink messages come from the kernel + instead of a user-space process. +
++ A local attacker could exploit this vulnerability by crafting malicious + netlink messages and trick Avahi to react to fake network changes. This + could lead users to connect to untrusted services without knowing. +
++ There is no known workaround at this time. +
++ All Avahi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.15"
+ + TORQUE is a resource manager providing control over batch jobs and + distributed compute nodes. +
++ TORQUE creates temporary files with predictable names. Please note that + the TORQUE package shipped in Gentoo Portage is not vulnerable in the + default configuration. Only systems with more permissive access rights + to the spool directory are vulnerable. +
++ A local attacker could create links in the temporary file directory, + pointing to a valid file somewhere on the filesystem. This could lead + to the execution of arbitrary code with elevated privileges. +
++ Ensure that untrusted users don't have write access to the spool + directory. +
++ All TORQUE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/torque-2.1.6"
+ + qmailAdmin is a free software package that provides a web interface for + managing a qmail system with virtual domains. +
++ qmailAdmin fails to properly handle the "PATH_INFO" variable in + qmailadmin.c. The PATH_INFO is a standard CGI environment variable + filled with user supplied data. +
++ A remote attacker could exploit this vulnerability by sending + qmailAdmin a maliciously crafted URL that could lead to the execution + of arbitrary code with the permissions of the user running qmailAdmin. +
++ There is no known workaround at this time. +
++ All qmailAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/qmailadmin-1.2.10"
+ + Texinfo is the official documentation system of the GNU project. +
++ Miloslav Trmac from Red Hat discovered a buffer overflow in the + "readline()" function of texindex.c. The "readline()" function is + called by the texi2dvi and texindex commands. +
++ By enticing a user to open a specially crafted Texinfo file, an + attacker could execute arbitrary code with the rights of the user + running Texinfo. +
++ There is no known workaround at this time. +
++ All Texinfo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/texinfo-4.8-r5"
+ + fvwm is a highly configurable virtual window manager for X11 desktops. + fvwm-menu-directory allows fvwm users to browse directories from within + fvwm. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + fvwm-menu-directory does not sufficiently sanitise directory names + prior to generating menus. +
++ A local attacker who can convince an fvwm-menu-directory user to browse + a directory they control could cause fvwm commands to be executed with + the privileges of the fvwm user. Fvwm commands can be used to execute + arbitrary shell commands. +
++ There is no known workaround at this time. +
++ All fvwm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-wm/fvwm-2.5.18-r1"
+ + TIN is a threaded NNTP and spool based UseNet newsreader for a variety + of platforms. +
++ Urs Janssen and Aleksey Salow have reported multiple buffer overflows + in TIN. Additionally, the OpenPKG project has reported an allocation + off-by-one flaw which can lead to a buffer overflow. +
++ An attacker could entice a TIN user to read a specially crafted news + article, and execute arbitrary code with the rights of the user running + TIN. +
++ There is no known workaround at this time. +
++ All TIN users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nntp/tin-1.8.2"
+ + ImageMagick is a software suite to create, edit, and compose bitmap + images, that can also read, write, and convert images in many other + formats. +
++ M. Joonas Pihlaja has reported that a boundary error exists within the + ReadDCMImage() function of coders/dcm.c, causing the improper handling + of DCM images. Pihlaja also reported that there are several boundary + errors in the ReadPALMImage() function of coders/palm.c, similarly + causing the improper handling of PALM images. +
++ An attacker could entice a user to open a specially crafted DCM or PALM + image with ImageMagick, and possibly execute arbitrary code with the + privileges of the user running ImageMagick. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.0.5"
+ + GNU gv is a viewer for PostScript and PDF documents. +
++ GNU gv does not properly boundary check user-supplied data before + copying it into process buffers. +
++ An attacker could entice a user to open a specially crafted document + with GNU gv and execute arbitrary code with the rights of the user on + the system. +
++ There is no known workaround at this time. +
++ All gv users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gv-3.6.2-r1"
+ + Kile is a TeX/LaTeX editor for KDE. +
++ Kile fails to set the same permissions on backup files as on the + original file. This is similar to CVE-2005-1920. +
++ A kile user may inadvertently grant access to sensitive information. +
++ There is no known workaround at this time. +
++ All Kile users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/kile-1.9.2-r1"
+ + Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and + IMAP filter rules. +
++ Ingo H3 fails to properly escape shell metacharacters in procmail + rules. +
++ A remote authenticated attacker could craft a malicious rule which + could lead to the execution of arbitrary shell commands on the server. +
++ Don't use procmail with Ingo H3. +
++ All Ingo H3 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-ingo-1.1.2"
+ + Mono provides the necessary software to develop and run .NET client and + server applications. +
++ Sebastian Krahmer of the SuSE Security Team discovered that the + System.CodeDom.Compiler classes of Mono create temporary files with + insecure permissions. +
++ A local attacker could create links in the temporary file directory, + pointing to a valid file somewhere on the filesystem. When an affected + class is called, this could result in the file being overwritten with + the rights of the user running the script. +
++ There is no known workaround at this time. +
++ All Mono users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/mono-1.1.13.8.1"
+ + LHa is a console-based program for packing and unpacking LHarc + archives. +
++ Tavis Ormandy of the Google Security Team discovered several + vulnerabilities in the LZH decompression component used by LHa. The + make_table function of unlzh.c contains an array index error and a + buffer overflow vulnerability. The build_tree function of unpack.c + contains a buffer underflow vulnerability. Additionally, unlzh.c + contains a code that could run in an infinite loop. +
++ By enticing a user to uncompress a specially crafted archive, a remote + attacker could cause a Denial of Service by CPU consumption or execute + arbitrary code with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All LHa users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/lha-114i-r6"
+ + OpenLDAP is a suite of LDAP-related applications and development tools. +
++ Evgeny Legerov has discovered that the truncation of an incoming + authcid longer than 255 characters and ending with a space as the 255th + character will lead to an improperly computed name length. This will + trigger an assert in the libldap code. +
++ By sending a BIND request with a specially crafted authcid parameter to + an OpenLDAP service, a remote attacker can cause the service to crash. +
++ There is no known workaround at this time. +
++ All OpenLDAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "net-nds/openldap"
+ + ProFTPD is a highly-configurable FTP server. +
++ Evgeny Legerov discovered a stack-based buffer overflow in the + s_replace() function in support.c, as well as a buffer overflow in in + the mod_tls module. Additionally, an off-by-two error related to the + CommandBufferSize configuration directive was reported. +
++ An authenticated attacker could exploit the s_replace() vulnerability + by uploading a crafted .message file or sending specially crafted + commands to the server, possibly resulting in the execution of + arbitrary code with the rights of the user running ProFTPD. An + unauthenticated attacker could send specially crafted data to the + server with mod_tls enabled which could result in the execution of + arbitrary code with the rights of the user running ProFTPD. Finally, + the off-by-two error related to the CommandBufferSize configuration + directive was fixed - exploitability of this error is disputed. Note + that the default configuration on Gentoo is to run ProFTPD as an + unprivileged user, and has mod_tls disabled. +
++ There is no known workaround at this time. +
++ All ProFTPD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.0a"
+ + wv is a library for conversion of MS Word DOC and RTF files. +
++ The wv library fails to do proper arithmetic checks in multiple places, + possibly leading to integer overflows. +
++ An attacker could craft a malicious file that, when handled with the wv + library, could lead to the execution of arbitrary code with the + permissions of the user running the application. +
++ There is no known workaround at this time. +
++ All wv library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/wv-1.2.3-r1"
+ + xine is a portable and reusable multimedia playback engine. xine-lib is + xine's core engine. +
++ A possible buffer overflow has been reported in the Real Media input + plugin. +
++ An attacker could exploit this vulnerability by enticing a user into + loading a specially crafted stream with xine or an application using + xine-lib. This can lead to a Denial of Service and possibly the + execution of arbitrary code with the rights of the user running the + application. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r3"
+ + The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite + of cryptographic software. +
++ Hugh Warrington has reported a boundary error in GnuPG, in the + "ask_outfile_name()" function from openfile.c: the + make_printable_string() function could return a string longer than + expected. Additionally, Tavis Ormandy of the Gentoo Security Team + reported a design error in which a function pointer can be incorrectly + dereferenced. +
++ A remote attacker could entice a user to interactively use GnuPG on a + crafted file and trigger the boundary error, which will result in a + buffer overflow. They could also entice a user to process a signed or + encrypted file with gpg or gpgv, possibly called through another + application like a mail client, to trigger the dereference error. Both + of these vulnerabilities would result in the execution of arbitrary + code with the permissions of the user running GnuPG. gpg-agent, gpgsm + and other tools are not affected. +
++ There is no known workaround at this time. +
++ All GnuPG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*"
+ + ModPlug is a library for playing MOD-like music. +
++ Luigi Auriemma has reported various boundary errors in load_it.cpp and + a boundary error in the "CSoundFile::ReadSample()" function in + sndfile.cpp. +
++ A remote attacker can entice a user to read crafted modules or ITP + files, which may trigger a buffer overflow resulting in the execution + of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All ModPlug users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8-r1"
+ + KOffice is an integrated office suite for KDE. koffice-libs is a + package containing shared librares used by KOffice programs. +
++ Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot()' in + klaola.cc fills 'num_of_bbd_blocks' while reading a .ppt (PowerPoint) + file without proper sanitizing, resulting in an integer overflow + subsequently overwriting the heap with parts of the file being read. +
++ By enticing a user to open a specially crafted PowerPoint file, an + attacker could crash the application and possibly execute arbitrary + code with the rights of the user running KOffice. +
++ There is no known workaround at this time. +
++ All koffice-libs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/koffice-libs-1.5.0"
+ + Mozilla Thunderbird is a popular open-source email client from the + Mozilla Project. +
++ It has been identified that Mozilla Thunderbird improperly handles + Script objects while they are being executed, allowing them to be + modified during execution. JavaScript is disabled in Mozilla + Thunderbird by default. Mozilla Thunderbird has also been found to be + vulnerable to various potential buffer overflows. Lastly, the binary + release of Mozilla Thunderbird is vulnerable to a low exponent RSA + signature forgery issue because it is bundled with a vulnerable version + of NSS. +
++ An attacker could entice a user to view a specially crafted email that + causes a buffer overflow and again executes arbitrary code or causes a + Denial of Service. An attacker could also entice a user to view an + email containing specially crafted JavaScript and execute arbitrary + code with the rights of the user running Mozilla Thunderbird. It is + important to note that JavaScript is off by default in Mozilla + Thunderbird, and enabling it is strongly discouraged. It is also + possible for an attacker to create SSL/TLS or email certificates that + would not be detected as invalid by the binary release of Mozilla + Thunderbird, raising the possibility for Man-in-the-Middle attacks. +
++ There is no known workaround at this time. +
++ Users upgrading to the following releases of Mozilla Thunderbird should + note that this version of Mozilla Thunderbird has been found to not + display certain messages in some cases. +
+
+
+
All Mozilla Thunderbird users should upgrade to the
+ latest version:
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.8"
+ + All Mozilla Thunderbird binary release users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.8"
+ + Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
++ Mozilla Firefox improperly handles Script objects while they are being + executed. Mozilla Firefox has also been found to be vulnerable to + various possible buffer overflows. Lastly, the binary release of + Mozilla Firefox is vulnerable to a low exponent RSA signature forgery + issue because it is bundled with a vulnerable version of NSS. +
++ An attacker could entice a user to view specially crafted JavaScript + and execute arbitrary code with the rights of the user running Mozilla + Firefox. An attacker could also entice a user to view a specially + crafted web page that causes a buffer overflow and again executes + arbitrary code. It is also possible for an attacker to make up SSL/TLS + certificates that would not be detected as invalid by the binary + release of Mozilla Firefox, raising the possibility for + Man-in-the-Middle attacks. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.8"
+ + All Mozilla Firefox binary release users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.8"
+ + The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as 'Mozilla Application Suite'. +
++ The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode + execution and arbitrary code execution. +
++ An attacker could entice a user to load malicious JavaScript or a + malicious web page with a SeaMonkey application and execute arbitrary + code with the rights of the user running those products. It is + important to note that in the SeaMonkey email client, JavaScript is + disabled by default. +
++ There is no known workaround at this time. +
++ All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.6"
+ + MadWifi (Multiband Atheros Driver for Wireless Fidelity) provides a + Linux kernel device driver for Atheros-based Wireless LAN devices. +
++ Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer + overflow in the encode_ie() and the giwscan_cb() functions from + ieee80211_wireless.c. +
++ A remote attacker could send specially crafted wireless WPA packets + containing malicious RSN Information Headers (IE) that could + potentially lead to the remote execution of arbitrary code as the root + user. +
++ There is no known workaround at this time. +
++ All MadWifi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.2.1"
+ + The Tar program provides the ability to create and manipulate tar + archives. +
++ Tar does not properly extract archive elements using the GNUTYPE_NAMES + record name, allowing files to be created at arbitrary locations using + symlinks. Once a symlink is extracted, files after the symlink in the + archive will be extracted to the destination of the symlink. +
++ An attacker could entice a user to extract a specially crafted tar + archive, possibly allowing for the overwriting of arbitrary files on + the system extracting the archive. +
++ There is no known workaround at this time. +
++ All Tar users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/tar-1.16-r2"
+ + OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. + The x86 emulation base libraries for AMD64 contain a vulnerable version + of OpenSSL. +
++ Tavis Ormandy and Will Drewry, both of the Google Security Team, + discovered that the SSL_get_shared_ciphers() function contains a buffer + overflow vulnerability, and that the SSLv2 client code contains a flaw + leading to a crash. Additionally, Dr. Stephen N. Henson found that the + ASN.1 handler contains two Denial of Service vulnerabilities: while + parsing an invalid ASN.1 structure and while handling certain types of + public key. +
++ An attacker could trigger the buffer overflow by sending a malicious + suite of ciphers to an application using the vulnerable function, and + thus execute arbitrary code with the rights of the user running the + application. An attacker could also consume CPU and/or memory by + exploiting the Denial of Service vulnerabilities. Finally, a malicious + server could crash a SSLv2 client through the SSLv2 vulnerability. +
++ There is no known workaround at this time. +
++ All AMD64 x86 emulation base libraries users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.5"
+ + F-Prot Antivirus is a FRISK Software antivirus program that can used + with procmail. +
++ F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an + infinite loop, and other unspecified vulnerabilities. +
++ Among other weaker impacts, a remote attacker could send an e-mail + containing a malicious file that would trigger the buffer overflow + vulnerability and execute arbitrary code with the privileges of the + user running F-Prot, which may be the root user. +
++ There is no known workaround at this time. +
++ All F-Prot users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/f-prot-4.6.7"
+ + The GNOME Structured File Library is an I/O library that can read and + write common file types and handle structured formats that provide + file-system-in-a-file semantics. +
++ "infamous41md" has discovered that the "ole_init_info" function may + allocate too little memory for storing the contents of an OLE document, + resulting in a heap buffer overflow. +
++ An attacker could entice a user to open a specially crafted OLE + document, and possibly execute arbitrary code with the rights of the + user opening the document. +
++ There is no known workaround at this time. +
++ All libgsf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/libgsf-1.14.2"
+ + Trac is a wiki and issue tracking system for software development + projects. +
++ Trac allows users to perform certain tasks via HTTP requests without + performing correct validation on those requests. +
++ An attacker could entice an authenticated user to browse to a specially + crafted URL, allowing the attacker to execute actions in the Trac + instance as if they were the user. +
++ There is no known workaround at this time. +
++ All Trac users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/trac-0.10.1"
+ + McAfee VirusScan for Linux is a commercial antivirus solution for + Linux. +
++ Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was + distributed with an insecure DT_RPATH which included the current + working directory, rather than $ORIGIN which was probably intended. +
++ An attacker could entice a VirusScan user to scan an arbitrary file and + execute arbitrary code with the privileges of the VirusScan user by + tricking the dynamic loader into loading an untrusted ELF DSO. An + automated system, such as a mail scanner, may be subverted to execute + arbitrary code with the privileges of the process invoking VirusScan. +
++ Do not scan files or execute VirusScan from an untrusted working + directory. +
++ As VirusScan verifies that it has not been modified before executing, + it is not possible to correct the DT_RPATH. Furthermore, this would + violate the license that VirusScan is distributed under. For this + reason, the package has been masked in Portage pending the resolution + of this issue. +
+
+ # emerge --ask --verbose --unmerge "app-antivirus/vlnx"
+ + Links is a web browser running in both graphics and text modes. +
++ Teemu Salmela discovered that Links does not properly validate "smb://" + URLs when it runs smbclient commands. +
++ A remote attacker could entice a user to browse to a specially crafted + "smb://" URL and execute arbitrary Samba commands, which would allow + the overwriting of arbitrary local files or the upload or the download + of arbitrary files. This vulnerability can be exploited only if + "smbclient" is installed on the victim's computer, which is provided by + the "samba" Gentoo package. +
++ There is no known workaround at this time. +
++ All Links users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/links-2.1_pre26"
+ + GNU Radius is a GNU version of Radius, a server for remote user + authentication and accounting. +
++ A format string vulnerability was found in the sqllog function from the + SQL accounting code for radiusd. That function is only used if one or + more of the "postgresql", "mysql" or "odbc" USE flags are enabled, + which is not the default, except for the "server" 2006.1 and 2007.0 + profiles which enable the "mysql" USE flag. +
++ An unauthenticated remote attacker could execute arbitrary code with + the privileges of the user running radiusd, which may be the root user. + It is important to note that there is no default GNU Radius user for + Gentoo systems because no init script is provided with the package. +
++ There is no known workaround at this time. +
++ All GNU Radius users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/gnuradius-1.4"
+ + ClamAV is a GPL virus scanner. +
++ Hendrik Weimer discovered that ClamAV fails to properly handle deeply + nested MIME multipart/mixed content. +
++ By sending a specially crafted email with deeply nested MIME + multipart/mixed content an attacker could cause ClamAV to crash. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.7"
+ + pam_ldap is a Pluggable Authentication Module which allows + authentication against LDAP directories. +
++ Steve Rigler discovered that pam_ldap does not correctly handle + "PasswordPolicyResponse" control responses from an LDAP directory. This + causes the pam_authenticate() function to always succeed, even if the + previous authentication failed. +
++ A locked user may exploit this vulnerability to bypass the LDAP + authentication mechanism, possibly gaining unauthorized access to the + system. +
++ There is no known workaround at this time. +
++ All pam_ldap users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-183"
+ + imlib2 is an advanced replacement for image manipulation libraries such + as libXpm. It is utilized by numerous programs, including gkrellm and + several window managers, to display images. +
++ M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c, + loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c, + loader_pnm.c and an out-of-bounds memory read access in loader_tga.c. +
++ An attacker can entice a user to process a specially crafted JPG, ARGB, + PNG, LBM, PNM, TIFF, or TGA image with an "imlib2*" binary or another + application using the imlib2 libraries. Successful exploitation of the + buffer overflows causes the execution of arbitrary code with the + permissions of the user running the application. +
++ There is no known workaround at this time. +
++ All imlib2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.3.0"
+ + Ruby is a dynamic, open source programming language with a focus on + simplicity and productivity. +
++ The read_multipart function of the CGI library shipped with Ruby + (cgi.rb) does not properly check boundaries in MIME multipart content. + This is a different issue than GLSA 200611-12. +
++ The vulnerability can be exploited by sending the cgi.rb library a + crafted HTTP request with multipart MIME encoding that contains a + malformed MIME boundary specifier. Successful exploitation of the + vulnerability causes the library to go into an infinite loop. +
++ There is no known workaround at this time. +
++ All Ruby users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.5_p2"
+ + DenyHosts is designed to monitor SSH servers for repeated failed login + attempts. +
++ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + DenyHosts used an incomplete regular expression to parse failed login + attempts. +
++ A remote unauthenticated attacker can add arbitrary hosts to the + blacklist by attempting to login with a specially crafted username. An + attacker may use this to prevent legitimate users from accessing a host + remotely. +
++ There is no known workaround at this time. +
++ All DenyHosts users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6"
+ + Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
++ An anonymous researcher found evidence of memory corruption in the way + Mozilla Firefox handles certain types of SVG comment DOM nodes. + Additionally, Frederik Reiss discovered a heap-based buffer overflow in + the conversion of a CSS cursor. Other issues with memory corruption + were also fixed. Mozilla Firefox also contains less severe + vulnerabilities involving JavaScript and Java. +
++ An attacker could entice a user to view a specially crafted web page + that will trigger one of the vulnerabilities, possibly leading to the + execution of arbitrary code. It is also possible for an attacker to + perform cross-site scripting attacks, leading to the exposure of + sensitive information, like user credentials. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.9"
+ + All Mozilla Firefox binary release users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.9"
+ + Mozilla Thunderbird is a popular open-source email client from the + Mozilla Project. +
++ Georgi Guninski and David Bienvenu discovered buffer overflows in the + processing of long "Content-Type:" and long non-ASCII MIME headers. + Additionally, Frederik Reiss discovered a heap-based buffer overflow in + the conversion of a CSS cursor. Different vulnerabilities involving + memory corruption in the browser engine were also fixed. Mozilla + Thunderbird also contains less severe vulnerabilities involving + JavaScript and Java. +
++ An attacker could entice a user to view a specially crafted email that + will trigger one of these vulnerabilities, possibly leading to the + execution of arbitrary code. An attacker could also perform cross-site + scripting attacks, leading to the exposure of sensitive information, + like user credentials. Note that the execution of JavaScript or Java + applets is disabled by default and enabling it is strongly discouraged. +
++ There are no known workarounds for all the issues at this time. +
++ All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.9"
+ + All Mozilla Thunderbird binary release users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.9"
+ + The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as the 'Mozilla Application Suite'. +
++ An anonymous researcher found evidence of memory corruption in the way + SeaMonkey handles certain types of SVG comment DOM nodes. Georgi + Guninski and David Bienvenu discovered buffer overflows in the + processing of long "Content-Type:" and long non-ASCII MIME email + headers. Additionally, Frederik Reiss discovered a heap-based buffer + overflow in the conversion of a CSS cursor. Several other issues with + memory corruption were also fixed. SeaMonkey also contains less severe + vulnerabilities involving JavaScript and Java. +
++ An attacker could entice a user to load malicious JavaScript or a + malicious web page with a SeaMonkey application, possibly leading to + the execution of arbitrary code with the rights of the user running + those products. An attacker could also perform cross-site scripting + attacks, leading to the exposure of sensitive information, like user + credentials. Note that the execution of JavaScript or Java applets is + disabled by default in the SeaMonkey email client, and enabling it is + strongly discouraged. +
++ There are no known workarounds for all the issues at this time. +
++ All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.7"
+ + The KDE kfile-info JPEG plugin provides meta-information about JPEG + files. +
++ Marcus Meissner of the SUSE security team discovered a stack overflow + vulnerability in the code processing EXIF information in the kfile JPEG + info plugin. +
++ A remote attacker could entice a user to view a specially crafted JPEG + image with a KDE application like Konqueror or digiKam, leading to a + Denial of Service by an infinite recursion. +
++ There is no known workaround at this time. +
++ All KDE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-kfile-plugins-3.5.5-r1"
+ + w3m is a multi-platform text-based web browser. +
++ w3m in -dump or -backend mode does not correctly handle printf() format + string specifiers in the Common Name (CN) field of an X.509 SSL + certificate. +
++ An attacker could entice a user to visit a malicious website that would + load a specially crafted X.509 SSL certificate containing "%n" or other + format string specifiers, possibly resulting in the execution of + arbitrary code with the rights of the user running w3m. +
++ There is no known workaround at this time. +
++ All w3m users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/w3m-0.5.1-r4"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ John Heasman of NGSSoftware has discovered integer overflows in the + EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within + the handling of META_ESCAPE records. +
++ An attacker could exploit these vulnerabilities to cause heap overflows + and potentially execute arbitrary code with the privileges of the user + running OpenOffice.org by enticing the user to open a document + containing a malicious WMF/EMF file. +
++ There is no known workaround known at this time. +
++ All OpenOffice.org binary users should update to version 2.1.0 or + later: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.1.0"
+ + All OpenOffice.org users should update to version 2.0.4 or later: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.4"
+ + Opera is a multi-platform web browser. +
++ Christoph Deal discovered that JPEG files with a specially crafted DHT + marker can be exploited to cause a heap overflow. Furthermore, an + anonymous person discovered that Opera does not correctly handle + objects passed to the "createSVGTransformFromMatrix()" function. +
++ An attacker could potentially exploit the vulnerabilities to execute + arbitrary code with the privileges of the user running Opera by + enticing a victim to open a specially crafted JPEG file or a website + containing malicious JavaScript code. +
++ The vendor recommends disabling JavaScript to avoid the + "createSVGTransformFromMatrix" vulnerability. There is no known + workaround for the other vulnerability. +
++ All Opera users should update to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.10"
+ + oftpd is a small, anonymous only ftp daemon. +
++ By specifying an unsupported address family in the arguments to a LPRT + or LPASV command, an assertion in oftpd will cause the daemon to abort. +
++ Remote, unauthenticated attackers may be able to terminate any oftpd + process, denying service to legitimate users. +
++ There is no known workaround at this time. +
++ All oftpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/oftpd-0.3.7-r3"
+ + WordPress is a popular personal publishing platform with a web + interface. +
++ When decoding trackbacks with alternate character sets, WordPress does + not correctly sanitize the entries before further modifying a SQL + query. WordPress also displays different error messages in wp-login.php + based upon whether or not a user exists. David Kierznowski has + discovered that WordPress fails to properly sanitize recent file + information in /wp-admin/templates.php before sending that information + to a browser. +
++ An attacker could inject arbitrary SQL into WordPress database queries. + An attacker could also determine if a WordPress user existed by trying + to login as that user, better facilitating brute force attacks. Lastly, + an attacker authenticated to view the administrative section of a + WordPress instance could try to edit a file with a malicious filename; + this may cause arbitrary HTML or JavaScript to be executed in users' + browsers viewing /wp-admin/templates.php. +
++ There is no known workaround at this time. +
++ All WordPress users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.6"
+ + Kronolith is a web-based calendar which relies on the Horde Framework + for integration with other applications. +
++ Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered + string is used instead of a sanitized string to view local files. +
++ An authenticated attacker could craft an HTTP GET request that uses + directory traversal techniques to execute any file on the web server as + PHP code, which could allow information disclosure or arbitrary code + execution with the rights of the user running the PHP application + (usually the webserver user). +
++ There is no known workaround at this time. +
++ All horde-kronolith users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-2.1.4"
+ + Mono provides the necessary software to develop and run .NET client and + server applications on various platforms. +
++ Jose Ramon Palanco has discovered that the System.Web class in the XSP + for the ASP.NET server 1.1 through 2.0 in Mono does not properly + validate or sanitize local pathnames which could allow server-side file + content disclosure. +
++ An attacker could append a space character to a URI and obtain + unauthorized access to the source code of server-side files. An + attacker could also read credentials by requesting Web.Config%20 from a + Mono server. +
++ There is no known workaround at this time. +
++ All Mono users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/mono-1.2.2.1"
+ + Fetchmail is a remote mail retrieval and forwarding utility. +
++ Neil Hoggarth has discovered that when delivering messages to a message + delivery agent by means of the "mda" option, Fetchmail passes a NULL + pointer to the ferror() and fflush() functions when refusing a message. + Isaac Wilcox has discovered numerous means of plain-text password + disclosure due to errors in secure connection establishment. +
++ An attacker could deliver a message via Fetchmail to a message delivery + agent configured to refuse the message, and crash the Fetchmail + process. SMTP and LMTP delivery modes are not affected by this + vulnerability. An attacker could also perform a Man-in-the-Middle + attack, and obtain plain-text authentication credentials of users + connecting to a Fetchmail process. +
++ There is no known workaround at this time. +
++ All fetchmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.3.6"
+ + Mod_auth_kerb is an Apache authentication module using Kerberos. +
++ Mod_auth_kerb improperly handles component byte encoding in the + der_get_oid() function, allowing for a buffer overflow to occur if + there are no components which require more than one byte for encoding. +
++ An attacker could try to access a Kerberos protected resource on an + Apache server with an incorrectly configured service principal and + crash the server process. It is important to note that this buffer + overflow is not known to allow for the execution of code. +
++ There is no known workaround at this time. +
++ All mod_auth_kerb users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_auth_kerb-5.0_rc7-r1"
+ + The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +
++ Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun + JRE possibly related to various AWT or font layout functions. Tom + Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun + JRE relating to unintended applet data access. He has also discovered + multiple other unspecified vulnerabilities in Sun JDK and Sun JRE + allowing unintended Java applet or application resource acquisition. +
++ An attacker could entice a user to run a specially crafted Java applet + or application that could read, write, or execute local files with the + privileges of the user running the JVM; access data maintained in other + Java applets; or escalate the privileges of the currently running Java + applet or application allowing for unauthorized access to system + resources. +
++ There is no known workaround at this time. +
++ All Sun Java Development Kit users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-java/sun-jdk"
+ + All Sun Java Runtime Environment users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin"
+ + Adobe Acrobat Reader is a PDF reader released by Adobe. +
++ Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code + execution via heap corruption when loading a specially crafted PDF + file. +
++ The browser plugin released with Adobe Acrobat Reader (nppdf.so) does + not properly handle URLs, and crashes if given a URL that is too long. + The plugin does not correctly handle JavaScript, and executes + JavaScript that is given as a GET variable to the URL of a PDF file. + Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX + request parameters following the # character in a URL, allowing for + multiple cross-site scripting vulnerabilities. +
++ An attacker could entice a user to open a specially crafted PDF file + and execute arbitrary code with the rights of the user running Adobe + Acrobat Reader. An attacker could also entice a user to browse to a + specially crafted URL and either crash the Adobe Acrobat Reader browser + plugin, execute arbitrary JavaScript in the context of the user's + browser, or inject arbitrary HTML or JavaScript into the document being + viewed by the user. Note that users who have emerged Adobe Acrobat + Reader with the "nsplugin" USE flag disabled are not vulnerable to + issues with the Adobe Acrobat Reader browser plugin. +
++ There is no known workaround at this time. +
++ All Adobe Acrobat Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-7.0.9"
+ + libgtop facilitates the libgtop_daemon, which is used by GNOME to + obtain information about remote systems. +
++ Liu Qishuai discovered that glibtop_get_proc_map_s() in + sysdeps/linux/procmap.c does not properly allocate memory for storing a + filename, allowing certain filenames to cause the buffer to overflow on + the stack. +
++ By tricking a victim into executing an application that uses the + libgtop library (e.g. libgtop_daemon or gnome-system-monitor), a local + attacker could specify a specially crafted filename to be used by + libgtop causing a buffer overflow and possibly execute arbitrary code + with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All libgtop users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-base/libgtop-2.14.6"
+ + xine-ui is a skin-based user interface for xine. xine is a free + multimedia player. It plays CDs, DVDs, and VCDs, and can also decode + other common multimedia formats. +
++ Due to the improper handling and use of format strings, the + errors_create_window() function in errors.c does not safely write data + to memory. +
++ An attacker could entice a user to open a specially crafted media file + with xine-ui, and possibly execute arbitrary code. +
++ There is no known workaround at this time. +
++ All xine-ui users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.5_pre20060716"
+ + OpenLDAP Software is an open source implementation of the Lightweight + Directory Access Protocol. +
++ Tavis Ormandy of the Gentoo Linux Security Team has discovered that the + file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does + not exit upon the existence of a directory in /tmp during installation + allowing for directory traversal. +
++ A local attacker could create a symbolic link in /tmp and potentially + overwrite arbitrary system files upon a privileged user emerging + OpenLDAP. +
++ There is no known workaround at this time. +
++ All OpenLDAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "net-nds/openldap"
+ + Centericq is a text mode menu-driven and window-driven instant + messaging interface. +
++ When interfacing with the LiveJournal service, Centericq does not + appropriately allocate memory for incoming data, in some cases creating + a buffer overflow. +
++ An attacker could entice a user to connect to an unofficial LiveJournal + server causing Centericq to read specially crafted data from the + server, which could lead to the execution of arbitrary code with the + rights of the user running Centericq. +
++ There is no known workaround at this time. +
++ Currently, Centericq is unmaintained. As such, Centericq has been + masked in Portage until it is again maintained. +
+
+ # emerge --ask --verbose --unmerge "net-im/centericq"
+ + MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +
++ The Kerberos administration daemon, and possibly other applications + using the GSS-API or RPC libraries, could potentially call a function + pointer in a freed heap buffer, or attempt to free an uninitialized + pointer. +
++ A remote attacker may be able to crash an affected application, or + potentially execute arbitrary code with root privileges. +
++ There is no known workaround at this time. +
++ All MIT Kerberos 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.2"
+ + Squid is a multi-protocol proxy server. +
++ Squid fails to correctly handle ftp:// URI's. There is also an error in + the external_acl queue which can cause an infinite looping condition. +
++ An attacker could attempt to retrieve a specially crafted URI via a + Squid server causing the service to crash. If an attacker could + generate a sufficiently high load on the Squid services, they could + cause a Denial of Service by forcing Squid into an infinite loop. +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.7"
+ + Cacti is a web-based network graphing and reporting tool. +
++ rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts + do not properly control access to the command shell, and are remotely + accessible by unauthenticated users. This allows SQL injection via + cmd.php and copy_cacti_user.php URLs. Further, the results from the + injected SQL query are not properly sanitized before being passed to a + command shell. The vulnerabilities require that the + "register_argc_argv" option is enabled, which is the Gentoo default. + Also, a number of similar problems in other scripts were reported. +
++ These vulnerabilties can result in the execution of arbitrary shell + commands or information disclosure via crafted SQL queries. +
++ There is no known workaround at this time. +
++ All Cacti users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6i-r1"
+ + VLC media player is a multimedia player for various audio and video + formats. +
++ Kevin Finisterre has discovered that when handling media locations, + various functions throughout VLC media player make improper use of + format strings. +
++ An attacker could entice a user to open a specially crafted media + location or M3U file with VLC media player, and execute arbitrary code + on the system with the rights of the user running VLC media player. +
++ There is no known workaround at this time. +
++ All VLC media player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6-r1"
+ + The X Window System is a graphical windowing system based on a + client/server model. +
++ Multiple memory corruption vulnerabilities have been found in the + ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE + extension, and ProcRenderAddGlyphs() in the Render extension. +
++ A local attacker could execute arbitrary code with the privileges of + the user running the X server, typically root. +
++ Disable the DBE extension by removing the "Load dbe" directive in the + Module section of xorg.conf, and explicitly disable the Render + extension with ' Option "RENDER" "disable" ' in the Extensions section. +
++ Note: This could affect the functionality of some applications. +
++ All X.Org X server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.1-r4"
+ + KSirc is the default KDE IRC client. +
++ KSirc fails to check the size of an incoming PRIVMSG string sent from + an IRC server during the connection process. +
++ A malicious IRC server could send a long PRIVMSG string to the KSirc + client causing an assertion failure and the dereferencing of a null + pointer, resulting in a crash. +
++ There is no known workaround at this time. +
++ All KSirc users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/ksirc-3.5.5-r1"
+ + ELinks is a text mode web browser. +
++ Teemu Salmela discovered an error in the validation code of "smb://" + URLs used by ELinks, the same issue as reported in GLSA 200612-16 + concerning Links. +
++ A remote attacker could entice a user to browse to a specially crafted + "smb://" URL and execute arbitrary Samba commands, which would allow + the overwriting of arbitrary local files or the upload or download of + arbitrary files. This vulnerability can be exploited only if + "smbclient" is installed on the victim's computer, which is provided by + the "samba" Gentoo package. +
++ There is no known workaround at this time. +
++ All ELinks users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/elinks-0.11.2"
+ + thttpd is a webserver designed to be simple, small, and fast. +
++ thttpd is vulnerable to an underlying change made to the + start-stop-daemon command in the current stable Gentoo baselayout + package (version 1.12.6). In the new version, the start-stop-daemon + command performs a "chdir /" command just before starting the thttpd + process. In the Gentoo default configuration, this causes thttpd to + start with the document root set to "/", the sytem root directory. +
++ When thttpd starts with the document root set to the system root + directory, all files on the system that are readable by the thttpd + process can be remotely accessed by unauthenticated users. +
++ Alter the THTTPD_OPTS variable in /etc/conf.d/thttpd to include the + "-d" option to specify the document root. Alternatively, modify the + THTTPD_OPTS variable in /etc/conf.d/thttpd to specify a thttpd.conf + file using the "-C" option, and then configure the "dir=" directive in + that thttpd.conf file. +
++ All thttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/thttpd-2.25b-r5"
+ + Samba is a suite of SMB and CIFS client/server programs for UNIX. +
++ A format string vulnerability exists in the VFS module when handling + AFS file systems and an infinite loop has been discovered when handling + file rename operations. +
++ A user with permission to write to a shared AFS file system may be able + to compromise the smbd process and execute arbitrary code with the + permissions of the daemon. The infinite loop could be abused to consume + excessive resources on the smbd host, denying service to legitimate + users. +
++ There is no known workaround at this time. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.24"
+ + ProFTPD is a powerful, configurable, and free FTP daemon. +
++ A flaw exists in the mod_ctrls module of ProFTPD, normally used to + allow FTP server administrators to configure the daemon at runtime. +
++ An FTP server administrator permitted to interact with mod_ctrls could + potentially compromise the ProFTPD process and execute arbitrary code + with the privileges of the FTP Daemon, which is normally the root user. +
++ Disable mod_ctrls, or ensure only trusted users can access this + feature. +
++ All ProFTPD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.1_rc1"
+ + Snort is a widely deployed intrusion detection program. +
++ Randy Smith, Christian Estan and Somesh Jha discovered that the rule + matching algorithm of Snort can be exploited in a way known as a + "backtracking attack" to perform numerous time-consuming operations. +
++ A remote attacker could send specially crafted network packets, which + would result in the cessation of the detections and the consumption of + the CPU resources. +
++ There is no known workaround at this time. +
++ All Snort users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.2"
+ + RAR and UnRAR provide command line interfaces for compressing and + decompressing RAR files. +
++ RAR and UnRAR contain a boundary error when processing + password-protected archives that could result in a stack-based buffer + overflow. +
++ A remote attacker could entice a user to process a specially crafted + password-protected archive and execute arbitrary code with the rights + of the user uncompressing the archive. +
++ There is no known workaround at this time. +
++ All UnRAR users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3"
+ + All RAR users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1"
+ + Fail2ban monitors log files for failed authentication attempts and can + block hosts responsible for repeated attacks. +
++ A flaw in the method used to parse log entries allows remote, + unauthenticated attackers to forge authentication attempts from other + hosts. +
++ A remote attacker can add arbitrary hosts to the block list, denying + legitimate users access to a resource. +
++ There is no known workaround at this time. +
++ All Fail2ban users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.6.2"
+ + ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +
++ An unspecified improper usage of an already freed context has been + reported. Additionally, an assertion error could be triggered in the + DNSSEC validation of some responses to type ANY queries with multiple + RRsets. +
++ A remote attacker could crash the server through unspecified vectors + or, if DNSSEC validation is enabled, by sending certain crafted ANY + queries. +
++ There is no known workaround at this time for the first issue. The + DNSSEC validation Denial of Service can be prevented by disabling + DNSSEC validation until the upgrade to a fixed version. Note that + DNSSEC validation is disabled on a default configuration. +
++ All ISC BIND 9.3 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.3.4"
+ + All ISC BIND 9.2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.2.8"
+ + The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +
++ A anonymous researcher discovered that an error in the handling of a + GIF image with a zero width field block leads to a memory corruption + flaw. +
++ An attacker could entice a user to run a specially crafted Java applet + or application that would load a crafted GIF image, which could result + in escalation of privileges and unauthorized access to system + resources. +
++ There is no known workaround at this time. +
++ All Sun Java Development Kit 1.5 users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.5.0.10"
+ + All Sun Java Development Kit 1.4 users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=dev-java/sun-jdk-1.4.2*"
+ + All Sun Java Runtime Environment 1.5 users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.5.0.10"
+ + All Sun Java Runtime Environment 1.4 users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=dev-java/sun-jre-bin-1.4.2*"
+ + The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. The x86 emulation Sun's J2SE + Development Kit for AMD64 contains a vulnerable version of Sun's JDK. +
++ Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun + JRE possibly related to various AWT or font layout functions. Tom + Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun + JRE relating to unintended applet data access. He has also discovered + multiple other unspecified vulnerabilities in Sun JDK and Sun JRE + allowing unintended Java applet or application resource acquisition. + Additionally, a memory corruption error has been found in the handling + of GIF images with zero width field blocks. +
++ An attacker could entice a user to run a specially crafted Java applet + or application that could read, write, or execute local files with the + privileges of the user running the JVM, access data maintained in other + Java applets, or escalate the privileges of the currently running Java + applet or application allowing for unauthorized access to system + resources. +
++ There is no known workaround at this time. +
++ All AMD64 x86 emulation Sun's J2SE Development Kit users should upgrade + to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.10"
+ + Nexuiz is a multi-player FPS game which uses a modified version of the + Quake 1 engine. +
++ Nexuiz fails to correctly validate input within "clientcommands". There + is also a failure to correctly handle connection attempts from remote + hosts. +
++ Using a specially crafted "clientcommand" a remote attacker can cause a + buffer overflow in Nexuiz which could result in the execution of + arbitrary code. Additionally, there is a Denial of Service + vulnerability in Nexuiz allowing an attacker to cause Nexuiz to crash + or to run out of resources by overloading it with specially crafted + connection requests. +
++ There is no known workaround at this time. +
++ All Nexuiz users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-fps/nexuiz-2.2.1"
+ + UFO2000 is a multi-player, turn-based tactical simulation. +
++ Five vulnerabilities were found: a buffer overflow in recv_add_unit(); + a problem with improperly trusting user-supplied string information in + decode_stringmap(); several issues with array manipulation via various + commands during play; an SQL injection in server_protocol.cpp; and + finally, a second buffer overflow in recv_map_data(). +
++ An attacker could send crafted network traffic as part of a + multi-player game that could result in remote code execution on the + remote opponent or the server. A remote attacker could also run + arbitrary SQL queries against the server account database, and perform + a Denial of Service on a remote opponent by causing the game to crash. +
++ There is no known workaround at this time. +
++ UFO2000 currently depends on the dumb-0.9.2 library, which has been + removed from portage due to security problems (GLSA 200608-14) . + Because of this, UFO2000 has been masked, and we recommend unmerging + the package until the next beta release can remove the dependency on + dumb. +
+
+ # emerge --ask --verbose --unmerge ufo2000
+ + MPlayer is a media player capable of playing multiple media formats. +
++ When checking for matching asm rules in the asmrp.c code, the results + are stored in a fixed-size array without boundary checks which may + allow a buffer overflow. +
++ An attacker can entice a user to connect to a manipulated RTSP server + resulting in a Denial of Service and possibly execution of arbitrary + code. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc1-r2"
+ + CHMlib is a library for the MS CHM (Compressed HTML) file format plus + extracting and HTTP server utils. +
++ When certain CHM files that contain tables and objects stored in pages + are parsed by CHMlib, an unsanitized value is passed to the alloca() + function resulting in a shift of the stack pointer to arbitrary memory + locations. +
++ An attacker could entice a user to open a specially crafted CHM file, + resulting in the execution of arbitrary code with the permissions of + the user viewing the file. +
++ There is no known workaround at this time. +
++ All CHMlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/chmlib-0.39"
+ + Snort is a widely deployed intrusion detection program. +
++ The Snort DCE/RPC preprocessor does not properly reassemble certain + types of fragmented SMB and DCE/RPC packets. +
++ A remote attacker could send specially crafted fragmented SMB or + DCE/RPC packets, without the need to finish the TCP handshake, that + would trigger a stack-based buffer overflow while being reassembled. + This could lead to the execution of arbitrary code with the permissions + of the user running the Snort preprocessor. +
++ Disable the DCE/RPC processor by commenting the 'preprocessor dcerpc' + section in /etc/snort/snort.conf . +
++ All Snort users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3"
+ + SpamAssassin is an extensible email filter used to identify junk email. +
++ SpamAssassin does not correctly handle very long URIs when scanning + emails. +
++ An attacker could cause SpamAssassin to consume large amounts of CPU + and memory resources by sending one or more emails containing very long + URIs. +
++ There is no known workaround at this time. +
++ All SpamAssassin users should upgrade to the latest version. +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.8"
+ + ClamAV is a GPL virus scanner. +
++ An anonymous researcher discovered a file descriptor leak error in the + processing of CAB archives and a lack of validation of the "id" + parameter string used to create local files when parsing MIME headers. +
++ A remote attacker can send several crafted CAB archives with a + zero-length record header that will fill the available file descriptors + until no other is available, which will prevent ClamAV from scanning + most archives. An attacker can also send an email with specially + crafted MIME headers to overwrite local files with the permissions of + the user running ClamAV, such as the virus database file, which could + prevent ClamAV from detecting any virus. +
++ The first vulnerability can be prevented by refusing any file of type + CAB, but there is no known workaround for the second issue. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90"
+ + Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
++ Tom Ferris reported a heap-based buffer overflow involving wide SVG + stroke widths that affects Mozilla Firefox 2 only. Various researchers + reported some errors in the JavaScript engine potentially leading to + memory corruption. Mozilla Firefox also contains minor vulnerabilities + involving cache collision and unsafe pop-up restrictions, filtering or + CSS rendering under certain conditions. +
++ An attacker could entice a user to view a specially crafted web page + that will trigger one of the vulnerabilities, possibly leading to the + execution of arbitrary code. It is also possible for an attacker to + spoof the address bar, steal information through cache collision, + bypass the local files protection mechanism with pop-ups, or perform + cross-site scripting attacks, leading to the exposure of sensitive + information, like user credentials. +
++ There is no known workaround at this time for all of these issues, but + most of them can be avoided by disabling JavaScript. +
++ Users upgrading to the following releases of Mozilla Firefox should + note that this upgrade has been found to lose the saved passwords file + in some cases. The saved passwords are encrypted and stored in the + 'signons.txt' file of ~/.mozilla/ and we advise our users to save that + file before performing the upgrade. +
++ All Mozilla Firefox 1.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.10"
+ + All Mozilla Firefox 1.5 binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.10"
+ + All Mozilla Firefox 2.0 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.2"
+ + All Mozilla Firefox 2.0 binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.2"
+ + The Mozilla Suite is a popular all-in-one web browser that includes a + mail and news reader. +
++ Several vulnerabilities ranging from code execution with elevated + privileges to information leaks affect the Mozilla Suite. +
++ A remote attacker could entice a user to browse to a specially crafted + website or open a specially crafted mail that could trigger some of the + vulnerabilities, potentially allowing execution of arbitrary code, + denials of service, information leaks, or cross-site scripting attacks + leading to the robbery of cookies of authentication credentials. +
++ Most of the issues, but not all of them, can be prevented by disabling + the HTML rendering in the mail client and JavaScript on every + application. +
++ The Mozilla Suite is no longer supported and has been masked after some + necessary changes on all the other ebuilds which used to depend on it. + Mozilla Suite users should unmerge www-client/mozilla or + www-client/mozilla-bin, and switch to a supported product, like + SeaMonkey, Thunderbird or Firefox. +
+
+
+ # emerge --unmerge "www-client/mozilla"
+
+ # emerge --unmerge "www-client/mozilla-bin"
+ + The AMD64 x86 emulation Qt library for AMD64 emulates the x86 (32-bit) + Qt library on the AMD64 (64-bit) architecture. +
++ An integer overflow flaw has been found in the pixmap handling of Qt, + making the AMD64 x86 emulation Qt library vulnerable as well. +
++ By enticing a user to open a specially crafted pixmap image in an + application using the AMD64 x86 emulation Qt library, a remote attacker + could cause an application crash or the remote execution of arbitrary + code with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All AMD64 x86 emulation Qt library users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-qtlibs-10.0"
+ + STLport is a multi-platform C++ Standard Library implementation. +
++ Two buffer overflows have been discovered, one in "print floats" and + one in the rope constructor. +
++ Both of the buffer overflows could result in the remote execution of + arbitrary code. Please note that the exploitability of the + vulnerabilities depends on how the library is used by other software + programs. +
++ There is no known workaround at this time. +
++ All STLport users should upgrade to the latest version. +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/STLport-5.0.3"
+ + The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as the 'Mozilla Application Suite'. +
++ Tom Ferris reported a heap-based buffer overflow involving wide SVG + stroke widths that affects SeaMonkey. Various researchers reported some + errors in the JavaScript engine potentially leading to memory + corruption. SeaMonkey also contains minor vulnerabilities involving + cache collision and unsafe pop-up restrictions, filtering or CSS + rendering under certain conditions. All those vulnerabilities are the + same as in GLSA 200703-04 affecting Mozilla Firefox. +
++ An attacker could entice a user to view a specially crafted web page or + to read a specially crafted email that will trigger one of the + vulnerabilities, possibly leading to the execution of arbitrary code. + It is also possible for an attacker to spoof the address bar, steal + information through cache collision, bypass the local file protection + mechanism with pop-ups, or perform cross-site scripting attacks, + leading to the exposure of sensitive information, such as user + credentials. +
++ There is no known workaround at this time for all of these issues, but + most of them can be avoided by disabling JavaScript. Note that the + execution of JavaScript is disabled by default in the SeaMonkey email + client, and enabling it is strongly discouraged. +
++ Users upgrading to the following release of SeaMonkey should note that + the corresponding Mozilla Firefox upgrade has been found to lose the + saved passwords file in some cases. The saved passwords are encrypted + and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our + users to save that file before performing the upgrade. +
++ All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.1"
+ + All SeaMonkey binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.1"
+ + Smb4K is a SMB/CIFS (Windows) share browser for KDE. +
++ Kees Cook of the Ubuntu Security Team has identified multiple + vulnerabilities in Smb4K. +
++ A local attacker could gain unauthorized access to arbitrary files via + numerous attack vectors. In some cases to obtain this unauthorized + access, an attacker would have to be a member of the sudoers list. +
++ There is no known workaround at this time. +
++ All Smb4K users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.10a"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KHTML is the HTML interpreter used in + Konqueror and other parts of KDE. +
++ The KHTML code allows for the execution of JavaScript code located + inside the "Title" HTML element, a related issue to the Safari error + found by Jose Avila. +
++ When viewing a HTML page that renders unsanitized attacker-supplied + input in the page title, Konqueror and other parts of KDE will execute + arbitrary JavaScript code contained in the page title, allowing for the + theft of browser session data or cookies. +
++ There is no known workaround at this time. +
++ All KDElibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8"
+ + Amarok is an advanced music player. +
++ The Magnatune downloader doesn't quote the "m_currentAlbumFileName" + parameter while calling the "unzip" shell command. +
++ A compromised or malicious Magnatune server can remotely execute + arbitrary shell code with the rights of the user running Amarok on a + client that have previously registered for buying music. +
++ Do not use the Magnatune component of Amarok. +
++ All Amarok users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.5-r1"
+ + SILC Server is a server for the Secure Internet Live Conferencing + (SILC) protocol. +
++ Frank Benkstein discovered a possible NULL pointer dereference in + apps/silcd/command.c if a new channel is created without specifying a + valid hmac or cipher algorithm name. +
++ A remote attacker could cause the server to crash, resulting in a + Denial of Service. +
++ There is no known workaround at this time. +
++ All SILC Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/silc-server-1.0.2-r1"
+ + The SSH Secure Shell Server from SSH Communications Security + (www.ssh.com) is a commercial SSH implementation available free for + non-commercial use. +
++ The SSH Secure Shell Server contains a format string vulnerability in + the SFTP code that handles file transfers (scp2 and sftp2). In some + situations, this code passes the accessed filename to the system log. + During this operation, an unspecified error could allow uncontrolled + stack access. +
++ An authenticated system user may be able to exploit this vulnerability + to bypass command restrictions, or run commands as another user. +
++ There is no known workaround at this time. +
++ This package is currently masked, there is no upgrade path for the + 3.2.x version, and a license must be purchased in order to update to a + non-vulnerable version. Because of this, we recommend unmerging this + package: +
+
+ # emerge --ask --verbose --unmerge net-misc/ssh
+ + Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +
++ The MU Security Research Team discovered that Asterisk contains a + NULL-pointer dereferencing error in the SIP channel when handling + request messages. +
++ A remote attacker could cause an Asterisk server listening for SIP + messages to crash by sending a specially crafted SIP request message. +
++ There is no known workaround at this time. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-misc/asterisk
+ + Note: Asterisk 1.0.x is no longer supported upstream so users should + consider upgrading to Asterisk 1.2.x. +
++ PostgreSQL is an open source object-relational database management + system. +
++ PostgreSQL does not correctly check the data types of the SQL function + arguments under unspecified circumstances nor the format of the + provided tables in the query planner. +
++ A remote authenticated attacker could send specially crafted queries to + the server that could result in a server crash and possibly the + unauthorized reading of some database content or arbitrary memory. +
++ There is no known workaround at this time. +
++ All PostgreSQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-db/postgresql"
+ + The Apache HTTP server is a very widely used web server. mod_jk + provides the JK module for connecting Tomcat and Apache using the ajp13 + protocol. +
++ ZDI reported an unsafe memory copy in mod_jk that was discovered by an + anonymous researcher in the map_uri_to_worker function of + native/common/jk_uri_worker_map.c . +
++ A remote attacker can send a long URL request to an Apache server using + Tomcat. That can trigger the vulnerability and lead to a stack-based + buffer overflow, which could result in the execution of arbitrary code + with the permissions of the Apache user. +
++ There is no known workaround at this time. +
++ All Apache Tomcat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.21-r1"
+ + ulogd is a userspace daemon for netfilter related logging. +
++ SUSE reported unspecified buffer overflows in ulogd involving the + calculation of string lengths. +
++ A remote attacker could trigger a possible buffer overflow through + unspecified vectors, potentially leading to the remote execution of + arbitrary code with the rights of the user running the ulogd daemon, or + more probably leading to the crash of the daemon. +
++ There is no known workaround at this time. +
++ All ulogd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/ulogd-1.23-r1"
+ + Mozilla Thunderbird is a popular open-source email client from the + Mozilla Project. +
++ Georgi Guninski reported a possible integer overflow in the code + handling text/enhanced or text/richtext MIME emails. Additionally, + various researchers reported errors in the JavaScript engine + potentially leading to memory corruption. Additionally, the binary + version of Mozilla Thunderbird includes a vulnerable NSS library which + contains two possible buffer overflows involving the SSLv2 protocol. +
++ An attacker could entice a user to read a specially crafted email that + could trigger one of the vulnerabilities, some of them being related to + Mozilla Thunderbird's handling of JavaScript, possibly leading to the + execution of arbitrary code. +
++ There is no known workaround at this time for all of these issues, but + some of them can be avoided by disabling JavaScript. Note that the + execution of JavaScript is disabled by default and enabling it is + strongly discouraged. +
++ All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.10"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.10"
+ + The Linux Terminal Server Project adds thin-client support to Linux + servers. +
++ The LTSP server includes vulnerable LibVNCServer code, which fails to + properly validate protocol types effectively letting users decide what + protocol to use, such as "Type 1 - None" (GLSA-200608-05). The LTSP VNC + server will accept this security type, even if it is not offered by the + server. +
++ An attacker could exploit this vulnerability to gain unauthorized + access with the privileges of the user running the VNC server. +
++ There is no known workaround at this time. +
++ All LTSP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ltsp-4.2-r1"
+ + The Linux Security Auditing Tool (LSAT) is a post install security + auditor which checks many system configurations and local network + settings on the system for common security or configuration errors and + for packages that are not needed. +
++ LSAT insecurely writes in /tmp with a predictable filename. +
++ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + the LSAT script is executed, this would result in the file being + overwritten with the rights of the user running the software, which + could be the root user. +
++ There is no known workaround at this time. +
++ All lsat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/lsat-0.9.5"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ Several vulnerabilities were found in PHP by the Hardened-PHP Project + and other researchers. These vulnerabilities include a heap-based + buffer overflow in htmlentities() and htmlspecialchars() if called with + UTF-8 parameters, and an off-by-one error in str_ireplace(). Other + vulnerabilities were also found in the PHP4 branch, including possible + overflows, stack corruptions and a format string vulnerability in the + *print() functions on 64 bit systems. +
++ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-lang/php"
+ + The Mozilla Network Security Service is a library implementing security + features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, + S/MIME and X.509 certificates. +
++ iDefense has reported two potential buffer overflow vulnerabilities + found by researcher "regenrecht" in the code implementing the SSLv2 + protocol. +
++ A remote attacker could send a specially crafted SSL master key to a + server using NSS for the SSLv2 protocol, or entice a user to connect to + a malicious server with a client-side application using NSS like one of + the Mozilla products. This could trigger the vulnerabilities and result + in the possible execution of arbitrary code with the rights of the + vulnerable application. +
++ Disable the SSLv2 protocol in the applications using NSS. +
++ All NSS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.5"
+ + WordPress is a popular personal publishing platform with a web + interface. +
++ WordPress contains cross-site scripting or cross-site scripting forgery + vulnerabilities reported by: +
++
++ Additionally, WordPress prints the full PHP script paths in some error + messages. +
++ The cross-site scripting vulnerabilities can be triggered to steal + browser session data or cookies. A remote attacker can entice a user to + browse to a specially crafted web page that can trigger the cross-site + request forgery vulnerability and perform arbitrary WordPress actions + with the permissions of the user. Additionally, the path disclosure + vulnerability could help an attacker to perform other attacks. +
++ There is no known workaround at this time for all these + vulnerabilities. +
++ Due to the numerous recently discovered vulnerabilities in WordPress, + this package has been masked in the portage tree. All WordPress users + are advised to unmerge it. +
+
+
+ # emerge --unmerge "www-apps/wordpress"
+ + mgv is a Postscript viewer with a Motif interface, based on Ghostview + and GNU gv. +
++ mgv includes code from gv that does not properly boundary check + user-supplied data before copying it into process buffers. +
++ An attacker could entice a user to open a specially crafted Postscript + document with mgv and possibly execute arbitrary code with the rights + of the user running mgv. +
++ There is no known workaround at this time. +
++ mgv is currently unmaintained, and the mgv website no longer exists. As + such, the mgv package has been masked in Portage. We recommend that + users select an alternate Postscript viewer such as ghostview or + GSview, and unmerge mgv: +
+
+ # emerge --unmerge "app-text/mgv"
+ + Ekiga is an open source VoIP and video conferencing application. +
++ Mu Security has discovered that Ekiga fails to implement formatted + printing correctly. +
++ An attacker could exploit this vulnerability to crash Ekiga and + potentially execute arbitrary code by sending a specially crafted Q.931 + SETUP packet to a victim. +
++ There is no known workaround at this time. +
++ All Ekiga users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7"
+ + file is a utility that guesses a file format by scanning binary data + for patterns. +
++ Jean-Sebastien Guay-Leroux reported an integer underflow in + file_printf function. +
++ A remote attacker could entice a user to run the "file" program on a + specially crafted file that would trigger a heap-based buffer overflow + possibly leading to the execution of arbitrary code with the rights of + the user running "file". Note that this vulnerability could be also + triggered through an automatic file scanner like amavisd-new. +
++ There is no known workaround at this time. +
++ Since file is a system package, all Gentoo users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-4.20"
+ + Squid is a multi-protocol proxy server. +
++ Squid incorrectly handles TRACE requests that contain a "Max-Forwards" + header field with value "0" in the clientProcessRequest() function. +
++ A remote attacker can send specially crafted TRACE HTTP requests that + will terminate the child process. A quickly repeated attack will lead + to a Denial of Service. +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.12"
+ + CUPS provides a portable printing layer for UNIX-based operating + systems. +
++ CUPS does not properly handle partially-negotiated SSL connections. + Upon receiving a partially-negotiated SSL connection, CUPS no longer + accepts further incoming connections, as the initial connection never + times out. +
++ An attacker could partially negotiate an SSL connection with a CUPS + server, and cause future connections to that server to fail, resulting + in a Denial of Service. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.9"
+ + Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +
++ The Madynes research team at INRIA has discovered that Asterisk + contains a null pointer dereferencing error in the SIP channel when + handling INVITE messages. Furthermore qwerty1979 discovered that + Asterisk 1.2.x fails to properly handle SIP responses with return code + 0. +
++ A remote attacker could cause an Asterisk server listening for SIP + messages to crash by sending a specially crafted SIP message or + answering with a 0 return code. +
++ There is no known workaround at this time. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose net-misc/asterisk
+ + Note: Asterisk 1.0.x is no longer supported upstream so users should + consider upgrading to Asterisk 1.2.x. +
++ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +
++ The Kerberos telnet daemon fails to properly handle usernames allowing + unauthorized access to any account (CVE-2007-0956). The Kerberos + administration daemon, the KDC and possibly other applications using + the MIT Kerberos libraries are vulnerable to the following issues. The + krb5_klog_syslog function from the kadm5 library fails to properly + validate input leading to a stack overflow (CVE-2007-0957). The GSS-API + library is vulnerable to a double-free attack (CVE-2007-1216). +
++ By exploiting the telnet vulnerability a remote attacker may obtain + access with root privileges. The remaining vulnerabilities may allow an + authenticated remote attacker to execute arbitrary code with root + privileges. +
++ There is no known workaround at this time. +
++ All MIT Kerberos 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.2-r1"
+ + OpenAFS is a distributed network filesystem. +
++ Benjamin Bennett discovered that the OpenAFS client contains a design + flaw where cache managers do not use authenticated server connections + when performing actions not requested by a user. +
++ If setuid is enabled on the client cells, an attacker can supply a fake + FetchStatus reply that sets setuid and root ownership of a file being + executed. This could provide root access on the client. Remote attacks + may be possible if an attacker can entice a user to execute a known + file. Note that setuid is enabled by default in versions of OpenAFS + prior to 1.4.4. +
++ Disable the setuid functionality on all client cells. This is now the + default configuration in OpenAFS. +
++ All OpenAFS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.4"
+ + OpenPBS is the original version of the Portable Batch System. It is a + flexible batch queueing system developed for NASA in the early to + mid-1990s. +
++ SUSE reported vulnerabilities due to unspecified errors in OpenPBS. +
++ By unspecified attack vectors an attacker might be able execute + arbitrary code with the privileges of the user running openpbs, which + might be the root user. +
++ There is no known workaround at this time. +
++ OpenPBS has been masked in the Portage tree for replacement by Torque. + All OpenPBS users should unmerge OpenPBS and switch to Torque. +
+
+
+ # emerge --ask --unmerge sys-cluster/openpbs
+ # emerge --sync
+ # emerge --ask --verbose sys-cluster/torque
+ + The zziplib library is a lightweight library for extracting data from + files archived in a single zip file. +
++ dmcox dmcox discovered a boundary error in the zzip_open_shared_io() + function from zzip/file.c . +
++ A remote attacker could entice a user to run a zziplib function with an + overly long string as an argument which would trigger the buffer + overflow and may lead to the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All zziplib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/zziplib-0.13.49"
+ + Evince is a document viewer for multiple document formats, including + PostScript. +
++ Evince includes code from GNU gv that does not properly boundary check + user-supplied data before copying it into process buffers. +
++ An attacker could entice a user to open a specially crafted PostScript + document with Evince and possibly execute arbitrary code with the + rights of the user running Evince. +
++ There is no known workaround at this time. +
++ All Evince users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/evince-0.6.1-r3"
+ + libwpd is a library used to convert Wordperfect documents into other + formats. +
++ libwpd contains heap-based overflows in two functions that convert + WordPerfect document tables. In addition, it contains an integer + overflow in a text-conversion function. +
++ An attacker could entice a user to convert a specially crafted + WordPerfect file, resulting in a crash or possibly the execution of + arbitrary code with the rights of the user running libwpd. +
++ There is no known workaround at this time. +
++ All libwpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/libwpd-0.8.9"
+ + DokuWiki is a simple to use wiki aimed at creating documentation. +
++ DokuWiki does not sanitize user input to the GET variable 'media' in + the fetch.php file. +
++ An attacker could entice a user to click a specially crafted link and + inject CRLF characters into the variable. This would allow the creation + of new lines or fields in the returned HTTP Response header, which + would permit the attacker to execute arbitrary scripts in the context + of the user's browser. +
++ Replace the following line in lib/exe/fetch.php: +
+$MEDIA = getID('media',false); // no cleaning - maybe external
+ + with +
+$MEDIA = preg_replace('/[\x00-\x1F]+/s','',getID('media',false));
+ + All DokuWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20061106"
+ + xine-lib is the core library package for the xine media player. +
++ xine-lib does not check boundaries on data being read into buffers from + DMO video files in code that is shared with MPlayer + (DMO_VideoDecoder.c). +
++ An attacker could entice a user to play a specially crafted DMO video + file with a player using xine-lib, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + player. +
++ There is no known workaround at this time. +
++ All xine-lib users on the x86 platform should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.4-r2"
+ + Inkscape is a vector graphics editor, using Scalable Vector Graphics + (SVG) Format. +
++ Kees Cook has discovered two vulnerabilities in Inkscape. The + application does not properly handle format string specifiers in some + dialog boxes. Inkscape is also vulnerable to another format string + error in its Jabber whiteboard protocol. +
++ A remote attacker could entice a user to open a specially crafted URI, + possibly leading to execution of arbitrary code with the privileges of + the user running Inkscape. +
++ There is no known workaround at this time. +
++ All Inkscape users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/inkscape-0.45.1"
+ + Vixie Cron is a command scheduler with extended syntax over cron. +
++ During an internal audit, Raphael Marichez of the Gentoo Linux Security + Team found that Vixie Cron has weak permissions set on Gentoo, allowing + for a local user to create hard links to system and users cron files, + while a st_nlink check in database.c will generate a superfluous error. +
++ Depending on the partitioning scheme and the "cron" group membership, a + malicious local user can create hard links to system or users cron + files that will trigger the st_link safety check and prevent the + targeted cron file from being run from the next restart or database + reload. +
++ There is no known workaround at this time. +
++ All Vixie Cron users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r10"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ John Heasman of NGSSoftware has discovered a stack-based buffer + overflow in the StarCalc parser and an input validation error when + processing metacharacters in a link. Also OpenOffice.Org includes code + from libwpd making it vulnerable to heap-based overflows when + converting WordPerfect document tables (GLSA 200704-07). +
++ A remote attacker could entice a user to open a specially crafted + document, possibly leading to execution of arbitrary code with the + rights of the user running OpenOffice.org. +
++ There is no known workaround at this time. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.1.0-r1"
+ + All OpenOffice.org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.0"
+ + file is a utility that identifies a file format by scanning binary data + for patterns. +
++ Conor Edberg discovered an error in the way file processes a specific + regular expression. +
++ A remote attacker could entice a user to open a specially crafted file, + using excessive CPU ressources and possibly leading to a Denial of + Service. Note that this vulnerability could be also triggered through + an automatic file scanner like amavisd-new. +
++ There is no known workaround at this time. +
++ All file users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-4.20-r1"
+ + FreeRADIUS is an open source RADIUS authentication server + implementation. +
++ The Coverity Scan project has discovered a memory leak within the + handling of certain malformed Diameter format values inside an EAP-TTLS + tunnel. +
++ A remote attacker could send a large amount of specially crafted + packets to a FreeRADIUS server using EAP-TTLS authentication and + exhaust all memory, possibly resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All FreeRADIUS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.6"
+ + The MadWifi driver provides support for Atheros based IEEE 802.11 + Wireless Lan cards. +
++ The driver does not properly process Channel Switch Announcement + Information Elements, allowing for an abnormal channel change. The + ieee80211_input() function does not properly handle AUTH frames and the + driver sends unencrypted packets before WPA authentication succeeds. +
++ A remote attacker could send specially crafted AUTH frames to the + vulnerable host, resulting in a Denial of Service by crashing the + kernel. A remote attacker could gain access to sensitive information + about network architecture by sniffing unencrypted packets. A remote + attacker could also send a Channel Switch Count less than or equal to + one to trigger a channel change, resulting in a communication loss and + a Denial of Service. +
++ There is no known workaround at this time. +
++ All MadWifi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3"
+ + Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can + recover keys once enough data packets have been captured. +
++ Jonathan So reported that the airodump-ng module does not correctly + check the size of 802.11 authentication packets before copying them + into a buffer. +
++ A remote attacker could trigger a stack-based buffer overflow by + sending a specially crafted 802.11 authentication packet to a user + running airodump-ng with the -w (--write) option. This could lead to + the remote execution of arbitrary code with the permissions of the user + running airodump-ng, which is typically the root user. +
++ There is no known workaround at this time. +
++ All Aircrack-ng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/aircrack-ng-0.7-r2"
+ + 3proxy is a multi-protocol proxy, including HTTP/HTTPS/FTP and SOCKS + support. +
++ The 3proxy development team reported a buffer overflow in the logurl() + function when processing overly long requests. +
++ A remote attacker could send a specially crafted transparent request to + the proxy, resulting in the execution of arbitrary code with privileges + of the user running 3proxy. +
++ There is no known workaround at this time. +
++ All 3proxy users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/3proxy-0.5.3h"
+ + Courier-IMAP is an IMAP server which is part of the Courier mail + system. It provides access only to maildirs. +
++ CJ Kucera has discovered that some Courier-IMAP scripts don't properly + handle the XMAILDIR variable, allowing for shell command injection. +
++ A remote attacker could send specially crafted login credentials to a + Courier-IMAP server instance, possibly leading to remote code execution + with root privileges. +
++ There is no known workaround at this time. +
++ All Courier-IMAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/courier-imap-4.0.6-r2"
+ + Blender is a 3D creation, animation and publishing program. +
++ Stefan Cornelius of Secunia Research discovered an insecure use of the + "eval()" function in kmz_ImportWithMesh.py. +
++ A remote attacker could entice a user to open a specially crafted + Blender file (.kmz or .kml), resulting in the execution of arbitrary + Python code with the privileges of the user running Blender. +
++ There is no known workaround at this time. +
++ All Blender users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.43"
+ + NAS is a network transparent, client/server audio transport system. +
++ Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of + which include a buffer overflow in the function accept_att_local(), an + integer overflow in the function ProcAuWriteElement(), and a null + pointer error in the function ReadRequestFromClient(). +
++ An attacker having access to the NAS daemon could send an overly long + slave name to the server, leading to the execution of arbitrary code + with root privileges. A remote attacker could also send a specially + crafted packet containing an invalid client ID, which would crash the + server and result in a Denial of Service. +
++ There is no known workaround at this time. +
++ All NAS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/nas-1.8b"
+ + ClamAV is a GPL virus scanner. +
++ iDefense Labs have reported a stack-based buffer overflow in the + cab_unstore() function when processing negative values in .cab files. + Multiple file descriptor leaks have also been reported in chmunpack.c, + pdf.c and dblock.c when processing .chm files. +
++ A remote attacker could send a specially crafted CHM file to the + scanner, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running ClamAV. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90.2"
+ + BEdevilled Audio SysTem is an audio compositor, supporting a wide range + of audio formats. +
++ BEAST, which is installed as setuid root, fails to properly check + whether it can drop privileges accordingly if seteuid() fails due to a + user exceeding assigned resource limits. +
++ A local user could exceed his resource limit in order to prevent the + seteuid() call from succeeding. This may lead BEAST to keep running + with root privileges. Then, the local user could use the "save as" + dialog box to overwrite any file on the vulnerable system, potentially + leading to a Denial of Service. +
++ There is no known workaround at this time. +
++ All BEAST users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/beast-0.7.1"
+ + capi4k-utils is a set of utilities for accessing COMMON-ISDN-API + software interfaces for ISDN devices. +
++ The bufprint() function in capi4k-utils fails to properly check + boundaries of data coming from CAPI packets. +
++ A local attacker could possibly escalate privileges or cause a Denial + of Service by sending a crafted CAPI packet. +
++ There is no known workaround at this time. +
++ All capi4k-utils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/capi4k-utils-20050718-r3"
+ + Ktorrent is a Bittorrent client for KDE. +
++ Bryan Burns of Juniper Networks discovered a vulnerability in + chunkcounter.cpp when processing large or negative idx values, and a + directory traversal vulnerability in torrent.cpp. +
++ A remote attacker could entice a user to download a specially crafted + torrent file, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running Ktorrent. +
++ There is no known workaround at this time. +
++ All Ktorrent users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/ktorrent-2.1.3"
+ + FreeType is a True Type Font rendering library. +
++ Greg MacManus of iDefense Labs has discovered an integer overflow in + the function bdfReadCharacters() when parsing BDF fonts. +
++ A remote attacker could entice a user to use a specially crafted BDF + font, possibly resulting in a heap-based buffer overflow and the remote + execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All FreeType users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r3"
+ + Tomcat is the Apache Jakarta Project's official implementation of Java + Servlets and Java Server Pages. +
++ Tomcat allows special characters like slash, backslash or URL-encoded + backslash as a separator, while Apache does not. +
++ A remote attacker could send a specially crafted URL to the vulnerable + Tomcat server, possibly resulting in a directory traversal and read + access to arbitrary files with the privileges of the user running + Tomcat. Note that this vulnerability can only be exploited when using + apache proxy modules like mod_proxy, mod_rewrite or mod_jk. +
++ There is no known workaround at this time. +
++ All Tomcat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.22"
+ + Mod_perl is an Apache module that embeds the Perl interpreter within + the server, allowing Perl-based web-applications to be created. +
++ Alex Solvey discovered that the "path_info" variable used in file + RegistryCooker.pm (mod_perl 2.x) or file PerlRun.pm (mod_perl 1.x), is + not properly escaped before being processed. +
++ A remote attacker could send a specially crafted URL to the vulnerable + server, possibly resulting in a massive resource consumption. +
++ There is no known workaround at this time. +
++ All mod_perl 1.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_perl-1.30"
+ + All mod_perl 2.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_perl-2.0.3-r1"
+ + Quagga is a free routing daemon, supporting RIP, OSPF and BGP + protocols. +
++ The Quagga development team reported a vulnerability in the BGP routing + deamon when processing NLRI attributes inside UPDATE messages. +
++ A malicious peer inside a BGP area could send a specially crafted + packet to a Quagga instance, possibly resulting in a crash of the + Quagga daemon. +
++ There is no known workaround at this time. +
++ All Quagga users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r2"
+ + X.Org is an implementation of the X Window System. The X.Org X11 + library provides the X11 protocol library files. +
++ Multiple integer overflows have been reported in the XGetPixel() + function of the X.Org X11 library. +
++ By enticing a user to open a specially crafted image, an attacker could + cause a Denial of Service or an integer overflow, potentially resulting + in the execution of arbitrary code with root privileges. +
++ There is no known workaround at this time. +
++ All X.Org X11 library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.0.3-r2"
+ + Lighttpd is a lightweight HTTP web server. +
++ Robert Jakabosky discovered an infinite loop triggered by a connection + abort when Lighttpd processes carriage return and line feed sequences. + Marcus Rueckert discovered a NULL pointer dereference when a server + running Lighttpd tries to access a file with a mtime of 0. +
++ A remote attacker could upload a specially crafted file to the server + or send a specially crafted request and then abort the connection, + possibly resulting in a crash or a Denial of Service by CPU + consumption. +
++ There is no known workaround at this time. +
++ All Lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.14"
+ + GIMP is the GNU Image Manipulation Program. +
++ Marsu discovered that the "set_color_table()" function in the SUNRAS + plugin is vulnerable to a stack-based buffer overflow. +
++ An attacker could entice a user to open a specially crafted .RAS file, + possibly leading to the execution of arbitrary code with the privileges + of the user running GIMP. +
++ There is no known workaround at this time. +
++ All GIMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.2.14"
+ + IPsec-Tools is a port of KAME's implementation of the IPsec utilities. + It contains a collection of network monitoring tools, including racoon, + ping, and ping6. +
++ The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not + always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) + packets are encrypted. +
++ A remote attacker could send a specially crafted IPsec message to one + of the two peers during the beginning of phase 1, resulting in the + termination of the IPsec exchange. +
++ There is no known workaround at this time. +
++ All IPsec-Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.6.7"
+ + LibXfont is the X.Org font library. TightVNC is a VNC client/server for + X displays. +
++ The libXfont code is prone to several integer overflows, in functions + ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). + TightVNC contains a local copy of this code and is also affected. +
++ A local attacker could use a specially crafted BDF Font to gain root + privileges on the vulnerable host. +
++ There is no known workaround at this time. +
++ All libXfont users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.7-r1"
+ + All TightVNC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tightvnc-1.2.9-r4"
+ + MySQL is a popular multi-threaded, multi-user SQL server. +
++ mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when + processing certain types of SQL requests. Sec Consult also discovered + another NULL pointer dereference when sorting certain types of queries + on the database metadata. +
++ In both cases, a remote attacker could send a specially crafted SQL + request to the server, possibly resulting in a server crash. Note that + the attacker needs the ability to execute SELECT queries. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.38"
+ + PostgreSQL is an open source object-relational database management + system. +
++ An error involving insecure search_path settings in the SECURITY + DEFINER functions has been reported in PostgreSQL. +
++ If allowed to call a SECURITY DEFINER function, an attacker could gain + the SQL privileges of the owner of the called function. +
++ There is no known workaround at this time. +
++ All PostgreSQL users should upgrade to the latest version and fix their + SECURITY DEFINER functions: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-db/postgresql"
+
+ In order to fix the SECURITY DEFINER functions, PostgreSQL users are
+ advised to refer to the PostgreSQL documentation:
+ ImageMagick is a collection of tools allowing various manipulations on + image files. +
++ iDefense Labs has discovered multiple integer overflows in ImageMagick + in the functions ReadDCMImage() and ReadXWDImage(), that are used to + process DCM and XWD files. +
++ An attacker could entice a user to open specially crafted XWD or DCM + file, resulting in heap-based buffer overflows and possibly the + execution of arbitrary code with the privileges of the user running + ImageMagick. Note that this user may be httpd or any other account used + by applications relying on the ImageMagick tools to automatically + process images. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.3"
+ + XScreenSaver is a widely used screen saver collection shipped on + systems running the X11 Window System. +
++ XScreenSaver incorrectly handles the results of the getpwuid() function + in drivers/lock.c when using directory servers during a network outage. +
++ A local user can crash XScreenSaver by preventing network connectivity + if the system uses a remote directory service for credentials such as + NIS or LDAP, which will unlock the screen. +
++ There is no known workaround at this time. +
++ All XScreenSaver users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/xscreensaver-5.02"
+ + Samba is a suite of SMB and CIFS client/server programs for UNIX. +
++ Samba contains a logical error in the smbd daemon when translating + local SID to user names (CVE-2007-2444). Furthermore, Samba contains + several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446). + Lastly, Samba fails to properly sanitize remote procedure input + provided via Microsoft Remote Procedure Calls (CVE-2007-2447). +
++ A remote attacker could exploit these vulnerabilities to gain root + privileges via various vectors. +
++ There is no known workaround at this time. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.24-r2"
+ + PhpWiki is an open source content management system written in PHP. +
++ Harold Hallikainen has reported that the Upload page fails to properly + check the extension of a file. +
++ A remote attacker could upload a specially crafted PHP file to the + vulnerable server, resulting in the execution of arbitrary PHP code + with the privileges of the user running PhpWiki. +
++ There is no known workaround at this time. +
++ All PhpWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r3"
+ + mod_security is an Apache module designed for enhancing the security of + the Apache web server. +
++ Stefan Esser discovered that mod_security processes NULL characters as + terminators in POST requests using the + application/x-www-form-urlencoded encoding type, while other parsers + used in web applications do not. +
++ A remote attacker could send a specially crafted POST request, possibly + bypassing the module ruleset and leading to the execution of arbitrary + code in the scope of the web server with the rights of the user running + the web server. +
++ There is no known workaround at this time. +
++ All mod_security users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.1.1"
+ + PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. +
++ James Cameron from HP has reported a vulnerability in PPTPD caused by + malformed GRE packets. +
++ A remote attacker could exploit this vulnerability to cause a Denial of + Service on the PPTPD connection. +
++ There is no known workaround at this time. +
++ All PPTPD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/pptpd-1.3.4"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ Several vulnerabilities were found in PHP, most of them during the + Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these + vulnerabilities are integer overflows in wbmp.c from the GD library + (CVE-2007-1001) and in the substr_compare() PHP 5 function + (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in + the make_http_soap_request() and in the user_filter_factory_create() + functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev + discovered another buffer overflow in the bundled XMLRPC library + (CVE-2007-1864). Additionally, the session_regenerate_id() and the + array_user_key_compare() functions contain a double-free vulnerability + (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation + errors in the Zend engine, in the mb_parse_str(), the unserialize() and + the mail() functions and other elements. +
++ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +
++ There is no known workaround at this time. +
++ All PHP 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.2"
+ + All PHP 4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.7"
+ + Blackdown provides implementations of the Java Development Kit (JDK) + and the Java Runtime Environment (JRE). +
++ Chris Evans has discovered multiple buffer overflows in the Sun JDK and + the Sun JRE possibly related to various AWT and font layout functions. + Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK + and the Sun JRE relating to unintended applet data access. He has also + discovered multiple other unspecified vulnerabilities in the Sun JDK + and the Sun JRE allowing unintended Java applet or application resource + acquisition. Additionally, a memory corruption error has been found in + the handling of GIF images with zero width field blocks. +
++ An attacker could entice a user to run a specially crafted Java applet + or application that could read, write, or execute local files with the + privileges of the user running the JVM, access data maintained in other + Java applets, or escalate the privileges of the currently running Java + applet or application allowing for unauthorized access to system + resources. +
++ Disable the "nsplugin" USE flag in order to prevent web applets from + being run. +
++ Since there is no fixed update from Blackdown and since the flaw only + occurs in the applets, the "nsplugin" USE flag has been masked in the + portage tree. Emerge the ebuild again in order to fix the + vulnerability. Another solution is to switch to another Java + implementation such as the Sun implementation (dev-java/sun-jdk and + dev-java/sun-jre-bin). +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-java/blackdown-jdk"
+ # emerge --ask --oneshot --verbose "dev-java/blackdown-jre"
+ + MPlayer is a media player incuding support for a wide range of audio + and video formats. +
++ A buffer overflow has been reported in the DMO_VideoDecoder_Open() + function in file loader/dmo/DMO_VideoDecoder.c. Another buffer overflow + has been reported in the DS_VideoDecoder_Open() function in file + loader/dshow/DS_VideoDecoder.c. +
++ A remote attacker could entice a user to open a specially crafted video + file, potentially resulting in the execution of arbitrary code with the + privileges of the user running MPlayer. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20070321"
+ + FreeType is a True Type Font rendering library. +
++ Victor Stinner discovered a heap-based buffer overflow in the function + Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with + a negative n_points attribute. +
++ A remote attacker could entice a user to open a specially crafted TTF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running FreeType. +
++ There is no known workaround at this time. +
++ All FreeType users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.4-r2"
+ + The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +
++ An unspecified vulnerability involving an "incorrect use of system + classes" was reported by the Fujitsu security team. Additionally, Chris + Evans from the Google Security Team reported an integer overflow + resulting in a buffer overflow in the ICC parser used with JPG or BMP + files, and an incorrect open() call to /dev/tty when processing certain + BMP files. +
++ A remote attacker could entice a user to run a specially crafted Java + class or applet that will trigger one of the vulnerabilities. This + could lead to the execution of arbitrary code outside of the Java + sandbox and of the Java security restrictions, or crash the Java + application or the browser. +
++ There is no known workaround at this time. +
++ All Sun Java Development Kit users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-java/sun-jdk"
+ + All Sun Java Runtime Environment users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin"
+ + libpng is a free ANSI C library used to process and manipulate PNG + images. +
++ Mats Palmgren fixed an error in file pngrutil.c in which the trans[] + array might be not allocated because of images with a bad tRNS chunk + CRC value. +
++ A remote attacker could craft an image that when processed or viewed by + an application using libpng causes the application to terminate + abnormally. +
++ There is no known workaround at this time. +
++ Please note that due to separate bugs in libpng 1.2.17, Gentoo does not + provide libpng-1.2.17 but libpng-1.2.18. All libpng users should + upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.18"
+ + file is a utility that guesses a file format by scanning binary data + for patterns. +
++ Colin Percival from FreeBSD reported that the previous fix for the + file_printf() buffer overflow introduced a new integer overflow. +
++ A remote attacker could entice a user to run the file program on an + overly large file (more than 1Gb) that would trigger an integer + overflow on 32-bit systems, possibly leading to the execution of + arbitrary code with the rights of the user running file. +
++ There is no known workaround at this time. +
++ Since file is a system package, all Gentoo users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-4.21"
+ + libexif is a library for parsing, editing and saving Exif data. +
++ Victor Stinner reported an integer overflow in the + exif_data_load_data_entry() function from file exif-data.c while + handling Exif data. +
++ An attacker could entice a user to process a file with specially + crafted Exif extensions with an application making use of libexif, + which will trigger the integer overflow and potentially execute + arbitrary code or crash the application. +
++ There is no known workaround at this time. +
++ All libexif users should upgrade to the latest version. Please note + that users upgrading from "<=media-libs/libexif-0.6.13" should also run + revdep-rebuild after their upgrade. +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.15"
+ # revdep-rebuild --library=/usr/lib/libexif.so
+ + Evolution is the mail client of the GNOME desktop environment. +
++ Ulf Harnhammar from Secunia Research has discovered a format string + error in the write_html() function in the file + calendar/gui/e-cal-component-memo-preview.c. +
++ A remote attacker could entice a user to open a specially crafted + shared memo, possibly resulting in the execution of arbitrary code with + the privileges of the user running Evolution. +
++ There is no known workaround at this time. +
++ All Evolution users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.8.3-r2"
+ + ELinks is a text-mode web browser. +
++ Arnaud Giersch discovered that the "add_filename_to_string()" function + in file intl/gettext/loadmsgcat.c uses an untrusted relative path, + allowing for a format string attack with a malicious .po file. +
++ A local attacker could entice a user to run ELinks in a specially + crafted directory environment containing a malicious ".po" file, + possibly resulting in the execution of arbitrary code with the + privileges of the user running ELinks. +
++ There is no known workaround at this time. +
++ All ELinks users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/elinks-0.11.2-r1"
+ + The MadWifi driver provides support for Atheros based IEEE 802.11 + Wireless Lan cards. +
++ Md Sohail Ahmad from AirTight Networks has discovered a divison by zero + in the ath_beacon_config() function (CVE-2007-2830). The vendor has + corrected an input validation error in the + ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() + functions(CVE-207-2831), and an input sanitization error when parsing + nested 802.3 Ethernet frame lengths (CVE-2007-2829). +
++ An attacker could send specially crafted packets to a vulnerable host + to exploit one of these vulnerabilities, possibly resulting in the + execution of arbitrary code with root privileges, or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All MadWifi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3.1"
+ + ClamAV is a GPL virus scanner. +
++ Several vulnerabilities were discovered in ClamAV by various + researchers: +
++ A remote attacker could send a specially crafted file to the scanner, + possibly triggering one of the vulnerabilities. The two buffer + overflows are reported to only cause Denial of Service. This would lead + to a Denial of Service by CPU consumption or a crash of the scanner. + The insecure temporary file creation vulnerability could be used by a + local user to access sensitive data. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90.3"
+ + Mozilla Firefox is an open-source web browser from the Mozilla Project, + and Mozilla Thunderbird an email client. The SeaMonkey project is a + community effort to deliver production-quality releases of code derived + from the application formerly known as the 'Mozilla Application Suite'. + XULRunner is a Mozilla runtime package that can be used to bootstrap + XUL+XPCOM applications like Firefox and Thunderbird. +
++ Mozilla developers fixed several bugs involving memory corruption + through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, + several errors leading to crash, memory exhaustion or CPU consumption + were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to + the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and + spoofing prevention (CVE-2007-2871) were fixed. +
++ A remote attacker could entice a user to view a specially crafted web + page that will trigger one of the vulnerabilities, possibly leading to + the execution of arbitrary code or a Denial of Service. It is also + possible for an attacker to spoof the address bar or other browser + elements, obtain sensitive APOP information, or perform cross-site + scripting attacks, leading to the exposure of sensitive information, + like user credentials. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.4"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.4"
+ + All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.4"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.4"
+ + All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.2"
+ + All SeaMonkey binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.2"
+ + All XULRunner users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.4"
+ + PHProjekt is a project management and coordination tool written in PHP. +
++ Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in + PHProjekt, including the execution of arbitrary SQL commands using + unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code + using an unrestricted file upload (CVE-2007-1639), cross-site request + forgeries using different modules (CVE-2007-1638), and a cross-site + scripting attack using unkown vectors (CVE-2007-1576). +
++ An authenticated user could elevate their privileges by exploiting the + vulnerabilities described above. Note that the magic_quotes_gpc PHP + configuration setting must be set to "off" to exploit these + vulnerabilities. +
++ There is no known workaround at this time. +
++ All PHProjekt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phprojekt-5.2.1"
+ + emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development + Kit. +
++ Chris Evans of the Google Security Team has discovered an integer + overflow in the ICC parser, and another vulnerability in the BMP + parser. An unspecified vulnerability involving an "incorrect use of + system classes" was reported by the Fujitsu security team. +
++ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the execution of arbitrary code with the + privileges of the user running Emul-linux-x86-java. They also could + entice a user to open a specially crafted BMP image, resulting in a + Denial of Service. Note that these vulnerabilities may also be + triggered by a tool processing image files automatically. +
++ There is no known workaround at this time. +
++ All Emul-linux-x86-java users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.11"
+ + libexif is a library for parsing, editing and saving EXIF metadata from + images. +
++ iDefense Labs have discovered that the exif_data_load_data_entry() + function in libexif/exif-data.c improperly handles integer data while + working with an image with many EXIF components, allowing an integer + overflow possibly leading to a heap-based buffer overflow. +
++ An attacker could entice a user of an application making use of a + vulnerable version of libexif to load a specially crafted image file, + possibly resulting in a crash of the application or the execution of + arbitrary code with the rights of the user running the application. +
++ There is no known workaround at this time. +
++ All libexif users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.16"
+ + Firebird is an open source relational database that runs on Linux, + Windows, and various UNIX systems. +
++ Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow + when processing "connect" requests with an overly large "p_cnct_count" + value. +
++ An unauthenticated remote attacker could send a specially crafted + request to a vulnerable server, possibly resulting in the execution of + arbitrary code with the privileges of the user running Firebird. +
++ There is no known workaround at this time. +
++ All Firebird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.1"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ John Heasman of NGSSoftware has discovered a heap-based buffer overflow + when parsing the "prdata" tag in RTF files where the first token is + smaller than the second one (CVE-2007-0245). Additionally, the + OpenOffice binary program is shipped with a version of FreeType that + contains an integer signedness error in the n_points variable in file + truetype/ttgload.c, which was covered by GLSA 200705-22 + (CVE-2007-2754). +
++ A remote attacker could entice a user to open a specially crafted + document, possibly leading to execution of arbitrary code with the + rights of the user running OpenOffice.org. +
++ There is no known workaround at this time. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.2.1"
+ + All OpenOffice.org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.1"
+ + Evolution is the mail client of the GNOME desktop environment. Camel is + the Evolution Data Server module that handles mail functions. +
++ The imap_rescan() function of the file camel-imap-folder.c does not + properly sanitize the "SEQUENCE" response sent by an IMAP server before + being used to index arrays. +
++ A malicious or compromised IMAP server could trigger the vulnerability + and execute arbitrary code with the permissions of the user running + Evolution. +
++ There is no known workaround at this time. +
++ All Evolution users should upgrade evolution-data-server to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "gnome-extra/evolution-data-server"
+ + The GNU C library is the standard C library used by Gentoo Linux + systems. It provides programs with basic facilities and interfaces to + system calls. ld.so is the dynamic linker which prepares dynamically + linked programs for execution by resolving runtime dependencies and + related functions. +
++ Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in + the handling of the hardware capabilities mask by the dynamic loader. + If a mask is specified with a high population count, an integer + overflow could occur when allocating memory. +
++ As the hardware capabilities mask is honored by the dynamic loader + during the execution of suid and sgid programs, in theory this + vulnerability could result in the execution of arbitrary code with root + privileges. This update is provided as a precaution against currently + unknown attack vectors. +
++ There is no known workaround at this time. +
++ All users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.5-r4"
+ + Webmin is a web-based administrative interface for Unix-like systems. + Usermin is a simplified version of Webmin designed for use by normal + users rather than system administrators. +
++ The pam_login.cgi file does not properly sanitize user input before + sending it back as output to the user. +
++ An unauthenticated attacker could entice a user to browse a specially + crafted URL, allowing for the execution of script code in the context + of the user's browser and for the theft of browser credentials. This + may permit the attacker to login to Webmin or Usermin with the user's + permissions. +
++ There is no known workaround at this time. +
++ All Webmin users should update to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=app-admin/webmin-1.350"
+ + All Usermin users should update to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=app-admin/usermin-1.280"
+ + XnView is software to view and convert graphics files. XPixMap (XPM) is + a simple ascii-based graphics format. +
++ XnView is vulnerable to a stack-based buffer overflow while processing + an XPM file with an overly long section string (greater than 1024 + bytes). +
++ An attacker could entice a user to view a specially crafted XPM file + with XnView that could trigger the vulnerability and possibly execute + arbitrary code with the rights of the user running XnView. +
++ There is no known workaround at this time. +
++ No update appears to be forthcoming from the XnView developer and + XnView is proprietary, so the XnView package has been masked in + Portage. We recommend that users select an alternate graphics viewer + and conversion utility, and unmerge XnView: +
+
+ # emerge --unmerge xnview
+ + MPlayer is a media player incuding support for a wide range of audio + and video formats. +
++ Stefan Cornelius and Reimar Doffinger of Secunia Research discovered + several boundary errors in the functions cddb_query_parse(), + cddb_parse_matches_list() and cddb_read_parse(), each allowing for a + stack-based buffer overflow. +
++ A remote attacker could entice a user to open a specially crafted file + with malicious CDDB entries, possibly resulting in the execution of + arbitrary code with the privileges of the user running MPlayer. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20070622"
+ + NVClock is an utility for changing NVidia graphic chipsets internal + frequency. +
++ Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock + makes usage of an insecure temporary file in the /tmp directory. +
++ A local attacker could create a specially crafted temporary file in + /tmp to execute arbitrary code with the privileges of the user running + NVCLock. +
++ There is no known workaround at this time. +
++ All NVClock users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/nvclock-0.7-r2"
+ + GIMP is the GNU Image Manipulation Program. +
++ Sean Larsson from iDefense Labs discovered multiple integer overflows + in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia + Research discovered an integer overflow in the + seek_to_and_unpack_pixeldata() function when processing PSD files + (CVE-2007-2949). +
++ A remote attacker could entice a user to open a specially crafted image + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running GIMP. +
++ There is no known workaround at this time. +
++ All GIMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.2.16"
+ + Festival is a text-to-speech accessibility program. +
++ Konstantine Shirow reported a vulnerability in default Gentoo + configurations of Festival. The daemon is configured to run with root + privileges and to listen on localhost, without requiring a password. +
++ A local attacker could gain root privileges by connecting to the daemon + and execute arbitrary commands. +
++ Set a password in the configuration file /etc/festival/server.scm by + adding the line: (set! server_passwd password) +
++ All Festival users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-accessibility/festival-1.95_beta-r4"
+ + MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +
++ kadmind is affected by multiple vulnerabilities in the RPC library + shipped with MIT Kerberos 5. It fails to properly handle zero-length + RPC credentials (CVE-2007-2442) and the RPC library can write past the + end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to + do proper bounds checking (CVE-2007-2798). +
++ A remote unauthenticated attacker could exploit these vulnerabilities + to execute arbitrary code with root privileges. +
++ There is no known workaround at this time. +
++ All MIT Kerberos 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.2-r3"
+ + VLC media player is a multimedia player for various audio and video + formats. +
++ David Thiel from iSEC Partners Inc. discovered format string errors in + various plugins when parsing data. The affected plugins include Vorbis, + Theora, CDDA and SAP. +
++ A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running VLC media player. +
++ There is no known workaround at this time. +
++ All VLC media player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6c"
+ + Fail2ban is a tool for parsing log files and banning IP addresses which + make too many password failures. +
++ A vulnerability has been discovered in Fail2ban when parsing log files. +
++ A remote attacker could send specially crafted SSH login banners to the + vulnerable host, which would prevent any ssh connection to the host and + result in a Denial of Service. +
++ There is no known workaround at this time. +
++ All Fail2ban users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.8.0-r1"
+ + tcpdump is a tool for capturing and inspecting network traffic. +
++ mu-b from Digital Labs discovered that the return value of a snprintf() + call is not properly checked before being used. This could lead to an + integer overflow. +
++ A remote attacker could send specially crafted BGP packets on a network + being monitored with tcpdump, possibly resulting in the execution of + arbitrary code with the privileges of the user running tcpdump, which + is usually root. +
++ There is no known workaround at this time. +
++ All tcpdump users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.9.5-r3"
+ + The Macromedia Flash Player is a renderer for the popular SWF file type + which is commonly used to provide interactive websites, digital + experiences and mobile content. +
++ Mark Hills discovered some errors when interacting with a browser for + keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon + from Minded Security discovered a boundary error when processing FLV + files (CVE-2007-3456). An input validation error when processing HTTP + referrers has also been reported (CVE-2007-3457). +
++ A remote attacker could entice a user to open a specially crafted file, + possibly leading to the execution of arbitrary code with the privileges + of the user running the Macromedia Flash Player, or sensitive data + access. +
++ There is no known workaround at this time. +
++ All Macromedia Flash Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-9.0.48.0"
+ + Xvid is a popular open source video codec licensed under the GPL. +
++ Trixter Jack discovered an array indexing error in the + get_intra_block() function in the file src/bitstream/mbcoding.c. The + get_inter_block_h263() and get_inter_block_mpeg() functions in the same + file were also reported as vulnerable. +
++ An attacker could exploit these vulnerabilities to execute arbitrary + code by tricking a user or automated system into processing a malicious + video file with an application that makes use of the Xvid library. +
++ There is no known workaround at this time. +
++ All Xvid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xvid-1.1.3"
+ + libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +
++ CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer + overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL + pointer dereference (CVE-2007-3645) within the processing of archives + having corrupted PaX extension headers. +
++ An attacker can trick a user or automated system to process an archive + with malformed PaX extension headers into execute arbitrary code, crash + an application using the library, or cause a high CPU load. +
++ There is no known workaround at this time. +
++ All libarchive or bsdtar users should upgrade to the latest libarchive + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/libarchive-2.2.4"
+ + ClamAV is a GPL virus scanner. +
++ Metaeye Security Group reported a NULL pointer dereference in ClamAV + when processing RAR archives. +
++ A remote attacker could send a specially crafted RAR archive to the + clamd daemon, resulting in a crash and a Denial of Service. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91"
+ + GD is a graphic library for fast image creation. +
++ Xavier Roche discovered an infinite loop in the gdPngReadData() + function when processing a truncated PNG file (CVE-2007-2756). An + integer overflow has been discovered in the gdImageCreateTrueColor() + function (CVE-2007-3472). An error has been discovered in the function + gdImageCreateXbm() function (CVE-2007-3473). Unspecified + vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). + An error has been discovered when processing a GIF image that has no + global color map (CVE-2007-3475). An array index error has been + discovered in the file gd_gif_in.c when processing images with an + invalid color index (CVE-2007-3476). An error has been discovered in + the imagearc() and imagefilledarc() functions when processing overly + large angle values (CVE-2007-3477). A race condition has been + discovered in the gdImageStringFTEx() function (CVE-2007-3478). +
++ A remote attacker could exploit one of these vulnerabilities to cause a + Denial of Service or possibly execute arbitrary code with the + privileges of the user running GD. +
++ There is no known workaround at this time. +
++ All GD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gd-2.0.35"
+ + Net::DNS is a Perl implementation of a DNS resolver. +
++ hjp discovered an error when handling DNS query IDs which make them + partially predictable. Steffen Ullrich discovered an error in the + dn_expand() function which could lead to an endless loop. +
++ A remote attacker could send a specially crafted DNS request to the + server which could result in a Denial of Service with an infinite + recursion, or perform a cache poisoning attack. +
++ There is no known workaround at this time. +
++ All Net::DNS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/Net-DNS-0.60"
+ + Xfce Terminal is a console tool for the Xfce desktop environment. +
++ Lasse Karkkainen discovered that the function terminal_helper_execute() + in file terminal-helper.c does not properly escape the URIs before + processing. +
++ A remote attacker could entice a user to open a specially crafted link, + possibly leading to the remote execution of arbitrary code with the + privileges of the user running Xfce Terminal. Note that the exploit + code depends on the browser used to open the crafted link. +
++ There is no known workaround at this time. +
++ All Xfce Terminal users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/terminal-0.2.6_p25931"
+ + SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP protocols. +
++ The functions deletekey(), gpg_check_sign_pgp_mime() and gpg_recv_key() + used in the SquirrelMail G/PGP encryption plugin do not properly escape + user-supplied data. +
++ An authenticated user could use the plugin to execute arbitrary code on + the server, or a remote attacker could send a specially crafted e-mail + to a SquirrelMail user, possibly leading to the execution of arbitrary + code with the privileges of the user running the underlying web server. + Note that the G/PGP plugin is disabled by default. +
++ Enter the SquirrelMail configuration directory + (/usr/share/webapps/squirrelmail/version/htdocs/config), then execute + the conf.pl script. Select the plugins menu, then select the gpg plugin + item number in the "Installed Plugins" list to disable it. Press S to + save your changes, then Q to quit. +
++ All SquirrelMail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.10a-r2"
+ + Mozilla Firefox is an open-source web browser from the Mozilla Project, + and Mozilla Thunderbird an email client. The SeaMonkey project is a + community effort to deliver production-quality releases of code derived + from the application formerly known as the 'Mozilla Application Suite'. + XULRunner is a Mozilla runtime package that can be used to bootstrap + XUL+XPCOM applications like Firefox and Thunderbird. +
++ Mozilla developers fixed several bugs, including an issue with + modifying XPCNativeWrappers (CVE-2007-3738), a problem with event + handlers executing elements outside of the document (CVE-2007-3737), + and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They + also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and + an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 + redirects (CVE-2007-3656). Denials of Service involving corrupted + memory were fixed in the browser engine (CVE-2007-3734) and the + JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability + caused by a regression in the CVE-2007-3089 patch was fixed + (CVE-2007-3844). +
++ A remote attacker could entice a user to view a specially crafted web + page that will trigger one of the vulnerabilities, possibly leading to + the execution of arbitrary code or a Denial of Service. It is also + possible for an attacker to perform cross-site scripting attacks, which + could result in the exposure of sensitive information such as login + credentials. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.6"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.6"
+ + All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.6"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.6"
+ + All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.4"
+ + All SeaMonkey binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.4"
+ + All XULRunner users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.6"
+ + MySQL is a popular multi-threaded, multi-user SQL server. +
++ Dormando reported a vulnerability within the handling of password + packets in the connection protocol (CVE-2007-3780). Andrei Elkin also + found that the "CREATE TABLE LIKE" command didn't require SELECT + privileges on the source table (CVE-2007-3781). +
++ A remote unauthenticated attacker could use the first vulnerability to + make the server crash. The second vulnerability can be used by + authenticated users to obtain information on tables they are not + normally able to access. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.44"
+ + Lighttpd is a lightweight HTTP web server. +
++ Stefan Esser discovered errors with evidence of memory corruption in + the code parsing the headers. Several independent researchers also + reported errors involving the handling of HTTP headers, the mod_auth + and mod_scgi modules, and the limitation of active connections. +
++ A remote attacker can trigger any of these vulnerabilities by sending + malicious data to the server, which may lead to a crash or memory + exhaustion, and potentially the execution of arbitrary code. + Additionally, access-deny settings can be evaded by appending a final / + to a URL. +
++ There is no known workaround at this time. +
++ All Lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.16"
+ + Wireshark is a network protocol analyzer with a graphical front-end. +
++ Wireshark doesn't properly handle chunked encoding in HTTP responses + (CVE-2007-3389), iSeries capture files (CVE-2007-3390), certain types + of DCP ETSI packets (CVE-2007-3391), and SSL or MMS packets + (CVE-2007-3392). An off-by-one error has been discovered in the + DHCP/BOOTP dissector when handling DHCP-over-DOCSIS packets + (CVE-2007-3393). +
++ A remote attacker could send specially crafted packets on a network + being monitored with Wireshark, possibly resulting in the execution of + arbitrary code with the privileges of the user running Wireshark which + might be the root user, or a Denial of Service. +
++ In order to prevent root compromise, take network captures with tcpdump + and analyze them running Wireshark as a least privileged user. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.6"
+ + ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +
++ Amit Klein from Trusteer reported that the random number generator of + ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs + in the resolver routine or in zone transfer queries (CVE-2007-2926). + Additionally, the default configuration file has been strengthen with + respect to the allow-recursion{} and the allow-query{} options + (CVE-2007-2925). +
++ A remote attacker can use this weakness by sending queries for a domain + he handles to a resolver (directly to a recursive server, or through + another process like an email processing) and then observing the + resulting IDs of the iterative queries. The attacker will half the time + be able to guess the next query ID, then perform cache poisoning by + answering with those guessed IDs, while spoofing the UDP source address + of the reply. Furthermore, with empty allow-recursion{} and + allow-query{} options, the default configuration allowed anybody to + make recursive queries and query the cache. +
++ There is no known workaround at this time for the random generator + weakness. The allow-recursion{} and allow-query{} options should be set + to trusted hosts only in /etc/bind/named.conf, thus preventing several + security risks. +
++ All ISC BIND users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.1_p1"
+ + The NVIDIA drivers provide support for NVIDIA graphic boards. +
++ Gregory Shikhman discovered that the default Gentoo setup of NVIDIA + drivers creates the /dev/nvidia* with insecure file permissions. +
++ A local attacker could send arbitrary values into the devices, possibly + resulting in hardware damage on the graphic board or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All NVIDIA drivers users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"
+ + Apache mod_jk is a connector for the Tomcat web server. +
++ Apache mod_jk decodes the URL within Apache before passing them to + Tomcat, which decodes them a second time. +
++ A remote attacker could browse a specially crafted URL on an Apache + server running mod_jk, possibly gaining access to restricted resources. +
++ There is no known workaround at this time. +
++ All Apache mod_jk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.23"
+ + Qt is a cross-platform GUI framework, which is used e.g. by KDE. +
++ Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE + reported multiple format string errors in qWarning() calls in files + qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, + qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp. +
++ An attacker could trigger one of the vulnerabilities by causing a Qt + application to parse specially crafted text, which may lead to the + execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Qt 3 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=x11-libs/qt-3*"
+ + Opera is a multi-platform web browser. +
++ An error known as "a virtual function call on an invalid pointer" has + been discovered in the JavaScript engine (CVE-2007-4367). Furthermore, + iDefense Labs reported that an already-freed pointer may be still used + under unspecified circumstances in the BitTorrent support + (CVE-2007-3929). At last, minor other errors have been discovered, + relative to memory read protection (Opera Advisory 861) and URI + displays (CVE-2007-3142, CVE-2007-3819). +
++ A remote attacker could trigger the BitTorrent vulnerability by + enticing a user into starting a malicious BitTorrent download, and + execute arbitrary code through unspecified vectors. Additionally, a + specially crafted JavaScript may trigger the "virtual function" + vulnerability. The JavaScript engine can also access previously freed + but uncleaned memory. Finally, a user can be fooled with a too long + HTTP server name that does not fit the dialog box, or a URI containing + whitespaces. +
++ There is no known workaround at this time for all these + vulnerabilities. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.23"
+ + MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. kadmind is the MIT Kerberos 5 administration daemon. +
++ A stack buffer overflow (CVE-2007-3999) has been reported in + svcauth_gss_validate() of the RPC library of kadmind. Another + vulnerability (CVE-2007-4000) has been found in + kadm5_modify_policy_internal(), which does not check the return values + of krb5_db_get_policy() correctly. +
++ The RPC related vulnerability can be exploited by a remote + unauthenticated attacker to execute arbitrary code with root privileges + on the host running kadmind. The second vulnerability requires the + remote attacker to be authenticated and to have "modify policy" + privileges. It could then also allow for the remote execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All MIT Kerberos 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.3-r1"
+ + KVIrc is a free portable IRC client based on Qt. +
++ Stefan Cornelius from Secunia Research discovered that the + "parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does + not properly sanitise parts of the URI when building the command for + KVIrc's internal script system. +
++ A remote attacker could entice a user to open a specially crafted + irc:// URI, possibly leading to the remote execution of arbitrary code + with the privileges of the user running KVIrc. Successful exploitation + requires that KVIrc is registered as the default handler for irc:// or + similar URIs. +
++ There is no known workaround at this time. +
++ All KVIrc users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/kvirc-3.2.6_pre20070714"
+ + Streamripper is a tool for extracting and recording mp3 files from a + Shoutcast stream. +
++ Chris Rohlf discovered several boundary errors in the + httplib_parse_sc_header() function when processing HTTP headers. +
++ A remote attacker could entice a user to connect to a malicious + streaming server, resulting in the execution of arbitrary code with the + privileges of the user running Streamripper. +
++ There is no known workaround at this time. +
++ All Streamripper users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.62.2"
+ + po4a is a set of tools for helping with the translation of + documentation. +
++ The po4a development team reported a race condition in the gettextize() + function when creating the file "/tmp/gettextization.failed.po". +
++ A local attacker could perform a symlink attack, possibly overwriting + files with the permissions of the user running po4a. +
++ There is no known workaround at this time. +
++ All po4a users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/po4a-0.32-r1"
+ + RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +
++ A stack-based buffer overflow vulnerability has been reported in the + SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when + handling HH:mm:ss.f type time formats. +
++ By enticing a user to open a specially crafted SMIL (Synchronized + Multimedia Integration Language) file, an attacker could be able to + execute arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All RealPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.9"
+ + flac123 is a command-line application for playing FLAC audio files. +
++ A possible buffer overflow vulnerability has been reported in the + local__vcentry_parse_value() function in vorbiscomment.c. +
++ An attacker could entice a user to play a specially crafted audio file, + which could lead to the execution of arbitrary code with the privileges + of the user running the application. +
++ There is no known workaround at this time. +
++ All flac123 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/flac123-0.0.11"
+ + Eggdrop is an IRC bot extensible with C or Tcl. +
++ Bow Sineath discovered a boundary error in the file + mod/server.mod/servrmsg.c when processing overly long private messages + sent by an IRC server. +
++ A remote attacker could entice an Eggdrop user to connect the bot to a + malicious server, possibly resulting in the execution of arbitrary code + on the host running Eggdrop. +
++ There is no known workaround at this time. +
++ All Eggdrop users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3"
+ + id3lib is an open-source, cross-platform software development library + for reading, writing, and manipulating ID3v1 and ID3v2 tags. +
++ Nikolaus Schulz discovered that the function RenderV2ToFile() in file + src/tag_file.cpp creates temporary files in an insecure manner. +
++ A local attacker could exploit this vulnerability via a symlink attack + to overwrite arbitrary files. +
++ There is no known workaround at this time. +
++ All id3lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/id3lib-3.8.3-r6"
+ + The GNU Tar program provides the ability to create tar archives, as + well as various other kinds of manipulation. +
++ Dmitry V. Levin discovered a directory traversal vulnerability in the + contains_dot_dot() function in file src/names.c. +
++ By enticing a user to extract a specially crafted tar archive, a remote + attacker could extract files to arbitrary locations outside of the + specified directory with the permissions of the user running GNU Tar. +
++ There is no known workaround at this time. +
++ All GNU Tar users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/tar-1.18-r2"
+ + PhpWiki is an application that creates a web site where anyone can edit + the pages through HTML forms. +
++ The PhpWiki development team reported an authentication error within + the file lib/WikiUser/LDAP.php when binding to an LDAP server with an + empty password. +
++ A remote attacker could provide an empty password when authenticating. + Depending on the LDAP implementation used, this could bypass the + PhpWiki authentication mechanism and grant the attacker access to the + application. +
++ There is no known workaround at this time. +
++ All PhpWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.14"
+ + GDM is the GNOME display manager. +
++ The result of a g_strsplit() call is incorrectly parsed in the files + daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and + gui/gdmflexiserver.c, allowing for a null pointer dereference. +
++ A local user could send a crafted message to /tmp/.gdm_socket that + would trigger the null pointer dereference and crash GDM, thus + preventing it from managing future displays. +
++ Restrict the write permissions on /tmp/.gdm_socket to trusted users + only after each GDM restart. +
++ All GDM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "gnome-base/gdm"
+ + Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +
++ Poppler and Xpdf are vulnerable to an integer overflow in the + StreamPredictor::StreamPredictor function, and a stack overflow in the + StreamPredictor::getNextLine function. The original vulnerability was + discovered by Maurycy Prodeus. Note: Gentoo's version of Xpdf is + patched to use the Poppler library, so the update to Poppler will also + fix Xpdf. +
++ By enticing a user to view a specially crafted program with a + Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, a + remote attacker could cause an overflow, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All Poppler users should upgrade to the latest version of Poppler: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.5.4-r2"
+ + rsync is a file transfer program to keep remote directories + synchronized. +
++ Sebastian Krahmer from the SUSE Security Team discovered two off-by-one + errors in the function "f_name()" in file sender.c when processing + overly long directory names. +
++ A remote attacker could entice a user to synchronize a repository + containing specially crafted directories, leading to the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All rsync users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.9-r3"
+ + Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +
++ Nikolaos Rangos discovered a vulnerability in ClamAV which exists + because the recipient address extracted from email messages is not + properly sanitized before being used in a call to "popen()" when + executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference + errors exist within the "cli_scanrtf()" function in libclamav/rtf.c and + Stefanos Stamatis discovered a NULL-pointer dereference vulnerability + within the "cli_html_normalise()" function in libclamav/htmlnorm.c + (CVE-2007-4510). +
++ The unsanitized recipient address can be exploited to execute arbitrary + code with the privileges of the clamav-milter process by sending an + email with a specially crafted recipient address to the affected + system. Also, the NULL-pointer dereference errors can be exploited to + crash ClamAV. Successful exploitation of the latter vulnerability + requires that clamav-milter is started with the "black hole" mode + activated, which is not enabled by default. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91.2"
+ + BEA JRockit provides tools, utilities, and a complete runtime + environment for developing and running applications using the Java + programming language. +
++ An integer overflow vulnerability exists in the embedded ICC profile + image parser (CVE-2007-2788), an unspecified vulnerability exists in + the font parsing implementation (CVE-2007-4381), and an error exists + when processing XSLT stylesheets contained in XSLT Transforms in XML + signatures (CVE-2007-3716), among other vulnerabilities. +
++ A remote attacker could trigger the integer overflow to execute + arbitrary code or crash the JVM through a specially crafted file. Also, + an attacker could perform unauthorized actions via an applet that + grants certain privileges to itself because of the font parsing + vulnerability. The error when processing XSLT stylesheets can be + exploited to execute arbitrary code. Other vulnerabilities could lead + to establishing restricted network connections to certain services, + Cross Site Scripting and Denial of Service attacks. +
++ There is no known workaround at this time for all these + vulnerabilities. +
++ All BEA JRockit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/jrockit-jdk-bin-1.5.0.11_p1"
+ + Lighttpd is a lightweight HTTP web server. +
++ Mattias Bengtsson and Philip Olausson have discovered a buffer overflow + vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c + when processing overly long HTTP headers. +
++ A remote attacker could send a specially crafted request to the + vulnerable Lighttpd server, resulting in the remote execution of + arbitrary code with privileges of the user running the web server. Note + that mod_fastcgi is disabled in Gentoo's default configuration. +
++ Edit the file /etc/lighttpd/lighttpd.conf and comment the following + line: "include mod_fastcgi.conf" +
++ All Lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.18"
+ + teTeX is a complete TeX distribution for editing documents. +
++ Mark Richters discovered a buffer overflow in the open_sty() function + in file mkind.c. Other vulnerabilities have also been discovered in the + same file but might not be exploitable (CVE-2007-0650). Tetex also + includes vulnerable code from GD library (GLSA 200708-05), and from + Xpdf (CVE-2007-3387). +
++ A remote attacker could entice a user to process a specially crafted + PNG, GIF or PDF file, or to execute "makeindex" on an overly long + filename. In both cases, this could lead to the remote execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All teTeX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/tetex-3.0_p1-r4"
+ + Bugzilla is a web application designed to help with managing software + development. +
++ Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not + properly sanitize the content of the "buildid" parameter when filing + bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla + 2.23.3 or later, hence the stable Gentoo Portage tree does not contain + these two vulnerabilities: Loic Minier reported that the + "Email::Send::Sendmail()" function does not properly sanitise "from" + email information before sending it to the "-f" parameter of + /usr/sbin/sendmail (CVE-2007-4538), and Frederic Buclin discovered that + the XML-RPC interface does not correctly check permissions in the + time-tracking fields (CVE-2007-4539). +
++ A remote attacker could trigger the "buildid" vulnerability by sending + a specially crafted form to Bugzilla, leading to a persistent XSS, thus + allowing for theft of credentials. With Bugzilla 2.23.3 or later, an + attacker could also execute arbitrary code with the permissions of the + web server by injecting a specially crafted "from" email address and + gain access to normally restricted time-tracking information through + the XML-RPC service. +
++ There is no known workaround at this time. +
++ All Bugzilla users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose www-apps/bugzilla
+ + librpcsecgss is an implementation of RPCSEC_GSS for secure RPC + communications. +
++ A stack based buffer overflow has been discovered in the + svcauth_gss_validate() function in file lib/rpc/svc_auth_gss.c when + processing an overly long string in a RPC message. +
++ A remote attacker could send a specially crafted RPC request to an + application relying on this library, e.g NFSv4 or Kerberos + (GLSA-200709-01), resulting in the execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All librpcsecgss users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/librpcsecgss-0.16"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip + Olausson reported integer overflows in the gdImageCreate() and + gdImageCreateTrueColor() functions of the GD library which can cause + heap-based buffer overflows (CVE-2007-3996). Gerhard Wagner discovered + an integer overflow in the chunk_split() function that can lead to a + heap-based buffer overflow (CVE-2007-2872). Its incomplete fix caused + incorrect buffer size calculation due to precision loss, also resulting + in a possible heap-based buffer overflow (CVE-2007-4661 and + CVE-2007-4660). A buffer overflow in the sqlite_decode_binary() of the + SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 + was not fixed correctly (CVE-2007-1887). +
++ Stefan Esser discovered an error in the zend_alter_ini_entry() function + handling a memory_limit violation (CVE-2007-4659). Stefan Esser also + discovered a flaw when handling interruptions with userspace error + handlers that can be exploited to read arbitrary heap memory + (CVE-2007-1883). Disclosure of sensitive memory can also be triggered + due to insufficient boundary checks in the strspn() and strcspn() + functions, an issue discovered by Mattias Bengtsson and Philip Olausson + (CVE-2007-4657) +
++ Stefan Esser reported incorrect validation in the FILTER_VALIDATE_EMAIL + filter of the Filter extension allowing arbitrary email header + injection (CVE-2007-1900). NOTE: This CVE was referenced, but not fixed + in GLSA 200705-19. +
++ Stanislav Malyshev found an error with unknown impact in the + money_format() function when processing "%i" and "%n" tokens + (CVE-2007-4658). zatanzlatan reported a buffer overflow in the + php_openssl_make_REQ() function with unknown impact when providing a + manipulated SSL configuration file (CVE-2007-4662). Possible memory + corruption when trying to read EXIF data in exif_read_data() and + exif_thumbnail() occurred with unknown impact. +
++ Several vulnerabilities that allow bypassing of open_basedir and other + restrictions were reported, including the glob() function + (CVE-2007-4663), the session_save_path(), ini_set(), and error_log() + functions which can allow local command execution (CVE-2007-3378), + involving the readfile() function (CVE-2007-3007), via the Session + extension (CVE-2007-4652), via the MySQL extension (CVE-2007-3997) and + in the dl() function which allows loading extensions outside of the + specified directory (CVE-2007-4825). +
++ Multiple Denial of Service vulnerabilities were discovered, including a + long "library" parameter in the dl() function (CVE-2007-4887), in + several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783), + in the setlocale() function (CVE-2007-4784), in the glob() and + fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point + exception in the wordwrap() function (CVE-2007-3998), a stack + exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop + caused by a specially crafted PNG image in the png_read_info() function + of libpng (CVE-2007-2756) and several issues related to array + conversion. +
++ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.4_p20070914-r2"
+ + libvorbis is the reference implementation of the Xiph.org Ogg Vorbis + audio file format. It is used by many applications for playback of Ogg + Vorbis files. +
++ David Thiel of iSEC Partners discovered a heap-based buffer overflow in + the _01inverse() function in res0.c and a boundary checking error in + the vorbis_info_clear() function in info.c (CVE-2007-3106 and + CVE-2007-4029). libvorbis is also prone to several Denial of Service + vulnerabilities in form of infinite loops and invalid memory access + with unknown impact (CVE-2007-4065 and CVE-2007-4066). +
++ A remote attacker could exploit these vulnerabilities by enticing a + user to open a specially crafted Ogg Vorbis file or network stream with + an application using libvorbis. This might lead to the execution of + arbitrary code with privileges of the user playing the file or a Denial + of Service by a crash or CPU consumption. +
++ There is no known workaround at this time. +
++ All libvorbis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.0"
+ + libsndfile is a library for reading and writing various formats of + audio files including WAV and FLAC. +
++ Robert Buchholz of the Gentoo Security team discovered that the + flac_buffer_copy() function does not correctly handle FLAC streams with + variable block sizes which leads to a heap-based buffer overflow + (CVE-2007-4974). +
++ A remote attacker could exploit this vulnerability by enticing a user + to open a specially crafted FLAC file or network stream with an + application using libsndfile. This might lead to the execution of + arbitrary code with privileges of the user playing the file. +
++ There is no known workaround at this time. +
++ All libsndfile users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.17-r1"
+ + QGit is a graphical interface to git repositories that allows you to + browse revisions history, view patch content and changed files. +
++ Raphael Marichez discovered that the DataLoader::doStart() method + creates temporary files in an insecure manner and executes them. +
++ A local attacker could perform a symlink attack, possibly overwriting + files or executing arbitrary code with the rights of the user running + QGit. +
++ There is no known workaround at this time. +
++ All QGit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/qgit-1.5.7"
+ + OpenSSL is an implementation of the Secure Socket Layer and Transport + Layer Security protocols. +
++ Moritz Jodeit reported an off-by-one error in the + SSL_get_shared_ciphers() function, resulting from an incomplete fix of + CVE-2006-3738. A flaw has also been reported in the + BN_from_montgomery() function in crypto/bn/bn_mont.c when performing + Montgomery multiplication. +
++ A remote attacker sending a specially crafted packet to an application + relying on OpenSSL could possibly execute arbitrary code with the + privileges of the user running the application. A local attacker could + perform a side channel attack to retrieve the RSA private keys. +
++ There is no known workaround at this time. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8e-r3"
+ + Tk is a toolkit for creating graphical user interfaces. +
++ Reinhard Max discovered a boundary error in Tk when processing an + interlaced GIF with two frames where the second is smaller than the + first one. +
++ A remote attacker could entice a user to open a specially crafted GIF + image with a Tk-based software, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Tk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.15-r1"
+ + KOffice is an integrated office suite for KDE. KWord is the KOffice + word processor. KPDF is a KDE-based PDF viewer included in the + kdegraphics package. +
++ KPDF includes code from xpdf that is vulnerable to an integer overflow + in the StreamPredictor::StreamPredictor() function. +
++ A remote attacker could entice a user to open a specially crafted PDF + file in KWord or KPDF that would exploit the integer overflow to cause + a stack-based buffer overflow in the StreamPredictor::getNextLine() + function, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All KOffice users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/koffice-1.6.3-r1"
+ + All KWord users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/kword-1.6.3-r1"
+ + All KDE Graphics Libraries users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.5.7-r1"
+ + All KPDF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.5.7-r1"
+ + NoMachine's NX establishes remote connections to X11 desktops over + small bandwidth links. NX and NX Node are the compression core + libraries, whereas NX is used by FreeNX and NX Node by the binary-only + NX servers. +
++ Chris Evans reported an integer overflow within the FreeType PCF font + file parser (CVE-2006-1861). NX and NX Node are vulnerable to this due + to shipping XFree86 4.3.0, which includes the vulnerable FreeType code. +
++ A remote attacker could exploit these integer overflows by enticing a + user to load a specially crafted PCF font file which might lead to the + execution of arbitrary code with the privileges of the user on the + machine running the NX server. +
++ There is no known workaround at this time. +
++ All NX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nx-3.0.0"
+ + All NX Node users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.0.0-r3"
+ + SKK is a Japanese input method for Emacs. +
++ skkdic-expr.c insecurely writes temporary files to a location in the + form $TMPDIR/skkdic$PID.{pag,dir,db}, where $PID is the process ID. +
++ A local attacker could create symbolic links in the directory where the + temporary files are written, pointing to a valid file somewhere on the + filesystem that is writable by the user running the SKK software. When + SKK writes the temporary file, the target valid file would then be + overwritten with the contents of the SKK temporary file. +
++ There is no known workaround at this time. +
++ All SKK Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-i18n/skktools-1.2-r1"
+ + The X.Org X11 X Font Server provides a standard mechanism for an X + server to communicate with a font renderer. +
++ iDefense reported that the xfs init script does not correctly handle a + race condition when setting permissions of a temporary file + (CVE-2007-3103). Sean Larsson discovered an integer overflow + vulnerability in the build_range() function possibly leading to a + heap-based buffer overflow when handling "QueryXBitmaps" and + "QueryXExtents" protocol requests (CVE-2007-4568). Sean Larsson also + discovered an error in the swap_char2b() function possibly leading to a + heap corruption when handling the same protocol requests + (CVE-2007-4990). +
++ The first issue would allow a local attacker to change permissions of + arbitrary files to be world-writable by performing a symlink attack. + The second and third issues would allow a local attacker to execute + arbitrary code with privileges of the user running the X Font Server, + usually xfs. +
++ There is no known workaround at this time. +
++ All X Font Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-apps/xfs-1.0.5"
+ + T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts. +
++ Hamid Ebadi discovered a boundary error in the + intT1_EnvGetCompletePath() function which can lead to a buffer overflow + when processing an overly long filename. +
++ A remote attacker could entice a user to open a font file with a + specially crafted filename, possibly leading to the execution of + arbitrary code with the privileges of the user running the application + using T1Lib. +
++ There is no known workaround at this time. +
++ All T1Lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/t1lib-5.0.2-r1"
+ + Ampache is a PHP-based tool for managing, updating and playing audio + files via a web interface. +
++ LT discovered that the "match" parameter in albums.php is not properly + sanitized before being processed. The Ampache development team also + reported an error when handling user sessions. +
++ A remote attacker could provide malicious input to the application, + possibly resulting in the execution of arbitrary SQL code. He could + also entice a user to open a specially crafted link to steal the user's + session. +
++ There is no known workaround at this time. +
++ All Ampache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/ampache-3.3.3.5"
+ + DenyHosts is designed to monitor SSH servers for repeated failed login + attempts. +
++ Daniel B. Cid discovered that DenyHosts used an incomplete regular + expression to parse failed login attempts, a different issue than GLSA + 200701-01. +
++ A remote unauthenticated attacker can add arbitrary hosts into the + blacklist, including the "all" keyword, by submitting specially crafted + version identification strings to the SSH server banner. An attacker + may use this to prevent legitimate users from accessing a host + remotely. +
++ There is no known workaround at this time. +
++ All DenyHosts users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6-r1"
+ + KDM is the Display Manager for the graphical desktop environment KDE. + It is part of the kdebase package. +
++ Kees Huijgen discovered an error when checking the credentials which + can lead to a login without specifying a password. This only occurs + when auto login is configured for at least one user and a password is + required to shut down the machine. +
++ A local attacker could gain root privileges and execute arbitrary + commands by logging in as root without specifying root's password. +
++ There is no known workaround at this time. +
++ All KDM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdm-3.5.7-r2"
+ + All kdebase users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdebase-3.5.7-r4"
+ + The X Window System is a graphical windowing system based on a + client/server model. +
++ Aaron Plattner discovered a buffer overflow in the compNewPixmap() + function when copying data from a large pixel depth pixmap into a + smaller pixel depth pixmap. +
++ A local attacker could execute arbitrary code with the privileges of + the user running the X server, typically root. +
++ Disable the Composite extension by setting ' Option "Composite" + "disable" ' in the Extensions section of xorg.conf. +
++ Note: This could affect the functionality of some applications. +
++ All X.Org X server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r1"
+ + Balsa is a highly configurable email client for GNOME. +
++ Evil Ninja Squirrel discovered a stack-based buffer overflow in the + ir_fetch_seq() function when receiving a long response to a FETCH + command (CVE-2007-5007). +
++ A remote attacker could entice a user to connect to a malicious or + compromised IMAP server, possibly leading to the execution of arbitrary + code with the rights of the user running Balsa. +
++ There is no known workaround at this time. +
++ All Balsa users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/balsa-2.3.20"
+ + util-linux is a suite of Linux programs including mount and umount, + programs used to mount and unmount filesystems. +
++ Ludwig Nussel discovered that the check_special_mountprog() and + check_special_umountprog() functions call setuid() and setgid() in the + wrong order and do not check the return values, which can lead to + privileges being dropped improperly. +
++ A local attacker may be able to exploit this vulnerability by using + mount helpers such as the mount.nfs program to gain root privileges and + run arbitrary commands. +
++ There is no known workaround at this time. +
++ All util-linux users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.12r-r8"
+ + The Sleuth Kit is a collection of file system and media management + forensic analysis tools. +
++ Jean-Sebastien Guay-Leroux reported an integer underflow in the + file_printf() function of the "file" utility which is bundled with The + Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not + affected by the improper fix for this vulnerability (identified as + CVE-2007-2799, see GLSA 200705-25) since version 4.20 of "file" was + never shipped with The Sleuth Kit ebuilds. +
++ A remote attacker could entice a user to run The Sleuth Kit on a file + system containing a specially crafted file that would trigger a + heap-based buffer overflow possibly leading to the execution of + arbitrary code with the rights of the user running The Sleuth Kit. +
++ There is no known workaround at this time. +
++ All The Sleuth Kit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-forensics/sleuthkit-2.0.9"
+ + PDFKit is a framework for rendering of PDF content in GNUstep + applications. ImageKits is a collection of frameworks to support + imaging in GNUstep applications. +
++ Maurycy Prodeus discovered an integer overflow vulnerability possibly + leading to a stack-based buffer overflow in the XPDF code which PDFKit + is based on. ImageKits also contains a copy of PDFKit. +
++ By enticing a user to view a specially crafted PDF file with a viewer + based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote + attacker could cause an overflow, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ PDFKit and ImageKits are not maintained upstream, so the packages were + masked in Portage. We recommend that users unmerge PDFKit and + ImageKits: +
+
+ # emerge --unmerge gnustep-libs/pdfkit
+ # emerge --unmerge gnustep-libs/imagekits
+ + As an alternative, users should upgrade their systems to use PopplerKit + instead of PDFKit and Vindaloo instead of ViewPDF. +
++ TikiWiki is an open source content management system written in PHP. +
++ ShAnKaR reported that input passed to the "f" array parameter in + tiki-graph_formula.php is not properly verified before being used to + execute PHP functions. +
++ An attacker could execute arbitrary code with the rights of the user + running the web server by passing a specially crafted parameter string + to the tiki-graph_formula.php file. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.8.1"
+ + TRAMP is a remote file editing package for GNU Emacs, a highly + extensible and customizable text editor. +
++ Stefan Monnier discovered that the tramp-make-tramp-temp-file() + function creates temporary files in an insecure manner. +
++ A local attacker could create symbolic links in the directory where the + temporary files are written, pointing to a valid file somewhere on the + filesystem that is writable by the user running TRAMP. When TRAMP + writes the temporary file, the target valid file would then be + overwritten with the contents of the TRAMP temporary file. +
++ There is no known workaround at this time. +
++ All TRAMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emacs/tramp-2.1.10-r2"
+ + The Star program provides the ability to create and extract tar + archives. +
++ Robert Buchholz of the Gentoo Security team discovered a directory + traversal vulnerability in the has_dotdot() function which does not + identify //.. (slash slash dot dot) sequences in file names inside tar + files. +
++ By enticing a user to extract a specially crafted tar archive, a remote + attacker could extract files to arbitrary locations outside of the + specified directory with the permissions of the user running Star. +
++ There is no known workaround at this time. +
++ All Star users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/star-1.5_alpha84"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ iDefense Labs reported that the TIFF parsing code uses untrusted values + to calculate buffer sizes, which can lead to an integer overflow + resulting in heap-based buffer overflow. +
++ A remote attacker could entice a user to open a specially crafted + document, possibly leading to execution of arbitrary code with the + privileges of the user running OpenOffice.org. +
++ There is no known workaround at this time. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.3.0"
+ + All OpenOffice.org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.3.0"
+ + MLDonkey is a peer-to-peer filesharing client that connects to several + different peer-to-peer networks, including Overnet and BitTorrent. +
++ The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so + that the MLDonkey service can run under a user with low privileges. + With older Portage versions this user is created with a valid login + shell and no password. +
++ A remote attacker could log into a vulnerable system as the p2p user. + This would require an installed login service that permitted empty + passwords, such as SSH configured with the "PermitEmptyPasswords yes" + option, a local login console, or a telnet server. +
++ See Resolution. +
++ Change the p2p user's shell to disallow login. For example, as root run + the following command: +
+
+ # usermod -s /bin/false p2p
+ + NOTE: updating to the current MLDonkey ebuild will not remove this + vulnerability, it must be fixed manually. The updated ebuild is to + prevent this problem from occurring in the future. +
++ The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides + drivers for HP's inkjet and laser printers, scanners and fax machines. + It integrates with the Common UNIX Printing System (CUPS) and Scanner + Access Now Easy (SANE). +
++ Kees Cook from the Ubuntu Security team discovered that the hpssd + daemon does not correctly validate user supplied data before passing it + to a "popen3()" call. +
++ A local attacker may be able to exploit this vulnerability by sending a + specially crafted request to the hpssd daemon to execute arbitrary + commands with the privileges of the user running hpssd, usually root. +
++ There is no known workaround at this time. +
++ All HPLIP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "net-print/hplip"
+ + ImageMagick is a collection of tools and libraries for manipulating + various image formats. +
++ regenrecht reported multiple infinite loops in functions ReadDCMImage() + and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when + handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an + off-by-one error in the ReadBlobString() function (CVE-2007-4987). +
++ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or an + excessive CPU consumption. Note that applications relying on + ImageMagick to process images can also trigger the vulnerability. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.5.10"
+ + Qt is a cross-platform GUI framework, which is used e.g. by KDE. +
++ Dirk Mueller from the KDE development team discovered a boundary error + in file qutfcodec.cpp when processing Unicode strings. +
++ A remote attacker could send a specially crafted Unicode string to a + vulnerable Qt application, possibly resulting in the remote execution + of arbitrary code with the privileges of the user running the + application. Note that the boundary error is present but reported to be + not exploitable in 4.x series. +
++ There is no known workaround at this time. +
++ All Qt 3.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.8-r4"
+ + Sylpheed and Claws Mail are two GTK based e-mail clients. +
++ Ulf Harnhammar from Secunia Research discovered a format string error + in the inc_put_error() function in file src/inc.c. +
++ A remote attacker could entice a user to connect to a malicious POP + server sending specially crafted replies, possibly resulting in the + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All Sylpheed users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-2.4.5"
+ + All Claws Mail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.0.0"
+ + OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
++ Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is + caused due to an unspecified off-by-one error within the DTLS + implementation. +
++ A remote attacker could exploit this issue to execute arbitrary code or + cause a Denial of Service. Only clients and servers explicitly using + DTLS are affected, systems using SSL and TLS are not. +
++ There is no known workaround at this time. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8f"
+ + Opera is a multi-platform web browser. +
++ Michael A. Puls II discovered an unspecified flaw when launching + external email or newsgroup clients (CVE-2007-5541). David Bloom + discovered that when displaying frames from different websites, the + same-origin policy is not correctly enforced (CVE-2007-5540). +
++ An attacker could potentially exploit the first vulnerability to + execute arbitrary code with the privileges of the user running Opera by + enticing a user to visit a specially crafted URL. Note that this + vulnerability requires an external e-mail or newsgroup client + configured in Opera to be exploitable. The second vulnerability allows + an attacker to execute arbitrary script code in a user's browser + session in context of other sites or the theft of browser credentials. +
++ There is no known workaround at this time for all these + vulnerabilities. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.24"
+ + gFTP is an FTP client for the GNOME desktop environment. +
++ Kalle Olavi Niemitalo discovered two boundary errors in fsplib code + included in gFTP when processing overly long directory or file names. +
++ A remote attacker could trigger these vulnerabilities by enticing a + user to download a file with a specially crafted directory or file + name, possibly resulting in the execution of arbitrary code + (CVE-2007-3962) or a Denial of Service (CVE-2007-3961). +
++ There is no known workaround at this time. +
++ All gFTP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/gftp-2.0.18-r6"
+ + OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +
++ Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it + cannot create an untrusted one. +
++ An attacker could bypass the SSH client security policy and gain + privileges by causing an X client to be treated as trusted. +
++ There is no known workaround at this time. +
++ All OpenSSH users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.7"
+ + Gallery is a PHP based photo album manager. +
++ Merrick Manalastas and Nicklous Roberts have discovered multiple + vulnerabilities in the WebDAV and Reupload modules. +
++ A remote attacker could exploit these vulnerabilities to bypass + security restrictions and rename, replace and change properties of + items, or edit item data using WebDAV. +
++ There is no known workaround at this time. +
++ All Gallery users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.3"
+ + Evolution is the mail client of the GNOME desktop environment. Camel is + the Evolution Data Server module that handles mail functions. +
++ The imap_rescan() function of the file camel-imap-folder.c does not + properly sanitize the "SEQUENCE" response sent by an IMAP server before + being used to index arrays. +
++ A malicious or compromised IMAP server could trigger the vulnerability + and execute arbitrary code with the permissions of the user running + Evolution. +
++ There is no known workaround at this time. +
++ Note that this GLSA addresses the same issue as GLSA 200707-03, but for + the 1.10 branch of Evolution Data Server. +
++ All Evolution users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/evolution-data-server-1.10.3.1"
+ + SiteBar is a PHP application that allows users to store their bookmarks + on a web server. +
++ Tim Brown discovered these multiple issues: the translation module does + not properly sanitize the value to the "dir" parameter (CVE-2007-5491, + CVE-2007-5694); the translation module also does not sanitize the + values of the "edit" and "value" parameters which it passes to eval() + and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does + not validate the URL to redirect users to after logging in + (CVE-2007-5695); SiteBar also contains several cross-site scripting + vulnerabilities (CVE-2007-5692). +
++ An authenticated attacker in the "Translators" or "Admins" group could + execute arbitrary code, read arbitrary files and possibly change their + permissions with the privileges of the user running the web server by + passing a specially crafted parameter string to the "translator.php" + file. An unauthenticated attacker could entice a user to browse a + specially crafted URL, allowing for the execution of script code in the + context of the user's browser, for the theft of browser credentials or + for a redirection to an arbitrary web site after login. +
++ There is no known workaround at this time. +
++ All SiteBar users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/sitebar-3.3.9"
+ + The Apache HTTP server is one of the most popular web servers on the + Internet. +
++ Multiple cross-site scripting vulnerabilities have been discovered in + mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error + has been discovered in the recall_headers() function in mod_mem_cache + (CVE-2007-1862). The mod_cache module does not properly sanitize + requests before processing them (CVE-2007-1863). The Prefork module + does not properly check PID values before sending signals + (CVE-2007-3304). The mod_proxy module does not correctly check headers + before processing them (CVE-2007-3847). +
++ A remote attacker could exploit one of these vulnerabilities to inject + arbitrary script or HTML content, obtain sensitive information or cause + a Denial of Service. +
++ There is no known workaround at this time. +
++ All Apache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
+ + Python is an interpreted, interactive, object-oriented programming + language. +
++ Slythers Bro discovered multiple integer overflows in the imageop + module, one of them in the tovideo() method, in various locations in + files imageop.c, rbgimgmodule.c, and also in other files. +
++ A remote attacker could entice a user to process specially crafted + images with an application using the Python imageop module, resulting + in the execution of arbitrary code with the privileges of the user + running the application, or a Denial of Service. Note that this + vulnerability may or may not be exploitable, depending on the + application using the module. +
++ There is no known workaround at this time. +
++ All Python 2.3.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r3"
+ + All Python 2.4.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r6"
+ + libpng is a free ANSI C library used to process and manipulate PNG + images. +
++ An off-by-one error when handling ICC profile chunks in the + png_set_iCCP() function was discovered (CVE-2007-5266). George Cook and + Jeff Phillips reported several errors in pngrtran.c, the use of logical + instead of a bitwise functions and incorrect comparisons + (CVE-2007-5268). Tavis Ormandy reported out-of-bounds read errors in + several PNG chunk handling functions (CVE-2007-5269). +
++ A remote attacker could craft an image that when processed or viewed by + an application using libpng would cause the application to terminate + abnormally. +
++ There is no known workaround at this time. +
++ All libpng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.21-r3"
+ + The MadWifi driver provides support for Atheros based IEEE 802.11 + Wireless Lan cards. +
++ Clemens Kolbitsch and Sylvester Keil reported an error when processing + beacon frames with an overly large "length" value in the "xrates" + element. +
++ A remote attacker could act as an access point and send a specially + crafted packet to an Atheros based wireless client, possibly resulting + in a Denial of Service (kernel panic). +
++ There is no known workaround at this time. +
++ All MadWifi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3.3"
+ + Mono provides the necessary software to develop and run .NET client and + server applications on various platforms. +
++ IOActive discovered an error in the Mono.Math.BigInteger class, in the + reduction step of the Montgomery-based Pow methods, that could lead to + a buffer overflow. +
++ A remote attacker could exploit this vulnerability by sending specially + crafted data to Mono applications using the BigInteger class, which + might lead to the execution of arbitrary code with the privileges of + the user running the application (possibly root) or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All Mono users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/mono-1.2.5.1-r1"
+ + The Nagios Plugins are an official set of plugins for Nagios, an open + source host, service and network monitoring program. +
++ fabiodds reported a boundary checking error in the "check_snmp" plugin + when processing SNMP "GET" replies that could lead to a stack-based + buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary + checking error in the redir() function of the "check_http" plugin when + processing HTTP "Location:" header information which might lead to a + buffer overflow (CVE-2007-5198). +
++ A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the privileges of the user running Nagios or cause + a Denial of Service by (1) sending a specially crafted SNMP "GET" reply + to the Nagios daemon or (2) sending an overly long string in the + "Location:" header of an HTTP reply. Note that to exploit (2), the + malicious or compromised web server has to be configured in Nagios and + the "-f" (follow) option has to be enabled. +
++ There is no known workaround at this time. +
++ All users of the Nagios Plugins should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-plugins-1.4.10-r1"
+ + Tomboy is a GTK-based desktop note-taking application written in C# and + the Mono C#. +
++ Jan Oravec reported that the "/usr/bin/tomboy" script sets the + "LD_LIBRARY_PATH" environment variable incorrectly, which might result + in the current working directory (.) to be included when searching for + dynamically linked libraries of the Mono Runtime application. +
++ A local attacker could entice a user into running Tomboy in a directory + containing a specially crafted library file to execute arbitrary code + with the privileges of the user running Tomboy. +
++ Do not run Tomboy from an untrusted working directory. +
++ All Tomboy users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/tomboy-0.8.1-r1"
+ + 3proxy is a really tiny cross-platform proxy servers set, including + HTTP, HTTPS, FTP, SOCKS and POP3 support. +
++ 3proxy contains a double free vulnerability in the ftpprchild() + function, which frees param->hostname and calls the parsehostname() + function, which in turn attempts to free param->hostname again. +
++ A remote attacker could send a specially crafted request to the proxy, + possibly resulting in a Denial of Service. Under typical configuration, + the scope of this vulnerability is limited to the local network. +
++ There is no known workaround at this time. +
++ All 3proxy users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/3proxy-0.5.3j"
+ + Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey + is a free, cross-platform Internet suite. +
++ Multiple vulnerabilities have been reported in Mozilla Firefox and + SeaMonkey. Various errors in the browser engine and the Javascript + engine can be exploited to cause a memory corruption (CVE-2007-5339 and + CVE-2007-5340). Before being used in a request, input passed to the + user ID when making an HTTP request with digest authentication is not + properly sanitised (CVE-2007-2292). The titlebar can be hidden by a XUL + markup language document (CVE-2007-5334). Additionally, an error exists + in the handling of "smb:" and "sftp:" URI schemes on systems with + gnome-vfs support (CVE-2007-5337). An unspecified error in the handling + of "XPCNativeWrappers" and not properly implementing JavaScript + onUnload() handlers may allow the execution of arbitrary Javascript + code (CVE-2007-5338 and CVE-2007-1095). Another error is triggered by + using the addMicrosummaryGenerator sidebar method to access file: URIs + (CVE-2007-5335). +
++ A remote attacker could exploit these issues to execute arbitrary code, + gain the privileges of the user running the application, disclose + sensitive information, conduct phishing attacks, and read and + manipulate certain data. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.9"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.9"
+ + All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.6"
+ + All SeaMonkey binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.6"
+ + All XULRunner users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.9"
+ + The Xiph.org Free Lossless Audio Codec (FLAC) library is the reference + implementation of the FLAC audio file format. It contains encoders and + decoders in library and executable form. +
++ Sean de Regge reported multiple integer overflows when processing FLAC + media files that could lead to improper memory allocations resulting in + heap-based buffer overflows. +
++ A remote attacker could entice a user to open a specially crafted FLAC + file or network stream with an application using FLAC. This might lead + to the execution of arbitrary code with privileges of the user playing + the file. +
++ There is no known workaround at this time. +
++ All FLAC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/flac-1.2.1-r1"
+ + You should also run revdep-rebuild to rebuild any packages that depend + on older versions of FLAC: +
+
+ # revdep-rebuild --library=libFLAC.*
+ + CUPS provides a portable printing layer for UNIX-based operating + systems. +
++ Alin Rad Pop (Secunia Research) discovered an off-by-one error in the + ippReadIO() function when handling Internet Printing Protocol (IPP) + tags that might allow to overwrite one byte on the stack. +
++ A local attacker could send a specially crafted IPP request containing + "textWithLanguage" or "nameWithLanguage" tags, leading to a Denial of + Service or the execution of arbitrary code with the privileges of the + "lp" user. If CUPS is configured to allow network printing, this + vulnerability might be remotely exploitable. +
++ To avoid remote exploitation, network access to CUPS servers on port + 631/udp should be restricted. In order to do this, update the "Listen" + setting in cupsd.conf to "Listen localhost:631" or add a rule to + the system's firewall. However, this will not avoid local users from + exploiting this vulnerability. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r2"
+ + Ruby on Rails is a free web framework used to develop database-driven + web applications. +
++ candlerb found that ActiveResource, when processing responses using the + Hash.from_xml() function, does not properly sanitize filenames + (CVE-2007-5380). The session management functionality allowed the + "session_id" to be set in the URL (CVE-2007-5380). BCC discovered that + the to_json() function does not properly sanitize input before + returning it to the user (CVE-2007-3227). +
++ Unauthenticated remote attackers could exploit these vulnerabilities to + determine the existence of files or to read the contents of arbitrary + XML files; conduct session fixation attacks and gain unauthorized + access; and to execute arbitrary HTML and script code in a user's + browser session in context of an affected site by enticing a user to + browse a specially crafted URL. +
++ There is no known workaround at this time. +
++ All Ruby on Rails users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rails-1.2.5"
+ + GNU cpio copies files into or out of a cpio or tar archive. +
++ A buffer overflow vulnerability in the safer_name_suffix() function in + GNU cpio has been discovered. +
++ A remote attacker could entice a user to open a specially crafted + archive file resulting in a stack-based buffer overflow, possibly + crashing the application. It is disputed whether the execution of + arbitrary code is possible. +
++ There is no known workaround at this time. +
++ All GNU cpio users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.9-r1"
+ + TikiWiki is an open source content management system written in PHP. +
++ Stefan Esser reported that a previous vulnerability (CVE-2007-5423, + GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 + (CVE-2007-5682). The TikiWiki development team also added several + checks to avoid file inclusion. +
++ A remote attacker could exploit these vulnerabilities to inject + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.8.3"
+ + Pioneers (formerly gnocatan) is a clone of the popular board game "The + Settlers of Catan". +
++ Roland Clobus discovered that the Pioneers server may free sessions + objects while they are still in use, resulting in access to invalid + memory zones (CVE-2007-5933). Bas Wijnen discovered an error when + closing connections which can lead to a failed assertion + (CVE-2007-6010). +
++ A remote attacker could send specially crafted data to the vulnerable + server, resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All Pioneers users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-board/pioneers-0.11.3-r1"
+ + Bochs is a IA-32 (x86) PC emulator written in C++. +
++ Tavis Ormandy of the Google Security Team discovered a heap-based + overflow vulnerability in the NE2000 driver (CVE-2007-2893). He also + discovered a divide-by-zero error in the emulated floppy disk + controller (CVE-2007-2894). +
++ A local attacker in the guest operating system could exploit these + issues to execute code outside of the virtual machine, or cause Bochs + to crash. +
++ There is no known workaround at this time. +
++ All Bochs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/bochs-2.3"
+ + Poppler is a cross-platform PDF rendering library originally based on + Xpdf. KOffice is an integrated office suite for KDE. KWord is the + KOffice word processor. KPDF is a KDE-based PDF viewer included in the + kdegraphics package. +
++ Alin Rad Pop (Secunia Research) discovered several vulnerabilities in + the "Stream.cc" file of Xpdf: An integer overflow in the + DCTStream::reset() method and a boundary error in the + CCITTFaxStream::lookChar() method, both leading to heap-based buffer + overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary + checking error in the DCTStream::readProgressiveDataUnit() method + causing memory corruption (CVE-2007-4352). Note: Gentoo's version of + Xpdf is patched to use the Poppler library, so the update to Poppler + will also fix Xpdf. +
++ By enticing a user to view or process a specially crafted PDF file with + KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, + ePDFView, and Evince or the CUPS printing system, a remote attacker + could cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Poppler users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.1-r1"
+ + All KPDF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.5.7-r3"
+ + All KDE Graphics Libraries users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.5.7-r3"
+ + All KWord users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/kword-1.6.3-r2"
+ + All KOffice users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/koffice-1.6.3-r2"
+ + VMware Workstation is a virtual machine for developers and system + administrators. VMware Player is a freeware virtualization software + that can run guests produced by other VMware products. +
++ Multiple vulnerabilities have been discovered in several VMware + products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that + the DHCP server contains an integer overflow vulnerability + (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and + another error when handling malformed packets (CVE-2007-0061), leading + to stack-based buffer overflows or stack corruption. Rafal Wojtczvk + (McAfee) discovered two unspecified errors that allow authenticated + users with administrative or login privileges on a guest operating + system to corrupt memory or cause a Denial of Service (CVE-2007-4496, + CVE-2007-4497). Another unspecified vulnerability related to untrusted + virtual machine images was discovered (CVE-2007-5617). +
++ VMware products also shipped code copies of software with several + vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT + Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow + (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813, + CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146). +
++ Remote attackers within a guest system could possibly exploit these + vulnerabilities to execute code on the host system with elevated + privileges or to cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All VMware Workstation users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/vmware-workstation-5.5.5.56455"
+ + All VMware Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/vmware-player-1.0.5.56455"
+ + Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +
++ Multiple vulnerabilities have been reported in Mozilla Thunderbird's + HTML browser engine (CVE-2007-5339) and JavaScript engine + (CVE-2007-5340) that can be exploited to cause a memory corruption. +
++ A remote attacker could entice a user to read a specially crafted email + that could trigger one of the vulnerabilities, possibly leading to the + execution of arbitrary code. +
++ There is no known workaround at this time for all of these issues, but + some of them can be avoided by disabling JavaScript. +
++ All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.9"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.9"
+ + MySQL is a popular multi-threaded, multi-user SQL server. +
++ Joe Gallo and Artem Russakovskii reported an error in the + convert_search_mode_to_innobase() function in ha_innodb.cc in the + InnoDB engine that is leading to a failed assertion when handling + CONTAINS operations. +
++ A remote authenticated attacker with ALTER privileges could send a + specially crafted request to a vulnerable database server possibly + leading to a Denial of Service. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.44-r2"
+ + teTeX is a complete TeX distribution for editing documents. +
++ Joachim Schrod discovered several buffer overflow vulnerabilities and + an insecure temporary file creation in the "dvilj" application that is + used by dvips to convert DVI files to printer formats (CVE-2007-5937, + CVE-2007-5936). Bastien Roucaries reported that the "dvips" application + is vulnerable to two stack-based buffer overflows when processing DVI + documents with long \href{} URIs (CVE-2007-5935). teTeX also includes + code from Xpdf that is vulnerable to a memory corruption and two + heap-based buffer overflows (GLSA 200711-22); and it contains code from + T1Lib that is vulnerable to a buffer overflow when processing an overly + long font filename (GLSA 200710-12). +
++ A remote attacker could entice a user to process a specially crafted + DVI or PDF file which could lead to the execution of arbitrary code + with the privileges of the user running the application. A local + attacker could exploit the "dvilj" vulnerability to conduct a symlink + attack to overwrite arbitrary files. +
++ There is no known workaround at this time. +
++ All teTeX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/tetex-3.0_p1-r6"
+ + The Link Grammar parser is a syntactic parser of English, based on link + grammar, an original theory of English syntax. +
++ Alin Rad Pop from Secunia Research discovered a boundary error in the + function separate_sentence() in file tokenize.c when processing an + overly long word which might lead to a stack-based buffer overflow. +
++ A remote attacker could entice a user to parse a specially crafted + sentence, resulting in the remote execution of arbitrary code with the + privileges of the user running the application. Note that this + vulnerability may be triggered by an application using Link Grammar to + parse sentences (e.g. AbiWord). +
++ There is no known workaround at this time. +
++ All Link Grammar users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/link-grammar-4.2.4-r1"
+ + Perl is a stable, cross-platform programming language created by Larry + Wall. +
++ Tavis Ormandy and Will Drewry (Google Security Team) discovered a + heap-based buffer overflow in the Regular Expression engine (regcomp.c) + that occurs when switching from byte to Unicode (UTF-8) characters in a + regular expression. +
++ A remote attacker could either entice a user to compile a specially + crafted regular expression or actively compile it in case the script + accepts remote input of regular expressions, possibly leading to the + execution of arbitrary code with the privileges of the user running + Perl. +
++ There is no known workaround at this time. +
++ All Perl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r4"
+ + Samba is a suite of SMB and CIFS client/server programs for UNIX. +
++ Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia + Research) discovered a boundary checking error in the + reply_netbios_packet() function which could lead to a stack-based + buffer overflow (CVE-2007-5398). The Samba developers discovered a + boundary error when processing GETDC logon requests also leading to a + buffer overflow (CVE-2007-4572). +
++ To exploit the first vulnerability, a remote unauthenticated attacker + could send specially crafted WINS "Name Registration" requests followed + by a WINS "Name Query" request. This might lead to execution of + arbitrary code with elevated privileges. Note that this vulnerability + is exploitable only when WINS server support is enabled in Samba. The + second vulnerability could be exploited by sending specially crafted + "GETDC" mailslot requests, but requires Samba to be configured as a + Primary or Backup Domain Controller. It is not believed the be + exploitable to execute arbitrary code. +
++ To work around the first vulnerability, disable WINS support in Samba + by setting "wins support = no" in the "global" section of your + smb.conf and restart Samba. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.27a"
+ + The first vulnerability (CVE-2007-5398) was already fixed in Samba + 3.0.26a-r2. +
++ PCRE is a library providing functions for Perl-compatible regular + expressions. +
++ Tavis Ormandy (Google Security) discovered multiple vulnerabilities in + PCRE. He reported an error when processing "\Q\E" sequences with + unmatched "\E" codes that can lead to the compiled bytecode being + corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for + unspecified "multiple forms of character class", which triggers a + buffer overflow (CVE-2007-1660). Further improper calculations of + memory boundaries were reported when matching certain input bytes + against regex patterns in non UTF-8 mode (CVE-2007-1661) and when + searching for unmatched brackets or parentheses (CVE-2007-1662). + Multiple integer overflows when processing escape sequences may lead to + invalid memory read operations or potentially cause heap-based buffer + overflows (CVE-2007-4766). PCRE does not properly handle "\P" and + "\P{x}" sequences which can lead to heap-based buffer overflows or + trigger the execution of infinite loops (CVE-2007-4767), PCRE is also + prone to an error when optimizing character classes containing a + singleton UTF-8 sequence which might lead to a heap-based buffer + overflow (CVE-2007-4768). +
++ Chris Evans also reported multiple integer overflow vulnerabilities in + PCRE when processing a large number of named subpatterns ("name_count") + or long subpattern names ("max_name_size") (CVE-2006-7227), and via + large "min", "max", or "duplength" values (CVE-2006-7228) both possibly + leading to buffer overflows. Another vulnerability was reported when + compiling patterns where the "-x" or "-i" UTF-8 options change within + the pattern, which might lead to improper memory calculations + (CVE-2006-7230). +
++ An attacker could exploit these vulnerabilities by sending specially + crafted regular expressions to applications making use of the PCRE + library, which could possibly lead to the execution of arbitrary code, + a Denial of Service or the disclosure of sensitive information. +
++ There is no known workaround at this time. +
++ All PCRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.3-r1"
+ + Net-SNMP is a collection of tools for generating and retrieving SNMP + data. +
++ The SNMP agent (snmpd) does not properly handle GETBULK requests with + an overly large "max-repetitions" field. +
++ A remote unauthenticated attacker could send a specially crafted SNMP + request to the vulnerable application, possibly resulting in a high CPU + and memory consumption. +
++ There is no known workaround at this time. +
++ All Net-SNMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.1-r1"
+ + Feynmf is a combined LaTeX and Metafont package for easy drawing of + professional quality Feynman (and maybe other) diagrams. +
++ Kevin B. McCarty discovered that the feynmf.pl script creates a + temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl", + where $PID is the process ID. +
++ A local attacker could create symbolic links in the directory where the + temporary files are written, pointing to a valid file somewhere on the + filesystem that is writable by the user running Feynmf. When Feynmf + writes the temporary file, the target valid file would then be + overwritten with the contents of the Feynmf temporary file. +
++ There is no known workaround at this time. +
++ All Feynmf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-tex/feynmf-1.08-r2"
+ + nss_ldap is a Name Service Switch module which allows 'passwd', 'group' + and 'host' database information to be pulled from LDAP. +
++ Josh Burley reported that nss_ldap does not properly handle the LDAP + connections due to a race condition that can be triggered by + multi-threaded applications using nss_ldap, which might lead to + requested data being returned to a wrong process. +
++ Remote attackers could exploit this race condition by sending queries + to a vulnerable server using nss_ldap, possibly leading to theft of + user credentials or information disclosure (e.g. Dovecot returning + wrong mailbox contents). +
++ There is no known workaround at this time. +
++ All nss_ldap users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/nss_ldap-258"
+ + CSTeX is a TeX distribution with Czech and Slovak support. It is used + for creating and manipulating LaTeX documents. +
++ Multiple issues were found in the teTeX 2 codebase that CSTeX builds + upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable + code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, + GLSA 200711-22) and from T1Lib (GLSA 200710-12). +
++ Remote attackers could possibly execute arbitrary code and local + attackers could possibly overwrite arbitrary files with the privileges + of the user running CSTeX via multiple vectors. +
++ There is no known workaround at this time. +
++ CSTeX is not maintained upstream, so the package was masked in Portage. + We recommend that users unmerge CSTeX: +
+
+ # emerge --unmerge app-text/cstetex
+ + As an alternative, users should upgrade their systems to use teTeX or + TeX Live with its Babel packages. +
++ Hugin is a GUI for creating and processing panoramic images. +
++ Suse Linux reported that Hugin creates the + "hugin_debug_optim_results.txt" temporary file in an insecure manner. +
++ A local attacker could exploit this vulnerability with a symlink + attack, potentially overwriting an arbitrary file with the privileges + of the user running the application. +
++ There is no known workaround at this time. +
++ All Hugin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/hugin-0.6.1-r1"
+ + Cacti is a complete web-based frontend to rrdtool. +
++ It has been reported that the "local_graph_id" variable used in the + file graph.php is not properly sanitized before being processed in an + SQL statement. +
++ A remote attacker could send a specially crafted request to the + vulnerable host, possibly resulting in the execution of arbitrary SQL + code. +
++ There is no known workaround at this time. +
++ All Cacti users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6j-r7"
+ + GNU Emacs is a highly extensible and customizable text editor. +
++ Drake Wilson reported that the hack-local-variables() function in GNU + Emacs 22 does not properly match assignments of local variables in a + file against a list of unsafe or risky variables, allowing to override + them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based + buffer overflow in the format function when handling values with high + precision (CVE-2007-6109). +
++ Remote attackers could entice a user to open a specially crafted file + in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp + code (via CVE-2007-5795) or arbitrary code (via CVE-2007-6109) with the + privileges of the user running GNU Emacs. +
++ The first vulnerability can be worked around by setting the + "enable-local-variables" option to "nil", disabling the processing of + local variable lists. GNU Emacs prior to version 22 is not affected by + this vulnerability. There is no known workaround for the second + vulnerability at this time. +
++ All GNU Emacs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-22.1-r3"
+ + Cairo is a 2D vector graphics library with cross-device output support. +
++ Multiple integer overflows were reported, one of which Peter Valchev + (Google Security) found to be leading to a heap-based buffer overflow + in the cairo_image_surface_create_from_png() function that processes + PNG images. +
++ A remote attacker could entice a user to view or process a specially + crafted PNG image file in an application linked against Cairo, possibly + leading to the execution of arbitrary code with the privileges of the + user running the application. +
++ There is no known workaround at this time. +
++ All Cairo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.4.12"
+ + PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a + common API for all supported relational database management systems. A + LOB ("large object") is a database field holding binary data. +
++ priyadi discovered that the request to store a URL string as a LOB is + treated as a request to retrieve and store the contents of the URL. +
++ If an application using PEAR::MDB2 allows input of LOB values via a web + form, remote attackers could use the application as an indirect proxy + or obtain sensitive information, including "file://" URLs local to the + web server. +
++ As a workaround, manually filter input before storing it as a LOB in + PEAR::MDB2. +
++ All PEAR::MDB2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/PEAR-MDB2-2.5.0_alpha1"
+ + Firebird is a multi-platfrom, open source relational database. +
++ Adriano Lima and Ramon de Carvalho Valle reported that functions + isc_attach_database() and isc_create_database() do not perform proper + boundary checking when processing their input. +
++ A remote attacker could send specially crafted requests to the Firebird + server on TCP port 3050, possibly resulting in the execution of + arbitrary code with the privileges of the user running Firebird + (usually firebird). +
++ There is no known workaround at this time. +
++ All Firebird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.3.12981.0-r2"
+ + Lookup is a search interface to books and dictionnaries for Emacs. +
++ Tatsuya Kinoshita reported that the ndeb-binary function does not + handle temporay files correctly. +
++ A local attacker could use a symlink attack to overwrite files with the + privileges of the user running Lookup. +
++ There is no known workaround at this time. +
++ All Lookup users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emacs/lookup-1.4.1"
+ + Qt is a cross-platform GUI framework, which is used e.g. by KDE. The + AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86 + emulation on AMD64. +
++ The Qt versions used by the AMD64 x86 emulation Qt libraries were + vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28) +
++ An attacker could trigger one of the vulnerabilities by causing a Qt + application to parse specially crafted text or Unicode strings, which + may lead to the execution of arbitrary code with the privileges of the + user running the application. +
++ There is no known workaround at this time. +
++ All AMD64 x86 emulation Qt library users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-qtlibs-20071114-r2"
+ + Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby + programming language. +
++ Chris Rohlf discovered that the "Gtk::MessageDialog.new()" method in + the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the + "message" parameter before passing it to the gtk_message_dialog_new() + function. +
++ A remote attacker could send a specially crafted string to an + application using Ruby-GNOME2, possibly leading to the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Ruby-GNOME2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/ruby-gtk2-0.16.0-r2"
+ + Samba is a suite of SMB and CIFS client/server programs for UNIX. +
++ Alin Rad Pop (Secunia Research) discovered a boundary checking error in + the send_mailslot() function which could lead to a stack-based buffer + overflow. +
++ A remote attacker could send a specially crafted "SAMLOGON" domain + logon packet, possibly leading to the execution of arbitrary code with + elevated privileges. Note that this vulnerability is exploitable only + when domain logon support is enabled in Samba, which is not the case in + Gentoo's default configuration. +
++ Disable domain logon in Samba by setting "domain logons = no" in + the "global" section of your smb.conf and restart Samba. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.28"
+ + Portage is the default Gentoo package management system. +
++ Mike Frysinger reported that the "etc-update" utility uses temporary + files with the standard umask, which results in the files being + world-readable when merging configuration files in a default setup. +
++ A local attacker could access sensitive information when configuration + files are being merged. +
++ There is no known workaround at this time. +
++ All Portage users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.3.11"
+ + IRC Services is a system of services to be used with Internet Relay + Chat networks. +
++ loverboy reported that the "default_encrypt()" function in file + encrypt.c does not properly handle overly long passwords. +
++ A remote attacker could provide an overly long password to the + vulnerable server, resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All IRC Services users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/ircservices-5.0.63"
+ + E2fsprogs provides utilities for use with the ext2 and ext3 file + systems including the libext2fs library that allows user-level programs + to manipulate an ext2 or ext3 file system. +
++ Rafal Wojtczuk (McAfee AVERT Research) discovered multiple integer + overflows in libext2fs, that are triggered when processing information + from within the file system, resulting in heap-based buffer overflows. +
++ An attacker could entice a user to process a specially-crafted ext2 or + ext3 file system image (with tools linking against libext2fs, e.g. + fsck, forensic tools or Xen's pygrub), possibly resulting in the + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All E2fsprogs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/e2fsprogs-1.40.3"
+ + CUPS provides a portable printing layer for UNIX-based operating + systems. The alternate pdftops filter is a CUPS filter used to convert + PDF files to the Postscript format via Poppler; the filter is installed + by default in Gentoo Linux. +
++ Wei Wang (McAfee AVERT Research) discovered an integer underflow in the + asn1_get_string() function of the SNMP backend, leading to a + stack-based buffer overflow when handling SNMP responses + (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate + pdftops filter creates temporary files with predictable file names when + reading from standard input (CVE-2007-6358). Furthermore, the + resolution of a Denial of Service vulnerability covered in GLSA + 200703-28 introduced another Denial of Service vulnerability within SSL + handling (CVE-2007-4045). +
++ A remote attacker on the local network could exploit the first + vulnerability to execute arbitrary code with elevated privileges by + sending specially crafted SNMP messages as a response to an SNMP + broadcast request. A local attacker could exploit the second + vulnerability to overwrite arbitrary files with the privileges of the + user running the CUPS spooler (usually lp) by using symlink attacks. A + remote attacker could cause a Denial of Service condition via the third + vulnerability when SSL is enabled in CUPS. +
++ To disable SNMP support in CUPS, you have have to manually delete the + file "/usr/libexec/cups/backend/snmp". Please note that the file is + reinstalled if you merge CUPS again later. To disable the pdftops + filter, delete all lines referencing "pdftops" in CUPS' "mime.convs" + configuration file. To work around the third vulnerability, disable SSL + support via the corresponding USE flag. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4"
+ + libexif is a library for parsing, editing and saving Exif metadata from + images. Exif, the Exchangeable image file format, specifies the + addition of metadata tags to JPEG, TIFF and RIFF files. +
++ Meder Kydyraliev (Google Security) discovered an integer overflow + vulnerability in the exif_data_load_data_thumbnail() function leading + to a memory corruption (CVE-2007-6352) and an infinite recursion in the + exif_loader_write() function (CVE-2007-6351). +
++ An attacker could entice the user of an application making use of + libexif to load an image file with specially crafted Exif tags, + possibly resulting in the execution of arbitrary code with the + privileges of the user running the application or a Denial of Service. +
++ There is no known workaround at this time. +
++ All libexif users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.16-r1"
+ + Exiv2 is a C++ library and set of tools for parsing, editing and saving + Exif and IPTC metadata from images. Exif, the Exchangeable image file + format, specifies the addition of metadata tags to JPEG, TIFF and RIFF + files. +
++ Meder Kydyraliev (Google Security) discovered an integer overflow + vulnerability in the JpegThumbnail::setDataArea() method leading to a + heap-based buffer overflow. +
++ An attacker could entice the user of an application making use of Exiv2 + or an application included in Exiv2 to load an image file with + specially crafted Exif tags, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Exiv2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.13-r1"
+ + exiftags is a library and set of tools for parsing, editing and saving + Exif metadata from images. Exif, the Exchangeable image file format, + specifies the addition of metadata tags to JPEG, TIFF and RIFF files. +
++ Meder Kydyraliev (Google Security) discovered that Exif metadata is not + properly sanitized before being processed, resulting in illegal memory + access in the postprop() and other functions (CVE-2007-6354). He also + discovered integer overflow vulnerabilities in the parsetag() and other + functions (CVE-2007-6355) and an infinite recursion in the readifds() + function caused by recursive IFD references (CVE-2007-6356). +
++ An attacker could entice the user of an application making use of + exiftags or an application included in exiftags to load an image file + with specially crafted Exif tags, possibly resulting in the execution + of arbitrary code with the privileges of the user running the + application or a Denial of Service. +
++ There is no known workaround at this time. +
++ All exiftags users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/exiftags-1.01"
+ + Multi-Threaded DAAP Daemon (mt-daapd), also known as the Firefly Media + Server, is a software to serve digital music to the Roku Soundbridge + and Apple's iTunes. +
++ nnp discovered multiple vulnerabilities in the XML-RPC handler in the + file webserver.c. The ws_addarg() function contains a format string + vulnerability, as it does not properly sanitize username and password + data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). + The ws_decodepassword() and ws_getheaders() functions do not correctly + handle empty Authorization header lines, or header lines without a ':' + character, leading to NULL pointer dereferences (CVE-2007-5824). +
++ A remote attacker could send specially crafted HTTP requests to the web + server in the Multi-Threaded DAAP Daemon, possibly leading to the + execution of arbitrary code with the privileges of the user running the + web server or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Multi-Threaded DAAP Daemon users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mt-daapd-0.2.4.1"
+ + Syslog-ng is a flexible and scalable system logger. +
++ Oriol Carreras reported a NULL pointer dereference in the + log_msg_parse() function when processing timestamps without a + terminating whitespace character. +
++ A remote attacker could send a specially crafted event to a vulnerable + Syslog-ng server, resulting in a crash. +
++ There is no known workaround at this time. +
++ All Syslog-ng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-2.0.6"
+ + Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +
++ iDefense reported an integer overflow vulnerability in the cli_scanpe() + function when parsing Portable Executable (PE) files packed in the MEW + format, that could be exploited to cause a heap-based buffer overflow + (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when + decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An + unspecified vulnerability related to the bzip2 decompression algorithm + has also been discovered (CVE-2007-6337). +
++ A remote attacker could entice a user or automated system to scan a + specially crafted file, possibly leading to the execution of arbitrary + code with the privileges of the user running ClamAV (either a system + user or the "clamav" user if clamd is compromised). +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91.2-r1"
+ + Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey + is a free, cross-platform Internet suite. +
++ Jesse Ruderman and Petko D. Petkov reported that the jar protocol + handler in Mozilla Firefox and Seamonkey does not properly check MIME + types (CVE-2007-5947). Gregory Fleischer reported that the + window.location property can be used to generate a fake HTTP Referer + (CVE-2007-5960). Multiple memory errors have also been reported + (CVE-2007-5959). +
++ A remote attacker could possibly exploit these vulnerabilities to + execute arbitrary code in the context of the browser and conduct + Cross-Site-Scripting or Cross-Site Request Forgery attacks. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.11"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.11"
+ + All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.7"
+ + All SeaMonkey binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.7"
+ + Opera is a fast Web browser that is available free of charge. +
++ David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) + and Rich text editing (CVE-2007-6522) could be used to allow cross + domain scripting. Alexander Klink (Cynops GmbH) discovered an issue + with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that + bitmaps might reveal random data from memory (CVE-2007-6524). +
++ A remote attacker could exploit these vulnerabilities, possibly leading + to the execution of arbitrary code and cross domain scripting. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.25"
+ + Wireshark is a network protocol analyzer with a graphical front-end. +
++ Multiple buffer overflows and infinite loops were discovered in + multiple dissector and parser components, including those for MP3 and + NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and + iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP + (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP + (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), + Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB + (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), + RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were + discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, + Steve and ainsley. +
++ A remote attacker could send specially crafted packets on a network + being monitored with Wireshark or entice a user to open a specially + crafted file, possibly resulting in the execution of arbitrary code + with the privileges of the user running Wireshark (which might be the + root user), or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.7"
+ + Cairo is a 2D vector graphics library with cross-device output support. + The AMD64 x86 emulation GTK+ library packages Cairo libraries for 32bit + x86 emulation on AMD64. +
++ The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were + vulnerable to integer overflow vulnerabilities (GLSA 200712-04). +
++ A remote attacker could entice a user to view or process a specially + crafted PNG image file in an application linked against Cairo, possibly + leading to the execution of arbitrary code with the privileges of the + user running the application. +
++ There is no known workaround at this time. +
++ All AMD64 x86 emulation GTK+ library users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-gtklibs-20071214"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ The HSQLDB engine, as used in Openoffice.org, does not properly enforce + restrictions to SQL statements. +
++ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary Java + code with the privileges of the user running OpenOffice.org. +
++ There is no known workaround at this time. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.3.1"
+ + All OpenOffice.org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.3.1"
+ + All HSQLDB users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/hsqldb-1.8.0.9"
+ + unp is a script for unpacking various file formats. +
++ Erich Schubert from Debian discovered that unp does not escape file + names properly before passing them to calls of the shell. +
++ A remote attacker could entice a user or automated system to unpack a + compressed archive with a specially crafted file name, leading to the + execution of shell commands from within the filename. That code will be + executed with the privileges of the user running unp. +
++ There is no known workaround at this time. +
++ All unp users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unp-1.0.14"
+ + R is a GPL licensed implementation of S, a language and environment for + statistical computing and graphics. PCRE is a library providing + functions for Perl-compatible regular expressions. +
++ R includes a copy of PCRE which is vulnerable to multiple buffer + overflows and memory corruptions vulnerabilities (GLSA 200711-30). +
++ An attacker could entice a user to process specially crafted regular + expressions with R, which could possibly lead to the execution of + arbitrary code, a Denial of Service or the disclosure of sensitive + information. +
++ There is no known workaround at this time. +
++ All R users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/R-2.2.1-r1"
+ + Claws Mail is a GTK based e-mail client. +
++ Nico Golde from Debian reported that the sylprint.pl script that is + part of the Claws Mail tools creates temporary files in an insecure + manner. +
++ A local attacker could exploit this vulnerability to conduct symlink + attacks to overwrite files with the privileges of the user running + Claws Mail. +
++ There is no known workaround at this time. +
++ All Claws Mail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.0.2-r1"
+ + OpenAFS is a distributed network filesystem. +
++ Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a + race condition due to an improper handling of the clients callbacks + lists. +
++ A remote attacker could construct cases which trigger the race + condition, resulting in a server crash. +
++ There is no known workaround at this time. +
++ All OpenAFS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.6"
+ + Squid is a multi-protocol proxy server. +
++ The Wikimedia Foundation reported a memory leak vulnerability when + performing cache updates. +
++ A remote attacker could perform numerous specially crafted requests to + the vulnerable server, resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.17"
+ + Xfce is a GTK+ 2 based desktop environment that allows to run a modern + desktop environment on modest hardware. +
++ Gregory Andersen reported that the Xfce4 panel does not correctly + calculate memory boundaries, leading to a stack-based buffer overflow + in the launcher_update_panel_entry() function (CVE-2007-6531). Daichi + Kawahata reported libxfcegui4 did not copy provided values when + creating "SessionClient" structs, possibly leading to access of freed + memory areas (CVE-2007-6532). +
++ A remote attacker could entice a user to install a specially crafted + "rc" file to execute arbitrary code via long strings in the "Name" and + "Comment" fields or via unspecified vectors involving the second + vulnerability. +
++ There is no known workaround at this time. +
++ All Xfce4 panel users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=xfce-base/xfce4-panel-4.4.2"
+ + All libxfcegui4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=xfce-base/libxfcegui4-4.4.2"
+ + The Adobe Flash Player is a renderer for the popular SWF file format, + which is commonly used to provide interactive websites, digital + experiences and mobile content. +
++ A remote attacker could entice a user to open a specially crafted file + (usually in a web browser), possibly leading to the execution of + arbitrary code with the privileges of the user running the Adobe Flash + Player. The attacker could also cause a user's machine to establish TCP + sessions with arbitrary hosts, bypass the Security Sandbox Model, + obtain sensitive information, port scan arbitrary hosts, or conduct + cross-site-scripting attacks. +
++ There is no known workaround at this time. +
++ All Adobe Flash Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-9.0.115.0"
+ + Please be advised that unaffected packages of the Adobe Flash Player + have known problems when used from within the Konqueror and Opera + browsers. +
++ libcdio is a library for accessing CD-ROM and CD images. +
++ Devon Miller reported a boundary error in the "print_iso9660_recurse()" + function in files cd-info.c and iso-info.c when processing long + filenames within Joliet images. +
++ A remote attacker could entice a user to open a specially crafted ISO + image in the cd-info and iso-info applications, resulting in the + execution of arbitrary code with the privileges of the user running the + application. Applications linking against shared libraries of libcdio + are not affected. +
++ There is no known workaround at this time. +
++ All libcdio users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libcdio-0.78.2-r4"
+ + The X Window System is a graphical windowing system based on a + client/server model. +
++ regenrecht reported multiple vulnerabilities in various X server + extension via iDefense: +
++ Remote attackers could exploit the vulnerability in the Xfont library + by enticing a user to load a specially crafted PCF font file resulting + in the execution of arbitrary code with the privileges of the user + running the X server, typically root. Local attackers could exploit + this and the vulnerabilities in the X.org extensions to gain elevated + privileges. If the X server allows connections from the network, these + vulnerabilities could be exploited remotely. A local attacker could + determine the existence of arbitrary files by exploiting the last + vulnerability or possibly cause a Denial of Service. +
++ Workarounds for some of the vulnerabilities can be found in the X.Org + security advisory as listed under References. +
++ All X.Org X server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r5"
+ + All X.Org Xfont library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.3.1-r1"
+ + TikiWiki is an open source content management system written in PHP. +
++ A remote attacker can craft the "movies" parameter to run a directory + traversal attack through a ".." sequence and read the first 1000 bytes + of any arbitrary file, or conduct a cross-site scripting (XSS) attack + through the "area_name" parameter. This attack can be exploited to + execute arbitrary HTML and script code in a user's browser session, + allowing for the theft of browser session data or cookies in the + context of the affected web site. The impacts of the unspecified + vulnerabilities are still unknown. +
++ There is no known workaround at this time. +
++ All TikiWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.9"
+ + CherryPy is a Python-based, object-oriented web development framework. +
++ CherryPy does not sanitize the session id, provided as a cookie value, + in the FileSession._get_file_path() function before using it as part of + the file name. +
++ A remote attacker could exploit this vulnerability to read and possibly + write arbitrary files on the web server, or to hijack valid sessions, + by providing a specially crafted session id. This only affects + applications using file-based sessions. +
++ Disable the "FileSession" functionality by using "PostgresqlSession" or + "RamSession" session management in your CherryPy application. +
++ All CherryPy 2.2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-2.2.1-r2"
+ + All CherryPy 3.0 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-3.0.2-r1"
+ + xine-lib is the core library package for the xine media player. +
++ Luigi Auriemma reported that xine-lib does not properly check + boundaries when processing SDP attributes of RTSP streams, leading to + heap-based buffer overflows. +
++ An attacker could entice a user to play specially crafted RTSP video + streams with a player using xine-lib, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + player. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.9.1"
+ + ngIRCd is a free open source daemon for Internet Relay Chat (IRC). +
++ The IRC_PART() function in the file irc-channel.c does not properly + check the number of parameters, referencing an invalid pointer if no + channel is supplied. +
++ A remote attacker can exploit this vulnerability to crash the ngIRCd + daemon. +
++ There is no known workaround at this time. +
++ All ngIRCd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/ngircd-0.10.4"
+ + Blam is an RSS and Atom feed reader for GNOME written in C#. +
++ The "/usr/bin/blam" script sets the "LD_LIBRARY_PATH" environment + variable incorrectly, which might result in the current working + directory (.) being included when searching for dynamically linked + libraries of the Mono Runtime application. +
++ A local attacker could entice a user to run Blam in a directory + containing a specially crafted library file which could result in the + execution of arbitrary code with the privileges of the user running + Blam. +
++ Do not run Blam from an untrusted working directory. +
++ All Blam users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-news/blam-1.8.4"
+ + PostgreSQL is an open source object-relational database management + system. +
++ If using the "expression indexes" feature, PostgreSQL executes index + functions as the superuser during VACUUM and ANALYZE instead of the + table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the + index functions (CVE-2007-6600). Additionally, several errors involving + regular expressions were found (CVE-2007-4769, CVE-2007-4772, + CVE-2007-6067). Eventually, a privilege escalation vulnerability via + unspecified vectors in the DBLink module was reported (CVE-2007-6601). + This vulnerability is exploitable when local trust or ident + authentication is used, and is due to an incomplete fix of + CVE-2007-3278. +
++ A remote authenticated attacker could send specially crafted queries + containing complex regular expressions to the server that could result + in a Denial of Service by a server crash (CVE-2007-4769), an infinite + loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two + other vulnerabilities can be exploited to gain additional privileges. +
++ There is no known workaround for all these issues at this time. +
++ All PostgreSQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-db/postgresql"
+ + MaraDNS is a package that implements the Domain Name Service (DNS) with + resolver and caching ability. +
++ Michael Krieger reported that a specially crafted DNS could prevent an + authoritative canonical name (CNAME) record from being resolved because + of an "improper rotation of resource records". +
++ A remote attacker could send specially crafted DNS packets to a + vulnerable server, making it unable to resolve CNAME records. +
++ Add "max_ar_chain = 2" to the "marac" configuration file. +
++ All MaraDNS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/maradns-1.2.12.09"
+ + net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL + support. +
++ Venustech AD-LAB discovered that an FTP client connected to a + vulnerable server with passive mode and SSL support can trigger an + fclose() function call on an uninitialized stream in ftpd.c. +
++ A remote attacker can send specially crafted FTP data to a server with + passive mode and SSL support, causing the ftpd daemon to crash. +
++ Disable passive mode or SSL. +
++ All Netkit FTP Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r7"
+ + Kazehakase is a web browser based on the Gecko engine. +
++ Kazehakase includes a copy of PCRE which is vulnerable to multiple + buffer overflows and memory corruptions vulnerabilities (GLSA + 200711-30). +
++ A remote attacker could entice a user to open specially crafted input + (e.g bookmarks) with Kazehakase, which could possibly lead to the + execution of arbitrary code, a Denial of Service or the disclosure of + sensitive information. +
++ There is no known workaround at this time. +
++ All Kazehakase users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/kazehakase-0.5.0"
+ + GOffice is a library of document-centric objects and utilities based on + GTK. +
++ GOffice includes a copy of PCRE which is vulnerable to multiple buffer + overflows and memory corruptions vulnerabilities (GLSA 200711-30). +
++ An attacker could entice a user to open specially crafted documents + with GOffice, which could possibly lead to the execution of arbitrary + code, a Denial of Service or the disclosure of sensitive information. +
++ There is no known workaround at this time. +
++ All GOffice 0.4.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/goffice-0.4.3"
+ + All GOffice 0.6.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/goffice-0.6.1"
+ + libxml2 is the XML (eXtended Markup Language) C parser and toolkit + initially developed for the Gnome project. +
++ Brad Fitzpatrick reported that the xmlCurrentChar() function does not + properly handle some UTF-8 multibyte encodings. +
++ A remote attacker could entice a user to open a specially crafted XML + document with an application using libxml2, possibly resulting in a + high CPU consumption. Note that this vulnerability could also be + triggered without user interaction by an automated system processing + XML content. +
++ There is no known workaround at this time. +
++ All libxml2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.6.30-r1"
+ + Xdg-Utils is a set of tools allowing all applications to easily + integrate with the Free Desktop configuration. +
++ Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell + scripts do not properly sanitize their input before processing it. +
++ A remote attacker could entice a user to open a specially crafted link + with a vulnerable application using Xdg-Utils (e.g. an email client), + resulting in the execution of arbitrary code with the privileges of the + user running the application. +
++ There is no known workaround at this time. +
++ All Xdg-Utils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/xdg-utils-1.0.2-r1"
+ + PeerCast is a client and server for P2P-radio network +
++ Luigi Auriemma reported a heap-based buffer overflow within the + "handshakeHTTP()" function when processing HTTP requests. +
++ A remote attacker could send a specially crafted request to the + vulnerable server, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the PeerCast + server, usually "nobody". +
++ There is no known workaround at this time. +
++ All PeerCast users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1218"
+ + SDL_image is an image file library that loads images as SDL surfaces, + and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, + TGA, TIFF, XCF, XPM, and XV. +
++ The LWZReadByte() function in file IMG_gif.c and the IMG_LoadLBM_RW() + function in file IMG_lbm.c each contain a boundary error that can be + triggered to cause a static buffer overflow and a heap-based buffer + overflow. The first boundary error comes from some old vulnerable GD + PHP code (CVE-2006-4484). +
++ A remote attacker can make an application using the SDL_image library + to process a specially crafted GIF file or IFF ILBM file that will + trigger a buffer overflow, resulting in the execution of arbitrary code + with the permissions of the application or the application crash. +
++ There is no known workaround at this time. +
++ All SDL_image users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/sdl-image-1.2.6-r1"
+ + The Doomsday Engine (deng) is a modern gaming engine for popular ID + games like Doom, Heretic and Hexen. +
++ Luigi Auriemma discovered multiple buffer overflows in the + D_NetPlayerEvent() function, the Msg_Write() function and the + NetSv_ReadCommands() function. He also discovered errors when handling + chat messages that are not NULL-terminated (CVE-2007-4642) or contain a + short data length, triggering an integer underflow (CVE-2007-4643). + Furthermore a format string vulnerability was discovered in the + Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages + (CVE-2007-4644). +
++ A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the rights of the user running the Doomsday server + or cause a Denial of Service by sending specially crafted messages to + the server. +
++ There is no known workaround at this time. +
++ While some of these issues could be resolved in + "games-fps/doomsday-1.9.0-beta5.2", the format string vulnerability + (CVE-2007-4644) remains unfixed. We recommend that users unmerge + Doomsday: +
+
+ # emerge --unmerge games-fps/doomsday
+ + Horde IMP provides a web-based access to IMAP and POP3 mailboxes. +
++ Ulf Harnhammar, Secunia Research discovered that the "frame" and + "frameset" HTML tags are not properly filtered out. He also reported + that certain HTTP requests are executed without being checked. +
++ A remote attacker could entice a user to open a specially crafted HTML + e-mail, possibly resulting in the deletion of arbitrary e-mail + messages. +
++ There is no known workaround at this time. +
++ All Horde IMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-4.1.6"
+ + Gallery is a web-based application for creating and viewing photo + albums. +
++ The Gallery developement team reported and fixed critical + vulnerabilities during an internal audit (CVE-2007-6685, CVE-2007-6686, + CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690, + CVE-2007-6691, CVE-2007-6692, CVE-2007-6693). +
++ A remote attacker could exploit these vulnerabilities to execute + arbitrary code, conduct Cross-Site Scripting and Cross-Site Request + Forgery attacks, or disclose sensitive informations. +
++ There is no known workaround at this time. +
++ All Gallery users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.4"
+ + The Gnumeric spreadsheet is a versatile application developed as part + of the GNOME Office project. +
++ Multiple integer overflow and signedness errors have been reported in + the excel_read_HLINK() function in file plugins/excel/ms-excel-read.c + when processing XLS HLINK opcodes. +
++ A remote attacker could entice a user to open a specially crafted XLS + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Gnumeric users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.8.1"
+ + scponly is a shell for restricting user access to file transfer only + using sftp and scp. +
++ Joachim Breitner reported that Subversion and rsync support invokes + subcommands in an insecure manner (CVE-2007-6350). It has also been + discovered that scponly does not filter the -o and -F options to the + scp executable (CVE-2007-6415). +
++ A local attacker could exploit these vulnerabilities to elevate + privileges and execute arbitrary commands on the vulnerable host. +
++ There is no known workaround at this time. +
++ All scponly users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/scponly-4.8"
+ + Due to the design of scponly's Subversion support, security + restrictions can still be circumvented. Please read carefully the + SECURITY file included in the package. +
++ Pulseaudio is a networked sound server with an advanced plugin system. +
++ Marcus Meissner from SUSE reported that the pa_drop_root() function + does not properly check the return value of the system calls setuid(), + seteuid(), setresuid() and setreuid() when dropping its privileges. +
++ A local attacker could cause a resource exhaustion to make the system + calls fail, which would cause Pulseaudio to run as root. The attacker + could then perform actions with root privileges. +
++ There is no known workaround at this time. +
++ All Pulseaudio users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9"
+ + Boost is a set of C++ libraries, including the Boost.Regex library to + process regular expressions. +
++ Tavis Ormandy and Will Drewry from the Google Security Team reported a + failed assertion in file regex/v4/perl_matcher_non_recursive.hpp + (CVE-2008-0171) and a NULL pointer dereference in function + get_repeat_type() file basic_regex_creator.hpp (CVE-2008-0172) when + processing regular expressions. +
++ A remote attacker could provide specially crafted regular expressions + to an application using Boost, resulting in a crash. +
++ There is no known workaround at this time. +
++ All Boost users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/boost-1.34.1-r2"
+ + Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +
++ An integer overflow has been reported in the "cli_scanpe()" function in + file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability + has been reported in file libclamav/mew.c (CVE-2008-0728). +
++ A remote attacker could entice a user or automated system to scan a + specially crafted file, possibly leading to the execution of arbitrary + code with the privileges of the user running ClamAV (either a system + user or the "clamav" user if clamd is compromised). +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.92.1"
+ + Python is an interpreted, interactive, object-oriented programming + language. +
++ Python 2.3 includes a copy of PCRE which is vulnerable to an integer + overflow vulnerability, leading to a buffer overflow. +
++ An attacker could exploit the vulnerability by tricking a vulnerable + Python application to compile a regular expressions, which could + possibly lead to the execution of arbitrary code, a Denial of Service + or the disclosure of sensitive information. +
++ There is no known workaround at this time. +
++ All Python 2.3 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r4"
+ + Asterisk is an open source telephony engine and tool kit. +
++ Multiple vulnerabilities have been found in Asterisk: +
++ By sending a long voice or video RTP frame, a remote attacker could + possibly execute arbitrary code on the target machine. Sending + specially crafted LAGRQ or LAGRP frames containing information elements + of IAX frames, or a certain data length value in a crafted packet, or + performing a flood of calls not completing a 3-way handshake, could + result in a Denial of Service. +
++ There is no known workaround at this time. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.17-r1"
+ + xine-lib is the core library package for the xine media player. +
++ Damian Frizza and Alfredo Ortega (Core Security Technologies) + discovered a stack-based buffer overflow within the open_flac_file() + function in the file demux_flac.c when parsing tags within a FLAC file + (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is + similar to CVE-2006-1664, has also been discovered (CVE-2008-1110). +
++ A remote attacker could entice a user to play specially crafted FLAC or + ASF video streams with a player using xine-lib, potentially resulting + in the execution of arbitrary code with the privileges of the user + running the player. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.10.1"
+ + Adobe Acrobat Reader is a PDF reader released by Adobe. +
++ Multiple vulnerabilities have been discovered in Adobe Acrobat Reader, + including: +
++ Other unspecified vulnerabilities have also been reported + (CVE-2008-0655). +
++ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. A remote + attacker could also perform cross-site request forgery attacks, or + cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All Adobe Acrobat Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.2"
+ + Firebird is a multi-platform, open source relational database. +
++ Firebird does not properly handle certain types of XDR requests, + resulting in an integer overflow (CVE-2008-0387). Furthermore, it is + vulnerable to a buffer overflow when processing usernames + (CVE-2008-0467). +
++ A remote attacker could send specially crafted XDR requests or an + overly long username to the vulnerable server, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +
++ There is no known workaround at this time. +
++ All Firebird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.3.12981.0-r5"
+ + Audacity is a free cross-platform audio editor. +
++ Viktor Griph reported that the "AudacityApp::OnInit()" method in file + src/AudacityApp.cpp does not handle temporary files properly. +
++ A local attacker could exploit this vulnerability to conduct symlink + attacks to delete arbitrary files and directories with the privileges + of the user running Audacity. +
++ There is no known workaround at this time. +
++ All Audacity users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/audacity-1.3.4-r1"
+ + Mantis is a web-based bug tracking system. +
++ seiji reported that the filename for the uploaded file in + bug_report.php is not properly sanitised before being stored. +
++ A remote attacker could upload a file with a specially crafted to a bug + report, resulting in the execution of arbitrary HTML and script code + within the context of the users's browser. Note that this vulnerability + is only exploitable by authenticated users. +
++ There is no known workaround at this time. +
++ All Mantis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.0.8-r1"
+ + SplitVT is a program for splitting terminals into two shells. +
++ Mike Ashton reported that SplitVT does not drop group privileges before + executing the xprop utility. +
++ A local attacker could exploit this vulnerability to gain the "utmp" + group privileges. +
++ There is no known workaround at this time. +
++ All SplitVT users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/splitvt-1.6.6-r1"
+ + SWORD is a library for Bible study software. +
++ Dan Dennison reported that the diatheke.pl script used in SWORD does + not properly sanitize shell meta-characters in the "range" parameter + before processing it. +
++ A remote attacker could provide specially crafted input to a vulnerable + application, possibly resulting in the remote execution of arbitrary + shell commands with the privileges of the user running SWORD (generally + the web server account). +
++ There is no known workaround at this time. +
++ All SWORD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/sword-1.5.8-r2"
+ + Paramiko is a Secure Shell Server implementation written in Python. +
++ Dwayne C. Litzenberger reported that the file "common.py" does not + properly use RandomPool when using threads or forked processes. +
++ A remote attacker could predict the values generated by applications + using Paramiko for encryption purposes, potentially gaining access to + sensitive information. +
++ There is no known workaround at this time. +
++ All Paramiko users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/paramiko-1.7.2"
+ + Win32 binary codecs provide support for video and audio playback. +
++ Multiple buffer overflow, heap overflow, and integer overflow + vulnerabilities were discovered in the Quicktime plugin when processing + MOV, FLC, SGI, H.264 and FPX files. +
++ A remote attacker could entice a user to open a specially crafted video + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Win32 binary codecs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2"
+ + Note: Since no updated binary versions have been released, the + Quicktime libraries have been removed from the package. Please use the + free alternative Quicktime implementations within VLC, MPlayer or Xine + for playback. +
++ Opera is a fast web browser that is available free of charge. +
++ Mozilla discovered that Opera does not handle input to file form fields + properly, allowing scripts to manipulate the file path (CVE-2008-1080). + Max Leonov found out that image comments might be treated as scripts, + and run within the wrong security context (CVE-2008-1081). Arnaud + reported that a wrong representation of DOM attribute values of + imported XML documents allows them to bypass sanitization filters + (CVE-2008-1082). +
++ A remote attacker could entice a user to upload a file with a known + path by entering text into a specially crafted form, to execute scripts + outside intended security boundaries and conduct Cross-Site Scripting + attacks. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.26"
+ + lighttpd is a lightweight high-performance web server. +
++ lighttpd contains a calculation error when allocating the global file + descriptor array (CVE-2008-0983). Furthermore, it sends the source of a + CGI script instead of returning a 500 error (Internal Server Error) + when the fork() system call fails (CVE-2008-1111). +
++ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service or gain the source of a CGI script. +
++ There is no known workaround at this time. +
++ All lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.18-r2"
+ + Vobcopy is a tool for decrypting and copying DVD .vob files to a hard + disk. +
++ Joey Hess reported that vobcopy appends data to the file + "/tmp/vobcopy.bla" in an insecure manner. +
++ A local attacker could exploit this vulnerability to conduct symlink + attacks and append data to arbitrary files with the privileges of the + user running Vobcopy. +
++ There is no known workaround at this time. +
++ All Vobcopy users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vobcopy-1.1.0"
+ + Evolution is a GNOME groupware application. +
++ Ulf Harnhammar from Secunia Research discovered a format string error + in the emf_multipart_encrypted() function in the file mail/em-format.c + when reading certain data (e.g. the "Version:" field) from an encrypted + e-mail. +
++ A remote attacker could entice a user to open a specially crafted + encrypted e-mail, potentially resulting in the execution of arbitrary + code with the privileges of the user running Evolution. +
++ There is no known workaround at this time. +
++ All Evolution users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.12.3-r1"
+ + VLC is a cross-platform media player and streaming server. +
++ Multiple vulnerabilities were found in VLC: +
++ A remote attacker could send a long subtitle in a file that a user is + enticed to open, a specially crafted MP4 input file, long SDP data, or + a specially crafted HTTP request with a "Connection" header value + containing format specifiers, possibly resulting in the remote + execution of arbitrary code. Also, a Denial of Service could be caused + and arbitrary files could be overwritten via the "demuxdump-file" + option in a filename in a playlist or via an EXTVLCOPT statement in an + MP3 file. +
++ There is no known workaround at this time. +
++ All VLC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6e"
+ + Ghostscript is a suite of software based on an interpreter for + PostScript and PDF. +
++ Chris Evans (Google Security) discovered a stack-based buffer overflow + within the zseticcspace() function in the file zicc.c when processing a + PostScript file containing a long "Range" array in a .seticcscpate + operator. +
++ A remote attacker could exploit this vulnerability by enticing a user + to open a specially crafted PostScript file, which could possibly lead + to the execution of arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Ghostscript ESP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-esp-8.15.4-r1"
+ + All Ghostscript GPL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.61-r3"
+ + All Ghostscript GNU users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gnu-8.60.0-r2"
+ + phpMyAdmin is a free web-based database administration tool. +
++ Richard Cunningham reported that phpMyAdmin uses the $_REQUEST variable + of $_GET and $_POST as a source for its parameters. +
++ An attacker could entice a user to visit a malicious web application + that sets an "sql_query" cookie and is hosted on the same domain as + phpMyAdmin, and thereby conduct SQL injection attacks with the + privileges of the user authenticating in phpMyAdmin afterwards. +
++ There is no known workaround at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.5"
+ + MPlayer is a media player incuding support for a wide range of audio + and video formats. +
++ The following errors have been discovered in MPlayer: +
++ A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the execution of arbitrary code with the + privileges of the user running MPlayer. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p25993"
+ + PDFlib is a library for generating PDF on the fly. +
++ poplix reported multiple boundary errors in the pdc_fsearch_fopen() + function when processing overly long filenames. +
++ A remote attacker could send specially crafted content to a vulnerable + application using PDFlib, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All PDFlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/pdflib-7.0.2_p8"
+ + Cacti is a web-based network graphing and reporting tool. +
++ The following inputs are not properly sanitized before being processed: +
++ Furthermore, CRLF injection attack are possible via unspecified vectors + (CVE-2008-0786). +
++ A remote attacker could exploit these vulnerabilities, leading to path + disclosure, Cross-Site Scripting attacks, SQL injection, and HTTP + response splitting. +
++ There is no known workaround at this time. +
++ All Cacti users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.7b"
+ + The Apache HTTP server is one of the most popular web servers on the + Internet. +
++ Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method + specifier header is not properly sanitized when the HTTP return code is + "413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer + module does not properly check the balancer name before using it + (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its + answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported + that filenames are not properly sanitized within the mod_negotiation + module (CVE-2008-0455, CVE-2008-0456). +
++ A remote attacker could entice a user to visit a malicious URL or send + specially crafted HTTP requests (i.e using Adobe Flash) to perform + Cross-Site Scripting and HTTP response splitting attacks, or conduct a + Denial of Service attack on the vulnerable web server. +
++ There is no known workaround at this time. +
++ All Apache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.8"
+ + International Components for Unicode is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +
++ Will Drewry (Google Security) reported a vulnerability in the regular + expression engine when using back references to capture \0 characters + (CVE-2007-4770). He also found that the backtracking stack size is not + limited, possibly allowing for a heap-based buffer overflow + (CVE-2007-4771). +
++ A remote attacker could submit specially crafted regular expressions to + an application using the library, possibly resulting in the remote + execution of arbitrary code with the privileges of the user running the + application or a Denial of Service. +
++ There is no known workaround at this time. +
++ All International Components for Unicode users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-3.8.1-r1"
+ + Sarg (Squid Analysis Report Generator) is a tool that provides many + informations about the Squid web proxy server users activities: time, + sites, traffic, etc. +
++ Sarg doesn't properly check its input for abnormal content when + processing Squid log files. +
++ A remote attacker using a vulnerable Squid as a proxy server or a + reverse-proxy server can inject arbitrary content into the "User-Agent" + HTTP client header, that will be processed by sarg, which will lead to + the execution of arbitrary code, or JavaScript injection, allowing + Cross-Site Scripting attacks and the theft of credentials. +
++ There is no known workaround at this time. +
++ All sarg users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5"
+ + LIVE555 Media Server is a set of libraries for multimedia streaming. +
++ Luigi Auriemma reported a signedness error in the + parseRTSPRequestString() function when processing short RTSP queries. +
++ A remote attacker could send a specially crafted RTSP query to the + vulnerable server, resulting in a crash. +
++ There is no known workaround at this time. +
++ All LIVE555 Media Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-plugins/live-2008.02.08"
+ + Note: Due to ABI changes, applications built against LIVE555 Media + Server such as VLC or MPlayer should also be rebuilt. +
++ Website META Language is a free and extensible Webdesigner's off-line + HTML generation toolkit for Unix. +
++ Temporary files are handled insecurely in the files + wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and + wml_backend/p3_eperl/eperl_sys.c, allowing users to overwrite or delete + arbitrary files with the privileges of the user running the program. +
++ Local users can exploit the insecure temporary file vulnerabilities via + symlink attacks to perform certain actions with escalated privileges. +
++ Restrict access to the temporary directory to trusted users only. +
++ All Website META Language users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/wml-2.0.11-r3"
+ + PCRE is a Perl-compatible regular expression library. GLib includes a + copy of PCRE. +
++ PCRE contains a buffer overflow vulnerability when processing a + character class containing a very large number of characters with + codepoints greater than 255. +
++ A remote attacker could exploit this vulnerability by sending a + specially crafted regular expression to an application making use of + the PCRE library, which could possibly lead to the execution of + arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All PCRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.6-r1"
+ + All GLib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.14.6"
+ + Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail + server. +
++ Dovecot uses the group configured via the "mail_extra_groups" setting, + which should be used to create lockfiles in the /var/mail directory, + when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape + TAB characters in passwords when saving them, which might allow for + argument injection in blocking passdbs such as MySQL, PAM or shadow + (CVE-2008-1218). +
++ Remote attackers can exploit the first vulnerability to disclose + sensitive data, such as the mail of other users, or modify files or + directories that are writable by group via a symlink attack. Please + note that the "mail_extra_groups" setting is set to the "mail" group by + default when the "mbox" USE flag is enabled. +
++ The second vulnerability can be abused to inject arguments for internal + fields. No exploitation vectors are known for this vulnerability that + affect previously stable versions of Dovecot in Gentoo. +
++ There is no known workaround at this time. +
++ All Dovecot users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.0.13-r1"
+ + This version removes the "mail_extra_groups" option and introduces a + "mail_privileged_group" setting which is handled safely. +
++ Acrobat Reader is a PDF reader released by Adobe. +
++ SUSE reported that the "acroread" wrapper script does not create + temporary files in a secure manner when handling SSL certificates + (CVE-2008-0883). +
++ A local attacker could exploit this vulnerability to overwrite + arbitrary files via a symlink attack on temporary files. +
++ There is no known workaround at this time. +
++ All Adobe Acrobat Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.2-r1"
+ + MoinMoin is an advanced, easy to use and extensible Wiki Engine. +
++ Multiple vulnerabilities have been discovered: +
++ These vulnerabilities can be exploited to allow remote attackers to + inject arbitrary web script or HTML, overwrite arbitrary files, or read + protected pages. +
++ There is no known workaround at this time. +
++ All MoinMoin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.1"
+ + OpenLDAP Software is an open source implementation of the Lightweight + Directory Access Protocol. +
++ The following errors have been discovered in OpenLDAP: +
++ A remote attacker can cause a Denial of Serivce by sending a malformed + "objectClasses" attribute, and via unknown vectors that prevent the + "new_attrs" array from being NULL terminated, and via a modrdn + operation with a NOOP (LDAP_X_NO_OPERATION) control. +
++ There is no known workaround at this time. +
++ All OpenLDAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.41"
+ + ViewVC is a browser interface for CVS and Subversion version control + repositories. +
++ Multiple unspecified errors were reportedly fixed by the ViewVC + development team. +
++ A remote attacker could send a specially crafted URL to the server to + list CVS or SVN commits on "all-forbidden" files, access hidden CVSROOT + folders, and view restricted content via the revision view, the log + history, or the diff view. +
++ There is no known workaround at this time. +
++ All ViewVC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/viewvc-1.0.5"
+ + The ssl-cert eclass is a code module used by Gentoo ebuilds to generate + SSL certificates. +
++ Robin Johnson reported that the docert() function provided by + ssl-cert.eclass can be called by source building stages of an ebuild, + such as src_compile() or src_install(), which will result in the + generated SSL keys being included inside binary packages (binpkgs). +
++ A local attacker could recover the SSL keys from publicly readable + binary packages when "emerge" is called with the "--buildpkg + (-b)" or "--buildpkgonly (-B)" option. Remote attackers can + recover these keys if the packages are served to a network. Binary + packages built using "quickpkg" are not affected. +
++ Do not use pre-generated SSL keys, but use keys that were generated + using a different Certificate Authority. +
++ Upgrading to newer versions of the above packages will neither remove + possibly compromised SSL certificates, nor old binary packages. Please + remove the certificates installed by Portage, and then emerge an + upgrade to the package. +
++ All Conserver users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/conserver-8.1.16"
+ + All Postfix 2.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.4.6-r2"
+ + All Postfix 2.3 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.3.8-r1"
+ + All Postfix 2.2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.2.11-r1"
+ + All Netkit FTP Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r7"
+ + All ejabberd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/ejabberd-1.1.3"
+ + All UnrealIRCd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/unrealircd-3.2.7-r2"
+ + All Cyrus IMAP Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.3.9-r1"
+ + All Dovecot users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.0.10"
+ + All stunnel 4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.21"
+ + All InterNetNews users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.4.3-r1"
+ + MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. kadmind is the MIT Kerberos 5 administration daemon, + KDC is the Key Distribution Center. +
++ The first two vulnerabilities can be exploited by a remote + unauthenticated attacker to execute arbitrary code on the host running + krb5kdc, compromise the Kerberos key database or cause a Denial of + Service. These bugs can only be triggered when Kerberos 4 support is + enabled. +
++ The RPC related vulnerability can be exploited by a remote + unauthenticated attacker to crash kadmind, and theoretically execute + arbitrary code with root privileges or cause database corruption. This + bug can only be triggered in configurations that allow large numbers of + open file descriptors in a process. +
++ The GSSAPI vulnerabilities could be exploited by a remote attacker to + cause Denial of Service conditions or possibly execute arbitrary code. +
++ Kerberos 4 support can be disabled via disabling the "krb4" USE flag + and recompiling the ebuild, or setting "v4_mode=none" in the + [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around + the KDC related vulnerabilities. +
++ All MIT Kerberos 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1"
+ + Wireshark is a network protocol analyzer with a graphical front-end. +
++ Multiple unspecified errors exist in the SCTP, SNMP, and TFTP + dissectors. +
++ A remote attacker could cause a Denial of Service by sending a + malformed packet. +
++ Disable the SCTP, SNMP, and TFTP dissectors. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.8"
+ + CUPS provides a portable printing layer for UNIX-based operating + systems. +
++ Multiple vulnerabilities have been reported in CUPS: +
++ A local attacker could send specially crafted network packets or print + jobs and possibly execute arbitrary code with the privileges of the + user running CUPS (usually lp), or cause a Denial of Service. The + vulnerabilities are exploitable via the network when CUPS is sharing + printers remotely. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7"
+ + bzip2 is a free and open source lossless data compression program. +
++ The Oulu University discovered that bzip2 does not properly check + offsets provided by the bzip2 file, leading to a buffer overread. +
++ Remote attackers can entice a user or automated system to open a + specially crafted file that triggers a buffer overread, causing a + Denial of Service. libbz2 and programs linking against it are also + affected. +
++ There is no known workaround at this time. +
++ All bzip2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/bzip2-1.0.5"
+ + OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +
++ Two issues have been discovered in OpenSSH: +
++ A local attacker could exploit the first vulnerability to hijack + forwarded X11 sessions of other users and possibly execute code with + their privileges, disclose sensitive data or cause a Denial of Service, + by binding a local X11 server to a port using only one address family. + The second vulnerability might allow local attackers to bypass intended + security restrictions and execute commands other than those specified + by "ForceCommand" if they are able to write to their home directory. +
++ There is no known workaround at this time. +
++ All OpenSSH users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.7_p1-r6"
+ + MySQL is a popular multi-threaded, multi-user SQL server. +
++ Multiple vulnerabilities have been reported in MySQL: +
++ An authenticated remote attacker could exploit the first vulnerability + to overwrite MySQL system tables and escalate privileges, or use the + second vulnerability to gain privileges via an "ALTER VIEW" statement. + Remote federated MySQL servers could cause a Denial of Service in the + local MySQL server by exploiting the third vulnerability. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.54"
+ + NoMachine's NX establishes remote connections to X11 desktops over + small bandwidth links. NX and NX Node are the compression core + libraries, whereas NX is used by FreeNX and NX Node by the binary-only + NX servers. +
++ Multiple integer overflow and buffer overflow vulnerabilities have been + discovered in the X.Org X server as shipped by NX and NX Node + (vulnerabilities 1-4 in GLSA 200801-09). +
++ A remote attacker could exploit these vulnerabilities via unspecified + vectors, leading to the execution of arbitrary code with the privileges + of the user on the machine running the NX server. +
++ There is no known workaround at this time. +
++ All NX Node users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.1.0-r2"
+ + All NX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nx-3.1.0-r1"
+ + Info-ZIP's UnZip is a tool to list and extract files inside PKZIP + compressed files. +
++ Tavis Ormandy of the Google Security Team discovered that the NEEDBITS + macro in the inflate_dynamic() function in the file inflate.c can be + invoked using invalid buffers, which can lead to a double free. +
++ Remote attackers could entice a user or automated system to open a + specially crafted ZIP file that might lead to the execution of + arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All UnZip users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unzip-5.52-r2"
+ + PECL Alternative PHP Cache (PECL APC) is a free, open, and robust + framework for caching and optimizing PHP intermediate code. +
++ Daniel Papasian discovered a stack-based buffer overflow in the + apc_search_paths() function in the file apc.c when processing long + filenames. +
++ A remote attacker could exploit this vulnerability to execute arbitrary + code in PHP applications that pass user-controlled input to the + include() function. +
++ There is no known workaround at this time. +
++ All PECL APC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php5/pecl-apc-3.0.16-r1"
+ + lighttpd is a lightweight high-performance web server. +
++ Julien Cayzax discovered that an insecure default setting exists in + mod_userdir in lighttpd. When userdir.path is not set the default value + used is $HOME. It should be noted that the "nobody" user's $HOME is "/" + (CVE-2008-1270). An error also exists in the SSL connection code which + can be triggered when a user prematurely terminates his connection + (CVE-2008-1531). +
++ A remote attacker could exploit the first vulnerability to read + arbitrary files. The second vulnerability can be exploited by a remote + attacker to cause a Denial of Service by terminating a victim's SSL + connection. +
++ As a workaround for CVE-2008-1270 you can set userdir.path to a + sensible value, e.g. "public_html". +
++ All lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.19-r2"
+ + am-utils is a collection of utilities for use with the Berkeley + Automounter. +
++ Tavis Ormandy discovered that, when creating temporary files, the + 'expn' utility does not check whether the file already exists. +
++ A local attacker could exploit the vulnerability via a symlink attack + to overwrite arbitrary files. +
++ There is no known workaround at this time. +
++ All am-utils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/am-utils-6.1.5"
+ + Tomcat is the Apache Jakarta Project's official implementation of Java + Servlets and Java Server Pages. +
++ The following vulnerabilities were reported: +
++ These vulnerabilities can be exploited by: +
++ There is no known workaround at this time. +
++ All Tomcat 5.5.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.26"
+ + All Tomcat 6.0.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.16"
+ + policyd-weight is a Perl policy daemon for the Postfix MTA intended to + eliminate forged envelope senders and HELOs. +
++ Chris Howells reported that policyd-weight creates and uses the + "/tmp/.policyd-weight/" directory in an insecure manner. +
++ A local attacker could exploit this vulnerability to delete arbitrary + files or change the ownership to the "polw" user via symlink attacks. +
++ Set "$LOCKPATH = '/var/run/policyd-weight/'" manually in + "/etc/policyd-weight.conf". +
++ All policyd-weight users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/policyd-weight-0.1.14.17"
+ + This version changes the default path for sockets to + "/var/run/policyd-weight", which is only writable by a privileged user. + Users need to restart policyd-weight immediately after the upgrade due + to this change. +
++ gnome-screensaver is a screensaver, designed to integrate with the + Gnome desktop, that can replace xscreensaver. +
++ gnome-screensaver incorrectly handles the results of the getpwuid() + function in the file src/setuid.c when using directory servers (like + NIS) during a network outage, a similar issue to GLSA 200705-14. +
++ A local user can crash gnome-xscreensaver by preventing network + connectivity if the system uses a remote directory service for + credentials such as NIS or LDAP, which will unlock the screen. +
++ There is no known workaround at this time. +
++ All gnome-screensaver users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/gnome-screensaver-2.20.0-r3"
+ + Asterisk is an open source telephony engine and tool kit. +
++ Asterisk upstream developers reported multiple vulnerabilities: +
++ Remote authenticated attackers could send specially crafted data to + Asterisk to execute arbitrary SQL commands and compromise the + administrative database. Remote unauthenticated attackers could bypass + authentication using a valid username to hijack other user's sessions, + and establish sessions on the SIP channel without authentication. +
++ There is no known workaround at this time. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.27"
+ + Opera is a fast web browser that is available free of charge. +
++ Michal Zalewski reported two vulnerabilities, memory corruption when + adding news feed sources from a website (CVE-2008-1761) as well as when + processing HTML CANVAS elements to use scaled images (CVE-2008-1762). + Additionally, an unspecified weakness related to keyboard handling of + password inputs has been reported (CVE-2008-1764). +
++ A remote attacker could entice a user to visit a specially crafted web + site or news feed and possibly execute arbitrary code with the + privileges of the user running Opera. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.27"
+ + libpng is a free ANSI C library used to process and manipulate PNG + images. +
++ Tavis Ormandy of the Google Security Team discovered that libpng does + not handle zero-length unknown chunks in PNG files correctly, which + might lead to memory corruption in applications that call + png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks(). +
++ A remote attacker could entice a user or automated system to process a + specially crafted PNG image in an application using libpng and possibly + execute arbitrary code with the privileges of the user running the + application. Note that processing of unknown chunks is disabled by + default in most PNG applications, but some such as ImageMagick are + affected. +
++ There is no known workaround at this time. +
++ All libpng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.26-r1"
+ + rsync is a file transfer program to keep remote directories + synchronized. +
++ Sebastian Krahmer of SUSE reported an integer overflow in the + expand_item_list() function in the file util.c which might lead to a + heap-based buffer overflow when extended attribute (xattr) support is + enabled. +
++ A remote attacker could send a file containing specially crafted + extended attributes to an rsync deamon, or entice a user to sync from + an rsync server containing specially crafted files, possibly leading to + the execution of arbitrary code. +
++ Please note that extended attributes are only enabled when USE="acl" is + enabled, which is the default setting. +
++ Disable extended attributes in the rsync daemon by setting "refuse + options = xattrs" in the file "/etc/rsyncd.conf" (or append + "xattrs" to an existing "refuse" statement). When synchronizing to a + server, do not provide the "-X" parameter to rsync. You can also + disable the "acl" USE flag for rsync and recompile the package. +
++ All rsync users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.9-r6"
+ + Speex is an audio compression format designed for speech that is free + of patent restrictions. +
++ oCERT reported that the Speex library does not properly validate the + "mode" value it derives from Speex streams, allowing for array indexing + vulnerabilities inside multiple player applications. Within Gentoo, + xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins, + vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found + to be vulnerable. +
++ A remote attacker could entice a user to open a specially crafted Speex + file or network stream with an application listed above. This might + lead to the execution of arbitrary code with privileges of the user + playing the file. +
++ There is no known workaround at this time. +
++ All Speex users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/speex-1.2_beta3_p2"
+ + Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +
++ Kees Cook from the Ubuntu Security Team reported that the + CairoFont::create() function in the file CairoFontEngine.cc does not + verify the type of an embedded font object inside a PDF file before + dereferencing a function pointer from it. +
++ A remote attacker could entice a user to open a specially crafted PDF + file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, + or Evince, potentially resulting in the execution of arbitrary code + with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Poppler users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.3"
+ + PHP Toolkit is a utility to manage parallel installations of PHP within + Gentoo. It is executed by the PHP ebuilds at setup. +
++ Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph + reported that php-select does not quote parameters passed to the "tr" + command, which could convert the "-D PHP5" argument in the + "APACHE2_OPTS" setting in the file /etc/conf.d/apache2 to lower case. +
++ An attacker could entice a system administrator to run "emerge + php" or call "php-select -t apache2 php5" directly in a + directory containing a lower case single-character named file, which + would prevent Apache from loading mod_php and thereby disclose PHP + source code and cause a Denial of Service. +
++ Do not run "emerge" or "php-select" from a working directory which + contains a lower case single-character named file. +
++ All PHP Toolkit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/php-toolkit-1.0.1"
+ + The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +
++ Multiple vulnerabilities have been discovered in Sun Java: +
++ A remote attacker could entice a user to run a specially crafted applet + on a website or start an application in Java Web Start to execute + arbitrary code outside of the Java sandbox and of the Java security + restrictions with the privileges of the user running Java. The attacker + could also obtain sensitive information, create, modify, rename and + read local files, execute local applications, establish connections in + the local network, bypass the same origin policy, and cause a Denial of + Service via multiple vectors. +
++ There is no known workaround at this time. +
++ All Sun JRE 1.6 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.05"
+ + All Sun JRE 1.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.5.0.15"
+ + All Sun JRE 1.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.17"
+ + All Sun JDK 1.6 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.05"
+ + All Sun JDK 1.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.5.0.15"
+ + All Sun JDK 1.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.17"
+ + All emul-linux-x86-java 1.6 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.05"
+ + All emul-linux-x86-java 1.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.15"
+ + All emul-linux-x86-java 1.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.4.2.17"
+ + The Adobe Flash Player is a renderer for the popular SWF file format, + which is commonly used to provide interactive websites, digital + experiences and mobile content. +
++ Multiple vulnerabilities have been discovered in Adobe Flash: +
++ A remote attacker could entice a user to open a specially crafted file + (usually in a web browser), possibly leading to the execution of + arbitrary code with the privileges of the user running the Adobe Flash + Player. The attacker could also cause a user's machine to send HTTP + requests to other hosts, establish TCP sessions with arbitrary hosts, + bypass the security sandbox model, or conduct Cross-Site Scripting and + Cross-Site Request Forgery attacks. +
++ There is no known workaround at this time. +
++ All Adobe Flash Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-9.0.124.0"
+ + The PowerDNS Recursor is an advanced recursing nameserver. +
++ Amit Klein of Trusteer reported that insufficient randomness is used to + calculate the TRXID values and the UDP source port numbers + (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to + resolve this issue was incomplete, as it did not always enable the + stronger random number generator for source port selection + (CVE-2008-3217). +
++ A remote attacker could send malicious answers to insert arbitrary DNS + data into the cache. These attacks would in turn help an attacker to + perform man-in-the-middle and site impersonation attacks. +
++ There is no known workaround at this time. +
++ All PowerDNS Recursor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.1.6"
+ + CUPS provides a portable printing layer for UNIX-based operating + systems. +
++ Thomas Pollet reported a possible integer overflow vulnerability in the + PNG image handling in the file filter/image-png.c. +
++ A malicious user might be able to execute arbitrary code with the + privileges of the user running CUPS (usually lp), or cause a Denial of + Service by sending a specially crafted PNG image to the print server. + The vulnerability is exploitable via the network if CUPS is sharing + printers remotely. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r8"
+ + DBMail is a mail storage and retrieval daemon that uses SQL databases + as its data store. IMAP and POP3 can be used to retrieve mails from the + database. +
++ A vulnerability in DBMail's authldap module when used in conjunction + with an Active Directory server has been reported by vugluskr. When + passing a zero length password to the module, it tries to bind + anonymously to the LDAP server. If the LDAP server allows anonymous + binds, this bind succeeds and results in a successful authentication to + DBMail. +
++ By passing an empty password string to the server, an attacker could be + able to log in to any account. +
++ There is no known workaround at this time. +
++ All DBMail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dbmail-2.2.9"
+ + VLC is a cross-platform media player and streaming server. +
++ Multiple vulnerabilities were found in VLC: +
++ A remote attacker could entice a user to open a specially crafted media + file or stream, possibly resulting in the remote execution of arbitrary + code. +
++ There is no known workaround at this time. +
++ All VLC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6f"
+ + Openfire (formerly Wildfire) is a Java implementation of a complete + Jabber server. +
++ Openfire's connection manager in the file ConnectionManagerImpl.java + cannot handle clients that fail to read messages, and has no limit on + their session's send buffer. +
++ Remote authenticated attackers could trigger large outgoing queues + without reading messages, causing a Denial of Service. +
++ There is no known workaround at this time. +
++ All Openfire users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/openfire-3.5.0"
+ + SILC (Secure Internet Live Conferencing protocol) Toolkit is a software + development kit for use in clients, SILC Server is a communication + server, and SILC Client is an IRSSI-based text client. +
++ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service or execute arbitrary code with the privileges of the user + running the application. +
++ There is no known workaround at this time. +
++ All SILC Toolkit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.7"
+ + All SILC Client users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/silc-client-1.1.4"
+ + All SILC Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/silc-server-1.1.2"
+ + JRockit is BEA WebLogic's J2SE Development Kit. +
++ Because of sharing the same codebase, JRockit is affected by the + vulnerabilities mentioned in GLSA 200804-20. +
++ A remote attacker could entice a user to run a specially crafted applet + on a website or start an application in Java Web Start to execute + arbitrary code outside of the Java sandbox and of the Java security + restrictions with the privileges of the user running Java. The attacker + could also obtain sensitive information, create, modify, rename and + read local files, execute local applications, establish connections in + the local network, bypass the same origin policy, and cause a Denial of + Service via multiple vectors. +
++ There is no known workaround at this time. +
++ All JRockit 1.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/jrockit-jdk-bin-1.4.2.16"
+ + All JRockit 1.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/jrockit-jdk-bin-1.5.0.14"
+ + Comix is a GTK comic book viewer. +
++ Comix does not properly sanitize filenames containing shell + metacharacters when they are passed to the rar, unrar, or jpegtran + programs (CVE-2008-1568). Comix also creates directories with + predictable names (CVE-2008-1796). +
++ A remote attacker could exploit the first vulnerability by enticing a + user to use Comix to open a file with a specially crafted filename, + resulting in the execution of arbitrary commands. The second + vulnerability could be exploited by a local attacker to cause a Denial + of Service by creating a file or directory with the same filename as + the predictable filename used by Comix. +
++ There is no known workaround at this time. +
++ All Comix users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/comix-3.6.4-r1"
+ + KDE is a feature-rich graphical desktop environment for Linux and + Unix-like operating systems. start_kdeinit is a wrapper for kdeinit. +
++ Vulnerabilities have been reported in the processing of user-controlled + data by start_kdeinit, which is setuid root by default. +
++ A local attacker could possibly execute arbitrary code with root + privileges, cause a Denial of Service or send Unix signals to other + processes, when start_kdeinit is setuid root. +
++ There is no known workaround at this time. +
++ All kdelibs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.8-r4"
+ + The Horde Application Framework is a general-purpose web application + framework written in PHP, providing classes for handling preferences, + compression, browser detection, connection tracking, MIME and more. +
++ Multiple vulnerabilities have been reported in the Horde Application + Framework: +
++ The first vulnerability can be exploited by a remote attacker to read + arbitrary files and by remote authenticated attackers to execute + arbitrary files. The second vulnerability can be exploited by + authenticated remote attackers to perform restricted operations. +
++ There is no known workaround at this time. +
++ All Horde Application Framework users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.7"
+ + All horde-groupware users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-groupware-1.0.5"
+ + All horde-kronolith users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-2.1.7"
+ + All horde-mnemo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-2.1.2"
+ + All horde-nag users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-nag-2.1.4"
+ + All horde-webmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-webmail-1.0.6"
+ + phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +
++ Cezary Tomczak reported that an undefined UploadDir variable exposes an + information disclosure vulnerability when running on shared hosts. +
++ A remote attacker with CREATE TABLE permissions can exploit this + vulnerability via a specially crafted HTTP POST request in order to + read arbitrary files. +
++ There is no known workaround at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.5.2"
+ + Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 + terminal emulators. +
++ Bernhard R. Link discovered that RXVT opens a terminal on :0 if the + "-display" option is not specified and the DISPLAY environment variable + is not set. Further research by the Gentoo Security Team has shown that + aterm, Eterm, Mrxvt, multi-aterm, rxvt-unicode, and wterm are also + affected. +
++ A local attacker could exploit this vulnerability to hijack X11 + terminals of other users. +
++ There is no known workaround at this time. +
++ All aterm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"
+ + All Eterm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/eterm-0.9.4-r1"
+ + All Mrxvt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/mrxvt-0.5.3-r2"
+ + All multi-aterm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/multi-aterm-0.2.1-r1"
+ + All RXVT users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-2.7.10-r4"
+ + All rxvt-unicode users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.02-r1"
+ + All wterm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/wterm-6.2.9-r3"
+ + eGroupWare is a suite of web-based group applications including + calendar, address book, messenger and email. +
++ A vulnerability has been reported in FCKEditor due to the way that file + uploads are handled in the file + editor/filemanager/upload/php/upload.php when a filename has multiple + file extensions (CVE-2008-2041). Another vulnerability exists in the + _bad_protocol_once() function in the file + phpgwapi/inc/class.kses.inc.php, which allows remote attackers to + bypass HTML filtering (CVE-2008-1502). +
++ The first vulnerability can be exploited to upload malicious files and + execute arbitrary PHP code provided that a directory is writable by the + webserver. The second vulnerability can be exploited by remote + attackers via a specially crafted URL in order to conduct cross-site + scripting attacks. +
++ There is no known workaround at this time. +
++ All eGroupWare users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.4.004"
+ + Wireshark is a network protocol analyzer with a graphical front-end. +
++ Errors exist in: +
++ A remote attacker could exploit these vulnerabilities by sending a + malformed packet or enticing a user to read a malformed packet trace + file, causing a Denial of Service. +
++ Disable the X.509sat, Roofnet, LDAP, and SCCP dissectors. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.0"
+ + Firebird is a multi-platform, open source relational database. +
++ Viesturs reported that the default configuration for Gentoo's init + script ("/etc/conf.d/firebird") sets the "ISC_PASSWORD" environment + variable when starting Firebird. It will be used when no password is + supplied by a client connecting as the "SYSDBA" user. +
++ A remote attacker can authenticate as the "SYSDBA" user without + providing the credentials, resulting in complete disclosure of all + databases except for the user and password database (security2.fdb). +
++ There is no known workaround at this time. +
++ All Firebird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.3.12981.0-r6"
+ + Note: /etc/conf.d is protected by Portage as a configuration directory. + Do not forget to use "etc-update" or "dispatch-conf" to + overwrite the "firebird" configuration file, and then restart Firebird. +
++ The Linux Terminal Server Project adds thin-client support to Linux + servers. +
++ LTSP version 4.2, ships prebuilt copies of programs such as the Linux + Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA + 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA + 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) + which were subject to multiple security vulnerabilities since 2006. + Please note that the given list of vulnerabilities might not be + exhaustive. +
++ A remote attacker could possibly exploit vulnerabilities in the + aforementioned programs and execute arbitrary code, disclose sensitive + data or cause a Denial of Service within LTSP 4.2 clients. +
++ There is no known workaround at this time. +
++ LTSP 4.2 is not maintained upstream in favor of version 5. Since + version 5 is not yet available in Gentoo, the package has been masked. + We recommend that users unmerge LTSP: +
+
+ # emerge --unmerge net-misc/ltsp
+ + If you have a requirement for Linux Terminal Servers, please either set + up a terminal server by hand or use one of the distributions that + already migrated to LTSP 5. If you want to contribute to the + integration of LTSP 5 in Gentoo, or want to follow its development, + find details in bug 177580. +
++ InspIRCd (Inspire IRCd) is a modular C++ IRC daemon. +
++ The "namesx" and "uhnames" modules do not properly validate network + input, leading to a buffer overflow. +
++ A remote attacker can send specially crafted IRC commands to the + server, causing a Denial of Service. +
++ Unload the "uhnames" module in the InspIRCd configuration. +
++ All InspIRCd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/inspircd-1.1.19"
+ + MoinMoin is an advanced and extensible Wiki Engine. +
++ It has been reported that the user form processing in the file + userform.py does not properly manage users when using Access Control + Lists or a non-empty superusers list. +
++ A remote attacker could exploit this vulnerability to gain superuser + privileges on the application. +
++ There is no known workaround at this time. +
++ All MoinMoin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.3"
+ + Pngcrush is a multi platform optimizer for PNG (Portable Network + Graphics) files. +
++ It has been reported that Pngcrush includes a copy of libpng that is + vulnerable to a memory corruption (GLSA 200804-15). +
++ A remote attacker could entice a user to process a specially crafted + PNG image, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All Pngcrush users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/pngcrush-1.6.4-r1"
+ + Chicken is a Scheme interpreter and native Scheme to C compiler. +
++ Chicken includes a copy of PCRE which is vulnerable to multiple buffer + overflows and memory corruption vulnerabilities (GLSA 200711-30). +
++ An attacker could entice a user to process specially crafted regular + expressions with Chicken, which could possibly lead to the execution of + arbitrary code, a Denial of Service or the disclosure of sensitive + information. +
++ There is no known workaround at this time. +
++ All Chicken users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-scheme/chicken-3.1.0"
+ + Blender is a 3D creation, animation and publishing program. +
++ Stefan Cornelius (Secunia Research) reported a boundary error within + the imb_loadhdr() function in in the file + source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images + (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of + temporary files have also been reported (CVE-2008-1103). +
++ A remote attacker could entice a user to open a specially crafted file + (.hdr or .blend), possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Blender users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.43-r2"
+ + PTeX is a TeX distribution with Japanese support. It is used for + creating and manipulating LaTeX documents. +
++ Multiple issues were found in the teTeX 2 codebase that PTeX builds + upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable + code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, + GLSA 200711-22) and from T1Lib (GLSA 200710-12). +
++ Remote attackers could possibly execute arbitrary code and local + attackers could possibly overwrite arbitrary files with the privileges + of the user running PTeX via multiple vectors, e.g. enticing users to + open specially crafted files. +
++ There is no known workaround at this time. +
++ All PTeX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.10_p20071203"
+ + The Common Data Format library is a scientific data management package + which allows programmers and application developers to manage and + manipulate scalar, vector, and multi-dimensional data arrays in a + platform independent fashion. +
++ Alfredo Ortega (Core Security Technologies) reported a boundary error + within the Read32s_64() function when processing CDF files. +
++ A remote attacker could entice a user to open a specially crafted CDF + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Common Data Format library users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-libs/cdf-3.2.1"
+ + libid3tag is an ID3 tag manipulation library. +
++ Kentaro Oda reported an infinite loop in the file field.c when parsing + an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. +
++ A remote attacker could entice a user to open a specially crafted MP3 + file, possibly resulting in a Denial of Service. +
++ There is no known workaround at this time. +
++ All libid3tag users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libid3tag-0.15.1b-r2"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ iDefense Labs reported multiple vulnerabilities in OpenOffice.org: +
++ Furthermore, Will Drewry (Google Security) reported vulnerabilities in + the memory management of the International Components for Unicode + (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20. + However, the binary version of OpenOffice.org uses an internal copy of + said library. +
++ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running OpenOffice.org. +
++ There is no known workaround at this time. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.0"
+ + All OpenOffice.org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.0"
+ + Perl is a stable, cross platform programming language. +
++ Tavis Ormandy and Will Drewry of the Google Security Team have reported + a double free vulnerability when processing a crafted regular + expression containing UTF-8 characters. +
++ A remote attacker could possibly exploit this vulnerability to execute + arbitrary code or cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All Perl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r5"
+ + All libperl users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/libperl-5.8.8-r2"
+ + Mozilla Firefox is an open-source web browser and Mozilla Thunderbird + an open-source email client, both from the Mozilla Project. The + SeaMonkey project is a community effort to deliver production-quality + releases of code derived from the application formerly known as the + 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package + that can be used to bootstrap XUL+XPCOM applications like Firefox and + Thunderbird. +
++ The following vulnerabilities were reported in all mentioned Mozilla + products: +
++ The following vulnerability was reported in Thunderbird and SeaMonkey: +
++ The following vulnerabilities were reported in Firefox, SeaMonkey and + XULRunner: +
++ The following vulnerabilities were reported in Firefox: +
++ A remote attacker could entice a user to view a specially crafted web + page or email that will trigger one of the vulnerabilities, possibly + leading to the execution of arbitrary code or a Denial of Service. It + is also possible for an attacker to trick a user to upload arbitrary + files when submitting a form, to corrupt saved passwords for other + sites, to steal login credentials, or to conduct Cross-Site Scripting + and Cross-Site Request Forgery attacks. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.14"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.14"
+ + All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.14"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.14"
+ + All SeaMonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.9-r1"
+ + All SeaMonkey binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.9"
+ + All XULRunner users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.14"
+ + NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in + the SeaMonkey binary ebuild, as no precompiled packages have been + released. Until an update is available, we recommend all SeaMonkey + users to disable JavaScript, use Firefox for JavaScript-enabled + browsing, or switch to the SeaMonkey source ebuild. +
++ Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +
++ Multiple vulnerabilities have been reported: +
++ A remote attacker could entice a user or automated system to scan a + specially crafted file, possibly leading to the execution of arbitrary + code with the privileges of the user running ClamAV (either a system + user or the "clamav" user if clamd is compromised), or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.93"
+ + GnuTLS is an implementation of Secure Sockets Layer (SSL) 3.0 and + Transport Layer Security (TLS) 1.0, 1.1 and 1.2. +
++ Ossi Herrala and Jukka Taimisto of Codenomicon reported three + vulnerabilities in libgnutls of GnuTLS: +
++ Unauthenticated remote attackers could exploit these vulnerabilities to + cause Denial of Service conditions in daemons using GnuTLS. The first + vulnerability (CVE-2008-1948) might allow for the execution of + arbitrary code with the privileges of the daemon handling incoming TLS + connections. +
++ There is no known workaround at this time. +
++ All GnuTLS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.2.5"
+ + Roundup is an issue-tracking system with command-line, web and e-mail + interfaces. +
++ Philipp Gortan reported that the xml-rpc server in Roundup does not + check property permissions (CVE-2008-1475). Furthermore, Roland Meister + discovered multiple vulnerabilities caused by unspecified errors, some + of which may be related to cross-site scripting (CVE-2008-1474). +
++ A remote attacker could possibly exploit the first vulnerability to + edit or view restricted properties via the list(), display(), and set() + methods. The impact and attack vectors of the second vulnerability are + unknown. +
++ There is no known workaround at this time. +
++ All Roundup users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/roundup-1.4.4-r1"
+ + MPlayer is a media player including support for a wide range of audio + and video formats. +
++ k`sOSe reported an integer overflow vulnerability in the + sdpplin_parse() function in the file stream/realrtsp/sdpplin.c, which + can be exploited to overwrite arbitrary memory regions via an overly + large "StreamCount" SDP parameter. +
++ A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running MPlayer. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p26753"
+ + Samba is a suite of SMB and CIFS client/server programs. +
++ Alin Rad Pop (Secunia Research) reported a vulnerability in Samba + within the receive_smb_raw() function in the file lib/util_sock.c when + parsing SMB packets, possibly leading to a heap-based buffer overflow + via an overly large SMB packet. +
++ A remote attacker could possibly exploit this vulnerability by enticing + a user to connect to a malicious server or by sending specially crafted + packets to an nmbd server configured as a local or domain master + browser, resulting in the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.28a-r1"
+ + mtr combines the functionality of the 'traceroute' and 'ping' programs + in a single network diagnostic tool. +
++ Adam Zabrocki reported a boundary error within the split_redraw() + function in the file split.c, possibly leading to a stack-based buffer + overflow. +
++ A remote attacker could use a specially crafted resolved hostname to + execute arbitrary code with root privileges. However, it is required + that the attacker controls the DNS server used by the victim, and that + the "-p" (or "--split") command line option is used. +
++ There is no known workaround at this time. +
++ All mtr users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/mtr-0.73-r1"
+ + Libxslt is the XSLT C library developed for the GNOME project. XSLT + itself is an XML language to define transformations for XML. +
++ Anthony de Almeida Lopes reported a vulnerability in libxslt when + handling XSL style-sheet files, which could be exploited to trigger the + use of uninitialized memory, e.g. in a call to "free()". +
++ A remote attacker could entice a user or automated system to process an + XML file using a specially crafted XSL transformation file, possibly + resulting in the execution of arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All libxslt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.24"
+ + Imlib 2 is an advanced replacement library for libraries like libXpm. +
++ Stefan Cornelius (Secunia Research) reported two boundary errors in + Imlib2: +
++ A remote attacker could entice a user to open a specially crafted PNM + or XPM image, possibly resulting in the execution of arbitrary code + with the rights of the user running the application using Imlib 2. +
++ There is no known workaround at this time. +
++ All Imlib 2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.4.0-r1"
+ + rdesktop is an open source Remote Desktop Protocol (RDP) client. +
++ An anonymous researcher reported multiple vulnerabilities in rdesktop + via iDefense Labs: +
++ An attacker could exploit these vulnerabilities by enticing a user to + connect to a malicious RDP server thereby allowing the attacker to + execute arbitrary code or cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All rdesktop users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.6.0"
+ + cbrPager is a comic book pager. +
++ Mamoru Tasaka discovered that filenames of the image archives are not + properly sanitized before being passed to decompression utilities like + unrar and unzip, which use the system() libc library call. +
++ A remote attacker could entice a user to open an archive with a + specially crafted filename, resulting in arbitrary code execution with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All cbrPager users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/cbrpager-0.9.17"
+ + Evolution is the mail client of the GNOME desktop environment. +
++ Alin Rad Pop (Secunia Research) reported two vulnerabilities in + Evolution: +
++ A remote attacker could entice a user to open a specially crafted + iCalendar attachment, resulting in the execution of arbitrary code with + the privileges of the user running Evolution. +
++ There is no known workaround at this time. +
++ All Evolution users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.12.3-r2"
+ + The X Window System is a graphical windowing system based on a + client/server model. +
++ Regenrecht reported multiple vulnerabilities in various X server + extensions via iDefense: +
++ Exploitation of these vulnerabilities could possibly lead to the remote + execution of arbitrary code with root privileges, if the server is + running as root, which is the default. It is also possible to crash the + server by making use of these vulnerabilities. +
++ It is possible to avoid these vulnerabilities by disabling the affected + server extensions. Therefore edit the configuration file + (/etc/X11/xorg.conf) to contain the following in the appropriate + places: +
+
+ Section "Extensions"
+ Option "MIT-SHM" "disable"
+ Option "RENDER" "disable"
+ Option "SECURITY" "disable"
+ EndSection
+
+ Section "Module"
+ Disable "record"
+ EndSection
+ + All X.org X Server users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r6"
+ + OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
++ Ossi Herrala and Jukka Taimisto of Codenomicon discovered two + vulnerabilities: +
++ A remote attacker could connect to a vulnerable server, or entice a + daemon to connect to a malicious server, causing a Denial of Service of + the daemon in both cases. +
++ There is no known workaround at this time. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8g-r2"
+ + libvorbis is the reference implementation of the Xiph.org Ogg Vorbis + audio file format. It is used by many applications for playback of Ogg + Vorbis files. +
++ Will Drewry of the Google Security Team reported multiple + vulnerabilities in libvorbis: +
++ A remote attacker could exploit these vulnerabilities by enticing a + user to open a specially crafted Ogg Vorbis file or network stream with + an application using libvorbis. This might lead to the execution of + arbitrary code with the privileges of the user playing the file or a + Denial of Service by a crash or CPU consumption. +
++ There is no known workaround at this time. +
++ All libvorbis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.1_rc1"
+ + FreeType is a font rendering library for TrueType Font (TTF) and + Printer Font Binary (PFB). +
++ Regenrecht reported multiple vulnerabilities in FreeType via iDefense: +
++ A remote attacker could entice a user to open a specially crafted TTF + or PBF file, possibly resulting in the execution of arbitrary code with + the privileges of the user running an application linked against + FreeType (such as the X.org X server, running as root). +
++ There is no known workaround at this time. +
++ All FreeType users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.6"
+ + The IBM Java Development Kit (JDK) and the IBM Java Runtime Environment + (JRE) provide the IBM Java platform. +
++ Because of sharing the same codebase, IBM JDK and JRE are affected by + the vulnerabilities mentioned in GLSA 200804-20. +
++ A remote attacker could entice a user to run a specially crafted applet + on a website or start an application in Java Web Start to execute + arbitrary code outside of the Java sandbox and of the Java security + restrictions with the privileges of the user running Java. The attacker + could also obtain sensitive information, create, modify, rename and + read local files, execute local applications, establish connections in + the local network, bypass the same origin policy, and cause a Denial of + Service via multiple vectors. +
++ There is no known workaround at this time. +
++ All IBM JDK 1.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/ibm-jdk-bin-1.5.0.7"
+ + All IBM JDK 1.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/ibm-jdk-bin-1.4.2.11"
+ + All IBM JRE 1.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/ibm-jre-bin-1.5.0.7"
+ + All IBM JRE 1.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/ibm-jre-bin-1.4.2.11"
+ + Python is an interpreted, interactive, object-oriented programming + language. +
++ Multiple vulnerabilities were discovered in Python: +
++ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service or possibly the remote execution of arbitrary code with the + privileges of the user running Python. +
++ There is no known workaround at this time. +
++ The imageop module is no longer built in the unaffected versions. +
++ All Python 2.3 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r6"
+ + All Python 2.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13"
+ + Motion is a program that monitors the video signal from one or more + cameras and is able to detect motions. +
++ Nico Golde reported an off-by-one error within the read_client() + function in the webhttpd.c file, leading to a stack-based buffer + overflow. Stefan Cornelius (Secunia Research) reported a boundary error + within the same function, also leading to a stack-based buffer + overflow. Both vulnerabilities require that the HTTP Control interface + is enabled. +
++ A remote attacker could exploit these vulnerabilities by sending an + overly long or specially crafted request to a vulnerable Motion HTTP + control interface, possibly resulting in the execution of arbitrary + code with the privileges of the motion user. +
++ There is no known workaround at this time. +
++ All Motion users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/motion-3.2.10.1"
+ + PCRE is a Perl-compatible regular expression library. GLib includes a + copy of PCRE. +
++ Tavis Ormandy of the Google Security team reported a heap-based buffer + overflow when compiling regular expression patterns containing + "Internal Option Settings" such as "(?i)". +
++ A remote attacker could exploit this vulnerability by sending a + specially crafted regular expression to an application making use of + the PCRE library, which could possibly lead to the execution of + arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All PCRE users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.7-r1"
+ + All GLib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.16.3-r1"
+ + Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +
++ Felipe Andres Manzano reported a memory management issue in the Page + class constructor/destructor. +
++ A remote attacker could entice a user to open a specially crafted PDF + file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, + or Evince, potentially resulting in the execution of arbitrary code + with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All poppler users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.3-r1"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ Sean Larsson (iDefense Labs) reported an integer overflow in the + function rtl_allocateMemory() in the file + sal/rtl/source/alloc_global.c. +
++ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.1"
+ + All OpenOffice.org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.1"
+ + The Apache HTTP server is one of the most popular web servers on the + Internet. +
++ Multiple vulnerabilities have been discovered in Apache: +
++ A remote attacker could exploit these vulnerabilities by connecting to + an Apache httpd, by causing an Apache proxy server to connect to a + malicious server, or by enticing a balancer administrator to connect to + a specially-crafted URL, resulting in a Denial of Service of the Apache + daemon. +
++ There is no known workaround at this time. +
++ All Apache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.9"
+ + NoMachine's NX establishes remote connections to X11 desktops over + small bandwidth links. NX and NX Node are the compression core + libraries, whereas NX is used by FreeNX and NX Node by the binary-only + NX servers. +
++ Multiple integer overflow and buffer overflow vulnerabilities have been + discovered in the X.Org X server as shipped by NX and NX Node (GLSA + 200806-07). +
++ A remote attacker could exploit these vulnerabilities via unspecified + vectors, leading to the execution of arbitrary code with the privileges + of the user on the machine running the NX server. +
++ There is no known workaround at this time. +
++ All NX Node users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.2.0-r3"
+ + All NX users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nx-3.2.0-r2"
+ + ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +
++ Dan Kaminsky of IOActive has reported a weakness in the DNS protocol + related to insufficient randomness of DNS transaction IDs and query + source ports. +
++ An attacker could exploit this weakness to poison the cache of a + recursive resolver and thus spoof DNS traffic, which could e.g. lead to + the redirection of web or mail traffic to malicious sites. +
++ There is no known workaround at this time. +
++ All BIND users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.2_p1"
+ + Note: In order to utilize the query port randomization to mitigate the + weakness, you need to make sure that your network setup allows the DNS + server to use random source ports for query and that you have not set a + fixed query port via the "query-source port" directive in the BIND + configuration. +
++ Mercurial is a distributed Source Control Management system. +
++ Jakub Wilk discovered a directory traversal vulnerabilty in the + applydiff() function in the mercurial/patch.py file. +
++ A remote attacker could entice a user to import a specially crafted + patch, possibly resulting in the renaming of arbitrary files, even + outside the repository. +
++ There is no known workaround at this time. +
++ All Mercurial users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/mercurial-1.0.1-r2"
+ + Bacula is a network based backup suite. +
++ Matthijs Kooijman reported that the "make_catalog_backup" script uses + the MySQL password as a command line argument when invoking other + programs. +
++ A local attacker could list the processes on the local machine when the + script is running to obtain the MySQL password. Note: The password + could also be disclosed via network sniffing attacks when the script + fails, in which case it would be sent via cleartext e-mail. +
++ There is no known workaround at this time. +
++ A warning about this issue has been added in version 2.4.1, but the + issue is still unfixed. We advise not to use the make_catalog_backup + script, but to put all MySQL parameters into a dedicated file readable + only by the user running Bacula. +
++ PeerCast is a client and server for P2P-radio networks. +
++ Nico Golde reported a boundary error in the HTTP::getAuthUserPass() + function when processing overly long HTTP Basic authentication + requests. +
++ A remote attacker could send a specially crafted HTTP request to the + vulnerable server, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All PeerCast users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1218-r1"
+ + BitchX is an IRC client. +
++ bannedit reported a boundary error when handling overly long IRC MODE + messages (CVE-2007-4584). Nico Golde reported an insecure creation of a + temporary file within the e_hostname() function (CVE-2007-5839). +
++ A remote attacker could entice a user to connect to a malicious IRC + server, resulting in the remote execution of arbitrary code with the + privileges of the user running the application. A local attacker could + perform symlink attacks to overwrite arbitrary files on the local + machine. +
++ There is no known workaround at this time. +
++ Since BitchX is no longer maintained, we recommend that users unmerge + the vulnerable package and switch to another IRC client: +
+
+ # emerge --unmerge "net-irc/bitchx"
+ + VLC is a cross-platform media player and streaming server. +
++ A remote attacker could entice a user to open a specially crafted .wav + file, and a local attacker could entice a user to run VLC from a + directory containing specially crafted modules, possibly resulting in + the execution of arbitrary code with the privileges of the user running + the application. +
++ There is no known workaround at this time. +
++ All VLC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6i"
+ + Linux Audit is a set of userspace utilities for storing and processing + auditing records. +
++ A stack-based buffer overflow has been reported in the + audit_log_user_command() function in the file lib/audit_logging.c when + processing overly long arguments. +
++ A local attacker could execute a specially crafted command on the host + running Linux Audit, possibly resulting in the execution of arbitrary + code with the privileges of the user running Linux Audit. +
++ There is no known workaround at this time. +
++ All Linux Audit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/audit-1.7.3"
+ + Pan is a newsreader for the GNOME desktop. +
++ Pavel Polischouk reported a boundary error in the PartsBatch class when + processing .nzb files. +
++ A remote attacker could entice a user to open a specially crafted .nzb + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Pan users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nntp/pan-0.132-r3"
+ + Python is an interpreted, interactive, object-oriented programming + language. +
++ Multiple vulnerabilities were discovered in Python: +
++ A remote attacker could exploit these vulnerabilities in Python + applications or daemons that pass user-controlled input to vulnerable + functions. Exploitation might lead to the execution of arbitrary code + or a Denial of Service. Vulnerabilities within the hashlib might lead + to weakened cryptographic protection of data integrity or authenticity. +
++ There is no known workaround at this time. +
++ All Python 2.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14"
+ + All Python 2.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6"
+ + Please note that Python 2.3 is masked since June 24, and we will not be + releasing updates to it. It will be removed from the tree in the near + future. +
++ xine-lib is the core library package for the xine media player, and + other players such as Amarok, Codeine/Dragon Player and Kaffeine. +
++ Multiple vulnerabilities have been discovered in xine-lib: +
++ A remote attacker could entice a user to play a specially crafted video + file or stream with a player using xine-lib, potentially resulting in + the execution of arbitrary code with the privileges of the user running + the player. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.13"
+ + Net-SNMP is a collection of tools for generating and retrieving SNMP + data. The SNMPv3 protocol uses a keyed-Hash Message Authentication Code + (HMAC) to verify data integrity and authenticity of SNMP messages. +
++ Wes Hardaker reported that the SNMPv3 HMAC verification relies on the + client to specify the HMAC length (CVE-2008-0960). John Kortink + reported a buffer overflow in the Perl bindings of Net-SNMP when + processing the OCTETSTRING in an attribute value pair (AVP) received by + an SNMP agent (CVE-2008-2292). +
++ An attacker could send SNMPv3 packets to an instance of snmpd providing + a valid user name and an HMAC length value of 1, and easily conduct + brute-force attacks to bypass SNMP authentication. An attacker could + further entice a user to connect to a malicious SNMP agent with an SNMP + client using the Perl bindings, possibly resulting in the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All Net-SNMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.1.1"
+ + Mozilla Firefox is an open-source web browser and Mozilla Thunderbird + an open-source email client, both from the Mozilla Project. The + SeaMonkey project is a community effort to deliver production-quality + releases of code derived from the application formerly known as the + 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package + that can be used to bootstrap XUL+XPCOM applications like Firefox and + Thunderbird. +
++ The following vulnerabilities were reported in all mentioned Mozilla + products: +
++ The following vulnerabilities were reported in Firefox, SeaMonkey and + XULRunner: +
++ The following vulnerability was reported in Firefox only: +
++ A remote attacker could entice a user to view a specially crafted web + page or email that will trigger one of the vulnerabilities, possibly + leading to the execution of arbitrary code or a Denial of Service. It + is also possible for an attacker to trick a user to upload arbitrary + files or to accept an invalid certificate for a spoofed web site, to + read uninitialized memory, to violate Same Origin Policy, or to conduct + Cross-Site Scripting attacks. +
++ There is no known workaround at this time. +
++ All Mozilla Firefox users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.16"
+ + All Mozilla Firefox binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.16"
+ + All Mozilla Thunderbird users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.16"
+ + All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.16"
+ + All Seamonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11"
+ + All Seamonkey binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.11"
+ + All XULRunner users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16"
+ + All XULRunner binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-bin-1.8.1.16"
+ + Wireshark is a network protocol analyzer with a graphical front-end. +
++ Multiple vulnerabilities related to memory management were discovered + in the GSM SMS dissector (CVE-2008-3137), the PANA and KISMET + dissectors (CVE-2008-3138), the RTMPT dissector (CVE-2008-3139), the + syslog dissector (CVE-2008-3140) and the RMI dissector (CVE-2008-3141) + and when reassembling fragmented packets (CVE-2008-3145). +
++ A remote attacker could exploit these vulnerabilities by sending a + specially crafted packet on a network being monitored by Wireshark or + enticing a user to read a malformed packet trace file, causing a Denial + of Service. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.2"
+ + ISC DHCP is ISC's reference implementation of all aspects of the + Dynamic Host Configuration Protocol. +
++ A buffer overflow error was found in ISC DHCP server, that can only be + exploited under unusual server configurations where the DHCP server is + configured to provide clients with a large set of DHCP options. +
++ A remote attacker could exploit this vulnerability to cause a Denial of + Service. +
++ There is no known workaround at this time. +
++ All ISC DHCP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.1"
+ + libxslt is the XSLT C library developed for the GNOME project. XSLT is + an XML language to define transformations for XML. +
++ Chris Evans (Google Security) reported that the libexslt library that + is part of libxslt is affected by a heap-based buffer overflow in the + RC4 encryption/decryption functions. +
++ A remote attacker could entice a user to process an XML file using a + specially crafted XSLT stylesheet in an application linked against + libxslt, possibly leading to the execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All libxslt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.24-r1"
+ + Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +
++ Damian Put has discovered an out-of-bounds memory access while + processing Petite files (CVE-2008-2713, CVE-2008-3215). Also, please + note that the 0.93 ClamAV branch fixes the first of the two attack + vectors of CVE-2007-6595 concerning an insecure creation of temporary + files vulnerability. The sigtool attack vector seems still unfixed. +
++ A remote attacker could entice a user or automated system to scan a + specially crafted Petite file, possibly resulting in a Denial of + Service (daemon crash). Also, the insecure creation of temporary files + vulnerability can be triggered by a local user to perform a symlink + attack. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.93.3"
+ + The stunnel program is designed to work as an SSL encryption wrapper + between a remote client and a local or remote server. OCSP (Online + Certificate Status Protocol), as described in RFC 2560, is an internet + protocol used for obtaining the revocation status of an X.509 digital + certificate. +
++ An unspecified bug in the OCSP search functionality of stunnel has been + discovered. +
++ A remote attacker can use a revoked certificate that would be + successfully authenticated by stunnel. This issue only concerns the + users who have enabled the OCSP validation in stunnel. +
++ There is no known workaround at this time. +
++ All stunnel users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.24"
+ + OpenLDAP Software is an open source implementation of the Lightweight + Directory Access Protocol. +
++ Cameron Hotchkies discovered an error within the parsing of ASN.1 BER + encoded packets in the "ber_get_next()" function in + libraries/liblber/io.c. +
++ A remote unauthenticated attacker can send a specially crafted ASN.1 + BER encoded packet which will trigger the error and cause an + "assert()", terminating the "slapd" daemon. +
++ There is no known workaround at this time. +
++ All OpenLDAP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.43"
+ + Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +
++ The Johns Hopkins University Applied Physics Laboratory reported that + input to an unspecified JavaScript method is not properly validated. +
++ A remote attacker could entice a user to open a specially crafted PDF + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.2-r3"
+ + UUdeview is encoder and decoder supporting various binary formats. + NZBGet is a command-line based binary newsgrabber supporting .nzb + files. +
++ UUdeview makes insecure usage of the tempnam() function when creating + temporary files. NZBGet includes a copy of the vulnerable code. +
++ A local attacker could exploit this vulnerability to overwrite + arbitrary files on the system. +
++ There is no known workaround at this time. +
++ All UUDview users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/uudeview-0.5.20-r1"
+ + All NZBget users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=news-nntp/nzbget-0.4.0"
+ + Postfix is Wietse Venema's mailer that attempts to be fast, easy to + administer, and secure, as an alternative to the widely-used Sendmail + program. +
++ Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail + to root-owned symlinks in an insecure manner under certain conditions. + Normally, Postfix does not deliver mail to symlinks, except to + root-owned symlinks, for compatibility with the systems using symlinks + in /dev like Solaris. Furthermore, some systems like Linux allow to + hardlink a symlink, while the POSIX.1-2001 standard requires that the + symlink is followed. Depending on the write permissions and the + delivery agent being used, this can lead to an arbitrary local file + overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix + delivery agent does not properly verify the ownership of a mailbox + before delivering mail (CVE-2008-2937). +
++ The combination of these features allows a local attacker to hardlink a + root-owned symlink such that the newly created symlink would be + root-owned and would point to a regular file (or another symlink) that + would be written by the Postfix built-in local(8) or virtual(8) + delivery agents, regardless the ownership of the final destination + regular file. Depending on the write permissions of the spool mail + directory, the delivery style, and the existence of a root mailbox, + this could allow a local attacker to append a mail to an arbitrary file + like /etc/passwd in order to gain root privileges. +
++ The default configuration of Gentoo Linux does not permit any kind of + user privilege escalation. +
++ The second vulnerability (CVE-2008-2937) allows a local attacker, + already having write permissions to the mail spool directory which is + not the case on Gentoo by default, to create a previously nonexistent + mailbox before Postfix creates it, allowing to read the mail of another + user on the system. +
++ The following conditions should be met in order to be vulnerable to + local privilege escalation. +
++ Consequently, each one of the following workarounds is efficient. +
++ Concerning the second vulnerability, check the write permissions of + /var/spool/mail, or check that every Unix account already has a + mailbox, by using Wietse Venema's Perl script available in the official + advisory. +
++ All Postfix users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.5.3-r1"
+ + yelp is the default help browser for GNOME. +
++ Aaron Grattafiori reported a format string vulnerability in the + window_error() function in yelp-window.c. +
++ A remote attacker can entice a user to open specially crafted "man:" or + "ghelp:" URIs in yelp, or an application using yelp such as Firefox or + Evolution, and execute arbitrary code with the privileges of that user. +
++ There is no known workaround at this time. +
++ All yelp users running GNOME 2.22 should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.22.1-r2"
+ + All yelp users running GNOME 2.20 should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.20.0-r1"
+ + Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP + server. +
++ A remote attacker could send spoofed DNS response traffic to dnsmasq, + possibly involving generating queries via multiple vectors, and spoof + DNS replies, which could e.g. lead to the redirection of web or mail + traffic to malicious sites. Furthermore, an attacker could generate + invalid DHCP traffic and cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All dnsmasq users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.45"
+ + RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +
++ Dyon Balding of Secunia Research reported an unspecified heap-based + buffer overflow in the Shockwave Flash (SWF) frame handling. +
++ By enticing a user to open a specially crafted SWF (Shockwave Flash) + file, a remote attacker could be able to execute arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All RealPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/realplayer-11.0.0.4028-r1"
+ + MySQL is a popular multi-threaded, multi-user SQL server. +
++ Sergei Golubchik reported that MySQL imposes no restrictions on the + specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE + TABLE" statements. +
++ An authenticated remote attacker could create MyISAM tables, specifying + DATA or INDEX directories that contain future table files by other + database users, or existing table files in the MySQL data directory, + gaining access to those tables. +
++ There is no known workaround at this time. +
++ All MySQL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.60-r1"
+ + The Courier Authentication Library is a generic authentication API that + encapsulates the process of validating account passwords. +
++ It has been discovered that some input (e.g. the username) passed to + the library are not properly sanitised before being used in SQL + queries. +
++ A remote attacker could provide specially crafted input to the library, + possibly resulting in the remote execution of arbitrary SQL commands. + NOTE: Exploitation of this vulnerability requires that a MySQL database + is used for authentication and that a Non-Latin character set is + selected. +
++ There is no known workaround at this time. +
++ All Courier Authentication Library users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/courier-authlib-0.60.6"
+ + VLC is a cross-platform media player and streaming server. +
++ g_ reported the following vulnerabilities: +
++ A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the remote execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All VLC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6i-r2"
+ + libTIFF provides support for reading and manipulating TIFF (Tagged + Image File Format) images. +
++ Drew Yao (Apple Product Security) and Clay Wood reported multiple + buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in + tif_lzw.c when processing TIFF files. +
++ A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +
++ There is no known workaround at this time. +
++ All libTIFF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r4"
+ + Amarok is an advanced music player. +
++ Dwayne Litzenberger reported that the + MagnatuneBrowser::listDownloadComplete() function in + magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary + file in an insecure manner. +
++ A local attacker could perform a symlink attack to overwrite arbitrary + files on the system with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All Amarok users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10"
+ + Postfix is Wietse Venema's mailer that attempts to be fast, easy to + administer, and secure, as an alternative to the widely-used Sendmail + program. +
++ It has been discovered than Postfix leaks an epoll file descriptor when + executing external commands, e.g. user-controlled $HOME/.forward or + $HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix + instances running on Linux 2.6 kernels. +
++ A local attacker could exploit this vulnerability to reduce the + performance of Postfix, and possibly trigger an assertion, resulting in + a Denial of Service. +
++ Allow only trusted users to control delivery to non-Postfix commands. +
++ All Postfix 2.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.4.9"
+ + All Postfix 2.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.5.5"
+ + Mantis is a PHP/MySQL/Web based bugtracking system. +
++ Antonio Parata and Francesco Ongaro reported a Cross-Site Request + Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a + Cross-Site Scripting vulnerability in return_dynamic_filters.php + (CVE-2008-3331), and an insufficient input validation in + adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability + in core/lang_api.php (CVE-2008-3333) has also been reported. +
++ A remote attacker could exploit these vulnerabilities to execute + arbitrary HTML and script code, create arbitrary users with + administrative privileges, execute arbitrary PHP commands, and include + arbitrary files. +
++ There is no known workaround at this time. +
++ All Mantis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.2"
+ + HAVP is a HTTP AntiVirus Proxy. +
++ Peter Warasin reported an infinite loop in sockethandler.cpp when + connecting to a non-responsive HTTP server. +
++ A remote attacker could send requests to unavailable servers, resulting + in a Denial of Service. +
++ There is no known workaround at this time. +
++ All HAVP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/havp-0.89"
+ + Newsbeuter is a RSS/Atom feed reader for the text console. +
++ J.H.M. Dassen reported that the open-in-browser command does not + properly escape shell metacharacters in the URL before passing it to + system(). +
++ A remote attacker could entice a user to open a feed with specially + crafted URLs, possibly resulting in the remote execution of arbitrary + shell commands with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Newsbeuter users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-news/newsbeuter-1.2"
+ + R is a GPL licensed implementation of S, a language and environment for + statistical computing and graphics. +
++ Dmitry E. Oboukhov reported that the "javareconf" script uses temporary + files in an insecure manner. +
++ A local attacker could exploit this vulnerability to overwrite + arbitrary files with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All R users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/R-2.7.1"
+ + BitlBee is an IRC to IM gateway that support multiple IM protocols. +
++ Multiple unspecified vulnerabilities were reported, including a NULL + pointer dereference. +
++ A remote attacker could exploit these vulnerabilities to overwrite + existing IM accounts. +
++ There is no known workaround at this time. +
++ All BitlBee users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/bitlbee-1.2.3"
+ + GNU ed is a basic line editor. red is a restricted version of ed that + does not allow shell command execution. +
++ Alfredo Ortega from Core Security Technologies reported a heap-based + buffer overflow in the strip_escapes() function when processing overly + long filenames. +
++ A remote attacker could entice a user to process specially crafted + commands with ed or red, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All GNU ed users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/ed-1.0"
+ + Git is a distributed version control system. +
++ Multiple boundary errors in the functions diff_addremove() and + diff_change() when processing overly long repository path names were + reported. +
++ A remote attacker could entice a user to run commands like "git-diff" + or "git-grep" on a specially crafted repository, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +
++ There is no known workaround at this time. +
++ All Git users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/git-1.5.6.4"
+ + Wireshark is a network protocol analyzer with a graphical front-end. +
++ The following vulnerabilities were reported: +
++ A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file, causing a + Denial of Service. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.3"
+ + Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +
++ Hanno boeck reported an error in libclamav/chmunpack.c when processing + CHM files (CVE-2008-1389). Other unspecified vulnerabilities were also + reported, including a NULL pointer dereference in libclamav + (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), + and file descriptor leaks in libclamav/others.c and libclamav/sis.c + (CVE-2008-3914). +
++ A remote attacker could entice a user or automated system to scan a + specially crafted CHM, possibly resulting in a Denial of Service + (daemon crash). The other attack vectors mentioned above could also + result in a Denial of Service. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94"
+ + WordNet is a large lexical database of English. +
++ Jukka Ruohonen initially reported a boundary error within the + searchwn() function in src/wn.c. A thorough investigation by the oCERT + team revealed several other vulnerabilities in WordNet: +
++ There is no known workaround at this time. +
++ All WordNet users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-dicts/wordnet-3.0-r2"
+ + Portage is Gentoo's package manager which is responsible for + installing, compiling and updating all packages on the system through + the Gentoo rsync tree. +
++ The Gentoo Security Team discovered that several ebuilds, such as + sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python + code using "python -c", which includes the current working directory in + Python's module search path. For several ebuild functions, Portage did + not change the working directory from emerge's working directory. +
++ A local attacker could place a specially crafted Python module in a + directory (such as /tmp) and entice the root user to run commands such + as "emerge sys-apps/portage" from that directory, resulting in the + execution of arbitrary Python code with root privileges. +
++ Do not run "emerge" from untrusted working directories. +
++ All Portage users should upgrade to the latest version: +
+
+ # cd /root
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.4.5"
+ + NOTE: To upgrade to Portage 2.1.4.5 using 2.1.4.4 or prior, you must + run emerge from a trusted working directory, such as "/root". +
++ libspf2 is a library that implements the Sender Policy Framework, + allowing mail transfer agents to make sure that an email is authorized + by the domain name that it is coming from. Currently, only the exim MTA + uses libspf2 in Gentoo. +
++ libspf2 uses a fixed-length buffer to receive DNS responses and does + not properly check the length of TXT records, leading to buffer + overflows. +
++ A remote attacker could store a specially crafted DNS entry and entice + a user or automated system using libspf2 to lookup that SPF entry (e.g. + by sending an email to the MTA), possibly allowing for the execution of + arbitrary code. +
++ There is no known workaround at this time. +
++ All libspf2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.8"
+ + Opera is a fast web browser that is available free of charge. +
++ Multiple vulnerabilities have been discovered in Opera: +
++ These vulnerabilties allow remote attackers to execute arbitrary code, + to run scripts injected into Opera's History Search with elevated + privileges, to inject arbitrary web script or HTML into web pages, to + manipulate the address bar, to change Opera's preferences, to determine + the validity of local filenames, to read cache files, browsing history, + and subscribed feeds or to conduct other attacks. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.62"
+ + Gallery is an open source web based photo album organizer. +
++ Multiple vulnerabilities have been discovered in Gallery 1 and 2: +
++ Remote attackers could send specially crafted requests to a server + running Gallery, allowing for the execution of arbitrary code when + register_globals is enabled, or read arbitrary files via directory + traversals otherwise. Attackers could also entice users to visit + crafted links allowing for theft of login credentials. +
++ There is no known workaround at this time. +
++ All Gallery 2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6"
+ + All Gallery 1 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9"
+ + FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. +
++ The ICST-ERCIS (Peking University) reported a heap-based buffer + overflow in the decodeMP4file() function in frontend/main.c. +
++ A remote attacker could entice a user to open a specially crafted + MPEG-4 (MP4) file in an application using FAAD2, possibly leading to + the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All FAAD2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.6.1-r2"
+ + Graphviz is an open source graph visualization software. +
++ Roee Hay reported a stack-based buffer overflow in the push_subg() + function in parser.y when processing a DOT file with a large number of + Agraph_t elements. +
++ A remote attacker could entice a user or automated system to open a + specially crafted DOT file in an application using Graphviz, possibly + leading to the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All Graphviz users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.20.3"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ Several vulnerabilitites were found in PHP: +
++ These vulnerabilities might allow a remote attacker to execute + arbitrary code, to cause a Denial of Service, to circumvent security + restrictions, to disclose information, and to manipulate files. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.6-r6"
+ + OptiPNG is a PNG optimizer that recompresses image files to a smaller + size, without losing any information. +
++ A buffer overflow in the BMP reader in OptiPNG has been reported. +
++ A remote attacker could entice a user to process a specially crafted + BMP image, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All OptiPNG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2"
+ + enscript is a powerful ASCII to PostScript file converter. +
++ Two stack-based buffer overflows in the read_special_escape() function + in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research + discovered a vulnerability related to the "setfilename" command + (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability + related to the "font" escape sequence (CVE-2008-4306). +
++ An attacker could entice a user or automated system to process + specially crafted input with the special escapes processing enabled + using the "-e" option, possibly resulting in the execution of arbitrary + code. +
++ There is no known workaround at this time. +
++ All enscript users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.4-r4"
+ + IPsec-Tools is a port of KAME's implementation of the IPsec utilities. + It contains a collection of network monitoring tools, including racoon, + ping, and ping6. +
++ Two Denial of Service vulnerabilities have been reported in racoon: +
++ An attacker could exploit these vulnerabilities to cause a Denial of + Service. +
++ There is no known workaround at this time. +
++ All IPsec-Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.1"
+ + lighttpd is a lightweight high-performance web server. +
++ Multiple vulnerabilities have been reported in lighttpd: +
++ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service, to bypass intended access restrictions, to obtain sensitive + information, or to possibly modify data. +
++ There is no known workaround at this time. +
++ All lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20"
+ + Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for + audio. +
++ Russell O'Connor reported a buffer overflow in src/src_sinc.c related + to low conversion ratios. +
++ A remote attacker could entice a user or automated system to process a + specially crafted audio file possibly leading to the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All libsamplerate users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsamplerate-0.1.4"
+ + libxml2 is the XML (eXtended Markup Language) C parser and toolkit + initially developed for the Gnome project. +
++ Multiple vulnerabilities were reported in libxml2: +
++ A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2, + possibly resulting in the exeution of arbitrary code or a high CPU and + memory consumption. +
++ There is no known workaround at this time. +
++ All libxml2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1"
+ + Mantis is a PHP/MySQL/Web based bugtracking system. +
++ Multiple issues have been reported in Mantis: +
++ Remote unauthenticated attackers could exploit these vulnerabilities to + execute arbitrary PHP commands, disclose sensitive issue data, or + hijack a user's sessions. +
++ There is no known workaround at this time. +
++ All Mantis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1"
+ + Mgetty is a set of fax and voice modem programs. +
++ Dmitry E. Oboukhov reported that the "spooldir" directory in + fax/faxspool.in is created in an insecure manner. +
++ A local attacker could exploit this vulnerability to overwrite + arbitrary files with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All Mgetty users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/mgetty-1.1.36-r3"
+ + OpenSC is a smart card application that allows reading and writing via + PKCS#11. +
++ Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN + file control information of 00) for the 5015 directory on smart cards + and USB crypto tokens running Siemens CardOS M4. +
++ A physically proximate attacker can exploit this vulnerability to + change the PIN on a smart card and use it for authentication, leading + to privilege escalation. +
++ There is no known workaround at this time. +
++ All OpenSC users should upgrade to the latest version, and then check + and update their smart cards: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.6"
+ # pkcs15-tool --test-update
+ # pkcs15-tool --test-update --update
+ + Archive::Tar is a Perl module for creation and manipulation of tar + files. +
++ Jonathan Smith of rPath reported that Archive::Tar does not check for + ".." in file names. +
++ A remote attacker could entice a user or automated system to extract a + specially crafted tar archive, overwriting files at arbitrary locations + outside of the specified directory. +
++ There is no known workaround at this time. +
++ All Archive::Tar users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=perl-core/Archive-Tar-1.40"
+ + CUPS is the Common Unix Printing System. +
++ Several buffer overflows were found in: +
++ A remote attacker could send specially crafted input to a vulnerable + server, resulting in the remote execution of arbitrary code with the + privileges of the user running the server. +
++ None this time. +
++ All CUPS users should upgrade to the latest version. +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1"
+ + Honeyd is a small daemon that creates virtual hosts on a network. +
++ Dmitry E. Oboukhov reported an insecure temporary file usage within the + "test.sh" script. +
++ A local attacker could perform symlink attacks and overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Honeyd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/honeyd-1.5c-r1"
+ + OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +
++ Two heap-based buffer overflows when processing WMF files + (CVE-2008-2237) and EMF files (CVE-2008-2238) were discovered. Dmitry + E. Oboukhov also reported an insecure temporary file usage within the + senddoc script (CVE-2008-4937). +
++ A remote attacker could entice a user to open a specially crafted + document, resulting in the remote execution of arbitrary code. A local + attacker could perform symlink attacks to overwrite arbitrary files on + the system. Both cases happen with the privileges of the user running + the application. +
++ There is no known workaround at this time. +
++ All OpenOffice.org users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-3.0.0"
+ + All OpenOffice.org binary users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-3.0.0"
+ + aview is an ASCII image viewer and animation player. +
++ Dmitry E. Oboukhov reported that aview uses the "/tmp/aview$$.pgm" file + in an insecure manner when processing files. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files on the system with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All aview users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/aview-1.3.0_rc1-r1"
+ + POV-Ray is a well known open-source ray tracer. +
++ POV-Ray uses a statically linked copy of libpng to view and output PNG + files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, + CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in + POV-Ray's build system caused it to load the old version when your + installed copy of libpng was >=media-libs/libpng-1.2.10. +
++ An attacker could entice a user to load a specially crafted PNG file as + a texture, resulting in the execution of arbitrary code with the + permissions of the user running the application. +
++ There is no known workaround at this time. +
++ All POV-Ray users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/povray-3.6.1-r4"
+ + Dovecot is an IMAP and POP3 server written with security primarily in + mind. +
++ Several vulnerabilities were found in Dovecot: +
++ These vulnerabilities might allow a remote attacker to cause a Denial + of Service, to circumvent security restrictions or allow local + attackers to disclose the passphrase of the SSL private key. +
++ There is no known workaround at this time. +
++ All Dovecot users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.1.7-r1"
+ + Users should be aware that dovecot.conf will still be world-readable + after the update. If employing ssl_key_password, it should not be used + in dovecot.conf but in a separate file which should be included with + "include_try". +
++ Ruby is an interpreted object-oriented programming language. The + elaborate standard library includes an HTTP server ("WEBRick") and a + class for XML parsing ("REXML"). +
++ Multiple vulnerabilities have been discovered in the Ruby interpreter + and its standard libraries. Drew Yao of Apple Product Security + discovered the following flaws: +
++ Furthermore, several other vulnerabilities have been reported: +
++ These vulnerabilities allow remote attackers to execute arbitrary code, + spoof DNS responses, bypass Ruby's built-in security and taintness + checks, and cause a Denial of Service via crash or CPU exhaustion. +
++ There is no known workaround at this time. +
++ All Ruby users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1"
+ + The JasPer Project is an open-source initiative to provide a free + software-based reference implementation of the codec specified in the + JPEG-2000 Part-1 (jpeg2k) standard. +
++ Marc Espie and Christian Weisgerber have discovered multiple + vulnerabilities in JasPer: +
++ Remote attackers could entice a user or automated system to process + specially crafted jpeg2k files with an application using JasPer, + possibly leading to the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All JasPer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r3"
+ + The PowerDNS Nameserver is an authoritative-only nameserver which uses + a flexible backend architecture. +
++ Daniel Drown reported an error when receiving a HINFO CH query + (CVE-2008-5277). Brian J. Dowling of Simplicity Communications + discovered a previously unknown security implication of the PowerDNS + behavior to not respond to certain queries it considers malformed + (CVE-2008-3337). +
++ A remote attacker could send specially crafted queries to cause a + Denial of Service. The second vulnerability in itself does not pose a + security risk to PowerDNS Nameserver. However, not answering a query + for an invalid DNS record within a valid domain allows for a larger + spoofing window on third-party nameservers for domains being hosted by + PowerDNS Nameserver itself. +
++ There is no known workaround at this time. +
++ All PowerDNS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/pdns-2.9.21.2"
+ + phpCollab is a web-enabled groupware and project management software + written in PHP. It uses SQL-based database backends. +
++ Multiple vulnerabilities have been found in phpCollab: +
++ These vulnerabilities enable remote attackers to execute arbitrary SQL + statements and PHP code. NOTE: Some of the SQL injection + vulnerabilities require the php.ini option "magic_quotes_gpc" to be + disabled. Furthermore, an attacker might be able to execute arbitrary + shell commands if "register_globals" is enabled, "magic_quotes_gpc" is + disabled, the PHP OpenSSL extension is not installed or loaded and the + file "installation/setup.php" has not been deleted after installation. +
++ There is no known workaround at this time. +
++ phpCollab has been removed from the Portage tree. We recommend that + users unmerge phpCollab: +
+
+ # emerge --unmerge "www-apps/phpcollab"
+ + Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +
++ Moritz Jodeit reported an off-by-one error within the + get_unicode_name() function in libclamav/vba_extract.c when processing + VBA project files (CVE-2008-5050). Ilja van Sprundel reported an + infinite recursion error within the cli_check_jpeg_exploit() function + in libclamav/special.c when processing JPEG files (CVE-2008-5314). +
++ A remote attacker could send a specially crafted VBA or JPEG file to + the clamd daemon, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application + or a Denial of Service. +
++ There is no known workaround at this time. +
++ All ClamAV users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94.2"
+ + Ampache is a PHP based tool for managing, updating and playing audio + files via a web interface. +
++ Dmitry E. Oboukhov reported an insecure temporary file usage within the + gather-messages.sh script. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Ampache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/ampache-3.4.3"
+ + Imlib2 is replacement library from the Enlightenment project for + libraries like libXpm. +
++ Julien Danjou reported a pointer arithmetic error and a heap-based + buffer overflow within the load() function of the XPM image loader. +
++ A remote attacker could entice a user to process a specially crafted + XPM image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All Imlib2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.4.2-r1"
+ + VLC is a cross-platform media player and streaming server. +
++ Tobias Klein reported the following vulnerabilities: +
++ A remote attacker could entice a user to open a specially crafted CUE + image file, RealMedia file or RealText subtitle file, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application. +
++ There is no known workaround at this time. +
++ All VLC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-0.9.8a"
+ + NDISwrapper is a Linux kernel module that enables the use of Microsoft + Windows drivers for wireless network devices. +
++ Anders Kaseorg reported multiple buffer overflows related to long + ESSIDs. +
++ A physically proximate attacker could send packets over a wireless + network that might lead to the execution of arbitrary code with root + privileges. +
++ There is no known workaround at this time. +
++ All NDISwrapper users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/ndiswrapper-1.53-r1"
+ + JHead is an exif jpeg header manipulation tool. +
++ Marc Merlin and John Dong reported multiple vulnerabilities in JHead: +
++ A remote attacker could possibly execute arbitrary code by enticing a + user or automated system to open a file with a long filename or via + unspecified vectors. It is also possible to trick a user into deleting + or overwriting files. +
++ There is no known workaround at this time. +
++ All JHead users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/jhead-2.84-r1"
+ + pdnsd is a proxy DNS server with permanent caching that is designed to + cope with unreachable DNS servers. +
++ Two issues have been reported in pdnsd: +
++ An attacker could exploit the second weakness to poison the cache of + pdnsd and thus spoof DNS traffic, which could e.g. lead to the + redirection of web or mail traffic to malicious sites. The first issue + can be exploited by enticing pdnsd to send a query to a malicious DNS + server, or using the port randomization weakness, and might lead to a + Denial of Service. +
++ Port randomization can be enabled by setting the "query_port_start" + option to 1024 which would resolve the CVE-2008-1447 issue. +
++ All pdnsd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/pdnsd-1.2.7"
+ + D-Bus is a daemon providing a framework for applications to communicate + with one another. +
++ schelte reported that the dbus_signature_validate() function can + trigger a failed assertion when processing a message containing a + malformed signature. +
++ A local user could send a specially crafted message to the D-Bus + daemon, leading to a Denial of Service. +
++ There is no known workaround at this time. +
++ All D-Bus users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.2.3-r1"
+ + Streamripper is a tool for extracting and recording mp3 files from a + Shoutcast stream. +
++ Stefan Cornelius from Secunia Research reported multiple buffer + overflows in the http_parse_sc_header(), http_get_pls() and + http_get_m3u() functions in lib/http.c when parsing overly long HTTP + headers, or pls and m3u playlists with overly long entries. +
++ A remote attacker could entice a user to connect to a malicious server, + possibly resulting in the remote execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Streamripper users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.64.0"
+ + Tremulous is a team-based First Person Shooter game. +
++ It has been reported that Tremulous includes a vulnerable version of + the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236). +
++ A remote attacker could entice a user to connect to a malicious games + server, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ Tremulous users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-fps/tremulous-1.1.0-r2"
+ + Note: The binary version of Tremulous has been removed from the Portage + tree. +
++ MPlayer is a media player including support for a wide range of audio + and video formats. +
++ Multiple vulnerabilities have been reported in MPlayer: +
++ A remote attacker could entice a user to open a specially crafted STR, + Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of + Service. +
++ There is no known workaround at this time. +
++ All MPlayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p28058-r1 "
+ + Online-Bookmarks is a web-based bookmark management system to store + your bookmarks, favorites and links. +
++ The following vulnerabilities were reported: +
++ A remote attacker could exploit these vulnerabilities to bypass + authentication mechanisms, execute arbitrary SQL statements or inject + arbitrary web scripts. +
++ There is no known workaround at this time. +
++ All Online-Bookmarks users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/online-bookmarks-0.6.28"
+ + Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +
++ A remote attacker could entice a user to open a specially crafted PDF + document, and local attackers could entice a user to run acroread from + an untrusted working directory. Both might result in the execution of + arbitrary code with the privileges of the user running the application, + or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.3"
+ + GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0. +
++ Martin von Gagern reported that the _gnutls_x509_verify_certificate() + function in lib/x509/verify.c trusts certificate chains in which the + last certificate is an arbitrary trusted, self-signed certificate. +
++ A remote attacker could exploit this vulnerability and spoof arbitrary + names to conduct Man-In-The-Middle attacks and intercept sensitive + information. +
++ There is no known workaround at this time. +
++ All GnuTLS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.4.1-r2"
+ + Avahi is a system that facilitates service discovery on a local + network. +
++ Hugo Dias reported a failed assertion in the + originates_from_local_legacy_unicast_socket() function in + avahi-core/server.c when processing mDNS packets with a source port of + 0. +
++ A remote attacker could send specially crafted packets to the daemon, + leading to its crash. +
++ There is no known workaround at this time. +
++ All Avahi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.24"
+ + noip-updater is a tool used for updating IP addresses of dynamic DNS + records at no-ip.com. +
++ xenomuta found out that the GetNextLine() function in noip2.c misses a + length check, leading to a stack-based buffer overflow. +
++ A remote attacker could exploit this vulnerability to execute arbitrary + code by sending a specially crafted HTTP message to the client. NOTE: + Successful exploitation requires a man in the middle attack, a DNS + spoofing attack or a compromise of no-ip.com servers. +
++ There is no known workaround at this time. +
++ All noip-updater users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/noip-updater-2.1.9"
+ + Pidgin (formerly Gaim) is an instant messaging client for a variety of + instant messaging protocols. It is based on the libpurple instant + messaging library. +
++ Multiple vulnerabilities have been discovered in Pidgin and the + libpurple library: +
++ A remote attacker could send specially crafted messages or files using + the MSN protocol which could result in the execution of arbitrary code + or crash Pidgin. NOTE: Successful exploitation might require the + victim's interaction. Furthermore, an attacker could conduct + man-in-the-middle attacks to obtain sensitive information using bad + certificates and cause memory and disk resources to exhaust. +
++ There is no known workaround at this time. +
++ All Pidgin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.1"
+ + Scilab is a scientific software package for numerical computations. +
++ Dmitry E. Oboukhov reported an insecure temporary file usage within the + scilink, scidoc and scidem scripts. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Scilab users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-mathematics/scilab-4.1.2-r1"
+ + Net-SNMP is a collection of tools for generating and retrieving SNMP + data. +
++ Oscar Mira-Sanchez reported an integer overflow in the + netsnmp_create_subtree_cache() function in agent/snmp_agent.c when + processing GETBULK requests. +
++ A remote attacker could send a specially crafted request to crash the + SNMP server. NOTE: The attacker needs to know the community string to + exploit this vulnerability. +
++ Restrict access to trusted entities only. +
++ All Net-SNMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1"
+ + sudo allows a system administrator to give users the ability to run + commands as other users. +
++ Harald Koenig discovered that sudo incorrectly handles group + specifications in Runas_Alias (and related) entries when a group is + specified in the list (using %group syntax, to allow a user to run + commands as any member of that group) and the user is already a member + of that group. +
++ A local attacker could possibly run commands as an arbitrary system + user (including root). +
++ There is no known workaround at this time. +
++ All sudo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.0"
+ + OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
++ The Google Security Team reported that several functions incorrectly + check the result after calling the EVP_VerifyFinal() function, allowing + a malformed signature to be treated as a good signature rather than as + an error. This issue affects the signature checks on DSA and ECDSA keys + used with SSL/TLS. +
++ A remote attacker could exploit this vulnerability and spoof arbitrary + names to conduct Man-In-The-Middle attacks and intercept sensitive + information. +
++ There is no known workaround at this time. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8j"
+ + Valgrind is an open-source memory debugger. +
++ Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the + current working directory, executing commands specified there. +
++ A local attacker could prepare a specially crafted .valgrindrc file and + entice a user to run Valgrind from the directory containing that file, + resulting in the execution of arbitrary code with the privileges of the + user running Valgrind. +
++ Do not run "valgrind" from untrusted working directories. +
++ All Valgrind users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/valgrind-3.4.0"
+ + xterm is a terminal emulator for the X Window system. +
++ Paul Szabo reported an insufficient input sanitization when processing + Device Control Request Status String (DECRQSS) sequences. +
++ A remote attacker could entice a user to display a file containing + specially crafted DECRQSS sequences, possibly resulting in the remote + execution of arbitrary commands with the privileges of the user viewing + the file. +
++ There is no known workaround at this time. +
++ All xterm users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/xterm-239"
+ + KTorrent is a BitTorrent program for KDE. +
++ The web interface plugin does not restrict access to the torrent upload + functionality (CVE-2008-5905) and does not sanitize request parameters + properly (CVE-2008-5906) . +
++ A remote attacker could send specially crafted parameters to the web + interface that would allow for arbitrary torrent uploads and remote + code execution with the privileges of the KTorrent process. +
++ Disabling the web interface plugin will prevent exploitation of both + issues. Click "Plugins" in the configuration menu and uncheck the + checkbox left of "WebInterface", then apply the changes. +
++ All KTorrent users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/ktorrent-2.2.8"
+ + GNU Emacs and XEmacs are highly extensible and customizable text + editors. edit-utils are miscellaneous extensions to XEmacs. +
++ Morten Welinder reports about GNU Emacs and edit-utils in XEmacs: By + shipping a .flc accompanying a source file (.c for example) and setting + font-lock-support-mode to fast-lock-mode in the source file through + local variables, any Lisp code in the .flc file is executed without + warning (CVE-2008-2142). +
++ Romain Francoise reported a security risk in a feature of GNU Emacs + related to interacting with Python. The vulnerability arises because + Python, by default, prepends the current directory to the module search + path, allowing for arbitrary code execution when launched from a + specially crafted directory (CVE-2008-3949). +
++ Remote attackers could entice a user to open a specially crafted file + in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp + code or arbitrary Python code with the privileges of the user running + GNU Emacs or XEmacs. +
++ There is no known workaround at this time. +
++ All GNU Emacs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-22.2-r3"
+ + All edit-utils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-xemacs/edit-utils-2.39"
+ + Vinagre is a VNC Client for the GNOME Desktop. +
++ Alfredo Ortega (Core Security Technologies) reported a format string + error in the vinagre_utils_show_error() function in + src/vinagre-utils.c. +
++ A remote attacker could entice a user into opening a specially crafted + .vnc file or connecting to a malicious server, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +
++ There is no known workaround at this time. +
++ All Vinagre users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/vinagre-0.5.2"
+ + ZNC is an advanced IRC bouncer. +
++ cnu discovered multiple CRLF injection vulnerabilities in ZNC's + webadmin module. +
++ A remote authenticated attacker could modify the znc.conf configuration + file and gain privileges via newline characters in e.g. the QuitMessage + field, and possibly execute arbitrary code. +
++ There is no known workaround at this time. +
++ All ZNC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/znc-0.066"
+ + Audacity is a free cross-platform audio editor. +
++ Houssamix discovered a boundary error in the + String_parse::get_nonspace_quoted() function in + lib-src/allegro/strparse.cpp. +
++ A remote attacker could entice a user into importing a specially + crafted *.gro file, resulting in the execution of arbitrary code or a + Denial of Service. +
++ There is no known workaround at this time. +
++ All Audacity users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/audacity-1.3.6"
+ + Developer's Image Library (DevIL) is a cross-platform image library. +
++ Stefan Cornelius (Secunia Research) discovered two boundary errors + within the iGetHdrHeader() function in src-IL/src/il_hdr.c. +
++ A remote attacker could entice a user to open a specially crafted + Radiance RGBE file, possibly resulting in the execution of arbitrary + code. +
++ There is no known workaround at this time. +
++ All DevIL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/devil-1.7.7"
+ + PDFjam is a small collection of shell scripts to edit PDF documents, + including pdfnup, pdfjoin and pdf90. +
++
++ A local attacker could place a specially crafted Python module in the + current working directory or the /var/tmp directory, and entice a user + to run the PDFjam scripts, leading to the execution of arbitrary code + with the privileges of the user running the application. A local + attacker could also leverage symlink attacks to overwrite arbitrary + files. +
++ There is no known workaround at this time. +
++ All PDFjam users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/pdfjam-1.20-r1"
+ + nfs-utils contains the client and daemon implementations for the NFS + protocol. +
++ Michele Marcionelli reported that nfs-utils invokes the hosts_ctl() + function with the wrong order of arguments, which causes TCP Wrappers + to ignore netgroups. +
++ A remote attacker could bypass intended access restrictions, i.e. NFS + netgroups, and gain access to restricted services. +
++ There is no known workaround at this time. +
++ All nfs-utils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.1.3"
+ + Samba is a suite of SMB and CIFS client/server programs. +
++ Samba does not properly check memory boundaries when handling trans, + rans2, and nttrans requests. +
++ A remote attacker could send specially crafted requests to a Samba + daemon, leading to the disclosure of arbitrary memory or to a Denial of + Service. +
++ There is no known workaround at this time. +
++ All Samba users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.33"
+ + gEDA is an Electronic Design Automation tool used for electrical + circuit design. +
++ Dmitry E. Oboukhov reported an insecure temporary file usage within the + sch2eaglepos.sh script. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All gEDA users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-electronics/geda-1.4.0-r1"
+ + OpenTTD is a clone of Transport Tycoon Deluxe. +
++ Multiple buffer overflows have been reported in OpenTTD, when storing + long for client names (CVE-2008-3547), in the TruncateString function + in src/gfx.cpp (CVE-2008-3576) and in src/openttd.cpp when processing a + large filename supplied to the "-g" parameter in the ttd_main function + (CVE-2008-3577). +
++ An authenticated attacker could exploit these vulnerabilities to + execute arbitrary code with the privileges of the OpenTTD server. +
++ There is no known workaround at this time. +
++ All OpenTTD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.6.3"
+ + The Irrlicht Engine is an open source cross-platform high performance + realtime 3D engine written in C++. +
++ An unspecified component of the B3D loader is vulnerable to a buffer + overflow due to missing boundary checks. +
++ A remote attacker could entice a user to open a specially crafted .irr + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service + (crash). +
++ There is no known workaround at this time. +
++ All irrlicht users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-games/irrlicht-1.5"
+ + PyCrypto is the Python Cryptography Toolkit. +
++ Mike Wiacek of the Google Security Team reported a buffer overflow in + the ARC2 module when processing a large ARC2 key length. +
++ A remote attacker could entice a user or automated system to decrypt an + ARC2 stream in an application using PyCrypto, possibly resulting in the + execution of arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All PyCrypto users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.0.1-r8"
+ + OptiPNG is a PNG optimizer that recompresses image files to a smaller + size, without losing any information. +
++ Roy Tam reported a use-after-free vulnerability in the + GIFReadNextExtension() function in lib/pngxtern/gif/gifread.c leading + to a memory corruption when reading a GIF image. +
++ A remote attacker could entice a user to process a specially crafted + GIF image, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All OptiPNG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2-r1"
+ + MPFR is a library for multiple-precision floating-point computations + with exact rounding. +
++ Multiple buffer overflows have been reported in the mpfr_snprintf() and + mpfr_vsnprintf() functions. +
++ A remote user could exploit the vulnerability to cause a Denial of + Service in an application using MPFR via unknown vectors. +
++ There is no known workaround at this time. +
++ All MPRF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/mpfr-2.4.1"
+ + ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +
++ BIND does not properly check the return value from the OpenSSL + functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) + certificates. +
++ A remote attacker could bypass validation of the certificate chain to + spoof DNSSEC-authenticated records. +
++ There is no known workaround at this time. +
++ All BIND users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p1"
+ + GIT - the stupid content tracker, the revision control system used by + the Linux kernel team. +
++ Multiple vulnerabilities have been reported in gitweb that is part of + the git package: +
++ A remote unauthenticated attacker can execute arbitrary commands via + shell metacharacters in a query, remote attackers with write access to + a git repository configuration can execute arbitrary commands with the + privileges of the user running gitweb by modifying the diff.external + configuration variable in the repository and sending a crafted query to + gitweb. +
++ There is no known workaround at this time. +
++ All git users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/git-1.6.0.6"
+ + Epiphany is a GNOME webbrowser based on the Mozilla rendering engine + Gecko. +
++ James Vega reported an untrusted search path vulnerability in the + Python interface. +
++ A local attacker could entice a user to run Epiphany from a directory + containing a specially crafted python module, resulting in the + execution of arbitrary code with the privileges of the user running + Epiphany. +
++ Do not run "epiphany" from untrusted working directories. +
++ All Epiphany users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/epiphany-2.22.3-r2"
+ + Real VNC is a remote desktop viewer display system. +
++ An unspecified vulnerability has been discovered int the + CMsgReader::readRect() function in the VNC Viewer component, related to + the encoding type of RFB protocol data. +
++ A remote attacker could entice a user to connect to a malicious VNC + server, or leverage Man-in-the-Middle attacks, to cause the execution + of arbitrary code with the privileges of the user running the VNC + viewer. +
++ There is no known workaround at this time. +
++ All Real VNC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/vnc-4.1.3"
+ + Openswan is an implementation of IPsec for Linux. +
++ Dmitry E. Oboukhov reported that the IPSEC livetest tool does not + handle the ipseclive.conn and ipsec.olts.remote.log temporary files + securely. +
++ A local attacker could perform symlink attacks to execute arbitrary + code and overwrite arbitrary files with the privileges of the user + running the application. +
++ There is no known workaround at this time. +
++ All Openswan users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.13-r2"
+ + Xerces-C++ is a validating XML parser written in a portable subset of + C++. +
++ Frank Rast reported that the XML parser in Xerces-C++ does not + correctly handle an XML schema definition with a large maxOccurs value, + which triggers excessive memory consumption during the validation of an + XML file. +
++ A remote attacker could entice a user or automated system to validate + an XML file using a specially crafted XML schema file, leading to a + Denial of Service (stack consumption and crash). +
++ There is no known workaround at this time. +
++ All Xerces-C++ users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/xerces-c-3.0.0-r1"
+ + WebSVN is a web-based browsing tool for Subversion repositories written + in PHP. +
++
++ A remote attacker can exploit these vulnerabilities to overwrite + arbitrary files, to read changelogs or diffs for restricted projects + and to hijack a user's session. +
++ There is no known workaround at this time. +
++ All WebSVN users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/websvn-2.1.0"
+ + cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +
++ David Kierznowski reported that the redirect implementation accepts + arbitrary Location values when CURLOPT_FOLLOWLOCATION is enabled. +
++ A remote attacker could possibly exploit this vulnerability to make + remote HTTP servers trigger arbitrary requests to intranet servers and + read or overwrite arbitrary files via a redirect to a file: URL, or, if + the libssh2 USE flag is enabled, execute arbitrary commands via a + redirect to an scp: URL. +
++ There is no known workaround at this time. +
++ All cURL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.19.4"
+ + Ganglia is a scalable distributed monitoring system for clusters and + grids. +
++ Spike Spiegel reported a stack-based buffer overflow in the + process_path() function when processing overly long pathnames in + gmetad/server.c. +
++ A remote attacker could send a specially crafted request to the gmetad + service leading to the execution of arbitrary code or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All Ganglia users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/ganglia-3.1.1-r2"
+ + The Adobe Flash Player is a renderer for the popular SWF file format, + which is commonly used to provide interactive websites, digital + experiences and mobile content. +
++ Multiple vulnerabilities have been discovered in Adobe Flash Player: +
++ A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user or a Denial of Service (crash). Furthermore a + remote attacker could gain access to sensitive information, disclose + memory contents by enticing a user to open a specially crafted PDF file + inside a Flash application, modify the victim's clipboard or render it + temporarily unusable, persuade a user into uploading or downloading + files, bypass security restrictions with the assistance of the user to + gain access to camera and microphone, conduct Cross-Site Scripting and + HTTP Header Splitting attacks, bypass the "non-root domain policy" of + Flash, and gain escalated privileges. +
++ There is no known workaround at this time. +
++ All Adobe Flash Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.22.87"
+ + Shadow is a set of tools to deal with user accounts. +
++ Paul Szabo reported a race condition in the "login" executable when + setting up tty permissions. +
++ A local attacker belonging to the "utmp" group could use symlink + attacks to overwrite arbitrary files and possibly gain root privileges. +
++ There is no known workaround at this time. +
++ All Shadow users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.2.2"
+ + The Courier Authentication Library is a generic authentication API that + encapsulates the process of validating account passwords. +
++ It has been reported that some parameters used in SQL queries are not + properly sanitized before being processed when using a non-Latin locale + Postgres database. +
++ A remote attacker could send specially crafted input to an application + using the library, possibly resulting in the execution of arbitrary SQL + commands. +
++ There is no known workaround at this time. +
++ All Courier Authentication Library users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/courier-authlib-0.62.2"
+ + TMSNC is a Textbased client for the MSN instant messaging protocol. +
++ Nico Golde reported a stack-based buffer overflow when processing a MSN + packet with a UBX command containing a large UBX payload length field. +
++ A remote attacker could send a specially crafted message, possibly + resulting in the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ Since TMSNC is no longer maintained, we recommend that users unmerge + the vulnerable package and switch to another console-based MSN client + such as CenterIM or Pebrot: +
+
+ # emerge --unmerge "net-im/tmsnc"
+ + ProFTPD is an advanced and very configurable FTP server. +
++ The following vulnerabilities were reported: +
++ A remote attacker could send specially crafted requests to the server, + possibly resulting in the execution of arbitrary SQL statements. +
++ There is no known workaround at this time. +
++ All ProFTPD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.2"
+ + libpng is the official PNG reference library used to read, write and + manipulate PNG images. +
++ Multiple vulnerabilities were discovered in libpng: +
++ A remote attacker may execute arbitrary code with the privileges of the + user opening a specially crafted PNG file by exploiting the erroneous + out-of-memory handling. An attacker may also exploit the + png_check_keyword() error to set arbitrary memory locations to 0, if + the application allows overlong, user-controlled keywords when writing + PNG files. The png_handle_tEXT() vulnerability may be exploited by an + attacker to potentially consume all memory on a users system when a + specially crafted PNG file is opened. +
++ There is no known workaround at this time. +
++ All libpng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.35"
+ + BlueZ is a set of Bluetooth tools and system daemons for Linux. +
++ It has been reported that the Bluetooth packet parser does not validate + string length fields in SDP packets. +
++ A physically proximate attacker using a Bluetooth device with an + already established trust relationship could send specially crafted + requests, possibly leading to arbitrary code execution or a crash. + Exploitation may also be triggered by a local attacker registering a + service record via a UNIX socket or D-Bus interface. +
++ There is no known workaround at this time. +
++ All bluez-utils users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-3.36"
+ + All bluez-libs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/bluez-libs-3.36"
+ + Opera is a fast web browser that is available free of charge. +
++ Multiple vulnerabilities were discovered in Opera: +
++ A remote attacker could entice a user to open a specially crafted JPEG + image to cause a Denial of Service or execute arbitrary code, to + process an overly long file:// URL or to open a specially crafted web + page to execute arbitrary code. He could also read existing + subscriptions and force subscriptions to arbitrary feed URLs, as well + as inject arbitrary web script or HTML via built-in XSLT templates. +
++ There is no known workaround at this time. +
++ All Opera users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-9.64"
+ + libcdaudio is a library of CD audio related routines. +
++ A heap-based buffer overflow has been reported in the + cddb_read_disc_data() function in cddb.c when processing overly long + CDDB data. +
++ A remote attacker could entice a user to connect to a malicious CDDB + server, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All libcdaudio users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libcdaudio-0.99.12-r1"
+ + phpMyAdmin is a web-based management tool for MySQL databases. +
++ Multiple vulnerabilities have been reported in phpMyAdmin: +
++ A remote attacker may execute arbitrary code with the rights of the + webserver, inject and execute SQL with the rights of phpMyAdmin or + conduct XSS attacks against other users. +
++ There is no known workaround at this time. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.4"
+ + FFmpeg is a complete solution to record, convert and stream audio and + video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which + includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia + player which also includes a vulnerable copy of the code. +
++ Multiple vulnerabilities were found in FFmpeg: +
++ A remote attacker could entice a user to open a specially crafted media + file, possibly leading to the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All FFmpeg users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20090201"
+ + All gst-plugins-ffmpeg users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-ffmpeg-0.10.5"
+ + All Mplayer users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p28450"
+ + Amarok is an advanced music player. +
++ Tobias Klein has discovered multiple vulnerabilities in Amarok: +
++ A remote attacker could entice a user to open a specially crafted + Audible Audio (.aa) file with a large "nlen" or "vlen" tag value to + execute arbitrary code or cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All Amarok users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10-r2"
+ + Muttprint formats the output of mail clients to a good-looking printing + using LaTeX. +
++ Dmitry E. Oboukhov reported an insecure usage of the temporary file + "/tmp/muttprint.log" in the muttprint script. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Muttprint users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/muttprint-0.72d-r1"
+ + MLDonkey is a multi-network P2P application written in Ocaml, coming + with its own Gtk GUI, web and telnet interface. +
++ Michael Peselnik reported that src/utils/lib/url.ml in the web + interface of MLDonkey does not handle file names with leading double + slashes properly. +
++ A remote attacker could gain access to arbitrary files readable by the + user running the application. +
++ Disable the web interface or restrict access to it. +
++ All MLDonkey users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/mldonkey-3.0.0"
+ + Ghostscript is an interpreter for the PostScript language and the + Portable Document Format (PDF). +
++ Jan Lieskovsky from the Red Hat Security Response Team discovered the + following vulnerabilities in Ghostscript's ICC Library: +
++ A remote attacker could entice a user to open a specially crafted + PostScript file containing images and a malicious ICC profile, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application. +
++ There is no known workaround at this time. +
++ All GPL Ghostscript users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.64-r2"
+ + All GNU Ghostscript users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gnu-8.62.0"
+ + We recommend that users unmerge ESP Ghostscript and use GPL or GNU + Ghostscript instead: +
+
+ # emerge --unmerge "app-text/ghostscript-esp"
+ + For installation instructions, see above. +
++ Squid is a full-featured web proxy cache. +
++ The issues allows for Denial of Service attacks against the service via + an HTTP request with an invalid version number and other specially + crafted requests. +
++ There is no known workaround at this time. +
++ All Squid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.7.6"
+ + pam_krb5 is a a Kerberos v5 PAM module. +
++ The following vulnerabilities were discovered: +
++ A local attacker could set an environment variable to point to a + specially crafted Kerberos configuration file and launch a PAM-based + setuid application to elevate privileges, or change ownership and + overwrite arbitrary files. +
++ There is no known workaround at this time. +
++ All pam_krb5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-3.12"
+ + Analog is a a webserver log analyzer. +
++ Diego E. Petteno reported that the Analog package in Gentoo is built + with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA + 200804-02). +
++ A local attacker could place specially crafted log files into a log + directory being analyzed by analog, e.g. /var/log/apache, resulting in + a crash when being processed by the application. +
++ There is no known workaround at this time. +
++ All Analog users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/analog-6.0-r2"
+ + NOTE: Analog is now linked against the system bzip2 library. +
++ gedit is a text editor for the GNOME desktop. +
++ James Vega reported that gedit uses the current working directory when + searching for python modules, a vulnerability related to CVE-2008-5983. +
++ A local attacker could entice a user to open gedit from a specially + crafted environment, possibly resulting in the execution of arbitrary + code with the privileges of the user running the application. +
++ Do not run gedit from untrusted working directories. +
++ All gedit 2.22.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.22.3-r1"
+ + All gedit 2.24.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.24.3"
+ + Ignite Realtime Openfire is a fast real-time collaboration server. +
++ Two vulnerabilities have been reported by Federico Muttis, from CORE + IMPACT's Exploit Writing Team: +
++ Multiple vulnerabilities have been reported by Andreas Kurtz: +
++ A remote attacker could execute arbitrary code on clients' systems by + uploading a specially crafted plugin, bypassing authentication. + Additionally, an attacker could read arbitrary files on the server or + execute arbitrary SQL statements. Depending on the server's + configuration the attacker might also execute code on the server via an + SQL injection. +
++ There is no known workaround at this time. +
++ All Openfire users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/openfire-3.6.3"
+ + The GLib is a library of C routines that is used by a multitude of + programs. +
++ Diego E. Petteno` reported multiple integer overflows in glib/gbase64.c + when converting a long string from or to a base64 representation. +
++ A remote attacker could entice a user or automated system to perform a + base64 conversion via an application using GLib, possibly resulting in + the execution of arbitrary code. +
++ There is no known workaround at this time. +
++ All GLib 2.18 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.18.4-r1"
+ + All GLib 2.16 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.16.6-r1"
+ + The Gnumeric spreadsheet is a versatile application developed as part + of the GNOME Office project. +
++ James Vega reported an untrusted search path vulnerability in the + GObject Python interpreter wrapper in Gnumeric. +
++ A local attacker could entice a user to run Gnumeric from a directory + containing a specially crafted python module, resulting in the + execution of arbitrary code with the privileges of the user running + Gnumeric. +
++ Do not run "gnumeric" from untrusted working directories. +
++ All Gnumeric users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.8.4-r1"
+ + Wee Enhanced Environment for Chat (WeeChat) is a light and extensible + console IRC client. +
++ Sebastien Helleu reported an array out-of-bounds error in the colored + message handling. +
++ A remote attacker could send a specially crafted PRIVMSG command, + possibly leading to a Denial of Service (application crash). +
++ There is no known workaround at this time. +
++ All WeeChat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/weechat-0.2.6.1"
+ + ntp contains the client and daemon implementations for the Network Time + Protocol. +
++ It has been reported that ntp incorrectly checks the return value of + the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA + 200902-02). +
++ A remote attacker could exploit this vulnerability to spoof arbitrary + names to conduct Man-In-The-Middle attacks and intercept sensitive + information. +
++ There is no known workaround at this time. +
++ All ntp users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p6"
+ + The Eye of GNOME is the official image viewer for the GNOME Desktop + environment. +
++ James Vega reported an untrusted search path vulnerability in the + GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy + related to CVE-2008-5983. +
++ A local attacker could entice a user to run the Eye of GNOME from a + directory containing a specially crafted python module, resulting in + the execution of arbitrary code with the privileges of the user running + the application. +
++ Do not run "eog" from untrusted working directories. +
++ All Eye of GNOME users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3"
+ + Xpdf is a PDF file viewer that runs under the X Window System. +
++ Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" + file from the current working directory if it cannot find a ".xpdfrc" + file in the user's home directory. This is caused by a missing + definition of the SYSTEM_XPDFRC macro when compiling a repackaged + version of Xpdf. +
++ A local attacker could entice a user to run "xpdf" from a directory + containing a specially crafted "xpdfrc" file, resulting in the + execution of arbitrary code when attempting to, e.g., print a file. +
++ Do not run Xpdf from untrusted working directories. +
++ All Xpdf users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.02-r2"
+ + OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
++ The ASN1_STRING_print_ex() function does not properly check the + provided length of a BMPString or UniversalString, leading to an + invalid memory access. +
++ A remote attacker could entice a user or automated system to print a + specially crafted certificate, possibly leading to a Denial of Service. +
++ There is no known workaround at this time. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8k"
+ + MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. kadmind is the MIT Kerberos 5 administration daemon, + KDC is the Key Distribution Center. +
++ Multiple vulnerabilities have been reported in MIT Kerberos 5: +
++ A remote unauthenticated attacker could exploit the first vulnerability + to cause a Denial of Service or, in unlikely circumstances, execute + arbitrary code on the host running krb5kdc or kadmind with root + privileges and compromise the Kerberos key database. Exploitation of + the other vulnerabilities might lead to a Denial of Service in kadmind, + krb5kdc, or other daemons performing authorization against Kerberos + that utilize GSS-API or an information disclosure. +
++ There is no known workaround at this time. +
++ All MIT Kerberos 5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r6"
+ + Avahi is a system that facilitates service discovery on a local + network. +
++ Rob Leslie reported that the + originates_from_local_legacy_unicast_socket() function in + avahi-core/server.c does not account for the network byte order of a + port number when processing incoming multicast packets, leading to a + multicast packet storm. +
++ A remote attacker could send specially crafted legacy unicast mDNS + query packets to the Avahi daemon, resulting in a Denial of Service due + to network bandwidth and CPU consumption. +
++ There is no known workaround at this time. +
++ All Avahi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.24-r2"
+ + Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
++ A local attacker could escalate privileges by leveraging unintended + supplementary group memberships of the Tor process. A remote attacker + could exploit these vulnerabilities to cause a heap corruption with + unknown impact and attack vectors, to cause a Denial of Service via CPU + consuption or daemon crash, and to weaken anonymity provided by the + service. +
++ There is no known workaround at this time. +
++ All Tor users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.0.34"
+ + Wicd is an open source wired and wireless network manager for Linux. +
++ Tiziano Mueller of Gentoo discovered that the DBus configuration file + for Wicd allows arbitrary users to own the org.wicd.daemon object. +
++ A local attacker could exploit this vulnerability to receive messages + that were intended for the Wicd daemon, possibly including credentials + e.g. for wireless networks. +
++ There is no known workaround at this time. +
++ All Wicd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.5.9"
+ + Ventrilo is a Voice over IP group communication server. +
++ Luigi Auriemma reported a NULL pointer dereference in Ventrilo when + processing packets with an invalid version number followed by another + packet. +
++ A remote attacker could send specially crafted packets to the server, + resulting in a crash. +
++ There is no known workaround at this time. +
++ All Ventrilo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/ventrilo-server-bin-3.0.3"
+ + F-PROT Antivirus is a multi-platform virus scanner for workstations and + mail servers. +
++ The following vulnerabilities were found: +
++ A remote attacker could entice a user or automated system to scan a + specially crafted file, leading to a crash or infinite loop. +
++ There is no known workaround at this time. +
++ All F-PROT Antivirus users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/f-prot-6.0.2"
+ + mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and + 3. +
++ The vendor reported a signedness error in the store_id3_text() function + in id3.c, allowing for out-of-bounds memory access. +
++ A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 + (MP3) file containing a specially crafted ID3 tag, possibly resulting + in the execution of arbitrary code with the privileges of the user + running the application. +
++ There is no known workaround at this time. +
++ All mpg123 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mpg123-1.7.2"
+ + libsndfile is a C library for reading and writing files containing + sampled sound. +
++ Alin Rad Pop from Secunia Research reported an integer overflow when + processing CAF description chunks, leading to a heap-based buffer + overflow. +
++ A remote attacker could entice a user to open a specially crafted CAF + file, resulting in the remote execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All libsndfile users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.19"
+ + Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +
++ Multiple vulnerabilities have been discovered in Adobe Reader: +
++
++ A remote attacker could entice a user to open a specially crafted PDF + document, possibly leading to the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.4"
+ + udev is the device manager used in the Linux 2.6 kernel series. +
++ Sebastian Krahmer of SUSE discovered the following two vulnerabilities: +
++ A local attacker could gain root privileges by sending specially + crafted NETLINK messages to udev or cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All udev users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/udev-124-r2"
+ + LittleCMS, or short lcms, is a color management system for working with + ICC profiles. It is used by many applications including GIMP and + Firefox. +
++ RedHat reported a null-pointer dereference flaw while processing + monochrome ICC profiles (CVE-2009-0793). +
++ Chris Evans of Google discovered the following vulnerabilities: +
++ A remote attacker could entice a user or automated system to open a + specially crafted file containing a malicious ICC profile, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application or memory exhaustion, leading to a Denial + of Service condition. +
++ There is no known workaround at this time. +
++ All LittleCMS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/lcms-1.18-r1"
+ + CUPS, the Common Unix Printing System, is a full-featured print server. +
++ The following issues were reported in CUPS: +
++ A remote attacker might send or entice a user to send a specially + crafted print job to CUPS, possibly resulting in the execution of + arbitrary code with the privileges of the configured CUPS user -- by + default this is "lp", or a Denial of Service. Furthermore, the web + interface could be used to conduct DNS rebinding attacks. +
++ There is no known workaround at this time. +
++ All CUPS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10"
+ + Asterisk is an open source telephony engine and toolkit. +
++ Multiple vulnerabilities have been discovered in the IAX2 channel + driver when performing the 3-way handshake (CVE-2008-1897), when + handling a large number of POKE requests (CVE-2008-3263), when handling + authentication attempts (CVE-2008-5558) and when handling firmware + download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not + correctly handle SIP INVITE messages that lack a "From" header + (CVE-2008-2119), and responds differently to a failed login attempt + depending on whether the user account exists (CVE-2008-3903, + CVE-2009-0041). +
++ Remote unauthenticated attackers could send specially crafted data to + Asterisk, possibly resulting in a Denial of Service via a daemon crash, + call-number exhaustion, CPU or traffic consumption. Remote + unauthenticated attackers could furthermore enumerate valid usernames + to facilitate brute force login attempts. +
++ There is no known workaround at this time. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.32"
+ + Cscope is a developer's tool for browsing source code. +
++ James Peach of Apple discovered a stack-based buffer overflow in + cscope's handling of long file system paths (CVE-2009-0148). Multiple + stack-based buffer overflows were reported in the putstring function + when processing an overly long function name or symbol in a source code + file (CVE-2009-1577). +
++ A remote attacker could entice a user to open a specially crafted + source file, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Cscope users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.7a"
+ + The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 + IPsec implementation. They include racoon, an Internet Key Exchange + daemon for automatically keying IPsec connections. +
++ The following vulnerabilities have been found in the racoon daemon as + shipped with IPSec Tools: +
++ A remote attacker could send specially crafted fragmented ISAKMP + packets without a payload or exploit vectors related to X.509 + certificate authentication and NAT traversal, possibly resulting in a + crash of the racoon daemon. +
++ There is no known workaround at this time. +
++ All IPSec Tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2"
+ + GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 + protocols. +
++ The following vulnerabilities were found in GnuTLS: +
++ A remote attacker could entice a user or automated system to process a + specially crafted DSA certificate, possibly resulting in a Denial of + Service condition. NOTE: This issue might have other unspecified impact + including the execution of arbitrary code. Furthermore, a remote + attacker could spoof signatures on certificates and the "gnutls-cli" + application can be tricked into accepting an invalid certificate. +
++ There is no known workaround at this time. +
++ All GnuTLS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.6.6"
+ + FreeType is a high-quality and portable font engine. +
++ Tavis Ormandy reported multiple integer overflows in the + cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and + the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly + leading to heap or stack-based buffer overflows. +
++ A remote attacker could entice a user or automated system to open a + specially crafted font file, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application, + or a Denial of Service. +
++ There is no known workaround at this time. +
++ All FreeType users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.9-r1"
+ + acpid is a daemon for the Advanced Configuration and Power Interface + (ACPI). +
++ The acpid daemon allows opening a large number of UNIX sockets without + closing them, triggering an infinite loop. +
++ Remote attackers can cause a Denial of Service (CPU consumption and + connectivity loss). +
++ There is no known workaround at this time. +
++ All acpid users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-power/acpid-1.0.10"
+ + Pidgin (formerly Gaim) is an instant messaging client for a variety of + instant messaging protocols. +
++ Multiple vulnerabilities have been discovered in Pidgin: +
++ A remote attacker could send specially crafted messages or files using + the MSN, XMPP or QQ protocols, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application, + or a Denial of Service. NOTE: Successful exploitation might require the + victim's interaction. +
++ There is no known workaround at this time. +
++ All Pidgin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.6"
+ + NTP contains the client and daemon implementations for the Network Time + Protocol. +
++ Multiple vulnerabilities have been found in the programs included in + the NTP package: +
++ A remote attacker might send a specially crafted package to a machine + running ntpd, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running the daemon, or a Denial of + Service. NOTE: Successful exploitation requires the "autokey" feature + to be enabled. This feature is only available if NTP was built with the + 'ssl' USE flag. +
++ Furthermore, a remote attacker could entice a user into connecting to a + malicious server using ntpq, possibly resulting in the remote execution + of arbitrary code with the privileges of the user running the + application, or a Denial of Service. +
++ You can protect against CVE-2009-1252 by disabling the 'ssl' USE flag + and recompiling NTP. +
++ All NTP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7"
+ + libsndfile is a C library for reading and writing files containing + sampled sound. +
++ The following vulnerabilities have been found in libsndfile: +
++ A remote attacker could entice a user to open a specially crafted AIFF + or VOC file in a program using libsndfile, possibly resulting in the + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All libsndfile users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.20"
+ + libpng is the official PNG reference library used to read, write and + manipulate PNG images. +
++ Jeff Phillips discovered that libpng does not properly parse 1-bit + interlaced images with width values that are not divisible by 8, which + causes libpng to include uninitialized bits in certain rows of a PNG + file. +
++ A remote attacker might entice a user to open a specially crafted PNG + file, possibly resulting in the disclosure of sensitive memory + portions. +
++ There is no known workaround at this time. +
++ All libpng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.37"
+ + Ruby is an interpreted object-oriented programming language. The + elaborate standard library includes the "BigDecimal" class. +
++ Tadayoshi Funaba reported that BigDecimal in + ext/bigdecimal/bigdecimal.c does not properly handle string arguments + containing overly long numbers. +
++ A remote attacker could exploit this issue to remotely cause a Denial + of Service attack. +
++ There is no known workaround at this time. +
++ All Ruby users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p369"
+ + phpMyAdmin is a web-based management tool for MySQL databases. +
++ Multiple vulnerabilities have been reported in phpMyAdmin: +
++ A remote unauthorized attacker could exploit the first vulnerability to + execute arbitrary code with the privileges of the user running + phpMyAdmin and conduct Cross-Site Scripting attacks using the second + vulnerability. +
++ Removing the "scripts/setup.php" file protects you from CVE-2009-1151. +
++ All phpMyAdmin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.5"
+ + The Apache Tomcat JK Connector (aka mod_jk) connects the Tomcat + application server with the Apache HTTP Server. +
++ The Red Hat Security Response Team discovered that mod_jk does not + properly handle (1) requests setting the "Content-Length" header while + not providing data and (2) clients sending repeated requests very + quickly. +
++ A remote attacker could send specially crafted requests or a large + number of requests at a time, possibly resulting in the disclosure of a + response intended for another client. +
++ There is no known workaround at this time. +
++ All Apache Tomcat JK Connector users should upgrade to the latest + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27"
+ + Wireshark is a versatile network protocol analyzer. +
++ Multiple vulnerabilities have been discovered in Wireshark: +
++ A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file which can + trigger a Denial of Service (application crash or excessive CPU and + memory usage) and possibly allow for the execution of arbitrary code + with the privileges of the user running Wireshark. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"
+ + libwmf is a library for converting WMF files. +
++ The embedded fork of the GD library introduced a "use-after-free" + vulnerability in a modification which is specific to libwmf. +
++ A remote attacker could entice a user to open a specially crafted WMF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All libwmf users should upgrade to the latest version which no longer + builds the GD library: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3"
+ + ModSecurity is a popular web application firewall for the Apache HTTP + server. +
++ Multiple vulnerabilities were discovered in ModSecurity: +
++ A remote attacker might send requests containing specially crafted + multipart data or send certain requests to access a PDF file, possibly + resulting in a Denial of Service (crash) of the Apache HTTP daemon. + NOTE: The PDF XSS protection is not enabled by default. +
++ There is no known workaround at this time. +
++ All ModSecurity users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9"
+ + The Apache Portable Runtime Utility Library (aka apr-util) provides an + interface to functionality such as XML parsing, string matching and + databases connections. +
++ Multiple vulnerabilities have been discovered in the APR Utility + Library: +
++ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service (crash or memory exhaustion) via an Apache HTTP server + running mod_dav or mod_dav_svn, or using several configuration files. + Additionally, a remote attacker could disclose sensitive information or + cause a Denial of Service by sending a specially crafted input. NOTE: + Only big-endian architectures such as PPC and HPPA are affected by the + latter flaw. +
++ There is no known workaround at this time. +
++ All Apache Portable Runtime Utility Library users should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.7"
+ + The Apache HTTP server is one of the most popular web servers on the + Internet. +
++ Multiple vulnerabilities have been discovered in the Apache HTTP + server: +
++ A local attacker could circumvent restrictions put up by the server + administrator and execute arbitrary commands with the privileges of the + user running the Apache server. A remote attacker could send multiple + requests to a server with the AJP proxy module, possibly resulting in + the disclosure of a request intended for another client, or cause a + Denial of Service by sending specially crafted requests to servers + running mod_proxy_http or mod_deflate. +
++ Remove "include", "proxy_ajp", "proxy_http" and "deflate" from + APACHE2_MODULES in make.conf and rebuild Apache, or disable the + aforementioned modules in the Apache configuration. +
++ All Apache users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.11-r2"
+ + git - the stupid content tracker, the revision control system used by + the Linux kernel team. +
++ Shawn O. Pearce reported that git-daemon runs into an infinite loop + when handling requests that contain unrecognized arguments. +
++ A remote unauthenticated attacker could send a specially crafted + request to git-daemon, possibly leading to a Denial of Service (CPU + consumption). +
++ There is no known workaround at this time. +
++ All git users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/git-1.6.3.3"
+ + Adobe Reader is a PDF reader released by Adobe. +
++ Multiple vulnerabilities have been reported in Adobe Reader: +
++ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.6"
+ + ModPlug is a library for playing MOD-like music. +
++ Two vulnerabilities have been reported in ModPlug: +
++ The GStreamer Bad plug-ins (gst-plugins-bad) before 0.10.11 built a + vulnerable copy of ModPlug. +
++ A remote attacker could entice a user to read specially crafted files, + possibly resulting in the execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All ModPlug users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.7"
+ + gst-plugins-bad 0.10.11 and later versions do not include the ModPlug + plug-in (it has been moved to media-plugins/gst-plugins-modplug). All + gst-plugins-bad users should upgrade to the latest version and install + media-plugins/gst-plugins-modplug: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-bad-0.10.11"
+ # emerge --ask --verbose "media-plugins/gst-plugins-modplug"
+ + All listed packages are external kernel modules that provide drivers + for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, + the other packages by the rt2x00.serialmonkey.com project. +
++ Aviv reported an integer overflow in multiple Ralink wireless card + drivers when processing a probe request packet with a long SSID, + possibly related to an integer signedness error. +
++ A physically proximate attacker could send specially crafted packets to + a user who has wireless networking enabled, possibly resulting in the + execution of arbitrary code with root privileges. +
++ Unload the kernel modules. +
++ All external kernel modules have been masked and we recommend that + users unmerge those drivers. The Linux mainline kernel has equivalent + support for these devices and the vulnerability has been resolved in + stable versions of sys-kernel/gentoo-sources. +
+
+ # emerge --unmerge "net-wireless/rt2400"
+ # emerge --unmerge "net-wireless/rt2500"
+ # emerge --unmerge "net-wireless/rt2570"
+ # emerge --unmerge "net-wireless/rt61"
+ # emerge --unmerge "net-wireless/ralink-rt61"
+ + Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +
++ James Ralston reported that in certain situations, Cyrus-SASL does not + properly terminate strings which can result in buffer overflows when + performing Base64 encoding. +
++ A remote unauthenticated user might send specially crafted packets to a + daemon using Cyrus-SASL, possibly resulting in the execution of + arbitrary code with the privileges of the user running the daemon or a + Denial of Service. +
++ There is no known workaround at this time. +
++ All Cyrus-SASL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.23"
+ + Syslog-ng is a flexible and scalable system logger. +
++ Florian Grandel reported that Syslog-ng does not call chdir() before + chroot() which leads to an inherited file descriptor to the current + working directory. +
++ A local attacker might exploit a separate vulnerability in Syslog-ng + and use this vulnerability to escape the chroot jail. +
++ There is no known workaround at this time. +
++ All Syslog-ng 2.0 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-2.0.10"
+ + All Syslog-ng 2.1 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-2.1.3"
+ + The GStreamer plug-ins provide decoders to the GStreamer open source + media framework. +
++ Multiple vulnerabilities have been reported in several GStreamer + plug-ins: +
++ A remote attacker could entice a user or automated system using a + GStreamer plug-in to process a specially crafted file, resulting in the + execution of arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All gst-plugins-good users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-0.10.14"
+ + All gst-plugins-base users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-base-0.10.22"
+ + All gst-plugins-libpng users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-libpng-0.10.14-r1"
+ + ISC DHCP is the reference implementation of the Dynamic Host + Configuration Protocol as specified in RFC 2131. +
++ The Mandriva Linux Engineering Team has reported a stack-based buffer + overflow in the subnet-mask handling of dhclient. +
++ A remote attacker might set up a rogue DHCP server in a victim's local + network, possibly leading to the execution of arbitrary code with root + privileges. +
++ There is no known workaround at this time. +
++ All ISC DHCP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.1-r1"
+ + PulseAudio is a network-enabled sound server with an advanced plug-in + system. +
++ Tavis Ormandy and Julien Tinnes of the Google Security Team discovered + that the pulseaudio binary is installed setuid root, and does not drop + privileges before re-executing itself. The vulnerability has + independently been reported to oCERT by Yorick Koster. +
++ A local user who has write access to any directory on the file system + containing /usr/bin can exploit this vulnerability using a race + condition to execute arbitrary code with root privileges. +
++ Ensure that the file system holding /usr/bin does not contain + directories that are writable for unprivileged users. +
++ All PulseAudio users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9-r54"
+ + Rasterbar libtorrent is a C++ BitTorrent implementation focusing on + efficiency and scalability. Deluge is a BitTorrent client that ships a + copy of libtorrent. +
++ census reported a directory traversal vulnerability in + src/torrent_info.cpp that can be triggered via .torrent files. +
++ A remote attacker could entice a user or automated system using + Rasterbar libtorrent to load a specially crafted BitTorrent file to + create or overwrite arbitrary files using dot dot sequences in + filenames. +
++ There is no known workaround at this time. +
++ All Rasterbar libtorrent users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/rb_libtorrent-0.13-r1"
+ + All Deluge users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/deluge-1.1.9"
+ + Nagios is an open source host, service and network monitoring program. +
++ Multiple vulnerabilities have been reported in Nagios: +
++ A remote authenticated or unauthenticated attacker may exploit these + vulnerabilities to execute arbitrary commands or elevate privileges. +
++ There is no known workaround at this time. +
++ All Nagios users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-3.0.6-r2"
+ + NOTE: Users of the Nagios 2 branch can update to version 2.12-r1 which + contains a patch to fix CVE-2009-2288. However, that branch is not + supported upstream or in Gentoo and we are unaware whether the other + vulnerabilities affect 2.x installations. +
++ Python is an interpreted, interactive, object-oriented programming + language. +
++ Chris Evans reported multiple integer overflows in the expandtabs + method, as implemented by (1) the string_expandtabs function in + Objects/stringobject.c and (2) the unicode_expandtabs function in + Objects/unicodeobject.c. +
++ A remote attacker could exploit these vulnerabilities in Python + applications or daemons that pass user-controlled input to vulnerable + functions. The security impact is currently unknown but may include the + execution of arbitrary code or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Python 2.5 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.4-r2"
+ + All Python 2.4 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.6"
+ + OpenSC provides a set of libraries and utilities to access smart cards. +
++ Multiple vulnerabilities were found in OpenSC: +
++ The first vulnerabilty allows physically proximate attackers to bypass + intended PIN requirements and read private data objects. The second + vulnerability allows attackers to read the cleartext form of messages + that were intended to be encrypted. +
++ NOTE: Smart cards which were initialised using an affected version of + OpenSC need to be modified or re-initialised. See the vendor's advisory + for details. +
++ There is no known workaround at this time. +
++ All OpenSC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.8"
+ + ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +
++ Matthias Urlichs reported that the dns_db_findrdataset() function fails + when the prerequisite section of the dynamic update message contains a + record of type "ANY" and where at least one RRset for this FQDN exists + on the server. +
++ A remote unauthenticated attacker could send a specially crafted + dynamic update message to the BIND daemon (named), leading to a Denial + of Service (daemon crash). This vulnerability affects all primary + (master) servers -- it is not limited to those that are configured to + allow dynamic updates. +
++ Configure a firewall that performs Deep Packet Inspection to prevent + nsupdate messages from reaching named. Alternatively, expose only + secondary (slave) servers to untrusted networks. +
++ All BIND users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p3"
+ + libTIFF provides support for reading and manipulating TIFF (Tagged + Image File Format) images. +
++ Two vulnerabilities have been reported in libTIFF: +
++ A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF or the tiff2rgba and + rgb2ycbcr tools, possibly resulting in the execution of arbitrary code + with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All libTIFF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r8"
+ + Adobe Flash Player is a closed-source playback software for Flash SWF + files. Adobe Reader is a closed-source PDF reader that plays Flash + content as well. +
++ Multiple vulnerabilities have been reported in Adobe Flash Player: +
++ A remote attacker could entice a user to open a specially crafted PDF + file or web site containing Adobe Flash (SWF) contents, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application, or a Denial of Service (application + crash). Furthermore, a remote attacker could trick a user into clicking + a button on a dialog by supplying a specially crafted SWF file and + disclose sensitive information by exploiting a sandbox issue. +
++ There is no known workaround at this time. +
++ All Adobe Flash Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.32.18"
+ + All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.1.3"
+ + Subversion is a versioning system designed to be a replacement for CVS. +
++ Matt Lewis of Google reported multiple integer overflows in the + libsvn_delta library, possibly leading to heap-based buffer overflows. +
++ A remote attacker with commit access could exploit this vulnerability + by sending a specially crafted commit to a Subversion server, or a + remote attacker could entice a user to check out or update a repository + from a malicious Subversion server, possibly resulting in the execution + of arbitrary code with the privileges of the user running the server or + client. +
++ There is no known workaround at this time. +
++ All Subversion users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/subversion-1.6.4"
+ + CDF is a library for the Common Data Format which is a self-describing + data format for the storage and manipulation of scalar and + multidimensional data. It is developed by the NASA. +
++ Leon Juranic reported multiple heap-based buffer overflows for instance + in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and + CDFsel64() functions. +
++ A remote attacker could entice a user to open a specially crafted CDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All CDF users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-libs/cdf-3.3.0"
+ + Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level + interfaces to the zlib and bzip2 compression libraries. +
++ Leo Bergolth reported an off-by-one error in the inflate() function in + Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer + overflow (CVE-2009-1391). +
++ Paul Marquess discovered a similar vulnerability in the bzinflate() + function in Bzip2.xs of Compress::Raw::Bzip2 (CVE-2009-1884). +
++ A remote attacker might entice a user or automated system (for instance + running SpamAssassin or AMaViS) to process specially crafted files, + possibly resulting in a Denial of Service condition. +
++ There is no known workaround at this time. +
++ All Compress::Raw::Zlib users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=perl-core/Compress-Raw-Zlib-2.020"
+ + All Compress::Raw::Bzip2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=perl-core/Compress-Raw-Bzip2-2.020"
+ + ISC DHCP is the reference implementation of the Dynamic Host + Configuration Protocol as specified in RFC 2131. +
++ Christoph Biedl discovered that dhcpd does not properly handle certain + DHCP requests when configured both using "dhcp-client-identifier" and + "hardware ethernet". +
++ A remote attacker might send a specially crafted request to dhcpd, + possibly resulting in a Denial of Service (daemon crash). +
++ There is no known workaround at this time. +
++ All ISC DHCP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1"
+ + DokuWiki is a standards compliant Wiki system written in PHP. +
++ girex reported that data from the "config_cascade" parameter in + inc/init.php is not properly sanitized before being used. +
++ A remote attacker could exploit this vulnerability to execute PHP code + from arbitrary local, or, when the used PHP version supports ftp:// + URLs, also from remote files via FTP. Furthermore, it is possible to + disclose the contents of local files. NOTE: Successful exploitation + requires the PHP option "register_globals" to be enabled. +
++ Disable "register_globals" in php.ini. +
++ All DokuWiki users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-2009-02-14b"
+ + Dillo is a graphical web browser known for its speed and small + footprint. +
++ Tilei Wang reported an integer overflow in the Png_datainfo_callback() + function, possibly leading to a heap-based buffer overflow. +
++ A remote attacker could entice a user to open an HTML document + containing a specially crafted, large PNG image, possibly resulting in + the execution of arbitrary code with the privileges of the user running + the application. +
++ There is no known workaround at this time. +
++ All Dillo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/dillo-2.1.1"
+ + Linux-PAM (Pluggable Authentication Modules) is an architecture + allowing the separation of the development of privilege granting + software from the development of secure and appropriate authentication + schemes. +
++ Marcus Granado repoted that Linux-PAM does not properly handle user + names that contain Unicode characters. This is related to integer + signedness errors in the pam_StrTok() function in libpam/pam_misc.c. +
++ A remote attacker could exploit this vulnerability to cause a Denial of + Service. A remote authenticated attacker could exploit this + vulnerability to log in to a system with the account of a user that has + a similar user name, but with non-ASCII characters. +
++ There is no known workaround at this time. +
++ All Linux-PAM users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.0.4"
+ + libvorbis is the reference implementation of the Xiph.org Ogg Vorbis + audio file format. It is used by many applications for playback of Ogg + Vorbis files. +
++ Lucas Adamski reported that libvorbis does not correctly process file + headers, related to static mode headers and encoding books. +
++ A remote attacker could entice a user to play a specially crafted OGG + Vorbis file using an application that uses libvorbis, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All libvorbis users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.3"
+ + The Apache Portable Runtime (aka APR) provides a set of APIs for + creating platform-independent applications. The Apache Portable Runtime + Utility Library (aka APR-Util) provides an interface to functionality + such as XML parsing, string matching and databases connections. +
++ Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), + apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of + APR-Util and in memory/unix/apr_pools.c of APR, both occurring when + aligning memory blocks. +
++ A remote attacker could entice a user to connect to a malicious server + with software that uses the APR or act as a malicious client to a + server that uses the APR (such as Subversion or Apache servers), + possibly resulting in the execution of arbitrary code with the + privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Apache Portable Runtime users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.3.8"
+ + All APR Utility Library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.9"
+ + Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +
++ Multiple vulnerabilities have been found in ClamAV: +
++ A remote attacker could entice a user or automated system to process a + specially crafted UPack archive or a file containing a specially + crafted URL, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running the application, or a + Denial of Service. Furthermore, a remote attacker could cause a Denial + of Service by supplying a specially crafted TAR archive or PE + executable to a Clam AntiVirus instance. +
++ There is no known workaround at this time. +
++ All Clam AntiVirus users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.95.2"
+ + Openswan is an implementation of IPsec for Linux. +
++ Multiple vulnerabilities have been discovered in Openswan: +
++ A remote attacker could exploit these vulnerabilities by sending + specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially + crafted X.509 certificate containing a malicious Relative Distinguished + Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial + of Service of the pluto IKE daemon. +
++ There is no known workaround at this time. +
++ All Openswan users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.15"
+ + aMule is an eMule-like client for the eD2k and Kademlia networks, + supporting multiple platforms. +
++ Sam Hocevar discovered that the aMule preview function does not + properly sanitize file names. +
++ A remote attacker could entice a user to download a file with a + specially crafted file name to inject arbitrary arguments to the + victim's video player. +
++ There is no known workaround at this time. +
++ All aMule users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/amule-2.2.5"
+ + TkMan is a graphical, hypertext manual page and Texinfo browser for + UNIX. +
++ Dmitry E. Oboukhov reported that TkMan does not handle the + "/tmp/tkman#####" and "/tmp/ll" temporary files securely. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All TkMan users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/tkman-2.2-r1"
+ + The C* Music Player (cmus) is a modular and very configurable + ncurses-based audio player. +
++ Dmitry E. Oboukhov reported that cmus-status-display does not handle + the "/tmp/cmus-status" temporary file securely. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All C* music player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/cmus-2.2.0-r1"
+ + Screenie is a small screen frontend that is designed to be a session + handler. +
++ Dmitry E. Oboukhov reported that Screenie does not handle + "/tmp/.screenie.#####" temporary files securely. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All Screenie users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/screenie-1.30.0-r1"
+ + LMBench is a suite of simple, portable benchmarks for UNIX platforms. +
++ Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not + handle "/tmp/sdiff.#####" temporary files securely. NOTE: There might + be further occurances of insecure temporary file usage. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ LMBench has been removed from Portage. We recommend that users unmerge + LMBench: +
+
+ # emerge --unmerge app-benchmarks/lmbench
+ + GCC-XML is an XML output extension to the C++ front-end of GCC. +
++ Dmitry E. Oboukhov reported that find_flags in GCC-XML does not handle + "/tmp/*.cxx" temporary files securely. +
++ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All GCC-XML users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-cpp/gccxml-0.9.0_pre20090516"
+ + HTMLDOC is a HTML indexer and HTML to PS and PDF converter. +
++ ANTHRAX666 reported an insecure call to the sscanf() function in the + set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian + Security Team found two more insecure calls in the write_type1() + function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in + htmldoc/htmllib.cxx. +
++ A remote attacker could entice a user to process a specially crafted + HTML file using htmldoc, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. + NOTE: Additional vectors via specially crafted AFM font metric files do + not cross trust boundaries, as the files can only be modified by + privileged users. +
++ There is no known workaround at this time. +
++ All HTMLDOC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/htmldoc-1.8.27-r1"
+ + irssi is a modular textUI IRC client with IPv6 support. +
++ Nemo discovered an off-by-one error leading to a heap overflow in + irssi's event_wallops() parsing function. +
++ A remote attacker might entice a user to connect to a malicious IRC + server, use a man-in-the-middle attack to redirect a user to such a + server or use ircop rights to send a specially crafted WALLOPS message, + which might result in the execution of arbitrary code with the + privileges of the user running irssi. +
++ There is no known workaround at this time. +
++ All irssi users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/irssi-0.8.13-r1"
+ + Horde is a web application framework written in PHP. Horde IMP, the + "Internet Messaging Program", is a Webmail module and Horde Passwd is a + password changing module for Horde. +
++ Multiple vulnerabilities have been discovered in Horde: +
++ Horde Passwd: David Wharton reported that data sent via the "backend" + parameter to passwd/main.php is not properly sanitized before used in + the output (CVE-2009-2360). +
++ Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, + and message.php is not properly sanitized before used in the output + (CVE-2009-0930). +
++ A remote authenticated attacker could exploit these vulnerabilities to + execute arbitrary PHP files on the server, or disclose the content of + arbitrary files, both only if the file is readable to the web server. A + remote authenticated attacker could conduct Cross-Site Scripting + attacks. NOTE: Some Cross-Site Scripting vectors are limited to the + usage of Microsoft Internet Explorer. +
++ There is no known workaround at this time. +
++ All Horde users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-3.3.4"
+ + All Horde IMP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-4.3.4"
+ + All Horde Passwd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-passwd-3.1.1"
+ + Lynx is a fully-featured WWW client for users running + cursor-addressable, character-cell display devices such as vt100 + terminals and terminal emulators. +
++ Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) + only disabled the lynxcgi:// handler when not using the advanced mode. +
++ A remote attacker can entice a user to access a malicious HTTP server, + causing Lynx to execute arbitrary commands. NOTE: The advanced mode is + not enabled by default. Successful exploitation requires the + "lynxcgi://" protocol to be registered with lynx on the victim's + system. +
++ There is no known workaround at this time. +
++ All Lynx users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.6-r4"
+ + Wireshark is a versatile network protocol analyzer. +
++ Multiple vulnerabilities were discovered in Wireshark: +
++ A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file to cause a + Denial of Service. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.1"
+ + ZNC is an advanced IRC bouncer. +
++ The vendor reported a directory traversal vulnerability when processing + DCC SEND requests. +
++ A remote, authenticated user could send a specially crafted DCC SEND + request to overwrite arbitrary files with the privileges of the user + running ZNC, and possibly cause the execution of arbitrary code e.g. by + uploading a malicious ZNC module. +
++ There is no known workaround at this time. +
++ All ZNC users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/znc-0.074"
+ + nginx is a robust, small and high performance HTTP and reverse proxy + server. +
++ Chris Ries reported a heap-based buffer underflow in the + ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when + parsing the request URI. +
++ A remote attacker might send a specially crafted request URI to a nginx + server, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the server, or a Denial of + Service. NOTE: By default, nginx runs as the "nginx" user. +
++ There is no known workaround at this time. +
++ All nginx 0.5.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-0.5.38"
+ + All nginx 0.6.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-0.6.39"
+ + All nginx 0.7.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-0.7.62"
+ + Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP + server. It includes support for Trivial FTP (TFTP). +
++ Multiple vulnerabilities have been reported in the TFTP functionality + included in Dnsmasq: +
++ A remote attacker in the local network could exploit these + vulnerabilities by sending specially crafted TFTP requests to a machine + running Dnsmasq, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the daemon, or a + Denial of Service. NOTE: The TFTP server is not enabled by default. +
++ You can disable the TFTP server either at buildtime by not enabling the + "tftp" USE flag, or at runtime. Make sure "--enable-tftp" is not set in + the DNSMASQ_OPTS variable in the /etc/conf.d/dnsmasq file and + "enable-tftp" is not set in /etc/dnsmasq.conf, either of which would + enable TFTP support if it is compiled in. +
++ All Dnsmasq users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.5.0"
+ + cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +
++ Scott Cantor reported that cURL does not properly handle fields in + X.509 certificates that contain an ASCII NUL (\0) character. + Specifically, the processing of such fields is stopped at the first + occurence of a NUL character. This type of vulnerability was recently + discovered by Dan Kaminsky and Moxie Marlinspike. +
++ A remote attacker might employ a specially crafted X.509 certificate + (that for instance contains a NUL character in the Common Name field) + to conduct man-in-the-middle attacks. +
++ There is no known workaround at this time. +
++ All cURL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.19.6"
+ + GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
++ The vendor reported that Wget does not properly handle Common Name (CN) + fields in X.509 certificates that contain an ASCII NUL (\0) character. + Specifically, the processing of such fields is stopped at the first + occurrence of a NUL character. This type of vulnerability was recently + discovered by Dan Kaminsky and Moxie Marlinspike. +
++ A remote attacker might employ a specially crafted X.509 certificate, + containing a NUL character in the Common Name field to conduct + man-in-the-middle attacks on SSL connections made using Wget. +
++ There is no known workaround at this time. +
++ All Wget users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.12"
+ + Pidgin is a client for a variety of instant messaging protocols. +
++ Multiple vulnerabilities were found in Pidgin: +
++ A remote attacker could send specially crafted SLP (via MSN) or ICQ web + messages, possibly leading to execution of arbitrary code with the + privileges of the user running Pidgin, unauthorized information + disclosure, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Pidgin users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.9-r1"
+ + Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +
++ Multiple vulnerabilities were discovered in Adobe Reader. For further + information please consult the CVE entries and the Adobe Security + Bulletin referenced below. +
++ A remote attacker might entice a user to open a specially crafted PDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, Denial of Service, the + creation of arbitrary files on the victim's system, "Trust Manager" + bypass, or social engineering attacks. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.2"
+ + Horde is a web application framework written in PHP. +
++ Multiple vulnerabilities have been discovered in Horde: +
++ A remote authenticated attacker could exploit these vulnerabilities to + overwrite arbitrary files on the server, provided that the user has + write permissions. A remote authenticated attacker could conduct + Cross-Site Scripting attacks. +
++ There is no known workaround at this time. +
++ All Horde users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-3.3.5"
+ + All Horde webmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-webmail-1.2.4"
+ + All Horde groupware users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/horde-groupware-1.2.4"
+ + The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +
++ Multiple vulnerabilities have been reported in the Sun Java + implementation. Please review the CVE identifiers referenced below and + the associated Sun Alerts for details. +
++ A remote attacker could entice a user to open a specially crafted JAR + archive, applet, or Java Web Start application, possibly resulting in + the execution of arbitrary code with the privileges of the user running + the application. Furthermore, a remote attacker could cause a Denial of + Service affecting multiple services via several vectors, disclose + information and memory contents, write or execute local files, conduct + session hijacking attacks via GIFAR files, steal cookies, bypass the + same-origin policy, load untrusted JAR files, establish network + connections to arbitrary hosts and posts via several vectors, modify + the list of supported graphics configurations, bypass HMAC-based + authentication systems, escalate privileges via several vectors and + cause applet code to be executed with older, possibly vulnerable + versions of the JRE. +
++ NOTE: Some vulnerabilities require a trusted environment, user + interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. +
++ There is no known workaround at this time. +
++ All Sun JRE 1.5.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.5.0.22"
+ + All Sun JRE 1.6.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.17"
+ + All Sun JDK 1.5.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.5.0.22"
+ + All Sun JDK 1.6.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.17"
+ + All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.22"
+ + All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.17"
+ + All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and + precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge + Java 1.4: +
+
+ # emerge --unmerge =app-emulation/emul-linux-x86-java-1.4*
+ # emerge --unmerge =dev-java/sun-jre-bin-1.4*
+ # emerge --unmerge =dev-java/sun-jdk-1.4*
+ # emerge --unmerge dev-java/blackdown-jdk
+ # emerge --unmerge dev-java/blackdown-jre
+ + Gentoo is ceasing support for the 1.4 generation of the Sun Java + Platform in accordance with upstream. All 1.4 JRE and JDK versions are + masked and will be removed shortly. +
++ The UW IMAP toolkit is a daemon for the IMAP and POP3 network mail + protocols. The c-client library provides an API for IMAP, POP3 and + other protocols. +
++ Multiple vulnerabilities were found in the UW IMAP toolkit: +
++ A remote attacker could send an e-mail to a destination mailbox name + composed of a username and '+' character followed by a long string, + possibly leading to the execution of arbitrary code. A local attacker + could gain privileges by specifying a long folder extension argument to + the tmail or dmail program. Furthermore, a remote attacker could send a + specially crafted mail message to the UW IMAP toolkit or another daemon + using the c-client library, leading to a Denial of Service. A remote + SMTP server could respond to the QUIT command with a close of the TCP + connection instead of the expected 221 response code, possibly leading + to a Denial of Service. +
++ There is no known workaround at this time. +
++ All c-client library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/c-client-2007e"
+ + All UW IMAP toolkit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2007e"
+ + dstat is a versatile system resource monitor written in Python. +
++ Robert Buchholz of the Gentoo Security Team reported that dstat + includes the current working directory and subdirectories in the Python + module search path (sys.path) before calling "import". +
++ A local attacker could entice a user to run "dstat" from a directory + containing a specially crafted Python module, resulting in the + execution of arbitrary code with the privileges of the user running the + application. +
++ Do not run "dstat" from untrusted working directories. +
++ All dstat users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dstat-0.6.9-r1"
+ + Wireshark is a versatile network protocol analyzer. +
++ Multiple vulnerabilities have been discovered in Wireshark: +
++ A remote attacker could entice a user to open a specially crafted "erf" + file using Wireshark, possibly resulting in the execution of arbitrary + code with the privileges of the user running the application. A remote + attacker could furthermore send specially crafted packets on a network + being monitored by Wireshark or entice a user to open a malformed + packet trace file using Wireshark, possibly resulting in a Denial of + Service. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.3"
+ + PEAR Net_Traceroute is an OS independent wrapper class for executing + traceroute calls from PHP. +
++ Pasquale Imperato reported that the $host parameter to the traceroute() + function in Traceroute.php is not properly sanitized before being + passed to exec(). +
++ A remote attacker could exploit this vulnerability when user input is + passed directly to PEAR Net_Traceroute in a PHP script, possibly + resulting in the remote execution of arbitrary shell commands with the + privileges of the user running the affected PHP script. +
++ Ensure that all data that is passed to the traceroute() function is + properly shell escaped (for instance using the escapeshellcmd() + function). +
++ All PEAR Net_Traceroute users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Net_Traceroute-0.21.2"
+ + OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
++ Multiple vulnerabilities have been reported in OpenSSL: +
++ A remote unauthenticated attacker, acting as a Man in the Middle, could + inject arbitrary plain text into a TLS session, possibly leading to the + ability to send requests as if authenticated as the victim. A remote + attacker could furthermore send specially crafted DTLS packages to a + service using OpenSSL for DTLS support, possibly resulting in a Denial + of Service. Also, a remote attacker might be able to create rogue + certificates, facilitated by a MD2 collision. NOTE: The amount of + computation needed for this attack is still very large. +
++ There is no known workaround at this time. +
++ All OpenSSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8l-r2"
+ + Ruby on Rails is a web-application and persistence framework. +
++ The following vulnerabilities were discovered: +
++ A remote attacker could send specially crafted requests to a vulnerable + application, possibly leading to the execution of arbitrary SQL + statements or a circumvention of access control. A remote attacker + could also conduct session fixation attacks to hijack a user's session + or bypass the CSRF protection mechanism, or furthermore conduct + Cross-Site Scripting attacks or forge a digest via multiple attempts. +
++ There is no known workaround at this time. +
++ All Ruby on Rails 2.3.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rails-2.3.5"
+ + All Ruby on Rails 2.2.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "=dev-ruby/rails-2.2.3-r1"
+ + NOTE: All applications using Ruby on Rails should also be configured to + use the latest version available by running "rake rails:update" inside + the application directory. +
++ NTP is a set of the Network Time Protocol programs. +
++ Robin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd + does not handle MODE_PRIVATE packets correctly, causing a continuous + exchange of MODE_PRIVATE error responses between two NTP daemons or + causing high CPU load on a single host. +
++ A remote, unauthenticated attacker could send a specially crafted + MODE_PRIVATE packet, allowing for a Denial of Service condition (CPU + and bandwidth consumption). +
++ There is no known workaround at this time. +
++ All NTP users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7-r1"
+ + The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
++ Multiple vulnerabilities have been discovered in Adobe Flash Player: +
++ A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service via unknown vectors. +
++ There is no known workaround at this time. +
++ All Adobe Flash Player users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.42.34"
+ + PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
++ Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below and the associated PHP release notes + for details. +
++ A context-dependent attacker could execute arbitrary code via a + specially crafted string containing an HTML entity when the mbstring + extension is enabled. Furthermore a remote attacker could execute + arbitrary code via a specially crafted GD graphics file. +
++ A remote attacker could also cause a Denial of Service via a malformed + string passed to the json_decode() function, via a specially crafted + ZIP file passed to the php_zip_make_relative_path() function, via a + malformed JPEG image passed to the exif_read_data() function, or via + temporary file exhaustion. It is also possible for an attacker to spoof + certificates, bypass various safe_mode and open_basedir restrictions + when certain criteria are met, perform Cross-site scripting attacks, + more easily perform SQL injection attacks, manipulate settings of other + virtual hosts on the same server via a malicious .htaccess entry when + running on Apache, disclose memory portions, and write arbitrary files + via a specially crafted ZIP archive. Some vulnerabilities with unknown + impact and attack vectors have been reported as well. +
++ There is no known workaround at this time. +
++ All PHP users should upgrade to the latest version. As PHP is + statically linked against a vulnerable version of the c-client library + when the imap or kolab USE flag is enabled (GLSA 200911-03), users + should upgrade net-libs/c-client beforehand: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/c-client-2007e"
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.12"
+ + The VirtualBox family provides powerful x86 virtualization products. +
++ Thomas Biege of SUSE discovered multiple vulnerabilities: +
++ A local, unprivileged attacker with the permission to run VirtualBox + could gain root privileges. A guest OS local user could cause a Denial + of Service (memory consumption) on the guest OS via unknown vectors. +
++ There is no known workaround at this time. +
++ All users of the binary version of VirtualBox should upgrade to the + latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-bin-3.0.12"
+ + All users of the Open Source version of VirtualBox should upgrade to + the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-3.0.12"
+ + All users of the binary VirtualBox Guest Additions should upgrade to + the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-guest-additions-3.0.12"
+ + All users of the Open Source VirtualBox Guest Additions should upgrade + to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-additions-3.0.12"
+ + net-snmp bundles software for generating and retrieving SNMP data. +
++ The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when + using TCP wrappers for client authorization, does not properly parse + hosts.allow rules. +
++ A remote, unauthenticated attacker could bypass the ACL filtering, + possibly resulting in the execution of arbitrary SNMP queries. +
++ If possible, protect net-snmp with custom iptables rules: +
+
+ iptables -s [client] -d [host] -p udp --dport 161 -j ACCEPT
+ iptables -s 0.0.0.0/0 -d [host] -p udp --dport 161 -j DROP
+ + All net-snmp users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1-r1"
+ + aria2 is a download utility with resuming and segmented downloading + with HTTP/HTTPS/FTP/BitTorrent support. +
++ Tatsuhiro Tsujikawa reported a buffer overflow in + DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string + vulnerability in the AbstractCommand::onAbort() function in + src/AbstractCommand.cc (CVE-2009-3617). +
++ A remote, unauthenticated attacker could possibly execute arbitrary + code with the privileges of the user running the application or cause a + Denial of Service (application crash). +
++ Do not use DHT (CVE-2009-3575) and disable logging (CVE-2009-3617). +
++ All aria2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/aria2-1.6.3"
+ + Blender is a 3D Creation/Animation/Publishing System. +
++ Steffen Joeris reported that Blender's BPY_interface calls + PySys_SetArgv() in such a way that Python prepends sys.path with an + empty string. +
++ A local attacker could entice a user to run "blender" from a directory + containing a specially crafted Python module, resulting in the + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All Blender users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.48a-r3"
+ + SquirrelMail is a standards-based webmail package written in PHP. +
++ Multiple vulnerabilities were found in SquirrelMail: +
++ The vulnerabilities allow remote attackers to execute arbitrary code + with the privileges of the user running the web server, to hijack web + sessions via a crafted cookie, to spoof the user interface and to + conduct Cross-Site Scripting and phishing attacks, via a specially + crafted message. +
++ There is no known workaround at this time. +
++ All SquirrelMail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.19"
+ + Ruby is an interpreted scripting language for quick and easy + object-oriented programming. It comes bundled with a HTTP server + ("WEBrick"). +
++ Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported + that WEBrick does not filter terminal control characters, for instance + when handling HTTP logs. +
++ A remote attacker could send a specially crafted HTTP request to a + WEBrick server to inject arbitrary terminal control characters, + possibly resulting in the execution of arbitrary commands, data loss, + or other unspecified impact. This could also be used to facilitate + other attacks. +
++ There is no known workaround at this time. +
++ All Ruby 1.8.7 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.7_p249"
+ + All Ruby 1.8.6 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p388"
+ + sudo allows a system administrator to give users the ability to run + commands as other users. +
++ Multiple vulnerabilities have been discovered in sudo: +
++ A local attacker with privileges to use "sudoedit" or the privilege to + execute commands with the "runas_default" setting enabled could + leverage these vulnerabilities to execute arbitrary code with elevated + privileges. +
++ CVE-2010-0426: Revoke all "sudoedit" privileges, or use the full path + to sudoedit. CVE-2010-0427: Remove all occurrences of the + "runas_default" setting. +
++ All sudo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.2_p4"
+ + FreeType is a True Type Font rendering library. +
++ Multiple issues found in FreeType 2 were also discovered in FreeType 1. + For details on these issues, please review the Gentoo Linux Security + Advisories and CVE identifiers referenced below. +
++ A remote attacker could entice a user to open a specially crafted TTF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running FreeType. +
++ There is no known workaround at this time. +
++ All FreeType 1 users should upgrade to an unaffected version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-1.4_pre20080316-r2"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 27, 2009. It is likely that your system is already + no longer affected by this issue. +
++ CamlImages is an image processing library for Objective Caml. +
++ Tielei Wang reported multiple integer overflows, possibly leading to + heap-based buffer overflows in the (1) read_png_file() and + read_png_file_as_rgb24() functions, when processing a PNG image + (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing + GIF or JPEG images (CVE-2009-2660). +
++ Other integer overflows were also found in tiffread.c (CVE-2009-3296). +
++ A remote attacker could entice a user to open a specially crafted, + overly large PNG, GIF, TIFF, or JPEG image using an application that + uses the CamlImages library, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +
++ There is no known workaround at this time. +
++ All CamlImages users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose =dev-ml/camlimages-3.0.2
+ + ImageMagick is a collection of tools and libraries for manipulating + various image formats. +
++ Tielei Wang has discovered that the XMakeImage() function in + magick/xwindow.c is prone to an integer overflow, possibly leading to a + buffer overflow. +
++ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or a Denial of + Service. +
++ There is no known workaround at this time. +
++ All ImageMagick users should upgrade to an unaffected version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.5.2.9"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since June 4, 2009. It is likely that your system is already + no longer affected by this issue. +
++ xine-lib is the core library package for the xine media player, and + other players such as Amarok, Codeine/Dragon Player and Kaffeine. +
++ Multiple vulnerabilities have been reported in xine-lib. Please review + the CVE identifiers referenced below for details. +
++ A remote attacker could entice a user to play a specially crafted video + file or stream with a player using xine-lib, potentially resulting in + the execution of arbitrary code with the privileges of the user running + the application. +
++ There is no known workaround at this time. +
++ All xine-lib users should upgrade to an unaffected version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.16.3"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 10, 2009. It is likely that your system is + already no longer affected by this issue. +
++ Wireshark is a versatile network protocol analyzer. +
++ Multiple vulnerabilities were found in the Daintree SNA file parser, + the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information + please consult the CVE entries referenced below. +
++ A remote attacker could cause a Denial of Service and possibly execute + arbitrary code via crafted packets or malformed packet trace files. +
++ There is no known workaround at this time. +
++ All Wireshark users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.8-r1"
+ + Transmission is a cross-platform BitTorrent client. +
++ Multiple stack-based buffer overflows in the tr_magnetParse() function + in libtransmission/magnet.c have been discovered. +
++ A remote attacker could cause a Denial of Service or possibly execute + arbitrary code via a crafted magnet URL with a large number of tr or ws + links. +
++ There is no known workaround at this time. +
++ All Transmission users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/transmission-1.92"
+ + SILC (Secure Internet Live Conferencing protocol) Toolkit is a software + development kit for use in clients, and SILC Client is an IRSSI-based + text client. +
++ Multiple vulnerabilities were discovered in SILC Toolkit and SILC + Client. For further information please consult the CVE entries + referenced below. +
++ A remote attacker could overwrite stack locations and possibly execute + arbitrary code via a crafted OID value, Content-Length header or format + string specifiers in a nickname field or channel name. +
++ There is no known workaround at this time. +
++ All SILC Toolkit users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.10"
+ + All SILC Client users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/silc-client-1.1.8"
+ + nano is a GNU GPL'd Pico clone with more functionality. +
++ Multiple race condition vulnerabilities have been discovered in nano. + For further information please consult the CVE entries referenced + below. +
++ Under certain conditions, a local, user-assisted attacker could + possibly overwrite arbitrary files via a symlink attack on an + attacker-owned file that is being edited by the victim, or change the + ownership of arbitrary files. +
++ There is no known workaround at this time. +
++ All nano users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/nano-2.2.4"
+ + sudo allows a system administrator to give users the ability to run + commands as other users. +
++ The command matching functionality does not properly handle when a file + in the current working directory has the same name as a pseudo-command + in the sudoers file and the PATH contains an entry for ".". +
++ A local attacker with the permission to run sudoedit could, under + certain circumstances, execute arbitrary commands as whichever user he + has permission to run sudoedit as, typically root. +
++ There is no known workaround at this time. +
++ All sudo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.2_p6"
+ + multipath-tools are used to drive the Device Mapper multipathing + driver. +
++ multipath-tools uses world-writable permissions for the socket file + (/var/run/multipathd.sock). +
++ Local users could send arbitrary commands to the multipath daemon, + causing cluster failures and data loss. +
++ chmod o-rwx /var/run/multipath.sock +
++ All multipath-tools users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.4.8-r1"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 13, 2009. It is likely that your system is + already no longer affected by this issue. +
++ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +
++ Multiple cache poisoning vulnerabilities were discovered in BIND. For + further information please consult the CVE entries and the ISC Security + Bulletin referenced below. +
++ Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete + fix and a regression for CVE-2009-4022. +
++ An attacker could exploit this weakness to poison the cache of a + recursive resolver and thus spoof DNS traffic, which could e.g. lead to + the redirection of web or mail traffic to malicious sites. +
++ There is no known workaround at this time. +
++ All BIND users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p5"
+ + Fetchmail is a remote mail retrieval and forwarding utility. +
++ Multiple vulnerabilities have been reported in Fetchmail: +
++ A remote attacker could entice a user to connect with Fetchmail to a + specially crafted SSL-enabled server in verbose mode, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application. NOTE: The issue is only existent on + platforms on which char is signed. +
++ Furthermore, a remote attacker might employ a specially crafted X.509 + certificate, containing a NUL character in the Common Name field to + conduct man-in-the-middle attacks on SSL connections made using + Fetchmail. +
++ There is no known workaround at this time. +
++ All Fetchmail users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.3.14"
+ + Smarty is a template engine for PHP. +
++ Multiple vulnerabilities have been discovered in Smarty: +
++ These issues might allow a remote attacker to execute arbitrary PHP + code. +
++ There is no known workaround at this time. +
++ All Smarty users should upgrade to an unaffected version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.23"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since June 2, 2009. It is likely that your system is already + no longer affected by this issue. +
++ Newt is a library for displaying text mode user interfaces. +
++ Miroslav Lichvar reported that Newt is prone to a heap-based buffer + overflow in textbox.c. +
++ A remote attacker could entice a user to enter a specially crafted + string into a text dialog box rendered by Newt, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application, or a Denial of Service condition. +
++ There is no known workaround at this time. +
++ All Newt users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/newt-0.52.10-r1"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 26, 2009. It is likely that your system is + already no longer affected by this issue. +
++ XEmacs is a highly extensible and customizable text editor. +
++ Tielei Wang reported multiple integer overflow vulnerabilities in the + tiff_instantiate(), png_instantiate() and jpeg_instantiate() functions + in glyphs-eimage.c, all possibly leading to heap-based buffer + overflows. +
++ A remote attacker could entice a user to open a specially crafted TIFF, + JPEG or PNG file using XEmacs, possibly resulting in the remote + execution of arbitrary code with the privileges of the user running the + application, or a Denial of Service condition. +
++ There is no known workaround at this time. +
++ All XEmacs users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/xemacs-21.4.22-r1"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 26, 2009. It is likely that your system is already + no longer affected by this issue. +
++ GD is a graphic library for fast image creation. +
++ Tomas Hoger reported that the _gdGetColors() function in gd_gd.c does + not properly verify the colorsTotal struct member, possibly leading to + a buffer overflow. +
++ A remote attacker could entice a user to open a specially crafted image + file with a program using the GD library, possibly resulting in the + remote execution of arbitrary code with the privileges of the user + running the application, or a Denial of Service condition. +
++ There is no known workaround at this time. +
++ All GD users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gd-2.0.35-r1"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 21, 2009. It is likely that your system is + already no longer affected by this issue. +
++ lighttpd is a lightweight high-performance web server. +
++ Li Ming reported that lighttpd does not properly process packets that + are sent overly slow. +
++ A remote attacker might send specially crafted packets to a server + running lighttpd, possibly resulting in a Denial of Service condition + via host memory exhaustion. +
++ There is no known workaround at this time. +
++ All lighttpd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.25-r1"
+ + The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and + the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) + provide the Oracle Java platform (formerly known as Sun Java Platform). +
++ Multiple vulnerabilities have been reported in the Oracle Java + implementation. Please review the CVE identifiers referenced below and + the associated Oracle Critical Patch Update Advisory for details. +
++ A remote attacker could exploit these vulnerabilities to cause + unspecified impact, possibly including remote execution of arbitrary + code. +
++ There is no known workaround at this time. +
++ All Oracle JRE 1.6.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20"
+ + All Oracle JDK 1.6.x users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20"
+ + All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to + the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20"
+ + All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle + JRE 1.5.x users are strongly advised to unmerge Java 1.5: +
+
+ # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*
+ # emerge --unmerge =dev-java/sun-jre-bin-1.5*
+ # emerge --unmerge =dev-java/sun-jdk-1.5*
+ + Gentoo is ceasing support for the 1.5 generation of the Oracle Java + Platform in accordance with upstream. All 1.5 JRE versions are masked + and will be removed shortly. All 1.5 JDK versions are marked as + "build-only" and will be masked for removal shortly. Users are advised + to change their default user and system Java implementation to an + unaffected version. For example: +
+
+ # java-config --set-system-vm sun-jdk-1.6
+ + For more information, please consult the Gentoo Linux Java + documentation. +
++ Bugzilla is a bug tracking system from the Mozilla project. +
++ Multiple vulnerabilities have been reported in Bugzilla. Please review + the CVE identifiers referenced below for details. +
++ A remote attacker might be able to disclose local files, bug + information, passwords, and other data under certain circumstances. + Furthermore, a remote attacker could conduct SQL injection, Cross-Site + Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via + various vectors. +
++ There is no known workaround at this time. +
++ All Bugzilla users should upgrade to an unaffected version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.2.6"
+ + Bugzilla 2.x and 3.0 have reached their end of life. There will be no + more security updates. All Bugzilla 2.x and 3.0 users should update to + a supported Bugzilla 3.x version. +
++ Asterisk is an open source telephony engine and toolkit. +
++ Multiple vulnerabilities have been reported in Asterisk: +
++ A remote attacker could exploit these vulnerabilities by sending a + specially crafted package, possibly causing a Denial of Service + condition, or resulting in information disclosure. +
++ There is no known workaround at this time. +
++ All Asterisk users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.37"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 5, 2010. It is likely that your system is + already no longer affected by this issue. +
++ UnrealIRCd is an Internet Relay Chat (IRC) daemon. +
++ Multiple vulnerabilities have been reported in UnrealIRCd: +
++ A remote attacker could exploit these vulnerabilities to cause the + execution of arbitrary commands with the privileges of the user running + UnrealIRCd, or a Denial of Service condition. NOTE: By default + UnrealIRCd on Gentoo is run with the privileges of the "unrealircd" + user. +
++ There is no known workaround at this time. +
++ All UnrealIRCd users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/unrealircd-3.2.8.1-r1"
+ + wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI + toolkit. +
++ wxGTK is prone to an integer overflow error in the wxImage::Create() + function in src/common/image.cpp, possibly leading to a heap-based + buffer overflow. +
++ A remote attacker might entice a user to open a specially crafted JPEG + file using a program that uses wxGTK, possibly resulting in the remote + execution of arbitrary code with the privileges of the user running the + application. +
++ There is no known workaround at this time. +
++ All wxGTK 2.6 users should upgrade to an updated version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/wxGTK-2.6.4.0-r5"
+ + All wxGTK 2.8 users should upgrade to an updated version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/wxGTK-2.8.10.1-r1"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 9, 2009. It is likely that your system is + already no longer affected by this issue. +
++ maildrop is the mail filter/mail delivery agent that is used by the + Courier Mail Server. +
++ Christoph Anton Mitterer reported that maildrop does not properly drop + its privileges when run as root. +
++ A local attacker could create a specially crafted .mailfilter file, + possibly leading to the execution of arbitrary commands with the "root" + group privileges. NOTE: Successful exploitation requires that maildrop + is run as root with the -d option. +
++ There is no known workaround at this time. +
++ All maildrop users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/maildrop-2.4.2"
+ + sudo allows a system administrator to give users the ability to run + commands as other users. +
++ Multiple vulnerabilities have been reported in sudo: +
++ A local attacker could exploit these vulnerabilities to gain the + ability to run certain commands with the privileges of other users, + including root, depending on the configuration. +
++ There is no known workaround at this time. +
++ All sudo users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.4_p3-r1"
+ + SARG is the Squid Analysis Report Generator. +
++ Multiple vulnerabilities were discovered in SARG. For further + information please consult the CVE entries referenced below. +
++ These vulnerabilities might allow attackers to execute arbitrary code + via unknown vectors. +
++ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 18, 2009. It is likely that your system is + already no longer affected by this issue. +
++ There is no known workaround at this time. +
++ All SARG users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5-r5"
+ + Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +
++ Multiple vulnerabilities were discovered in Adobe Reader. For further + information please consult the CVE entries and the Adobe Security + Bulletins referenced below. +
++ A remote attacker might entice a user to open a specially crafted PDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or bypass intended + sandbox restrictions, make cross-domain requests, inject arbitrary web + script or HTML, or cause a Denial of Service condition. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
+ + Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +
++ Multiple vulnerabilities were discovered in Clam AntiVirus. For further + information, please consult the CVE entries referenced below. +
++ A remote attacker could possibly bypass virus detection or cause a + Denial of Service. +
++ There is no known workaround at this time. +
++ All Clam AntiVirus users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.96.1"
+ + libxml2 is a library to manipulate XML files. +
++ The following vulnerabilities were reported after a test with the + Codenomicon XML fuzzing framework: +
++ A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2 + resulting in a Denial of Service condition. +
++ There is no known workaround at this time. +
++ All libxml2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.3-r2"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 30, 2009. It is likely that your system is + already no longer affected by this issue. +
++ python-updater is a script used to remerge python packages when + changing Python version. +
++ Robert Buchholz of the Gentoo Security Team reported that + python-updater includes the current working directory and + subdirectories in the Python module search path (sys.path) before + calling "import". +
++ A local attacker could entice the root user to run "python-updater" + from a directory containing a specially crafted Python module, + resulting in the execution of arbitrary code with root privileges. +
++ Do not run "python-updater" from untrusted working directories. +
++ All python-updater users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/python-updater-0.7-r1"
+ + fence is an I/O group fencing system. +
++ The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual + (CVE-2008-4580) programs contain symlink vulnerabilities. +
++ These vulnerabilities may allow arbitrary files to be overwritten with + root privileges. +
++ There is no known workaround at this time. +
++ Gentoo discontinued support for fence. All fence users should uninstall + and choose another software that provides the same functionality. +
+
+ # emerge --unmerge sys-cluster/fence
+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +
+Multiple vulnerabilities were found in libpng:
+ +An attacker could exploit these vulnerabilities to cause programs linked + against the library to crash or execute arbitrary code with the + permissions of the user running the vulnerable program, which could be + the root user. +
+There is no known workaround at this time.
+ +All libpng 1.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3"
+
+
+ All libpng 1.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.46"
+
+
+ + The GNU C library is the standard C library used by Gentoo Linux + systems. +
++ Multiple vulnerabilities were found in glibc, amongst others the + widely-known recent LD_AUDIT and $ORIGIN issues. For further + information please consult the CVE entries referenced below. +
++ A local attacker could execute arbitrary code as root, cause a Denial + of Service, or gain privileges. Additionally, a user-assisted remote + attacker could cause the execution of arbitrary code, and a + context-dependent attacker could cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All GNU C library users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.11.2-r3"
+ + Chromium is an open-source web browser project. +
++ Multiple vulnerabilities were found in Chromium. For further + information please consult the release notes referenced below. +
++ A remote attacker could trick a user to perform a set of UI actions + that trigger a possibly exploitable crash, leading to execution of + arbitrary code or a Denial of Service. +
++ It was also possible for an attacker to entice a user to visit a + specially-crafted web page that would trigger one of the + vulnerabilities, leading to execution of arbitrary code within the + confines of the sandbox, successful Cross-Site Scripting attacks, + violation of the same-origin policy, successful website spoofing + attacks, information leak, or a Denial of Service. An attacker could + also trick a user to perform a set of UI actions that might result in a + successful website spoofing attack. +
++ Multiple bugs in the sandbox could result in a sandbox escape. +
++ Multiple UI bugs could lead to information leak and successful website + spoofing attacks. +
++ There is no known workaround at this time. +
++ All Chromium users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-8.0.552.224"
+ + gif2png is a command line program that converts image files from the + Graphics Interchange Format (GIF) format to the Portable Network + Graphics (PNG) format. +
++ gif2png contains a command line parsing vulnerability that may result + in a stack overflow due to an unexpectedly long input filename. +
++ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. + Note that applications relying on gif2png to process images can also + trigger the vulnerability. +
++ There is no known workaround at this time. +
++ All gif2png users should upgrade to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.1-r1"
+ + Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
++ Tor contains a heap-based buffer overflow in the processing of user or + attacker supplied data. No additional information is available. +
++ Successful exploitation of this vulnerability may allow an + unauthenticated remote attacker to execute arbitrary code with the + permissions of the Tor user, or to cause a Denial of Service. +
++ There is no known workaround at this time. +
++ All Tor users should upgrade to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.28"
+ + libvpx is the VP8 codec SDK used to encode and decode video streams, + typically within a WebM format media file. +
++ libvpx is vulnerable to an integer overflow vulnerability when + processing crafted VP8 video streams. +
++ A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All libvpx users should upgrade to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libvpx-0.9.5"
+ + Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these + packages. +
++ aria2 is a download utility with resuming and segmented downloading + with HTTP/HTTPS/FTP/BitTorrent support. +
++ A directory traversal vulnerability was discovered in aria2. +
++ A remote attacker could entice a user to download from a specially + crafted metalink file, resulting in the creation of arbitrary files. +
++ There is no known workaround at this time. +
++ All aria2 users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/aria2-1.9.3"
+ + OpenAFS is a distributed file system. +
++ Two vulnerabilities were discovered: +
++ The vulnerabilities might allow remote unauthenticated attackers to + cause a Denial of Service (system crash) and possibly execute arbitrary + code. +
++ There is no known workaround at this time. +
++ All OpenAFS users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.9"
+ + IO::Socket::SSL is a Perl class implementing an object oriented + interface to SSL sockets. +
++ The vendor reported that IO::Socket::SSL does not properly handle + Common Name (CN) fields. +
++ A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using + IO::Socket::SSL. +
++ There is no known workaround at this time. +
++ All IO::Socket::SSL users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/IO-Socket-SSL-1.26"
+ + Prewikka is a graphical front-end analysis console for the Prelude + Hybrid IDS Framework. +
++ The permissions of the prewikka.conf file are set world readable. +
++ A local attacker could obtain the SQL database password used by + Prewikka. +
++ There is no known workaround at this time. +
++ All Prewikka users should upgrade to the latest version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/prewikka-0.9.14-r2"
+ + NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 18, 2009 . It is likely that your system is already + no longer affected by this issue. +
++ Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +
++ Multiple vulnerabilities were discovered in Adobe Reader. For further + information please consult the CVE entries and the Adobe Security + Bulletins referenced below. +
++ A remote attacker might entice a user to open a specially crafted PDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Adobe Reader users should upgrade to the latest stable version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.1"
+ + The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
++ Multiple vulnerabilities were discovered in Adobe Flash Player. For + further information please consult the CVE entries and the Adobe + Security Bulletins referenced below. +
++ A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
++ There is no known workaround at this time. +
++ All Adobe Flash Player users should upgrade to the latest stable + version: +
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.1.102.64"
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could cause a Denial of Service, possibly + execute arbitrary code, bypass intended key requirements, force the + downgrade to unintended ciphers, bypass the need for knowledge of shared + secrets and successfully authenticate, bypass CRL validation, or obtain + sensitive information in applications that use OpenSSL. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 17, 2011. It is likely that your system is + already no longer affected by most of these issues. +
+Wireshark is a versatile network protocol analyzer.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could send specially crafted packets on a network + being monitored by Wireshark, entice a user to open a malformed packet + trace file using Wireshark, or deploy a specially crafted Lua script for + use by Wireshark, possibly resulting in the execution of arbitrary code, + or a Denial of Service condition. +
+There is no known workaround at this time.
+All Wireshark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.4.9"
+
+
+ Bugzilla is the bug-tracking system from the Mozilla project.
+Multiple vulnerabilities have been discovered in Bugzilla. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could conduct cross-site scripting attacks, conduct + script insertion and spoofing attacks, hijack the authentication of + arbitrary users, inject arbitrary HTTP headers, obtain access to + arbitrary accounts, disclose the existence of confidential groups and its + names, or inject arbitrary e-mail headers. +
+ +A local attacker could disclose the contents of temporarfy files for + uploaded attachments. +
+There is no known workaround at this time.
+All Bugzilla users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.6.6"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 27, 2011. It is likely that your system is already + no longer affected by this issue. +
+Dovecot is an IMAP and POP3 server written with security primarily in + mind. +
+Multiple vulnerabilities have been discovered in Dovecot. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could exploit these vulnerabilities to cause the + remote execution of arbitrary code, or a Denial of Service condition, to + conduct directory traversal attacks, corrupt data, or disclose + information. +
+There is no known workaround at this time.
+All Dovecot 1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.2.17"
+
+
+ All Dovecot 2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.0.13"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 28, 2011. It is likely that your system is already no + longer affected by this issue. +
+GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +
+Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers referenced below for details. +
+An attacker could perform man-in-the-middle attacks to spoof arbitrary + SSL servers via a crafted certificate issued by a legitimate + Certification Authority or to inject an arbitrary amount of chosen + plaintext into the beginning of the application protocol stream, allowing + for further exploitation. +
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.10.0"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 6, 2010. It is likely that your system is already + no longer affected by this issue. +
+PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
+Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +
+A context-dependent attacker could execute arbitrary code, obtain + sensitive information from process memory, bypass intended access + restrictions, or cause a Denial of Service in various ways. +
+ +A remote attacker could cause a Denial of Service in various ways, + bypass spam detections, or bypass open_basedir restrictions. +
+There is no known workaround at this time.
+All PHP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"
+
+
+ vsftpd is a very secure FTP daemon written with speed, size and security + in mind. +
+A Denial of Service vulnerability was discovered in vsftpd. Please + review the CVE identifier referenced below for details. +
+A remote authenticated attacker could cause a Denial of Service.
+There is no known workaround at this time.
+All vsftpd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/vsftpd-2.3.4"
+
+
+ feh is a fast, lightweight imageviewer using imlib2.
+Multiple vulnerabilities have been discovered in feh. Please review the + CVE identifiers referenced below for details. +
+A malicious entity might entice a user to visit a URL using the + --wget-timestamp option, thus executing arbitrary commands via shell + metacharacters; a malicious local user could perform a symlink attack and + overwrite arbitrary files. +
+There is no known workaround at this time.
+All feh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/feh-1.12"
+
+
+ Conky is an advanced, highly configurable system monitor for X.
+A privilege escalation vulnerability due to an insecure temporary file + was found in Conky. +
+A local attacker could possibly overwrite arbitrary files with the + privileges of the user running Conky. +
+There is no known workaround at this time.
+All Conky users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/conky-1.8.1-r2"
+
+
+ GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
+It was discovered that Wget was unsafely trusting server-provided + filenames. This allowed attackers to overwrite or create files on the + user's system by sending a redirect from the expected URL to another URL + specifying the targeted file. +
+An unauthenticated remote attacker may be able to create or overwrite + local files by enticing the user to open an attacker controlled URL, + possibly leading to execution of arbitrary code. +
+There is no known workaround at this time.
+All Wget users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.12-r2"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 19, 2010. It is likely that your system is + already no longer affected by this issue. +
+The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers and Adobe Security Advisories and + Bulletins referenced below for details. +
+By enticing a user to open a specially crafted SWF file a remote + attacker could cause a Denial of Service or the execution of arbitrary + code with the privileges of the user running the application. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-10.3.183.10"
+
+
+ Unbound is a validating, recursive, and caching DNS resolver.
+Multiple vulnerabilities have been discovered in unbound. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service.
+There is no known workaround at this time.
+All Unbound users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.4.10"
+
+
+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
+Multiple vulnerabilities have been discovered in Tor. Please review the + CVE identifiers referenced below for details. +
+A remote unauthenticated attacker may be able to execute arbitrary code + with the privileges of the Tor process or create a Denial of Service. +
+There is no known workaround at this time.
+All Tor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 2, 2011. It is likely that your system is already + no longer affected by this issue. +
+D-Bus is a message bus system, a simple way for applications to talk to + each other. +
+Multiple vulnerabilities have been discovered in D-Bus. Please review + the CVE identifiers referenced below for details. +
+The vulnerabilities allow for local Denial of Service (daemon crash), or + arbitrary file overwriting. +
+There is no known workaround at this time.
+All D-Bus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.4.12"
+
+ The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of + cryptographic software. The GPGSM utility in GnuPG is responsible for + processing X.509 certificates, signatures and encryption as well as + S/MIME messages. +
+The GPGSM utility in GnuPG contains a use-after-free vulnerability that + may be exploited when importing a crafted X.509 certificate explicitly or + during the signature verification process. +
+An unauthenticated remote attacker may execute arbitrary code with the + privileges of the user running GnuPG by enticing them to import a crafted + certificate. +
+There is no known workaround at this time.
+All GnuPG 2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.16-r1"
+
+
+ The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail + server. +
+Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. + Please review the CVE identifiers referenced below for details. +
+An unauthenticated local or remote attacker may be able to execute + arbitrary code with the privileges of the Cyrus IMAP Server process or + cause a Denial of Service. +
+There is no known workaround at this time.
+All Cyrus IMAP Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.4.12"
+
+
+ Avahi is a system which facilitates service discovery on a local + network. +
+Multiple vulnerabilities have been discovered in Avahi. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service.
+There is no known workaround at this time.
+All Avahi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.28-r1"
+
+
+ rgmanager is a clustered resource group manager.
+A vulnerability has been discovered in rgmanager. Please review the CVE + identifier referenced below for details. +
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All rgmanager users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=sys-cluster/rgmanager-2.03.09-r1"
+
+
+ The X Window System is a graphical windowing system based on a + client/server model. +
+vladz reported the following vulnerabilities in the X.Org X server:
+ +A local attacker could exploit these vulnerabilities to disclose + information by making arbitrary files on a system world-readable or gain + information whether a specified file exists on the system and whether it + is a file, directory, or a named pipe. +
+There is no known workaround at this time.
+All X.Org X Server 1.9 users should upgrade to the latest 1.9 version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.9.5-r1"
+
+
+ All X.Org X Server 1.10 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.10.4-r1"
+
+
+ Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +
+Multiple vulnerabilities have been discovered in Clam AntiVirus. Please + review the CVE identifiers referenced below for details. +
+An unauthenticated remote attacker may execute arbitrary code with the + privileges of the Clam AntiVirus process or cause a Denial of Service by + causing an affected user or system to scan a crafted file. +
+There is no known workaround at this time.
+All Clam AntiVirus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.97.3"
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers referenced below for details. +
+An unauthenticated remote attacker may execute code with the privileges + of the Asterisk process or cause a Denial of Service. +
+There is no known workaround at this time.
+All asterisk 1.6.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.6.2.18.2"
+
+
+ All asterisk 1.8.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.7.1"
+
+ PostgreSQL is an open source object-relational database management + system. +
+Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +
+A remote authenticated attacker could send a specially crafted SQL query + to a PostgreSQL server with the "intarray" module enabled, possibly + resulting in the execution of arbitrary code with the privileges of the + PostgreSQL server process, or a Denial of Service condition. Furthermore, + a remote authenticated attacker could execute arbitrary Perl code, cause + a Denial of Service condition via different vectors, bypass LDAP + authentication, bypass X.509 certificate validation, gain database + privileges, exploit weak blowfish encryption and possibly cause other + unspecified impact. +
+There is no known workaround at this time.
+All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-base-8.2.22:8.2"
+
+
+ All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-base-8.3.16:8.3"
+
+
+ All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-base-8.4.9:8.4"
+
+
+ All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-base-9.0.5:9.0"
+
+
+ All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-server-8.2.22:8.2"
+
+
+ All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-server-8.3.16:8.3"
+
+
+ All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-server-8.4.9:8.4"
+
+
+ All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/postgresql-server-9.0.5:9.0"
+
+
+ The old unsplit PostgreSQL packages have been removed from portage. + Users still using them are urged to migrate to the new PostgreSQL + packages as stated above and to remove the old package: +
+ +
+ # emerge --unmerge "dev-db/postgresql"
+
+ mod_authnz_external is a tool for creating custom authentication + backends for HTTP basic authentication. +
+mysql/mysql-auth.pl in mod_authnz_external does not properly sanitize + input before using it in an SQL query. +
+A remote attacker could exploit this vulnerability to inject arbitrary + SQL statements by using a specially crafted username for HTTP + authentication on a site using mod_authnz_external. +
+There is no known workaround at this time.
+All Apache mod_authnz_external users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-apache/mod_authnz_external-3.2.6"
+
+
+ Squid is a full-featured web proxy cache.
+Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. +
+Remote unauthenticated attackers may be able to execute arbitrary code + with the privileges of the Squid process or cause a Denial of Service. +
+There is no known workaround at this time.
+All squid users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 4, 2011. It is likely that your system is + already no longer affected by this issue. +
+Pure-FTPd is a fast, production-quality and standards-compliant FTP + server. +
+Multiple vulnerabilities have been discovered in Pure-FTPd. Please + review the CVE identifiers referenced below for details. +
+Remote unauthenticated attackers may be able to inject FTP commands or + cause a Denial of Service. +
+There is no known workaround at this time.
+All pure-ftpd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/pure-ftpd-1.0.32"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 14, 2011. It is likely that your system is already no + longer affected by this issue. +
+libxml2 is the XML C parser and toolkit developed for the Gnome project.
+Multiple vulnerabilities have been discovered in libxml2. Please review + the CVE identifiers referenced below for details. +
+A local or remote attacker may be able to execute arbitrary code with + the privileges of the application or cause a Denial of Service. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r3"
+
+
+ Chromium is an open-source web browser project. V8 is Google's open + source JavaScript engine. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A local attacker could gain root privileges (CVE-2011-1444, fixed in + chromium-11.0.696.57). +
+ +A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. The attacker also could obtain + cookies and other sensitive information, conduct man-in-the-middle + attacks, perform address bar spoofing, bypass the same origin policy, + perform Cross-Site Scripting attacks, or bypass pop-up blocks. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-15.0.874.102"
+
+
+ All V8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22"
+
+ The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and + the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) + provide the Oracle Java platform (formerly known as Sun Java Platform). +
+Multiple vulnerabilities have been reported in the Oracle Java + implementation. Please review the CVE identifiers referenced below and + the associated Oracle Critical Patch Update Advisory for details. +
+A remote attacker could exploit these vulnerabilities to cause + unspecified impact, possibly including remote execution of arbitrary + code. +
+There is no known workaround at this time.
+All Oracle JDK 1.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
+
+
+ All Oracle JRE 1.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
+
+
+ All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/emul-linux-x86-java-1.6.0.29"
+
+
+ NOTE: As Oracle has revoked the DLJ license for its Java implementation, + the packages can no longer be updated automatically. This limitation is + not present on a non-fetch restricted implementation such as + dev-java/icedtea-bin. +
+OpenTTD is a clone of Transport Tycoon Deluxe.
+Multiple vulnerabilities have been discovered in OpenTTD. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code with the privileges of + the OpenTTD process or cause a Denial of Service. Local users could cause + a Denial of Service. +
+There is no known workaround at this time.
+All OpenTTD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-simulation/openttd-1.1.3"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 27, 2011. It is likely that your system is + already no longer affected by this issue. +
+The phpDocumentor package provides automatic documenting of PHP API + directly from the source. +
+phpDocumentor bundles Smarty with the modifier.regex_replace.php plug-in + which does not properly sanitize input related to the ASCII NUL character + in a search string. +
+A remote attacker could call arbitrary PHP functions via templates.
+There is no known workaround at this time.
+All phpDocumentor users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-php/PEAR-PhpDocumentor-1.4.3-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since February 12, 2011. It is likely that your system is + already no longer affected by this issue. +
+Chromium is an open-source web browser project. V8 is Google's open + source JavaScript engine. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. The attacker also could cause + a Java applet to run without user confirmation. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-15.0.874.121"
+
+
+ All V8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.24"
+
+ MaraDNS is a proxy DNS server with permanent caching.
+A long DNS hostname with a large number of labels could trigger a buffer + overflow in the compress_add_dlabel_points() function of dns/Compress.c. +
+A remote unauthenticated attacker could execute arbitrary code or cause + a Denial of Service. +
+There is no known workaround at this time.
+All MaraDNS users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/maradns-1.4.06"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since February 12, 2011. It is likely that your system is + already no longer affected by this issue. +
+TinTin++ is a free MUD gaming client.
+Multiple vulnerabilities have been discovered in TinTin++. Please review + the CVE identifiers referenced below for details. +
+Remote unauthenticated attackers may be able to execute arbitrary code + with the privileges of the TinTin++ process, cause a Denial of Service, + or truncate arbitrary files in the top level of the home directory + belonging to the user running the TinTin++ process. +
+There is no known workaround at this time.
+All TinTin++ users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-mud/tintin-1.98.0"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 25, 2008. It is likely that your system is already + no longer affected by this issue. +
+radvd is an IPv6 router advertisement daemon for Linux and BSD.
+Multiple vulnerabilities have been discovered in radvd. Please review + the CVE identifiers referenced below for details. +
+A remote unauthenticated attacker may be able to gain escalated + privileges, escalate the privileges of the radvd process, overwrite files + with specific names, or cause a Denial of Service. Local attackers may be + able to overwrite the contents of arbitrary files using symlinks. +
+There is no known workaround at this time.
+All radvd users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2"
+
+ Safe is a Perl module to compile and execute code in restricted + compartments. +
+Unsafe code evaluation prevents the Safe module from properly + restricting the code of implicitly called methods on implicitly blessed + objects. +
+A remote attacker could entice a user to load a specially crafted Perl + script, resulting in execution arbitrary Perl code outside of a + restricted compartment. +
+There is no known workaround at this time.
+All users of the standalone Perl Safe module should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=perl-core/Safe-2.27"
+
+
+ All users of the Safe module bundled with Perl should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=virtual/perl-Safe-2.27"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 18, 2010. It is likely that your system is already + no longer affected by this issue. +
+Evince is a document viewer for multiple document formats, including + PostScript. +
+Multiple vulnerabilities have been discovered in Evince. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to load a DVI file with a + specially crafted font, resulting in the execution of arbitrary code with + the privileges of the user running the application or a Denial of + Service. +
+There is no known workaround at this time.
+All Evince users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/evince-2.32.0-r2"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 26, 2011. It is likely that your system is already + no longer affected by this issue. +
+GNU Tar is a utility to create archives as well as add and extract files + from archives. +
+GNU Tar is vulnerable to a boundary error in the rmt_read__ function in + lib/rtapelib.c, which could cause a heap-based buffer overflow. +
+A remote attacker could entice the user to load a specially crafted + archive, possibly resulting in the execution of arbitrary code or a + Denial of Service. +
+There is no known workaround at this time.
+All GNU Tar users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/tar-1.23"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 18, 2010. It is likely that your system is already + no longer affected by this issue. +
+abcm2ps is a program to convert abc files to Postscript files.
+Multiple vulnerabilities have been discovered in abcm2ps:
+ +A remote attacker could entice a user to load a specially crafted ABC + file or use a long -O option on the command line, resulting in the + execution of arbitrary code. +
+There is no known workaround at this time.
+All abcm2ps users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/abcm2ps-5.9.13"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 27, 2010. It is likely that your system is already + no longer affected by this issue. +
+phpMyAdmin is a web-based management tool for MySQL databases.
+Multiple vulnerabilities have been discovered in phpMyAdmin. Please + review the CVE identifiers and phpMyAdmin Security Advisories referenced + below for details. +
+Remote attackers might be able to insert and execute PHP code, include + and execute local PHP files, or perform Cross-Site Scripting (XSS) + attacks via various vectors. +
+There is no known workaround at this time.
+All phpMyAdmin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-3.4.9"
+
+
+ MySQL is a popular open-source multi-threaded, multi-user SQL database + server. +
+Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +
+An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the MySQL process, cause a Denial of Service + condition, bypass security restrictions, uninstall arbitrary MySQL + plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. +
+There is no known workaround at this time.
+All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.56"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 14, 2011. It is likely that your system is already no + longer affected by this issue. +
+Chromium is an open source web browser project. V8 is Google's open + source JavaScript engine. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +
+ +The attacker could also perform URL bar spoofing.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-16.0.912.75"
+
+
+ All V8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.6.6.11"
+
+ Logsurfer is a real time log monitoring and analysis tool.
+Logsurfer log files may contain substrings used for executing external + commands. The prepare_exec() function in src/exec.c contains a + double-free vulnerability. +
+A remote attacker could inject specially-crafted strings into a log file + processed by Logsurfer, resulting in the execution of arbitrary code with + the permissions of the Logsurfer user. +
+There is no known workaround at this time.
+All Logsurfer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/logsurfer+-1.8"
+
+
+ mDNSResponder is a component of Apple's Bonjour, an initiative for + zero-configuration networking. +
+Multiple vulnerabilities have been discovered in mDNSResponder. Please + review the CVE identifiers referenced below for details. +
+A local or remote attacker may be able to execute arbitrary code with + root privileges or cause a Denial of Service. +
+There is no known workaround at this time.
+All mDNSResponder users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/mDNSResponder-212.1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 21, 2009. It is likely that your system is + already no longer affected by this issue. +
+iSCSI Enterprise Target is an open source iSCSI target with professional + features. +
+Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target + contain format string errors. +
+A remote attacker could send a specially-crafted Internet Storage Name + Service (iSNS) request, possibly resulting in the execution of arbitrary + code with root privileges or cause a Denial of Service. +
+There is no known workaround at this time.
+All iSCSI Enterprise Target users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-block/iscsitarget-1.4.19"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 11, 2010. It is likely that your system is already + no longer affected by this issue. +
+NX Server Free Edition is a remote display technology by No Machine. NX + Node provides the shared components for NX Server. +
+NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script + containing an unspecified vulnerability. +
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All NX Server Free Edition users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-misc/nxserver-freeedition-3.5.0.5"
+
+
+ All NX Node users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.5.0.4"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 23, 2011. It is likely that your system is already + no longer affected by this issue. +
+FontForge is a PostScript font editor and converter.
+FontForge is vulnerable to an error when processing the + "CHARSET_REGISTRY" header in font files, which could cause a stack-based + buffer overflow. +
+A remote attacker could entice a user to open a specially crafted BDF + file using FontForge font editor, possibly resulting in the remote + execution of arbitrary code with the privileges of the FontForge process, + or a Denial of Service (application crash). +
+There is no known workaround at this time.
+All FontForge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/fontforge-20110222-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 12, 2011. It is likely that your system is + already no longer affected by this issue. +
+FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted font, + possibly resulting in the remote execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
+
+
+ The JasPer Project is an open-source initiative to provide a free + software-based reference implementation of the codec specified in the + JPEG-2000 Part-1 (jpeg2k) standard. +
+Two vulnerabilities have been found in JasPer:
+ +A remote attacker could entice a user or automated system to process + specially crafted JPEG-2000 files with an application using JasPer, + possibly resulting in the execution of arbitrary code with the privileges + of the application, or a Denial of Service. +
+There is no known workaround at this time.
+All JasPer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r4"
+
+
+ Firewall Builder is a GUI for easy management of multiple firewall + platforms. +
+Two vulnerabilities in Firewall Builder allow the iptables and + fwb_install scripts to use temporary files insecurely. +
+A local attacker could possibly overwrite arbitrary files with the + privileges of the user running Firewall Builder. +
+There is no known workaround at this time.
+All Firewall Builder users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 09, 2010. It is likely that your system is already + no longer affected by this issue. +
+Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
+Multiple vulnerabilities have been discovered in Tor:
+ +A remote attacker could possibly execute arbitrary code or cause a + Denial of Service. Furthermore, a remote relay the user is directly + connected to may be able to disclose anonymous information about that + user or enumerate bridges in the user's connection. +
+There is no known workaround at this time.
+All Tor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.2.35"
+
+
+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +
+Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please + review the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code with the + privileges of the administration daemon or the Key Distribution Center + (KDC) daemon, cause a Denial of Service condition, or possibly obtain + sensitive information. Furthermore, a remote attacker may be able to + spoof Kerberos authorization, modify KDC responses, forge user data + messages, forge tokens, forge signatures, impersonate a client, modify + user-visible prompt text, or have other unspecified impact. +
+There is no known workaround at this time.
+All MIT Kerberos 5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.9.2-r1"
+
+ A suite of applications that implement the Kerberos 5 network protocol + from MIT. +
+Multiple vulnerabilities have been discovered in MIT Kerberos 5 + Applications: +
+ +An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the user running the telnet daemon or client. + Furthermore, an authenticated remote attacker may be able to read or + write files owned by the same group as the effective group of the FTP + daemon. +
+There is no known workaround at this time.
+All MIT Kerberos 5 Applications users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-crypt/mit-krb5-appl-1.0.2-r1"
+
+
+ ktsuss is a simple, graphical version of su written in C and GTK+.
+Two vulnerabilities have been found in ktuss:
+ +A local attacker could gain escalated privileges and use the + "GTK_MODULES" environment variable to possibly execute arbitrary code + with root privileges. +
+There is no known workaround at this time.
+Gentoo discontinued support for ktsuss. We recommend that users unmerge + ktsuss: +
+ +
+ # emerge --unmerge "x11-misc/ktsuss"
+
+ The X Keyboard Configuration Database provides keyboard configuration + for various X server implementations. +
+Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server + again provides debugging functionality that can be used terminate an + application that exclusively grabs mouse and keyboard input, like screen + locking utilities. +
+ +Gu1 reported that the X Keyboard Configuration Database maps this + functionality by default to the Ctrl+Alt+Numpad * key combination. +
+A physically proximate attacker could exploit this vulnerability to gain + access to a locked X session without providing the correct credentials. +
+Downgrade to any version of x11-base/xorg-server below + x11-base/xorg-server-1.11: +
+ +
+ # emerge --oneshot --verbose "<x11-base/xorg-server-1.11"
+
+ All xkeyboard-config users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=x11-misc/xkeyboard-config-2.4.1-r3"
+
+
+ NOTE: The X.Org X Server 1.11 was only stable on the AMD64, ARM, HPPA, + and x86 architectures. Users of the stable branches of all other + architectures are not affected and will be directly provided with a fixed + X Keyboard Configuration Database version. +
+Chromium is an open source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-16.0.912.77"
+
+
+ bip is a multi-user IRC proxy with SSL support.
+Multiple vulnerabilities have been discovered in bip:
+ +A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the privileges of the user running the bip daemon, or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All bip users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/bip-0.8.8-r1"
+
+
+ NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version + of bip and is included in this advisory for completeness. +
+Adobe Reader is a closed-source PDF reader.
+Multiple vulnerabilities have been discovered in Adobe Reader. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted PDF + file using Adobe Reader, possibly resulting in the remote execution of + arbitrary code, a Denial of Service, or other impact. +
+There is no known workaround at this time.
+All Adobe Reader users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7"
+
+
+ Chromium is an open source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + information leak (clipboard contents), bypass of the Same Origin Policy, + or escape from NativeClient's sandbox. +
+ +A remote attacker could also entice the user to perform a set of UI + actions (drag and drop) to trigger an URL bar spoofing vulnerability. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-17.0.963.56"
+
+ Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and + BGP. +
+Multiple vulnerabilities have been discovered in Quagga. Please review + the CVE identifiers referenced below for details. +
+A BGP peer could send a Route-Refresh message with specially-crafted ORF + record, which can cause Quagga's bgpd to crash or possibly execute + arbitrary code with the privileges of the user running Quagga's bgpd; a + BGP update AS path request with unknown AS type, or malformed + AS-Pathlimit or Extended-Community attributes could lead to Denial of + Service (daemon crash), an error in bgpd when handling AS_PATH attributes + within UPDATE messages can + be exploited to cause a heap-based buffer overflow resulting in a crash + of the + daemon and disruption of IPv4 routing, two errors in ospf6d and ospfd can + each be exploited to crash the daemon and disrupt IP routing. +
+There is no known workaround at this time.
+All Quagga users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20"
+
+
+ MaraDNS is a proxy DNS server with permanent caching.
+MaraDNS does not properly randomize hash functions to protect against + hash collision attacks. +
+A remote attacker could send many specially crafted DNS recursive + queries, possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All MaraDNS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/maradns-1.4.09"
+
+
+ The PowerDNS nameserver is an authoritative-only nameserver which uses a + flexible backend architecture. +
+A vulnerability has been found in PowerDNS which could cause a packet + loop of DNS responses. +
+A remote attacker could send specially crafted DNS response packets, + possibly resulting in a Denial of Service condition. +
+PowerDNS users can set "cache-ttl=0" in /etc/powerdns/pdns.conf and then + restart the PowerDNS daemon: +
+ +
+ # /etc/init.d/pdns restart
+
+
+ Please review the PowerDNS Security Advisory below for more workaround + details. +
+All PowerDNS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/pdns-3.0.1"
+
+
+ Heimdal is a free implementation of Kerberos 5.
+A boundary error in the "encrypt_keyid()" function in + appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could + cause a buffer overflow. +
+An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the user running the telnet daemon or client, or + cause Denial of Service. +
+There is no known workaround at this time.
+All Heimdal users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-1.5.1-r1"
+
+
+ Asterisk is an open source telephony engine and toolkit.
+A vulnerability has been found in Asterisk's handling of certain + encrypted streams where the res_srtp module has been loaded but video + support has not been enabled. +
+A remote attacker could send a specially crafted SDP message to the + Asterisk daemon, possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.8.2"
+
+
+ libvirt is a C toolkit to manipulate virtual machines.
+Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +
+These vulnerabilities allow a remote attacker to cause a Denial of + Service condition on the host server or libvirt daemon, or might allow + guest OS users to read arbitrary files on the host OS. +
+There is no known workaround at this time.
+All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-0.9.3-r1"
+
+
+ The stunnel program is designed to work as an SSL encryption wrapper + between a client and a local or remote server. +
+An unspecified heap vulnerability was discovered in stunnel.
+The vulnerability may possibly be leveraged to perform remote code + execution or a Denial of Service attack. +
+There is no known workaround at this time.
+All stunnel 4.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.44"
+
+ libxml2 is the XML C parser and toolkit developed for the Gnome project.
+The "xmlStringLenDecodeEntities()" function in parser.c contains a + boundary error which could possibly cause a heap-based buffer overflow. +
+A remote attacker could entice a user to open a specially crafted XML + file in an application linked against libxml2, possibly resulting in the + remote execution of arbitrary code with the permissions of the user + running the application, or Denial of Service. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r4"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+spamdyke is a drop-in connection-time spam filter for qmail.
+Boundary errors related to the "snprintf()" and "vsnprintf()" functions + in spamdyke could cause a buffer overflow. +
+A remote attacker could possibly execute arbitrary code or cause a + Denial of Service. +
+There is no known workaround at this time.
+All spamdyke users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/spamdyke-4.3.0"
+
+
+ cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +
+Multiple vulnerabilities have been found in cURL:
+ +A remote attacker could entice a user or automated process to open a + specially crafted file or URL using cURL, possibly resulting in the + remote execution of arbitrary code, a Denial of Service condition, + disclosure of sensitive information, or unwanted actions performed via + the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able + to impersonate clients via GSSAPI requests. +
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.24.0"
+
+
+ Puppet is a system configuration management tool written in Ruby.
+Multiple vulnerabilities have been discovered in Puppet. Please review + the CVE identifiers referenced below for details. +
+A local attacker could gain elevated privileges, or access and modify + arbitrary files. Furthermore, a remote attacker may be able to spoof a + Puppet Master or write X.509 Certificate Signing Requests to arbitrary + locations. +
+There is no known workaround at this time.
+All Puppet users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.11"
+
+
+ libxml2 is the XML C parser and toolkit developed for the Gnome project.
+libxml2 does not properly randomize hash functions to protect against + hash collision attacks. +
+A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2 + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r5"
+
+
+ Rack is a modular Ruby web server interface.
+Rack does not properly randomize hash functions to protect against hash + collision attacks. +
+A remote attacker could send a specially crafted form post, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Rack users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.1.3"
+
+
+ sudo allows a system administrator to give users the ability to run + commands as other users. +
+Two vulnerabilities have been discovered in sudo:
+ +A local attacker could possibly gain the ability to run arbitrary + commands with the privileges of other users or groups, including root. +
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.3_p2"
+
+
+ The foomatic-filters package contains wrapper scripts which are designed + to be used with Foomatic. +
+The foomatic-rip filter improperly handles command-line arguments, + including those issued by FoomaticRIPCommandLine fields in PPD files. +
+A remote attacker could entice a user to open a specially crafted PPD + file, possibly resulting in execution of arbitrary code with the + privileges of the system user "lp". +
+There is no known workaround at this time.
+All foomatic-filters users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-print/foomatic-filters-4.0.9"
+
+
+ libxslt is the XSLT C library developed for the GNOME project. XSLT is + an XML language to define transformations for XML. +
+An out of bounds read error has been found in libxslt/pattern.c in + libxslt. +
+A remote attacker could entice a user to process an XML file using a + specially crafted XSLT stylesheet in an application linked against + libxslt, possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All libxslt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.26-r3"
+
+ ImageMagick is a collection of tools and libraries for manipulating + various image formats. +
+Two vulnerabilities have been found in ImageMagick:
+ +A remote attacker could entice a user to open a specially crafted image, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. +
+There is no known workaround at this time.
+All ImageMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.7.5.3"
+
+
+ libmikmod is a library to play a wide range of module formats.
+Multiple boundary errors have been found in load_it.c in libmikmod, + which may cause a buffer overflow. +
+A remote attacker could entice a user to open specially crafted files in + an application linked against libmikmod, possibly resulting in execution + of arbitrary code with the permissions of the user running the + application, or Denial of Service. +
+There is no known workaround at this time.
+All libmikmod 3.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/libmikmod-3.2.0_beta2-r3"
+
+
+ All libmikmod 3.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmikmod-3.1.12-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod + Touch devices. +
+The "receive_packet()" function in libusbmuxd.c contains a boundary + error when parsing the "SerialNumber" field of a USB device, which could + cause a heap-based buffer overflow. +
+An attacker could gain physical access or entice a user to connect to a + malicious USB device, possibly resulting in execution of arbitrary code + with the privileges of the "usbmux" user. +
+There is no known workaround at this time.
+All usbmuxd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-pda/usbmuxd-1.0.7-r1"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been found in OpenSSL:
+ +A remote attacker may be able to cause a Denial of Service or obtain + sensitive information, including plaintext passwords. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"
+
+ Openswan is an implementation of IPsec for Linux.
+Two vulnerabilities have been found in Openswan:
+ +A remote authenticated attacker or a local attacker may be able to cause + a Denial of Service condition. +
+There is no known workaround at this time.
+All Openswan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.6.37"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 10, 2011. It is likely that your system is + already no longer affected by this issue. +
+Plugins for the Audacious music player.
+Multiple vulnerabilities have been found in Audacious Plugins:
+ +A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in execution of arbitrary code, or a Denial of + Service condition. +
+There is no known workaround at this time.
+All Audacious Plugins users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-plugins/audacious-plugins-3.1"
+
+
+ gif2png converts images from GIF format to PNG format.
+Two vulnerabilities have been found in gif2png:
+ +A remote attacker could entice a user to open a specially crafted GIF + file, possibly resulting in execution of arbitrary code, a Denial of + Service condition, or the creation of PNG files in unintended + directories. +
+There is no known workaround at this time.
+All gif2png users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.8"
+
+
+ ModPlug is a library for playing MOD-like music.
+Multiple vulnerabilities have been found in ModPlug:
+ +A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in execution of arbitrary code, or a Denial of + Service condition. +
+There is no known workaround at this time.
+All ModPlug users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.8.4"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 27, 2011. It is likely that your system is already + no longer affected by this issue. +
+The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides + drivers for HP's inkjet and laser printers, scanners and fax machines. +
+Two vulnerabilities have been found in HPLIP:
+ +A remote attacker might send specially crafted SNMP reponses, possibly + resulting in execution of arbitrary code or a Denial of Service + condition. Furthermore, a local attacker could perform symlink attacks to + overwrite arbitrary files. +
+There is no known workaround at this time.
+All HPLIP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/hplip-3.11.10"
+
+
+ Minitube is a Qt4 YouTube desktop client.
+Tomáš Pružina reported that Minitube does not handle temporary files + securely. +
+A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All Minitube users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/minitube-1.6"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 11, 2011. It is likely that your system is + already no longer affected by this issue. +
+Chromium is an open source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + Universal Cross-Site Scripting, or installation of an extension without + user interaction. +
+ +A remote attacker could also entice a user to install a specially + crafted extension that would interfere with browser-issued web requests. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-17.0.963.83"
+
+ Logwatch analyzes and reports on system logs.
+logwatch.pl does not properly sanitize log filenames against shell + metacharacters before passing them to the "system()" function. +
+A remote attacker could pass a specially crafted log filename to + Logwatch, possibly resulting in execution of arbitrary code with root + privileges or a Denial of Service condition. +
+There is no known workaround at this time.
+All Logwatch users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/logwatch-7.4.0"
+
+
+ Asterisk is an open source telephony engine and toolkit.
+Two vulnerabilities have been found in Asterisk:
+ +A remote unauthenticated attacker could execute arbitrary code or cause + a Denial of Service condition. +
+There is no known workaround at this time.
+All Asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.10.1"
+
+
+ nginx is a robust, small, and high performance HTTP and reverse proxy + server. +
+Multiple vulnerabilities have been found in nginx:
+ +A remote attacker could possibly execute arbitrary code with the + privileges of the nginx process, cause a Denial of Service condition, + create or overwrite arbitrary files, or obtain sensitive information. +
+There is no known workaround at this time.
+All nginx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
+
+
+ libzip is a library for manipulating zip archives.
+Two vulnerabilities have been found in the "_zip_readcdir()" function in + zip_open.c of libzip: +
+ +A remote attacker could entice a user to open a specially crafted ZIP + file, possibly resulting in execution of arbitrary code with the + privileges of the process, a Denial of Service condition, or information + leaks. +
+There is no known workaround at this time.
+All libzip users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libzip-0.10.1"
+
+
+ Chromium is an open source web browser project. V8 is Google's open + source JavaScript engine. SPDY is an experimental networking protocol. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +
+ +The attacker could also entice a user to open a specially crafted web + site using Chromium, possibly resulting in cross-site scripting (XSS), or + an unspecified SPDY certificate checking error. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-18.0.1025.142"
+
+
+ All V8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.8.9.16"
+
+ VirtualBox is a powerful virtualization product from Oracle.
+Multiple unspecified vulnerabilities have been discovered in VirtualBox. + Please review the CVE identifiers referenced below for details. +
+A local attacker may be able to gain escalated privileges via unknown + attack vectors. +
+There is no known workaround at this time.
+All VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.1.8"
+
+
+ All VirtualBox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/virtualbox-bin-4.1.8"
+
+
+ InspIRCd (Inspire IRCd) is a modular C++ IRC daemon
+A vulnerability in InspIRCd allows DNS compression features to control + the number of overflowed bytes sent to the heap-based buffer "res[]" in + dns.cpp. +
+A remote attacker could send specially crafted DNS responses, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All InspIRCd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/inspircd-2.0.5-r1"
+
+ Chromium is an open source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + or bypass of the same origin policy. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-18.0.1025.151"
+
+
+ FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted font, + possibly resulting in execution of arbitrary code with the privileges of + the user running the application, or a Denial of Service condition. +
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.9"
+
+
+ SWFTools is a collection of SWF manipulation and generation utilities + written by Rainer Böhme and Matthias Kramm. +
+Integer overflow errors in the "getPNG()" function in png.c and the + "jpeg_load()" function in jpeg.c could cause a heap-based buffer + overflow. +
+A remote attacker could entice a user to open a specially crafted PNG or + JPEG file, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+Gentoo discontinued support for SWFTools. We recommend that users + unmerge swftools: +
+ +
+ # emerge --unmerge "media-gfx/swftools"
+
+
+ NOTE: Users could upgrade to ">=media-gfx/swftools-0.9.1", however + these packages are not currently stable. +
+PolicyKit is a toolkit for controlling privileges for system-wide + services. +
+Multiple vulnerabilities have been found in PolicyKit:
+ +A local attacker could gain elevated privileges or sensitive + information. +
+There is no known workaround at this time.
+All PolicyKit users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.104-r1"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker may be able to bypass intended access restrictions, + bypass cross-domain policy, inject arbitrary web script, or obtain + sensitive information. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.228"
+
+ DBD-Pg is a PostgreSQL interface module for Perl.
+Format string vulnerabilities have been found in the the "pg_warn()" and + "dbd_st_prepare()" functions in dbdimp.c. +
+A remote PostgreSQL server could send specially crafted database + warnings or DBD statements, possibly resulting in execution of arbitrary + code. +
+There is no known workaround at this time.
+All users of the Perl DBD-Pg module should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/DBD-Pg-2.19.0"
+
+
+ Chromium is an open source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-18.0.1025.168"
+
+ ConnMan provides a daemon for managing Internet connections.
+Multiple vulnerabilities have been found in ConnMan:
+ +A remote attacker could execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All ConnMan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/connman-1.0-r1"
+
+ Chromium is an open source web browser project. V8 is Google’s open + source JavaScript engine. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-19.0.1084.46"
+
+
+ All V8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.9.24.21"
+
+ Chromium is an open source web browser project. V8 is Google’s open + source JavaScript engine. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-19.0.1084.52"
+
+
+ All V8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.9.24.28"
+
+
+ BIND is the Berkeley Internet Name Domain Server.
+Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +
+The vulnerabilities allow remote attackers to cause a Denial of Service + (daemon crash) via a DNS query, to bypass intended access restrictions, + to incorrectly cache a ncache entry and a rrsig for the same type and to + incorrectly mark zone data as insecure. +
+There is no known workaround at this time.
+All bind users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.7.4_p1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since December 22, 2011. It is likely that your system is + already + no longer affected by this issue. +
+QtGui is a module for the Qt toolkit.
+An error in qtiffhandler.cpp could cause a buffer overflow.
+A remote attacker could entice a user to open a specially crafted TIFF + image with an application linked against QtGui, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All QtGui users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/qt-gui-4.7.4-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Opera is a fast web browser that is available free of charge.
+Multiple vulnerabilities have been discovered in Opera. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + page, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. A remote + attacker may be able to: trick users into downloading and executing + arbitrary files, bypass intended access restrictions, spoof trusted + content, spoof URLs, bypass the Same Origin Policy, obtain sensitive + information, force subscriptions to arbitrary feeds, bypass the popup + blocker, bypass CSS filtering, conduct cross-site scripting attacks, or + have other unknown impact. +
+ +A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application or possibly + obtain sensitive information. +
+ +A physically proximate attacker may be able to access an email account.
+There is no known workaround at this time.
+All Opera users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467"
+
+ ArgyllCMS is an ICC compatible color management system that supports + accurate ICC profile creation for scanners, cameras and film recorders. +
+ArgyllCMS does not properly handle ICC profiles causing a use-after-free + vulnerability. +
+A remote attacker could entice a user to open a specially crafted image + file using ArgyllCMS, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All argyllcms users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0"
+
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple vulnerabilities have been found in Asterisk:
+ +A remote attacker could execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.12.1"
+
+ OpenJPEG is an open-source JPEG 2000 library.
+An error in jp2.c of OpenJPEG could allow an out-of-bounds write error.
+A remote attacker could entice a user to open a specially crafted JPEG + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. +
+There is no known workaround at this time.
+All OpenJPEG users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-1.5.0"
+
+
+ nginx is a robust, small, and high performance HTTP and reverse proxy + server. +
+An error in ngx_http_mp4_module.c could cause a buffer overflow.
+ +NOTE: nginx must have been emerged with USE="nginx_modules_http_mp4" in + order to be affected by this vulnerability. +
+A remote attacker could entice a user to place a specially crafted MP4 + file on the nginx server, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All nginx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.15"
+
+
+ Wicd is an open source wired and wireless network manager for Linux.
+Two vulnerabilities have been found in Wicd:
+ +A local attacker could gain privileges of the root user or obtain + sensitive information. +
+There is no known workaround at this time.
+All Wicd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.7.2.1"
+
+
+ The MediaWiki wiki web application as used on wikipedia.org.
+Multiple vulnerabilities have been discovered in mediawiki. Please + review the CVE identifiers referenced below for details. +
+MediaWiki allows remote attackers to bypass authentication, to perform + imports from any wgImportSources wiki via a crafted POST request, to + conduct cross-site scripting (XSS) attacks or obtain sensitive + information, to inject arbitrary web script or HTML, to conduct + clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary + web script or HTML, to bypass intended access restrictions and to obtain + sensitive information. +
+There is no known workaround at this time.
+All MediaWiki users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.18.2"
+
+ ejabberd is the Erlang jabber daemon.
+Multiple vulnerabilities have been discovered in ejabberd. Please review + the CVE identifiers referenced below for details. +
+ejabberd allows remote attackers to cause a Denial of Service condition + with the result of either crashing the daemon or the whole system by + causing memory and CPU consumption. +
+There is no known workaround at this time.
+All ejabberd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/ejabberd-2.1.9"
+
+ Pidgin is an GTK Instant Messenger client.
+Multiple vulnerabilities have been discovered in Pidgin. Please review + the CVE identifiers referenced below for details. +
+These vulnerabilities allow for arbitrary file retrieval, Denial of + Service and arbitrary code execution with the privileges of the user + running Pidgin. +
+There is no known workaround at this time.
+All Pidgin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.0-r1"
+
+
+ tftp-hpa is the port of the OpenBSD TFTP server.
+A vulnerability has been discovered in tftp-hpa. Please review the CVE + identifier referenced below for details. +
+The vulnerability might allow remote attackers to execute arbitrary + code. +
+There is no known workaround at this time.
+All tftp-hpa users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/tftp-hpa-5.1"
+
+
+ Mono is an open source implementation of Microsoft's .NET Framework.
+Multiple vulnerabilities have been discovered in Mono and Mono debugger. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code, bypass general + constraints, obtain the source code for .aspx applications, obtain other + sensitive information, cause a Denial of Service, modify internal data + structures, or corrupt the internal state of the security manager. +
+ +A local attacker could entice a user into running Mono debugger in a + directory containing a specially crafted library file to execute + arbitrary code with the privileges of the user running Mono debugger. +
+ +A context-dependant attacker could bypass the authentication mechanism + provided by the XML Signature specification. +
+There is no known workaround at this time.
+All Mono debugger users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/mono-debugger-2.8.1-r1"
+
+
+ All Mono users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/mono-2.10.2-r1"
+
+
+ Adobe Reader is a closed-source PDF reader.
+Multiple vulnerabilities have been found in Adobe Reader, including an + integer overflow in TrueType Font handling (CVE-2012-0774) and multiple + unspecified errors which could cause memory corruption. +
+A remote attacker could entice a user to open a specially crafted PDF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Adobe Reader users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.1"
+
+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +
+Multiple vulnerabilities have been discovered in libpng:
+ +An attacker could exploit these vulnerabilities to execute arbitrary + code with the permissions of the user running the vulnerable program, + which could be the root user, or to cause programs linked against the + library to crash. +
+There is no known workaround at this time.
+All libpng 1.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10"
+
+
+ All libpng 1.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+TagLib is a library for reading and editing audio meta data.
+Multiple vulnerabilities have been found in TagLib:
+ +A remote attacker could entice a user or automated system to open a + specially crafted OGG file with an application using TagLib, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All TagLib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/taglib-1.7.1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these + packages. +
+virtualenv is a virtual Python environment builder.
+The virtualenv.py script in virtualenv does not handle temporary files + securely. +
+A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All virtualenv users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/virtualenv-1.5.1"
+
+ GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +
+Multiple vulnerabilities have been found in GnuTLS:
+ +A remote attacker could perform man-in-the-middle attacks to spoof + arbitrary SSL servers or cause a Denial of Service condition in + applications linked against GnuTLS. +
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.12.18"
+
+
+ The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic + boards. +
+A vulnerability has been found in the way NVIDIA drivers handle + read/write access to GPU device nodes, allowing access to arbitrary + system memory locations. +
+ +NOTE: Exposure to this vulnerability is reduced in Gentoo due to 660 + permissions being used on the GPU device nodes by default. +
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All NVIDIA driver users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=x11-drivers/nvidia-drivers-295.40"
+
+ gdk-pixbuf is an image loading library for GTK+.
+Two vulnerabilities have been found in gdk-pixbuf:
+ +A remote attacker could entice a user to open a specially crafted image + in an application linked against gdk-pixbuf, possibly resulting in Denial + of Service. +
+There is no known workaround at this time.
+All gdk-pixbuf users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.24.1-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.236"
+
+ Samba is a suite of SMB and CIFS client/server programs.
+Multiple vulnerabilities have been discovered in Samba. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with root + privileges, cause a Denial of Service condition, take ownership of shared + files, or bypass file permissions. Furthermore, a local attacker may be + able to cause a Denial of Service condition or obtain sensitive + information in a Samba credentials file. +
+There is no known workaround at this time.
+All Samba users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.5.15"
+
+
+ PyCrypto is the Python Cryptography Toolkit.
+An error in the generate() function in ElGamal.py causes PyCrypto to + generate weak ElGamal keys. +
+A remote attacker might be able to derive private keys.
+There is no known workaround at this time.
+All PyCrypto users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.6"
+
+ Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
+Multiple vulnerabilities have been discovered in Apache Tomcat. Please + review the CVE identifiers referenced below for details. +
+The vulnerabilities allow an attacker to cause a Denial of Service, to + hijack a session, to bypass authentication, to inject webscript, to + enumerate valid usernames, to read, modify and overwrite arbitrary files, + to bypass intended access restrictions, to delete work-directory files, + to discover the server’s hostname or IP, to bypass read permissions for + files or HTTP headers, to read or write files outside of the intended + working directory, and to obtain sensitive information by reading a log + file. +
+There is no known workaround at this time.
+All Apache Tomcat 6.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"
+
+
+ All Apache Tomcat 7.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
+
+ Apache HTTP Server is one of the most popular web servers on the + Internet. +
+Multiple vulnerabilities have been discovered in Apache HTTP Server. + Please review the CVE identifiers referenced below for details. +
+A remote attacker might obtain sensitive information, gain privileges, + send requests to unintended servers behind proxies, bypass certain + security restrictions, obtain the values of HTTPOnly cookies, or cause a + Denial of Service in various ways. +
+ +A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All Apache HTTP Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1"
+
+
+ The Red Hat Package Manager (RPM) is a command line driven package + management system capable of installing, uninstalling, verifying, + querying, and updating computer software packages. +
+Multiple vulnerabilities have been found in RPM:
+ +A local attacker may be able to gain elevated privileges. Furthermore, a + remote attacker could entice a user to open a specially crafted RPM + package, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All RPM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.9.1.3"
+
+ mini_httpd is a small webserver with optional SSL and IPv6 support.
+mini_httpd does not properly check for shell escapes when parsing HTTP + requests. +
+A remote attacker could send specially crafted HTTP requests, possibly + resulting in execution of arbitrary code with the privileges of the + process, or allowing for overwriting of files. +
+There is no known workaround at this time.
+Gentoo discontinued support for mini_httpd. We recommend that users + unmerge mini_httpd: +
+ +
+ # emerge --unmerge "www-servers/mini_httpd"
+
+ TeX Live is a complete TeX distribution.
+Multiple vulnerabilities have been discovered in texlive-core. Please + review the CVE identifiers referenced below for details. +
+These vulnerabilities might allow user-assisted remote attackers to + execute arbitrary code via a specially-crafted DVI file, or cause a + Denial of Service. +
+There is no known workaround at this time.
+All texlive-core users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/texlive-core-2009-r2"
+
+
+ mount-cifs is the cifs filesystem mount helper split from Samba.
+Multiple vulnerabilities have been discovered in mount-cifs. Please + review the CVE identifiers referenced below for details. +
+The vulnerabilities allow local users to cause a denial of service (mtab + corruption) via a crafted string. Also, local users could mount a CIFS + share on an arbitrary mountpoint, and gain privileges via a symlink + attack on the mountpoint directory file. +
+There is no known workaround at this time.
+Gentoo has discontinued support for mount-cifs. We recommend that users + unmerge mount-cifs: +
+ +
+ # emerge --unmerge "net-fs/mount-cifs"
+
+ sendmail is a widely-used Mail Transport Agent (MTA).
+A vulnerability has been discovered in sendmail. Please review the CVE + identifier referenced below for details. +
+A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using sendmail. +
+There is no known workaround at this time.
+All sendmail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.14.4"
+
+
+ Linux-PAM (Pluggable Authentication Modules) is an architecture allowing + the separation of the development of privilege granting software from the + development of secure and appropriate authentication schemes. +
+Multiple vulnerabilities have been discovered in Linux-PAM. Please + review the CVE identifiers referenced below for details. +
+A local attacker could use specially crafted files to cause a buffer + overflow, possibly resulting in privilege escalation or Denial of + Service. Furthermore, a local attacker could execute specially crafted + programs or symlink attacks, possibly resulting in data loss or + disclosure of sensitive information. +
+There is no known workaround at this time.
+All Linux-PAM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.1.5"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 25, 2011. It is likely that your system is + already no longer affected by this issue. +
+Links is a fast lightweight text and graphic web-browser.
+A SSL verification vulnerability and two unspecified vulnerabilities + have been discovered in Links. Please review the Secunia Advisory + referenced below for details. +
+An attacker might conduct man-in-the-middle attacks. The unspecified + errors could allow for out-of-bounds reads and writes. +
+There is no known workaround at this time.
+All Links users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/links-2.6"
+
+
+ Postfix is Wietse Venema’s mailer that attempts to be fast, easy to + administer, and secure, as an alternative to the widely-used Sendmail + program. +
+A vulnerability have been discovered in Postfix. Please review the CVE + identifier referenced below for details. +
+An attacker could perform a man-in-the-middle attack and inject SMTP + commands during the plaintext to TLS session switch or might execute + arbitrary code. +
+There is no known workaround at this time.
+All Postfix users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
+
+
+ msmtp is an SMTP client and SMTP plugin for mail user agents such as + Mutt. +
+A vulnerability have been discovered in msmtp. Please review the CVE + identifier referenced below for details. +
+A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using msmtp. +
+There is no known workaround at this time.
+All msmtp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/msmtp-1.4.19"
+
+
+ nbd is a userland client/server for kernel network block device.
+Multiple vulnerabilities have been discovered in nbd. Please review the + CVE identifiers referenced below for details. +
+nbd allows remote attackers to cause a denial of service (NULL pointer + dereference and crash) or the execution of arbitrary code. +
+There is no known workaround at this time.
+All nbd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-block/nbd-2.9.22"
+
+
+ logrotate rotates, compresses, and mails system logs.
+Multiple vulnerabilities have been discovered in logrotate. Please + review the CVE identifiers referenced below for details. +
+A local attacker could use this flaw to truncate arbitrary system file, + to change file owner or mode on arbitrary system files, to conduct + symlink attacks and send arbitrary system files, to execute arbitrary + system commands, to cause abort in subsequent logrotate runs, to disclose + sensitive information, to execute arbitrary code or cause a Denial of + Service condition. +
+ +There is no known workaround at this time.
+All logrotate users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/logrotate-3.8.0"
+
+
+ sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +
+An error in sudo may allow unintended IPv4 hosts to be granted access to + commands. +
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.5_p1"
+
+
+ libxml2 is the XML C parser and toolkit developed for the Gnome project.
+The "xmlXPtrEvalXPtrPart()" function in xpointer.c contains an + off-by-one error. +
+A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.8.0_rc1"
+
+ ChaSen is a Japanese morphological analysis system.
+An error in chalib.c of ChaSen could cause a buffer overflow.
+A remote attacker could entice a user to open a specially crafted text + file using ChaSen or an application using the ChaSen libraries, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All ChaSen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/chasen-2.4.4-r2"
+
+
+ The X Window System is a graphical windowing system based on a + client/server model. +
+The "LogVHdrMessageVerb()" function in log.c contains a format string + vulnerability. +
+ +NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X + Server being built with "-D_FORTIFY_SOURCE=2" by default. +
+A local attacker could gain escalated privileges or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All X.Org X Server 1.11.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.11.4-r1"
+
+
+ All X.Org X Server 1.10.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.10.6-r1"
+
+
+ X.Org X Server 1.9.x is not affected.
+pidgin-otr messaging allows you to have private conversations over + instant messaging. +
+A format string vulnerability has been found in the "log_message_cb()" + function in otr-plugin.c. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All pidgin-otr users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-plugins/pidgin-otr-3.2.1"
+
+ JRuby is a Java-based Ruby interpreter implementation.
+JRuby does not properly randomize hash functions to protect against hash + collision attacks. +
+A remote attacker could send a specially crafted input, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All JRuby users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/jruby-1.6.5.1"
+
+ Keepalived is a strong & robust keepalive facility to the Linux + Virtual Server project. +
+The "pidfile_write()" function in pidfile.c in Keepalived writes PID + files with insecure permissions. +
+A local attacker may be able to cause a Denial of Service of arbitrary + processes. +
+There is no known workaround at this time.
+All Keepalived users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/keepalived-1.2.2-r3"
+
+ Gnash is a GNU flash movie player that supports many SWF features.
+Multiple vulnerabilities have been found in Gnash:
+ +A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. Furthermore, a local attacker may be able to obtain + sensitive information. +
+There is no known workaround at this time.
+All Gnash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-plugins/gnash-0.8.10-r2"
+
+ mod_fcgid is a binary-compatible alternative to mod_fastcgi with better + process management. +
+Multiple vulnerabilities have been found in mod_fcgid:
+ +A local attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. + Furthermore, a remote attacker could send specially crafted HTTP + requests, possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All mod_fcgid users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_fcgid-2.3.7"
+
+ CUPS, the Common Unix Printing System, is a full-featured print server.
+Multiple vulnerabilities have been discovered in CUPS. Please review the + CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code using specially + crafted streams, IPP requests or files, or cause a Denial of Service + (daemon crash or hang). A local attacker may be able to gain escalated + privileges or overwrite arbitrary files. Furthermore, a remote attacker + may be able to obtain sensitive information from the CUPS process or + hijack a CUPS administrator authentication request. +
+There is no known workaround at this time.
+All CUPS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 03, 2011. It is likely that your system is + already no longer affected by this issue. +
+socat is a multipurpose bidirectional relay, similar to netcat.
+A vulnerability in the "xioscan_readline()" function in xio-readline.c + could cause a heap-based buffer overflow. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the socat process. +
+There is no known workaround at this time.
+All socat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.2.1"
+
+ Puppet is a system configuration management tool written in Ruby.
+Multiple vulnerabilities have been found in Puppet:
+ +A local attacker with access to agent SSL keys could possibly execute + arbitrary code with the privileges of the process, cause a Denial of + Service condition, or perform symlink attacks to overwrite or read + arbitrary files on the Puppet master. +
+There is no known workaround at this time.
+All Puppet users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.13"
+
+
+ Chromium is an open source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + disclosure of sensitive information, or other unspecified impact. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-21.0.1180.57"
+
+ Gajim is a Jabber and XMPP client written in PyGTK.
+Multiple vulnerabilities have been discovered in Gajim. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted link + using Gajim, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker could use a specially crafted Jabber ID, possibly + resulting in execution of arbitrary SQL statements. +
+ +A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All Gajim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gajim-0.15-r1"
+
+ Config-IniFiles is a Perl module for reading .ini-style configuration + files. +
+The Perl Config-IniFiles module uses predicatable temporary file names.
+A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All users of the Perl Config-IniFiles module should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-perl/Config-IniFiles-2.710.0"
+
+
+ libgdata is a GLib-based library for accessing online service APIs using + the GData protocol. +
+An error in the "_gdata_service_build_session()" function of + gdata-service.c prevents libgdata from properly validating certificates. +
+A remote attacker could perform man-in-the-middle attacks to spoof + arbitrary SSL servers via a crafted certificate. +
+There is no known workaround at this time.
+All libgdata users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgdata-0.8.1-r2"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple unspecified vulnerabilities have been discovered in Adobe Flash + Player. Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open specially crafted SWF + content, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition. Furthermore, + a remote attacker may be able to obtain sensitive information. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.238"
+
+ libTIFF provides support for reading and manipulating TIFF (Tagged Image + File Format) images. +
+Multiple vulnerabilities have been discovered in libTIFF. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF, possibly resulting in + execution of arbitrary code with the privileges of the user running the + application or a Denial of Service condition. +
+There is no known workaround at this time.
+All libTIFF 4.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.2-r1"
+
+
+ All libTIFF 3.9 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.5-r2"
+
+
+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
+Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, obtain sensitive + information, create arbitrary files, conduct directory traversal attacks, + bypass protection mechanisms, or perform further attacks with unspecified + impact. +
+There is no known workaround at this time.
+All PHP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15"
+
+
+ All PHP users on ARM should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5"
+
+
+ BIND is the Berkeley Internet Name Domain Server.
+Multiple vulnerabilities have been discovered in BIND:
+ +A remote attacker may be able to cause a Denial of Service condition or + keep domain names resolvable after it has been deleted from registration. +
+There is no known workaround at this time.
+All BIND users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.1_p3"
+
+ LibreOffice is a full office productivity suite.
+Multiple vulnerabilities have been found in LibreOffice:
+ +A remote attacker could entice a user to open a specially crafted + document file using LibreOffice, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +
+There is no known workaround at this time.
+All LibreOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-3.5.5.3"
+
+
+ All users of the LibreOffice binary package should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-office/libreoffice-bin-3.5.5.3"
+
+ Expat is a set of XML parsing libraries.
+Multiple vulnerabilities have been discovered in Expat. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted XML + file in an application linked against Expat, possibly resulting in a + Denial of Service condition. +
+There is no known workaround at this time.
+All Expat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.1.0_beta3"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+International Components for Unicode (ICU) is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +
+An error in the _canonicalize() function in uloc.cpp could cause a + stack-based buffer overflow. +
+A remote attacker could entice a user to open a specially crafted locale + representation using an application linked against ICU, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All ICU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-49.1.1-r1"
+
+
+ SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP.
+SquidClamav does not properly escape URLs before passing them to the + system command call. +
+A remote attacker could send a specially crafted URL to SquidClamav, + possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All SquidClamav users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squidclamav-6.8"
+
+ Atheme is a portable and secure set of open-source and modular IRC + services. CertFP is certificate fingerprinting used to authenticate users + to nicknames. +
+The “myuser_delete()” function in account.c does not properly remove + CertFP entries when deleting user accounts. +
+A remote authenticated attacker may be able to cause a Denial of Service + condition or gain access to an Atheme IRC Services user account. +
+There is no known workaround at this time.
+All Atheme users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10"
+
+ Calligra is an office suite by KDE.
+An error in the read() function in styles.cpp could cause a heap-based + buffer overflow. +
+A remote attacker could entice a user to open a specially crafted ODF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Calligra users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/calligra-2.4.3-r1"
+
+
+ Opera is a fast web browser that is available free of charge.
+Multiple vulnerabilities have been discovered in Opera. Please review + the CVE identifiers and Opera Release Notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + page using Opera, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. + Furthermore, a remote attacker may be able to trick a user into + downloading and executing files, conduct Cross-Site Scripting (XSS) + attacks, spoof the address bar, or have other unspecified impact. +
+There is no known workaround at this time.
+All Opera users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532"
+
+
+ Libtasn1 is a library used to parse ASN.1 (Abstract Syntax Notation One) + objects, and perform DER (Distinguished Encoding Rules) decoding. +
+Libtasn1 does not properly handle length fields when performing DER + decoding. +
+A remote attacker could entice a user to open a specially crafted + DER-encoded object in an application linked against Libtasn1, possibly + resulting in Denial of Service. +
+There is no known workaround at this time.
+All Libtasn1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-2.12"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+libjpeg-turbo accelerates JPEG compression and decompression.
+A vulnerability in the get_sos() function in jdmarker.c could cause a + heap-based buffer overflow. +
+A remote attacker could entice a user to open a specially crafted JPEG + file in an application linked against libjpeg-turbo, possibly resulting + in the remote execution of arbitrary code with the permissions of the + user running the application, or Denial of Service. +
+There is no known workaround at this time.
+All libjpeg-turbo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-1.2.1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+file is a utility that guesses a file format by scanning binary data for + patterns. +
+Multiple out-of-bounds read errors and invalid pointer dereference + errors have been found in cdf.c. +
+A remote attacker could entice a user to open a specially crafted + Composite Document File (CDF) using file, possibly resulting in a Denial + of Service condition. +
+There is no known workaround at this time.
+All file users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-5.11"
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple vulnerabilities have been found in Asterisk:
+ +A remote, authenticated attacker could execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or bypass + outbound call restrictions. +
+There is no known workaround at this time.
+All Asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.15.1"
+
+ SQLAlchemy is a Python SQL toolkit and Object Relational Mapper.
+SQLAlchemy does not properly sanitize input passed from the “limit” + and “offset” keywords to the select() function before using it in an + SQL query. +
+A remote attacker could exploit this vulnerability to execute arbitrary + SQL statements. +
+There is no known workaround at this time.
+All SQLAlchemy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/sqlalchemy-0.7.4"
+
+ Pidgin is a GTK Instant Messenger client for a variety of instant + messaging protocols. libpurple is the core library for Pidgin. +
+A stack-based buffer overflow vulnerability has been found in the MXit + protocol plug-in for libpurple. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the Pidgin process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Pidgin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.6"
+
+ Postfixadmin is a web-based management tool for Postfix-style virtual + domains and users. +
+Multiple SQL injection vulnerabilities (CVE-2012-0811) and cross-site + scripting vulnerabilities (CVE-2012-0812) have been found in + Postfixadmin. +
+A remote attacker could exploit these vulnerabilities to execute + arbitrary SQL statements or arbitrary HTML and script code. +
+There is no known workaround at this time.
+All Postfixadmin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/postfixadmin-2.3.5"
+
+ The Network UPS Tools (NUT) provide support for power devices.
+An error in the addchar() function in parseconf.c may cause a buffer + overflow. +
+A remote attacker could send a specially crafted string to upsd, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All NUT users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-power/nut-2.6.3"
+
+ mod_rpaf is a reverse proxy add forward module for backend Apache + servers. +
+An error has been found in the way mod_rpaf handles X-Forwarded-For + headers. Please review the CVE identifier referenced below for details. +
+A remote attacker could send a specially crafted HTTP header, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All mod_rpaf users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_rpaf-0.6"
+
+ fastjar is a Java archiver written in C.
+Two directory traversal vulnerabilities have been discovered in fastjar. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted JAR + file, possibly resulting in the creation or truncation of arbitrary + files. +
+There is no known workaround at this time.
+All fastjar users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/fastjar-0.98-r1"
+
+ libgssglue exports a GSSAPI interface which calls other random GSSAPI + libraries. +
+libgssglue does not securely use getenv() when loading a library for a + setuid application. +
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All libgssglue users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libgssglue-0.4"
+
+ GIMP is the GNU Image Manipulation Program.
+Multiple vulnerabilities have been discovered in GIMP. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All GIMP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.6.12-r2"
+
+
+ PostgreSQL is an open source object-relational database management + system. +
+Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could spoof SSL connections. Furthermore, a remote + authenticated attacker could cause a Denial of Service, read and write + arbitrary files, inject SQL commands into dump scripts, or bypass + database restrictions to execute database functions. +
+ +A context-dependent attacker could more easily obtain access via + authentication attempts with an initial substring of the intended + password. +
+There is no known workaround at this time.
+All PostgreSQL 9.1 server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.1.5"
+
+
+ All PostgreSQL 9.0 server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.0.9"
+
+
+ All PostgreSQL 8.4 server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.4.13"
+
+
+ All PostgreSQL 8.3 server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.3.20"
+
+ VMware Player, Server, and Workstation allow emulation of a complete PC + on a PC without the usual performance overhead of most emulators. +
+Multiple vulnerabilities have been discovered in VMware Player, Server, + and Workstation. Please review the CVE identifiers referenced below for + details. +
+Local users may be able to gain escalated privileges, cause a Denial of + Service, or gain sensitive information. +
+ +A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the remote execution of arbitrary code, or a Denial + of Service. Remote attackers also may be able to spoof DNS traffic, read + arbitrary files, or inject arbitrary web script to the VMware Server + Console. +
+ +Furthermore, guest OS users may be able to execute arbitrary code on the + host OS, gain escalated privileges on the guest OS, or cause a Denial of + Service (crash the host OS). +
+There is no known workaround at this time.
+Gentoo discontinued support for VMware Player. We recommend that users + unmerge VMware Player: +
+ +
+ # emerge --unmerge "app-emulation/vmware-player"
+
+
+ NOTE: Users could upgrade to + “>=app-emulation/vmware-player-3.1.5”, however these packages are + not currently stable. +
+ +Gentoo discontinued support for VMware Workstation. We recommend that + users unmerge VMware Workstation: +
+ +
+ # emerge --unmerge "app-emulation/vmware-workstation"
+
+
+ NOTE: Users could upgrade to + “>=app-emulation/vmware-workstation-7.1.5”, however these packages + are not currently stable. +
+ +Gentoo discontinued support for VMware Server. We recommend that users + unmerge VMware Server: +
+ +
+ # emerge --unmerge "app-emulation/vmware-server"
+
+ w3m is a text based WWW browser.
+A SSL spoofing vulnerability has been discovered in w3m. Please review + the CVE identifier referenced below for details. +
+A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using w3m. +
+There is no known workaround at this time.
+All w3m users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/w3m-0.5.2-r4"
+
+
+ MoinMoin is a Python WikiEngine.
+Multiple vulnerabilities have been discovered in MoinMoin. Please review + the CVE identifiers referenced below for details. +
+These vulnerabilities in MoinMoin allow remote users to inject arbitrary + web script or HTML, to obtain sensitive information and to bypass the + textcha protection mechanism. There are several other unknown impacts and + attack vectors. +
+ +There is no known workaround at this time.
+All MoinMoin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.4"
+
+
+ rdesktop is a Remote Desktop Protocol (RDP) Client.
+A vulnerability has been discovered in rdesktop. Please review the CVE + identifier referenced below for details. +
+Remote RDP servers may be able to read or overwrite arbitrary files via + a .. (dot dot) in a pathname. +
+There is no known workaround at this time.
+All rdesktop users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.7.0"
+
+
+ qemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools.
+Multiple vulnerabilities have been discovered in qemu-kvm. Please review + the CVE identifiers referenced below for details. +
+These vulnerabilities allow a remote attacker to cause a Denial of + Service condition on the host server or qemu process, might allow for + arbitrary code execution or a symlink attack when qemu-kvm is in snapshot + mode. +
+There is no known workaround at this time.
+All qemu-kvm users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-kvm-1.1.1-r1"
+
+
+ Bash is the standard GNU Bourne Again SHell.
+Two vulnerabilities have been found in Bash:
+ +A remote attacker could entice a user to open a specially crafted Bash + script, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition of the Bash + executable. +
+ +A local attacker may be able to perform symlink attacks to overwrite + arbitrary files with the privileges of the user running the application + or bypass shell access restrictions. +
+There is no known workaround at this time.
+All Bash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p37"
+
+ Libav is a complete solution to record, convert and stream audio and + video. +
+Multiple vulnerabilities have been discovered in Libav. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted media + file in an application linked against Libav, possibly resulting in + execution of arbitrary code with the privileges of the application or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Libav users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/libav-0.8.3"
+
+ Chromium is an open source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, arbitrary file write, a Denial + of Service condition, Cross-Site Scripting in SSL interstitial and + various Universal Cross-Site Scripting attacks. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-22.0.1229.94"
+
+ MantisBT is a PHP/MySQL/Web based bugtracking system.
+Multiple vulnerabilities have been discovered in MantisBT. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could exploit these vulnerabilities to conduct + directory traversal attacks, disclose the contents of local files, inject + arbitrary web scripts, obtain sensitive information, bypass + authentication and intended access restrictions, or manipulate bugs and + attachments. +
+There is no known workaround at this time.
+All MantisBT users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.2.11"
+
+
+ Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an + open-source email client, both from the Mozilla Project. The SeaMonkey + project is a community effort to deliver production-quality releases of + code derived from the application formerly known as the ‘Mozilla + Application Suite’. XULRunner is a Mozilla runtime package that can be + used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. + NSS is Mozilla’s Network Security Services library that implements PKI + support. IceCat is the GNU version of Firefox. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox, + Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. Furthermore, a remote attacker may be able + to perform Man-in-the-Middle attacks, obtain sensitive information, + bypass restrictions and protection mechanisms, force file downloads, + conduct XML injection attacks, conduct XSS attacks, bypass the Same + Origin Policy, spoof URL’s for phishing attacks, trigger a vertical + scroll, spoof the location bar, spoof an SSL indicator, modify the + browser’s font, conduct clickjacking attacks, or have other unspecified + impact. +
+ +A local attacker could gain escalated privileges, obtain sensitive + information, or replace an arbitrary downloaded file. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
+
+
+ All users of the Mozilla Firefox binary package should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-10.0.11"
+
+
+ All users of the Mozilla Thunderbird binary package should upgrade to + the latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-10.0.11"
+
+
+ All Mozilla SeaMonkey users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
+
+
+ All users of the Mozilla SeaMonkey binary package should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
+
+
+ All NSS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
+
+
+ The “www-client/mozilla-firefox” package has been merged into the + “www-client/firefox” package. To upgrade, please unmerge + “www-client/mozilla-firefox” and then emerge the latest + “www-client/firefox” package: +
+ +
+ # emerge --sync
+ # emerge --unmerge "www-client/mozilla-firefox"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
+
+
+ The “www-client/mozilla-firefox-bin” package has been merged into + the “www-client/firefox-bin” package. To upgrade, please unmerge + “www-client/mozilla-firefox-bin” and then emerge the latest + “www-client/firefox-bin” package: +
+ +
+ # emerge --sync
+ # emerge --unmerge "www-client/mozilla-firefox-bin"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"
+
+
+ The “mail-client/mozilla-thunderbird” package has been merged into + the “mail-client/thunderbird” package. To upgrade, please unmerge + “mail-client/mozilla-thunderbird” and then emerge the latest + “mail-client/thunderbird” package: +
+ +
+ # emerge --sync
+ # emerge --unmerge "mail-client/mozilla-thunderbird"
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-10.0.11"
+
+
+ The “mail-client/mozilla-thunderbird-bin” package has been merged + into the “mail-client/thunderbird-bin” package. To upgrade, please + unmerge “mail-client/mozilla-thunderbird-bin” and then emerge the + latest “mail-client/thunderbird-bin” package: +
+ +
+ # emerge --sync
+ # emerge --unmerge "mail-client/mozilla-thunderbird-bin"
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-10.0.11"
+
+
+ Gentoo discontinued support for GNU IceCat. We recommend that users + unmerge GNU IceCat: +
+ +
+ # emerge --unmerge "www-client/icecat"
+
+
+ Gentoo discontinued support for XULRunner. We recommend that users + unmerge XULRunner: +
+ +
+ # emerge --unmerge "net-libs/xulrunner"
+
+
+ Gentoo discontinued support for the XULRunner binary package. We + recommend that users unmerge XULRunner: +
+ +
+ # emerge --unmerge "net-libs/xulrunner-bin"
+
+ HAProxy is a TCP/HTTP reverse proxy for high availability environments.
+A boundary error in HAProxy could cause a buffer overflow when header + rewriting is enabled and the configuration sets global.tune.bufsize to a + value greater than the default (16384 bytes). +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All HAProxy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-1.4.21"
+
+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
+Multiple vulnerabilities have been discovered in Tor. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service condition or obtain + sensitive information. +
+There is no known workaround at this time.
+All Tor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.3.25"
+
+ dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP + client. +
+A vulnerability has been discovered in dhcpcd. Please review the CVE + identifier referenced below for details. +
+The vulnerability might allow an attacker to execute arbitrary code on + the DHCP client. +
+There is no known workaround at this time.
+All dhcpcd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-5.2.12"
+
+
+ bzip2 is a high-quality data compressor used extensively by Gentoo + Linux. +
+An integer overflow vulnerability has been discovered in bzip2. Please + review the CVE identifier referenced below for details. +
+A remote attacker could entice a user to open a specially crafted + compressed file using bzip2, possibly resulting in execution of arbitrary + code with the privileges of the process, or a Denial of Service + condition. +
+There is no known workaround at this time.
+All bzip2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/bzip2-1.0.6"
+
+ ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.
+Multiple vulnerabilities have been discovered in ISC DHCP. Please review + the CVE identifiers referenced below for details. +
+The vulnerabilities might allow remote attackers to execute arbitrary + code or cause a Denial of Service. +
+There is no known workaround at this time.
+All ISC DHCP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.2.4_p2"
+
+ DokuWiki is a simple to use Wiki aimed at a small company’s + documentation needs. +
+Multiple vulnerabilities have been discovered in DokuWiki. Please review + the CVE identifiers referenced below for details. +
+The vulnerabilities might allow an attacker to disclose local files, to + inject arbitrary web script, or to gain elevated privileges in the + DokuWiki application. +
+There is no known workaround at this time.
+All DokuWiki users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20121013"
+
+ The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic + boards. +
+Two vulnerabilities have been discovered in NVIDIA drivers:
+ +NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660 + permissions being used on the GPU device nodes by default. +
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All NVIDIA driver users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=x11-drivers/nvidia-drivers-304.88"
+
+ HAProxy is a free, very fast and reliable solution offering high + availability, load balancing, and proxying for TCP and HTTP-based + applications. +
+Multiple vulnerabilities have been discovered in HAProxy. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + application or a Denial of Service condition. +
+There is no known workaround at this time.
+All HAProxy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-1.4.24"
+
+ PuTTY is a telnet and SSH client.
+Multiple vulnerabilities have been discovered in PuTTY. Please review + the CVE identifiers referenced below for details. +
+An attacker could entice a user to open connection to specially crafted + SSH server, possibly resulting in execution of arbitrary code with the + privileges of the process or obtain sensitive information. +
+There is no known workaround at this time.
+All PuTTY users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/putty-0.63"
+
+ D-Bus is a message bus system which processes can use to talk to each + other. +
+D-Bus’ _dbus_printf_string_upper_bound() function crashes if it + returns exactly 1024 bytes. +
+A local attacker could provide specially-crafted input to an application + using D-Bus which would cause _dbus_printf_string_upper_bound() to return + 1024 bytes and crash, causing a Denial of Service condition. +
+There is no known workaround at this time.
+All D-Bus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.6.12"
+
+
+ Adobe Reader is a closed-source PDF reader.
+Multiple vulnerabilities have been discovered in Adobe Reader. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted PDF + file, possibly resulting in arbitrary code execution or a Denial of + Service condition. A local attacker could gain privileges via unspecified + vectors. +
+There is no known workaround at this time.
+All Adobe Reader users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
+
+
+ Puppet is a system configuration management tool written in Ruby.
+Multiple vulnerabilities have been discovered in Puppet. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Puppet users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.23"
+
+ Wireshark is a versatile network protocol analyzer.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Wireshark 1.10 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.1"
+
+
+ All Wireshark 1.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.9"
+
+ MySQL is a fast, multi-threaded, multi-user SQL database server.
+Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + application or a Denial of Service condition. +
+There is no known workaround at this time.
+All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"
+
+
+ Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +
+In the GNU C Library (glibc) from version 2.17 onwards, the crypt() + function call can return NULL when the salt violates specifications or + the system is in FIPS-140 mode and a DES or MD5 hashed password is + passed. When Cyrus-SASL’s authentication mechanisms call crypt(), a + NULL may be returned. +
+A remote attacker could trigger this vulnerability to cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All Cyrus-SASL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.26-r3"
+
+ strongSwan is an IPSec implementation for Linux.
+Multiple vulnerabilities have been discovered in strongSwan. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could use ECDSA to authenticate as another user with + an invalid signature. Additionally, a remote attacker could send a + specially crafted request, possibly resulting in a Denial of Service. +
+There is no known workaround at this time.
+All strongSwan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/strongswan-5.1.0"
+
+
+ Xlockmore is just another screensaver application for X.
+A Denial of Service flaw was found in the way Xlockmore performed + the passing of arguments to the underlying localtime() call, when the + ‘dlock’ mode was used. +
+A local attacker could possibly cause a Denial of Service condition and + potentially obtain unauthorized access to the graphical session, + previously locked by another user. +
+There is no known workaround at this time.
+All Xlockmore users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/xlockmore-5.43"
+
+
+ Snack is a sound toolkit for creating multi-platform audio applications + with scripting languages. +
+The GetWavHeader() function in jkSoundFile.c does not have boundary + checks when parsing format sub-chunks or unknown sub-chunks. +
+A remote attacker could entice a user to open a specially crafted WAV + file with an application using Snack, possibly resulting in execution of + arbitrary code or a Denial of Service condition. +
+There is no known workaround at this time.
+All Snack users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-tcltk/snack-2.2.10-r5"
+
+
+ pip is a tool for installing and managing Python packages.
+Multiple vulnerabilities have been discovered in pip. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could conduct a Man-in-the-Middle attack to cause pip + to execute arbitrary code. A local attacker could perform symlink attacks + to overwrite arbitrary files with the privileges of the user running the + application. +
+There is no known workaround at this time.
+All pip users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pip-1.3.1"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple unspecified vulnerabilities have been discovered in Adobe Flash + Player. Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open specially crafted SWF + content, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker may be able to bypass access restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.310"
+
+ libotr is a portable off-the-record messaging library.
+Multiple heap-based buffer overflows are present in the Base64 decoder + of libotr. +
+A remote attacker could send a specially crafted OTR message, resulting + in arbitrary code execution with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All libotr users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libotr-3.2.1"
+
+
+ FileZilla is an open source FTP client.
+Multiple vulnerabilities have been discovered in FileZilla. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to connect to a malicious server, + resulting in possible arbitrary code execution or a Denial of Service. + Additionally, a local attacker could read sensitive memory, potentially + resulting in password disclosure. +
+There is no known workaround at this time.
+All FileZilla users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/filezilla-3.7.3"
+
+
+ LibRaw is a library for reading RAW files obtained from digital photo + cameras. libkdcraw is a wrapper for LibRaw within KDE. +
+Multiple vulnerabilities have been discovered in LibRaw and libkdcraw. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted file, + possibly resulting in arbitrary code execution or Denial of Service. +
+There is no known workaround at this time.
+All LibRaw users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.15.4"
+
+
+ All libkdcraw users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/libkdcraw-4.10.5-r1"
+
+
+ Adobe Reader is a closed-source PDF reader.
+An unspecified vulnerability exists in Adobe Reader.
+An attacker could execute arbitrary code or cause a Denial of Service + condition. +
+There is no known workaround at this time.
+All Adobe Reader users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
+
+
+ Subversion is a versioning system designed to be a replacement for CVS.
+Multiple vulnerabilities have been discovered in Subversion. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service condition or obtain + sensitive information. A local attacker could escalate his privileges to + the user running svnserve. +
+There is no known workaround at this time.
+All Subversion users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13"
+
+ Apache HTTP Server is one of the most popular web servers on the + Internet. +
+Multiple vulnerabilities have been found in Apache HTTP Server. Please + review the CVE identifiers and research paper referenced below for + details. +
+A remote attacker could send a specially crafted request to possibly + execute arbitrary code, cause Denial of Service, or obtain sensitive + information. +
+There is no known workaround at this time.
+All Apache HTTP Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.25"
+
+ GNU ZRTP is a C++ implementation of the ZRTP protocol.
+Multiple vulnerabilities have been discovered in GNU ZRTP. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +
+There is no known workaround at this time.
+All GNU ZRTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libzrtpcpp-2.3.4"
+
+ MoinMoin is a Python WikiEngine.
+Multiple vulnerabilities have been discovered in MoinMoin. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code with the + privileges of the process, overwrite arbitrary files, or conduct + Cross-Site Scripting (XSS) attacks. +
+There is no known workaround at this time.
+All MoinMoin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.6"
+
+ ProFTPD is an advanced and very configurable FTP server.
+Multiple vulnerabilities have been discovered in ProFTPD. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process, perform man-in-the-middle attacks to spoof + arbitrary SSL servers, cause a Denial of Service condition, or read and + modify arbitrary files. +
+There is no known workaround at this time.
+All ProFTPD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d"
+
+ Chromium is an open-source web browser project. V8 is Google’s open + source JavaScript engine. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. Furthermore, a remote attacker + may be able to bypass security restrictions or have other, unspecified, + impact. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-29.0.1457.57"
+
+
+ All V8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"
+
+ Monkey HTTP Daemon is a lightweight and powerful web server for + GNU/Linux. +
+Multiple vulnerabilities have been discovered in Monkey HTTP Daemon. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted request, resulting in + possible arbitrary code execution or a Denial of Service condition. +
+There is no known workaround at this time.
+All Monkey HTTP Daemon users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/monkeyd-1.2.2"
+
+ libvirt is a C toolkit for manipulating virtual machines.
+An error in the virNetMessageFree() function in rpc/virnetserverclient.c + can lead to a use-after-free. Additionally, a socket leak in the + remoteDispatchStoragePoolListAllVolumes command can lead to file + descriptor exhaustion. +
+A remote attacker could cause certain errors during an RPC connection to + cause a message to be freed without being removed from the message queue, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. Additionally, a remote attacker could repeatedly issue the + command to list all pool volumes, causing a Denial of Service condition. +
+There is no known workaround at this time.
+All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/libvirt-1.0.5.1-r3"
+
+
+ TPP is an ncurses-based text presentation tool.
+TPP templates may contain a --exec clause, the contents of which are + automatically executed without confirmation from the user. +
+A remote attacker could entice a user to open a specially crafted file + using TPP, possibly resulting in execution of arbitrary code with the + privileges of the user. +
+There is no known workaround at this time.
+All TPP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/tpp-1.3.1-r2"
+
+
+ Dropbear is an SSH server and client designed with a small memory + footprint. +
+Multiple vulnerabilities have been discovered in Dropbear. Please review + the CVE identifier and Gentoo bug referenced below for details. +
+A remote attacker could send a specially crafted request to trigger a + use-after-free condition, possibly resulting in arbitrary code execution + or a Denial of Service condition. Additionally, the bundled version of + libtommath has an error in its prime number generation, which could + result in the generation of weak keys. +
+There is no known workaround at this time.
+All Dropbear users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dropbear-2012.55"
+
+
+ klibc is a minimalistic libc used for making an initramfs.
+The ipconfig utility in klibc writes DHCP options to + /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to + get defined variables. The options written to this file are not properly + escaped. +
+A remote attacker could send a specially crafted DHCP reply, which could + execute arbitrary shell code with the privileges of any process which + sources DHCP options. +
+There is no known workaround at this time.
+All klibc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/klibc-1.5.25"
+
+
+ Squid is a full-featured web proxy cache.
+Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to bypass ACL restrictions or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All Squid users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.2.13"
+
+ Mozilla Firefox is an open-source web browser and Mozilla Thunderbird + an open-source email client, both from the Mozilla Project. The + SeaMonkey project is a community effort to deliver production-quality + releases of code derived from the application formerly known as the + ‘Mozilla Application Suite’. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox, + Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced + below for details. +
+A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. Further, a remote attacker could conduct XSS + attacks, spoof URLs, bypass address space layout randomization, conduct + clickjacking attacks, obtain potentially sensitive information, bypass + access restrictions, modify the local filesystem, or conduct other + unspecified attacks. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"
+
+
+ All users of the Mozilla Firefox binary package should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"
+
+
+ All users of the Mozilla Thunderbird binary package should upgrade to + the latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-17.0.9"
+
+
+ All SeaMonkey users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"
+
+
+ All users of the Mozilla SeaMonkey binary package should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +
+Guest domains could possibly gain privileges, execute arbitrary code, or + cause a Denial of Service on the host domain (Dom0). Additionally, guest + domains could gain information about other virtual machines running on + the same host or read arbitrary files on the host. +
+The CVEs listed below do not currently have fixes, but only apply to Xen + setups which have “tmem” specified on the hypervisor command line. + TMEM is not currently supported for use in production systems, and + administrators using tmem should disable it. + Relevant CVEs: + * CVE-2012-2497 + * CVE-2012-6030 + * CVE-2012-6031 + * CVE-2012-6032 + * CVE-2012-6033 + * CVE-2012-6034 + * CVE-2012-6035 + * CVE-2012-6036 +
+All Xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.2-r1"
+
+
+ All Xen-tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/xen-tools-4.2.2-r3"
+
+
+ All Xen-pvgrub users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/xen-pvgrub-4.2.2-r1"
+
+
+ The Perl Module::Signature module adds signing capabilities to CPAN + modules. +
+The ‘cpansign verify’ command will automatically download keys and + use them to check the signature of CPAN packages via the SIGNATURE file. + If an attacker were to replace this (SHA1) with a special unknown cipher + (e.g. ‘Special’) and were to include in the distribution a + ‘Digest/Special.pm’, the code in this Perl module would be executed + when ‘cpansign -verify’ is run. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All users of the Module-Signature Perl module should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-perl/Module-Signature-0.720.0"
+
+
+ isync is an IMAP and MailDir mailbox synchronizer.
+isync does not properly verify the server’s hostname against the CN + field in the SSL certificate. +
+A remote server could perform man-in-the-middle attacks to disclose + passwords or obtain other sensitive information. +
+There is no known workaround at this time.
+All isync users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/isync-1.0.6"
+
+ Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +
+Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted PDF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Poppler users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.22.2-r1"
+
+ nginx is a robust, small, and high performance HTTP and reverse proxy + server. +
+Multiple vulnerabilities have been discovered in nginx. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. Furthermore, a + context-dependent attacker may be able to obtain sensitive information. +
+There is no known workaround at this time.
+All nginx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
+
+ GEGL is a graph-based image processing framework.
+Multiple integer overflows in GEGL may cause a heap-based buffer + overflow. +
+A remote attacker could entice a user to open a specially crafted PPM + image using an application linked against GEGL, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All gegl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gegl-0.2.0-r2"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can + recover keys once enough data packets have been captured. +
+A buffer overflow vulnerability has been discovered in Aircrack-ng.
+A remote attacker could entice a user to open a specially crafted dump + file using Aircrack-ng, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Aircrack-ng users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/aircrack-ng-1.1-r2"
+
+ OpenJPEG is an open-source JPEG 2000 library.
+OpenJPEG contains an invalid free error and multiple buffer overflow + flaws. Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted JPEG + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. +
+There is no known workaround at this time.
+All OpenJPEG users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-1.5.1"
+
+ Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and + BGP. +
+Multiple vulnerabilities have been discovered in Quagga. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause arbitrary code execution or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Quagga users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4"
+
+ Setuptools is a manager for Python packages.
+Setuptools does not check the integrity of downloaded Python packages.
+A remote attacker could perform man-in-the-middle attacks to execute + arbitrary code with the privileges of the process. +
+There is no known workaround at this time.
+All Setuptools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/setuptools-0.8-r1"
+
+ PolarSSL is a cryptographic library for embedded systems.
+Multiple vulnerabilities have been discovered in PolarSSL. Please review + the CVE identifiers referenced below for details. +
+A remote attacker might be able to cause Denial of Service, conduct a + man-in-the middle attack, compromise an encrypted communication channel, + or obtain sensitive information. +
+There is no known workaround at this time.
+All PolarSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/polarssl-1.3.0"
+
+ Parallel-ForkManager is a simple parallel processing fork manager for + Perl. +
+The Perl Parallel-ForkManager module does not handle temporary files + securely. +
+A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All Parallel-ForkManager users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-perl/Parallel-ForkManager-1.20.0"
+
+ FFmpeg is a complete solution to record, convert and stream audio and + video. +
+Multiple vulnerabilities have been discovered in FFmpeg. Please review + the CVE identifiers and FFmpeg changelogs referenced below for details. +
+A remote attacker could entice a user to open a specially crafted media + file, possibly leading to the execution of arbitrary code with the + privileges of the user running the application or a Denial of Service. +
+There is no known workaround at this time.
+All FFmpeg users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"
+
+
+ MPlayer is a media player including support for a wide range of audio + and video formats. +
+Multiple vulnerabilities have been discovered in MPlayer and the bundled + FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced + below for details. +
+A remote attacker could entice a user to open a crafted media file to + execute arbitrary code or cause a Denial of Service. +
+There is no known workaround at this time.
+All MPlayer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.1-r1"
+
+ GNU Troff (Groff) is a text formatter used for man pages.
+Multiple vulnerabilities have been discovered in Groff. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could perform symlink attacks to overwrite + arbitrary files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All Groff users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2"
+
+ GNU Automake is a tool for automatically generating Makefile.in files + compliant with the GNU Coding Standards. +
+Multiple vulnerabilities have been discovered in GNU Automake. Please + review the CVE identifiers referenced below for details. +
+A local attacker could execute arbitrary commands with the privileges of + the user running an Automake-based build. +
+There is no known workaround at this time.
+All Automake users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6"
+
+ TPTEST is a tool to measure the speed of a user’s Internet connection.
+The GetStatsFromLine() function in TPTEST is vulnerable to buffer + overflows from STATS lines with long email and pwd fields. +
+A remote attacker could send a specially-crafted STATS line, possibly + resulting in arbitrary code execution or a Denial of Service condition. +
+There is no known workaround at this time.
+All TPTEST users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tptest-3.1.7-r2"
+
+
+ pmake is Debian’s version of NetBSD’s make, a tool to build programs + in parallel. +
+/usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary + files insecurely, with predictable names (/tmp/_depend[PID]), and + without using $TMPDIR. +
+The make include files allow local users to overwrite arbitrary files + via a symlink attack. +
+There is no known workaround at this time.
+All pmake users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/pmake-1.111.3.1"
+
+
+ GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +
+Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers and Lucky Thirteen research paper referenced below + for details. +
+A remote attacker could sent a specially crafted packet to cause a + Denial of Service condition. Additionally, a remote attacker could + perform man-in-the-middle attacks to recover plaintext data. +
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.12.23-r1"
+
+
+ X2Go is an open source terminal server project.
+A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not + hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote + attacker to change that path. +
+A remote attacker may be able to execute arbitrary code with the + privileges of the user running the server process. +
+There is no known workaround at this time.
+All X2Go Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/x2goserver-4.0.0.2"
+
+
+ acpid2 is a daemon for Advanced Configuration and Power Interface.
+acpid2 does not properly use the pidof program in powerbtn.sh.
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All acpid2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-power/acpid-2.0.17"
+
+ The MediaWiki wiki web application as used on wikipedia.org.
+Multiple vulnerabilities have been discovered in MediaWiki. Please + review the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code, perform + man-in-the-middle attacks, obtain sensitive information or perform + cross-site scripting attacks. +
+There is no known workaround at this time.
+All MediaWiki 1.21.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.21.2"
+
+
+ All MediaWiki 1.20.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.20.7"
+
+
+ All MediaWiki 1.19.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.8"
+
+ Mednafen is an advanced NES, GB/GBC/GBA, TurboGrafx 16/CD, NGPC and Lynx + emulator. +
+An unspecified vulnerability has been discovered in Mednafen when using + network play. +
+A remote server could execute arbitrary code with the privileges of the + process. +
+There is no known workaround at this time.
+All Mednafen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-emulation/mednafen-0.8.13"
+
+ phpMyAdmin is a web-based management tool for MySQL databases.
+Multiple vulnerabilities have been discovered in phpMyAdmin. Please + review the CVE identifiers referenced below for details. +
+A remote authenticated attacker could exploit these vulnerabilities to + execute arbitrary code with the privileges of the process running + phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and + Clickjacking attacks. +
+There is no known workaround at this time.
+All phpMyAdmin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.5"
+
+
+ Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7 + connectivity. +
+Two vulnerabilities have been found in Quassel:
+ +A remote attacker could send multiple CTCP requests in single private + message, possibly resulting in a Denial of Service condition. Futhermore, + a remote attacker may be able to execute arbitrary SQL statements. +
+There is no known workaround at this time.
+All Quassel users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/quassel-0.9.1"
+
+ Paul Vixie’s cron daemon, a fully featured crond implementation.
+Vixie cron contains a race condition relating to atime and mtime values + of temporary files. +
+A local attacker could change the modification time of files, possibly + resulting in a Denial of Service condition via a symlink attack. +
+There is no known workaround at this time.
+All Vixie cron users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r14"
+
+
+ GIMP is the GNU Image Manipulation Program.
+Multiple vulnerabilities have been discovered in GIMP. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted KiSS + palette, GIF image or XWD file using GIMP, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All GIMP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.8.2-r1"
+
+ libxml2 is the XML C parser and toolkit developed for the Gnome project.
+Multiple vulnerabilities have been discovered in libxml2. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted + document with an application linked against libxml2, possibly resulting + in execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1"
+
+ Blender is a 3D Creation/Animation/Publishing System.
+Multiple vulnerabilities have been discovered in Blender. Please review + the CVE identifier referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Blender users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.49b-r2"
+
+
+ Netpbm is a toolkit for manipulation of graphic images, including + conversion of images between a variety of different formats. +
+A stack-based buffer overflow exists in converter/ppm/xpmtoppm.c in + Netpbm. +
+A remote attacker could entice a user to open a specially crafted XMP + file using Netpbm, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All Netpbm users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/netpbm-10.49.00"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+FreeRADIUS is an open source RADIUS authentication server.
+Multiple vulnerabilities have been discovered in FreeRADIUS. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All FreeRADIUS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-2.2.0"
+
+ GraphicsMagick is the Swiss army knife of image processing.
+Multiple vulnerabilities have been discovered in GraphicsMagick. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially-crafted image + file, potentially resulting in arbitrary code execution or a Denial of + Service condition. +
+There is no known workaround at this time.
+All GraphicsMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.18"
+
+
+ CTorrent is a BitTorrent client implemented in C++ to be lightweight and + quick. +
+CTorrent contains a stack-based buffer overflow in the + btFiles::BuildFromMI function in trunk/btfiles.cpp. +
+A remote attacker could entice a user to open a specially crafted + torrent file using CTorrent, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All CTorrent users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/ctorrent-3.3.2-r1"
+
+
+ Open DC Hub is the hub software for the Direct Connect file sharing + network. +
+A stack-based buffer overflow flaw has been discovered in the way Open + DC Hub sanitized content of a user’s MyINFO message. +
+A remote authenticated user may be able to execute arbitrary code or + cause a Denial of Service condition via specially crafted MyINFO message. +
+There is no known workaround at this time.
+All Open DC Hub users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.8.2"
+
+
+ OpenVPN is a multi-platform, full-featured SSL VPN solution.
+Multiple vulnerabilities have been discovered in OpenVPN. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to recover plaintext from an encrypted + communication. Another vulnerability could allow remote attacker perform + a Man-in-the-Middle attack. +
+There is no known workaround at this time.
+All OpenVPN users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.3.1"
+
+
+ The Qt toolkit is a comprehensive C++ application development framework.
+Multiple vulnerabilities have been discovered in QtCore and QtGui. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted file + with an application linked against QtCore or QtGui, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. Furthermore, a remote attacker might employ + a specially crafted certificate to conduct man-in-the-middle attacks on + SSL connections. +
+There is no known workaround at this time.
+All QtCore users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.4-r2"
+
+
+ All QtGui users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.4-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Zabbix is software for monitoring applications, networks, and servers.
+Multiple vulnerabilities have been discovered in Zabbix. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary SQL statements, cause + a Denial of Service condition, or obtain sensitive information. +
+There is no known workaround at this time.
+All Zabbix users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-analyzer/zabbix-2.0.9_rc1-r2"
+
+ fcron is a periodic command scheduler for Unix-based systems
+The fcrontab function contains a race condition relating to symlinks.
+A local attacker could perform symlink attacks to read arbitrary files + with the privileges of the user running the application. +
+There is no known workaround at this time.
+All fcron users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/fcron-3.0.5-r2"
+
+
+ Perl is Larry Wall’s Practical Extraction and Report Language.
+Multiple vulnerabilities have been discovered in Perl. Please review the + CVE identifiers referenced below for details. +
+A local attacker could cause a Denial of Service condition or perform + symlink attacks to overwrite arbitrary files with the privileges of the + user running the application. A context-dependent attacker could cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All Perl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.12.3-r1"
+
+
+ Unbound is a validating, recursive, and caching DNS resolver.
+Multiple vulnerabilities have been discovered in Unbound. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition via + a specially crafted response. +
+There is no known workaround at this time.
+All Unbound users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.4.13_p2"
+
+
+ rssh is a restricted shell, allowing only a few commands like scp or + sftp. It is often used as a complement to OpenSSH to provide limited + access to users. +
+Multiple command line parsing and validation vulnerabilities have been + discovered in rssh. Please review the CVE identifiers referenced below + for details. +
+Multiple parsing and validation vulnerabilities can cause the + restrictions set up by rssh to be bypassed. +
+There is no known workaround at this time.
+All rssh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.4"
+
+
+ Okular is a universal document viewer based on KPDF for KDE 4.
+Okular contains a heap-based buffer overflow in the RLE decompression + functionality in the TranscribePalmImageToJPEG function in + generators/plucker/inplug/image.cpp. +
+A remote attacker could entice a user to open a specially crafted PBD + file using Okular, possibly resulting in execution of arbitrary code with + the privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All Okular users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/okular-4.4.5-r2"
+
+
+ GNU cpio copies files into or out of a cpio or tar archive.
+Cpio contains a heap-based buffer overflow in the rmt_read__ function in + lib/rtapelib.c. +
+A remote server could sending more data than was requested, related to + archive filenames that contain a : (colon) character, possibly resulting + in execution of arbitrary code or a Denial of Service condition. +
+There is no known workaround at this time.
+All cpio users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.11"
+
+
+ Namazu is a full-text search engine intended for easy use.
+Multiple vulnerabilities have been discovered in Namazu. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code or cause a Denial of + Service condition. + Furthermore, a remote attacker may be able to inject arbitrary web script + or HTML via a cookie. +
+There is no known workaround at this time.
+All Namazu users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/namazu-2.0.21"
+
+
+ The GNU C library is the standard C library used by Gentoo Linux + systems. +
+Multiple vulnerabilities have been discovered in GNU C Library. Please + review the CVE identifiers referenced below for details. +
+A local attacker could trigger vulnerabilities in dynamic library + loader, making it possible to load attacker-controlled shared objects + during execution of setuid/setgid programs to escalate privileges. +
+ +A context-dependent attacker could trigger various vulnerabilities in + GNU C Library, including a buffer overflow, leading to execution of + arbitrary code or a Denial of Service. +
+There is no known workaround at this time.
+All GNU C Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.15-r3"
+
+ BusyBox is set of tools for embedded systems and is a replacement for + GNU Coreutils. +
+Multiple vulnerabilities have been discovered in BusyBox. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted DHCP request to + possibly execute arbitrary code or cause Denial of Service. +
+There is no known workaround at this time.
+All BusyBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.21.0"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +
+Remote attackers can determine private keys, decrypt data, cause a + Denial of Service or possibly have other unspecified impact. +
+There is no known workaround at this time.
+All OpenSSL 1.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0j"
+
+
+ All OpenSSL 0.9.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8y"
+
+ libtheora is the reference implementation of Theora, a free and open + video compression format from the Xiph.org Foundation. +
+An integer overflow flaw has been discovered in libtheora.
+A remote attacker could execute arbitrary code or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All libtheora users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libtheora-1.1.1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+SWI-Prolog is a free, small, and standard compliant Prolog compiler.
+Multiple vulnerabilities have been discovered in SWI-Prolog: + * An error in the canoniseFileName() function could cause a stack-based + buffer overflow (CVE-2012-6089). + * An error in the expand() function could cause a stack-based buffer + overflow (CVE-2012-6090). +
+A context-dependent attack can create files with specially crafted + names, causing arbitrary code execution or a denial of service condition. +
+There is no known workaround at this time.
+All SWI-Prolog users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/swi-prolog-6.2.5"
+
+ Festival is a Text to Speech Engine from The Centre for Speech + Technology Research. +
+A vulnerability in Festival Server has an incorrect path in + LD_LIBRARY_PATH, which allows local users to place a Trojan horse shared + library in the current working directory. +
+A local attacker can execute arbitrary a Trojan horse shared library, + potentially resulting in arbitrary code execution and privilege + escalation. +
+There is no known workaround at this time.
+All Festival users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-accessibility/festival-2.1"
+
+ OpenEXR is a high dynamic-range (HDR) image file format developed by + Industrial Light & Magic for use in computer imaging applications. +
+Multiple vulnerabilities have been discovered in OpenEXR. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could execute arbitrary code or cause a + Denial of Service condition via unspecified vectors. +
+There is no known workaround at this time.
+All OpenEXR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openexr-1.7.0"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+ +NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since December 08, 2010. It is likely that your system is + already no longer affected by this issue. +
+WebP is a lossy image compression format.
+An integer overflow flaw has been found in WebP.
+A remote attacker could entice a user to open a specially crafted image + in an application linked against WebP, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +
+There is no known workaround at this time.
+All WebP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libwebp-0.2.1"
+
+ cabextract is free software for extracting Microsoft cabinet files.
+Multiple vulnerabilities have been discovered in cabextract. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially-crafted + archive in a .cab file, related to the libmspack library, potentially + resulting in arbitrary code execution or a Denial of Service condition. +
+There is no known workaround at this time.
+All cabextract users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/cabextract-1.3"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 03, 2010. It is likely that your system is already + no longer affected by this issue. +
+libsmi is a library that allows management applications to access SMI + MIB module definitions. +
+libsmi contains a buffer overflow vulnerability in the smiGetNode() + function in lib/smi.c. +
+A context-dependent attacker could possibly execute arbitrary code by + way of a specially crafted Object Identifier (OID). +
+There is no known workaround at this time.
+All libsmi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libsmi-0.4.8-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+ +NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 30, 2010. It is likely that your system is + already no longer affected by this issue. +
+Win32 Codecs is a set of Windows audio and video playback codecs.
+A heap-based buffer overflow exists when handling Shockwave Flash files.
+A remote attacker could entice a user to open a specially crafted Flash + file using a package linked against Win32 Codecs, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+Gentoo has discontinued support for Win32 Codecs. We recommend that + users unmerge Win32 Codecs: +
+ +
+ # emerge --unmerge "media-libs/win32codecs"
+
+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +
+Multiple vulnerabilities have been discovered in the Key Distribution + Center in MIT Kerberos 5. Please review the CVE identifiers referenced + below for details. +
+A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. Additionally, a remote attacker + could impersonate a kadmind server and send a specially crafted packet to + the password change port, which can result in a ping-pong condition and a + Denial of Service condition. +
+There is no known workaround at this time.
+All MIT Kerberos 5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.11.4"
+
+ Wireshark is a versatile network protocol analyzer.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Wireshark 1.10 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.3"
+
+
+ All Wireshark 1.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.11"
+
+ Libsndfile is a C library for reading and writing files containing + sampled sound through one standard library interface. +
+An integer overflow flaw has been discovered in Libsndfile.
+A remote attacker could entice a user to open a specially crafted PAF + file using libsndfile, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All libsndfile users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.25"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+ +NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 12, 2011. It is likely that your system is + already no longer affected by this issue. +
+Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating + systems. +
+A vulnerability has been discovered in the way how Tinyproxy works with + headers. +
+A remote attacker could send a specially crafted request with too many + headers, possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Tinyproxy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.8.3-r3"
+
+
+ Xfig is an interactive drawing tool.
+Xfig contains a buffer overflow vulnerability in processing certain FIG + images. +
+A remote attacker could entice a user to open a specially-crafted file, + potentially resulting in arbitrary code execution or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Xfig users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xfig-3.2.5b-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 09, 2011. It is likely that your system is + already no longer affected by this issue. +
+Libgdiplus is the Mono library that provide a GDI+ comptible API on + non-Windows operating systems. +
+An integer overflow flaw has been discovered in Libgdiplus.
+A remote attacker could entice a user to open a specially-crafted + TIFF/JPEG/BMP file, potentially resulting in arbitrary code execution. +
+There is no known workaround at this time.
+All Libgdiplus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-dotnet/libgdiplus-2.6.7-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+ +NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 12, 2010. It is likely that your system is + already no longer affected by this issue. +
+Gajim is a Jabber/XMPP client which uses GTK+.
+The _ssl_verify_callback() function in tls_nb.py does not properly + validate SSL certificates, causing any certificate to be accepted as + valid as long as the root CA is valid. +
+A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections and potentially + disclose sensitive information. +
+There is no known workaround at this time.
+All Gajim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gajim-0.15.3-r1"
+
+
+ Nagstamon is a Nagios status monitor application.
+Nagstamon’s automatic request to check for updates includes plaintext + username and password information for one of the monitor servers that the + Nagstamon instance connects to. +
+A remote attacker could eavesdrop on this request and gain user + credentials for a monitor server. +
+There is no known workaround at this time.
+All Nagstamon users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-analyzer/nagstamon-0.9.11_rc1"
+
+
+ Python is an interpreted, interactive, object-oriented programming + language. +
+Multiple vulnerabilities have been discovered in Python. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition or + perform a man-in-the-middle attack to disclose sensitive information. +
+There is no known workaround at this time.
+All Python 3.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.2-r1"
+
+
+ All Python 3.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.2.5-r1"
+
+
+ All Python 2.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.6.8"
+
+
+ All Python 2.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.3-r1"
+
+ ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.
+ISC DHCP is vulnerable to a memory exhaustion attack involving regular + expressions sent by DHCP clients. +
+A remote attacker could send a specially crafted request from a + malicious or spoofed client, potentially leading to a Denial of Service + condition. +
+There is no known workaround at this time.
+All ISC DHCP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.2.5_p1"
+
+
+ Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +
+Git contains a stack-based buffer overflow in the is_git_directory + function in setup.c. +
+A local attacker could gain escalated privileges via a specially crafted + git repository. +
+There is no known workaround at this time.
+All Git users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.7.2.2"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 11, 2010. It is likely that your system is + already no longer affected by this issue. +
+ +libxslt is the XSLT C library developed for the GNOME project. XSLT is + an XML language to define transformations for XML. +
+Multiple vulnerabilities have been found in libxslt:
+ +A remote attacker could entice a user to process a specially crafted + file in an application linked against libxslt, possibly resulting in a + Denial of Service condition. +
+There is no known workaround at this time.
+All libxslt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.28"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+NTP is a protocol designed to synchronize the clocks of computers over a + network. The net-misc/ntp package contains the official reference + implementation by the NTP Project. +
+ntpd is susceptible to a reflected Denial of Service attack. Please + review the CVE identifiers and references below for details. +
+An unauthenticated remote attacker may conduct a distributed reflective + Denial of Service attack on another user via a vulnerable NTP server. +
+We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10 + and added “noquery” to the default restriction which disallows anyone + to query the ntpd status, including “monlist”. +
+ +If you use a non-default configuration, and provide a ntp service to + untrusted networks, we highly recommend you to revise your configuration + to disable mode 6 and 7 queries for any untrusted (public) network. +
+ +You can always enable these queries for specific trusted networks. For + more details please see the “Access Control Support” chapter in the + ntp.conf(5) man page. +
+All NTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.6_p5-r10"
+
+
+ Note that the updated package contains a modified default configuration + only. You may need to modify your configuration further. +
+Openswan is an implementation of IPsec for Linux.
+A buffer overflow flaw has been discovered in Openswan when using + Opportunistic Encryption. +
+A remote attacker could send a specially crafted DNS TXT record, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Openswan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.6.39"
+
+ libexif is a library for parsing, editing and saving Exif metadata from + images. exif is a small command line interface for libexif. +
+Multiple vulnerabilities have been discovered in libexif and exif. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted image + file using exif or an application linked against libexif, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All libexif users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.21"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these + packages. +
+ +All exif users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/exif-0.6.21"
+
+ Perl is Larry Wall’s Practical Extraction and Report Language. + Locale::Maketext is a Perl module - framework for localization. +
+Multiple vulnerabilities have been discovered in Perl and + Locale::Maketext Perl module. Please review the CVE identifiers + referenced below for details. +
+A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Perl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.16.3"
+
+
+ All Locale::Maketext users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=perl-core/locale-maketext-1.230.0"
+
+ GNUstep Base library is a free software package implementing the API of + the OpenStep Foundation Kit (tm), including later additions. +
+Multiple vulnerabilities have been discovered in GNUstep Base library. + Please review the CVE identifiers referenced below for details. +
+A context-dependent attacker could possibly execute arbitrary code. A + local attacker could possibly read arbitrary files. +
+There is no known workaround at this time.
+All GNUstep Base library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=gnustep-base/gnustep-base-1.20.1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+ +NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 13, 2010. It is likely that your system is already + no longer affected by this issue. +
+VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in Virtualbox. Please + review the CVE identifiers referenced below for details. +
+A local attacker in a guest virtual machine may be able to escalate + privileges or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All virtualbox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.2.22"
+
+
+ All virtualbox-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/virtualbox-bin-4.2.22"
+
+
+ cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +
+Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could entice a user or automated process to connect to + a malicious server using cURL, possibly resulting in the remote execution + of arbitrary code or a Denial of Service condition. +
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.34.0-r1"
+
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, or obtain sensitive + information. +
+There is no known workaround at this time.
+All Asterisk 11.* users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.7.0"
+
+
+ All Asterisk 1.8.* users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.25.0"
+
+
+ CCID is a generic USB Chip/Smart Card Interface Devices driver.
+CCID contains an integer overflow vulnerability in ccid_serial.c.
+A physically proximate attacker could execute arbitrary code via a smart + card with a specially crafted + serial number. +
+There is no known workaround at this time.
+All CCID users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/ccid-1.4.1-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 21, 2011. It is likely that your system is + already no longer affected by this issue. +
+PCSC-Lite is a PC/SC Architecture smartcard middleware library.
+PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr + function in the + Answer-to-Reset Handler (atrhandler.c). +
+A physically proximate attacker could execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All PCSC-Lite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/pcsc-lite-1.6.6"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 10, 2011. It is likely that your system is + already no longer affected by this issue. +
+ +OpenSC is a tools and libraries for smart cards.
+Multiple stack-based buffer overflow errors have been discovered in + OpenSC. +
+A physically proximate attacker could possibly execute arbitrary code + using a specially crafted smart card. +
+There is no known workaround at this time.
+All OpenSC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.13-r2"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+GMime is a C/C++ library which may be used for the creation and parsing + of messages using the Multipurpose Internet Mail Extension (MIME). +
+GMime contains a buffer overflow flaw in the GMIME_UUENCODE_LEN macro in + gmime/gmime-encodings.h. +
+A context-dependent attacker could possibly execute arbitrary code or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+GMime 2.4.x users on the PPC64 architecture should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.4.17"
+
+
+ GMime 2.4.x users on other architectures should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.4.15"
+
+
+ GMime 2.2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.2.26"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Cacti is a complete network graphing solution designed to harness the + power of RRDTool’s data storage and graphing functionality. +
+Multiple vulnerabilities have been discovered in Cacti. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary SQL commands via specially + crafted parameters, execute arbitrary shell code or inject malicious + script code. +
+There is no known workaround at this time.
+All Cacti users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8b"
+
+ Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +
+Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted PDF in + an application linked against Poppler, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Poppler users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.24.5"
+
+
+ Active Record is a Ruby gem that allows database entries to be + manipulated as objects. +
+An Active Record method parameter can mistakenly be used as a scope.
+A remote attacker could use specially crafted input to execute arbitrary + SQL statements. +
+The vulnerability may be mitigated by converting the input to an + expected value. This is accomplished by changing instances of + ‘Post.find_by_id(params[:id])’ in code using Active Record to + ‘Post.find_by_id(params[:id].to_s)’ +
+All Active Record users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/activerecord-2.3.14-r1"
+
+
+ sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +
+Multiple vulnerabilities have been found in sudo:
+ +A local attacker with sudo privileges could connect to the stdin, + stdout, and stderr of the terminal of a user who has authenticated with + sudo, allowing the attacker to hijack the authorization of the other + user. Additionally, a local or physically proximate attacker could set + the system clock to the epoch, bypassing time restrictions on sudo + authentication. +
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.6_p7"
+
+
+ INN is a news server which can interface with Usenet.
+INN’s I/O buffering is not correctly restricted.
+A remote attacker could inject commands into encrypted NNTP sessions.
+There is no known workaround at this time.
+All INN users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.5.3"
+
+
+ ldns is a fast DNS library with the goal to simplify DNS programming and + to allow developers to easily create software conforming to current RFCs + and Internet drafts. +
+ldns contains a heap-based buffer overflow in the + ldns_rr_new_frm_str_internal function. +
+A remote attacker could execute arbitrary code or cause a Denial of + Service condition with a crafted Resource Record. +
+There is no known workaround at this time.
+All ldns users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/ldns-1.6.11"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+ +NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 11, 2011. It is likely that your system is + already no longer affected by this issue. +
+Zabbix is software for monitoring applications, networks, and servers.
+If a flexible user parameter is configured in Zabbix agent, including a + newline in the parameters will execute newline section as a separate + command even if UnsafeUserParameters are disabled. +
+A remote attacker could possibly execute arbitrary shell code with the + privileges of the process. +
+There is no known workaround at this time.
+All Zabbix 2.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-2.2.0-r4"
+
+
+ All Zabbix 2.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-2.0.9-r1"
+
+ GNU TeXmacs is a free WYSIWYG editing platform with special features for + scientists. +
+The texmacs and tm_mupad_help scripts in TeXmacs place a zero-length + directory name in the LD_LIBRARY_PATH, which might result in the current + working directory (.) to be included when searching for dynamically + linked libraries. +
+A local attacker could gain escalated privileges via a specially crafted + shared library. +
+There is no known workaround at this time.
+All GNU TeXmacs users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/texmacs-1.0.7.2-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 02, 2011. It is likely that your system is already + no longer affected by this issue. +
+ +Tomboy is a desktop note-taking application.
+Tomboy places a zero-length directory name in the LD_LIBRARY_PATH, which + might result in the current working directory (.) to be included when + searching for dynamically linked libraries. +
+ +NOTE: This vulnerability exists due to an incomplete fix for + CVE-2005-4790 (GLSA 200711-12). +
+A local attacker could gain escalated privileges via a specially crafted + shared library. +
+There is no known workaround at this time.
+All Tomboy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/tomboy-1.4.2-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 02, 2011. It is likely that your system is already + no longer affected by this issue. +
+ +VIPS is a free image processing system.
+VIPS places a zero-length directory name in the LD_LIBRARY_PATH, which + might result in the current working directory (.) to be included when + searching for dynamically linked libraries. +
+A local attacker could gain escalated privileges via a specially crafted + shared library. +
+There is no known workaround at this time.
+All VIPS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/vips-7.22.4"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 23, 2010. It is likely that your system is + already no longer affected by this issue. +
+ +The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and + the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) + provide the Oracle Java platform (formerly known as Sun Java Platform). +
+Multiple vulnerabilities have been reported in the Oracle Java + implementation. Please review the CVE identifiers referenced below for + details. +
+An unauthenticated, remote attacker could exploit these vulnerabilities + to execute arbitrary code. + Furthermore, a local or remote attacker could exploit these + vulnerabilities to cause unspecified impact, possibly including remote + execution of arbitrary code. +
+There is no known workaround at this time.
+All Oracle JDK 1.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.7.0.51"
+
+
+ All Oracle JRE 1.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.7.0.51"
+
+
+ All users of the precompiled 32-bit Oracle JRE should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/emul-linux-x86-java-1.7.0.51"
+
+
+ All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one + of the newer Oracle packages like dev-java/oracle-jdk-bin or + dev-java/oracle-jre-bin or choose another alternative we provide; eg. the + IBM JDK/JRE or the open source IcedTea. +
+ +NOTE: As Oracle has revoked the DLJ license for its Java implementation, + the packages can no longer be updated automatically. +
+CEDET is a Collection of Emacs Development Environment Tools written + with the end goal of creating an advanced development environment in + Emacs. +
+An untrusted search path vulnerability was discovered in CEDET.
+A local attacker could escalate his privileges via a specially crafted + Lisp expression in a Project.ede file in the directory or a parent + directory of an opened file. +
+There is no known workaround at this time.
+All CEDET users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emacs/cedet-1.0.1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since February 01, 2012. It is likely that your system is + already no longer affected by this issue. +
+ +Exim is a highly configurable, drop-in replacement for sendmail.
+Multiple vulnerabilities have been discovered in Exim. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with root + privileges, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Exim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.80.1"
+
+
+ Digest-Base is a set of Perl modules that calculate message digests
+The vulnerability is caused due to the “Digest->new()” function + not properly sanitising input before using it in an “eval()” call. +
+The vulnerability might allow an attacker to execute arbitrary code.
+There is no known workaround at this time.
+All Digest-Base module users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=perl-core/digest-base-1.170.0"
+
+
+ BIND is the Berkeley Internet Name Domain Server.
+Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition.
+There is no known workaround at this time.
+All BIND users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.4_p2"
+
+
+ GNU libmicrohttpd is a small C library that is supposed to make it easy + to run an HTTP server as part of another application. +
+Multiple vulnerabilities have been discovered in GNU libmicrohttpd. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, or obtain sensitive + information. +
+There is no known workaround at this time.
+All GNU libmicrohttpd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libmicrohttpd-0.9.32"
+
+
+ The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic + boards. +
+The vulnerability is caused due to the driver allowing unprivileged + user-mode software to access the GPU. +
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All NVIDIA Drivers users using the 331 branch should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=x11-drivers/nvidia-drivers-331.20"
+
+
+ All NVIDIA Drivers users using the 319 branch should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=x11-drivers/nvidia-drivers-319.76"
+
+
+ All NVIDIA Drivers users using the 304 branch should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=x11-drivers/nvidia-drivers-304.116"
+
+ Pixman is a pixel manipulation library.
+The trapezoid handling code in Pixman contains an integer underflow + vulnerability. +
+A context-dependent attacker could entice a user to open a specially + crafted file using an application linked against Pixman, possibly + resulting in execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All Pixman users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/pixman-0.32.4"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+libwww is a collection of Perl modules providing a consistent interface + to the World-Wide Web. +
+Multiple vulnerabilities have been discovered in libwww-perl. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to download a specially-crafted + file with an application linked against libwww-perl, which could result + in overwritten files or arbitrary code execution by writing to a dotfile + in the user’s home directory (such as .bashrc). Additionally, a remote + attacker could perform a Man-in-the-Middle attack. +
+There is no known workaround at this time.
+All libwww-perl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/libwww-perl-6.30.0"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since December 18, 2011. It is likely that your system is + already no longer affected by this issue. +
+ +Banshee is a multimedia management and playback application for GNOME.
+Banshee places a zero-length directory name in PATH, which allows + libraries to be loaded from the working directory. +
+A local attacker could put specially crafted library into working + directory of Banshee, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All Banshee users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/banshee-1.8.0-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 17, 2010. It is likely that your system is + already no longer affected by this issue. +
+ +The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple unspecified vulnerabilities have been discovered in Adobe Flash + Player. Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted SWF + file using Adobe Flash Player, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.336"
+
+
+ Freeciv is an open-source empire building strategy game.
+The Lua component of Freeciv does not restrict which modules may be + loaded by scenario scripts. +
+A remote attacker could entice a user to open a specially crafted + scenario file, possibly resulting in execution of arbitrary code or + reading of arbitrary files with the privileges of the process. +
+There is no known workaround at this time.
+All Freeciv users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-strategy/freeciv-2.2.1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 26, 2010. It is likely that your system is already + no longer affected by this issue. +
+The stunnel program is designed to work as an SSL encryption wrapper + between a client and a local or remote server. +
+A buffer overflow vulnerability has been discovered in stunnel. Please + review the CVE identifier referenced below for details. +
+A remote attacker could entice a user to connect to a malicious proxy + server, resulting in the execution of arbitrary code within the + configured chroot directory, with the privileges of the user running + stunnel. Please review the references below for details. +
+There is no known workaround at this time.
+All stunnel users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.56-r1"
+
+
+ Apache mod_fcgid is a binary-compatible alternative to mod_fastcgi with + better process management. +
+Apache mod_fcgid fails to perform a boundary check on user-supplied + input, potentially resulting in a heap-based buffer overflow. +
+A remote attacker can supply a crafted input, possibly resulting in + execution of arbitrary code or a Denial of Service condition. +
+There is no known workaround at this time.
+All Apache mod_fcgid users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_fcgid-2.3.9"
+
+
+ PulseAudio is a sound system for POSIX OSes.
+The pa_make_secure_dir function in core-util.c does not handle temporary + files securely. +
+A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All PulseAudio users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.22"
+
+
+ Links is a web browser which runs in both graphics and text modes.
+An integer overflow vulnerability was found in the parsing of HTML + tables in the Links web browser when running in graphical mode. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All Links users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/links-2.8-r1"
+
+
+ PAM S/Key is a pluggable authentication module for the OpenBSD + Single-key Password system. +
+Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove + credentials provided by the user from memory. +
+A local attacker with privileged access could inspect a memory dump to + gain access to cleartext credentials provided by users. +
+There is no known workaround at this time.
+All PAM S/Key users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_skey-1.1.5-r5"
+
+
+ DjVu is a web-centric format and software platform for distributing + documents and images. +
+A vulnerability has been discovered in DjVu. Please review the CVE + identifier referenced below for details. +
+A remote attacker could entice a user to open a specially crafted DjVu + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All DjVu users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/djvu-3.5.25.3"
+
+
+ International Components for Unicode is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +
+Multiple vulnerabilities have been discovered in International + Components for Unicode. Please review the CVE identifiers referenced + below for details. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All International Components for Unicode users should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-51.2-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Roundcube is a browser-based multilingual IMAP client with an + application-like user interface. +
+A vulnerability in steps/utils/save_pref.inc allows remote attackers to + use the _session parameter to change configuration settings. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, inject SQL code, or read arbitrary files. +
+There is no known workaround at this time.
+All Roundcube 0.9 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/roundcube-0.9.5"
+
+
+ All Roundcube 0.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/roundcube-0.8.7"
+
+
+ FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could entice a user to open a specially + crafted font, possibly resulting in execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Freetype users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.11"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+Xpdf is an X viewer for PDF files.
+Multiple vulnerabilities have been discovered in Xpdf. Please review the + CVE identifiers referenced below for details. +
+A context-dependent attacker could execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+Gentoo has discontinued support for Xpdf. We recommend that users + unmerge Xpdf: +
+ +
+ # emerge --unmerge "app-text/xpdf"
+
+ GNU Midnight Commander is a text based file manager.
+GNU Midnight Commander does not properly sanitize environment variables.
+A remote attacker could entice a user to open a specially crafted + archive file using GNU Midnight Commander, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All GNU Midnight Commander users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/mc-4.8.7"
+
+ libtar is a C library for manipulating POSIX tar files.
+An integer overflow error within the “th_read()” function when + processing long names or link extensions can be exploited to cause a + heap-based buffer overflow via a specially crafted archive. +
+A remote attacker could entice a user to open a specially crafted file + using a program linked against libtar, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +
+There is no known workaround at this time.
+All libtar users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libtar-1.2.20-r2"
+
+
+ KVIrc is a free portable IRC client based on Qt.
+Multiple vulnerabilities have been discovered in KVIrc. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of + Service condition, or overwrite arbitrary files. +
+There is no known workaround at this time.
+All KVIrc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/kvirc-4.1_pre4693"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 29, 2010. It is likely that your system is already + no longer affected by this issue. +
+libTIFF provides support for reading and manipulating TIFF (Tagged Image + File Format) images. +
+Multiple vulnerabilities have been discovered in libTIFF. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF, possibly resulting in + execution of arbitrary code with the privileges of the user running the + application or a Denial of Service condition. +
+There is no known workaround at this time.
+All libTIFF 4.* users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.3-r6"
+
+
+ All libTIFF 3.* users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.7-r1:3"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+TCPTrack is a simple libpcap based program for live TCP connection + monitoring. +
+A heap-based buffer overflow vulnerability exists in TCPTrack’s + parsing of command line arguments. This is only a vulnerability in + limited scenarios in which TCPTrack is “configured as a handler for + other applications.” +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition with a + specially crafted command-line argument. +
+There is no known workaround at this time.
+All TCPTrack users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcptrack-1.4.2"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 06, 2011. It is likely that your system is already + no longer affected by this issue. +
+libXfont is an X11 font rasterisation library.
+Multiple vulnerabilities have been discovered in libXfont. Please review + the CVE identifiers referenced below for details. +
+A local attacker could use a specially crafted file to gain privileges + or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libXfont users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.7 "
+
+
+ The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of + cryptographic software. Libgcrypt is a cryptographic library based on + GnuPG. +
+Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt. + Please review the CVE identifiers referenced below for details. +
+An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the user running GnuPG, cause a Denial of Service + condition, or bypass security restrictions. Additionally, a side-channel + attack may allow a local attacker to recover a private key, please review + “Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel + Attack” in the References section for further details. +
+There is no known workaround at this time.
+All GnuPG 2.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.22"
+
+
+ All GnuPG 1.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.16"
+
+
+ All Libgcrypt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.5.3"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+A flaw in the ssl3_take_mac function can result in a NULL pointer + dereference. +
+A remote attacker could send a specially crafted TLS handshake, + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All OpenSSL 1.0.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1f"
+
+ libssh is a C library providing SSHv2 and SSHv1.
+Multiple buffer overflow, double free, and integer overflow + vulnerabilities have been discovered in libssh. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libssh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.5.3"
+
+ pidgin-knotify is a Pidgin plug-in to display message notifications in + KDE. +
+pidgin-knotify does not properly sanitize shell metacharacters from + received messages. +
+A remote attacker could send a specially crafted instant message, + possibly resulting in execution of arbitrary code with the privileges of + the Pidgin process. +
+There is no known workaround at this time.
+Gentoo has discontinued support for pidgin-knotify. We recommend that + users unmerge pidgin-knotify: +
+ +
+ # emerge --unmerge "x11-plugins/pidgin-knotify"
+
+ Chrony is a pair of programs which are used to maintain the accuracy of + the system clock on a computer. +
+Multiple vulnerabilities have been discovered in Chrony. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition by + sending specially crafted packets. +
+There is no known workaround at this time.
+All Chrony users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/chrony-1.29"
+
+
+ ArgyllCMS is an ICC compatible color management system that supports + accurate ICC profile creation for scanners, cameras and film recorders. +
+Multiple integer overflow vulnerabilities have been discovered in the + ICC Format Library in ArgyllCMS. +
+A remote attacker could entice a user to open a specially crafted image + file using ArgyllCMS, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All ArgyllCMS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0-r1"
+
+ Chromium is an open-source web browser project. V8 is Google’s open + source JavaScript engine. +
+Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +
+A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. Furthermore, a remote attacker + may be able to bypass security restrictions or have other unspecified + impact. +
+There is no known workaround at this time.
+All chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-33.0.1750.146"
+
+
+ Gentoo has discontinued support for separate V8 package. We recommend + that users unmerge V8: +
+ +
+ # emerge --unmerge "dev-lang/v8"
+
+ LibYAML is a YAML 1.1 parser and emitter written in C.
+A heap-based buffer overflow flaw was found in the way libyaml parsed + YAML tags. +
+A remote attacker could provide a specially-crafted YAML document which + when parsed by LibYAML, would cause the application to crash or, + potentially, execute arbitrary code with the privileges the user who is + running the application. +
+There is no known workaround at this time.
+All LibYAML users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libyaml-0.1.5"
+
+
+ file is a utility that guesses a file format by scanning binary data for + patterns. +
+A flaw was found in the way the file utility determines the type of a + file. +
+A remote attacker could entice a user to open a specially crafted file, + possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All file users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-5.17"
+
+
+ The Qt toolkit is a comprehensive C++ application development framework.
+A vulnerability in QXmlSimpleReader’s XML entity parsing has been + discovered. +
+A remote attacker could entice a user to open a specially crafted XML + file using an application linked against QtCore, possibly resulting in + Denial of Service. +
+There is no known workaround at this time.
+All QtCore users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.5-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+GNU Emacs is a highly extensible and customizable text editor.
+Multiple vulnerabilities have been discovered in GNU Emacs:
+ +A remote attacker could entice a user to open a specially crafted file, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All GNU Emacs 24.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-24.1-r1"
+
+
+ All GNU Emacs 23.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r4"
+
+ libupnp is a portable, open source, UPnP development kit.
+Multiple buffer overflow vulnerabilities have been discovered in + libupnp. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libupnp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libupnp-1.6.18"
+
+ grep is the GNU regular expression matcher.
+An integer overflow flaw has been discovered in grep.
+An attacker could entice a user to run grep on a specially crafted file, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All grep users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.12"
+
+ The Perl RPC Module is a Perl module that implements IDL-free RPCs.
+PlRPC uses Storable module for serialization and deserialization of + untrusted data. Deserialized data can contain objects which can lead to + loading of foreign modules, and possible execution of arbitrary code. +
+A remote attacker could possibly execute + arbitrary code with the privileges of the process, or cause a Denial of + Service condition. +
+External authentication mechanism can be used with PlRPC such as TLS or + IPSEC. +
+All PlRPC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/PlRPC-0.202.0-r2"
+
+
+ CUPS, the Common Unix Printing System, is a full-featured print server.
+Members of the lpadmin group have admin access to the web interface, + where they can + edit the config file and set some “dangerous” directives (like the + logfilenames), which enable them to read or write files as the user + running + the CUPS webserver. +
+A local attacker could possibly exploit this vulnerability to read or + write files as the user running the CUPS webserver. +
+There is no known workaround at this time.
+All CUPS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-1.6.2-r5"
+
+
+ libproxy is a library for automatic proxy configuration management.
+A boundary error when processing the proxy.pac file could cause a + stack-based buffer overflow. +
+A man-in-the-middle attacker could provide a specially crafted proxy.pac + file on a remote server, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All libproxy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libproxy-0.4.10"
+
+ OptiPNG is a PNG optimizer that recompresses image files to a smaller + size, without losing any information. +
+A use-after-free vulnerability exists in the palette reduction + functionality of OptiPNG. +
+A remote attacker could entice a user to open a specially crafted image + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All OptiPNG users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.7.3"
+
+ Crack is a really simple JSON and XML parsing Ruby gem, ripped from Merb + and Rails. +
+An XML parameter parsing vulnerability has been discovered in Crack.
+A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of + Service condition, or bypass security restrictions. +
+There is no known workaround at this time.
+All Crack users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/crack-0.3.2"
+
+ OpenAFS is an client-server program suite for federated file sharing and + replicated content distribution. +
+Multiple vulnerabilities have been discovered in OpenAFS. Please review + the CVE identifiers referenced below for details. +
+An attacker could potentially execute arbitrary code with the + permissions of the user running the AFS server, cause a Denial of Service + condition, or gain access to sensitive information. Additionally, an + attacker could compromise a cell’s private key, allowing them to + impersonate any user in the cell. +
+There is no known workaround at this time.
+All OpenAFS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.6.5"
+
+
+ Mesa is an OpenGL-like graphic library for Linux.
+Multiple vulnerabilities have been discovered in Mesa. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute + arbitrary code with the privileges of the process, or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All Mesa users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/mesa-9.1.4"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been found in OpenSSL:
+ +A remote attacker could exploit these issues to disclose information, + including private keys or other sensitive information, or perform + side-channel attacks to obtain ECDSA nonces. +
+Disabling the tls-heartbeat USE flag (enabled by default) provides a + workaround for the CVE-2014-0160 issue. +
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1g"
+
+
+ Note: All services using OpenSSL to provide TLS connections have to be + restarted for the update to take effect. Utilities like + app-admin/lib_users can aid in identifying programs using OpenSSL. +
+ +As private keys may have been compromised using the Heartbleed attack, + it is recommended to regenerate them. +
+udisks is an abstraction for enumerating block devices and performing + operations on them. +
+A stack-based buffer overflow can be triggered when udisks is given a + long path name as a mount point. +
+A local attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All udisks 1.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/udisks-1.0.5:0"
+
+
+ All udisks 2.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.1.3"
+
+
+ libSRTP is an Open-source implementation of the Secure Real-time + Transport Protocol. +
+A flaw was found in how the crypto_policy_set_from_profile_for_rtp() + function applies cryptographic profiles to an srtp_policy in libSRTP. +
+A remote attacker could exploit this vulnerability to crash an + application linked against libSRTP, resulting in Denial of Service. +
+There is no known workaround at this time.
+All libSRTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-libs/libsrtp-1.4.4_p20121108-r1"
+
+
+ Wee Enhanced Environment for Chat (WeeChat) is a light and extensible + console IRC client. +
+Two vulnerabilities have been discovered in WeeChat:
+ +A remote attacker could entice a user to open a specially crafted script + or send messages with specially crafted colors, possibly resulting in + execution of arbitrary code with the privileges of the process, or a + Denial of Service condition. +
+There is no known workaround at this time.
+All WeeChat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/weechat-0.3.9.2"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted SWF + file using Adobe Flash Player, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. Furthermore, a remote attacker may be able to bypass the Same + Origin Policy or read the clipboard via unspecified vectors. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.356"
+
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers and Asterisk Project Security Advisories referenced + below for details. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All Asterisk 11.* users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.8.1"
+
+
+ All Asterisk 1.8.* users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.26.1"
+
+
+ OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +
+Multiple vulnerabilities have been discovered in OpenSSH. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code, cause a Denial of + Service condition, obtain sensitive information, or bypass environment + restrictions. +
+There is no known workaround at this time.
+All OpenSSH users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"
+
+
+ NOTE: One or more of the issues described in this advisory have been + fixed in previous updates. They are included in this advisory for the + sake of completeness. It is likely that your system is already no longer + affected by them. +
+The X Window System is a graphical windowing system based on a + client/server model. +
+Multiple vulnerabilities have been discovered in X.Org X Server. Please + review the CVE identifiers referenced below for details. +
+A context-dependent attacker could execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +
+There is no known workaround at this time.
+All X.Org X Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.14.3-r2"
+
+ Clam AntiVirus (ClamAV) is an anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +
+Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted file, leading to + arbitrary code execution or a Denial of Service condition. +
+There is no known workaround at this time.
+All ClamAV users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98"
+
+
+ ImageMagick is a collection of tools and libraries for manipulating + various image formats. +
+Multiple vulnerabilities have been discovered in ImageMagick. Please + review the CVE identifiers referenced below for details. +
+ +Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete + fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs + were addressed in GLSA 201203-09. +
+A remote attacker can utilize multiple vectors to execute arbitrary code + or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All ImageMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.8.8.10"
+
+
+ Rack is a modular Ruby web server interface.
+Multiple vulnerabilities have been discovered in Rack. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +
+There is no known workaround at this time.
+All Rack 1.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.4.5"
+
+
+ All Rack 1.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.3.10"
+
+
+ All Rack 1.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.2.8"
+
+
+ All Rack 1.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.1.6"
+
+ Bacula is a network based backup suite.
+Bacula does not properly enforce console access control lists.
+A remote authenticated attacker may be able to bypass restrictions to + obtain sensitive information. +
+There is no known workaround at this time.
+All Bacula users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-backup/bacula-5.2.12"
+
+ Ettercap is a suite of tools for content filtering, sniffing and man in + the middle attacks on a LAN. +
+Multiple vulnerabilities have been discovered in Ettercap:
+ +A remote attacker could entice a user to load a specially crafted + configuration file using Ettercap, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +
+ +A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+There is no known workaround at this time.
+All Ettercap users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.5.2"
+
+ Pango is an internationalized text layout and rendering library
+Multiple vulnerabilities have been discovered in Pango. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could entice a user to load specially + crafted text using an application linked against Pango, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Pango users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/pango-1.28.3-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+ +NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 18, 2011. It is likely that your system is already + no longer affected by this issue. +
+Ruby OpenID is a robust library for verifying and serving OpenID + identities. +
+An XML entity parsing error has been discovered in Ruby OpenID.
+A remote attacker could send a specially crafted XML file, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Ruby OpenID users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/ruby-openid-2.2.2"
+
+ util-linux is a suite of Linux programs including mount and umount, + programs used to mount and unmount filesystems. +
+Multiple vulnerabilities have been discovered in util-linux. Please + review the CVE identifiers referenced below for details. +
+A local attacker may be able to cause a Denial of Service condition, + trigger corruption of /etc/mtab, obtain sensitive information, or have + other unspecified impact. +
+There is no known workaround at this time.
+All util-linux users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.22.2"
+
+ Mono is an open source implementation of Microsoft’s .NET Framework.
+Mono does not properly randomize hash functions for form posts to + protect against hash collision attacks. +
+A remote attacker could send specially crafted parameters, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Mono users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/mono-2.10.9-r2"
+
+ Munin is an open source server monitoring tool.
+Multiple vulnerabilities have been discovered in Munin. Please review + the CVE identifiers referenced below for details. +
+A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +
+ +A remote attacker could create files or load new Munin configuration + files. +
+There is no known workaround at this time.
+All Munin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/munin-2.0.8-r2"
+
+ OpenConnect is a free client for Cisco AnyConnect SSL VPN software.
+A stack-based buffer overflow error has been discovered in OpenConnect.
+A remote attacker could entice a user to connect to a malicious VPN + server, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All OpenConnect users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openconnect-4.08"
+
+
+ MCrypt is a replacement of the old unix crypt(1) utility.
+Multiple vulnerabilities have been discovered in MCrypt:
+ +A remote attacker could entice a user to open a specially crafted file + using MCrypt, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All MCrypt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mcrypt-2.6.8-r2"
+
+ JBIG-KIT is a software implementation of the JBIG1 data compression + standard. +
+JBIG-KIT contains a stack-based buffer overflow in the jbg_dec_in + function in libjbig/jbig.c. +
+A remote attacker could possibly cause a Denial of Service condition via + a specially crafted image file. +
+There is no known workaround at this time.
+All JBIG-KIT users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/jbigkit-2.1"
+
+
+ Charybdis is the Atheme Project’s IRC daemon based on ratbox. + ShadowIRCd is an IRC daemon based on Charybdis that adds several useful + features. +
+A vulnerability has been discovered in Charybdis and ShadowIRCd. Please + review the CVE identifier referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition.
+There is no known workaround at this time.
+All Charybdis users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/charybdis-3.4.2"
+
+
+ All ShadowIRCd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/shadowircd-6.3.3"
+
+ Pidgin is a GTK Instant Messenger client for a variety of instant + messaging protocols. +
+Multiple vulnerabilities have been discovered in Pidgin. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the Pidgin process, cause a Denial of Service condition, + overwrite files, or spoof traffic. +
+There is no known workaround at this time.
+All Pidgin users on HPPA or users of GNOME 3.8 and later on AMD64 or X86 + should upgrade to the latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.9-r1"
+
+
+ All Pidgin users on ALPHA, PPC, PPC64, SPARC, and users of GNOME before + 3.8 on AMD64 and X86 should upgrade to the latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.9"
+
+
+ lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files.
+An array index error has been discovered in lib3ds.
+A remote attacker could entice a user to open a specially crafted 3DS + file using an application linked against lib3ds, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All lib3ds 2.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/lib3ds-2.0.0_rc1"
+
+
+ All lib3ds 1.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/lib3ds-1.3.0-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+The Apache Portable Runtime (aka APR) provides a set of APIs for + creating platform-independent applications. The Apache Portable Runtime + Utility Library (aka APR-Util) provides an interface to functionality + such as XML parsing, string matching and database connections. +
+Multiple vulnerabilities have been discovered in Apache Portable Runtime + and APR Utility Library. Please review the CVE identifiers referenced + below for details. +
+A remote attacker could cause a Denial of Service condition.
+There is no known workaround at this time.
+All Apache Portable Runtime users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1"
+
+
+ All users of the APR Utility Library should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10"
+
+
+ Packages which depend on these libraries may need to be recompiled. + Tools such as revdep-rebuild may assist in identifying some of these + packages. +
+Symfony is a professional, open-source PHP5 web development framework.
+Symfony does not properly sanitize input for upload requests.
+A remote attacker could send a specially crafted file upload request, + possibly resulting in disclosure of sensitive information. +
+There is no known workaround at this time.
+Gentoo has discontinued support for Symfony. We recommend that users + unmerge Symfony: +
+ +
+ # emerge --unmerge "dev-php/symfony"
+
+ X2Go is an open source terminal server project.
+X2Go Server is prone to a local privilege-escalation vulnerability.
+A local attacker could gain escalated privileges.
+There is no known workaround at this time.
+All X2Go Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/x2goserver-4.0.1.12"
+
+
+ LibYAML is a YAML 1.1 parser and emitter written in C.
+The yaml_parser_scan_uri_escapes() function does not properly expand + strings passed as input, which can result in a heap-based buffer + overflow. +
+An attacker could provide a specially-crafted YAML document, which, when + parsed by LibYAML, could result in arbitrary code execution or cause the + application to crash. +
+There is no known workaround at this time.
+All LibYAML users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libyaml-0.1.6"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+xmonad-contrib is a set of third party tiling algorithms, + configurations, and scripts for xmonad. +
+A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a + malicious website with a specially crafted title to inject commands into + the title bar which would be executed when the bar is clicked. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All xmonad-contrib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-wm/xmonad-contrib-0.11.2"
+
+
+ D-Bus is a daemon providing a framework for applications to communicate + with one another. GLib is a library providing a number of GNOME’s core + objects and functions. +
+When libdbus is used in a setuid program, a user can gain escalated + privileges by leveraging the DBUS_SYSTEM_BUS_ADDRESS variable. GLib can + be used in a setuid context with D-Bus, and so can trigger this + vulnerability. Please review the CVE identifier below for more details. +
+A local attacker could gain escalated privileges and execute arbitrary + code. +
+There is no known workaround at this time.
+All D-Bus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.6.8"
+
+
+ All GLib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.32.4-r1"
+
+
+ libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +
+Multiple vulnerabilities have been discovered in libarchive. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user or automated process to open a + specially crafted archive using an application linked against libarchive, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All libarchive users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.1.2-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Fail2ban is a tool for parsing log files and banning IP addresses which + show suspicious behavior. +
+Multiple vulnerabilities have been discovered in Fail2ban. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a crafted URL to a web site which, when + parsed by Fail2ban, would deny a specific IP address. Also, errors in + regular expressions within certain filters can cause arbitrary IP + addresses to be banned. Furthermore, a local attacker could perform + symlink attacks to overwrite arbitrary files with the privileges of the + user running the application. +
+There is no known workaround at this time.
+All Fail2ban users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.8.12
+
+
+ SystemTap is a kernel profiling and instrumentation tool.
+SystemTap does not properly handle DWARF expressions when unwinding the + stack. +
+A local attacker with SystemTap permissions could trigger a kernel + panic, causing a Denial of Service condition. +
+Disabling unprivileged mode is a temporary workaround for this + vulnerability. +
+All SystemTap users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/systemtap-2.0"
+
+
+ Mutt is a small but powerful text-based mail client.
+A heap-based buffer overflow has been discovered in the mutt_copy_hdr + function. +
+A remote attacker could send a specially crafted message, possibly + resulting in execution of arbitrary code with the privileges of the user + running Mutt or a Denial of Service condition. +
+There is no known workaround at this time.
+All Mutt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mutt-1.5.22-r3"
+
+
+ Mumble is low-latency voice chat software intended for use with gaming.
+Multiple vulnerabilities have been discovered in Mumble:
+ +A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Mumble users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mumble-1.2.6"
+
+
+ Echoping is a small program to test performances of a + remote host by sending it TCP packets. +
+A boundary error exists within the “TLS_readline()” function, which + can be exploited to overflow a global buffer by sending an overly long + encrypted HTTP reply to Echoping. Also, a similar boundary error exists + within the “SSL_readline()” function, which can be exploited in the + same manner. +
+A remote attacker could send a specially crafted HTTP reply, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Echoping users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-analyzer/echoping-6.0.2_p434"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute + arbitrary code with the privileges of the process, or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.359"
+
+
+ GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +
+Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could utilize multiple vectors to spoof arbitrary SSL + servers via a crafted certificate, execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.12.23-r6"
+
+
+ lighttpd is a lightweight high-performance web server.
+Multiple vulnerabilities have been discovered in lighttpd. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could create a Denial of Service condition. + Futhermore, a remote attacker may be able to execute arbitrary SQL + statements. +
+There is no known workaround at this time.
+All lighttpd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.35"
+
+
+ libXfont is an X11 font rasterisation library.
+Multiple vulnerabilities have been discovered in libXfont. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could use a specially crafted file to gain + privileges, cause a Denial of Service condition or possibly execute + arbitrary code with the privileges of the process. +
+There is no known workaround at this time.
+All libXfont users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.8"
+
+
+ FreeRADIUS is an open source RADIUS authentication server.
+Large passwords can trigger a stack-based buffer overflow in + FreeRADIUS’s rlm_pap module when authenticating against an LDAP server. +
+An authenticated user could set a specially crafted long password, + possibly leading to arbitrary code execution or a Denial of Service + condition. +
+There is no known workaround at this time.
+All FreeRADIUS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-2.2.5"
+
+
+ memcached is a high-performance, distributed memory object caching + system +
+memcached authentication could be bypassed when using SASL due to a flaw + related to SASL authentication state. Also several heap-based buffer + overflows due to integer conversions when parsing certain length + attributes were discovered. +
+A remote attacker could possibly execute + arbitrary code with the privileges of the process, cause a Denial of + Service condition or authenticate with invalid SASL credentials, + bypassing memcached authentication completely. +
+There is no known workaround at this time.
+All memcached users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/memcached-1.4.17"
+
+
+ Opera is a fast web browser that is available free of charge.
+Multiple vulnerabilities have been discovered in Opera. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + page using Opera, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. + Furthermore, a remote attacker may be able to obtain sensitive + information, conduct Cross-Site Scripting (XSS) attacks, or bypass + security restrictions. +
+ +A local attacker may be able to obtain sensitive information.
+There is no known workaround at this time.
+All Opera users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-12.13_p1734"
+
+ KDirStat is a graphical disk usage utility for KDE.
+Missing escape of executable shell command in KDirStat can be used to + insert malicious shell commands. +
+A local attacker could possibly execute arbitrary shell command with the + privileges of the process. +
+There is no known workaround at this time.
+All KDirStat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-misc/kdirstat-2.7.5"
+
+
+ cups-filters is an OpenPrinting CUPS Filters.
+Multiple vulnerabilities have been discovered in cups-filters. Please + review the CVE identifiers referenced below for more details about the + vulnerabilities. +
+A remote attacker(s) could possibly execute arbitrary code utilizing + multiple attack vectors, or a local attacker could gain escalated + privileges via a specially crafted shared library. +
+There is no known workaround at this time.
+All cups-filters users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.0.53"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, conduct + Cross-Site Scripting (XSS) attacks, or bypass + security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.378 "
+
+
+ rxvt-unicode (urxvt) is a clone of the rxvt terminal emulator.
+rxvt-unicode does not properly handle OSC escape sequences, including + those used to read and write X window properties. +
+A remote attacker could entice a user to run a specially crafted file + using rxvt-unicode, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All rxvt-unicode users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.20"
+
+
+ The Mozilla Network Security Service is a library implementing security + features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, + S/MIME and X.509 certificates. +
+Multiple vulnerabilities have been discovered in the Mozilla Network + Security Service. Please review the CVE identifiers referenced below for + more details about the vulnerabilities. +
+A remote attacker can cause a Denial of Service condition.
+There is no known workaround at this time.
+All Mozilla Network Security Service users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.15.3"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+nginx is a robust, small, and high performance HTTP and reverse proxy + server. +
+A bug in the SPDY implementation in nginx was found which might cause a + heap memory buffer overflow in a worker process by using a specially + crafted request. The SPDY implementation is not enabled in default + configurations. +
+A remote attacker could cause execution of arbitrary code by using a + specially crafted request. +
+Disable the spdy module in NGINX_MODULES_HTTP.
+All nginx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"
+
+
+ cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +
+Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could cause a man-in-the-middle attack via a crafted + certificate issued by a legitimate certification authority. Furthermore, + a context-dependent attacker may be able to bypass security restrictions + by connecting as other users. +
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.36.0"
+
+
+ Network Audio System is a network transparent, client/server audio + transport system. +
+Multiple vulnerabilities have been discovered in Network Audio System. + Please review the CVE identifiers referenced below for details. +
+A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Network Audio System users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/nas-1.9.4"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+ +DenyHosts is a script intended to be run by Linux system administrators + to help thwart SSH server attacks. +
+DenyHosts does not properly define the regular expressions used when + parsing SSH authentication logs. +
+A remote attacker could possibly cause a Denial of Service condition via + a crafted login name. +
+There is no known workaround at this time.
+All DenyHost users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6-r9"
+
+
+ Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP + server. +
+When used with certain libvirt configurations Dnsmasq replies to queries + from prohibited interfaces. +
+A remote attackers can cause a Denial of Service via spoofed TCP based + DNS queries. +
+There is no known workaround at this time.
+All Dnsmasq users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.66"
+
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers below for details. +
+A remote attacker that gains access to a privileged Asterisk account can + execute arbitrary system shell commands. Furthermore an unprivileged + remote attacker could cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Asterisk 11 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.10.2"
+
+
+ All Asterisk 1.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.28.2"
+
+
+ Django is a Python-based web framework.
+Multiple vulnerabilities have been discovered in Django. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute code with the privileges of the process, + modify SQL queries, or disclose sensitive information. +
+There is no known workaround at this time.
+All Django 1.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.6.5"
+
+
+ All Django 1.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.5.8"
+
+
+ All Django 1.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.4.13"
+
+
+ polkit is a toolkit for managing policies relating to unprivileged + processes communicating with privileged processes. +
+polkit has a race condition which potentially allows a process to change + its UID/EUID via suid or pkexec before authentication is completed. +
+A local attacker could start a suid or pkexec process through a + polkit-enabled application, which could result in privilege escalation or + bypass of polkit restrictions. +
+There is no known workaround at this time.
+All polkit users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.112"
+
+
+ All HPLIP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/hplip-3.14.1"
+
+
+ All Spice-Gtk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.21"
+
+
+ All systemd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-204-r1"
+
+
+ All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.1.2-r3"
+
+ Libav is a complete solution to record, convert and stream audio and + video. +
+Multiple vulnerabilities have been discovered in Libav. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted media + file in an application linked against Libav, possibly resulting in + execution of arbitrary code with the privileges of the application or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Libav users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/libav-0.8.7"
+
+ Packages which depend on this library may need to be recompiled. Tools such + as revdep-rebuild may assist in identifying these packages. +
+spice-gtk is a set of GObject and Gtk objects for connecting to Spice + servers and a client GUI. +
+spice-gtk does not properly sanitize the DBUS_SYSTEM_BUS_ADDRESS + environment variable. +
+A local attacker may be able to gain escalated privileges.
+There is no known workaround at this time.
+All spice-gtk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.14"
+
+ sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +
+When the Sudo env_reset option is disabled (it is enabled by default), + certain environment variables are not blacklisted as expected. +
+A local attacker, authorized to run commands using sudo, can use this + flaw to execute arbitrary code or escalate his privileges. +
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.5"
+
+ Konqueror is the KDE web browser and file manager.
+Multiple vulnerabilities have been discovered in Konqueror. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted web + site using Konqueror, possibly resulting in the execution of arbitrary + code with the privileges of the process or a Denial of Service condition +
+There is no known workaround at this time.
+All Konqueror users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/konqueror-4.9.3-r1"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 11, 2012. It is likely that your system is + already no longer affected by this issue. +
+IcedTea is a distribution of the Java OpenJDK source code built with + free build tools. +
+Multiple vulnerabilities have been discovered in the IcedTea JDK. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, bypass intended security policies, or have other + unspecified impact. +
+There is no known workaround at this time.
+All IcedTea JDK users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
+
+
+ Wireshark is a network protocol analyzer formerly known as ethereal.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker can cause arbitrary code execution or a Denial of + Service condition via a specially crafted packet. +
+There is no known workaround at this time.
+All Wireshark 1.8.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.15"
+
+
+ All Wireshark 1.10.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.8"
+
+
+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like operating systems. KDE Libraries contains libraries needed by + all KDE applications. +
+Multiple vulnerabilities have been discovered in KDE Libraries. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could cause a man-in-the-middle attack via any + certificate issued by a legitimate certification authority. Furthermore, + a local attacker may gain knowledge of user passwords through an + information leak. +
+There is no known workaround at this time.
+All KDE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-4.12.5-r1"
+
+
+ Openfire is a real time collaboration (RTC) server.
+Multiple vulnerabilities have been discovered in Openfire. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition or + bypass security restrictions. +
+There is no known workaround at this time.
+All Openfire users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/openfire-3.9.2-r1"
+
+
+ OpenLDAP is an LDAP suite of application and development tools.
+Multiple vulnerabilities have been discovered in OpenLDAP. Please review + the CVE identifiers referenced below for details. +
+A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, + bypass security restrictions or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All OpenLDAP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35"
+
+
+ OpenTTD is a clone of Transport Tycoon Deluxe.
+The vulnerability is caused due to missing out-of-bound check within the + “HandleCrashedAircraft()” function. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All OpenTTD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-simulation/openttd-1.3.3"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.394"
+
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +
+A remote attacker can utilize multiple vectors to execute arbitrary + code, cause Denial of Service, or gain access to data on the host. +
+There is no known workaround at this time.
+All Xen 4.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2"
+
+
+ All Xen 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2"
+
+
+ All xen-tools 4.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulations/xen-tools-4.3.2-r2"
+
+
+ All xen-tools 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulations/xen-tools-4.2.4-r2"
+
+
+ All Xen PVGRUB 4.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.3.2"
+
+
+ All Xen PVGRUB 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.2.4"
+
+
+ The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of + cryptographic software. +
+GnuPG does not properly handle a specially crated compressed packet + resulting in an infinite loop. +
+A context-dependent attacker can cause a Denial of Service.
+There is no known workaround at this time.
+All GnuPG 2.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.24"
+
+
+ All GnuPG 1.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.17"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers + referenced below for details. +
+A remote attacker could send specially crafted DTLS fragments to an + OpenSSL DTLS client or server to possibly execute arbitrary code with the + privileges of the process using OpenSSL. +
+ +Furthermore, an attacker could force the use of weak keying material in + OpenSSL SSL/TLS clients and servers, inject data across sessions, or + cause a Denial of Service via various vectors. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
+
+
+ Zend Framework is a high quality and open source framework for + developing Web Applications. +
+Developers using non-ASCII-compatible encodings in conjunction with the + MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. +
+A remote attacker could use specially crafted input to execute arbitrary + SQL statements. +
+There is no known workaround at this time.
+All ZendFramework users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/ZendFramework-1.11.6"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures have + been + available since 2011-06-07. It is likely that your system is already + updated + to no longer be affected by this issue. +
+FreeType is a high-quality and portable font engine.
+A stack-based buffer overflow exists in Freetype’s cf2_hintmap_build + function in cff/cf2hints.c. +
+A remote attacker may be able to execute arbitrary code or cause a + Denial of Service condition via specially crafted font file. +
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.5.3-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+LibSSH is a C library providing SSHv2 and SSHv1.
+A new connection inherits the state of the PRNG without re-seeding with + random data. +
+Servers using ECC (ECDSA) or DSA certificates in non-deterministic mode + may under certain conditions leak their private key. +
+There is no known workaround at this time.
+All LibSSH users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.6.3"
+
+
+ Catfish is a versatile file searching tool.
+Multiple vulnerabilities have been discovered in Catfish. Please review + the CVE identifiers referenced below for details. +
+A local attacker could gain escalated privileges via a specially crafted + shared library. +
+There is no known workaround at this time.
+All Catfish users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/catfish-1.0.2"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition or bypass + security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.400"
+
+
+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +
+The png_push_read_chunk function in pngpread.c in the progressive + decoder enters an infinite loop, when it encounters a zero-length IDAT + chunk. In addition certain integer overflows have been detected and + corrected. +
+ +The 1.2 branch is not affected by these vulnerabilities.
+A remote attacker could entice a user to open a specially crafted PNG + file using an application linked against libpng, possibly resulting in + Denial of Service. +
+There is no known workaround at this time.
+All libpng users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.10"
+
+
+ Users with current installs in the 1.5 branch should also upgrade this + using: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.18:1.5"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+ModPlug XMMS Plugin is a library for playing MOD-like music files
+Multiple vulnerabilities have been discovered in ModPlug XMMS Plugin. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All ModPlug XMMS Plugin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.8.5"
+
+
+ file is a utility that guesses a file format by scanning binary data for + patterns. +
+BEGIN regular expression in the awk script detector in + magic/Magdir/commands uses multiple wildcards with unlimited repetitions. +
+A context-dependent attacker could entice a user to open a specially + crafted file, + possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All file users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-5.15"
+
+
+ The ASN.1 library used in GNUTLS.
+Multiple vulnerabilities have been discovered in GNU Libtasn1. Please + review the CVE identifiers referenced below for details. +
+A context-dependent attacker could possibly cause a Denial of Service + condition. +
+There is no known workaround at this time.
+All GNU Libtasn1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-3.6"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+ +Libgcrypt is a general purpose cryptographic library derived out of + GnuPG. +
+A vulnerability in the implementation of ElGamal decryption procedures + of Libgcrypt leaks information to various side-channels. +
+A physical side-channel attack allows a remote attacker to fully extract + decryption keys during the decryption of a chosen ciphertext. +
+There is no known workaround at this time.
+All Libgcrypt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.5.4"
+
+
+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
+Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +
+A context-dependent attacker can cause arbitrary code execution, create + a Denial of Service condition, read or write arbitrary files, impersonate + other servers, hijack a web session, or have other unspecified impact. + Additionally, a local attacker could gain escalated privileges. +
+There is no known workaround at this time.
+All PHP 5.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16"
+
+
+ All PHP 5.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32"
+
+
+ All PHP 5.3 users should upgrade to the latest version. This release + marks the end of life of the PHP 5.3 series. Future releases of this + series are not planned. All PHP 5.3 users are encouraged to upgrade to + the current stable version of PHP 5.5 or previous stable version of PHP + 5.4, which are supported till at least 2016 and 2015 respectively. +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"
+
+ Apache HTTP Server is one of the most popular web servers on the + Internet. +
+Multiple vulnerabilities have been found in Apache HTTP Server. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted request to possibly + execute arbitrary code, cause Denial of Service, or obtain sensitive + information. +
+There is no known workaround at this time.
+All Apache HTTP Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.27-r4"
+
+
+ Jinja2 is a template engine written in pure Python.
+Multiple vulnerabilities have been discovered in Jinja2. Please review + the CVE identifiers referenced below for details. +
+A local attacker could gain escalated privileges via a specially crafted + cache file or pre-created temporary directory. +
+There is no known workaround at this time.
+All Jinja2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/jinja-2.7.3"
+
+
+ The stunnel program is designed to work as an SSL encryption wrapper + between a client and a local or remote server. +
+stunnel does not properly update the state of the pseudo-random + generator after fork-threading which causes subsequent children with the + same process ID to use the same entropy pool. ECDSA and DSA keys, when + not used in deterministic mode (RFC6979), rely on random data for its k + parameter to not leak private key information. +
+A remote attacker may gain access to private key information from ECDSA + or DSA keys. +
+There is no known workaround at this time.
+All stunnel users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/stunnel-5.02"
+
+
+ PostgreSQL is an open source object-relational database management + system. +
+Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +
+A remote authenticated attacker may be able to create a Denial of + Service condition, bypass security restrictions, or have other + unspecified impact. +
+There is no known workaround at this time.
+All PostgreSQL 9.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.3.3"
+
+
+ All PostgreSQL 9.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.2.7"
+
+
+ All PostgreSQL 9.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.1.12"
+
+
+ All PostgreSQL 9.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.0.16"
+
+
+ All PostgreSQL 8.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.4.20"
+
+
+ Chromium is an open-source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could conduct a number of attacks which include: cross + site scripting attacks, bypassing of sandbox protection, potential + execution of arbitrary code with the privileges of the process, or cause + a Denial of Service condition. +
+There is no known workaround at this time.
+All chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-37.0.2062.94"
+
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A local attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.0.0-r1"
+
+
+ Nagios Remote Plugin Executor (NRPE) remotely executes Nagios plugins on + other Linux/Unix machines. +
+Multiple vulnerabilities have been discovered in NRPE. Please review the + CVE identifiers referenced below for details. +
+A remote attacker can utilize multiple vectors to execute arbitrary + code. +
+There is no known workaround at this time.
+All NRPE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/nrpe-2.15"
+
+ OpenOffice is the open source version of StarOffice, a full office + productivity suite. LibreOffice is a fork of OpenOffice. +
+Multiple vulnerabilities have been discovered in OpenOffice and + Libreoffice. Please review the CVE identifiers referenced below for + details. +
+A remote attacker could entice a user to open a specially crafted file + using OpenOffice, possibly resulting in execution of arbitrary code with + the privileges of the process, a Denial of Service condition, execution + of arbitrary Python code, authentication bypass, or reading and writing + of arbitrary files. +
+There is no known workaround at this time.
+All OpenOffice (binary) users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-office/openoffice-bin-3.5.5.3"
+
+
+ All LibreOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"
+
+
+ All LibreOffice (binary) users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-office/libreoffice-bin-4.2.5.2"
+
+
+ We recommend that users unmerge OpenOffice:
+ +
+ # emerge --unmerge "app-office/openoffice"
+
+ Wireshark is a network protocol analyzer formerly known as ethereal.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker can cause a Denial of Service condition via specially + crafted packets. +
+There is no known workaround at this time.
+All Wireshark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.9"
+
+
+ Net-SNMP bundles software for generating and retrieving SNMP data.
+Multiple vulnerabilities have been discovered in Net-SNMP. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could create a Denial of Service condition.
+There is no known workaround at this time.
+All net-snmp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-analyzer/net-snmp-5.7.3_pre3"
+
+
+ dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP + client. +
+A vulnerability has been discovered in dhcpcd. A malicious dhcp server + can set flags as part of the dhcp reply that can cause a Denial of + Service condition. +
+A remote attacker can cause a Denial of Service condition.
+There is no known workaround at this time.
+All dhcpcd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-6.4.3"
+
+
+ MySQL is a popular multi-threaded, multi-user SQL server.
+Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +
+A local attacker could possibly gain escalated privileges. A remote + attacker could send a specially crafted SQL query, possibly resulting in + a Denial of Service condition. A remote attacker could entice a user to + connect to specially crafted MySQL server, possibly resulting in + execution of arbitrary code with the privileges of the process. +
+There is no known workaround at this time.
+All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.39"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.406"
+
+
+ Chromium is an open-source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition or + possibly have other unspecified impact by leveraging improper handling of + render-tree inconsistencies. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-37.0.2062.120"
+
+
+ c-icap is an implementation of an ICAP server. It can be used with HTTP + proxies that support the ICAP protocol to implement content adaptation + and filtering services. +
+c-icap contains a flaw in the parse_request() function of request.c that + may allow a remote denial of service. The issue is triggered when the + buffer fails to contain a ‘ ‘ or ‘?’ symbol, which will cause the + end pointer to increase and surpass allocated memory. With a specially + crafted request (e.g. via the OPTIONS method), a remote attacker can + cause a loss of availability for the program. +
+A remote attacker may cause a Denial of Service condition.
+There is no known workaround at this time.
+All c-icap users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/c-icap-0.2.6"
+
+
+ libxml2 is the XML C parser and toolkit developed for the Gnome project.
+A vulnerability in the xmlParserHandlePEReference() function of + parser.c, when expanding entity references, can be exploited to consume + large amounts of memory and cause a crash or hang. +
+A remote attacker may be able to cause Denial of Service via a specially + crafted XML file containing malicious attributes. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r4"
+
+
+ Bash is the standard GNU Bourne Again SHell.
+Stephane Chazelas reported that Bash incorrectly handles function + definitions, allowing attackers to inject arbitrary code. +
+A remote attacker could exploit this vulnerability to execute arbitrary + commands even in restricted environments. +
+There is no known workaround at this time.
+All Bash 3.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p18:3.1"
+
+
+ All Bash 3.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52:3.2"
+
+
+ All Bash 4.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39:4.0"
+
+
+ All Bash 4.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12:4.1"
+
+
+ All Bash 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48"
+
+
+ Bash is the standard GNU Bourne Again SHell.
+Stephane Chazelas reported that Bash incorrectly handles function + definitions, allowing attackers to inject arbitrary code (CVE-2014-6271). + Gentoo Linux informed about this issue in GLSA 201409-09. +
+ +Tavis Ormandy reported that the patch for CVE-2014-6271 was incomplete. + As such, this GLSA supersedes GLSA 201409-09. +
+A remote attacker could exploit this vulnerability to execute arbitrary + commands even in restricted environments. +
+There is no known workaround at this time.
+All Bash 3.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p18-r1:3.1"
+
+
+ All Bash 3.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52-r1:3.2"
+
+
+ All Bash 4.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39-r1:4.0"
+
+
+ All Bash 4.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12-r1:4.1"
+
+
+ All Bash 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48-r1"
+
+
+ Bash is the standard GNU Bourne Again SHell.
+Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further + parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA + contain the official patches to fix the issues tracked as CVE-2014-6277, + CVE-2014-7186, and CVE-2014-7187. Furthermore, the official patch known + as “function prefix patch” is included which prevents the + exploitation of CVE-2014-6278. +
+A remote attacker could exploit these vulnerabilities to execute + arbitrary commands or cause a Denial of Service condition via various + vectors. +
+There is no known workaround at this time.
+All Bash 3.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p22:3.1"
+
+
+ All Bash 3.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p56:3.2"
+
+
+ All Bash 4.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p43:4.0"
+
+
+ All Bash 4.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p16:4.1"
+
+
+ All Bash 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p52"
+
+
+ Locale-Maketext - Perl framework for localization
+Two vulnerabilities have been reported in the Locale-Maketext module for + Perl, which can be exploited by malicious users to compromise an + application using the module. +
+ +The vulnerabilities are caused due to the “_compile()” function not + properly sanitising input, which can be exploited to inject and execute + arbitrary Perl code. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All users of the Locale-Maketext module should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=perl-core/Locale-Maketext-1.230.0"
+
+ VLC is a cross-platform media player and streaming server.
+Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted media + file using VLC, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All VLC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-2.1.2"
+
+
+ MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +
+Multiple unspecified vulnerabilities have been discovered in MySQL. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could exploit these vulnerabilities to cause + unspecified impact, possibly including remote execution of arbitrary + code, Denial of Service, or disclosure of sensitive information. +
+There is no known workaround at this time.
+All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40"
+
+
+ All MariaDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1"
+
+
+ TigerVNC is a high-performance VNC server/client.
+Two boundary errors in TigerVNC could lead to a heap-based buffer + overflow. +
+A remote attacker could entice a user to connect to a malicious VNC + server using TigerVNC, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All TigerVNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.3.1"
+
+
+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
+Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +
+A context-dependent attacker can possibly execute arbitrary code or + create a Denial of Service condition. +
+There is no known workaround at this time.
+All PHP 5.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.18"
+
+
+ All PHP 5.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.34"
+
+
+ All PHP 5.3 users should upgrade to the latest version. This release + marks the end of life of the PHP 5.3 series. Future releases of this + series are not planned. All PHP 5.3 users are encouraged to upgrade to + the current stable version of PHP 5.5 or previous stable version of PHP + 5.4, which are supported till at least 2016 and 2015 respectively. +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"
+
+ GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
+An absolute path traversal vulnerability has been found in GNU Wget.
+A remote FTP server is able to write to arbitrary files, and + consequently execute arbitrary code. +
+There is no known workaround at this time.
+All GNU Wget users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.16"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.418"
+
+
+ Openswan is an implementation of IPsec for Linux.
+A NULL pointer dereference has been found in Openswan.
+A remote attacker could create a Denial of Service condition.
+There is no known workaround at this time.
+Gentoo has discontinued support for Openswan. We recommend that users + unmerge Openswan: +
+ +
+ # emerge --unmerge "net-misc/openswan"
+
+
+ NOTE: The Gentoo developer(s) maintaining Openswan have discontinued + support at this time. It may be possible that a new Gentoo developer will + update Openswan at a later date. Alternatives packages such as Libreswan + and strongSwan are currently available in Gentoo Portage. +
+Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can + recover keys once enough data packets have been captured. +
+Multiple vulnerabilities have been discovered in Aircrack-ng. Please + review the CVE identifiers referenced below for details. +
+A local attacker can use this flaw to execute arbitrary code or gain + escalated privileges. A remote attacker execute arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Aircrack-ng users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-wireless/aircrack-ng-1.2_rc1"
+
+ Ansible is a radically simple IT automation platform.
+Multiple vulnerabilities have been discovered in Ansible. Please review + the CVE identifiers referenced below for details. +
+A local attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +
+There is no known workaround at this time.
+All Ansible users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/ansible-1.6.8"
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple unspecified vulnerabilities have been discovered in Asterisk. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could exploit the vulnerabilities to cause a man in + the middle attack or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.13.1"
+
+
+ Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and + more. +
+An assertion failure in processing of SSL-Bump has been found in Squid. + Heap based overflow is discovered when processing SNMP requests. +
+A remote attacker could send a specially crafted request, possibly + resulting in a executing of arbitrary code or Denial of Service + condition. +
+There is no known workaround at this time.
+All Squid users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.3.13-r1"
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A context-dependent attacker could cause a Denial of Service condition + and a local user can obtain sensitive information. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.1.2-r1"
+
+
+ nfs-utils contains the client and daemon implementations for the NFS + protocol. +
+rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending + on PTR resolution for GSSAPI authentication, allowing for data to be + submitted to a malicious server without the knowledge of the user. +
+A remote attacker may be able to obtain sensitive information.
+There is no known workaround at this time.
+All nfs-utils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.2.8"
+
+
+ Dovecot is an open source IMAP and POP3 email server.
+Dovecot does not properly close connections, allowing a resource + exhaustion for incomplete SSL/TLS handshakes. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All Dovecot users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.2.13"
+
+
+ libvirt is a C toolkit for manipulating virtual machines.
+Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service or cause + information leakage. A local attacker may be able to escalate privileges, + cause a Denial of Service or possibly execute arbitrary code. +
+There is no known workaround at this time.
+All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.2.9-r2"
+
+
+ Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +
+A heap-based buffer overflow exists in the cli_scanpe function in + libclamav/pe.c in ClamAV. +
+A remote attacker could possibly cause a Denial of Service condition via + a specially crafted file. +
+There is no known workaround at this time.
+All Clam AntiVirus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98.5"
+
+
+ libxml2 is the XML C parser and toolkit developed for the Gnome project.
+parser.c in libxml2 before 2.9.2 does not properly prevent entity + expansion even when entity substitution has been disabled. +
+A context-dependent attacker could entice a user to a specially crafted + XML file using an application linked against libxml2, possibly resulting + in a Denial of Service condition. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.2"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.425"
+
+
+ For more information on the packages listed in this GLSA, please see + their homepage referenced in the ebuild. +
+Vulnerabilities have been discovered in the packages listed below. + Please review the CVE identifiers in the Reference section for details. +
+ +A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, cause Denial of Service, obtain sensitive + information, or otherwise bypass security restrictions. +
+There are no known workarounds at this time.
+All Insight users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1"
+
+
+ All Perl Tk Module users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2"
+
+
+ All Source-Navigator users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4"
+
+
+ All Tk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1"
+
+
+ All Partimage users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8"
+
+
+ All Mlmmj users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1"
+
+
+ All acl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49"
+
+
+ All Xinit users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4"
+
+
+ All gzip users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4"
+
+
+ All ncompress users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3"
+
+
+ All liblzw users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2"
+
+
+ All splashutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-gfx/splashutils-1.5.4.3-r3"
+
+
+ All GNU M4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1"
+
+
+ All KDE Display Manager users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1"
+
+
+ All GTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7"
+
+
+ All KGet 4.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1"
+
+
+ All dvipng users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13"
+
+
+ All Beanstalk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6"
+
+
+ All Policy Mount users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23"
+
+
+ All pam_krb5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3"
+
+
+ All GNU gv users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1"
+
+
+ All LFTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6"
+
+
+ All Uzbl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05"
+
+
+ All Slim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2"
+
+
+ All iputils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418"
+
+
+ All DVBStreamer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1"
+
+
+ Gentoo has discontinued support for Bitdefender Console. We recommend + that users unmerge Bitdefender Console: +
+ +
+ # emerge --unmerge "app-antivirus/bitdefender-console"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures have + been available since 2011. It is likely that your system is already no + longer affected by these issues. +
+For more information on the packages listed in this GLSA, please see + their homepage referenced in the ebuild. +
+Vulnerabilities have been discovered in the packages listed below. + Please review the CVE identifiers in the Reference section for details. +
+ +A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, cause Denial of Service, obtain sensitive + information, or otherwise bypass security restrictions. +
+There are no known workarounds at this time.
+All FMOD Studio users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00"
+
+
+ All PEAR Mail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0"
+
+
+ All LVM2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72"
+
+
+ All GnuCash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4"
+
+
+ All xine-lib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19"
+
+
+ All Last.fm Scrobbler users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-sound/lastfmplayer-1.5.4.26862-r3"
+
+
+ All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7"
+
+
+ All shadow tool suite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3"
+
+
+ All PEAR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1"
+
+
+ All unixODBC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1"
+
+
+ All Resource Agents users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=sys-cluster/resource-agents-1.0.4-r1"
+
+
+ All mrouted users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5"
+
+
+ All rsync users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8"
+
+
+ All XML Security Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17"
+
+
+ All xrdb users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9"
+
+
+ All Vino users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2"
+
+
+ All OProfile users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1"
+
+
+ All syslog-ng users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4"
+
+
+ All sFlow Toolkit users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20"
+
+
+ All GNOME Display Manager users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3"
+
+
+ All libsoup users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3"
+
+
+ All CA Certificates users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-misc/ca-certificates-20110502-r1"
+
+
+ All Gitolite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1"
+
+
+ All QtCreator users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0"
+
+
+ Gentoo has discontinued support for Racer. We recommend that users + unmerge Racer: +
+ +
+ # emerge --unmerge "games-sports/racer-bin"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures have + been available since 2012. It is likely that your system is already no + longer affected by these issues. +
+For more information on the packages listed in this GLSA, please see + their homepage referenced in the ebuild. +
+Vulnerabilities have been discovered in the packages listed below. + Please review the CVE identifiers in the Reference section for details. +
+ +A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, cause Denial of Service, obtain sensitive + information, or otherwise bypass security restrictions. +
+There is no known workaround at this time.
+All EGroupware users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-apps/egroupware-1.8.004.20120613"
+
+
+ All VTE 0.32 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/vte-0.32.2"
+
+
+ All VTE 0.28 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/vte-0.28.2-r204"
+
+
+ All Layer Four Traceroute users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/lft-3.33"
+
+
+ All Suhosin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/suhosin-0.9.33"
+
+
+ All Slock users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/slock-1.0"
+
+
+ All Ganglia users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/ganglia-3.3.7"
+
+
+ All Jabber to GaduGadu Gateway users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gg-transport-2.2.4"
+
+
+ NOTE: This is a legacy GLSA. Updates for all affected architectures have + been available since 2013. It is likely that your system is already no + longer affected by these issues. +
+AMD64 x86 emulation base libraries provides pre-compiled 32-bit + libraries. +
+Multiple vulnerabilities have been discovered in AMD64 x86 emulation + base libraries. Please review the CVE identifiers referenced below for + details. +
+A context-dependent attacker may be able to execute arbitrary code, + cause a Denial of Service condition, or obtain sensitive information. +
+There is no known workaround at this time.
+All users of the AMD64 x86 emulation base libraries should upgrade to + the latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/emul-linux-x86-baselibs-20140406-r1"
+
+
+ NOTE: One or more of the issues described in this advisory have been + fixed in previous updates. They are included in this advisory for the + sake of completeness. It is likely that your system is already no longer + affected by them. +
+D-Bus is a message bus system, a simple way for applications to talk to + one another. +
+Multiple vulnerabilities have been discovered in D-Bus. Please review + the CVE identifiers referenced below for details. +
+A local attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All D-Bus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.8.10"
+
+
+ Chromium is an open-source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-39.0.2171.65"
+
+ Xfig is an interactive drawing tool.
+A stack-based buffer overflow and a stack consumption vulnerability have + been found in Xfig. +
+A remote attacker could entice a user to open a specially-crafted file, + potentially resulting in arbitrary code execution or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Xfig users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/xfig-3.2.5c"
+
+ MCollective is a framework to build server orchestration or parallel job + execution systems. +
+Two vulnerabilities have been found in MCollective:
+ +A local attacker can execute arbitrary a Trojan horse shared library, + potentially resulting in arbitrary code execution and privilege + escalation. Furthermore, a local attacker may be able to establish + unauthorized MCollective connections. +
+There is no known workaround at this time.
+All MCollective users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/mcollective-2.5.3"
+
+ Apache CouchDB is a distributed, fault-tolerant and schema-free + document-oriented database. +
+CouchDB does not properly sanitize the count parameter for Universally + Unique Identifiers (UUID) requests. +
+A remote attacker could send a specially crafted request to CouchDB, + possibly resulting in a Denial of Service condition. +
+The /_uuids handler can be disabled in local.ini with the following + configuration: +
+ +[httpd_global_handlers] + _uuids = +
+All CouchDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/couchdb-1.5.1"
+
+ Ghostscript is an interpreter for the PostScript language and for PDF.
+Multiple vulnerabilities have been discovered in GPL Ghostscript. Please + review the CVE identifiers referenced below for details. +
+A context-dependent attacker could entice a user to open a specially + crafted PostScript file or PDF using GPL Ghostscript, possibly resulting + in execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All GPL Ghostscript users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-text/ghostscript-gpl-9.10-r2"
+
+ FreeRDP is a free implementation of the remote desktop protocol.
+FreeRDP does not properly validate user-supplied input, which could lead + to an integer overflow in the xf_Pointer_New() function. +
+A remote attacker could execute arbitrary code with the privileges of + the process or cause Denial of Service. +
+There is no known workaround at this time.
+All FreeRDP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-misc/freerdp-1.1.0_beta1_p20130710-r1"
+
+ PPP is a Unix implementation of the Point-to-Point Protocol
+Integer overflow is discovered in the getword function in options.c in + PPP +
+A local attacker could execute process with extremely long options list, + possibly obtaining sensitive information. +
+There is no known workaround at this time.
+All PPP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.7"
+
+
+ GNUstep Base library is a free software package implementing the API of + the OpenStep Foundation Kit (tm), including later additions. +
+GNUstep Base library does not properly handle the file descriptor for + logging, when run as a daemon. +
+A remote attacker could send a specially crafted request, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All GNUstep Base library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=gnustep-base/gnustep-base-1.24.6-r1"
+
+ mod_wsgi is an Apache2 module for running Python WSGI applications.
+Two vulnerabilities have been found in mod_wsgi:
+ +A local attacker may be able to gain escalated privileges. Furthermore, + a remote attacker may be able to obtain sensitive information. +
+There is no known workaround at this time.
+All mod_wsgi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/mod_wsgi-3.5"
+
+ Django is a Python-based web framework.
+Multiple vulnerabilities have been discovered in Django. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to create a Denial of Service condition, + obtain sensitive information, or hijack web sessions. +
+There is no known workaround at this time.
+All Django 1.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.6.7"
+
+
+ All Django 1.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.5.10"
+
+
+ All Django 1.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.4.15"
+
+ Nagios is an open source host, service and network monitoring program.
+Multiple vulnerabilities have been discovered in Nagios. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code, cause a Denial + of Service condition, or obtain sensitive information. +
+There is no known workaround at this time.
+All Nagios users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-3.5.1"
+
+ OpenJPEG is an open-source JPEG 2000 library.
+Multiple vulnerabilities have been discovered in OpenJPEG. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted JPEG + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. Furthermore, a remote attacker may be able to obtain + sensitive information. +
+There is no known workaround at this time.
+All OpenJPEG users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-1.5.2"
+
+ QtGui is the GUI module and platform plugins for the Qt5 framework.
+A NULL pointer dereference has been found in QtGui.
+A remote attacker could send a specially crafted GIF image, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All QtGui users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.5-r2"
+
+ strongSwan is an IPSec implementation for Linux.
+A NULL pointer dereference and an error in the IKEv2 implementation have + been found in strongSwan. +
+A remote attacker could create a Denial of Service condition or bypass + security restrictions. +
+There is no known workaround at this time.
+All strongSwan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/strongswan-5.1.3"
+
+
+ Ruby is an object-oriented scripting language.
+Multiple vulnerabilities have been discovered in Ruby. Please review the + CVE identifiers referenced below for details. +
+A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process, cause a Denial of Service condition, or + bypass security restrictions. +
+There is no known workaround at this time.
+All Ruby 1.9 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"
+
+
+ All Ruby 2.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"
+
+
+ Ruby on Rails is a web-application and persistence framework.
+Multiple vulnerabilities have been discovered in Ruby on Rails. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code or cause a Denial of + Service condition. Furthermore, a remote attacker may be able to execute + arbitrary SQL commands, change parameter names for form inputs and make + changes to arbitrary records in the system, bypass intended access + restrictions, render arbitrary views, inject arbitrary web script or + HTML, or conduct cross-site request forgery (CSRF) attacks. +
+There is no known workaround at this time.
+All Ruby on Rails 2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rails-2.3.18"
+
+
+ NOTE: All applications using Ruby on Rails should also be configured to + use the latest version available by running “rake rails:update” + inside the application directory. +
+ +NOTE: This is a legacy GLSA and stable updates for Ruby on Rails, + including the unaffected version listed above, are no longer available + from Gentoo. It may be possible to upgrade to the 3.2, 4.0, or 4.1 + branches, however these packages are not currently stable. +
+Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
+Multiple vulnerabilities have been discovered in Tomcat. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition as + well as obtain sensitive information, bypass protection mechanisms and + authentication restrictions. +
+There is no known workaround at this time.
+All Tomcat 6.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"
+
+
+ All Tomcat 7.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"
+
+ Varnish is a web application accelerator.
+Multiple vulnerabilities have been discovered in Varnish. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service condition via a + specially crafted GET request. Furthermore a local attacker could obtain + sensitive information through insecure permissions on logfiles. +
+There is no known workaround at this time.
+All Varnish users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/varnish-3.0.5"
+
+
+ ZNC is an advanced IRC bouncer.
+Multiple NULL pointer dereferences have been found in ZNC.
+A remote attacker could send a specially crafted request, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All ZNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/znc-1.2-r1"
+
+
+ sendmail is a widely-used Mail Transport Agent (MTA).
+The sm_close_on_exec function in conf.c has arguments in the wrong + order. +
+A local attacker could get access to unintended high-numbered file + descriptors via a specially crafted program. +
+There is no known workaround at this time.
+All sendmail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.14.9"
+
+
+ PowerDNS Recursor is a high-end, high-performance resolving name server
+Multiple vulnerabilities have been discovered in PowerDNS Recursor. + Please review the CVE identifiers and PowerDNS blog post referenced below + for details. +
+A remote attacker may be able to send specially crafted packets, + possibly resulting in arbitrary code execution or a Denial of Service + condition. Furthermore, a remote attacker may be able to spoof DNS data. +
+There is no known workaround at this time.
+All PowerDNS Recursor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.6.1-r1"
+
+ NTP is a protocol designed to synchronize the clocks of computers over a + network. The net-misc/ntp package contains the official reference + implementation by the NTP Project. +
+Multiple vulnerabilities have been discovered in NTP. Please review the + CVE identifiers referenced below for details. +
+A remote unauthenticated attacker may be able to execute arbitrary code + with the privileges of the process, cause a Denial of Service condition, + and obtain sensitive information that could assist in other attacks. +
+There is no known workaround at this time.
+All NTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8"
+
+ RSYSLOG is an enhanced multi-threaded syslogd with database support and + more. +
+Multiple vulnerabilities have been discovered in RSYSLOG. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker may be able to create a Denial of Service + condition. +
+There is no known workaround at this time.
+All RSYSLOG users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/rsyslog-8.4.2"
+
+ libvirt is a C toolkit for manipulating virtual machines.
+Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker may be able to cause Denial of Service.
+There is no known workaround at this time.
+All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.2.10-r3"
+
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A context-dependent attacker may be able to execute arbitrary code, + cause a Denial of Service condition, obtain sensitive information, or + bypass security restrictions. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.1.2-r2"
+
+
+ Icecast is an open source alternative to SHOUTcast that supports MP3, + OGG (Vorbis/Theora) and AAC streaming. +
+Two vulnerabilities have been discovered in Icecast:
+ +A local attacker can possibly gain escalated privileges or obtain + sensitive information. +
+There is no known workaround at this time.
+All Icecast users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.1"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition, + perform Man-in-the-Middle attacks, obtain sensitive information, or + bypass security restrictions. +
+There is no known workaround at this time.
+All OpenSSL 1.0.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"
+
+
+ All OpenSSL 0.9.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+The Free Lossless Audio Codec (FLAC) library is the reference + implementation of the FLAC audio file format. +
+A stack-based buffer overflow flaw has been discovered in FLAC.
+A remote attacker could entice a user to open a specially crafted .flac + file using an application linked against FLAC, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All FLAC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/flac-1.3.1-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+OpenVPN is a multi-platform, full-featured SSL VPN solution.
+OpenVPN does not properly handle control channel packets that are too + small. +
+A remote authenticated attacker could send a specially crafted control + channel packet, possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All OpenVPN users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.3.6"
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +
+A local user could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.5-r1"
+
+
+ All xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.3.3-r3"
+
+
+ MuPDF is a lightweight PDF viewer and toolkit written in portable C.
+Multiple vulnerabilities have been discovered in MuPDF. Please review + the CVE identifier and Secunia Research referenced below for details. +
+A remote attacker could entice a user to open a specially crafted PDF + using MuPDF, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All MuPDF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.3_p20140118"
+
+ policycoreutils is a collection of SELinux policy utilities.
+The seunshare utility is owned by root with 4755 permissions which can + be exploited by a setuid system call. +
+A local attacker may be able to gain escalated privileges.
+There is no known workaround at this time.
+All policycoreutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=sys-apps/policycoreutils-2.2.5-r4"
+
+ Facter is a cross-platform Ruby library for retrieving facts from + operating systems. +
+Facter includes the current working directory in the search path.
+A local attacker may be able to gain escalated privileges.
+There is no known workaround at this time.
+All Facter users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/facter-1.7.6"
+
+ LittleCMS, or short lcms, is a color management system for working with + ICC profiles. It is used by many applications including GIMP and Firefox. +
+Multiple stack-based buffer overflows and a profile parser error have + been found in LittleCMS. +
+A remote attacker could entice a user or automated system to open a + specially crafted file containing a malicious ICC profile, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All LittleCMS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/lcms-2.6-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+ +NOTE: Gentoo has discontinued support for the LittleCMS 1.9 branch.
+TORQUE is a resource manager and queuing system based on OpenPBS.
+Multiple vulnerabilities have been discovered in TORQUE Resource + Manager. Please review the CVE identifiers referenced below for details. +
+A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, or bypass security restrictions. +
+There is no known workaround at this time.
+All TORQUE Resource Manager 4.x users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/torque-4.1.7"
+
+
+ All TORQUE Resource Manager 2.x users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/torque-2.5.13"
+
+
+ NOTE: One or more of the issues described in this advisory have been + fixed in previous updates. They are included in this advisory for the + sake of completeness. It is likely that your system is already no longer + affected by them. +
+The file utility attempts to identify a file’s format by scanning + binary data for patterns. +
+An issue with the ELF parser used by the file utility can cause a + resource consumption when reading a specially-crafted ELF binary. +
+A context-dependent attacker may be able to cause Denial of Service.
+There is no known workaround at this time.
+All file users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-5.21"
+
+
+ fish is the Friendly Interactive SHell.
+Multiple vulnerabilities have been discovered in fish. Please review the + CVE identifiers referenced below for details. +
+A local attacker may be able to gain escalated privileges or overwrite + arbitrary files. Furthermore, a remote attacker may be able to execute + arbitrary code. +
+There is no known workaround at this time.
+All fish users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/fish-2.1.1"
+
+
+ getmail is a POP3 mail retriever with reliable Maildir and mbox + delivery. +
+Multiple vulnerabilities have been discovered in getmail. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could cause a man-in-the-middle attack via multiple + vectors to obtain sensitive information. +
+There is no known workaround at this time.
+All getmail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/getmail-4.46.0"
+
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple unspecified vulnerabilities have been discovered in Asterisk. + Please review the CVE identifiers referenced below for details. +
+Unauthenticated remote attackers can cause Denial of Service or bypass + intended ACL restrictions. Authenticated remote attackers can gain + escalated privileges. +
+There is no known workaround at this time.
+All asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.14.2"
+
+
+ Wireshark is a network protocol analyzer formerly known as ethereal.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker can cause a Denial of Service condition via specially + crafted packets. +
+There is no known workaround at this time.
+All Wireshark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.12.2"
+
+
+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +
+Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code with the privileges of + the process or cause Denial of Service. +
+There is no known workaround at this time.
+All MIT Kerberos 5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13"
+
+
+ mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and + 3. +
+An issue has been found in mpg123 when decoding specifically crafted MP3 + file, that causes a heap-based buffer overflow. +
+A remote attacker could entice a user to open a specially crafted MPEG + file using mpg123, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All mpg123 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/mpg123-1.18.1"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.442"
+
+
+ BIND (Berkeley Internet Name Domain) is a Name Server.
+Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +
+A remote attacker can cause a denial of service condition by the lack of + GeoIP databases, or via a large or infinite number of referrals. +
+There is no known workaround at this time.
+All bind users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.1_p1"
+
+
+ MediaWiki is a collaborative editing software used by large projects + such as Wikipedia. +
+Multiple vulnerabilities have been discovered in MediaWiki. Please + review the CVE identifiers and MediaWiki announcement referenced below + for details. +
+A remote attacker may be able to execute arbitrary code with the + privileges of the process, create a Denial of Service condition, obtain + sensitive information, bypass security restrictions, and inject arbitrary + web script or HTML. +
+There is no known workaround at this time.
+All MediaWiki 1.23 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.8"
+
+
+ All MediaWiki 1.22 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.22.15"
+
+
+ All MediaWiki 1.19 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.23"
+
+ tcpdump is a tool for capturing and inspecting network traffic.
+Multiple vulnerabilities have been discovered in tcpdump:
+ +A remote attacker may be able to send a specially crafted packet, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. +
+There is no known workaround at this time.
+All tcpdump users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.6.2-r1"
+
+ nginx is a robust, small, and high performance HTTP and reverse proxy + server. +
+An SSL session fixation vulnerability has been found in nginx when + multiple servers use the same shared ssl_session_cache or + ssl_session_ticket_key. +
+A remote attacker may be able to obtain sensitive information.
+There is no known workaround at this time.
+All nginx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.7.6"
+
+ libevent is a library to execute a function when a specific event occurs + on a file descriptor. +
+Multiple integer overflow errors in libevent could cause a heap-based + buffer overflow. +
+A context-dependent attacker could cause an application linked against + libevent to pass an excessively long input through evbuffer, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All libevent users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libevent-2.0.22"
+
+ Libav is a complete solution to record, convert and stream audio and + video. +
+Multiple vulnerabilities have been discovered in Libav. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted media + file in an application linked against Libav, possibly resulting in + execution of arbitrary code with the privileges of the application or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Libav users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/libav-9.17"
+
+ Antiword is a free MS Word reader.
+A buffer overflow vulnerability has been found in wordole.c in Antiword.
+A remote attacker could entice a user to open a specially crafted + document using Antiword, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Antiword users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/antiword-0.37-r1"
+
+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +
+Two vulnerabilities have been discovered in libpng:
+ +A context-dependent attacker could entice a user to open a specially + crafted PNG file using an application linked against libpng, possibly + resulting in execution of arbitrary code. +
+There is no known workaround at this time.
+All libpng 1.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.16"
+
+
+ All libpng 1.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.21"
+
+ GNU cpio copies files into or out of a cpio or tar archive.
+Two vulnerabilities have been discovered in GNU cpio:
+ +A remote attacker may be able to entice a user to open a specially + crafted archive using GNU cpio, possibly resulting in execution of + arbitrary code, a Denial of Service condition, or overwriting arbitrary + files. +
+There is no known workaround at this time.
+All GNU cpio users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.11-r3"
+
+ Oracle’s Java SE Development Kit and Runtime Environment
+Multiple vulnerabilities have been discovered in Oracle’s Java SE + Development Kit and Runtime Environment. Please review the CVE + identifiers referenced below for details. +
+A context-dependent attacker may be able to execute arbitrary code, + disclose, update, insert, or delete certain data. +
+There is no known workaround at this time.
+All Oracle JRE 1.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.7.0.71"
+
+
+ All Oracle JDK 1.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.7.0.71"
+
+
+ All users of the precompiled 32-bit Oracle JRE should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/emul-linux-x86-java-1.7.0.71"
+
+ Chromium is an open-source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition, + gain privileges via a filesystem: URI, or have other unspecified impact. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-40.0.2214.111"
+
+
+ grep is the GNU regular expression matcher.
+A heap buffer overrun has been fixed in the bmexec_trans function in + kwset.c. +
+A local user can cause Denial of Service.
+There is no known workaround at this time.
+All grep users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.21-r1"
+
+
+ Samba is a suite of SMB and CIFS client/server programs.
+Multiple vulnerabilities have been discovered in Samba. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker may be able to execute arbitrary code, + cause a Denial of Service condition, bypass intended file restrictions, + or obtain sensitive information. +
+There is no known workaround at this time.
+All Samba users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-3.6.25"
+
+ JasPer is a software-based implementation of the codec specified in the + JPEG-2000 Part-1 standard. +
+Multiple vulnerabilities have been discovered in JasPer. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted file + using JasPer, possibly resulting in execution of arbitrary code. +
+There is no known workaround at this time.
+All jasper users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r9"
+
+
+ D-Bus is a message bus system, a simple way for applications to talk to + one another. +
+D-Bus doesn’t validate the source of ActivationFailure signals.
+A local attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All D-Bus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.8.16"
+
+
+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
+Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +
+A remote attacker can leverage these vulnerabilities to execute + arbitrary code or cause Denial of Service. +
+There is no known workaround at this time.
+All PHP 5.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.21"
+
+
+ All PHP 5.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.37"
+
+
+ All PHP 5.3 users should upgrade to the latest version. This branch is + currently past the end of life and it will no longer receive security + fixes. All PHP 5.3 users are strongly recommended to upgrade to the + current stable version of PHP 5.5 or previous stable version of PHP 5.4, + which are supported till at least 2016 and 2015 respectively. +
+The GNU C library is the standard C library used by Gentoo Linux + systems. +
+Multiple vulnerabilities have been discovered in the GNU C Library. + Please review the CVE identifiers referenced below for details. +
+A local attacker may be able to execute arbitrary code or cause a Denial + of Service condition,. +
+There is no known workaround at this time.
+All glibc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.19-r1"
+
+
+ FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +
+A remote attacker can cause Denial of Service.
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.5.5"
+
+
+ ICU is a mature, widely used set of C/C++ and Java libraries providing + Unicode and Globalization support for software applications. +
+Multiple vulnerabilities have been discovered in ICU. Please review the + CVE identifiers referenced below for details. +
+A remote attacker can cause Denial of Service.
+There is no known workaround at this time.
+All ICU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-54.1-r1"
+
+
+ hivex is a library for reading and writing Windows Registry ‘hive’ + binary files. +
+Manipulating a short or truncated hive file may trigger an out-of-bounds + read or write in hivex. +
+A context-dependent attacker could cause an application linked against + hivex to pass a short or truncated hive file, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All hivex users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/hivex-1.3.11"
+
+ The file utility attempts to identify a file’s format by scanning + binary data for patterns. +
+Multiple issues with the ELF parser used by the file utility have been + detected and fixed. +
+A context-dependent attacker can cause Denial of Service.
+There is no known workaround at this time.
+All file users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-5.22"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or bypass + security restrictions. +
+There is no known workaround at this time.
+All adobe-flash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.451"
+
+
+ Python is an interpreted, interactive, object-oriented programming + language. +
+Multiple vulnerabilities have been discovered in Python. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker may be able to execute arbitrary code or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Python 3.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1"
+
+
+ All Python 2.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been found in OpenSSL. Please review the + CVE identifiers and the upstream advisory referenced below for details: +
+ +The following issues affect OpenSSL 1.0.2 only which is not part of the + supported Gentoo stable tree: +
+ +A remote attacker can utilize multiple vectors to cause Denial of + Service or Information Disclosure. +
+There is no known workaround at this time.
+All OpenSSL 1.0.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1l-r1"
+
+
+ All OpenSSL 0.9.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p5-r1"
+
+
+ Packages which depend on the OpenSSL library need to be restarted for + the upgrade to take effect. Some packages may need to be recompiled. + Tools such as revdep-rebuild may assist in identifying some of these + packages. +
+Chromium is an open-source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition, + bypass security restrictions, or have other unspecified impact. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-41.0.2272.76"
+
+
+ BusyBox is set of tools for embedded systems and is a replacement for + GNU Coreutils. +
+Multiple vulnerabilities have been discovered in BusyBox. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker can load kernel modules without privileges + by nullifying enforced module + prefixes. Execution of arbitrary files or a Denial of Service can be + caused through the included vulnerable LZO library. +
+There is no known workaround at this time.
+All BusyBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.23.1"
+
+
+ Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an + open-source email client, both from the Mozilla Project. The SeaMonkey + project is a community effort to deliver production-quality releases of + code derived from the application formerly known as the ‘Mozilla + Application Suite’. +
+Multiple vulnerabilities have been discovered in Firefox, Thunderbird, + and SeaMonkey. Please review the CVE identifiers referenced below for + details. +
+A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. Furthermore, a remote attacker may be able + to perform Man-in-the-Middle attacks, obtain sensitive information, spoof + the address bar, conduct clickjacking attacks, bypass security + restrictions and protection mechanisms, or have other unspecified + impact. +
+There are no known workarounds at this time.
+All firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3"
+
+
+ All firefox-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3"
+
+
+ All thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"
+
+
+ All thunderbird-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-31.5.0"
+
+
+ All seamonkey users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1"
+
+
+ All seamonkey-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.33.1"
+
+
+ All nspr users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6"
+
+
+ sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +
+sudo does not handle the TZ environment variable properly.
+A local attacker may be able to read arbitrary files or information from + device special files. +
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.12"
+
+ Apache HTTP Server is one of the most popular web servers on the + Internet. +
+Multiple vulnerabilities have been discovered in Apache HTTP Server. + Please review the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All Apache users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.29"
+
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +
+A local attacker could possibly cause a Denial of Service condition or + obtain sensitive information. +
+There is no known workaround at this time.
+All Xen 4.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.4.2-r1"
+
+
+ All Xen 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.5-r8"
+
+ MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +
+Multiple vulnerabilities have been discovered in MySQL and MariaDB. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could exploit vulnerabilities to possibly cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.22"
+
+
+ All MariaDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.16"
+
+
+ The X Window System is a graphical windowing system based on a + client/server model. +
+Multiple vulnerabilities have been discovered in X.Org X Server. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All X.Org X Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.12.4-r4"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.457"
+
+
+ Ettercap is a comprehensive suite for man in the middle attacks.
+Multiple vulnerabilities have been discovered in Ettercap. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Ettercap users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.8.2"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.460"
+
+
+ phpMyAdmin is a web-based management tool for MySQL databases.
+Multiple vulnerabilities have been discovered in phpMyAdmin. Please + review the CVE identifiers referenced below for details. +
+A remote authenticated attacker could exploit these vulnerabilities to + include and execute arbitrary local files via a crafted parameter, inject + SQL code, or to conduct Cross-Site Scripting attacks. +
+There is no known workaround at this time.
+All phpMyAdmin 4.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.2.13"
+
+
+ All phpMyAdmin 4.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.1.14.7"
+
+
+ All phpMyAdmin 4.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.10.6"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.466"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + and Transport Layer Security as well as a general purpose cryptography + library. +
+Multiple vulnerabilities have been found in OpenSSL. Please review the + CVE identifiers referenced below for details. +
+A remote attacker can cause Denial of Service and information + disclosure. +
+There is no known workaround at this time.
+All OpenSSL 1.0.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"
+
+
+ All OpenSSL 0.9.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"
+
+
+ GnuTLS is an Open Source implementation of the TLS and SSL protocols.
+Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers and external references below for details. +
+A context-dependent attacker can cause a denial of service condition.
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.3.15"
+
+
+ Chromium is an open-source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +
+A remote attacker can cause arbitrary remote code execution, Denial of + Service or bypass of security mechanisms. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-43.0.2357.65"
+
+
+ chrony is a versatile implementation of the Network Time Protocol (NTP).
+Multiple vulnerabilities have been discovered in chrony. Please review + the CVE identifiers referenced below for details. +
+A remote attacker can cause arbitrary remote code execution or Denial of + service condition. +
+There is no known workaround at this time.
+All chrony users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/chrony-1.31.1"
+
+
+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +
+Tor does not handle data correctly when specifically crafted data is + sent, and also fails to properly verify a descriptor provided by a hidden + service directory. +
+A remote attacker could cause a Denial of Service condition in both a + Tor client or a Tor server. +
+There is no known workaround at this time.
+All Tor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.6.7"
+
+
+ Exiv2 is a C++ library and a command line utility to manage image + metadata. +
+Exiv2 has a buffer overflow in the RiffVideo::infoTagsHandler function + in riffvideo.cpp. +
+A remote attacker could possibly cause a Denial of Service condition via + a specially crafted AVI file with IKEY INFO tag. +
+There is no known workaround at this time.
+All Exiv2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.24-r1"
+
+
+ International Components for Unicode is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +
+Multiple vulnerabilities have been discovered in International + Components for Unicode. Please review the CVE identifiers referenced + below for details. +
+A remote attacker could execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All International Components for Unicode users should upgrade to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-55.1"
+
+
+ SQLite is a C library that implements an SQL database engine.
+Multiple vulnerabilities have been discovered in SQLite. Please review + the CVE identifiers referenced below for details. +
+A context-dependent attacker could possibly cause a Denial of Service + condition. +
+There is no known workaround at this time.
+All SQLite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.8.9"
+
+
+ UnRTF is a command-line program which converts RTF documents to other + formats. +
+Multiple vulnerabilities have been discovered in UnRTF. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All UnRTF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/unrtf-0.21.9"
+
+
+ LibVNCServer is a cross-platform C library that allows you to easily + implement VNC server functionality in your program. +
+Multiple vulnerabilities have been discovered in LibVNCServer. Please + review the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All LibVNCServer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.9.10-r1"
+
+
+ libxml2 is the XML C parser and toolkit developed for the Gnome project.
+libxml2 returns the empty string when the allocation limit is + encountered while constructing the attribute value string. +
+A remote attacker may be able to cause Denial of Service via a specially + crafted XML file. +
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.2-r1"
+
+
+ PyPAM is a PAM binding for Python.
+PyPAM does not handle passwords correctly if there is NULL byte in the + string. +
+A remote attacker could possibly execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All PyPAM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pypam-0.5.0-r3"
+
+
+ t1utils is a collection of simple Type 1 font manipulation programs.
+t1utils has a buffer overflow in the set_cs_start function in + t1disasm.c. +
+A remote attacker could cause a denial of service and possibly execute + arbitrary code via a crafted font file. +
+There is no known workaround at this time.
+All t1utils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/t1utils-1.39"
+
+
+ Perl is a highly capable, feature-rich programming language.
+S_regmatch() function lacks proper checks before passing arguments to + atoi() +
+A remote attacker could send a specially crafted input, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Perl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.20.1-r4"
+
+
+ libCapsiNetwork is a C++ network library to allow fast development of + server daemon processes. +
+An off-by-one buffer overflow in libcapsinetwork network handling code + is discovered. +
+A remote attacker could send a specially crafted request to application, + that is linked with libcapsinetwork, possibly resulting in a Denial of + Service condition. +
+There is no known workaround at this time.
+Gentoo discontinued support for libCapsiNetwork. + We recommend that users unmerge it: +
+ +
+ # emerge --unmerge "net-libs/libcapsinetwork"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.481"
+
+
+ The Oracle Java Development Kit (JDK) and the Oracle Java Runtime + Environment (JRE) provide the Oracle Java platform. +
+Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please + review the CVE identifiers referenced below for details. +
+An context-dependent attacker may be able to influence the + confidentiality, integrity, and availability of Java + applications/runtime. +
+There is no workaround at this time.
+All Oracle JRE 8 users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.31
+
+
+ All Oracle JDK 8 users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.31
+
+
+ All Oracle JRE 7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.7.0.76
+
+
+ All Oracle JDK 7 users should upgrade to the latest stable version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.7.0.76
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+During certificate verification, OpenSSL attempts to find an alternative + certificate chain if the first attempt to build such a chain fails. +
+A remote attacker could cause certain checks on untrusted + certificates to be bypassed, such as the CA flag, enabling them to use a + valid leaf certificate to act as a CA and “issue” an invalid + certificate. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1p"
+
+
+ Portage is the package management and distribution system for Gentoo.
+Portage does not verify X.509 SSL certificates properly if HTTPS is + used. +
+A remote attacker can spoof servers and modify binary package lists via + specially crafted certificates. +
+There is no known workaround at this time.
+All Portage users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.12.2"
+
+
+ SNMP is a widely used protocol for monitoring the health and welfare of + network equipment. +
+A specially crafted trap message triggers a conversion to an erroneous + variable type when the -OQ option is used. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All SNMP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-analyzer/net-snmp-5.7.3_pre5-r1"
+
+
+ Chromium is an open-source web browser project.
+Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could bypass security restrictions.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-43.0.2357.130"
+
+
+ MySQL is a fast, multi-threaded, multi-user SQL database server.
+Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + application or a Denial of Service condition. +
+There is no known workaround at this time.
+All MySQL 5.5.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.43"
+
+
+ All MySQL 5.6.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.24"
+
+
+ PostgreSQL is an open source object-relational database management + system. +
+Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition or + escalate privileges. +
+There is no known workaround at this time.
+All PostgreSQL 9.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.0.21"
+
+
+ All PostgreSQL 9.1.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.1.17"
+
+
+ All PostgreSQL 9.2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.12"
+
+
+ All PostgreSQL 9.3.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.8"
+
+
+ All PostgreSQL 9.4.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.3"
+
+ libXfont is an X11 font rasterisation library.
+Multiple vulnerabilities have been discovered in libXfont. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All libXfont 1.4.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.9"
+
+
+ All libXfont 1.5.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.1"
+
+
+ e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 + file systems. +
+e2fsprogs has a heap-based buffer overflow in closefs.c in the libext2fs + library. +
+A local attacker could execute arbitrary code via a specially crafted + block group descriptor. +
+There is no known workaround at this time.
+All e2fsprogs users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/e2fsprogs-1.42.13"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.508"
+
+ libgadu is a library that implements the client side of the Gadu-Gadu + protocol. +
+libgadu contains multiple vulnerabilities:
+ +A remote attacker may be able to execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or spoof + servers. +
+There is no known workaround at this time.
+All libgadu users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libgadu-1.12.0"
+
+
+ Icecast is an open source alternative to shoutcast that supports mp3, + ogg (vorbis/theora) and aac streaming. +
+When stream_auth handler is defined for URL authentication and a request + is sent without login credentials, a Denial of Service condition can + occur. +
+ +A remote attacker could possibly cause a Denial of Service condition.
+Users of affected versions can change stream_auth mountpoints to use + password authentication instead. +
+All icecast users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.2"
+
+
+ NTP contains software for the Network Time Protocol.
+Multiple vulnerabilities have been discovered in NTP. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All NTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p3"
+
+
+ cURL is a tool and libcurl is a library for transferring data with URL + syntax. +
+Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly obtain sensitive information, or cause + a Denial of Service condition. +
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
+
+
+ Cacti is a complete frontend to rrdtool
+Multiple vulnerabilities have been discovered in cacti. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Cacti users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8d"
+
+
+ libtasn1 is an ASN.1 library
+Multiple vulnerabilities have been discovered in libtasn1. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libtasn1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-1.4.5"
+
+
+ NetworkManager is an universal network configuration daemon for laptops, + desktops, servers and virtualization hosts. +
+IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a + low hop limit causes a Denial of Service by lowering the hop limit on + existing IPv6 routes in NetworkManager. +
+ +A remote attacker on the same network segment could cause a Denial of + Service condition in NetworkManager +
+There is no known workaround at this time.
+All NetworkManager users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/networkmanager-1.0.2"
+
+
+ Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +
+A vulnerability in Git causing Git-compatible clients that access + case-insensitive or case-normalizing filesystems to overwrite the + .git/config when cloning or checking out a repository, leading to + execution of arbitrary commands. +
+An attacker can execute arbitrary commands on a client machine that + clones a crafted malicious Git tree. +
+There is no known workaround at this time.
+All Git 1.8.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.8.5.6"
+
+
+ All Git 1.9.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.9.5"
+
+
+ All Git 2.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.0.5"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.521"
+
+ BIND (Berkeley Internet Name Domain) is a Name Server.
+A vulnerability has been discovered in BIND’s named utility leading to + a Denial of Service condition. +
+A remote attacker may be able to cause Denial of Service condition via + specially constructed zone data. +
+There is no known workaround at this time.
+All BIND users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.2_p4"
+
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Heap-based buffer overflow has been found in QEMU’s PCNET controller.
+A remote attacker could execute arbitrary code via a specially crafted + packets. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.3.0-r4"
+
+
+ Wireshark is a network protocol analyzer formerly known as ethereal.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All Wireshark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.12.7"
+
+
+ tcpdump is a Tool for network monitoring and data acquisition.
+Multiple vulnerabilities have been discovered in tcpdump. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All tcpdump users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.7.4"
+
+
+ MediaWiki is a collaborative editing software used by large projects + such as Wikipedia. +
+Multiple vulnerabilities have been discovered in MediaWiki. Please + review the CVE identifiers referenced below for details. +
+A remote attacker may be able to create a Denial of Service condition, + obtain sensitive information, bypass security restrictions, and inject + arbitrary web script or HTML. +
+There is no known workaround at this time.
+All MediaWiki 1.25 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.25.2"
+
+
+ All MediaWiki 1.24 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.24.3"
+
+
+ All MediaWiki 1.23 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.10"
+
+ Django is a Python-based web framework.
+Multiple vulnerabilities have been found in Django:
+ +A remote attacker may be able cause a Denial of Service condition, + inject arbitrary headers, and conduct HTTP response splitting attacks. +
+There is no known workaround at this time.
+All Django 1.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.8.3"
+
+
+ All Django 1.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.7.9"
+
+
+ All Django 1.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-1.4.21"
+
+ CUPS, the Common Unix Printing System, is a full-featured print server.
+Multiple vulnerabilities have been discovered in cups. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All CUPS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-2.0.3"
+
+
+ cups-filters is an OpenPrinting CUPS Filters.
+Multiple vulnerabilities have been discovered in cups-filters. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted print + job using cups-filters, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All cups-filters users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.0.71"
+
+
+ MirBSD Korn Shell is an actively developed free implementation of the + Korn Shell programming language and a successor to the Public Domain Korn + Shell. +
+Improper sanitation of environment import allows for appending of values + to passed parameters. +
+An attacker who already had access to the environment could so append + values to parameters passed through programs (including sudo(8) or + setuid) to shell scripts, including indirectly, after those programs + intended to sanitise the environment, e.g. invalidating the last $PATH + component. +
+There is no known workaround at this time.
+All mksh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/mksh-50c"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.548"
+
+
+ Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP + server. +
+An out-of-bounds read vulnerability has been found in the tcp_request + function in Dnsmasq. +
+A remote attacker could send a specially crafted DNS request, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Dnsmasq users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.72-r2"
+
+
+ IPython is an advanced interactive shell for Python.
+IPython does not properly check the MIME type of a file.
+A remote attacker could entice a user to open a specially crafted text + file using IPython, possibly resulting in execution of arbitrary + JavaScript with the privileges of the process. +
+There is no known workaround at this time.
+All IPython users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/ipython-3.2.1-r1"
+
+ GNU GRUB is a multiboot boot loader used by most Linux systems.
+An integer underflow in GRUB’s username/password authentication code + has been discovered. +
+An attacker with access to the system console may bypass the username + prompt by entering a sequence of backspace characters, allowing them e.g. + to get full access to GRUB’s console or to load a customized kernel. +
+There is no known workaround at this time.
+All GRUB 2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.02_beta2-r8"
+
+
+ After upgrading, make sure to run the grub2-install command with options + appropriate for your system. See the GRUB2 Quick Start guide in the + references below for examples. Your system will be vulnerable until this + action is performed. +
+OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +
+Multiple vulnerabilities have been discovered in OpenSSH. Please review + the CVE identifiers referenced below for details. +
+There is no known workaround at this time.
+All openssh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.1_p1-r2"
+
+
+ gdk-pixbuf is an image loading library for GTK+.
+Three heap-based buffer overflow vulnerabilities have been discovered in + gdk-pixbuf. Please review the CVE identifiers referenced below for + details. +
+A remote attacker could entice a user to open a specially crafted image + file with an application linked against gdk-pixbuf, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All gdk-pixbuf users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.32.1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +
+MPFR is a library for multiple-precision floating-point computations + with exact rounding. +
+MPFR fails to adequately check user-supplied input, which could lead to + a buffer overflow. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All MPFR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/mpfr-3.1.3_p4"
+
+
+ GStreamer is an open source multimedia framework.
+A buffer overflow vulnerability has been found in the parsing of H.264 + formatted video. +
+A remote attacker could entice a user to open a specially crafted H.264 + formatted video using an application linked against GStreamer, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All GStreamer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.4.5"
+
+
+ ClamAV is a GPL virus scanner.
+Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could cause ClamAV to scan a specially crafted file, + possibly resulting in a Denial of Service condition or other unspecified + impact. +
+There is no known workaround at this time.
+All ClamAV users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98.7"
+
+ Encfs is an implementation of encrypted filesystem in user-space using + FUSE. +
+Multiple vulnerabilities have been discovered in encfs. Please review + the CVE identifiers referenced below for details. +
+A local attacker can utilize a possible buffer overflow in the + encodeName method of StreamNameIO and BlockNameIO to execute arbitrary + code or cause a Denial of Service. Also multiple weak cryptographics + practices have been found in encfs. +
+There is no known workaround at this time.
+All encfs users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/encfs-1.7.5"
+
+
+ Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an + open-source email client, both from the Mozilla Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox and + Mozilla Thunderbird. Please review the CVE identifiers referenced below + for details. +
+A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"
+
+
+ All Firefox-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"
+
+
+ All Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"
+
+
+ All Thunderbird-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-38.5.0"
+
+
+ Firebird is a multi-platform, open source relational database.
+The vulnerability is caused due to an error when processing requests + from remote clients. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Firebird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/firebird-2.5.3.26780.0-r3"
+
+
+ NOTE: Firebird package was moved to the testing branch (unstable) of + Gentoo. There is currently no stable version of Firebird, and there will + be no further GLSAs for this package. +
+KDE workspace configuration module for setting the date and time has a + helper program + which runs as root for performing actions. +
+KDE Systemsettings fails to properly validate user input before passing + it as argument in context of higher privilege. +
+A local attacker could gain privileges via a crafted ntpUtility (ntp + utility name) argument. +
+Add a polkit rule to disable the org.kde.kcontrol.kcmclock.save action.
+All KDE Systemsettings users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=kde-base/systemsettings-4.11.13-r1"
+
+
+ InspIRCd is a modular Internet Relay Chat (IRC) server written in C++ + which was created from scratch to be stable, modern and lightweight. +
+Multiple vulnerabilities have been discovered in InspIRCd. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All InspIRCd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/inspircd-2.0.20"
+
+
+ OpenSSH is a complete SSH protocol implementation that includes SFTP + client and server support. +
+Qualys have reported two issues in the “roaming” code included in + the OpenSSH client, which provides undocumented, experimental support for + resuming SSH connections. An OpenSSH client could be tricked into leaking + parts of its memory to a malicious server. Furthermore, a buffer overflow + can be exploited by a malicious server, but its exploitation requires + non-default options and is mitigated due to another bug. +
+A remote attacker could entice a user to connect to a specially crafted + OpenSSH server, possibly resulting in the disclosure of the user’s + private keys. Users with private keys that are not protected by a + passphrase are advised to generate new keys if they have connected to an + SSH server they don’t fully trust. +
+ +Note that no special configuration is required to be vulnerable as the + roaming feature is enabled by default on the client. +
+The issues can be worked around by disabling the roaming code. To do so, + add “UseRoaming no” to the SSH client configuration, or specify “-o + ‘UseRoaming no’” on the command line. +
+All OpenSSH users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.1_p2"
+
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine.
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the CVE identifiers referenced below for details. +
+A remote attack can use multiple vectors to execute arbitrary code or + cause a denial of service condition. +
+There is no known workaround at this time.
+All WebKitGTK+ 3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
+
+
+ All WebKitGTK+ 2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-libs/webkit-gtk-2.4.9-r200:2"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.559"
+
+
+ OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD.
+Multiple vulnerabilities have been discovered in OpenSMTPD. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All OpenSMTPD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/opensmtpd-5.7.3_p1"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the upstream advisory and CVE identifiers referenced below for details. + Note that the list includes CVE identifiers for an older OpenSSL Security + Advisory (3 Dec 2015) for which we have not issued a GLSA before. +
+A remote attacker could disclose a server’s private DH exponent, or + complete SSLv2 handshakes using ciphers that have been disabled on the + server. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2f"
+
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A remote attacker might cause a Denial of Service or gain escalated + privileges from a guest VM. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.5.0-r1"
+
+
+ The GNU C library is the standard C library used by Gentoo Linux + systems. +
+Multiple vulnerabilities have been discovered in the GNU C Library:
+ +Please review the CVEs referenced below for additional vulnerabilities + that had already been fixed in previous versions of sys-libs/glibc, for + which we have not issued a GLSA before. +
+A remote attacker could exploit any application which performs host name + resolution using getaddrinfo() in order to execute arbitrary code or + crash the application. The other vulnerabilities can possibly be + exploited to cause a Denial of Service or leak information. +
+A number of mitigating factors for CVE-2015-7547 have been identified. + Please review the upstream advisory and references below. +
+All GNU C Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.21-r2"
+
+
+ It is important to ensure that no running process uses the old glibc + anymore. The easiest way to achieve that is by rebooting the machine + after updating the sys-libs/glibc package. +
+ +Note: Should you run into compilation failures while updating, please + see bug 574948. +
+libwmf is a library for converting WMF files.
+Multiple vulnerabilities have been discovered in libwmf. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause Denial of Service. +
+There is no known work around at this time.
+All libwmf users should upgrade to the latest version:
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r6"
+
+ GIMP is a cross-platform image editor available for GNU/Linux, OS X, + Windows and more operating systems. +
+GIMP’s network server, scriptfu, is vulnerable to the remote execution + of arbitrary code via the python-fu-eval command due to not requiring + authentication. Additionally, the X Window Dump (XWD) plugin is + vulnerable to multiple buffer overflows possibly allowing the remote + execution of arbitrary code or Denial of Service. The XWD plugin is + vulnerable due to not validating large color entries. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process due or perform a Denial of Service. +
+There is no known work around at this time.
+All GIMP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.8.0"
+
+
+ OSC is the command line tool and API for the Open Build Service.
+A vulnerability has been discovered that may allow remote attackers to + execute arbitrary commands via shell metacharacters in a _service file. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process. +
+There is no known work around at this time.
+All OSC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/osc-0.152.0"
+
+ Free and open source webmail software for the masses, written in PHP.
+Remote authenticated users with certain permissions can read arbitrary + files or possibly execute arbitrary code via .. in the _skin parameter to + index.php. Additionally, a cross-site scripting (XSS) vulnerability in + program/js/app.js allows remote authenticated users to inject arbitrary + web script or HTML via the file name in a drag-n-drop file upload. +
+A remote authenticated user could possibly execute arbitrary code with + the privileges of the process, inject arbitrary web scripts or HTML, read + arbitrary files, or perform XSS. +
+There is no known workaround at this time.
+All Roundcube users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/roundcube-1.1.4”
+
+ FUSE provides an interface for filesystems implemented in userspace.
+The fusermount binary calls setuid(geteuid()) to reset the RUID when it + invokes /bin/mount so that it can use privileged mount options that are + normally restricted if RUID != EUID. FUSE does not properly clear + environment variables before invoking mount or umount as root allowing + this to be passed to operations using elevated privileges such as + LIBMOUNT_MTAB that is used by the mount commands debugging feature. +
+The FUSE vulnerability allows a local, unprivileged user to overwrite + arbitrary files on the system. +
+There is no known work around at this time.
+All FUSE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/fuse-2.9.4"
+
+ Apache OpenOffice is the leading open-source office software suite for + word processing, spreadsheets, presentations, graphics, databases and + more. +
+ +LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. +
+Multiple vulnerabilities were found in both LibreOffice and OpenOffice + that allow the remote execution of arbitrary code and potential Denial of + Service. These vulnerabilities may be exploited through multiple vectors + including crafted documents, link handling, printer setup in ODF document + types, DOC file formats, and Calc spreadsheets. Please review the + referenced CVE’s for specific information regarding each. +
+A remote attacker could entice a user to open a specially crafted file + using the LibreOffice or OpenOffice suite of software. Execution of + these attacks could possibly result in the execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known work around at this time.
+All LibreOffice users should upgrade their respective packages to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.4.2"
+ # emerge --ask --oneshot --verbose
+ ">=app-office/libreoffice-bin-4.4.2"# emerge --ask --oneshot --verbose
+ ">=app-office/libreoffice-bin-debug-4.4.2"
+
+
+ All OpenOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2"
+
+ FFmpeg is a complete, cross-platform solution to record, convert and + stream audio and video. +
+Multiple vulnerabilities have been discovered in FFmpeg. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All FFmpeg users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.6.3"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.577"
+
+ VLC is a cross-platform media player and streaming server.
+Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +
+Remote attackers could possibly execute arbitrary code or cause Denial + of Service. +
+There is no known work around at this time.
+All VLC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.1-r1"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-49.0.2623.87"
+
+ QtGui is the GUI module and platform plugins for the Qt framework
+Multiple buffer overflow vulnerabilities have been discovered in QtGui. + It is possible for remote attackers to construct specially crafted BMP, + ICO, or GIF images that lead to buffer overflows. After successfully + overflowing the buffer the remote attacker can then cause a Denial of + Service or execute arbitrary code. +
+A remote attacker could possibly execute arbitrary code or cause Denial + of Service. +
+There is no known work around at this time.
+All QtGui 4.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.6-r4"
+
+
+ All QtGui 5.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.4.1-r1"
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please + review the referenced CVE’s for additional information. +
+Remote attackers could gain access to information, remotely execute + arbitrary code, and cause Denial of Service. +
+There is no known workaround at this time.
+All Oracle JRE Users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.8.0.72"
+
+
+ All Oracle JDK Users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.8.0.72"
+
+ FlightGear is an open-source flight simulator. It supports a variety of + popular platforms (Windows, Mac, Linux, etc.) and is developed by skilled + volunteers from around the world. Source code for the entire project is + available and licensed under the GNU General Public License. +
+ +SimGear is a set of open-source libraries designed to be used as + building blocks for quickly assembling 3d simulations, games, and + visualization applications. +
+Multiple format string vulnerabilities in FlightGear and SimGear allow + user-assisted remote attackers to cause a denial of service and possibly + execute arbitrary code via format string specifiers in certain data chunk + values in an aircraft xml model. +
+Remote attackers could possibly execute arbitrary code or cause Denial + of Service. +
+There is no known workaround at this time.
+All Flightgear users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=games-simulation/flightgear-3.4.0"
+
+
+ All Simgear users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-simulation/simgear-3.4.0"
+
+
+ Libreswan is a free software implementation of the most widely supported + and standarized VPN protocol based on (“IPsec”) and the Internet Key + Exchange (“IKE”). +
+The pluto IKE daemon in Libreswan, when built with NSS, allows remote + attackers to cause a Denial of Service (assertion failure and daemon + restart) via a zero DH g^x value in a KE payload in a IKE packet. + Additionally, remote attackers could cause a Denial of Service (daemon + restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC + DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. +
+Remote attackers could possibly cause Denial of Service.
+There is no known workaround at this time.
+All Libreswan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/libreswan-3.15"
+
+ IcedTea’s aim is to provide OpenJDK in a form suitable for easy + configuration, compilation and distribution with the primary goal of + allowing inclusion in GNU/Linux distributions. +
+Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, + Libraries, and JAXP, exist which allows remote attackers to affect the + confidentiality, integrity, and availability of vulnerable systems. This + includes the possibility of remote execution of arbitrary code, + information disclosure, or Denial of Service. Many of the + vulnerabilities can only be exploited through sandboxed Java Web Start + applications and java applets. Please reference the CVEs listed for + specific details. +
+Remote attackers may remotely execute arbitrary code, compromise + information, or cause Denial of Service. +
+There is no known work around at this time.
+IcedTea 7.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.4"
+
+
+ IcedTea bin 7.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.4"
+
+
+ IcedTea 6.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-6.1.13.9"
+
+
+ IcedTea bin 6.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.9"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL, the worst + being a cross-protocol attack called DROWN that could lead to the + decryption of TLS sessions. Please review the CVE identifiers referenced + below for details. +
+A remote attacker could decrypt TLS sessions by using a server + supporting SSLv2 and EXPORT cipher suites as a + Bleichenbacher RSA padding oracle, cause a Denial of Service condition, + obtain sensitive information from memory and (in rare circumstances) + recover RSA keys. +
+A workaround for DROWN is disabling the SSLv2 protocol on all SSL/TLS + servers. +
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2g-r2"
+
+
+ Please note that beginning with OpenSSL 1.0.2, in order to mitigate the + DROWN attack, the OpenSSL project disables SSLv2 by default at + build-time. As this change would cause severe issues with some Gentoo + packages that depend on OpenSSL, Gentoo still ships OpenSSL with SSLv2 + enabled at build-time. Note that this does not mean that you are still + vulnerable to DROWN because the OpenSSL project has taken further + precautions and applications would need to explicitly request SSLv2. We + are working on a migration path to phase out SSLv2 that ensures that no + user-facing issues occur. Please reference bug 576128 for further details + on how this decision was made. +
+QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+Local users within a guest QEMU environment can execute arbitrary code + within the host or a cause a Denial of Service condition of the QEMU + guest process. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.5.0-r2"
+
+ Xalan-Java is an XSLT processor for transforming XML documents into + HTML, text, or other XML document types. +
+The TransformerFactory in Apache Xalan-Java does not properly restrict + access to certain properties when FEATURE_SECURE_PROCESSING is enabled. + This can also be exploited via a Java property that is bound to the XSLT + 1.0 system-property function. +
+A remote attacker could inject specially crafted XSLT properties + resulting in the execution of arbitrary code with the privileges of the + process. +
+There is no known work around at this time.
+All Xalan-Java users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/xalan-2.7.2"
+
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +
+A local attacker could possibly cause a Denial of Service condition or + obtain sensitive information. +
+There is no known workaround at this time.
+All Xen 4.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"
+
+
+ All Xen 4.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"
+
+
+ All Xen tools 4.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.5.2-r5"
+
+
+ All Xen tools 4.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.6.0-r9"
+
+
+ All Xen pvgrub users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"
+
+ Libksba is a X.509 and CMS (PKCS#7) library.
+libksba is vulnerable to two integer overflows and a Denial of Service + vulnerability. Please read the references for additional details. +
+Remote attackers could cause Denial of Service or unspecified other + vectors through various integer overflows. +
+There is no known workaround at this time.
+All libksba users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.3.3"
+
+
+ Wireshark is a network protocol analyzer formerly known as ethereal.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+Remote attackers could cause Denial of Service and local attackers could + escalate privileges. +
+There is no known workaround at this time.
+All Wireshark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-2.0.2"
+
+ Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +
+Git is vulnerable to the remote execution of arbitrary code by cloning + repositories with large filenames or a large number of nested trees. + Additionally, some protocols within Git, such as git-remote-ext, can + execute arbitrary code found within URLs. These URLs that submodules use + may come from arbitrary sources (e.g., .gitmodules files in a remote + repository), and can effect those who enable recursive fetch. Restrict + the allowed protocols to well known and safe ones. +
+Remote attackers could execute arbitrary code on both client and server.
+There is no known workaround at this time.
+All Git users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.7.3-r1"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-50.0.2661.102"
+
+
+