From b3c0a24ec7229f92cbb772405db245699c522515 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Tue, 17 May 2016 11:29:02 -0700 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../metadata/glsa/glsa-200310-03.xml | 62 + .../metadata/glsa/glsa-200310-04.xml | 71 + .../metadata/glsa/glsa-200311-01.xml | 65 + .../metadata/glsa/glsa-200311-02.xml | 64 + .../metadata/glsa/glsa-200311-03.xml | 60 + .../metadata/glsa/glsa-200311-04.xml | 65 + .../metadata/glsa/glsa-200311-05.xml | 61 + .../metadata/glsa/glsa-200311-06.xml | 58 + .../metadata/glsa/glsa-200311-07.xml | 58 + .../metadata/glsa/glsa-200311-08.xml | 55 + .../metadata/glsa/glsa-200312-01.xml | 79 ++ .../metadata/glsa/glsa-200312-03.xml | 75 + .../metadata/glsa/glsa-200312-04.xml | 66 + .../metadata/glsa/glsa-200312-05.xml | 72 + .../metadata/glsa/glsa-200312-06.xml | 64 + .../metadata/glsa/glsa-200312-07.xml | 74 + .../metadata/glsa/glsa-200312-08.xml | 64 + .../metadata/glsa/glsa-200401-01.xml | 228 +++ .../metadata/glsa/glsa-200401-02.xml | 61 + .../metadata/glsa/glsa-200401-03.xml | 67 + .../metadata/glsa/glsa-200401-04.xml | 78 ++ .../metadata/glsa/glsa-200402-01.xml | 73 + .../metadata/glsa/glsa-200402-02.xml | 92 ++ .../metadata/glsa/glsa-200402-03.xml | 59 + .../metadata/glsa/glsa-200402-04.xml | 65 + .../metadata/glsa/glsa-200402-05.xml | 65 + .../metadata/glsa/glsa-200402-06.xml | 90 ++ .../metadata/glsa/glsa-200402-07.xml | 66 + .../metadata/glsa/glsa-200403-01.xml | 53 + .../metadata/glsa/glsa-200403-02.xml | 242 ++++ .../metadata/glsa/glsa-200403-03.xml | 91 ++ .../metadata/glsa/glsa-200403-04.xml | 111 ++ .../metadata/glsa/glsa-200403-05.xml | 68 + .../metadata/glsa/glsa-200403-06.xml | 72 + .../metadata/glsa/glsa-200403-07.xml | 72 + .../metadata/glsa/glsa-200403-08.xml | 75 + .../metadata/glsa/glsa-200403-09.xml | 57 + .../metadata/glsa/glsa-200403-10.xml | 59 + .../metadata/glsa/glsa-200403-11.xml | 78 ++ .../metadata/glsa/glsa-200403-12.xml | 69 + .../metadata/glsa/glsa-200403-13.xml | 98 ++ .../metadata/glsa/glsa-200403-14.xml | 73 + .../metadata/glsa/glsa-200404-01.xml | 93 ++ .../metadata/glsa/glsa-200404-02.xml | 59 + .../metadata/glsa/glsa-200404-03.xml | 70 + .../metadata/glsa/glsa-200404-04.xml | 66 + .../metadata/glsa/glsa-200404-05.xml | 63 + .../metadata/glsa/glsa-200404-06.xml | 65 + .../metadata/glsa/glsa-200404-07.xml | 71 + .../metadata/glsa/glsa-200404-08.xml | 66 + .../metadata/glsa/glsa-200404-09.xml | 59 + .../metadata/glsa/glsa-200404-10.xml | 61 + .../metadata/glsa/glsa-200404-11.xml | 64 + .../metadata/glsa/glsa-200404-12.xml | 67 + .../metadata/glsa/glsa-200404-13.xml | 71 + .../metadata/glsa/glsa-200404-14.xml | 68 + .../metadata/glsa/glsa-200404-15.xml | 72 + .../metadata/glsa/glsa-200404-16.xml | 63 + .../metadata/glsa/glsa-200404-17.xml | 85 ++ .../metadata/glsa/glsa-200404-18.xml | 69 + .../metadata/glsa/glsa-200404-19.xml | 65 + .../metadata/glsa/glsa-200404-20.xml | 87 ++ .../metadata/glsa/glsa-200404-21.xml | 97 ++ .../metadata/glsa/glsa-200405-01.xml | 61 + .../metadata/glsa/glsa-200405-02.xml | 70 + .../metadata/glsa/glsa-200405-03.xml | 76 + .../metadata/glsa/glsa-200405-04.xml | 121 ++ .../metadata/glsa/glsa-200405-05.xml | 61 + .../metadata/glsa/glsa-200405-06.xml | 71 + .../metadata/glsa/glsa-200405-07.xml | 64 + .../metadata/glsa/glsa-200405-08.xml | 64 + .../metadata/glsa/glsa-200405-09.xml | 64 + .../metadata/glsa/glsa-200405-10.xml | 64 + .../metadata/glsa/glsa-200405-11.xml | 76 + .../metadata/glsa/glsa-200405-12.xml | 66 + .../metadata/glsa/glsa-200405-13.xml | 63 + .../metadata/glsa/glsa-200405-14.xml | 74 + .../metadata/glsa/glsa-200405-15.xml | 63 + .../metadata/glsa/glsa-200405-16.xml | 70 + .../metadata/glsa/glsa-200405-17.xml | 61 + .../metadata/glsa/glsa-200405-18.xml | 66 + .../metadata/glsa/glsa-200405-19.xml | 75 + .../metadata/glsa/glsa-200405-20.xml | 68 + .../metadata/glsa/glsa-200405-21.xml | 67 + .../metadata/glsa/glsa-200405-22.xml | 83 ++ .../metadata/glsa/glsa-200405-23.xml | 63 + .../metadata/glsa/glsa-200405-24.xml | 77 + .../metadata/glsa/glsa-200405-25.xml | 63 + .../metadata/glsa/glsa-200406-01.xml | 76 + .../metadata/glsa/glsa-200406-02.xml | 61 + .../metadata/glsa/glsa-200406-03.xml | 64 + .../metadata/glsa/glsa-200406-04.xml | 60 + .../metadata/glsa/glsa-200406-05.xml | 80 ++ .../metadata/glsa/glsa-200406-06.xml | 72 + .../metadata/glsa/glsa-200406-07.xml | 70 + .../metadata/glsa/glsa-200406-08.xml | 65 + .../metadata/glsa/glsa-200406-09.xml | 61 + .../metadata/glsa/glsa-200406-10.xml | 66 + .../metadata/glsa/glsa-200406-11.xml | 62 + .../metadata/glsa/glsa-200406-12.xml | 67 + .../metadata/glsa/glsa-200406-13.xml | 64 + .../metadata/glsa/glsa-200406-14.xml | 64 + .../metadata/glsa/glsa-200406-15.xml | 70 + .../metadata/glsa/glsa-200406-16.xml | 67 + .../metadata/glsa/glsa-200406-17.xml | 66 + .../metadata/glsa/glsa-200406-18.xml | 69 + .../metadata/glsa/glsa-200406-19.xml | 64 + .../metadata/glsa/glsa-200406-20.xml | 120 ++ .../metadata/glsa/glsa-200406-21.xml | 74 + .../metadata/glsa/glsa-200406-22.xml | 60 + .../metadata/glsa/glsa-200407-01.xml | 68 + .../metadata/glsa/glsa-200407-02.xml | 320 +++++ .../metadata/glsa/glsa-200407-03.xml | 70 + .../metadata/glsa/glsa-200407-04.xml | 62 + .../metadata/glsa/glsa-200407-05.xml | 81 ++ .../metadata/glsa/glsa-200407-06.xml | 72 + .../metadata/glsa/glsa-200407-07.xml | 67 + .../metadata/glsa/glsa-200407-08.xml | 75 + .../metadata/glsa/glsa-200407-09.xml | 66 + .../metadata/glsa/glsa-200407-10.xml | 69 + .../metadata/glsa/glsa-200407-11.xml | 70 + .../metadata/glsa/glsa-200407-12.xml | 133 ++ .../metadata/glsa/glsa-200407-13.xml | 91 ++ .../metadata/glsa/glsa-200407-14.xml | 89 ++ .../metadata/glsa/glsa-200407-15.xml | 69 + .../metadata/glsa/glsa-200407-16.xml | 299 ++++ .../metadata/glsa/glsa-200407-17.xml | 64 + .../metadata/glsa/glsa-200407-18.xml | 61 + .../metadata/glsa/glsa-200407-19.xml | 58 + .../metadata/glsa/glsa-200407-20.xml | 80 ++ .../metadata/glsa/glsa-200407-21.xml | 76 + .../metadata/glsa/glsa-200407-22.xml | 77 + .../metadata/glsa/glsa-200407-23.xml | 63 + .../metadata/glsa/glsa-200408-01.xml | 68 + .../metadata/glsa/glsa-200408-02.xml | 71 + .../metadata/glsa/glsa-200408-03.xml | 71 + .../metadata/glsa/glsa-200408-04.xml | 68 + .../metadata/glsa/glsa-200408-05.xml | 70 + .../metadata/glsa/glsa-200408-06.xml | 64 + .../metadata/glsa/glsa-200408-07.xml | 65 + .../metadata/glsa/glsa-200408-08.xml | 73 + .../metadata/glsa/glsa-200408-09.xml | 62 + .../metadata/glsa/glsa-200408-10.xml | 64 + .../metadata/glsa/glsa-200408-11.xml | 64 + .../metadata/glsa/glsa-200408-12.xml | 64 + .../metadata/glsa/glsa-200408-13.xml | 79 ++ .../metadata/glsa/glsa-200408-14.xml | 67 + .../metadata/glsa/glsa-200408-15.xml | 69 + .../metadata/glsa/glsa-200408-16.xml | 81 ++ .../metadata/glsa/glsa-200408-17.xml | 71 + .../metadata/glsa/glsa-200408-18.xml | 68 + .../metadata/glsa/glsa-200408-19.xml | 71 + .../metadata/glsa/glsa-200408-20.xml | 72 + .../metadata/glsa/glsa-200408-21.xml | 67 + .../metadata/glsa/glsa-200408-22.xml | 117 ++ .../metadata/glsa/glsa-200408-23.xml | 79 ++ .../metadata/glsa/glsa-200408-24.xml | 233 +++ .../metadata/glsa/glsa-200408-25.xml | 68 + .../metadata/glsa/glsa-200408-26.xml | 69 + .../metadata/glsa/glsa-200408-27.xml | 81 ++ .../metadata/glsa/glsa-200409-01.xml | 64 + .../metadata/glsa/glsa-200409-02.xml | 70 + .../metadata/glsa/glsa-200409-03.xml | 61 + .../metadata/glsa/glsa-200409-04.xml | 66 + .../metadata/glsa/glsa-200409-05.xml | 77 + .../metadata/glsa/glsa-200409-06.xml | 68 + .../metadata/glsa/glsa-200409-07.xml | 65 + .../metadata/glsa/glsa-200409-08.xml | 72 + .../metadata/glsa/glsa-200409-09.xml | 83 ++ .../metadata/glsa/glsa-200409-10.xml | 68 + .../metadata/glsa/glsa-200409-11.xml | 67 + .../metadata/glsa/glsa-200409-12.xml | 98 ++ .../metadata/glsa/glsa-200409-13.xml | 71 + .../metadata/glsa/glsa-200409-14.xml | 66 + .../metadata/glsa/glsa-200409-15.xml | 97 ++ .../metadata/glsa/glsa-200409-16.xml | 70 + .../metadata/glsa/glsa-200409-17.xml | 70 + .../metadata/glsa/glsa-200409-18.xml | 74 + .../metadata/glsa/glsa-200409-19.xml | 69 + .../metadata/glsa/glsa-200409-20.xml | 66 + .../metadata/glsa/glsa-200409-21.xml | 99 ++ .../metadata/glsa/glsa-200409-22.xml | 69 + .../metadata/glsa/glsa-200409-23.xml | 68 + .../metadata/glsa/glsa-200409-24.xml | 76 + .../metadata/glsa/glsa-200409-25.xml | 68 + .../metadata/glsa/glsa-200409-26.xml | 119 ++ .../metadata/glsa/glsa-200409-27.xml | 67 + .../metadata/glsa/glsa-200409-28.xml | 92 ++ .../metadata/glsa/glsa-200409-29.xml | 70 + .../metadata/glsa/glsa-200409-30.xml | 79 ++ .../metadata/glsa/glsa-200409-31.xml | 70 + .../metadata/glsa/glsa-200409-32.xml | 72 + .../metadata/glsa/glsa-200409-33.xml | 66 + .../metadata/glsa/glsa-200409-34.xml | 96 ++ .../metadata/glsa/glsa-200409-35.xml | 71 + .../metadata/glsa/glsa-200410-01.xml | 68 + .../metadata/glsa/glsa-200410-02.xml | 72 + .../metadata/glsa/glsa-200410-03.xml | 74 + .../metadata/glsa/glsa-200410-04.xml | 91 ++ .../metadata/glsa/glsa-200410-05.xml | 66 + .../metadata/glsa/glsa-200410-06.xml | 63 + .../metadata/glsa/glsa-200410-07.xml | 70 + .../metadata/glsa/glsa-200410-08.xml | 74 + .../metadata/glsa/glsa-200410-09.xml | 68 + .../metadata/glsa/glsa-200410-10.xml | 71 + .../metadata/glsa/glsa-200410-11.xml | 82 ++ .../metadata/glsa/glsa-200410-12.xml | 68 + .../metadata/glsa/glsa-200410-13.xml | 67 + .../metadata/glsa/glsa-200410-14.xml | 73 + .../metadata/glsa/glsa-200410-15.xml | 80 ++ .../metadata/glsa/glsa-200410-16.xml | 78 ++ .../metadata/glsa/glsa-200410-17.xml | 100 ++ .../metadata/glsa/glsa-200410-18.xml | 79 ++ .../metadata/glsa/glsa-200410-19.xml | 73 + .../metadata/glsa/glsa-200410-20.xml | 77 + .../metadata/glsa/glsa-200410-21.xml | 83 ++ .../metadata/glsa/glsa-200410-22.xml | 89 ++ .../metadata/glsa/glsa-200410-23.xml | 72 + .../metadata/glsa/glsa-200410-24.xml | 69 + .../metadata/glsa/glsa-200410-25.xml | 67 + .../metadata/glsa/glsa-200410-26.xml | 71 + .../metadata/glsa/glsa-200410-27.xml | 67 + .../metadata/glsa/glsa-200410-28.xml | 68 + .../metadata/glsa/glsa-200410-29.xml | 71 + .../metadata/glsa/glsa-200410-30.xml | 96 ++ .../metadata/glsa/glsa-200410-31.xml | 71 + .../metadata/glsa/glsa-200411-01.xml | 60 + .../metadata/glsa/glsa-200411-02.xml | 66 + .../metadata/glsa/glsa-200411-03.xml | 67 + .../metadata/glsa/glsa-200411-04.xml | 66 + .../metadata/glsa/glsa-200411-05.xml | 67 + .../metadata/glsa/glsa-200411-06.xml | 67 + .../metadata/glsa/glsa-200411-07.xml | 71 + .../metadata/glsa/glsa-200411-08.xml | 70 + .../metadata/glsa/glsa-200411-09.xml | 65 + .../metadata/glsa/glsa-200411-10.xml | 64 + .../metadata/glsa/glsa-200411-11.xml | 67 + .../metadata/glsa/glsa-200411-12.xml | 65 + .../metadata/glsa/glsa-200411-13.xml | 83 ++ .../metadata/glsa/glsa-200411-14.xml | 81 ++ .../metadata/glsa/glsa-200411-15.xml | 89 ++ .../metadata/glsa/glsa-200411-16.xml | 66 + .../metadata/glsa/glsa-200411-17.xml | 68 + .../metadata/glsa/glsa-200411-18.xml | 60 + .../metadata/glsa/glsa-200411-19.xml | 63 + .../metadata/glsa/glsa-200411-20.xml | 59 + .../metadata/glsa/glsa-200411-21.xml | 74 + .../metadata/glsa/glsa-200411-22.xml | 80 ++ .../metadata/glsa/glsa-200411-23.xml | 73 + .../metadata/glsa/glsa-200411-24.xml | 65 + .../metadata/glsa/glsa-200411-25.xml | 71 + .../metadata/glsa/glsa-200411-26.xml | 88 ++ .../metadata/glsa/glsa-200411-27.xml | 73 + .../metadata/glsa/glsa-200411-28.xml | 77 + .../metadata/glsa/glsa-200411-29.xml | 69 + .../metadata/glsa/glsa-200411-30.xml | 64 + .../metadata/glsa/glsa-200411-31.xml | 67 + .../metadata/glsa/glsa-200411-32.xml | 96 ++ .../metadata/glsa/glsa-200411-33.xml | 68 + .../metadata/glsa/glsa-200411-34.xml | 72 + .../metadata/glsa/glsa-200411-35.xml | 66 + .../metadata/glsa/glsa-200411-36.xml | 69 + .../metadata/glsa/glsa-200411-37.xml | 62 + .../metadata/glsa/glsa-200411-38.xml | 105 ++ .../metadata/glsa/glsa-200412-01.xml | 83 ++ .../metadata/glsa/glsa-200412-02.xml | 67 + .../metadata/glsa/glsa-200412-03.xml | 66 + .../metadata/glsa/glsa-200412-04.xml | 67 + .../metadata/glsa/glsa-200412-05.xml | 63 + .../metadata/glsa/glsa-200412-06.xml | 66 + .../metadata/glsa/glsa-200412-07.xml | 64 + .../metadata/glsa/glsa-200412-08.xml | 69 + .../metadata/glsa/glsa-200412-09.xml | 68 + .../metadata/glsa/glsa-200412-10.xml | 80 ++ .../metadata/glsa/glsa-200412-11.xml | 68 + .../metadata/glsa/glsa-200412-12.xml | 69 + .../metadata/glsa/glsa-200412-13.xml | 62 + .../metadata/glsa/glsa-200412-14.xml | 112 ++ .../metadata/glsa/glsa-200412-15.xml | 81 ++ .../metadata/glsa/glsa-200412-16.xml | 91 ++ .../metadata/glsa/glsa-200412-17.xml | 80 ++ .../metadata/glsa/glsa-200412-18.xml | 67 + .../metadata/glsa/glsa-200412-19.xml | 70 + .../metadata/glsa/glsa-200412-20.xml | 68 + .../metadata/glsa/glsa-200412-21.xml | 72 + .../metadata/glsa/glsa-200412-22.xml | 66 + .../metadata/glsa/glsa-200412-23.xml | 64 + .../metadata/glsa/glsa-200412-24.xml | 75 + .../metadata/glsa/glsa-200412-25.xml | 82 ++ .../metadata/glsa/glsa-200412-26.xml | 68 + .../metadata/glsa/glsa-200412-27.xml | 62 + .../metadata/glsa/glsa-200501-01.xml | 68 + .../metadata/glsa/glsa-200501-02.xml | 79 ++ .../metadata/glsa/glsa-200501-03.xml | 131 ++ .../metadata/glsa/glsa-200501-04.xml | 67 + .../metadata/glsa/glsa-200501-05.xml | 65 + .../metadata/glsa/glsa-200501-06.xml | 70 + .../metadata/glsa/glsa-200501-07.xml | 78 ++ .../metadata/glsa/glsa-200501-08.xml | 73 + .../metadata/glsa/glsa-200501-09.xml | 64 + .../metadata/glsa/glsa-200501-10.xml | 66 + .../metadata/glsa/glsa-200501-11.xml | 66 + .../metadata/glsa/glsa-200501-12.xml | 68 + .../metadata/glsa/glsa-200501-13.xml | 64 + .../metadata/glsa/glsa-200501-14.xml | 64 + .../metadata/glsa/glsa-200501-15.xml | 65 + .../metadata/glsa/glsa-200501-16.xml | 66 + .../metadata/glsa/glsa-200501-17.xml | 79 ++ .../metadata/glsa/glsa-200501-18.xml | 67 + .../metadata/glsa/glsa-200501-19.xml | 70 + .../metadata/glsa/glsa-200501-20.xml | 67 + .../metadata/glsa/glsa-200501-21.xml | 73 + .../metadata/glsa/glsa-200501-22.xml | 77 + .../metadata/glsa/glsa-200501-23.xml | 72 + .../metadata/glsa/glsa-200501-24.xml | 65 + .../metadata/glsa/glsa-200501-25.xml | 81 ++ .../metadata/glsa/glsa-200501-26.xml | 63 + .../metadata/glsa/glsa-200501-27.xml | 87 ++ .../metadata/glsa/glsa-200501-28.xml | 77 + .../metadata/glsa/glsa-200501-29.xml | 64 + .../metadata/glsa/glsa-200501-30.xml | 64 + .../metadata/glsa/glsa-200501-31.xml | 99 ++ .../metadata/glsa/glsa-200501-32.xml | 78 ++ .../metadata/glsa/glsa-200501-33.xml | 68 + .../metadata/glsa/glsa-200501-34.xml | 79 ++ .../metadata/glsa/glsa-200501-35.xml | 64 + .../metadata/glsa/glsa-200501-36.xml | 77 + .../metadata/glsa/glsa-200501-37.xml | 66 + .../metadata/glsa/glsa-200501-38.xml | 84 ++ .../metadata/glsa/glsa-200501-39.xml | 83 ++ .../metadata/glsa/glsa-200501-40.xml | 65 + .../metadata/glsa/glsa-200501-41.xml | 61 + .../metadata/glsa/glsa-200501-42.xml | 65 + .../metadata/glsa/glsa-200501-43.xml | 65 + .../metadata/glsa/glsa-200501-44.xml | 73 + .../metadata/glsa/glsa-200501-45.xml | 69 + .../metadata/glsa/glsa-200501-46.xml | 69 + .../metadata/glsa/glsa-200502-01.xml | 65 + .../metadata/glsa/glsa-200502-02.xml | 65 + .../metadata/glsa/glsa-200502-03.xml | 69 + .../metadata/glsa/glsa-200502-04.xml | 85 ++ .../metadata/glsa/glsa-200502-05.xml | 64 + .../metadata/glsa/glsa-200502-06.xml | 65 + .../metadata/glsa/glsa-200502-07.xml | 77 + .../metadata/glsa/glsa-200502-08.xml | 82 ++ .../metadata/glsa/glsa-200502-09.xml | 72 + .../metadata/glsa/glsa-200502-10.xml | 64 + .../metadata/glsa/glsa-200502-11.xml | 65 + .../metadata/glsa/glsa-200502-12.xml | 73 + .../metadata/glsa/glsa-200502-13.xml | 75 + .../metadata/glsa/glsa-200502-14.xml | 65 + .../metadata/glsa/glsa-200502-15.xml | 62 + .../metadata/glsa/glsa-200502-16.xml | 67 + .../metadata/glsa/glsa-200502-17.xml | 83 ++ .../metadata/glsa/glsa-200502-18.xml | 70 + .../metadata/glsa/glsa-200502-19.xml | 69 + .../metadata/glsa/glsa-200502-20.xml | 78 ++ .../metadata/glsa/glsa-200502-21.xml | 67 + .../metadata/glsa/glsa-200502-22.xml | 65 + .../metadata/glsa/glsa-200502-23.xml | 65 + .../metadata/glsa/glsa-200502-24.xml | 69 + .../metadata/glsa/glsa-200502-25.xml | 65 + .../metadata/glsa/glsa-200502-26.xml | 67 + .../metadata/glsa/glsa-200502-27.xml | 66 + .../metadata/glsa/glsa-200502-28.xml | 70 + .../metadata/glsa/glsa-200502-29.xml | 68 + .../metadata/glsa/glsa-200502-30.xml | 65 + .../metadata/glsa/glsa-200502-31.xml | 67 + .../metadata/glsa/glsa-200502-32.xml | 60 + .../metadata/glsa/glsa-200502-33.xml | 76 + .../metadata/glsa/glsa-200503-01.xml | 62 + .../metadata/glsa/glsa-200503-02.xml | 77 + .../metadata/glsa/glsa-200503-03.xml | 68 + .../metadata/glsa/glsa-200503-04.xml | 67 + .../metadata/glsa/glsa-200503-05.xml | 83 ++ .../metadata/glsa/glsa-200503-06.xml | 65 + .../metadata/glsa/glsa-200503-07.xml | 81 ++ .../metadata/glsa/glsa-200503-08.xml | 80 ++ .../metadata/glsa/glsa-200503-09.xml | 64 + .../metadata/glsa/glsa-200503-10.xml | 139 ++ .../metadata/glsa/glsa-200503-11.xml | 64 + .../metadata/glsa/glsa-200503-12.xml | 65 + .../metadata/glsa/glsa-200503-13.xml | 67 + .../metadata/glsa/glsa-200503-14.xml | 66 + .../metadata/glsa/glsa-200503-15.xml | 67 + .../metadata/glsa/glsa-200503-16.xml | 76 + .../metadata/glsa/glsa-200503-17.xml | 66 + .../metadata/glsa/glsa-200503-18.xml | 66 + .../metadata/glsa/glsa-200503-19.xml | 70 + .../metadata/glsa/glsa-200503-20.xml | 66 + .../metadata/glsa/glsa-200503-21.xml | 66 + .../metadata/glsa/glsa-200503-22.xml | 62 + .../metadata/glsa/glsa-200503-23.xml | 64 + .../metadata/glsa/glsa-200503-24.xml | 61 + .../metadata/glsa/glsa-200503-25.xml | 66 + .../metadata/glsa/glsa-200503-26.xml | 77 + .../metadata/glsa/glsa-200503-27.xml | 64 + .../metadata/glsa/glsa-200503-28.xml | 82 ++ .../metadata/glsa/glsa-200503-29.xml | 68 + .../metadata/glsa/glsa-200503-30.xml | 138 ++ .../metadata/glsa/glsa-200503-31.xml | 97 ++ .../metadata/glsa/glsa-200503-32.xml | 93 ++ .../metadata/glsa/glsa-200503-33.xml | 66 + .../metadata/glsa/glsa-200503-34.xml | 67 + .../metadata/glsa/glsa-200503-35.xml | 68 + .../metadata/glsa/glsa-200503-36.xml | 66 + .../metadata/glsa/glsa-200503-37.xml | 67 + .../metadata/glsa/glsa-200504-01.xml | 71 + .../metadata/glsa/glsa-200504-02.xml | 73 + .../metadata/glsa/glsa-200504-03.xml | 69 + .../metadata/glsa/glsa-200504-04.xml | 67 + .../metadata/glsa/glsa-200504-05.xml | 74 + .../metadata/glsa/glsa-200504-06.xml | 67 + .../metadata/glsa/glsa-200504-07.xml | 78 ++ .../metadata/glsa/glsa-200504-08.xml | 66 + .../metadata/glsa/glsa-200504-09.xml | 65 + .../metadata/glsa/glsa-200504-10.xml | 63 + .../metadata/glsa/glsa-200504-11.xml | 72 + .../metadata/glsa/glsa-200504-12.xml | 69 + .../metadata/glsa/glsa-200504-13.xml | 100 ++ .../metadata/glsa/glsa-200504-14.xml | 72 + .../metadata/glsa/glsa-200504-15.xml | 95 ++ .../metadata/glsa/glsa-200504-16.xml | 66 + .../metadata/glsa/glsa-200504-17.xml | 67 + .../metadata/glsa/glsa-200504-18.xml | 135 ++ .../metadata/glsa/glsa-200504-19.xml | 68 + .../metadata/glsa/glsa-200504-20.xml | 66 + .../metadata/glsa/glsa-200504-21.xml | 77 + .../metadata/glsa/glsa-200504-22.xml | 63 + .../metadata/glsa/glsa-200504-23.xml | 63 + .../metadata/glsa/glsa-200504-24.xml | 69 + .../metadata/glsa/glsa-200504-25.xml | 68 + .../metadata/glsa/glsa-200504-26.xml | 66 + .../metadata/glsa/glsa-200504-27.xml | 64 + .../metadata/glsa/glsa-200504-28.xml | 68 + .../metadata/glsa/glsa-200504-29.xml | 66 + .../metadata/glsa/glsa-200504-30.xml | 73 + .../metadata/glsa/glsa-200505-01.xml | 165 +++ .../metadata/glsa/glsa-200505-02.xml | 66 + .../metadata/glsa/glsa-200505-03.xml | 101 ++ .../metadata/glsa/glsa-200505-04.xml | 81 ++ .../metadata/glsa/glsa-200505-05.xml | 68 + .../metadata/glsa/glsa-200505-06.xml | 70 + .../metadata/glsa/glsa-200505-07.xml | 63 + .../metadata/glsa/glsa-200505-08.xml | 68 + .../metadata/glsa/glsa-200505-09.xml | 69 + .../metadata/glsa/glsa-200505-10.xml | 67 + .../metadata/glsa/glsa-200505-11.xml | 116 ++ .../metadata/glsa/glsa-200505-12.xml | 78 ++ .../metadata/glsa/glsa-200505-13.xml | 72 + .../metadata/glsa/glsa-200505-14.xml | 63 + .../metadata/glsa/glsa-200505-15.xml | 71 + .../metadata/glsa/glsa-200505-16.xml | 77 + .../metadata/glsa/glsa-200505-17.xml | 64 + .../metadata/glsa/glsa-200505-18.xml | 68 + .../metadata/glsa/glsa-200505-19.xml | 64 + .../metadata/glsa/glsa-200505-20.xml | 77 + .../metadata/glsa/glsa-200506-01.xml | 81 ++ .../metadata/glsa/glsa-200506-02.xml | 65 + .../metadata/glsa/glsa-200506-03.xml | 63 + .../metadata/glsa/glsa-200506-04.xml | 69 + .../metadata/glsa/glsa-200506-05.xml | 65 + .../metadata/glsa/glsa-200506-06.xml | 70 + .../metadata/glsa/glsa-200506-07.xml | 65 + .../metadata/glsa/glsa-200506-08.xml | 81 ++ .../metadata/glsa/glsa-200506-09.xml | 65 + .../metadata/glsa/glsa-200506-10.xml | 66 + .../metadata/glsa/glsa-200506-11.xml | 71 + .../metadata/glsa/glsa-200506-12.xml | 67 + .../metadata/glsa/glsa-200506-13.xml | 69 + .../metadata/glsa/glsa-200506-14.xml | 103 ++ .../metadata/glsa/glsa-200506-15.xml | 67 + .../metadata/glsa/glsa-200506-16.xml | 69 + .../metadata/glsa/glsa-200506-17.xml | 78 ++ .../metadata/glsa/glsa-200506-18.xml | 64 + .../metadata/glsa/glsa-200506-19.xml | 69 + .../metadata/glsa/glsa-200506-20.xml | 80 ++ .../metadata/glsa/glsa-200506-21.xml | 66 + .../metadata/glsa/glsa-200506-22.xml | 66 + .../metadata/glsa/glsa-200506-23.xml | 69 + .../metadata/glsa/glsa-200506-24.xml | 65 + .../metadata/glsa/glsa-200507-01.xml | 80 ++ .../metadata/glsa/glsa-200507-02.xml | 71 + .../metadata/glsa/glsa-200507-03.xml | 69 + .../metadata/glsa/glsa-200507-04.xml | 67 + .../metadata/glsa/glsa-200507-05.xml | 65 + .../metadata/glsa/glsa-200507-06.xml | 66 + .../metadata/glsa/glsa-200507-07.xml | 68 + .../metadata/glsa/glsa-200507-08.xml | 78 ++ .../metadata/glsa/glsa-200507-09.xml | 69 + .../metadata/glsa/glsa-200507-10.xml | 66 + .../metadata/glsa/glsa-200507-11.xml | 77 + .../metadata/glsa/glsa-200507-12.xml | 71 + .../metadata/glsa/glsa-200507-13.xml | 81 ++ .../metadata/glsa/glsa-200507-14.xml | 98 ++ .../metadata/glsa/glsa-200507-15.xml | 68 + .../metadata/glsa/glsa-200507-16.xml | 65 + .../metadata/glsa/glsa-200507-17.xml | 99 ++ .../metadata/glsa/glsa-200507-18.xml | 67 + .../metadata/glsa/glsa-200507-19.xml | 66 + .../metadata/glsa/glsa-200507-20.xml | 70 + .../metadata/glsa/glsa-200507-21.xml | 64 + .../metadata/glsa/glsa-200507-22.xml | 64 + .../metadata/glsa/glsa-200507-23.xml | 75 + .../metadata/glsa/glsa-200507-24.xml | 110 ++ .../metadata/glsa/glsa-200507-25.xml | 68 + .../metadata/glsa/glsa-200507-26.xml | 113 ++ .../metadata/glsa/glsa-200507-27.xml | 79 ++ .../metadata/glsa/glsa-200507-28.xml | 70 + .../metadata/glsa/glsa-200507-29.xml | 66 + .../metadata/glsa/glsa-200508-01.xml | 69 + .../metadata/glsa/glsa-200508-02.xml | 72 + .../metadata/glsa/glsa-200508-03.xml | 65 + .../metadata/glsa/glsa-200508-04.xml | 77 + .../metadata/glsa/glsa-200508-05.xml | 68 + .../metadata/glsa/glsa-200508-06.xml | 69 + .../metadata/glsa/glsa-200508-07.xml | 70 + .../metadata/glsa/glsa-200508-08.xml | 101 ++ .../metadata/glsa/glsa-200508-09.xml | 66 + .../metadata/glsa/glsa-200508-10.xml | 66 + .../metadata/glsa/glsa-200508-11.xml | 65 + .../metadata/glsa/glsa-200508-12.xml | 72 + .../metadata/glsa/glsa-200508-13.xml | 78 ++ .../metadata/glsa/glsa-200508-14.xml | 78 ++ .../metadata/glsa/glsa-200508-15.xml | 67 + .../metadata/glsa/glsa-200508-16.xml | 66 + .../metadata/glsa/glsa-200508-17.xml | 66 + .../metadata/glsa/glsa-200508-18.xml | 66 + .../metadata/glsa/glsa-200508-19.xml | 69 + .../metadata/glsa/glsa-200508-20.xml | 68 + .../metadata/glsa/glsa-200508-21.xml | 68 + .../metadata/glsa/glsa-200508-22.xml | 68 + .../metadata/glsa/glsa-200509-01.xml | 64 + .../metadata/glsa/glsa-200509-02.xml | 68 + .../metadata/glsa/glsa-200509-03.xml | 66 + .../metadata/glsa/glsa-200509-04.xml | 66 + .../metadata/glsa/glsa-200509-05.xml | 67 + .../metadata/glsa/glsa-200509-06.xml | 66 + .../metadata/glsa/glsa-200509-07.xml | 61 + .../metadata/glsa/glsa-200509-08.xml | 71 + .../metadata/glsa/glsa-200509-09.xml | 67 + .../metadata/glsa/glsa-200509-10.xml | 63 + .../metadata/glsa/glsa-200509-11.xml | 132 ++ .../metadata/glsa/glsa-200509-12.xml | 85 ++ .../metadata/glsa/glsa-200509-13.xml | 68 + .../metadata/glsa/glsa-200509-14.xml | 66 + .../metadata/glsa/glsa-200509-15.xml | 73 + .../metadata/glsa/glsa-200509-16.xml | 66 + .../metadata/glsa/glsa-200509-17.xml | 79 ++ .../metadata/glsa/glsa-200509-18.xml | 64 + .../metadata/glsa/glsa-200509-19.xml | 95 ++ .../metadata/glsa/glsa-200509-20.xml | 65 + .../metadata/glsa/glsa-200509-21.xml | 70 + .../metadata/glsa/glsa-200510-01.xml | 63 + .../metadata/glsa/glsa-200510-02.xml | 71 + .../metadata/glsa/glsa-200510-03.xml | 68 + .../metadata/glsa/glsa-200510-04.xml | 67 + .../metadata/glsa/glsa-200510-05.xml | 65 + .../metadata/glsa/glsa-200510-06.xml | 64 + .../metadata/glsa/glsa-200510-07.xml | 74 + .../metadata/glsa/glsa-200510-08.xml | 66 + .../metadata/glsa/glsa-200510-09.xml | 63 + .../metadata/glsa/glsa-200510-10.xml | 66 + .../metadata/glsa/glsa-200510-11.xml | 71 + .../metadata/glsa/glsa-200510-12.xml | 73 + .../metadata/glsa/glsa-200510-13.xml | 65 + .../metadata/glsa/glsa-200510-14.xml | 95 ++ .../metadata/glsa/glsa-200510-15.xml | 66 + .../metadata/glsa/glsa-200510-16.xml | 67 + .../metadata/glsa/glsa-200510-17.xml | 67 + .../metadata/glsa/glsa-200510-18.xml | 73 + .../metadata/glsa/glsa-200510-19.xml | 68 + .../metadata/glsa/glsa-200510-20.xml | 69 + .../metadata/glsa/glsa-200510-21.xml | 72 + .../metadata/glsa/glsa-200510-22.xml | 69 + .../metadata/glsa/glsa-200510-23.xml | 65 + .../metadata/glsa/glsa-200510-24.xml | 76 + .../metadata/glsa/glsa-200510-25.xml | 85 ++ .../metadata/glsa/glsa-200510-26.xml | 79 ++ .../metadata/glsa/glsa-200511-01.xml | 67 + .../metadata/glsa/glsa-200511-02.xml | 91 ++ .../metadata/glsa/glsa-200511-03.xml | 68 + .../metadata/glsa/glsa-200511-04.xml | 76 + .../metadata/glsa/glsa-200511-05.xml | 70 + .../metadata/glsa/glsa-200511-06.xml | 65 + .../metadata/glsa/glsa-200511-07.xml | 71 + .../metadata/glsa/glsa-200511-08.xml | 116 ++ .../metadata/glsa/glsa-200511-09.xml | 71 + .../metadata/glsa/glsa-200511-10.xml | 81 ++ .../metadata/glsa/glsa-200511-11.xml | 66 + .../metadata/glsa/glsa-200511-12.xml | 68 + .../metadata/glsa/glsa-200511-13.xml | 80 ++ .../metadata/glsa/glsa-200511-14.xml | 83 ++ .../metadata/glsa/glsa-200511-15.xml | 67 + .../metadata/glsa/glsa-200511-16.xml | 73 + .../metadata/glsa/glsa-200511-17.xml | 69 + .../metadata/glsa/glsa-200511-18.xml | 74 + .../metadata/glsa/glsa-200511-19.xml | 69 + .../metadata/glsa/glsa-200511-20.xml | 72 + .../metadata/glsa/glsa-200511-21.xml | 73 + .../metadata/glsa/glsa-200511-22.xml | 67 + .../metadata/glsa/glsa-200511-23.xml | 78 ++ .../metadata/glsa/glsa-200512-01.xml | 84 ++ .../metadata/glsa/glsa-200512-02.xml | 81 ++ .../metadata/glsa/glsa-200512-03.xml | 78 ++ .../metadata/glsa/glsa-200512-04.xml | 87 ++ .../metadata/glsa/glsa-200512-05.xml | 66 + .../metadata/glsa/glsa-200512-06.xml | 67 + .../metadata/glsa/glsa-200512-07.xml | 77 + .../metadata/glsa/glsa-200512-08.xml | 102 ++ .../metadata/glsa/glsa-200512-09.xml | 75 + .../metadata/glsa/glsa-200512-10.xml | 67 + .../metadata/glsa/glsa-200512-11.xml | 73 + .../metadata/glsa/glsa-200512-12.xml | 77 + .../metadata/glsa/glsa-200512-13.xml | 66 + .../metadata/glsa/glsa-200512-14.xml | 62 + .../metadata/glsa/glsa-200512-15.xml | 66 + .../metadata/glsa/glsa-200512-16.xml | 79 ++ .../metadata/glsa/glsa-200512-17.xml | 70 + .../metadata/glsa/glsa-200512-18.xml | 71 + .../metadata/glsa/glsa-200601-01.xml | 65 + .../metadata/glsa/glsa-200601-02.xml | 106 ++ .../metadata/glsa/glsa-200601-03.xml | 66 + .../metadata/glsa/glsa-200601-04.xml | 68 + .../metadata/glsa/glsa-200601-05.xml | 68 + .../metadata/glsa/glsa-200601-06.xml | 81 ++ .../metadata/glsa/glsa-200601-07.xml | 67 + .../metadata/glsa/glsa-200601-08.xml | 66 + .../metadata/glsa/glsa-200601-09.xml | 66 + .../metadata/glsa/glsa-200601-10.xml | 104 ++ .../metadata/glsa/glsa-200601-11.xml | 64 + .../metadata/glsa/glsa-200601-12.xml | 70 + .../metadata/glsa/glsa-200601-13.xml | 73 + .../metadata/glsa/glsa-200601-14.xml | 67 + .../metadata/glsa/glsa-200601-15.xml | 64 + .../metadata/glsa/glsa-200601-16.xml | 63 + .../metadata/glsa/glsa-200601-17.xml | 115 ++ .../metadata/glsa/glsa-200602-01.xml | 72 + .../metadata/glsa/glsa-200602-02.xml | 62 + .../metadata/glsa/glsa-200602-03.xml | 99 ++ .../metadata/glsa/glsa-200602-04.xml | 75 + .../metadata/glsa/glsa-200602-05.xml | 74 + .../metadata/glsa/glsa-200602-06.xml | 69 + .../metadata/glsa/glsa-200602-07.xml | 85 ++ .../metadata/glsa/glsa-200602-08.xml | 80 ++ .../metadata/glsa/glsa-200602-09.xml | 65 + .../metadata/glsa/glsa-200602-10.xml | 69 + .../metadata/glsa/glsa-200602-11.xml | 80 ++ .../metadata/glsa/glsa-200602-12.xml | 65 + .../metadata/glsa/glsa-200602-13.xml | 69 + .../metadata/glsa/glsa-200602-14.xml | 67 + .../metadata/glsa/glsa-200603-01.xml | 66 + .../metadata/glsa/glsa-200603-02.xml | 91 ++ .../metadata/glsa/glsa-200603-03.xml | 71 + .../metadata/glsa/glsa-200603-04.xml | 64 + .../metadata/glsa/glsa-200603-05.xml | 68 + .../metadata/glsa/glsa-200603-06.xml | 67 + .../metadata/glsa/glsa-200603-07.xml | 67 + .../metadata/glsa/glsa-200603-08.xml | 71 + .../metadata/glsa/glsa-200603-09.xml | 80 ++ .../metadata/glsa/glsa-200603-10.xml | 71 + .../metadata/glsa/glsa-200603-11.xml | 66 + .../metadata/glsa/glsa-200603-12.xml | 68 + .../metadata/glsa/glsa-200603-13.xml | 66 + .../metadata/glsa/glsa-200603-14.xml | 64 + .../metadata/glsa/glsa-200603-15.xml | 69 + .../metadata/glsa/glsa-200603-16.xml | 64 + .../metadata/glsa/glsa-200603-17.xml | 66 + .../metadata/glsa/glsa-200603-18.xml | 65 + .../metadata/glsa/glsa-200603-19.xml | 70 + .../metadata/glsa/glsa-200603-20.xml | 65 + .../metadata/glsa/glsa-200603-21.xml | 61 + .../metadata/glsa/glsa-200603-22.xml | 89 ++ .../metadata/glsa/glsa-200603-23.xml | 93 ++ .../metadata/glsa/glsa-200603-24.xml | 66 + .../metadata/glsa/glsa-200603-25.xml | 82 ++ .../metadata/glsa/glsa-200603-26.xml | 68 + .../metadata/glsa/glsa-200604-01.xml | 66 + .../metadata/glsa/glsa-200604-02.xml | 75 + .../metadata/glsa/glsa-200604-03.xml | 66 + .../metadata/glsa/glsa-200604-04.xml | 66 + .../metadata/glsa/glsa-200604-05.xml | 66 + .../metadata/glsa/glsa-200604-06.xml | 67 + .../metadata/glsa/glsa-200604-07.xml | 73 + .../metadata/glsa/glsa-200604-08.xml | 65 + .../metadata/glsa/glsa-200604-09.xml | 65 + .../metadata/glsa/glsa-200604-10.xml | 80 ++ .../metadata/glsa/glsa-200604-11.xml | 68 + .../metadata/glsa/glsa-200604-12.xml | 98 ++ .../metadata/glsa/glsa-200604-13.xml | 66 + .../metadata/glsa/glsa-200604-14.xml | 64 + .../metadata/glsa/glsa-200604-15.xml | 66 + .../metadata/glsa/glsa-200604-16.xml | 68 + .../metadata/glsa/glsa-200604-17.xml | 82 ++ .../metadata/glsa/glsa-200604-18.xml | 104 ++ .../metadata/glsa/glsa-200605-01.xml | 76 + .../metadata/glsa/glsa-200605-02.xml | 60 + .../metadata/glsa/glsa-200605-03.xml | 62 + .../metadata/glsa/glsa-200605-04.xml | 68 + .../metadata/glsa/glsa-200605-05.xml | 69 + .../metadata/glsa/glsa-200605-06.xml | 84 ++ .../metadata/glsa/glsa-200605-07.xml | 67 + .../metadata/glsa/glsa-200605-08.xml | 91 ++ .../metadata/glsa/glsa-200605-09.xml | 104 ++ .../metadata/glsa/glsa-200605-10.xml | 65 + .../metadata/glsa/glsa-200605-11.xml | 61 + .../metadata/glsa/glsa-200605-12.xml | 85 ++ .../metadata/glsa/glsa-200605-13.xml | 75 + .../metadata/glsa/glsa-200605-14.xml | 69 + .../metadata/glsa/glsa-200605-15.xml | 75 + .../metadata/glsa/glsa-200605-16.xml | 64 + .../metadata/glsa/glsa-200605-17.xml | 64 + .../metadata/glsa/glsa-200606-01.xml | 65 + .../metadata/glsa/glsa-200606-02.xml | 67 + .../metadata/glsa/glsa-200606-03.xml | 66 + .../metadata/glsa/glsa-200606-04.xml | 70 + .../metadata/glsa/glsa-200606-05.xml | 69 + .../metadata/glsa/glsa-200606-06.xml | 73 + .../metadata/glsa/glsa-200606-07.xml | 65 + .../metadata/glsa/glsa-200606-08.xml | 62 + .../metadata/glsa/glsa-200606-09.xml | 67 + .../metadata/glsa/glsa-200606-10.xml | 64 + .../metadata/glsa/glsa-200606-11.xml | 64 + .../metadata/glsa/glsa-200606-12.xml | 93 ++ .../metadata/glsa/glsa-200606-13.xml | 72 + .../metadata/glsa/glsa-200606-14.xml | 64 + .../metadata/glsa/glsa-200606-15.xml | 66 + .../metadata/glsa/glsa-200606-16.xml | 66 + .../metadata/glsa/glsa-200606-17.xml | 67 + .../metadata/glsa/glsa-200606-18.xml | 68 + .../metadata/glsa/glsa-200606-19.xml | 73 + .../metadata/glsa/glsa-200606-20.xml | 66 + .../metadata/glsa/glsa-200606-21.xml | 88 ++ .../metadata/glsa/glsa-200606-22.xml | 64 + .../metadata/glsa/glsa-200606-23.xml | 78 ++ .../metadata/glsa/glsa-200606-24.xml | 64 + .../metadata/glsa/glsa-200606-25.xml | 67 + .../metadata/glsa/glsa-200606-26.xml | 64 + .../metadata/glsa/glsa-200606-27.xml | 65 + .../metadata/glsa/glsa-200606-28.xml | 63 + .../metadata/glsa/glsa-200606-29.xml | 64 + .../metadata/glsa/glsa-200606-30.xml | 67 + .../metadata/glsa/glsa-200607-01.xml | 64 + .../metadata/glsa/glsa-200607-02.xml | 65 + .../metadata/glsa/glsa-200607-03.xml | 63 + .../metadata/glsa/glsa-200607-04.xml | 77 + .../metadata/glsa/glsa-200607-05.xml | 73 + .../metadata/glsa/glsa-200607-06.xml | 80 ++ .../metadata/glsa/glsa-200607-07.xml | 65 + .../metadata/glsa/glsa-200607-08.xml | 65 + .../metadata/glsa/glsa-200607-09.xml | 89 ++ .../metadata/glsa/glsa-200607-10.xml | 67 + .../metadata/glsa/glsa-200607-11.xml | 64 + .../metadata/glsa/glsa-200607-12.xml | 81 ++ .../metadata/glsa/glsa-200607-13.xml | 67 + .../metadata/glsa/glsa-200608-01.xml | 71 + .../metadata/glsa/glsa-200608-02.xml | 129 ++ .../metadata/glsa/glsa-200608-03.xml | 133 ++ .../metadata/glsa/glsa-200608-04.xml | 126 ++ .../metadata/glsa/glsa-200608-05.xml | 66 + .../metadata/glsa/glsa-200608-06.xml | 65 + .../metadata/glsa/glsa-200608-07.xml | 69 + .../metadata/glsa/glsa-200608-08.xml | 65 + .../metadata/glsa/glsa-200608-09.xml | 66 + .../metadata/glsa/glsa-200608-10.xml | 65 + .../metadata/glsa/glsa-200608-11.xml | 75 + .../metadata/glsa/glsa-200608-12.xml | 67 + .../metadata/glsa/glsa-200608-13.xml | 65 + .../metadata/glsa/glsa-200608-14.xml | 67 + .../metadata/glsa/glsa-200608-15.xml | 68 + .../metadata/glsa/glsa-200608-16.xml | 73 + .../metadata/glsa/glsa-200608-17.xml | 67 + .../metadata/glsa/glsa-200608-18.xml | 64 + .../metadata/glsa/glsa-200608-19.xml | 67 + .../metadata/glsa/glsa-200608-20.xml | 71 + .../metadata/glsa/glsa-200608-21.xml | 65 + .../metadata/glsa/glsa-200608-22.xml | 69 + .../metadata/glsa/glsa-200608-23.xml | 71 + .../metadata/glsa/glsa-200608-24.xml | 66 + .../metadata/glsa/glsa-200608-25.xml | 163 +++ .../metadata/glsa/glsa-200608-26.xml | 75 + .../metadata/glsa/glsa-200608-27.xml | 74 + .../metadata/glsa/glsa-200608-28.xml | 78 ++ .../metadata/glsa/glsa-200609-01.xml | 67 + .../metadata/glsa/glsa-200609-02.xml | 63 + .../metadata/glsa/glsa-200609-03.xml | 63 + .../metadata/glsa/glsa-200609-04.xml | 63 + .../metadata/glsa/glsa-200609-05.xml | 77 + .../metadata/glsa/glsa-200609-06.xml | 65 + .../metadata/glsa/glsa-200609-07.xml | 75 + .../metadata/glsa/glsa-200609-08.xml | 69 + .../metadata/glsa/glsa-200609-09.xml | 62 + .../metadata/glsa/glsa-200609-10.xml | 69 + .../metadata/glsa/glsa-200609-11.xml | 79 ++ .../metadata/glsa/glsa-200609-12.xml | 68 + .../metadata/glsa/glsa-200609-13.xml | 77 + .../metadata/glsa/glsa-200609-14.xml | 70 + .../metadata/glsa/glsa-200609-15.xml | 65 + .../metadata/glsa/glsa-200609-16.xml | 69 + .../metadata/glsa/glsa-200609-17.xml | 64 + .../metadata/glsa/glsa-200609-18.xml | 65 + .../metadata/glsa/glsa-200609-19.xml | 79 ++ .../metadata/glsa/glsa-200609-20.xml | 67 + .../metadata/glsa/glsa-200610-01.xml | 83 ++ .../metadata/glsa/glsa-200610-02.xml | 67 + .../metadata/glsa/glsa-200610-03.xml | 66 + .../metadata/glsa/glsa-200610-04.xml | 68 + .../metadata/glsa/glsa-200610-05.xml | 64 + .../metadata/glsa/glsa-200610-06.xml | 73 + .../metadata/glsa/glsa-200610-07.xml | 68 + .../metadata/glsa/glsa-200610-08.xml | 61 + .../metadata/glsa/glsa-200610-09.xml | 67 + .../metadata/glsa/glsa-200610-10.xml | 65 + .../metadata/glsa/glsa-200610-11.xml | 84 ++ .../metadata/glsa/glsa-200610-12.xml | 64 + .../metadata/glsa/glsa-200610-13.xml | 67 + .../metadata/glsa/glsa-200610-14.xml | 75 + .../metadata/glsa/glsa-200610-15.xml | 79 ++ .../metadata/glsa/glsa-200611-01.xml | 65 + .../metadata/glsa/glsa-200611-02.xml | 73 + .../metadata/glsa/glsa-200611-03.xml | 74 + .../metadata/glsa/glsa-200611-04.xml | 88 ++ .../metadata/glsa/glsa-200611-05.xml | 67 + .../metadata/glsa/glsa-200611-06.xml | 71 + .../metadata/glsa/glsa-200611-07.xml | 68 + .../metadata/glsa/glsa-200611-08.xml | 67 + .../metadata/glsa/glsa-200611-09.xml | 63 + .../metadata/glsa/glsa-200611-10.xml | 69 + .../metadata/glsa/glsa-200611-11.xml | 70 + .../metadata/glsa/glsa-200611-12.xml | 64 + .../metadata/glsa/glsa-200611-13.xml | 65 + .../metadata/glsa/glsa-200611-14.xml | 68 + .../metadata/glsa/glsa-200611-15.xml | 66 + .../metadata/glsa/glsa-200611-16.xml | 65 + .../metadata/glsa/glsa-200611-17.xml | 68 + .../metadata/glsa/glsa-200611-18.xml | 67 + .../metadata/glsa/glsa-200611-19.xml | 69 + .../metadata/glsa/glsa-200611-20.xml | 64 + .../metadata/glsa/glsa-200611-21.xml | 59 + .../metadata/glsa/glsa-200611-22.xml | 64 + .../metadata/glsa/glsa-200611-23.xml | 67 + .../metadata/glsa/glsa-200611-24.xml | 72 + .../metadata/glsa/glsa-200611-25.xml | 67 + .../metadata/glsa/glsa-200611-26.xml | 76 + .../metadata/glsa/glsa-200612-01.xml | 61 + .../metadata/glsa/glsa-200612-02.xml | 67 + .../metadata/glsa/glsa-200612-03.xml | 76 + .../metadata/glsa/glsa-200612-04.xml | 66 + .../metadata/glsa/glsa-200612-05.xml | 68 + .../metadata/glsa/glsa-200612-06.xml | 100 ++ .../metadata/glsa/glsa-200612-07.xml | 87 ++ .../metadata/glsa/glsa-200612-08.xml | 71 + .../metadata/glsa/glsa-200612-09.xml | 67 + .../metadata/glsa/glsa-200612-10.xml | 67 + .../metadata/glsa/glsa-200612-11.xml | 76 + .../metadata/glsa/glsa-200612-12.xml | 68 + .../metadata/glsa/glsa-200612-13.xml | 67 + .../metadata/glsa/glsa-200612-14.xml | 66 + .../metadata/glsa/glsa-200612-15.xml | 68 + .../metadata/glsa/glsa-200612-16.xml | 67 + .../metadata/glsa/glsa-200612-17.xml | 69 + .../metadata/glsa/glsa-200612-18.xml | 59 + .../metadata/glsa/glsa-200612-19.xml | 64 + .../metadata/glsa/glsa-200612-20.xml | 72 + .../metadata/glsa/glsa-200612-21.xml | 63 + .../metadata/glsa/glsa-200701-01.xml | 64 + .../metadata/glsa/glsa-200701-02.xml | 88 ++ .../metadata/glsa/glsa-200701-03.xml | 86 ++ .../metadata/glsa/glsa-200701-04.xml | 82 ++ .../metadata/glsa/glsa-200701-05.xml | 66 + .../metadata/glsa/glsa-200701-06.xml | 62 + .../metadata/glsa/glsa-200701-07.xml | 79 ++ .../metadata/glsa/glsa-200701-08.xml | 71 + .../metadata/glsa/glsa-200701-09.xml | 59 + .../metadata/glsa/glsa-200701-10.xml | 76 + .../metadata/glsa/glsa-200701-11.xml | 67 + .../metadata/glsa/glsa-200701-12.xml | 68 + .../metadata/glsa/glsa-200701-13.xml | 71 + .../metadata/glsa/glsa-200701-14.xml | 66 + .../metadata/glsa/glsa-200701-15.xml | 97 ++ .../metadata/glsa/glsa-200701-16.xml | 84 ++ .../metadata/glsa/glsa-200701-17.xml | 69 + .../metadata/glsa/glsa-200701-18.xml | 66 + .../metadata/glsa/glsa-200701-19.xml | 71 + .../metadata/glsa/glsa-200701-20.xml | 66 + .../metadata/glsa/glsa-200701-21.xml | 67 + .../metadata/glsa/glsa-200701-22.xml | 66 + .../metadata/glsa/glsa-200701-23.xml | 69 + .../metadata/glsa/glsa-200701-24.xml | 66 + .../metadata/glsa/glsa-200701-25.xml | 69 + .../metadata/glsa/glsa-200701-26.xml | 63 + .../metadata/glsa/glsa-200701-27.xml | 65 + .../metadata/glsa/glsa-200701-28.xml | 73 + .../metadata/glsa/glsa-200702-01.xml | 68 + .../metadata/glsa/glsa-200702-02.xml | 64 + .../metadata/glsa/glsa-200702-03.xml | 65 + .../metadata/glsa/glsa-200702-04.xml | 76 + .../metadata/glsa/glsa-200702-05.xml | 65 + .../metadata/glsa/glsa-200702-06.xml | 78 ++ .../metadata/glsa/glsa-200702-07.xml | 106 ++ .../metadata/glsa/glsa-200702-08.xml | 81 ++ .../metadata/glsa/glsa-200702-09.xml | 70 + .../metadata/glsa/glsa-200702-10.xml | 77 + .../metadata/glsa/glsa-200702-11.xml | 66 + .../metadata/glsa/glsa-200702-12.xml | 68 + .../metadata/glsa/glsa-200703-01.xml | 64 + .../metadata/glsa/glsa-200703-02.xml | 63 + .../metadata/glsa/glsa-200703-03.xml | 70 + .../metadata/glsa/glsa-200703-04.xml | 118 ++ .../metadata/glsa/glsa-200703-05.xml | 77 + .../metadata/glsa/glsa-200703-06.xml | 69 + .../metadata/glsa/glsa-200703-07.xml | 65 + .../metadata/glsa/glsa-200703-08.xml | 104 ++ .../metadata/glsa/glsa-200703-09.xml | 82 ++ .../metadata/glsa/glsa-200703-10.xml | 66 + .../metadata/glsa/glsa-200703-11.xml | 64 + .../metadata/glsa/glsa-200703-12.xml | 62 + .../metadata/glsa/glsa-200703-13.xml | 69 + .../metadata/glsa/glsa-200703-14.xml | 67 + .../metadata/glsa/glsa-200703-15.xml | 73 + .../metadata/glsa/glsa-200703-16.xml | 68 + .../metadata/glsa/glsa-200703-17.xml | 65 + .../metadata/glsa/glsa-200703-18.xml | 86 ++ .../metadata/glsa/glsa-200703-19.xml | 68 + .../metadata/glsa/glsa-200703-20.xml | 68 + .../metadata/glsa/glsa-200703-21.xml | 91 ++ .../metadata/glsa/glsa-200703-22.xml | 69 + .../metadata/glsa/glsa-200703-23.xml | 90 ++ .../metadata/glsa/glsa-200703-24.xml | 67 + .../metadata/glsa/glsa-200703-25.xml | 64 + .../metadata/glsa/glsa-200703-26.xml | 68 + .../metadata/glsa/glsa-200703-27.xml | 63 + .../metadata/glsa/glsa-200703-28.xml | 67 + .../metadata/glsa/glsa-200704-01.xml | 70 + .../metadata/glsa/glsa-200704-02.xml | 70 + .../metadata/glsa/glsa-200704-03.xml | 69 + .../metadata/glsa/glsa-200704-04.xml | 67 + .../metadata/glsa/glsa-200704-05.xml | 65 + .../metadata/glsa/glsa-200704-06.xml | 66 + .../metadata/glsa/glsa-200704-07.xml | 66 + .../metadata/glsa/glsa-200704-08.xml | 70 + .../metadata/glsa/glsa-200704-09.xml | 66 + .../metadata/glsa/glsa-200704-10.xml | 65 + .../metadata/glsa/glsa-200704-11.xml | 68 + .../metadata/glsa/glsa-200704-12.xml | 82 ++ .../metadata/glsa/glsa-200704-13.xml | 66 + .../metadata/glsa/glsa-200704-14.xml | 66 + .../metadata/glsa/glsa-200704-15.xml | 70 + .../metadata/glsa/glsa-200704-16.xml | 68 + .../metadata/glsa/glsa-200704-17.xml | 65 + .../metadata/glsa/glsa-200704-18.xml | 64 + .../metadata/glsa/glsa-200704-19.xml | 64 + .../metadata/glsa/glsa-200704-20.xml | 72 + .../metadata/glsa/glsa-200704-21.xml | 67 + .../metadata/glsa/glsa-200704-22.xml | 69 + .../metadata/glsa/glsa-200704-23.xml | 63 + .../metadata/glsa/glsa-200705-01.xml | 67 + .../metadata/glsa/glsa-200705-02.xml | 65 + .../metadata/glsa/glsa-200705-03.xml | 67 + .../metadata/glsa/glsa-200705-04.xml | 72 + .../metadata/glsa/glsa-200705-05.xml | 65 + .../metadata/glsa/glsa-200705-06.xml | 65 + .../metadata/glsa/glsa-200705-07.xml | 68 + .../metadata/glsa/glsa-200705-08.xml | 61 + .../metadata/glsa/glsa-200705-09.xml | 67 + .../metadata/glsa/glsa-200705-10.xml | 78 ++ .../metadata/glsa/glsa-200705-11.xml | 68 + .../metadata/glsa/glsa-200705-12.xml | 75 + .../metadata/glsa/glsa-200705-13.xml | 71 + .../metadata/glsa/glsa-200705-14.xml | 65 + .../metadata/glsa/glsa-200705-15.xml | 65 + .../metadata/glsa/glsa-200705-16.xml | 65 + .../metadata/glsa/glsa-200705-17.xml | 68 + .../metadata/glsa/glsa-200705-18.xml | 63 + .../metadata/glsa/glsa-200705-19.xml | 102 ++ .../metadata/glsa/glsa-200705-20.xml | 88 ++ .../metadata/glsa/glsa-200705-21.xml | 70 + .../metadata/glsa/glsa-200705-22.xml | 66 + .../metadata/glsa/glsa-200705-23.xml | 100 ++ .../metadata/glsa/glsa-200705-24.xml | 68 + .../metadata/glsa/glsa-200705-25.xml | 64 + .../metadata/glsa/glsa-200706-01.xml | 66 + .../metadata/glsa/glsa-200706-02.xml | 65 + .../metadata/glsa/glsa-200706-03.xml | 66 + .../metadata/glsa/glsa-200706-04.xml | 72 + .../metadata/glsa/glsa-200706-05.xml | 83 ++ .../metadata/glsa/glsa-200706-06.xml | 147 ++ .../metadata/glsa/glsa-200706-07.xml | 73 + .../metadata/glsa/glsa-200706-08.xml | 76 + .../metadata/glsa/glsa-200706-09.xml | 68 + .../metadata/glsa/glsa-200707-01.xml | 63 + .../metadata/glsa/glsa-200707-02.xml | 80 ++ .../metadata/glsa/glsa-200707-03.xml | 68 + .../metadata/glsa/glsa-200707-04.xml | 69 + .../metadata/glsa/glsa-200707-05.xml | 75 + .../metadata/glsa/glsa-200707-06.xml | 67 + .../metadata/glsa/glsa-200707-07.xml | 68 + .../metadata/glsa/glsa-200707-08.xml | 65 + .../metadata/glsa/glsa-200707-09.xml | 68 + .../metadata/glsa/glsa-200707-10.xml | 60 + .../metadata/glsa/glsa-200707-11.xml | 69 + .../metadata/glsa/glsa-200707-12.xml | 66 + .../metadata/glsa/glsa-200707-13.xml | 64 + .../metadata/glsa/glsa-200707-14.xml | 66 + .../metadata/glsa/glsa-200708-01.xml | 72 + .../metadata/glsa/glsa-200708-02.xml | 66 + .../metadata/glsa/glsa-200708-03.xml | 72 + .../metadata/glsa/glsa-200708-04.xml | 63 + .../metadata/glsa/glsa-200708-05.xml | 82 ++ .../metadata/glsa/glsa-200708-06.xml | 66 + .../metadata/glsa/glsa-200708-07.xml | 66 + .../metadata/glsa/glsa-200708-08.xml | 73 + .../metadata/glsa/glsa-200708-09.xml | 151 ++ .../metadata/glsa/glsa-200708-10.xml | 68 + .../metadata/glsa/glsa-200708-11.xml | 72 + .../metadata/glsa/glsa-200708-12.xml | 74 + .../metadata/glsa/glsa-200708-13.xml | 79 ++ .../metadata/glsa/glsa-200708-14.xml | 66 + .../metadata/glsa/glsa-200708-15.xml | 62 + .../metadata/glsa/glsa-200708-16.xml | 66 + .../metadata/glsa/glsa-200708-17.xml | 80 ++ .../metadata/glsa/glsa-200709-01.xml | 72 + .../metadata/glsa/glsa-200709-02.xml | 68 + .../metadata/glsa/glsa-200709-03.xml | 65 + .../metadata/glsa/glsa-200709-04.xml | 63 + .../metadata/glsa/glsa-200709-05.xml | 67 + .../metadata/glsa/glsa-200709-06.xml | 64 + .../metadata/glsa/glsa-200709-07.xml | 64 + .../metadata/glsa/glsa-200709-08.xml | 61 + .../metadata/glsa/glsa-200709-09.xml | 61 + .../metadata/glsa/glsa-200709-10.xml | 66 + .../metadata/glsa/glsa-200709-11.xml | 67 + .../metadata/glsa/glsa-200709-12.xml | 70 + .../metadata/glsa/glsa-200709-13.xml | 66 + .../metadata/glsa/glsa-200709-14.xml | 73 + .../metadata/glsa/glsa-200709-15.xml | 80 ++ .../metadata/glsa/glsa-200709-16.xml | 66 + .../metadata/glsa/glsa-200709-17.xml | 72 + .../metadata/glsa/glsa-200709-18.xml | 83 ++ .../metadata/glsa/glsa-200710-01.xml | 67 + .../metadata/glsa/glsa-200710-02.xml | 152 ++ .../metadata/glsa/glsa-200710-03.xml | 75 + .../metadata/glsa/glsa-200710-04.xml | 67 + .../metadata/glsa/glsa-200710-05.xml | 66 + .../metadata/glsa/glsa-200710-06.xml | 72 + .../metadata/glsa/glsa-200710-07.xml | 64 + .../metadata/glsa/glsa-200710-08.xml | 98 ++ .../metadata/glsa/glsa-200710-09.xml | 80 ++ .../metadata/glsa/glsa-200710-10.xml | 65 + .../metadata/glsa/glsa-200710-11.xml | 77 + .../metadata/glsa/glsa-200710-12.xml | 66 + .../metadata/glsa/glsa-200710-13.xml | 68 + .../metadata/glsa/glsa-200710-14.xml | 68 + .../metadata/glsa/glsa-200710-15.xml | 76 + .../metadata/glsa/glsa-200710-16.xml | 69 + .../metadata/glsa/glsa-200710-17.xml | 65 + .../metadata/glsa/glsa-200710-18.xml | 67 + .../metadata/glsa/glsa-200710-19.xml | 73 + .../metadata/glsa/glsa-200710-20.xml | 78 ++ .../metadata/glsa/glsa-200710-21.xml | 65 + .../metadata/glsa/glsa-200710-22.xml | 67 + .../metadata/glsa/glsa-200710-23.xml | 66 + .../metadata/glsa/glsa-200710-24.xml | 77 + .../metadata/glsa/glsa-200710-25.xml | 73 + .../metadata/glsa/glsa-200710-26.xml | 69 + .../metadata/glsa/glsa-200710-27.xml | 72 + .../metadata/glsa/glsa-200710-28.xml | 66 + .../metadata/glsa/glsa-200710-29.xml | 75 + .../metadata/glsa/glsa-200710-30.xml | 67 + .../metadata/glsa/glsa-200710-31.xml | 69 + .../metadata/glsa/glsa-200711-01.xml | 66 + .../metadata/glsa/glsa-200711-02.xml | 64 + .../metadata/glsa/glsa-200711-03.xml | 65 + .../metadata/glsa/glsa-200711-04.xml | 71 + .../metadata/glsa/glsa-200711-05.xml | 78 ++ .../metadata/glsa/glsa-200711-06.xml | 77 + .../metadata/glsa/glsa-200711-07.xml | 77 + .../metadata/glsa/glsa-200711-08.xml | 71 + .../metadata/glsa/glsa-200711-09.xml | 66 + .../metadata/glsa/glsa-200711-10.xml | 65 + .../metadata/glsa/glsa-200711-11.xml | 75 + .../metadata/glsa/glsa-200711-12.xml | 67 + .../metadata/glsa/glsa-200711-13.xml | 66 + .../metadata/glsa/glsa-200711-14.xml | 125 ++ .../metadata/glsa/glsa-200711-15.xml | 74 + .../metadata/glsa/glsa-200711-16.xml | 69 + .../metadata/glsa/glsa-200711-17.xml | 75 + .../metadata/glsa/glsa-200711-18.xml | 65 + .../metadata/glsa/glsa-200711-19.xml | 67 + .../metadata/glsa/glsa-200711-20.xml | 67 + .../metadata/glsa/glsa-200711-21.xml | 67 + .../metadata/glsa/glsa-200711-22.xml | 118 ++ .../metadata/glsa/glsa-200711-23.xml | 110 ++ .../metadata/glsa/glsa-200711-24.xml | 80 ++ .../metadata/glsa/glsa-200711-25.xml | 65 + .../metadata/glsa/glsa-200711-26.xml | 75 + .../metadata/glsa/glsa-200711-27.xml | 67 + .../metadata/glsa/glsa-200711-28.xml | 69 + .../metadata/glsa/glsa-200711-29.xml | 78 ++ .../metadata/glsa/glsa-200711-30.xml | 100 ++ .../metadata/glsa/glsa-200711-31.xml | 65 + .../metadata/glsa/glsa-200711-32.xml | 68 + .../metadata/glsa/glsa-200711-33.xml | 68 + .../metadata/glsa/glsa-200711-34.xml | 72 + .../metadata/glsa/glsa-200712-01.xml | 62 + .../metadata/glsa/glsa-200712-02.xml | 65 + .../metadata/glsa/glsa-200712-03.xml | 77 + .../metadata/glsa/glsa-200712-04.xml | 67 + .../metadata/glsa/glsa-200712-05.xml | 68 + .../metadata/glsa/glsa-200712-06.xml | 66 + .../metadata/glsa/glsa-200712-07.xml | 63 + .../metadata/glsa/glsa-200712-08.xml | 69 + .../metadata/glsa/glsa-200712-09.xml | 67 + .../metadata/glsa/glsa-200712-10.xml | 65 + .../metadata/glsa/glsa-200712-11.xml | 64 + .../metadata/glsa/glsa-200712-12.xml | 63 + .../metadata/glsa/glsa-200712-13.xml | 69 + .../metadata/glsa/glsa-200712-14.xml | 90 ++ .../metadata/glsa/glsa-200712-15.xml | 70 + .../metadata/glsa/glsa-200712-16.xml | 69 + .../metadata/glsa/glsa-200712-17.xml | 74 + .../metadata/glsa/glsa-200712-18.xml | 74 + .../metadata/glsa/glsa-200712-19.xml | 63 + .../metadata/glsa/glsa-200712-20.xml | 70 + .../metadata/glsa/glsa-200712-21.xml | 102 ++ .../metadata/glsa/glsa-200712-22.xml | 69 + .../metadata/glsa/glsa-200712-23.xml | 90 ++ .../metadata/glsa/glsa-200712-24.xml | 69 + .../metadata/glsa/glsa-200712-25.xml | 87 ++ .../metadata/glsa/glsa-200801-01.xml | 64 + .../metadata/glsa/glsa-200801-02.xml | 67 + .../metadata/glsa/glsa-200801-03.xml | 65 + .../metadata/glsa/glsa-200801-04.xml | 63 + .../metadata/glsa/glsa-200801-05.xml | 62 + .../metadata/glsa/glsa-200801-06.xml | 82 ++ .../metadata/glsa/glsa-200801-07.xml | 100 ++ .../metadata/glsa/glsa-200801-08.xml | 66 + .../metadata/glsa/glsa-200801-09.xml | 104 ++ .../metadata/glsa/glsa-200801-10.xml | 79 ++ .../metadata/glsa/glsa-200801-11.xml | 74 + .../metadata/glsa/glsa-200801-12.xml | 67 + .../metadata/glsa/glsa-200801-13.xml | 64 + .../metadata/glsa/glsa-200801-14.xml | 64 + .../metadata/glsa/glsa-200801-15.xml | 82 ++ .../metadata/glsa/glsa-200801-16.xml | 65 + .../metadata/glsa/glsa-200801-17.xml | 64 + .../metadata/glsa/glsa-200801-18.xml | 66 + .../metadata/glsa/glsa-200801-19.xml | 72 + .../metadata/glsa/glsa-200801-20.xml | 66 + .../metadata/glsa/glsa-200801-21.xml | 66 + .../metadata/glsa/glsa-200801-22.xml | 64 + .../metadata/glsa/glsa-200802-01.xml | 70 + .../metadata/glsa/glsa-200802-02.xml | 75 + .../metadata/glsa/glsa-200802-03.xml | 62 + .../metadata/glsa/glsa-200802-04.xml | 75 + .../metadata/glsa/glsa-200802-05.xml | 66 + .../metadata/glsa/glsa-200802-06.xml | 73 + .../metadata/glsa/glsa-200802-07.xml | 65 + .../metadata/glsa/glsa-200802-08.xml | 68 + .../metadata/glsa/glsa-200802-09.xml | 68 + .../metadata/glsa/glsa-200802-10.xml | 67 + .../metadata/glsa/glsa-200802-11.xml | 85 ++ .../metadata/glsa/glsa-200802-12.xml | 71 + .../metadata/glsa/glsa-200803-01.xml | 87 ++ .../metadata/glsa/glsa-200803-02.xml | 68 + .../metadata/glsa/glsa-200803-03.xml | 64 + .../metadata/glsa/glsa-200803-04.xml | 65 + .../metadata/glsa/glsa-200803-05.xml | 63 + .../metadata/glsa/glsa-200803-06.xml | 65 + .../metadata/glsa/glsa-200803-07.xml | 64 + .../metadata/glsa/glsa-200803-08.xml | 78 ++ .../metadata/glsa/glsa-200803-09.xml | 72 + .../metadata/glsa/glsa-200803-10.xml | 66 + .../metadata/glsa/glsa-200803-11.xml | 65 + .../metadata/glsa/glsa-200803-12.xml | 66 + .../metadata/glsa/glsa-200803-13.xml | 98 ++ .../metadata/glsa/glsa-200803-14.xml | 87 ++ .../metadata/glsa/glsa-200803-15.xml | 64 + .../metadata/glsa/glsa-200803-16.xml | 81 ++ .../metadata/glsa/glsa-200803-17.xml | 63 + .../metadata/glsa/glsa-200803-18.xml | 79 ++ .../metadata/glsa/glsa-200803-19.xml | 78 ++ .../metadata/glsa/glsa-200803-20.xml | 74 + .../metadata/glsa/glsa-200803-21.xml | 70 + .../metadata/glsa/glsa-200803-22.xml | 67 + .../metadata/glsa/glsa-200803-23.xml | 67 + .../metadata/glsa/glsa-200803-24.xml | 79 ++ .../metadata/glsa/glsa-200803-25.xml | 82 ++ .../metadata/glsa/glsa-200803-26.xml | 64 + .../metadata/glsa/glsa-200803-27.xml | 88 ++ .../metadata/glsa/glsa-200803-28.xml | 77 + .../metadata/glsa/glsa-200803-29.xml | 68 + .../metadata/glsa/glsa-200803-30.xml | 168 +++ .../metadata/glsa/glsa-200803-31.xml | 100 ++ .../metadata/glsa/glsa-200803-32.xml | 65 + .../metadata/glsa/glsa-200804-01.xml | 87 ++ .../metadata/glsa/glsa-200804-02.xml | 64 + .../metadata/glsa/glsa-200804-03.xml | 79 ++ .../metadata/glsa/glsa-200804-04.xml | 79 ++ .../metadata/glsa/glsa-200804-05.xml | 78 ++ .../metadata/glsa/glsa-200804-06.xml | 66 + .../metadata/glsa/glsa-200804-07.xml | 66 + .../metadata/glsa/glsa-200804-08.xml | 72 + .../metadata/glsa/glsa-200804-09.xml | 64 + .../metadata/glsa/glsa-200804-10.xml | 108 ++ .../metadata/glsa/glsa-200804-11.xml | 71 + .../metadata/glsa/glsa-200804-12.xml | 64 + .../metadata/glsa/glsa-200804-13.xml | 81 ++ .../metadata/glsa/glsa-200804-14.xml | 66 + .../metadata/glsa/glsa-200804-15.xml | 70 + .../metadata/glsa/glsa-200804-16.xml | 76 + .../metadata/glsa/glsa-200804-17.xml | 70 + .../metadata/glsa/glsa-200804-18.xml | 65 + .../metadata/glsa/glsa-200804-19.xml | 70 + .../metadata/glsa/glsa-200804-20.xml | 232 +++ .../metadata/glsa/glsa-200804-21.xml | 104 ++ .../metadata/glsa/glsa-200804-22.xml | 70 + .../metadata/glsa/glsa-200804-23.xml | 67 + .../metadata/glsa/glsa-200804-24.xml | 69 + .../metadata/glsa/glsa-200804-25.xml | 93 ++ .../metadata/glsa/glsa-200804-26.xml | 64 + .../metadata/glsa/glsa-200804-27.xml | 102 ++ .../metadata/glsa/glsa-200804-28.xml | 75 + .../metadata/glsa/glsa-200804-29.xml | 70 + .../metadata/glsa/glsa-200804-30.xml | 66 + .../metadata/glsa/glsa-200805-01.xml | 129 ++ .../metadata/glsa/glsa-200805-02.xml | 64 + .../metadata/glsa/glsa-200805-03.xml | 134 ++ .../metadata/glsa/glsa-200805-04.xml | 75 + .../metadata/glsa/glsa-200805-05.xml | 77 + .../metadata/glsa/glsa-200805-06.xml | 68 + .../metadata/glsa/glsa-200805-07.xml | 86 ++ .../metadata/glsa/glsa-200805-08.xml | 63 + .../metadata/glsa/glsa-200805-09.xml | 64 + .../metadata/glsa/glsa-200805-10.xml | 67 + .../metadata/glsa/glsa-200805-11.xml | 65 + .../metadata/glsa/glsa-200805-12.xml | 68 + .../metadata/glsa/glsa-200805-13.xml | 73 + .../metadata/glsa/glsa-200805-14.xml | 68 + .../metadata/glsa/glsa-200805-15.xml | 62 + .../metadata/glsa/glsa-200805-16.xml | 108 ++ .../metadata/glsa/glsa-200805-17.xml | 74 + .../metadata/glsa/glsa-200805-18.xml | 280 ++++ .../metadata/glsa/glsa-200805-19.xml | 100 ++ .../metadata/glsa/glsa-200805-20.xml | 80 ++ .../metadata/glsa/glsa-200805-21.xml | 69 + .../metadata/glsa/glsa-200805-22.xml | 67 + .../metadata/glsa/glsa-200805-23.xml | 67 + .../metadata/glsa/glsa-200806-01.xml | 67 + .../metadata/glsa/glsa-200806-02.xml | 66 + .../metadata/glsa/glsa-200806-03.xml | 72 + .../metadata/glsa/glsa-200806-04.xml | 80 ++ .../metadata/glsa/glsa-200806-05.xml | 65 + .../metadata/glsa/glsa-200806-06.xml | 75 + .../metadata/glsa/glsa-200806-07.xml | 97 ++ .../metadata/glsa/glsa-200806-08.xml | 77 + .../metadata/glsa/glsa-200806-09.xml | 86 ++ .../metadata/glsa/glsa-200806-10.xml | 83 ++ .../metadata/glsa/glsa-200806-11.xml | 97 ++ .../metadata/glsa/glsa-200807-01.xml | 87 ++ .../metadata/glsa/glsa-200807-02.xml | 70 + .../metadata/glsa/glsa-200807-03.xml | 76 + .../metadata/glsa/glsa-200807-04.xml | 63 + .../metadata/glsa/glsa-200807-05.xml | 76 + .../metadata/glsa/glsa-200807-06.xml | 84 ++ .../metadata/glsa/glsa-200807-07.xml | 75 + .../metadata/glsa/glsa-200807-08.xml | 73 + .../metadata/glsa/glsa-200807-09.xml | 64 + .../metadata/glsa/glsa-200807-10.xml | 66 + .../metadata/glsa/glsa-200807-11.xml | 65 + .../metadata/glsa/glsa-200807-12.xml | 67 + .../metadata/glsa/glsa-200807-13.xml | 70 + .../metadata/glsa/glsa-200807-14.xml | 63 + .../metadata/glsa/glsa-200807-15.xml | 66 + .../metadata/glsa/glsa-200807-16.xml | 107 ++ .../metadata/glsa/glsa-200808-01.xml | 87 ++ .../metadata/glsa/glsa-200808-02.xml | 74 + .../metadata/glsa/glsa-200808-03.xml | 247 ++++ .../metadata/glsa/glsa-200808-04.xml | 74 + .../metadata/glsa/glsa-200808-05.xml | 64 + .../metadata/glsa/glsa-200808-06.xml | 68 + .../metadata/glsa/glsa-200808-07.xml | 72 + .../metadata/glsa/glsa-200808-08.xml | 69 + .../metadata/glsa/glsa-200808-09.xml | 63 + .../metadata/glsa/glsa-200808-10.xml | 62 + .../metadata/glsa/glsa-200808-11.xml | 76 + .../metadata/glsa/glsa-200808-12.xml | 124 ++ .../metadata/glsa/glsa-200809-01.xml | 71 + .../metadata/glsa/glsa-200809-02.xml | 77 + .../metadata/glsa/glsa-200809-03.xml | 62 + .../metadata/glsa/glsa-200809-04.xml | 63 + .../metadata/glsa/glsa-200809-05.xml | 69 + .../metadata/glsa/glsa-200809-06.xml | 72 + .../metadata/glsa/glsa-200809-07.xml | 67 + .../metadata/glsa/glsa-200809-08.xml | 66 + .../metadata/glsa/glsa-200809-09.xml | 76 + .../metadata/glsa/glsa-200809-10.xml | 72 + .../metadata/glsa/glsa-200809-11.xml | 62 + .../metadata/glsa/glsa-200809-12.xml | 65 + .../metadata/glsa/glsa-200809-13.xml | 65 + .../metadata/glsa/glsa-200809-14.xml | 64 + .../metadata/glsa/glsa-200809-15.xml | 66 + .../metadata/glsa/glsa-200809-16.xml | 65 + .../metadata/glsa/glsa-200809-17.xml | 82 ++ .../metadata/glsa/glsa-200809-18.xml | 72 + .../metadata/glsa/glsa-200810-01.xml | 92 ++ .../metadata/glsa/glsa-200810-02.xml | 73 + .../metadata/glsa/glsa-200810-03.xml | 69 + .../metadata/glsa/glsa-200811-01.xml | 127 ++ .../metadata/glsa/glsa-200811-02.xml | 96 ++ .../metadata/glsa/glsa-200811-03.xml | 64 + .../metadata/glsa/glsa-200811-04.xml | 65 + .../metadata/glsa/glsa-200811-05.xml | 132 ++ .../metadata/glsa/glsa-200812-01.xml | 65 + .../metadata/glsa/glsa-200812-02.xml | 69 + .../metadata/glsa/glsa-200812-03.xml | 76 + .../metadata/glsa/glsa-200812-04.xml | 80 ++ .../metadata/glsa/glsa-200812-05.xml | 65 + .../metadata/glsa/glsa-200812-06.xml | 97 ++ .../metadata/glsa/glsa-200812-07.xml | 86 ++ .../metadata/glsa/glsa-200812-08.xml | 64 + .../metadata/glsa/glsa-200812-09.xml | 69 + .../metadata/glsa/glsa-200812-10.xml | 64 + .../metadata/glsa/glsa-200812-11.xml | 81 ++ .../metadata/glsa/glsa-200812-12.xml | 63 + .../metadata/glsa/glsa-200812-13.xml | 83 ++ .../metadata/glsa/glsa-200812-14.xml | 64 + .../metadata/glsa/glsa-200812-15.xml | 71 + .../metadata/glsa/glsa-200812-16.xml | 81 ++ .../metadata/glsa/glsa-200812-17.xml | 120 ++ .../metadata/glsa/glsa-200812-18.xml | 78 ++ .../metadata/glsa/glsa-200812-19.xml | 73 + .../metadata/glsa/glsa-200812-20.xml | 86 ++ .../metadata/glsa/glsa-200812-21.xml | 71 + .../metadata/glsa/glsa-200812-22.xml | 64 + .../metadata/glsa/glsa-200812-23.xml | 65 + .../metadata/glsa/glsa-200812-24.xml | 80 ++ .../metadata/glsa/glsa-200901-01.xml | 65 + .../metadata/glsa/glsa-200901-02.xml | 83 ++ .../metadata/glsa/glsa-200901-03.xml | 79 ++ .../metadata/glsa/glsa-200901-04.xml | 64 + .../metadata/glsa/glsa-200901-05.xml | 67 + .../metadata/glsa/glsa-200901-06.xml | 71 + .../metadata/glsa/glsa-200901-07.xml | 83 ++ .../metadata/glsa/glsa-200901-08.xml | 72 + .../metadata/glsa/glsa-200901-09.xml | 104 ++ .../metadata/glsa/glsa-200901-10.xml | 64 + .../metadata/glsa/glsa-200901-11.xml | 65 + .../metadata/glsa/glsa-200901-12.xml | 65 + .../metadata/glsa/glsa-200901-13.xml | 93 ++ .../metadata/glsa/glsa-200901-14.xml | 63 + .../metadata/glsa/glsa-200901-15.xml | 65 + .../metadata/glsa/glsa-200902-01.xml | 66 + .../metadata/glsa/glsa-200902-02.xml | 69 + .../metadata/glsa/glsa-200902-03.xml | 65 + .../metadata/glsa/glsa-200902-04.xml | 65 + .../metadata/glsa/glsa-200902-05.xml | 68 + .../metadata/glsa/glsa-200902-06.xml | 91 ++ .../metadata/glsa/glsa-200903-01.xml | 66 + .../metadata/glsa/glsa-200903-02.xml | 63 + .../metadata/glsa/glsa-200903-03.xml | 64 + .../metadata/glsa/glsa-200903-04.xml | 64 + .../metadata/glsa/glsa-200903-05.xml | 75 + .../metadata/glsa/glsa-200903-06.xml | 64 + .../metadata/glsa/glsa-200903-07.xml | 64 + .../metadata/glsa/glsa-200903-08.xml | 64 + .../metadata/glsa/glsa-200903-09.xml | 68 + .../metadata/glsa/glsa-200903-10.xml | 66 + .../metadata/glsa/glsa-200903-11.xml | 64 + .../metadata/glsa/glsa-200903-12.xml | 67 + .../metadata/glsa/glsa-200903-13.xml | 63 + .../metadata/glsa/glsa-200903-14.xml | 67 + .../metadata/glsa/glsa-200903-15.xml | 84 ++ .../metadata/glsa/glsa-200903-16.xml | 66 + .../metadata/glsa/glsa-200903-17.xml | 66 + .../metadata/glsa/glsa-200903-18.xml | 65 + .../metadata/glsa/glsa-200903-19.xml | 67 + .../metadata/glsa/glsa-200903-20.xml | 77 + .../metadata/glsa/glsa-200903-21.xml | 66 + .../metadata/glsa/glsa-200903-22.xml | 66 + .../metadata/glsa/glsa-200903-23.xml | 137 ++ .../metadata/glsa/glsa-200903-24.xml | 63 + .../metadata/glsa/glsa-200903-25.xml | 67 + .../metadata/glsa/glsa-200903-26.xml | 63 + .../metadata/glsa/glsa-200903-27.xml | 73 + .../metadata/glsa/glsa-200903-28.xml | 87 ++ .../metadata/glsa/glsa-200903-29.xml | 76 + .../metadata/glsa/glsa-200903-30.xml | 91 ++ .../metadata/glsa/glsa-200903-31.xml | 62 + .../metadata/glsa/glsa-200903-32.xml | 98 ++ .../metadata/glsa/glsa-200903-33.xml | 110 ++ .../metadata/glsa/glsa-200903-34.xml | 74 + .../metadata/glsa/glsa-200903-35.xml | 63 + .../metadata/glsa/glsa-200903-36.xml | 65 + .../metadata/glsa/glsa-200903-37.xml | 95 ++ .../metadata/glsa/glsa-200903-38.xml | 71 + .../metadata/glsa/glsa-200903-39.xml | 72 + .../metadata/glsa/glsa-200903-40.xml | 68 + .../metadata/glsa/glsa-200903-41.xml | 72 + .../metadata/glsa/glsa-200904-01.xml | 96 ++ .../metadata/glsa/glsa-200904-02.xml | 73 + .../metadata/glsa/glsa-200904-03.xml | 63 + .../metadata/glsa/glsa-200904-04.xml | 63 + .../metadata/glsa/glsa-200904-05.xml | 65 + .../metadata/glsa/glsa-200904-06.xml | 65 + .../metadata/glsa/glsa-200904-07.xml | 67 + .../metadata/glsa/glsa-200904-08.xml | 66 + .../metadata/glsa/glsa-200904-09.xml | 82 ++ .../metadata/glsa/glsa-200904-10.xml | 68 + .../metadata/glsa/glsa-200904-11.xml | 95 ++ .../metadata/glsa/glsa-200904-12.xml | 63 + .../metadata/glsa/glsa-200904-13.xml | 61 + .../metadata/glsa/glsa-200904-14.xml | 76 + .../metadata/glsa/glsa-200904-15.xml | 65 + .../metadata/glsa/glsa-200904-16.xml | 66 + .../metadata/glsa/glsa-200904-17.xml | 100 ++ .../metadata/glsa/glsa-200904-18.xml | 69 + .../metadata/glsa/glsa-200904-19.xml | 84 ++ .../metadata/glsa/glsa-200904-20.xml | 82 ++ .../metadata/glsa/glsa-200905-01.xml | 85 ++ .../metadata/glsa/glsa-200905-02.xml | 68 + .../metadata/glsa/glsa-200905-03.xml | 76 + .../metadata/glsa/glsa-200905-04.xml | 82 ++ .../metadata/glsa/glsa-200905-05.xml | 68 + .../metadata/glsa/glsa-200905-06.xml | 64 + .../metadata/glsa/glsa-200905-07.xml | 79 ++ .../metadata/glsa/glsa-200905-08.xml | 82 ++ .../metadata/glsa/glsa-200905-09.xml | 75 + .../metadata/glsa/glsa-200906-01.xml | 67 + .../metadata/glsa/glsa-200906-02.xml | 62 + .../metadata/glsa/glsa-200906-03.xml | 70 + .../metadata/glsa/glsa-200906-04.xml | 68 + .../metadata/glsa/glsa-200906-05.xml | 152 ++ .../metadata/glsa/glsa-200907-01.xml | 65 + .../metadata/glsa/glsa-200907-02.xml | 73 + .../metadata/glsa/glsa-200907-03.xml | 88 ++ .../metadata/glsa/glsa-200907-04.xml | 94 ++ .../metadata/glsa/glsa-200907-05.xml | 65 + .../metadata/glsa/glsa-200907-06.xml | 123 ++ .../metadata/glsa/glsa-200907-07.xml | 93 ++ .../metadata/glsa/glsa-200907-08.xml | 84 ++ .../metadata/glsa/glsa-200907-09.xml | 67 + .../metadata/glsa/glsa-200907-10.xml | 71 + .../metadata/glsa/glsa-200907-11.xml | 110 ++ .../metadata/glsa/glsa-200907-12.xml | 65 + .../metadata/glsa/glsa-200907-13.xml | 68 + .../metadata/glsa/glsa-200907-14.xml | 78 ++ .../metadata/glsa/glsa-200907-15.xml | 94 ++ .../metadata/glsa/glsa-200907-16.xml | 74 + .../metadata/glsa/glsa-200908-01.xml | 79 ++ .../metadata/glsa/glsa-200908-02.xml | 68 + .../metadata/glsa/glsa-200908-03.xml | 78 ++ .../metadata/glsa/glsa-200908-04.xml | 113 ++ .../metadata/glsa/glsa-200908-05.xml | 68 + .../metadata/glsa/glsa-200908-06.xml | 67 + .../metadata/glsa/glsa-200908-07.xml | 82 ++ .../metadata/glsa/glsa-200908-08.xml | 65 + .../metadata/glsa/glsa-200908-09.xml | 66 + .../metadata/glsa/glsa-200908-10.xml | 66 + .../metadata/glsa/glsa-200909-01.xml | 69 + .../metadata/glsa/glsa-200909-02.xml | 67 + .../metadata/glsa/glsa-200909-03.xml | 81 ++ .../metadata/glsa/glsa-200909-04.xml | 87 ++ .../metadata/glsa/glsa-200909-05.xml | 75 + .../metadata/glsa/glsa-200909-06.xml | 65 + .../metadata/glsa/glsa-200909-07.xml | 64 + .../metadata/glsa/glsa-200909-08.xml | 64 + .../metadata/glsa/glsa-200909-09.xml | 64 + .../metadata/glsa/glsa-200909-10.xml | 63 + .../metadata/glsa/glsa-200909-11.xml | 63 + .../metadata/glsa/glsa-200909-12.xml | 70 + .../metadata/glsa/glsa-200909-13.xml | 66 + .../metadata/glsa/glsa-200909-14.xml | 113 ++ .../metadata/glsa/glsa-200909-15.xml | 70 + .../metadata/glsa/glsa-200909-16.xml | 82 ++ .../metadata/glsa/glsa-200909-17.xml | 65 + .../metadata/glsa/glsa-200909-18.xml | 82 ++ .../metadata/glsa/glsa-200909-19.xml | 76 + .../metadata/glsa/glsa-200909-20.xml | 68 + .../metadata/glsa/glsa-200910-01.xml | 68 + .../metadata/glsa/glsa-200910-02.xml | 90 ++ .../metadata/glsa/glsa-200910-03.xml | 89 ++ .../metadata/glsa/glsa-200911-01.xml | 94 ++ .../metadata/glsa/glsa-200911-02.xml | 238 ++++ .../metadata/glsa/glsa-200911-03.xml | 97 ++ .../metadata/glsa/glsa-200911-04.xml | 66 + .../metadata/glsa/glsa-200911-05.xml | 86 ++ .../metadata/glsa/glsa-200911-06.xml | 69 + .../metadata/glsa/glsa-200912-01.xml | 95 ++ .../metadata/glsa/glsa-200912-02.xml | 116 ++ .../metadata/glsa/glsa-201001-01.xml | 66 + .../metadata/glsa/glsa-201001-02.xml | 83 ++ .../metadata/glsa/glsa-201001-03.xml | 116 ++ .../metadata/glsa/glsa-201001-04.xml | 105 ++ .../metadata/glsa/glsa-201001-05.xml | 67 + .../metadata/glsa/glsa-201001-06.xml | 68 + .../metadata/glsa/glsa-201001-07.xml | 66 + .../metadata/glsa/glsa-201001-08.xml | 85 ++ .../metadata/glsa/glsa-201001-09.xml | 77 + .../metadata/glsa/glsa-201003-01.xml | 76 + .../metadata/glsa/glsa-201006-01.xml | 73 + .../metadata/glsa/glsa-201006-02.xml | 74 + .../metadata/glsa/glsa-201006-03.xml | 72 + .../metadata/glsa/glsa-201006-04.xml | 92 ++ .../metadata/glsa/glsa-201006-05.xml | 67 + .../metadata/glsa/glsa-201006-06.xml | 64 + .../metadata/glsa/glsa-201006-07.xml | 80 ++ .../metadata/glsa/glsa-201006-08.xml | 67 + .../metadata/glsa/glsa-201006-09.xml | 66 + .../metadata/glsa/glsa-201006-10.xml | 70 + .../metadata/glsa/glsa-201006-11.xml | 74 + .../metadata/glsa/glsa-201006-12.xml | 85 ++ .../metadata/glsa/glsa-201006-13.xml | 84 ++ .../metadata/glsa/glsa-201006-14.xml | 70 + .../metadata/glsa/glsa-201006-15.xml | 72 + .../metadata/glsa/glsa-201006-16.xml | 70 + .../metadata/glsa/glsa-201006-17.xml | 64 + .../metadata/glsa/glsa-201006-18.xml | 141 ++ .../metadata/glsa/glsa-201006-19.xml | 85 ++ .../metadata/glsa/glsa-201006-20.xml | 88 ++ .../metadata/glsa/glsa-201006-21.xml | 76 + .../metadata/glsa/glsa-201009-01.xml | 79 ++ .../metadata/glsa/glsa-201009-02.xml | 66 + .../metadata/glsa/glsa-201009-03.xml | 75 + .../metadata/glsa/glsa-201009-04.xml | 68 + .../metadata/glsa/glsa-201009-05.xml | 111 ++ .../metadata/glsa/glsa-201009-06.xml | 67 + .../metadata/glsa/glsa-201009-07.xml | 80 ++ .../metadata/glsa/glsa-201009-08.xml | 65 + .../metadata/glsa/glsa-201009-09.xml | 63 + .../metadata/glsa/glsa-201010-01.xml | 92 ++ .../metadata/glsa/glsa-201011-01.xml | 76 + .../metadata/glsa/glsa-201012-01.xml | 99 ++ .../metadata/glsa/glsa-201101-01.xml | 68 + .../metadata/glsa/glsa-201101-02.xml | 65 + .../metadata/glsa/glsa-201101-03.xml | 71 + .../metadata/glsa/glsa-201101-04.xml | 62 + .../metadata/glsa/glsa-201101-05.xml | 70 + .../metadata/glsa/glsa-201101-06.xml | 65 + .../metadata/glsa/glsa-201101-07.xml | 68 + .../metadata/glsa/glsa-201101-08.xml | 89 ++ .../metadata/glsa/glsa-201101-09.xml | 131 ++ .../metadata/glsa/glsa-201110-01.xml | 103 ++ .../metadata/glsa/glsa-201110-02.xml | 105 ++ .../metadata/glsa/glsa-201110-03.xml | 81 ++ .../metadata/glsa/glsa-201110-04.xml | 78 ++ .../metadata/glsa/glsa-201110-05.xml | 64 + .../metadata/glsa/glsa-201110-06.xml | 133 ++ .../metadata/glsa/glsa-201110-07.xml | 49 + .../metadata/glsa/glsa-201110-08.xml | 54 + .../metadata/glsa/glsa-201110-09.xml | 49 + .../metadata/glsa/glsa-201110-10.xml | 62 + .../metadata/glsa/glsa-201110-11.xml | 135 ++ .../metadata/glsa/glsa-201110-12.xml | 49 + .../metadata/glsa/glsa-201110-13.xml | 67 + .../metadata/glsa/glsa-201110-14.xml | 56 + .../metadata/glsa/glsa-201110-15.xml | 59 + .../metadata/glsa/glsa-201110-16.xml | 59 + .../metadata/glsa/glsa-201110-17.xml | 53 + .../metadata/glsa/glsa-201110-18.xml | 50 + .../metadata/glsa/glsa-201110-19.xml | 71 + .../metadata/glsa/glsa-201110-20.xml | 66 + .../metadata/glsa/glsa-201110-21.xml | 76 + .../metadata/glsa/glsa-201110-22.xml | 179 +++ .../metadata/glsa/glsa-201110-23.xml | 57 + .../metadata/glsa/glsa-201110-24.xml | 67 + .../metadata/glsa/glsa-201110-25.xml | 61 + .../metadata/glsa/glsa-201110-26.xml | 59 + .../metadata/glsa/glsa-201111-01.xml | 210 +++ .../metadata/glsa/glsa-201111-02.xml | 169 +++ .../metadata/glsa/glsa-201111-03.xml | 59 + .../metadata/glsa/glsa-201111-04.xml | 59 + .../metadata/glsa/glsa-201111-05.xml | 100 ++ .../metadata/glsa/glsa-201111-06.xml | 55 + .../metadata/glsa/glsa-201111-07.xml | 58 + .../metadata/glsa/glsa-201111-08.xml | 55 + .../metadata/glsa/glsa-201111-09.xml | 75 + .../metadata/glsa/glsa-201111-10.xml | 63 + .../metadata/glsa/glsa-201111-11.xml | 58 + .../metadata/glsa/glsa-201111-12.xml | 67 + .../metadata/glsa/glsa-201201-01.xml | 150 ++ .../metadata/glsa/glsa-201201-02.xml | 101 ++ .../metadata/glsa/glsa-201201-03.xml | 115 ++ .../metadata/glsa/glsa-201201-04.xml | 53 + .../metadata/glsa/glsa-201201-05.xml | 62 + .../metadata/glsa/glsa-201201-06.xml | 56 + .../metadata/glsa/glsa-201201-07.xml | 69 + .../metadata/glsa/glsa-201201-08.xml | 58 + .../metadata/glsa/glsa-201201-09.xml | 120 ++ .../metadata/glsa/glsa-201201-10.xml | 66 + .../metadata/glsa/glsa-201201-11.xml | 57 + .../metadata/glsa/glsa-201201-12.xml | 68 + .../metadata/glsa/glsa-201201-13.xml | 86 ++ .../metadata/glsa/glsa-201201-14.xml | 70 + .../metadata/glsa/glsa-201201-15.xml | 59 + .../metadata/glsa/glsa-201201-16.xml | 70 + .../metadata/glsa/glsa-201201-17.xml | 72 + .../metadata/glsa/glsa-201201-18.xml | 66 + .../metadata/glsa/glsa-201201-19.xml | 108 ++ .../metadata/glsa/glsa-201202-01.xml | 158 +++ .../metadata/glsa/glsa-201202-02.xml | 72 + .../metadata/glsa/glsa-201202-03.xml | 49 + .../metadata/glsa/glsa-201202-04.xml | 64 + .../metadata/glsa/glsa-201202-05.xml | 51 + .../metadata/glsa/glsa-201202-06.xml | 50 + .../metadata/glsa/glsa-201202-07.xml | 56 + .../metadata/glsa/glsa-201202-08.xml | 49 + .../metadata/glsa/glsa-201202-09.xml | 54 + .../metadata/glsa/glsa-201203-01.xml | 49 + .../metadata/glsa/glsa-201203-02.xml | 80 ++ .../metadata/glsa/glsa-201203-03.xml | 65 + .../metadata/glsa/glsa-201203-04.xml | 50 + .../metadata/glsa/glsa-201203-05.xml | 49 + .../metadata/glsa/glsa-201203-06.xml | 63 + .../metadata/glsa/glsa-201203-07.xml | 54 + .../metadata/glsa/glsa-201203-08.xml | 49 + .../metadata/glsa/glsa-201203-09.xml | 60 + .../metadata/glsa/glsa-201203-10.xml | 64 + .../metadata/glsa/glsa-201203-11.xml | 53 + .../metadata/glsa/glsa-201203-12.xml | 108 ++ .../metadata/glsa/glsa-201203-13.xml | 62 + .../metadata/glsa/glsa-201203-14.xml | 73 + .../metadata/glsa/glsa-201203-15.xml | 59 + .../metadata/glsa/glsa-201203-16.xml | 84 ++ .../metadata/glsa/glsa-201203-17.xml | 64 + .../metadata/glsa/glsa-201203-18.xml | 55 + .../metadata/glsa/glsa-201203-19.xml | 148 ++ .../metadata/glsa/glsa-201203-20.xml | 50 + .../metadata/glsa/glsa-201203-21.xml | 63 + .../metadata/glsa/glsa-201203-22.xml | 82 ++ .../metadata/glsa/glsa-201203-23.xml | 61 + .../metadata/glsa/glsa-201203-24.xml | 103 ++ .../metadata/glsa/glsa-201204-01.xml | 66 + .../metadata/glsa/glsa-201204-02.xml | 50 + .../metadata/glsa/glsa-201204-03.xml | 94 ++ .../metadata/glsa/glsa-201204-04.xml | 69 + .../metadata/glsa/glsa-201204-05.xml | 56 + .../metadata/glsa/glsa-201204-06.xml | 68 + .../metadata/glsa/glsa-201204-07.xml | 78 ++ .../metadata/glsa/glsa-201204-08.xml | 53 + .../metadata/glsa/glsa-201205-01.xml | 60 + .../metadata/glsa/glsa-201205-02.xml | 58 + .../metadata/glsa/glsa-201205-03.xml | 119 ++ .../metadata/glsa/glsa-201205-04.xml | 99 ++ .../metadata/glsa/glsa-201206-01.xml | 69 + .../metadata/glsa/glsa-201206-02.xml | 54 + .../metadata/glsa/glsa-201206-03.xml | 186 +++ .../metadata/glsa/glsa-201206-04.xml | 54 + .../metadata/glsa/glsa-201206-05.xml | 68 + .../metadata/glsa/glsa-201206-06.xml | 48 + .../metadata/glsa/glsa-201206-07.xml | 54 + .../metadata/glsa/glsa-201206-08.xml | 60 + .../metadata/glsa/glsa-201206-09.xml | 68 + .../metadata/glsa/glsa-201206-10.xml | 55 + .../metadata/glsa/glsa-201206-11.xml | 56 + .../metadata/glsa/glsa-201206-12.xml | 51 + .../metadata/glsa/glsa-201206-13.xml | 87 ++ .../metadata/glsa/glsa-201206-14.xml | 58 + .../metadata/glsa/glsa-201206-15.xml | 113 ++ .../metadata/glsa/glsa-201206-16.xml | 67 + .../metadata/glsa/glsa-201206-17.xml | 48 + .../metadata/glsa/glsa-201206-18.xml | 71 + .../metadata/glsa/glsa-201206-19.xml | 54 + .../metadata/glsa/glsa-201206-20.xml | 64 + .../metadata/glsa/glsa-201206-21.xml | 60 + .../metadata/glsa/glsa-201206-22.xml | 76 + .../metadata/glsa/glsa-201206-23.xml | 44 + .../metadata/glsa/glsa-201206-24.xml | 110 ++ .../metadata/glsa/glsa-201206-25.xml | 76 + .../metadata/glsa/glsa-201206-26.xml | 88 ++ .../metadata/glsa/glsa-201206-27.xml | 51 + .../metadata/glsa/glsa-201206-28.xml | 56 + .../metadata/glsa/glsa-201206-29.xml | 53 + .../metadata/glsa/glsa-201206-30.xml | 51 + .../metadata/glsa/glsa-201206-31.xml | 73 + .../metadata/glsa/glsa-201206-32.xml | 51 + .../metadata/glsa/glsa-201206-33.xml | 55 + .../metadata/glsa/glsa-201206-34.xml | 51 + .../metadata/glsa/glsa-201206-35.xml | 53 + .../metadata/glsa/glsa-201206-36.xml | 60 + .../metadata/glsa/glsa-201207-01.xml | 50 + .../metadata/glsa/glsa-201207-02.xml | 52 + .../metadata/glsa/glsa-201207-03.xml | 49 + .../metadata/glsa/glsa-201207-04.xml | 65 + .../metadata/glsa/glsa-201207-05.xml | 52 + .../metadata/glsa/glsa-201207-06.xml | 48 + .../metadata/glsa/glsa-201207-07.xml | 50 + .../metadata/glsa/glsa-201207-08.xml | 61 + .../metadata/glsa/glsa-201207-09.xml | 65 + .../metadata/glsa/glsa-201207-10.xml | 91 ++ .../metadata/glsa/glsa-201208-01.xml | 51 + .../metadata/glsa/glsa-201208-02.xml | 72 + .../metadata/glsa/glsa-201208-03.xml | 87 ++ .../metadata/glsa/glsa-201208-04.xml | 58 + .../metadata/glsa/glsa-201208-05.xml | 54 + .../metadata/glsa/glsa-201208-06.xml | 50 + .../metadata/glsa/glsa-201209-01.xml | 60 + .../metadata/glsa/glsa-201209-02.xml | 95 ++ .../metadata/glsa/glsa-201209-03.xml | 92 ++ .../metadata/glsa/glsa-201209-04.xml | 67 + .../metadata/glsa/glsa-201209-05.xml | 85 ++ .../metadata/glsa/glsa-201209-06.xml | 61 + .../metadata/glsa/glsa-201209-07.xml | 56 + .../metadata/glsa/glsa-201209-08.xml | 49 + .../metadata/glsa/glsa-201209-09.xml | 53 + .../metadata/glsa/glsa-201209-10.xml | 50 + .../metadata/glsa/glsa-201209-11.xml | 62 + .../metadata/glsa/glsa-201209-12.xml | 57 + .../metadata/glsa/glsa-201209-13.xml | 54 + .../metadata/glsa/glsa-201209-14.xml | 49 + .../metadata/glsa/glsa-201209-15.xml | 66 + .../metadata/glsa/glsa-201209-16.xml | 51 + .../metadata/glsa/glsa-201209-17.xml | 50 + .../metadata/glsa/glsa-201209-18.xml | 54 + .../metadata/glsa/glsa-201209-19.xml | 49 + .../metadata/glsa/glsa-201209-20.xml | 48 + .../metadata/glsa/glsa-201209-21.xml | 50 + .../metadata/glsa/glsa-201209-22.xml | 48 + .../metadata/glsa/glsa-201209-23.xml | 63 + .../metadata/glsa/glsa-201209-24.xml | 102 ++ .../metadata/glsa/glsa-201209-25.xml | 209 +++ .../metadata/glsa/glsa-201210-01.xml | 49 + .../metadata/glsa/glsa-201210-02.xml | 61 + .../metadata/glsa/glsa-201210-03.xml | 51 + .../metadata/glsa/glsa-201210-04.xml | 61 + .../metadata/glsa/glsa-201210-05.xml | 66 + .../metadata/glsa/glsa-201210-06.xml | 67 + .../metadata/glsa/glsa-201210-07.xml | 103 ++ .../metadata/glsa/glsa-201211-01.xml | 78 ++ .../metadata/glsa/glsa-201301-01.xml | 1245 +++++++++++++++++ .../metadata/glsa/glsa-201301-02.xml | 49 + .../metadata/glsa/glsa-201301-03.xml | 57 + .../metadata/glsa/glsa-201301-04.xml | 53 + .../metadata/glsa/glsa-201301-05.xml | 52 + .../metadata/glsa/glsa-201301-06.xml | 63 + .../metadata/glsa/glsa-201301-07.xml | 61 + .../metadata/glsa/glsa-201304-01.xml | 63 + .../metadata/glsa/glsa-201307-01.xml | 58 + .../metadata/glsa/glsa-201308-01.xml | 53 + .../metadata/glsa/glsa-201308-02.xml | 58 + .../metadata/glsa/glsa-201308-03.xml | 130 ++ .../metadata/glsa/glsa-201308-04.xml | 62 + .../metadata/glsa/glsa-201308-05.xml | 121 ++ .../metadata/glsa/glsa-201308-06.xml | 161 +++ .../metadata/glsa/glsa-201309-01.xml | 57 + .../metadata/glsa/glsa-201309-02.xml | 59 + .../metadata/glsa/glsa-201309-03.xml | 56 + .../metadata/glsa/glsa-201309-04.xml | 54 + .../metadata/glsa/glsa-201309-05.xml | 58 + .../metadata/glsa/glsa-201309-06.xml | 139 ++ .../metadata/glsa/glsa-201309-07.xml | 54 + .../metadata/glsa/glsa-201309-08.xml | 65 + .../metadata/glsa/glsa-201309-09.xml | 70 + .../metadata/glsa/glsa-201309-10.xml | 51 + .../metadata/glsa/glsa-201309-11.xml | 73 + .../metadata/glsa/glsa-201309-12.xml | 62 + .../metadata/glsa/glsa-201309-13.xml | 51 + .../metadata/glsa/glsa-201309-14.xml | 52 + .../metadata/glsa/glsa-201309-15.xml | 66 + .../metadata/glsa/glsa-201309-16.xml | 234 ++++ .../metadata/glsa/glsa-201309-17.xml | 58 + .../metadata/glsa/glsa-201309-18.xml | 59 + .../metadata/glsa/glsa-201309-19.xml | 54 + .../metadata/glsa/glsa-201309-20.xml | 62 + .../metadata/glsa/glsa-201309-21.xml | 56 + .../metadata/glsa/glsa-201309-22.xml | 60 + .../metadata/glsa/glsa-201309-23.xml | 232 +++ .../metadata/glsa/glsa-201309-24.xml | 156 +++ .../metadata/glsa/glsa-201310-01.xml | 62 + .../metadata/glsa/glsa-201310-02.xml | 48 + .../metadata/glsa/glsa-201310-03.xml | 90 ++ .../metadata/glsa/glsa-201310-04.xml | 55 + .../metadata/glsa/glsa-201310-05.xml | 54 + .../metadata/glsa/glsa-201310-06.xml | 49 + .../metadata/glsa/glsa-201310-07.xml | 53 + .../metadata/glsa/glsa-201310-08.xml | 57 + .../metadata/glsa/glsa-201310-09.xml | 46 + .../metadata/glsa/glsa-201310-10.xml | 59 + .../metadata/glsa/glsa-201310-11.xml | 53 + .../metadata/glsa/glsa-201310-12.xml | 169 +++ .../metadata/glsa/glsa-201310-13.xml | 64 + .../metadata/glsa/glsa-201310-14.xml | 57 + .../metadata/glsa/glsa-201310-15.xml | 57 + .../metadata/glsa/glsa-201310-16.xml | 54 + .../metadata/glsa/glsa-201310-17.xml | 52 + .../metadata/glsa/glsa-201310-18.xml | 60 + .../metadata/glsa/glsa-201310-19.xml | 54 + .../metadata/glsa/glsa-201310-20.xml | 44 + .../metadata/glsa/glsa-201310-21.xml | 85 ++ .../metadata/glsa/glsa-201311-01.xml | 52 + .../metadata/glsa/glsa-201311-02.xml | 67 + .../metadata/glsa/glsa-201311-03.xml | 62 + .../metadata/glsa/glsa-201311-04.xml | 53 + .../metadata/glsa/glsa-201311-05.xml | 53 + .../metadata/glsa/glsa-201311-06.xml | 60 + .../metadata/glsa/glsa-201311-07.xml | 56 + .../metadata/glsa/glsa-201311-08.xml | 57 + .../metadata/glsa/glsa-201311-09.xml | 53 + .../metadata/glsa/glsa-201311-10.xml | 55 + .../metadata/glsa/glsa-201311-11.xml | 56 + .../metadata/glsa/glsa-201311-12.xml | 55 + .../metadata/glsa/glsa-201311-13.xml | 56 + .../metadata/glsa/glsa-201311-14.xml | 80 ++ .../metadata/glsa/glsa-201311-15.xml | 60 + .../metadata/glsa/glsa-201311-16.xml | 51 + .../metadata/glsa/glsa-201311-17.xml | 60 + .../metadata/glsa/glsa-201311-18.xml | 50 + .../metadata/glsa/glsa-201311-19.xml | 63 + .../metadata/glsa/glsa-201311-20.xml | 55 + .../metadata/glsa/glsa-201311-21.xml | 54 + .../metadata/glsa/glsa-201311-22.xml | 53 + .../metadata/glsa/glsa-201312-01.xml | 77 + .../metadata/glsa/glsa-201312-02.xml | 60 + .../metadata/glsa/glsa-201312-03.xml | 89 ++ .../metadata/glsa/glsa-201312-04.xml | 56 + .../metadata/glsa/glsa-201312-05.xml | 54 + .../metadata/glsa/glsa-201312-06.xml | 54 + .../metadata/glsa/glsa-201312-07.xml | 67 + .../metadata/glsa/glsa-201312-08.xml | 48 + .../metadata/glsa/glsa-201312-09.xml | 62 + .../metadata/glsa/glsa-201312-10.xml | 61 + .../metadata/glsa/glsa-201312-11.xml | 52 + .../metadata/glsa/glsa-201312-12.xml | 66 + .../metadata/glsa/glsa-201312-13.xml | 67 + .../metadata/glsa/glsa-201312-14.xml | 60 + .../metadata/glsa/glsa-201312-15.xml | 55 + .../metadata/glsa/glsa-201312-16.xml | 56 + .../metadata/glsa/glsa-201401-01.xml | 59 + .../metadata/glsa/glsa-201401-02.xml | 55 + .../metadata/glsa/glsa-201401-03.xml | 55 + .../metadata/glsa/glsa-201401-04.xml | 103 ++ .../metadata/glsa/glsa-201401-05.xml | 54 + .../metadata/glsa/glsa-201401-06.xml | 59 + .../metadata/glsa/glsa-201401-07.xml | 68 + .../metadata/glsa/glsa-201401-08.xml | 71 + .../metadata/glsa/glsa-201401-09.xml | 49 + .../metadata/glsa/glsa-201401-10.xml | 75 + .../metadata/glsa/glsa-201401-11.xml | 71 + .../metadata/glsa/glsa-201401-12.xml | 63 + .../metadata/glsa/glsa-201401-13.xml | 70 + .../metadata/glsa/glsa-201401-14.xml | 59 + .../metadata/glsa/glsa-201401-15.xml | 70 + .../metadata/glsa/glsa-201401-16.xml | 54 + .../metadata/glsa/glsa-201401-17.xml | 57 + .../metadata/glsa/glsa-201401-18.xml | 54 + .../metadata/glsa/glsa-201401-19.xml | 78 ++ .../metadata/glsa/glsa-201401-20.xml | 73 + .../metadata/glsa/glsa-201401-21.xml | 57 + .../metadata/glsa/glsa-201401-22.xml | 57 + .../metadata/glsa/glsa-201401-23.xml | 66 + .../metadata/glsa/glsa-201401-24.xml | 47 + .../metadata/glsa/glsa-201401-25.xml | 62 + .../metadata/glsa/glsa-201401-26.xml | 58 + .../metadata/glsa/glsa-201401-27.xml | 62 + .../metadata/glsa/glsa-201401-28.xml | 62 + .../metadata/glsa/glsa-201401-29.xml | 57 + .../metadata/glsa/glsa-201401-30.xml | 362 +++++ .../metadata/glsa/glsa-201401-31.xml | 54 + .../metadata/glsa/glsa-201401-32.xml | 60 + .../metadata/glsa/glsa-201401-33.xml | 51 + .../metadata/glsa/glsa-201401-34.xml | 59 + .../metadata/glsa/glsa-201402-01.xml | 53 + .../metadata/glsa/glsa-201402-02.xml | 80 ++ .../metadata/glsa/glsa-201402-03.xml | 56 + .../metadata/glsa/glsa-201402-04.xml | 65 + .../metadata/glsa/glsa-201402-05.xml | 58 + .../metadata/glsa/glsa-201402-06.xml | 67 + .../metadata/glsa/glsa-201402-07.xml | 58 + .../metadata/glsa/glsa-201402-08.xml | 61 + .../metadata/glsa/glsa-201402-09.xml | 55 + .../metadata/glsa/glsa-201402-10.xml | 49 + .../metadata/glsa/glsa-201402-11.xml | 51 + .../metadata/glsa/glsa-201402-12.xml | 51 + .../metadata/glsa/glsa-201402-13.xml | 52 + .../metadata/glsa/glsa-201402-14.xml | 62 + .../metadata/glsa/glsa-201402-15.xml | 63 + .../metadata/glsa/glsa-201402-16.xml | 57 + .../metadata/glsa/glsa-201402-17.xml | 52 + .../metadata/glsa/glsa-201402-18.xml | 49 + .../metadata/glsa/glsa-201402-19.xml | 56 + .../metadata/glsa/glsa-201402-20.xml | 59 + .../metadata/glsa/glsa-201402-21.xml | 78 ++ .../metadata/glsa/glsa-201402-22.xml | 62 + .../metadata/glsa/glsa-201402-23.xml | 53 + .../metadata/glsa/glsa-201402-24.xml | 90 ++ .../metadata/glsa/glsa-201402-25.xml | 56 + .../metadata/glsa/glsa-201402-26.xml | 52 + .../metadata/glsa/glsa-201402-27.xml | 51 + .../metadata/glsa/glsa-201402-28.xml | 56 + .../metadata/glsa/glsa-201402-29.xml | 51 + .../metadata/glsa/glsa-201403-01.xml | 141 ++ .../metadata/glsa/glsa-201403-02.xml | 53 + .../metadata/glsa/glsa-201403-03.xml | 51 + .../metadata/glsa/glsa-201403-04.xml | 55 + .../metadata/glsa/glsa-201403-05.xml | 67 + .../metadata/glsa/glsa-201403-06.xml | 50 + .../metadata/glsa/glsa-201403-07.xml | 47 + .../metadata/glsa/glsa-201403-08.xml | 57 + .../metadata/glsa/glsa-201404-01.xml | 55 + .../metadata/glsa/glsa-201404-02.xml | 49 + .../metadata/glsa/glsa-201404-03.xml | 51 + .../metadata/glsa/glsa-201404-04.xml | 49 + .../metadata/glsa/glsa-201404-05.xml | 69 + .../metadata/glsa/glsa-201404-06.xml | 54 + .../metadata/glsa/glsa-201404-07.xml | 91 ++ .../metadata/glsa/glsa-201405-01.xml | 62 + .../metadata/glsa/glsa-201405-02.xml | 54 + .../metadata/glsa/glsa-201405-03.xml | 60 + .../metadata/glsa/glsa-201405-04.xml | 71 + .../metadata/glsa/glsa-201405-05.xml | 75 + .../metadata/glsa/glsa-201405-06.xml | 85 ++ .../metadata/glsa/glsa-201405-07.xml | 90 ++ .../metadata/glsa/glsa-201405-08.xml | 60 + .../metadata/glsa/glsa-201405-09.xml | 67 + .../metadata/glsa/glsa-201405-10.xml | 80 ++ .../metadata/glsa/glsa-201405-11.xml | 46 + .../metadata/glsa/glsa-201405-12.xml | 65 + .../metadata/glsa/glsa-201405-13.xml | 66 + .../metadata/glsa/glsa-201405-14.xml | 46 + .../metadata/glsa/glsa-201405-15.xml | 57 + .../metadata/glsa/glsa-201405-16.xml | 48 + .../metadata/glsa/glsa-201405-17.xml | 55 + .../metadata/glsa/glsa-201405-18.xml | 48 + .../metadata/glsa/glsa-201405-19.xml | 60 + .../metadata/glsa/glsa-201405-20.xml | 53 + .../metadata/glsa/glsa-201405-21.xml | 63 + .../metadata/glsa/glsa-201405-22.xml | 81 ++ .../metadata/glsa/glsa-201405-23.xml | 61 + .../metadata/glsa/glsa-201405-24.xml | 77 + .../metadata/glsa/glsa-201405-25.xml | 48 + .../metadata/glsa/glsa-201405-26.xml | 49 + .../metadata/glsa/glsa-201405-27.xml | 58 + .../metadata/glsa/glsa-201405-28.xml | 57 + .../metadata/glsa/glsa-201406-01.xml | 67 + .../metadata/glsa/glsa-201406-02.xml | 64 + .../metadata/glsa/glsa-201406-03.xml | 61 + .../metadata/glsa/glsa-201406-04.xml | 55 + .../metadata/glsa/glsa-201406-05.xml | 54 + .../metadata/glsa/glsa-201406-06.xml | 71 + .../metadata/glsa/glsa-201406-07.xml | 59 + .../metadata/glsa/glsa-201406-08.xml | 60 + .../metadata/glsa/glsa-201406-09.xml | 59 + .../metadata/glsa/glsa-201406-10.xml | 60 + .../metadata/glsa/glsa-201406-11.xml | 54 + .../metadata/glsa/glsa-201406-12.xml | 54 + .../metadata/glsa/glsa-201406-13.xml | 68 + .../metadata/glsa/glsa-201406-14.xml | 72 + .../metadata/glsa/glsa-201406-15.xml | 53 + .../metadata/glsa/glsa-201406-16.xml | 59 + .../metadata/glsa/glsa-201406-17.xml | 59 + .../metadata/glsa/glsa-201406-18.xml | 54 + .../metadata/glsa/glsa-201406-19.xml | 66 + .../metadata/glsa/glsa-201406-20.xml | 55 + .../metadata/glsa/glsa-201406-21.xml | 56 + .../metadata/glsa/glsa-201406-22.xml | 58 + .../metadata/glsa/glsa-201406-23.xml | 53 + .../metadata/glsa/glsa-201406-24.xml | 55 + .../metadata/glsa/glsa-201406-25.xml | 62 + .../metadata/glsa/glsa-201406-26.xml | 75 + .../metadata/glsa/glsa-201406-27.xml | 105 ++ .../metadata/glsa/glsa-201406-28.xml | 81 ++ .../metadata/glsa/glsa-201406-29.xml | 49 + .../metadata/glsa/glsa-201406-30.xml | 54 + .../metadata/glsa/glsa-201406-31.xml | 57 + .../metadata/glsa/glsa-201406-32.xml | 305 ++++ .../metadata/glsa/glsa-201406-33.xml | 70 + .../metadata/glsa/glsa-201406-34.xml | 62 + .../metadata/glsa/glsa-201406-35.xml | 54 + .../metadata/glsa/glsa-201406-36.xml | 65 + .../metadata/glsa/glsa-201407-01.xml | 49 + .../metadata/glsa/glsa-201407-02.xml | 54 + .../metadata/glsa/glsa-201407-03.xml | 145 ++ .../metadata/glsa/glsa-201407-04.xml | 58 + .../metadata/glsa/glsa-201407-05.xml | 87 ++ .../metadata/glsa/glsa-201408-01.xml | 57 + .../metadata/glsa/glsa-201408-02.xml | 52 + .../metadata/glsa/glsa-201408-03.xml | 51 + .../metadata/glsa/glsa-201408-04.xml | 54 + .../metadata/glsa/glsa-201408-05.xml | 59 + .../metadata/glsa/glsa-201408-06.xml | 85 ++ .../metadata/glsa/glsa-201408-07.xml | 54 + .../metadata/glsa/glsa-201408-08.xml | 52 + .../metadata/glsa/glsa-201408-09.xml | 56 + .../metadata/glsa/glsa-201408-10.xml | 51 + .../metadata/glsa/glsa-201408-11.xml | 137 ++ .../metadata/glsa/glsa-201408-12.xml | 59 + .../metadata/glsa/glsa-201408-13.xml | 52 + .../metadata/glsa/glsa-201408-14.xml | 56 + .../metadata/glsa/glsa-201408-15.xml | 97 ++ .../metadata/glsa/glsa-201408-16.xml | 123 ++ .../metadata/glsa/glsa-201408-17.xml | 74 + .../metadata/glsa/glsa-201408-18.xml | 57 + .../metadata/glsa/glsa-201408-19.xml | 120 ++ .../metadata/glsa/glsa-201409-01.xml | 53 + .../metadata/glsa/glsa-201409-02.xml | 56 + .../metadata/glsa/glsa-201409-03.xml | 50 + .../metadata/glsa/glsa-201409-04.xml | 96 ++ .../metadata/glsa/glsa-201409-05.xml | 63 + .../metadata/glsa/glsa-201409-06.xml | 52 + .../metadata/glsa/glsa-201409-07.xml | 55 + .../metadata/glsa/glsa-201409-08.xml | 52 + .../metadata/glsa/glsa-201409-09.xml | 81 ++ .../metadata/glsa/glsa-201409-10.xml | 91 ++ .../metadata/glsa/glsa-201410-01.xml | 94 ++ .../metadata/glsa/glsa-201410-02.xml | 64 + .../metadata/glsa/glsa-201411-01.xml | 107 ++ .../metadata/glsa/glsa-201411-02.xml | 71 + .../metadata/glsa/glsa-201411-03.xml | 50 + .../metadata/glsa/glsa-201411-04.xml | 85 ++ .../metadata/glsa/glsa-201411-05.xml | 49 + .../metadata/glsa/glsa-201411-06.xml | 73 + .../metadata/glsa/glsa-201411-07.xml | 52 + .../metadata/glsa/glsa-201411-08.xml | 56 + .../metadata/glsa/glsa-201411-09.xml | 55 + .../metadata/glsa/glsa-201411-10.xml | 53 + .../metadata/glsa/glsa-201411-11.xml | 56 + .../metadata/glsa/glsa-201412-01.xml | 61 + .../metadata/glsa/glsa-201412-02.xml | 52 + .../metadata/glsa/glsa-201412-03.xml | 49 + .../metadata/glsa/glsa-201412-04.xml | 83 ++ .../metadata/glsa/glsa-201412-05.xml | 53 + .../metadata/glsa/glsa-201412-06.xml | 51 + .../metadata/glsa/glsa-201412-07.xml | 59 + .../metadata/glsa/glsa-201412-08.xml | 428 ++++++ .../metadata/glsa/glsa-201412-09.xml | 439 ++++++ .../metadata/glsa/glsa-201412-10.xml | 166 +++ .../metadata/glsa/glsa-201412-11.xml | 85 ++ .../metadata/glsa/glsa-201412-12.xml | 62 + .../metadata/glsa/glsa-201412-13.xml | 74 + .../metadata/glsa/glsa-201412-14.xml | 50 + .../metadata/glsa/glsa-201412-15.xml | 61 + .../metadata/glsa/glsa-201412-16.xml | 56 + .../metadata/glsa/glsa-201412-17.xml | 62 + .../metadata/glsa/glsa-201412-18.xml | 49 + .../metadata/glsa/glsa-201412-19.xml | 51 + .../metadata/glsa/glsa-201412-20.xml | 53 + .../metadata/glsa/glsa-201412-21.xml | 58 + .../metadata/glsa/glsa-201412-22.xml | 67 + .../metadata/glsa/glsa-201412-23.xml | 52 + .../metadata/glsa/glsa-201412-24.xml | 60 + .../metadata/glsa/glsa-201412-25.xml | 48 + .../metadata/glsa/glsa-201412-26.xml | 53 + .../metadata/glsa/glsa-201412-27.xml | 78 ++ .../metadata/glsa/glsa-201412-28.xml | 89 ++ .../metadata/glsa/glsa-201412-29.xml | 87 ++ .../metadata/glsa/glsa-201412-30.xml | 55 + .../metadata/glsa/glsa-201412-31.xml | 49 + .../metadata/glsa/glsa-201412-32.xml | 51 + .../metadata/glsa/glsa-201412-33.xml | 59 + .../metadata/glsa/glsa-201412-34.xml | 55 + .../metadata/glsa/glsa-201412-35.xml | 55 + .../metadata/glsa/glsa-201412-36.xml | 50 + .../metadata/glsa/glsa-201412-37.xml | 58 + .../metadata/glsa/glsa-201412-38.xml | 59 + .../metadata/glsa/glsa-201412-39.xml | 91 ++ .../metadata/glsa/glsa-201412-40.xml | 54 + .../metadata/glsa/glsa-201412-41.xml | 46 + .../metadata/glsa/glsa-201412-42.xml | 61 + .../metadata/glsa/glsa-201412-43.xml | 55 + .../metadata/glsa/glsa-201412-44.xml | 49 + .../metadata/glsa/glsa-201412-45.xml | 48 + .../metadata/glsa/glsa-201412-46.xml | 59 + .../metadata/glsa/glsa-201412-47.xml | 79 ++ .../metadata/glsa/glsa-201412-48.xml | 49 + .../metadata/glsa/glsa-201412-49.xml | 54 + .../metadata/glsa/glsa-201412-50.xml | 53 + .../metadata/glsa/glsa-201412-51.xml | 56 + .../metadata/glsa/glsa-201412-52.xml | 61 + .../metadata/glsa/glsa-201412-53.xml | 57 + .../metadata/glsa/glsa-201502-01.xml | 55 + .../metadata/glsa/glsa-201502-02.xml | 83 ++ .../metadata/glsa/glsa-201502-03.xml | 56 + .../metadata/glsa/glsa-201502-04.xml | 109 ++ .../metadata/glsa/glsa-201502-05.xml | 65 + .../metadata/glsa/glsa-201502-06.xml | 49 + .../metadata/glsa/glsa-201502-07.xml | 52 + .../metadata/glsa/glsa-201502-08.xml | 67 + .../metadata/glsa/glsa-201502-09.xml | 47 + .../metadata/glsa/glsa-201502-10.xml | 82 ++ .../metadata/glsa/glsa-201502-11.xml | 59 + .../metadata/glsa/glsa-201502-12.xml | 162 +++ .../metadata/glsa/glsa-201502-13.xml | 91 ++ .../metadata/glsa/glsa-201502-14.xml | 47 + .../metadata/glsa/glsa-201502-15.xml | 68 + .../metadata/glsa/glsa-201503-01.xml | 57 + .../metadata/glsa/glsa-201503-02.xml | 49 + .../metadata/glsa/glsa-201503-03.xml | 82 ++ .../metadata/glsa/glsa-201503-04.xml | 83 ++ .../metadata/glsa/glsa-201503-05.xml | 69 + .../metadata/glsa/glsa-201503-06.xml | 55 + .../metadata/glsa/glsa-201503-07.xml | 54 + .../metadata/glsa/glsa-201503-08.xml | 54 + .../metadata/glsa/glsa-201503-09.xml | 63 + .../metadata/glsa/glsa-201503-10.xml | 78 ++ .../metadata/glsa/glsa-201503-11.xml | 116 ++ .../metadata/glsa/glsa-201503-12.xml | 70 + .../metadata/glsa/glsa-201503-13.xml | 58 + .../metadata/glsa/glsa-201504-01.xml | 305 ++++ .../metadata/glsa/glsa-201504-02.xml | 49 + .../metadata/glsa/glsa-201504-03.xml | 58 + .../metadata/glsa/glsa-201504-04.xml | 89 ++ .../metadata/glsa/glsa-201504-05.xml | 76 + .../metadata/glsa/glsa-201504-06.xml | 68 + .../metadata/glsa/glsa-201504-07.xml | 73 + .../metadata/glsa/glsa-201505-01.xml | 58 + .../metadata/glsa/glsa-201505-02.xml | 70 + .../metadata/glsa/glsa-201505-03.xml | 80 ++ .../metadata/glsa/glsa-201506-01.xml | 68 + .../metadata/glsa/glsa-201506-02.xml | 74 + .../metadata/glsa/glsa-201506-03.xml | 53 + .../metadata/glsa/glsa-201506-04.xml | 84 ++ .../metadata/glsa/glsa-201507-01.xml | 53 + .../metadata/glsa/glsa-201507-02.xml | 58 + .../metadata/glsa/glsa-201507-03.xml | 51 + .../metadata/glsa/glsa-201507-04.xml | 59 + .../metadata/glsa/glsa-201507-05.xml | 53 + .../metadata/glsa/glsa-201507-06.xml | 54 + .../metadata/glsa/glsa-201507-07.xml | 57 + .../metadata/glsa/glsa-201507-08.xml | 51 + .../metadata/glsa/glsa-201507-09.xml | 51 + .../metadata/glsa/glsa-201507-10.xml | 51 + .../metadata/glsa/glsa-201507-11.xml | 49 + .../metadata/glsa/glsa-201507-12.xml | 55 + .../metadata/glsa/glsa-201507-13.xml | 90 ++ .../metadata/glsa/glsa-201507-14.xml | 100 ++ .../metadata/glsa/glsa-201507-15.xml | 66 + .../metadata/glsa/glsa-201507-16.xml | 49 + .../metadata/glsa/glsa-201507-17.xml | 50 + .../metadata/glsa/glsa-201507-18.xml | 51 + .../metadata/glsa/glsa-201507-19.xml | 80 ++ .../metadata/glsa/glsa-201507-20.xml | 106 ++ .../metadata/glsa/glsa-201507-21.xml | 61 + .../metadata/glsa/glsa-201507-22.xml | 51 + .../metadata/glsa/glsa-201508-01.xml | 93 ++ .../metadata/glsa/glsa-201508-02.xml | 66 + .../metadata/glsa/glsa-201508-03.xml | 53 + .../metadata/glsa/glsa-201509-01.xml | 54 + .../metadata/glsa/glsa-201509-02.xml | 57 + .../metadata/glsa/glsa-201509-03.xml | 61 + .../metadata/glsa/glsa-201509-04.xml | 53 + .../metadata/glsa/glsa-201509-05.xml | 55 + .../metadata/glsa/glsa-201509-06.xml | 72 + .../metadata/glsa/glsa-201509-07.xml | 80 ++ .../metadata/glsa/glsa-201510-01.xml | 56 + .../metadata/glsa/glsa-201510-02.xml | 55 + .../metadata/glsa/glsa-201510-03.xml | 69 + .../metadata/glsa/glsa-201510-04.xml | 55 + .../metadata/glsa/glsa-201510-05.xml | 91 ++ .../metadata/glsa/glsa-201510-06.xml | 78 ++ .../metadata/glsa/glsa-201510-07.xml | 52 + .../metadata/glsa/glsa-201510-08.xml | 54 + .../metadata/glsa/glsa-201511-01.xml | 57 + .../metadata/glsa/glsa-201511-02.xml | 88 ++ .../metadata/glsa/glsa-201512-01.xml | 53 + .../metadata/glsa/glsa-201512-02.xml | 49 + .../metadata/glsa/glsa-201512-03.xml | 63 + .../metadata/glsa/glsa-201512-04.xml | 56 + .../metadata/glsa/glsa-201512-05.xml | 61 + .../metadata/glsa/glsa-201512-06.xml | 53 + .../metadata/glsa/glsa-201512-07.xml | 58 + .../metadata/glsa/glsa-201512-08.xml | 59 + .../metadata/glsa/glsa-201512-09.xml | 54 + .../metadata/glsa/glsa-201512-10.xml | 178 +++ .../metadata/glsa/glsa-201512-11.xml | 58 + .../metadata/glsa/glsa-201512-12.xml | 53 + .../metadata/glsa/glsa-201512-13.xml | 56 + .../metadata/glsa/glsa-201601-01.xml | 66 + .../metadata/glsa/glsa-201601-02.xml | 67 + .../metadata/glsa/glsa-201601-03.xml | 152 ++ .../metadata/glsa/glsa-201601-04.xml | 49 + .../metadata/glsa/glsa-201601-05.xml | 80 ++ .../metadata/glsa/glsa-201602-01.xml | 93 ++ .../metadata/glsa/glsa-201602-02.xml | 116 ++ .../metadata/glsa/glsa-201602-03.xml | 61 + .../metadata/glsa/glsa-201603-01.xml | 62 + .../metadata/glsa/glsa-201603-02.xml | 48 + .../metadata/glsa/glsa-201603-03.xml | 60 + .../metadata/glsa/glsa-201603-04.xml | 59 + .../metadata/glsa/glsa-201603-05.xml | 100 ++ .../metadata/glsa/glsa-201603-06.xml | 124 ++ .../metadata/glsa/glsa-201603-07.xml | 96 ++ .../metadata/glsa/glsa-201603-08.xml | 92 ++ .../metadata/glsa/glsa-201603-09.xml | 168 +++ .../metadata/glsa/glsa-201603-10.xml | 64 + .../metadata/glsa/glsa-201603-11.xml | 161 +++ .../metadata/glsa/glsa-201603-12.xml | 77 + .../metadata/glsa/glsa-201603-13.xml | 57 + .../metadata/glsa/glsa-201603-14.xml | 137 ++ .../metadata/glsa/glsa-201603-15.xml | 81 ++ .../metadata/glsa/glsa-201604-01.xml | 69 + .../metadata/glsa/glsa-201604-02.xml | 54 + .../metadata/glsa/glsa-201604-03.xml | 159 +++ .../metadata/glsa/glsa-201604-04.xml | 60 + .../metadata/glsa/glsa-201604-05.xml | 93 ++ .../metadata/glsa/glsa-201605-01.xml | 66 + .../metadata/glsa/glsa-201605-02.xml | 83 ++ .../metadata/glsa/timestamp.chk | 1 + 2197 files changed, 161129 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-36.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-37.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-38.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-36.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-37.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-38.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-39.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-40.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-41.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-42.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-43.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-44.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-45.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-46.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-36.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-37.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-36.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-37.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-38.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-39.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-40.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-41.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201003-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201010-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201011-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201012-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-36.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201211-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201304-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201307-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-36.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-25.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-26.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-27.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-28.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-29.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-30.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-31.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-32.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-33.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-34.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-35.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-36.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-37.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-38.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-39.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-40.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-41.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-42.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-43.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-44.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-45.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-46.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-47.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-48.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-49.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-50.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-51.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-52.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-53.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-03.xml new file mode 100644 index 0000000000..06a8247e49 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-03.xml @@ -0,0 +1,62 @@ + + + + + Apache: multiple buffer overflows + + Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow + execution of arbitrary code and cause a denial of service. + + Apache + 2003-10-28 + December 30, 2007: 02 + 32194 + local + + + 1.3.29 + 1.3.29 + + + +

+ The Apache HTTP Server is one of the most popular web servers on the + Internet. +

+ + +

+ Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow + attackers who can create or edit configuration files including .htaccess + files, to cause a denial of service and execute arbitrary code via a regular + expression containing more than 9 captures. +

+ + +

+ An attacker may cause a denial of service or execute arbitrary code with the + privileges of the user that is running apache. +

+ + +

+ There is no known workaround at this time, other than to disable both + mod_alias and mod_rewrite. +

+ + +

+ It is recommended that all Gentoo Linux users who are running + net-misc/apache 1.x upgrade: +

+ + # emerge sync + # emerge -pv apache + # emerge '>=www-servers/apache-1.3.29' + # emerge clean + # /etc/init.d/apache restart + + + CAN-2003-0542 (under review at time of GLSA) + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-04.xml new file mode 100644 index 0000000000..f7884115d2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-04.xml @@ -0,0 +1,71 @@ + + + + + Apache: buffer overflows and a possible information disclosure + + Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow + execution of arbitrary code and cause a denial of service, and a bug in the + way mod_cgid handles CGI redirect paths could result in CGI output going to + the wrong client. + + Apache + 2003-10-31 + December 30, 2007: 02 + 32271 + local + + + 2.0.48 + 2.0 + 2.0.48 + + + +

+ The Apache HTTP Server is one of the most popular web servers on the + Internet. +

+ + +

+ Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow + attackers who can create or edit configuration files including .htaccess + files, to cause a denial of service and execute arbitrary code via a regular + expression containing more than 9 captures, and a bug in the way mod_cgid + handles CGI redirect paths could result in CGI output going to the wrong + client when a threaded MPM is used, resulting in an information disclosure. +

+ + +

+ An attacker may cause a denial of service or execute arbitrary code with the + privileges of the user that is running apache. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ It is recommended that all Gentoo Linux users who are running + net-misc/apache 2.x upgrade: +

+ + # emerge sync + # emerge -pv '>=www-servers/apache-2.0.48' + # emerge '>=www-servers/apache-2.0.48' + # emerge clean + # /etc/init.d/apache2 restart +

+ Please remember to update your config files in /etc/apache2 as --datadir has + been changed to /var/www/localhost. +

+ + + CAN-2003-0789 + CAN-2003-0542 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-01.xml new file mode 100644 index 0000000000..7c14f47bb2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-01.xml @@ -0,0 +1,65 @@ + + + + + kdebase: KDM vulnerabilities + + A bug in KDM can allow privilege escalation with certain configurations of + PAM modules. + + kdebase + 2003-11-15 + 2003-11-15: 01 + 29406 + local / remote + + + 3.1.4 + 3.1.3 + + + +

+ KDM is the desktop manager included with the K Desktop Environment. +

+ + +

+ Firstly, versions of KDM <=3.1.3 are vulnerable to a privilege escalation + bug with a specific configuration of PAM modules. Users who do not use PAM + with KDM and users who use PAM with regular Unix crypt/MD5 based + authentication methods are not affected. +

+

+ Secondly, KDM uses a weak cookie generation algorithm. Users are advised to + upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable source of + entropy to improve security. +

+ + +

+ A remote or local attacker could gain root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ It is recommended that all Gentoo Linux users who are running + kde-base/kdebase <=3.1.3 upgrade: +

+ + # emerge sync + # emerge -pv '>=kde-base/kde-3.1.4' + # emerge '>=kde-base/kde-3.1.4' + # emerge clean + + + CAN-2003-0690 + CAN-2003-0692 + KDE Security Advisory + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-02.xml new file mode 100644 index 0000000000..013cdd2b6c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-02.xml @@ -0,0 +1,64 @@ + + + + + Opera: buffer overflows in 7.11 and 7.20 + + Buffer overflows exist in Opera 7.11 and 7.20 that can cause Opera to crash, + and can potentially overwrite arbitrary bytes on the heap leading to a + system compromise. + + Opera + 2003-11-19 + 2003-11-19: 01 + 31775 + local / remote + + + 7.21 + 7.20 + 7.11 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ The Opera browser can cause a buffer allocated on the heap to overflow under + certain HREFs when rendering HTML. The mail system is also deemed + vulnerable and an attacker can send an email containing a malformed HREF, or + plant the malicious HREF on a web site. +

+ + +

+ Certain HREFs can cause a buffer allocated on the heap to overflow when + rendering HTML which can allow arbitrary bytes on the heap to be overwritten + which can result in a system compromise. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Users are encouraged to perform an 'emerge sync' and upgrade the package + to the latest available version. Opera 7.22 is recommended as Opera 7.21 is + vulnerable to other security flaws. Specific steps to upgrade: +

+ + # emerge sync + # emerge -pv '>=www-client/opera-7.22' + # emerge '>=www-client/opera-7.22' + # emerge clean + + + CAN-2003-0870 + @stake Security Advisory + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-03.xml new file mode 100644 index 0000000000..5e0bfe6b34 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-03.xml @@ -0,0 +1,60 @@ + + + + + HylaFAX: Remote code exploit in hylafax + + A format bug condition allows a remote attacjer to execute arbitrary code as + the root user. + + HylaFAX + 2003-11-10 + 2003-11-10: 01 + 33368 + remote + + + 4.1.8 + 4.1.7 + + + +

+ HylaFAX is a popular client-server fax package. +

+ + +

+ During a code review of the hfaxd server, the SuSE Security Team discovered + a format bug condition that allows a remote attacker to execute arbitrary + code as the root user. However, the bug cannot be triggered in the default + hylafax configuration. +

+ + +

+ A remote attacker could execute arbitrary code with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Users are encouraged to perform an 'emerge sync' and upgrade the package to + the latest available version. Vulnerable versions of hylafax have been + removed from portage. Specific steps to upgrade: +

+ + # emerge sync + # emerge -pv '>=net-misc/hylafax-4.1.8' + # emerge '>=net-misc/hylafax-4.1.8' + # emerge clean + + + CAN-2003-0886 + SuSE Security Announcment + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-04.xml new file mode 100644 index 0000000000..7c377d71c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-04.xml @@ -0,0 +1,65 @@ + + + + + FreeRADIUS: heap exploit and NULL pointer dereference vulnerability + + FreeRADIUS is vulnerable to a heap exploit and a NULL pointer dereference + vulnerability. + + FreeRADIUS + 2003-11-23 + 2003-11-23: 01 + 33989 + remote + + + 0.9.3 + 0.9.2 + + + +

+ FreeRADIUS is a popular open source RADIUS server. +

+ + +

+ FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, + the attack code must be in the form of a valid RADIUS packet which limits + the possible exploits. +

+

+ Also corrected in the 0.9.3 release is another vulnerability which causes + the RADIUS server to de-reference a NULL pointer and crash when an + Access-Request packet with a Tunnel-Password is received. +

+ + +

+ A remote attacker could craft a RADIUS packet which would cause the RADIUS + server to crash, or could possibly overflow the heap resulting in a system + compromise. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Users are encouraged to perform an 'emerge sync' and upgrade the package to + the latest available version - 0.9.3 is available in portage and is marked + as stable. +

+ + # emerge sync + # emerge -pv '>=net-dialup/freeradius-0.9.3' + # emerge '>=net-dialup/freeradius-0.9.3' + # emerge clean + + + SecurityTracker.com Security Alert + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-05.xml new file mode 100644 index 0000000000..aad9e9816c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-05.xml @@ -0,0 +1,61 @@ + + + + + Ethereal: security problems in ethereal 0.9.15 + + Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP, + MEGACO, and SOCKS protocol dissectors. + + Ethereal + 2003-11-22 + 2003-11-22: 01 + 32691 + remote + + + 0.9.16 + 0.9.16 + + + +

+ Ethereal is a popular network protocol analyzer. +

+ + +

+ Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and + MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS + protocol dissector, which could cause Ethereal to crash or to execute + arbitrary code. +

+ + +

+ A remote attacker could craft a malformed packet which would cause Ethereal + to crash or run arbitrary code with the permissions of the user running + Ethereal. +

+ + +

+ There is no known workaround at this time, other than to disable the GTP, + ISAKMP, MEGACO, and SOCKS protocol dissectors. +

+ + +

+ It is recommended that all Gentoo Linux users who are running + net-analyzer/ethereal 0.9.x upgrade: +

+ + # emerge sync + # emerge -pv '>=net-analyzer/ethereal-0.9.16' + # emerge '>=net-analyzer/ethereal-0.9.16' + # emerge clean + + + Ethereal Security Advisory + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-06.xml new file mode 100644 index 0000000000..75c712298e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-06.xml @@ -0,0 +1,58 @@ + + + + + glibc: getgrouplist buffer overflow vulnerability + + glibc contains a buffer overflow in the getgrouplist function. + + glibc + 2003-11-22 + 2003-11-22: 01 + 33383 + local + + + 2.2.5 + 2.2.4 + + + +

+ glibc is the GNU C library. +

+ + +

+ A bug in the getgrouplist function can cause a buffer overflow if the size + of the group list is too small to hold all the user's groups. This overflow + can cause segmentation faults in user applications. This vulnerability + exists only when an administrator has placed a user in a number of groups + larger than that expected by an application. +

+ + +

+ Applications that use getgrouplist can crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ It is recommended that all Gentoo Linux users update their systems as + follows: +

+ + # emerge sync + # emerge -pv '>=sys-libs/glibc-2.2.5' + # emerge '>=sys-libs/glibc-2.2.5' + # emerge clean + + + CAN-2003-0689 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-07.xml new file mode 100644 index 0000000000..fda973d491 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-07.xml @@ -0,0 +1,58 @@ + + + + + phpSysInfo: arbitrary code execution and directory traversal + + phpSysInfo contains two vulnerabilities that can allow arbitrary code + execution and local directory traversal. + + phpSysInfo + 2003-11-22 + December 30, 2007: 02 + 26782 + local + + + 2.1-r1 + 2.1 + + + +

+ phpSysInfo is a PHP system information tool. +

+ + +

+ phpSysInfo contains two vulnerabilities which could allow local files to be + read or arbitrary PHP code to be executed, under the privileges of the web + server process. +

+ + +

+ An attacker could read local files or execute arbitrary code with the + permissions of the user running the host web server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ It is recommended that all Gentoo Linux users who are running + www-apps/phpsysinfo upgrade to the fixed version: +

+ + # emerge sync + # emerge -pv '>=www-apps/phpsysinfo-2.1-r1' + # emerge '>=www-apps/phpsysinfo-2.1-r1' + # emerge clean + + + CAN-2003-0536 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-08.xml new file mode 100644 index 0000000000..9ae2821611 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-08.xml @@ -0,0 +1,55 @@ + + + + + Libnids: remote code execution vulnerability + + Libnids contains a bug which could allow remote code execution. + + Libnids + 2003-11-22 + 2003-11-22: 01 + 32724 + remote + + + 1.18 + 1.17 + + + +

+ Libnids is a component of a network intrusion detection system. +

+ + +

+ There is a bug in the part of libnids code responsible for TCP reassembly. + The flaw probably allows remote code execution. +

+ + +

+ A remote attacker could possibly execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ It is recommended that all Gentoo Linux users who are running + net-libs/libnids update their systems as follows: +

+ + # emerge sync + # emerge -pv '>=net-libs/libnids-1.18' + # emerge '>=net-libs/libnids-1.18' + # emerge clean + + + CAN-2003-0850 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-01.xml new file mode 100644 index 0000000000..325c4282fd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-01.xml @@ -0,0 +1,79 @@ + + + + + rsync.gentoo.org: rotation server compromised + + A server in the rsync.gentoo.org rotation was compromised. + + rsync mirror + 2003-12-02 + 2003-12-02: 01 + + + + +

+ The rsync.gentoo.org rotation of servers provides an up to date Portage + tree using the rsync file transfer protocol. +

+ + +

+ On December 2nd at approximately 03:45 UTC, one of the servers that makes up + the rsync.gentoo.org rotation was compromised via a remote exploit. At this + point, we are still performing forensic analysis. However, the compromised + system had both an IDS and a file integrity checker installed and we have a + very detailed forensic trail of what happened once the box was breached, so + we are reasonably confident that the portage tree stored on that box was + unaffected. +

+

+ The attacker appears to have installed a rootkit and modified/deleted some + files to cover their tracks, but left the server otherwise untouched. The + box was in a compromised state for approximately one hour before it was + discovered and shut down. During this time, approximately 20 users + synchronized against the portage mirror stored on this box. The method used + to gain access to the box remotely is still under investigation. We will + release more details once we have ascertained the cause of the remote + exploit. +

+

+ This box is not an official Gentoo infrastructure box and is instead donated + by a sponsor. The box provides other services as well and the sponsor has + requested that we not publicly identify the box at this time. Because the + Gentoo part of this box appears to be unaffected by this exploit, we are + currently honoring the sponsor's request. That said, if at any point, we + determine that any file in the portage tree was modified in any way, we will + release full details about the compromised server. +

+ + +

+ There is no known impact at this time. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Again, based on the forensic analysis done so far, we are reasonably + confident that no files within the Portage tree on the box were affected. + However, the server has been removed from all rsync.*.gentoo.org rotations + and will remain so until the forensic analysis has been completed and the + box has been wiped and rebuilt. Thus, users preferring an extra level of + security may ensure that they have a correct and accurate portage tree by + running: +

+ + # emerge sync +

+ Which will perform a sync against another server and ensure that all files + are up to date. +

+ + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-03.xml new file mode 100644 index 0000000000..6c89cb79f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-03.xml @@ -0,0 +1,75 @@ + + + + + rsync: exploitable heap overflow + + rsync contains a heap overflow vulnerability that can be used to execute + arbitrary code. + + rsync + 2003-12-04 + 2003-12-04: 01 + remote + + + 2.5.7 + 2.5.7 + + + +

+ rsync is a popular file transfer package used to synchronize the Portage + tree. +

+ + +

+ Rsync version 2.5.6 contains a vulnerability that can be used to run + arbitrary code. The Gentoo infrastructure team has some reasonably good + forensic evidence that this exploit may have been used in combination with + the Linux kernel do_brk() vulnerability (see GLSA 200312-02) to exploit a + rsync.gentoo.org rotation server (see GLSA-200312-01.) +

+

+ Please see http://lwn.net/Articles/61541/ for the security advisory released + by the rsync development team. +

+ + +

+ A remote attacker could execute arbitrary code with the permissions of the + root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ To address this vulnerability, all Gentoo users should read GLSA-200312-02 + and ensure that all systems are upgraded to a version of the Linux kernel + without the do_brk() vulnerability, and upgrade to version 2.5.7 of rsync: +

+ + # emerge sync + # emerge -pv '>=net-misc/rsync-2.5.7' + # emerge '>=net-misc/rsync-2.5.7' + # emerge clean +

+ Review your /etc/rsync/rsyncd.conf configuration file; ensure that the use + chroot="no" command is commented out or removed, or change use chroot="no" + to use chroot="yes". Then, if necessary, restart rsyncd: +

+ + # /etc/init.d/rsyncd restart + + + Rsync Security Advisory + CAN-2003-0962 + GLSA-200312-02 + GLSA-200312-01 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-04.xml new file mode 100644 index 0000000000..2227b28cea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-04.xml @@ -0,0 +1,66 @@ + + + + + CVS: malformed module request vulnerability + + A bug in cvs could allow attempts to create files and directories outside a + repository. + + CVS + 2003-12-08 + 2003-12-08: 01 + 35371 + unknown + + + 1.11.10 + 1.11.9 + + + +

+ CVS, which stands for Concurrent Versions System, is a client/server + application which tracks changes to sets of files. It allows multiple users + to work concurrently on files, and then merge their changes back into the + main tree (which can be on a remote system). It also allows branching, or + maintaining separate versions for files. +

+ + +

+ Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=84: + "Stable CVS 1.11.10 has been released. Stable releases contain only bug + fixes from previous versions of CVS. This release fixes a security issue + with no known exploits that could cause previous versions of CVS to attempt + to create files and directories in the filesystem root. This release also + fixes several issues relevant to case insensitive filesystems and some other + bugs. We recommend this upgrade for all CVS clients and servers!" +

+ + +

+ Attempts to create files and directories outside the repository may be + possible. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gentoo Linux machines with cvs installed should be updated to use + dev-util/cvs-1.11.10 or higher: +

+ + # emerge sync + # emerge -pv '>=dev-util/cvs-1.11.10' + # emerge '>=dev-util/cvs-1.11.10' + # emerge clean + + + CAN-2003-0977 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-05.xml new file mode 100644 index 0000000000..2f5973332b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-05.xml @@ -0,0 +1,72 @@ + + + + + GnuPG: ElGamal signing keys compromised and format string vulnerability + + A bug in GnuPG allows ElGamal signing keys to be compromised, and a format + string bug in the gpgkeys_hkp utility may allow arbitrary code execution. + + GnuPG + 2003-12-12 + 2003-12-12: 01 + 34504 + unknown + + + 1.2.3-r5 + 1.2.3-r4 + + + +

+ GnuPG is a popular open source signing and encryption tool. +

+ + +

+ Two flaws have been found in GnuPG 1.2.3. +

+

+ First, ElGamal signing keys can be compromised. These keys are not commonly + used, but this is "a significant security failure which can lead to a + compromise of almost all ElGamal keys used for signing. Note that this is a + real world vulnerability which will reveal your private key within a few + seconds". +

+

+ Second, there is a format string flaw in the 'gpgkeys_hkp' utility which + "would allow a malicious keyserver in the worst case to execute an arbitrary + code on the user's machine." +

+ + +

+ If you have used ElGamal keys for signing your private key can be + compromised, and a malicious keyserver could remotely execute arbitrary code + with the permissions of the user running gpgkeys_hkp. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users who have created ElGamal signing keys should immediately revoke + them. In addition, all Gentoo Linux machines with gnupg installed should be + updated to use gnupg-1.2.3-r5 or higher: +

+ + # emerge sync + # emerge -pv '>=app-crypt/gnupg-1.2.3-r5' + # emerge '>=app-crypt/gnupg-1.2.3-r5' + # emerge clean + + + CAN-2003-0971 + GnuPG Announcement + S-Quadra Advisory + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-06.xml new file mode 100644 index 0000000000..8b2d4bff82 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-06.xml @@ -0,0 +1,64 @@ + + + + + XChat: malformed dcc send request denial of service + + A bug in XChat could allow malformed dcc send requests to cause a denial of + service. + + xchat + 2003-12-14 + 2003-12-14: 01 + 35623 + remote + + + 2.0.6-r1 + 2.0.6 + + + +

+ XChat is a multiplatform IRC client. +

+ + +

+ There is a remotely exploitable bug in XChat 2.0.6 that could lead to a + denial of service attack. Gentoo wishes to thank lloydbates for discovering + this bug, as well as jcdutton and rac for submitting patches to fix the bug. +

+ + +

+ A malformed DCC packet sent by a remote attacker can cause XChat to crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most + architectures. Since it was never marked as stable in the portage tree, + only xchat users who have explictly added the unstable keyword to + ACCEPT_KEYWORDS are affected. Users may updated affected machines to the + patched version of xchat using the following commands: +

+ + # emerge sync + # emerge -pv '>=net-irc/xchat-2.0.6-r1' + # emerge '>=net-irc/xchat-2.0.6-r1' + # emerge clean +

+ This assumes that users are running with ACCEPT_KEYWORDS enabled for their + architecture. +

+ + + XChat Announcement + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-07.xml new file mode 100644 index 0000000000..9aca78d00e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-07.xml @@ -0,0 +1,74 @@ + + + + + Two buffer overflows in lftp + + Two buffer overflow problems are found in lftp that, in case the user visits + a malicious ftp server, could lead to malicious code being executed. + + lftp + December 13, 2003 + 200312-07: 2 + 35866 + remote + + + 2.6.10 + 2.6.10 + + + +

+ lftp is a multithreaded command-line based FTP client. It allows you to + execute multiple commands simultaneously or in the background. If features + mirroring capabilities, resuming downloads, etc. +

+ + +

+ Two buffer overflows exist in lftp. Both can occur when the user connects to + a malicious web server using the HTTP or HTTPS protocol and issues lftp's + "ls" or "rels" commands. +

+

+ Ulf Harnhammar explains: +

+

+ Technically, the problem lies in the file src/HttpDir.cc and the + functions try_netscape_proxy() and try_squid_eplf(), which both + have sscanf() calls that take data of an arbitrary length and + store it in a char array with 32 elements. (Back in version 2.3.0, + the problematic code was located in some other function, but the + problem existed back then too.) Depending on the HTML document in the + specially prepared directory, buffers will be overflown in either one + function or the other. +

+ + +

+ When a user issues "ls" or "rels" on a malicious server, the tftp + application can be tricked into running arbitrary code on the user his + machine. +

+ + +

+ There is no workaround available. +

+ + +

+ All Gentoo users who have net-ftp/lftp installed should update to use + version 2.6.0 or higher using these commands: +

+ + # emerge sync + # emerge -pv '>=net-ftp/lftp-2.6.10' + # emerge '>=net-ftp/lftp-2.6.10' + # emerge clean + + + Initial report by Ulf Harnhammar + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-08.xml new file mode 100644 index 0000000000..dbe2dc2bce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-08.xml @@ -0,0 +1,64 @@ + + + + + CVS: possible root compromise when using CVS pserver + + A possible root compromise exists for CVS pservers. + + cvs + 2003-12-28 + 2003-12-28: 01 + 36142 + unknown + + + 1.11.11 + 1.11.10 + + + +

+ CVS, which stands for Concurrent Versions System, is a client/server + application which tracks changes to sets of files. It allows multiple users + to work concurrently on files, and then merge their changes back into the + main tree (which can be on a remote system). It also allows branching, or + maintaining separate versions for files. +

+ + +

+ Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=88: + "Stable CVS 1.11.11 has been released. Stable releases contain only bug + fixes from previous versions of CVS. This release adds code to the CVS + server to prevent it from continuing as root after a user login, as an extra + failsafe against a compromise of the CVSROOT/passwd file. Previously, any + user with the ability to write the CVSROOT/passwd file could execute + arbitrary code as the root user on systems with CVS pserver access enabled. + We recommend this upgrade for all CVS servers!" +

+ + +

+ A remote user could execute arbitrary code with the permissions of the root + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gentoo Linux machines with cvs installed should be updated to use + cvs-1.11.11 or higher. +

+ + # emerge sync + # emerge -pv '>=dev-util/cvs-1.11.11' + # emerge '>=dev-util/cvs-1.11.11' + # emerge clean + + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-01.xml new file mode 100644 index 0000000000..2ff200192b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-01.xml @@ -0,0 +1,228 @@ + + + + + Linux kernel do_mremap() local privilege escalation vulnerability + + A critical security vulnerability has been found in recent Linux kernels + which allows for local privelege escalation. + + Kernel + January 08, 2004 + January 08, 2004: 01 + 37292 + local + + + 2.4.23-r1 + 2.4.23-r1 + + + 2.4.21-r2 + 2.4.21-r2 + + + 2.4.19-r2 + 2.4.19-r2 + + + 2.4.23-r1 + 2.4.23-r1 + + + 2.4.9.32.7-r1 + 2.4.9.32.7-r1 + + + 2.6.1_rc3 + 2.6.1_rc3 + + + 2.4.20-r7 + 2.4.20-r7 + + + 2.6.1_rc3 + 2.6.1_rc3 + + + 2.4.22-r3 + 2.4.22-r3 + + + 2.4.23.2.0_rc4-r1 + 2.4.23.2.0_rc4-r1 + + + 2.4.23_pre8-r2 + 2.4.23_pre8-r2 + + + 2.4.22-r2 + 2.4.22-r2 + + + 2.4.23_p4-r2 + 2.4.23_p4-r2 + + + 2.4.22-r2 + 2.4.22-r2 + + + 2.4.24_pre2-r1 + 2.4.24_pre2-r1 + + + 2.4.23-r2 + 2.4.23-r2 + + + 2.6.1_rc1-r2 + 2.6.1_rc1-r2 + + + 2.4.22-r3 + 2.4.22-r3 + + + 2.4.23-r1 + 2.4.23-r1 + + + 2.4.21.1_pre4-r1 + 2.4.21.1_pre4-r1 + + + 2.4.21-r4 + 2.4.21-r4 + + + 2.6.1_rc1-r1 + 2.6.1_rc1-r1 + + + 2.4.23-r1 + 2.4.23-r1 + + + 2.4.22-r4 + 2.4.22-r4 + + + 2.4.20-r2 + 2.4.20-r2 + + + 2.4.24 + 2.4.24 + + + 2.6.1_rc2 + 2.6.1_rc2 + + + 2.4.24 + 2.4.24 + + + 2.4.23-r1 + 2.4.23-r1 + + + 2.4.25_pre4 + 2.4.25_pre4 + + + 2.4.24 + 2.4.24 + + + 2.6.0-r1 + 2.6.0-r1 + + + 4.10_pre7-r2 + 4.10_pre7-r2 + + + 2.4.23-r1 + 2.4.23-r1 + + + +

+ The Linux kernel is responsible for memory management in a working + system - to allow this, processes are allowed to allocate and unallocate + memory. +

+ + +

+ The memory subsystem allows for shrinking, growing, and moving of + chunks of memory along any of the allocated memory areas which the kernel + posesses. +

+

+ A typical virtual memory area covers at least one memory page. An incorrect + bound check discovered inside the do_mremap() kernel code performing + remapping of a virtual memory area may lead to creation of a virtual memory + area of 0 bytes length. +

+

+ The problem is based on the general mremap flaw that remapping 2 pages from + inside a VMA creates a memory hole of only one page in length but an + additional VMA of two pages. In the case of a zero sized remapping request + no VMA hole is created but an additional VMA descriptor of 0 + bytes in length is created. +

+

+ This advisory also addresses an information leak in the Linux RTC system. +

+ + +

+ Arbitrary code may be able to exploit this vulnerability and may + disrupt the operation of other + parts of the kernel memory management subroutines finally leading to + unexpected behavior. +

+

+ Since no special privileges are required to use the mremap(2) system call + any process may misuse its unexpected behavior to disrupt the kernel memory + management subsystem. Proper exploitation of this vulnerability may lead to + local privilege escalation including execution of arbitrary code + with kernel level access. +

+

+ Proof-of-concept exploit code has been created and successfully tested, + permitting root escalation on vulnerable systems. As a result, all users + should upgrade their kernels to new or patched versions. +

+ + +

+ There is no temporary workaround - a kernel upgrade is required. A list + of unaffected kernels is provided along with this announcement. +

+ + +

+ Users are encouraged to upgrade to the latest available sources for + their system: +

+ + $> emerge sync + $> emerge -pv your-favourite-sources + $> emerge your-favourite-sources + $> # Follow usual procedure for compiling and installing a kernel. + $> # If you use genkernel, run genkernel as you would do normally. + + $> # IF YOUR KERNEL IS MARKED as "remerge required!" THEN + $> # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE + $> # REPORTS THAT THE SAME VERSION IS INSTALLED. + + + Vulnerability + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-02.xml new file mode 100644 index 0000000000..111144b321 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-02.xml @@ -0,0 +1,61 @@ + + + + + Honeyd remote detection vulnerability via a probe packet + + Identification of Honeyd installations allows an adversary to launch + attacks specifically against Honeyd. No remote root exploit is currently + known. + + honeyd + January 21, 2004 + January 21, 2004: 01 + 38934 + remote + + + 0.8 + 0.8 + + + +

+ Honeyd is a virtual honeypot daemon that can simulate virtual hosts on + unallocated IP addresses. +

+ + +

+ A bug in handling NMAP fingerprints caused Honeyd to reply to TCP + packets with both the SYN and RST flags set. Watching for replies, it is + possible to detect IP addresses simulated by Honeyd. +

+ + +

+ Although there are no public exploits known for Honeyd, the detection + of Honeyd IP addresses may in some cases be undesirable. +

+ + +

+ Honeyd 0.8 has been released along with an advisory to address this + issue. In addition, Honeyd 0.8 drops privileges if permitted by the + configuration file and contains command line flags to force dropping + of privileges. +

+ + +

+ All users are recommended to update to honeyd version 0.8: +

+ + $> emerge sync + $> emerge -pv ">=net-analyzer/honeyd-0.8" + $> emerge ">=net-analyzer/honeyd-0.8" + + + Honeyd Security Advisory 2004-001 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-03.xml new file mode 100644 index 0000000000..e369a8134f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-03.xml @@ -0,0 +1,67 @@ + + + + + Apache mod_python Denial of Service vulnerability + + Apache's mod_python module could crash the httpd process if a specific, + malformed query string was sent. + + mod_python + January 27, 2004 + December 30, 2007: 02 + 39154 + remote + + + 2.7.10 + 2.7.10 + + + +

+ Mod_python is an Apache module that embeds the Python interpreter + within the server allowing Python-based web-applications to be + created. +

+ + +

+ The Apache Foundation has reported that mod_python may be prone to + Denial of Service attacks when handling a malformed + query. Mod_python 2.7.9 was released to fix the vulnerability, + however, because the vulnerability has not been fully fixed, + version 2.7.10 has been released. +

+

+ Users of mod_python 3.0.4 are not affected by this vulnerability. +

+ + +

+ Although there are no known public exploits known for this + exploit, users are recommended to upgrade mod_python to ensure the + security of their infrastructure. +

+ + +

+ Mod_python 2.7.10 has been released to solve this issue; there is + no immediate workaround. +

+ + +

+ All users using mod_python 2.7.9 or below are recommended to + update their mod_python installation: +

+ + $> emerge sync + $> emerge -pv ">=www-apache/mod_python-2.7.10" + $> emerge ">=www-apache/mod_python-2.7.10" + $> /etc/init.d/apache restart + + + Mod_python 2.7.10 release announcement + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-04.xml new file mode 100644 index 0000000000..794d61938e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-04.xml @@ -0,0 +1,78 @@ + + + + + GAIM 0.75 Remote overflows + + Various overflows in the handling of AIM DirectIM packets was revealed in + GAIM that could lead to a remote compromise of the IM client. + + GAIM + January 26, 2004 + January 26, 2004: 01 + 39470 + man-in-the-middle + + + 0.75-r7 + 0.75-r7 + + + +

+ Gaim is a multi-platform and multi-protocol instant messaging + client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo, + IRC, Jabber, Gadu-Gadu, and the Zephyr networks. +

+ + +

+ Yahoo changed the authentication methods to their IM servers, + rendering GAIM useless. The GAIM team released a rushed release + solving this issue, however, at the same time a code audit + revealed 12 new vulnerabilities. +

+ + +

+ Due to the nature of instant messaging many of these bugs require + man-in-the-middle attacks between the client and the server. But + the underlying protocols are easy to implement and attacking + ordinary TCP sessions is a fairly simple task. As a result, all + users are advised to upgrade their GAIM installation. +

+
    +
  • + Users of GAIM 0.74 or below are affected by 7 of the + vulnerabilities and are encouraged to upgrade. +
    • +
  • + Users of GAIM 0.75 are affected by 11 of the vulnerabilities + and are encouraged to upgrade to the patched version of GAIM + offered by Gentoo. +
    • +
  • + Users of GAIM 0.75-r6 are only affected by + 4 of the vulnerabilities, but are still urged to upgrade to + maintain security. +
    • +
+ + +

+ There is no immediate workaround; a software upgrade is required. +

+ + +

+ All users are recommended to upgrade GAIM to 0.75-r7. +

+ + $> emerge sync + $> emerge -pv ">=net-im/gaim-0.75-r7" + $> emerge ">=net-im/gaim-0.75-r7" + + + Security advisory from Stefan Esser + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-01.xml new file mode 100644 index 0000000000..827e12208b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-01.xml @@ -0,0 +1,73 @@ + + + + + PHP setting leaks from .htaccess files on virtual hosts + + If the server configuration "php.ini" file has + "register_globals = on" and a request is made to one virtual host + (which has "php_admin_flag register_globals off") and the next + request is sent to the another virtual host (which does not have the + setting) global variables may leak and may be used to exploit the + site. + + PHP + February 07, 2004 + February 07, 2004: 01 + 39952 + remote + + + 4.3.4-r4 + 4.3.4-r4 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ If the server configuration "php.ini" file has + "register_globals = on" and a request is made to one virtual host + (which has "php_admin_flag register_globals off") and the next + request is sent to the another virtual host (which does not have the + setting) through the same apache child, the setting will persist. +

+ + +

+ Depending on the server and site, an attacker may be able to exploit + global variables to gain access to reserved areas, such as MySQL passwords, + or this vulnerability may simply cause a lack of functionality. As a + result, users are urged to upgrade their PHP installations. +

+

+ Gentoo ships PHP with "register_globals" set to "off" + by default. +

+

+ This issue affects both servers running Apache 1.x and servers running + Apache 2.x. +

+ + +

+ No immediate workaround is available; a software upgrade is required. +

+ + +

+ All users are recommended to upgrade their PHP installation to 4.3.4-r4: +

+ + # emerge sync + # emerge -pv ">=dev-php/mod_php-4.3.4-r4" + # emerge ">=dev-php/mod_php-4.3.4-r4" + + + Corresponding PHP bug + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-02.xml new file mode 100644 index 0000000000..8f60b9344a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-02.xml @@ -0,0 +1,92 @@ + + + + + XFree86 Font Information File Buffer Overflow + + Exploitation of a buffer overflow in the XFree86 Project Inc.'s XFree86 X + Window System allows local attackers to gain root privileges. + + 200402-02 + February 11, 2004 + February 11, 2004: 01 + local + + + 4.3.99.902-r1 + 4.2.1-r3 + 4.3.0-r4 + 4.3.99.902-r1 + + + +

+ XFree86, provides a client/server interface between display + hardware and the desktop environment while also providing both the + windowing infrastructure and a standardized API. XFree86 is + platform independent, network-transparent and extensible. +

+ + +

+ Exploitation of a buffer overflow in The XFree86 Window System + discovered by iDefence allows local attackers to gain root + privileges. +

+

+ The problem exists in the parsing of the 'font.alias' file. The X + server (running as root) fails to check the length of the user + provided input, so a malicious user may craft a malformed + 'font.alias' file causing a buffer overflow upon parsing, + eventually leading to the execution of arbitrary code. +

+

+ To reproduce the overflow on the command line one can run: +

+ + # cat > fonts.dir <<EOF + 1 + word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1 + EOF + # perl -e 'print "0" x 1024 . "A" x 96 . "\n"' > fonts.alias + # X :0 -fp $PWD +

+ {Some output removed}... Server aborting... Segmentation fault (core dumped) +

+ + +

+ Successful exploitation can lead to a root compromise provided + that the attacker is able to execute commands in the X11 + subsystem. This can be done either by having console access to the + target or through a remote exploit against any X client program + such as a web-browser, mail-reader or game. +

+ + +

+ No immediate workaround is available; a software upgrade is required. +

+

+ Gentoo has released XFree 4.2.1-r3, 4.3.0-r4 and 4.3.99.902-r1 and + encourages all users to upgrade their XFree86 + installations. Vulnerable versions are no longer available in + Portage. +

+ + +

+ All users are recommended to upgrade their XFree86 installation: +

+ + # emerge sync + # emerge -pv x11-base/xfree + # emerge x11-base/xfree + + + CVE: CAN-2004-0083 + Vulnerability: + XFree86 Font Information File Buffer Overflow + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-03.xml new file mode 100644 index 0000000000..de5809f2d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-03.xml @@ -0,0 +1,59 @@ + + + + + Monkeyd Denial of Service vulnerability + + A bug in get_real_string() function allows for a Denial of Service attack to be + launched against the webserver. + + monkeyd + February 11, 2004 + February 11, 2004: 01 + 41156 + remote + + + 0.8.2 + 0.8.2 + + + +

+ The Monkey HTTP daemon is a Web server written in C that works + under Linux and is based on the HTTP/1.1 protocol. It aims to develop + a fast, efficient and small web server. +

+ + +

+ A bug in the URI processing of incoming requests allows for a Denial of + Service to be launched against the webserver, which may cause the server + to crash or behave sporadically. +

+ + +

+ Although there are no public exploits known for bug, users are recommended + to upgrade to ensure the security of their infrastructure. +

+ + +

+ There is no immediate workaround; a software upgrade is + required. The vulnerable function in the code has been rewritten. +

+ + +

+ All users are recommended to upgrade monkeyd to 0.8.2: +

+ + # emerge sync + # emerge -pv ">=www-servers/monkeyd-0.8.2" + # emerge ">=www-servers/monkeyd-0.8.2" + + + CVS Patch + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-04.xml new file mode 100644 index 0000000000..379f664dc4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-04.xml @@ -0,0 +1,65 @@ + + + + + Gallery 1.4.1 and below remote exploit vulnerability + + The Gallery developers have discovered a potentially serious security flaw + in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 which can allow a + remote exploit of your webserver. + + Gallery + February 11, 2004 + February 11, 2004: 01 + 39638 + remote + + + 1.4.1_p1 + 1.4.1_p1 + + + +

+ Gallery is an open source image management system written in PHP. + More information is available at http://gallery.sourceforge.net +

+ + +

+ Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour + of the PHP 'register_globals' variable in environments where that setting + is disabled. It is simulated by extracting the values of the various + $HTTP_ global variables into the global namespace. +

+ + +

+ A crafted URL such as + http://example.com/gallery/init.php?HTTP_POST_VARS=xxx causes the + 'register_globals' simulation code to overwrite the $HTTP_POST_VARS which, + when it is extracted, will deliver the given payload. If the + payload compromises $GALLERY_BASEDIR then the malicious user can perform a + PHP injection exploit and gain remote access to the webserver with PHP + user UID access rights. +

+ + +

+ The workaround for the vulnerability is to replace init.php and + setup/init.php with the files in the following ZIP file: + http://prdownloads.sourceforge.net/gallery/patch_1.4.1-to-1.4.1-pl1.zip?download +

+ + +

+ All users are encouraged to upgrade their gallery installation: +

+ + # emerge sync + # emerge -p ">=www-apps/gallery-1.4.1_p1" + # emerge ">=www-apps/gallery-1.4.1_p1" + + + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-05.xml new file mode 100644 index 0000000000..cf5005ed0f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-05.xml @@ -0,0 +1,65 @@ + + + + + phpMyAdmin < 2.5.6-rc1: possible attack against export.php + + A vulnerability in phpMyAdmin which was not properly verifying user + generated input could lead to a directory traversal attack. + + phpmyadmin + February 17, 2004 + February 17, 2004: 01 + 40268 + remote + + + 2.5.6_rc1 + 2.5.5_p1 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the administration + of MySQL databased over the Web. +

+ + +

+ One component of the phpMyAdmin software package (export.php) does not + properly verify input that is passed to it from a remote user. Since the + input is used to include other files, it is possible to launch a directory + traversal attack. +

+ + +

+ Private information could be gleaned from the remote server if an attacker + uses a malformed URL such as http://phpmyadmin.example.com/export.php?what=../../../[existing_file] +

+

+ In this scenario, the script does not sanitize the "what" argument passed + to it, allowing directory traversal attacks to take place, disclosing + the contents of files if the file is readable as the web-server user. +

+ + +

+ The workaround is to either patch the export.php file using the + referenced CVS patch or upgrade the software via Portage. +

+ + +

+ Users are encouraged to upgrade to phpMyAdmin-2.5.6_rc1: +

+ + # emerge sync + # emerge -pv ">=dev-db/phpmyadmin-2.5.6_rc1" + # emerge ">=dev-db/phpmyadmin-2.5.6_rc1" + # emerge clean + + + CVS Patch + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-06.xml new file mode 100644 index 0000000000..c29bb140d0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-06.xml @@ -0,0 +1,90 @@ + + + + + Updated kernel packages fix the AMD64 ptrace vulnerability + + A vulnerability has been discovered by in the ptrace emulation code for + AMD64 platforms when eflags are processed, allowing a local user to obtain + elevated priveleges. + + Kernel + February 17, 2004 + February 17, 2004: 01 + local + + + 2.6.2 + 2.6.2 + + + 2.6.2 + 2.6.2 + + + 2.6.2 + 2.6.2 + + + 2.4.22-r6 + 2.4.22-r6 + + + 2.6.2-r1 + 2.6.2 + + + 2.4.25_pre7-r1 + 2.4.25_pre7-r1 + + + 2.4.25_rc3 + 2.4.25_rc3 + + + 2.4.24-r1 + 2.4.24-r1 + + + +

+ A vulnerability has been discovered by Andi Kleen in the ptrace emulation + code for AMD64 platforms when eflags are processed, allowing a local user + to obtain elevated priveleges. The Common Vulnerabilities and Exposures + project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue. +

+ + +

+ Only users of the AMD64 platform are affected: in this scenario, a user may + be able to obtain elevated priveleges, including root access. However, no + public exploit is known for the vulnerability at this time. +

+ + +

+ There is no temporary workaround - a kernel upgrade is required. A list of + unaffected kernels is provided along with this announcement. +

+ + +

+ Users are encouraged to upgrade to the latest available sources for + their system: +

+ + # emerge sync + # emerge -pv your-favourite-sources + # emerge your-favourite-sources + # # Follow usual procedure for compiling and installing a kernel. + # # If you use genkernel, run genkernel as you would do normally. + + + # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN + # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE + # # REPORTS THAT THE SAME VERSION IS INSTALLED. + + + + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-07.xml new file mode 100644 index 0000000000..c2e0e0823a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-07.xml @@ -0,0 +1,66 @@ + + + + + Clam Antivirus DoS vulnerability + + Oliver Eikemeier has reported a vulnerability in Clam AV, which can be + exploited by a malformed uuencoded message causing a denial of service for + programs that rely on the clamav daemon, such as SMTP daemons. + + clamav + February 17, 2004 + February 17, 2004: 01 + 41248 + remote + + + 0.67 + 0.67 + + + +

+ Clam AntiVirus is a GPLed anti-virus toolkit, designed for integration with + mail servers to perform attachment scanning. Clam AV also provides a + command line scanner and a tool for fetching updates of the virus database. +

+ + +

+ Oliver Eikemeier of Fillmore Labs discovered the overflow in Clam AV 0.65 + when it handled malformed UUEncoded messages, causing the daemon to shut + down. +

+

+ The problem originated in libclamav which calculates the line length of an + uuencoded message by taking the ASCII value of the first character minus 64 + while doing an assertion if the length is not in the allowed range, + effectively terminating the calling program as clamav would not be + available. +

+ + +

+ A malformed message would cause a denial of service, + and depending on the server configuration this may impact other daemons + relying on Clam AV in a fatal manner. +

+ + +

+ There is no immediate workaround, a software upgrade is required. +

+ + +

+ All users are urged to upgrade their Clam AV installations to Clam AV 0.67: +

+ + # emerge sync + # emerge -pv ">=app-antivirus/clamav-0.6.7" + # emerge ">=app-antivirus/clamav-0.6.7" + + + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-01.xml new file mode 100644 index 0000000000..18c812ae51 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-01.xml @@ -0,0 +1,53 @@ + + + + + Libxml2 URI Parsing Buffer Overflow Vulnerabilities + + A buffer overflow has been discovered in libxml2 versions prior to + 2.6.6 which may be exploited by an attacker allowing the execution of + arbitrary code. + + libxml + March 05, 2004 + March 05, 2004: 01 + 42735 + local and remote combination + + + 2.6.6 + 2.6.6 + + + +

+ Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. + When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 + uses parsing routines that can overflow a buffer caused by improper bounds + checking if they are passed a URL longer than 4096 bytes. +

+ + +

+ If an attacker is able to exploit an application using libxml2 that parses + remote resources, then this flaw could be used to execute arbitrary code. +

+ + +

+ No workaround is available; users are urged to upgrade libxml2 to 2.6.6. +

+ + +

+ All users are recommended to upgrade their libxml2 installation: +

+ + # emerge sync + # emerge -pv ">=dev-libs/libxml2-2.6.6" + # emerge ">=dev-libs/libxml2-2.6.6" + + + CVE 2004-0110 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-02.xml new file mode 100644 index 0000000000..f0332c98c5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-02.xml @@ -0,0 +1,242 @@ + + + + + Linux kernel do_mremap local privilege escalation vulnerability + + A critical security vulnerability has been found in recent Linux kernels by + Paul Starzetz of iSEC Security Research which allows for local privilege + escalations. + + Kernel + March 05, 2004 + May 22, 2006: 03 + 42024 + local + + + 2.4.23-r1 + 2.4.23-r1 + + + 2.4.21-r4 + 2.4.21-r4 + + + 2.4.24-r1 + 2.6.2-r1 + 2.6.2-r1 + + + 2.4.9.32.7-r2 + 2.4.9.32.7-r2 + + + 2.6.3_rc1 + 2.6.3_rc1 + + + 2.4.20-r8 + 2.4.20-r8 + + + 2.6.3_rc1 + 2.6.3_rc1 + + + 2.4.19-r11 + 2.4.20-r12 + 2.4.22-r7 + 2.4.22-r7 + + + 2.4.24.1.9.13-r1 + 2.4.24.1.9.13-r1 + + + 2.4.25_pre7-r2 + 2.4.25_pre7-r2 + + + 2.4.24-r1 + 2.4.24-r1 + + + 2.6.2_p3-r1 + 2.6.2_p3-r1 + + + 2.4.24_p0-r1 + 2.4.24_p0-r1 + + + 2.4.24-r1 + 2.4.24-r1 + + + 2.4.25_pre6-r1 + 2.4.25_pre6-r1 + + + 2.4.25_rc4 + 2.4.25_rc4 + + + 2.6.3_rc1-r1 + 2.6.3_rc1-r1 + + + 2.4.22-r4 + 2.4.22-r4 + + + 2.4.23-r3 + 2.4.23-r3 + + + 2.4.21-r5 + 2.4.21-r5 + + + 2.6.3_rc1-r1 + 2.6.3_rc1-r1 + + + 2.4.24-r1 + 2.4.24-r1 + + + 2.4.22-r5 + 2.4.22-r5 + + + 2.4.20-r3 + 2.4.20-r3 + + + 2.4.24-r2 + 2.4.24-r2 + + + 2.4.24-r2 + 2.4.24-r2 + + + 2.6.3_rc1 + 2.6.3_rc1 + + + 2.4.24-r2 + 2.4.24-r2 + + + 2.4.24-r1 + 2.4.26 + 2.6.3-r1 + 2.6.3-r1 + + + 2.4.25_rc4 + 2.4.25_rc4 + + + 2.4.25 + 2.4.25 + + + 2.4.23-r2 + 2.6.2-r1 + 2.6.2-r1 + + + 4.9-r4 + 4.10_pre7-r3 + 4.10_pre7-r3 + + + 2.4.24-r2 + 2.4.24-r2 + + + +

+ The Linux kernel is responsible for memory management in a working + system - to allow this, processes are allowed to allocate and + unallocate memory. +

+ + +

+ The memory subsystem allows for shrinking, growing, and moving of + chunks of memory along any of the allocated memory areas which the + kernel posesses. +

+

+ To accomplish this, the do_mremap code calls the do_munmap() kernel + function to remove any old memory mappings in the new location - but, + the code doesn't check the return value of the do_munmap() function + which may fail if the maximum number of available virtual memory area + descriptors has been exceeded. +

+

+ Due to the missing return value check after trying to unmap the middle + of the first memory area, the corresponding page table entries from the + second new area are inserted into the page table locations described by + the first old one, thus they are subject to page protection flags of + the first area. As a result, arbitrary code can be executed. +

+ + +

+ Arbitrary code with normal non-super-user privelerges may be able to + exploit this vulnerability and may disrupt the operation of other parts + of the kernel memory management subroutines finally leading to + unexpected behavior. +

+

+ Since no special privileges are required to use the mremap() and + mummap() system calls any process may misuse this unexpected behavior + to disrupt the kernel memory management subsystem. Proper exploitation + of this vulnerability may lead to local privilege escalation allowing + for the execution of arbitrary code with kernel level root access. +

+

+ Proof-of-concept exploit code has been created and successfully tested, + permitting root escalation on vulnerable systems. As a result, all + users should upgrade their kernels to new or patched versions. +

+ + +

+ Users who are unable to upgrade their kernels may attempt to use + "sysctl -w vm.max_map_count=1000000", however, this is a temporary fix + which only solves the problem by increasing the number of memory areas + that can be created by each process. Because of the static nature of + this workaround, it is not recommended and users are urged to upgrade + their systems to the latest avaiable patched sources. +

+ + +

+ Users are encouraged to upgrade to the latest available sources for + their system: +

+ + # emerge sync + # emerge -pv your-favourite-sources + # emerge your-favourite-sources + # # Follow usual procedure for compiling and installing a kernel. + # # If you use genkernel, run genkernel as you would do normally. + + # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN + # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE + # # REPORTS THAT THE SAME VERSION IS INSTALLED. + + + Advisory released by iSEC + CVE-2004-0077 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-03.xml new file mode 100644 index 0000000000..f31e4278fe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-03.xml @@ -0,0 +1,91 @@ + + + + + Multiple OpenSSL Vulnerabilities + + Three vulnerabilities have been found in OpenSSL via a commercial test + suite for the TLS protocol developed by Codenomicon Ltd. + + OpenSSL + March 17, 2004 + May 22, 2006: 02 + 44941 + remote + + + 0.9.7d + 0.9.6m + 0.9.7c + + + +

+ The OpenSSL Project is a collaborative effort to develop a robust, + commercial-grade, full-featured, and Open Source toolkit implementing + the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS + v1) protocols as well as a full-strength general purpose cryptography + library. +

+ + +
    +
  1. + Testing performed by the OpenSSL group using the Codenomicon TLS Test + Tool uncovered a null-pointer assignment in the do_change_cipher_spec() + function. A remote attacker could perform a carefully crafted SSL/TLS + handshake against a server that used the OpenSSL library in such a way + as to cause OpenSSL to crash. Depending on the application this could + lead to a denial of service. All versions of OpenSSL from 0.9.6c to + 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by + this issue. +
    2. +
  2. + A flaw has been discovered in SSL/TLS handshaking code when using + Kerberos ciphersuites. A remote attacker could perform a carefully + crafted SSL/TLS handshake against a server configured to use Kerberos + ciphersuites in such a way as to cause OpenSSL to crash. Most + applications have no ability to use Kerberos cipher suites and will + therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL + are affected by this issue. +
    3. +
  3. + Testing performed by the OpenSSL group using the Codenomicon TLS Test + Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead + to a Denial of Service attack (infinite loop). This issue was traced to + a fix that was added to OpenSSL 0.9.6d some time ago. This issue will + affect vendors that ship older versions of OpenSSL with backported + security patches. +
    4. +
+ + +

+ Although there are no public exploits known for bug, users are + recommended to upgrade to ensure the security of their infrastructure. +

+ + +

+ There is no immediate workaround; a software upgrade is required. The + vulnerable function in the code has been rewritten. +

+ + +

+ All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m: +

+ + # emerge sync + # emerge -pv ">=dev-libs/openssl-0.9.7d" + # emerge ">=dev-libs/openssl-0.9.7d" + + + CVE-2004-0079 + CVE-2004-0081 + CVE-2004-0112 + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-04.xml new file mode 100644 index 0000000000..273e0fce60 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-04.xml @@ -0,0 +1,111 @@ + + + + + Multiple security vulnerabilities in Apache 2 + + A memory leak in mod_ssl allows a remote denial of service attack against + an SSL-enabled server via plain HTTP requests. Another flaw was found when + arbitrary client-supplied strings can be written to the error log, allowing + the exploit of certain terminal emulators. A third flaw exists with the + mod_disk_cache module. + + Apache + March 22, 2004 + December 30, 2007: 03 + 45206 + remote + + + 1.3* + 2.0.49 + 2.0.48 + + + +

+ The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +

+ + +

+ Three vulnerabilities were found: +

+
    +
  1. + A memory leak in ssl_engine_io.c for mod_ssl in Apache 2.0.48 and below + allows remote attackers to cause a denial of service attack via plain + HTTP requests to the SSL port of an SSL-enabled server. +
    2. +
  2. + Apache fails to filter terminal escape sequences from error logs that + begin with the ASCII (0x1B) sequence and are followed by a series of + arguments. If a remote attacker could inject escape sequences into an + Apache error log, the attacker could take advantages of weaknesses in + various terminal emulators, launching attacks against remote users + including further denial of service attacks, file modification, and the + execution of arbitrary commands. +
    3. +
  3. + The Apache mod_disk_cache has been found to be vulnerable to a weakness + that allows attackers to gain access to authentication credentials + through the issue of caching HTTP hop-by-hop headers which would + contain plaintext user passwords. There is no available resolution for + this issue yet. +
    4. +
+ + +

+ No special privileges are required for these vulnerabilities. As a + result, all users are recommended to upgrade their Apache + installations. +

+ + +

+ There is no immediate workaround; a software upgrade is required. There + is no workaround for the mod_disk_cache issue; users are recommended to + disable the feature on their servers until a patched version is + released. +

+ + +

+ Users are urged to upgrade to Apache 2.0.49: +

+ + # emerge sync + # emerge -pv ">=www-servers/apache-2.0.49" + # emerge ">=www-servers/apache-2.0.49" + + # ** IMPORTANT ** + + # If you are migrating from Apache 2.0.48-r1 or earlier versions, + # it is important that the following directories are removed. + + # The following commands should cause no data loss since these + # are symbolic links. + + # rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules + # rm /etc/apache2/modules + + # ** ** ** ** ** + + # ** ALSO NOTE ** + + # Users who use mod_disk_cache should edit their Apache + # configuration and disable mod_disk_cache. + + + Apache mod_disk_cache authentication storage weakness vulnerability + Apache HTTP Server 2.0.49 Announcement + CVE-2004-0113 + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-05.xml new file mode 100644 index 0000000000..a768342b0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-05.xml @@ -0,0 +1,68 @@ + + + + + UUDeview MIME Buffer Overflow + + A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe + extensions) may cause UUDeview to crash or execute arbitrary code. + + UUDeview + March 26, 2004 + March 26, 2004: 01 + 44859 + remote + + + 0.5.20 + 0.5.20 + + + +

+ UUDeview is a program which is used to transmit binary files over the + Internet in a text-only format. It is commonly used for email and Usenet + attachments. It supports multiple encoding formats, including Base64, + BinHex and UUEncoding. +

+ + +

+ By decoding a MIME archive with excessively long strings for various + parameters, it is possible to crash UUDeview, or cause it to execute + arbitrary code. +

+

+ This vulnerability was originally reported by iDEFENSE as part of a WinZip + advisory [ Reference: 1 ]. +

+ + +

+ An attacker could create a specially-crafted MIME file and send it via + email. When recipient decodes the file, UUDeview may execute arbitrary code + which is embedded in the MIME file, thus granting the attacker access to + the recipient's account. +

+ + +

+ There is no known workaround at this time. As a result, a software upgrade + is required and users should upgrade to uudeview 0.5.20. +

+ + +

+ All users should upgrade to uudeview 0.5.20: +

+ + # emerge sync + # emerge -pv ">=app-text/uudeview-0.5.20" + # emerge ">=app-text/uudeview-0.5.20" + + + + iDEFENSE advisory + SecurityFocus advisory + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-06.xml new file mode 100644 index 0000000000..ad456273d8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-06.xml @@ -0,0 +1,72 @@ + + + + + Multiple remote buffer overflow vulnerabilities in Courier + + Remote buffer overflow vulnerabilities have been found in Courier-IMAP and + Courier MTA. These exploits may allow the execution of abritrary code, + allowing unauthorized access to a vulnerable system. + + Courier + March 26, 2004 + March 26, 2004: 01 + 45584 + remote + + + 3.0.0 + 3.0.0 + + + 0.45 + 0.45 + + + +

+ Courier MTA is a multiprotocol mail server suite that provides webmail, + mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server + that gives IMAP access to local mailboxes. +

+ + +

+ The vulnerabilities have been found in the 'SHIFT_JIS' converter in + 'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may + supply Unicode characters that exceed BMP (Basic Multilingual Plane) range, + causing an overflow. +

+ + +

+ An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access. +

+ + +

+ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected packages. +

+ + +

+ All users should upgrade to current versions of the affected packages: +

+ + # emerge sync + + # emerge -pv ">=net-mail/courier-imap-3.0.0" + # emerge ">=net-mail/courier-imap-3.0.0" + + # ** Or; depending on your installation... ** + + # emerge -pv ">=mail-mta/courier-0.45" + # emerge ">=mail-mta/courier-0.45" + + + + Courier Multiple Remote Buffer Overflow Vulnerabilities + CAN-2004-0224 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-07.xml new file mode 100644 index 0000000000..d6dc15f931 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-07.xml @@ -0,0 +1,72 @@ + + + + + Multiple remote overflows and vulnerabilities in Ethereal + + Mulitple overflows and vulnerabilities exist in Ethereal which may allow an + attacker to crash the program or run arbitrary code. + + ethereal + March 28, 2004 + March 28, 2004: 01 + 45543 + remote + + + 0.10.3 + 0.10.2 + + + +

+ Quote from http://www.ethereal.com +

+

+ "Ethereal is used by network professionals around the world for + troubleshooting, analysis, software and protocol development, and + education. It has all of the standard features you would expect in a + protocol analyzer, and several features not seen in any other product. Its + open source license allows talented experts in the networking community to + add enhancements. It runs on all popular computing platforms, including + Unix, Linux, and Windows." +

+ + +

There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:

+
    +
  • Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.
    • +
  • A zero-length Presentation protocol selector could make Ethereal crash.
    • +
  • A vulnerability in the RADIUS packet dissector which may crash ethereal.
    • +
  • A corrupt color filter file could cause a segmentation fault.
    • +
+ + +

+ These vulnerabilities may cause Ethereal to crash or may allow an attacker + to run arbitrary code on the user's computer. +

+ + +

+ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ All users should upgrade to the current version of the affected package: +

+ + # emerge sync + + # emerge -pv ">=net-analyzer/ethereal-0.10.3" + # emerge ">=net-analyzer/ethereal-0.10.3" + + + Multiple security problems in Ethereal 0.10.2 + CAN-2004-0176 + CAN-2004-0365 + CAN-2004-0367 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-08.xml new file mode 100644 index 0000000000..ca445d0b2e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-08.xml @@ -0,0 +1,75 @@ + + + + + oftpd DoS vulnerability + + A remotely-exploitable overflow exists in oftpd, allowing an attacker to + crash the oftpd daemon. + + oftpd + March 29, 2004 + May 22, 2006: 02 + 45738 + remote + + + 0.3.7 + 0.3.6 + + + +

+ Quote from http://www.time-travellers + .org/oftpd/ +

+

+ "oftpd is designed to be as secure as an anonymous FTP server can + possibly be. It runs as non-root for most of the time, and uses the + Unix chroot() command to hide most of the systems directories from + external users - they cannot change into them even if the server is + totally compromised! It contains its own directory change code, so that + it can run efficiently as a threaded server, and its own directory + listing code (most FTP servers execute the system "ls" command to list + files)." +

+ + +

+ Issuing a port command with a number higher than 255 causes the server + to crash. The port command may be issued before any authentication + takes place, meaning the attacker does not need to know a valid + username and password in order to exploit this vulnerability. +

+ + +

+ This exploit causes a denial of service. +

+ + +

+ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ All users should upgrade to the current version of the affected + package: +

+ + # emerge sync + + # emerge -pv ">=net-ftp/oftpd-0.3.7" + # emerge ">=net-ftp/oftpd-0.3.7" + + + osftpd DoS Vulnerability + CVE-2004-0376 + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-09.xml new file mode 100644 index 0000000000..cdf7392994 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-09.xml @@ -0,0 +1,57 @@ + + + + + Buffer overflow in Midnight Commander + + A remotely-exploitable buffer overflow in Midnight Commander allows + arbitrary code to be run on a user's computer + + mc + March 29, 2004 + March 29, 2004: 01 + 45957 + remote + + + 4.6.0-r5 + 4.6.0-r4 + + + +

+ Midnight Commander is a visual file manager. +

+ + +

+ A stack-based buffer overflow has been found in Midnight Commander's + virtual filesystem. +

+ + +

+ This overflow allows an attacker to run arbitrary code on the user's + computer during the symlink conversion process. +

+ + +

+ While a workaround is not currently known for this issue, all users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ All users should upgrade to the current version of the affected package: +

+ + # emerge sync + + # emerge -pv ">=app-misc/mc-4.6.0-r5" + # emerge ">=app-misc/mc-4.6.0-r5" + + + CAN-2003-1023 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-10.xml new file mode 100644 index 0000000000..939654c6b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-10.xml @@ -0,0 +1,59 @@ + + + + + Fetchmail 6.2.5 fixes a remote DoS + + Fetchmail versions 6.2.4 and earlier can be crashed by sending a + specially-crafted email to a fetchmail user. + + fetchmail + March 30, 2004 + March 30, 2004: 01 + 37717 + remote + + + 6.2.5 + 6.2.4 + + + +

+ Fetchmail is a utility that retrieves and forwards mail from remote systems + using IMAP, POP, and other protocols. +

+ + +

+ Fetchmail versions 6.2.4 and earlier can be crashed by sending a + specially-crafted email to a fetchmail user. This problem occurs because + Fetchmail does not properly allocate memory for long lines in an incoming + email. +

+ + +

+ Fetchmail users who receive a malicious email may have their fetchmail + program crash. +

+ + +

+ While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail. +

+ + +

+ Fetchmail users should upgrade to version 6.2.5 or later: +

+ + # emerge sync + # emerge -pv ">=net-mail/fetchmail-6.2.5" + # emerge ">=net-mail/fetchmail-6.2.5" + + + ISS X-Force Listing + CVE Candidate (CAN-2003-0792) + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-11.xml new file mode 100644 index 0000000000..f7354ed4dc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-11.xml @@ -0,0 +1,78 @@ + + + + + Squid ACL [url_regex] bypass vulnerability + + Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to + bypass Access Control Lists by sending a specially-crafted URL request + containing '%00': in such circumstances; the url_regex ACL may not properly + detect the malicious URL, allowing the attacker to effectively bypass the + ACL. + + Squid + March 30, 2004 + September 02, 2004: 02 + 45273 + remote + + + 2.5.5 + 2.5.5 + + + +

+ Squid is a fully-featured Web Proxy Cache designed to run on Unix systems + that supports proxying and caching of HTTP, FTP, and other URLs, as well as + SSL support, cache hierarchies, transparent caching, access control lists + and many other features. +

+ + +

+ A bug in Squid allows users to bypass certain access controls by passing a + URL containing "%00" which exploits the Squid decoding function. + This may insert a NUL character into decoded URLs, which may allow users to + bypass url_regex access control lists that are enforced upon them. +

+

+ In such a scenario, Squid will insert a NUL character after + the"%00" and it will make a comparison between the URL to the end + of the NUL character rather than the contents after it: the comparison does + not result in a match, and the user's request is not denied. +

+ + +

+ Restricted users may be able to bypass url_regex access control lists that + are enforced upon them which may cause unwanted network traffic as well as + a route for other possible exploits. Users of Squid 2.5STABLE4 and below + who require the url_regex features are recommended to upgrade to 2.5STABLE5 + to maintain the security of their infrastructure. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of Squid. +

+ + +

+ Squid can be updated as follows: +

+ + # emerge sync + + # emerge -pv ">=net-proxy/squid-2.5.5" + # emerge ">=net-proxy/squid-2.5.5" + + + CAN-2004-0189 + Squid 2.5.STABLE5 Release Announcement + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-12.xml new file mode 100644 index 0000000000..1171ed6d60 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-12.xml @@ -0,0 +1,69 @@ + + + + + OpenLDAP DoS Vulnerability + + A failed password operation can cause the OpenLDAP slapd server, if it is + using the back-ldbm backend, to free memory that was never allocated. + + openldap + March 31, 2004 + May 22, 2006: 02 + 26728 + remote + + + 2.1.13 + 2.1.12 + + + +

+ OpenLDAP is a suite of LDAP-related application and development tools. + It includes slapd (the standalone LDAP server), slurpd (the standalone + LDAP replication server), and various LDAP libraries, utilities and + example clients. +

+ + +

+ A password extended operation (password EXOP) which fails will cause + the slapd server to free() an uninitialized pointer, possibly resulting + in a segfault. This only affects servers using the back-ldbm backend. +

+

+ Such a crash is not guaranteed with every failed operation, however, it + is possible. +

+ + +

+ An attacker (or indeed, a normal user) may crash the OpenLDAP server, + creating a Denial of Service condition. +

+ + +

+ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ OpenLDAP users should upgrade to version 2.1.13 or later: +

+ + # emerge sync + + # emerge -pv ">=net-nds/openldap-2.1.13" + # emerge ">=net-nds/openldap-2.1.13" + + + OpenLDAP ITS Bug and Patch + CVE-2003-1201 + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml new file mode 100644 index 0000000000..b129d325eb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml @@ -0,0 +1,98 @@ + + + + + Remote buffer overflow in MPlayer + + MPlayer contains a remotely exploitable buffer overflow in the HTTP parser + that may allow attackers to run arbitrary code on a user's computer. + + mplayer + March 31, 2004 + October 11, 2006: 03 + 46246 + remote + + + 0.92-r1 + 0.92 + + + 1.0_pre2-r1 + 1.0_pre2 + + + 1.0_pre3-r3 + 1.0_pre3 + + + +

+ Quote from http://mplayerhq.hu +

+

+ "MPlayer is a movie player for LINUX (runs on many other Unices, and + non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, + OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, + FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL + codecs. You can watch VideoCD, SVCD, DVD, 3ivx, DivX 3/4/5 and even WMV + movies, too." +

+ + +

+ A vulnerability exists in the MPlayer HTTP parser which may allow an + attacker to craft a special HTTP header ("Location:") which will trick + MPlayer into executing arbitrary code on the user's computer. +

+ + +

+ An attacker without privileges may exploit this vulnerability remotely, + allowing arbitrary code to be executed in order to gain unauthorized + access. +

+ + +

+ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ MPlayer may be upgraded as follows: +

+

+ x86 and SPARC users should: +

+ + # emerge sync + + # emerge -pv ">=media-video/mplayer-0.92-r1" + # emerge ">=media-video/mplayer-0.92-r1" +

+ AMD64 users should: +

+ + # emerge sync + + # emerge -pv ">=media-video/mplayer-1.0_pre2-r1" + # emerge ">=media-video/mplayer-1.0_pre2-r1" +

+ PPC users should: +

+ + # emerge sync + + # emerge -pv ">=media-video/mplayer-1.0_pre3-r2" + # emerge ">=media-video/mplayer-1.0_pre3-r2" + + + MPlayerHQ News + CVE-2004-0386 + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-14.xml new file mode 100644 index 0000000000..0d910a46fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-14.xml @@ -0,0 +1,73 @@ + + + + + Multiple Security Vulnerabilities in Monit + + A denial of service and a buffer overflow vulnerability have been found in + Monit. + + app-admin/monit + March 31, 2004 + May 22, 2006: 02 + 43967 + remote + + + 4.2 + 4.1 + + + +

+ Monit is a system administration utility that allows management and + monitoring of processes, files, directories and devices on a Unix + system. +

+ + +

+ A denial of service may occur due to Monit not sanitizing remotely + supplied HTTP parameters before passing them to memory allocation + functions. This could allow an attacker to cause an unexpected + condition that could lead to the Monit daemon crashing. +

+

+ An overly long http request method may cause a buffer overflow due to + Monit performing insufficient bounds checking when handling HTTP + requests. +

+ + +

+ An attacker may crash the Monit daemon to create a denial of service + condition or cause a buffer overflow that would allow arbitrary code to + be executed with root privileges. +

+ + +

+ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ Monit users should upgrade to version 4.2 or later: +

+ + # emerge sync + + # emerge -pv ">=app-admin/monit-4.2" + # emerge ">=app-admin/monit-4.2" + + + Monit HTTP Content-Length Parameter Denial of Service Vulnerability + Monit Overly Long HTTP Request Buffer Overrun Vulnerability + CVE-2003-1083 + CVE-2003-1084 + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-01.xml new file mode 100644 index 0000000000..e852dcf39c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-01.xml @@ -0,0 +1,93 @@ + + + + + Insecure sandbox temporary lockfile vulnerabilities in Portage + + A flaw has been found in the temporary file handling algorithms for the + sandboxing code used within Portage. Lockfiles created during normal Portage + operation of portage could be manipulated by local users resulting in the + truncation of hard linked files; causing a Denial of Service attack on + the system. + + Portage + April 04, 2004 + April 04, 2004: 01 + 21923 + local + + + 2.0.50-r3 + 2.0.50-r3 + + + +

+ Portage is Gentoo's package management system which is responsible for + installing, compiling and updating any ebuilds on the system through the + Gentoo rsync tree. Under default configurations, most ebuilds run under a + sandbox which prevent the build process writing to the "real" + system outside the build directory - packages are installed into a + temporary location and then copied over safely by Portage instead. During + the process the sandbox wrapper creates lockfiles in the /tmp directory + which are vulnerable to a hard-link attack. +

+ + +

+ A flaw in Portage's sandbox wrapper has been found where the temporary + lockfiles are subject to a hard-link attack which allows linkable files to + be overwritten to an empty file. This can be used to damage critical files + on a system causing a Denial of Service, or alternatively this attack may + be used to cause other security risks; for example firewall configuration + data could be overwritten without notice. +

+

+ The vulnerable sandbox functions have been patched to test for these new + conditions: namely; for the existance of a hard-link which would be removed + before the sandbox process would continue, for the existance of a + world-writable lockfile in which case the sandbox would also remove it, and + also for any mismatches in the UID ( anything but root ) and the GID ( + anything but the group of the sandbox process ). +

+

+ If the vulnerable files cannot be removed by the sandbox, then the sandbox + would exit with a fatal error warning the adminstrator of the issue. The + patched functions also fix any other sandbox I/O operations which do not + explicitly include the mentioned lockfile. +

+ + +

+ Any user with write access to the /tmp directory can hard-link a file to + /tmp/sandboxpids.tmp - this file would eventually be replaced with an empty + one; effectively wiping out the file it was linked to as well with no prior + warning. This could be used to potentially disable a vital component of the + system and cause a path for other possible exploits. +

+

+ This vulnerability only affects systems that have /tmp on the root + partition: since symbolic link attacks are filtered, /tmp has to be on the + same partition for an attack to take place. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Users should upgrade to Portage 2.0.50-r3 or later: +

+ + # emerge sync + + # emerge -pv ">=sys-apps/portage-2.0.50-r3" + # emerge ">=sys-apps/portage-2.0.50-r3" + + + + plasmaroo + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-02.xml new file mode 100644 index 0000000000..73d1614d72 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-02.xml @@ -0,0 +1,59 @@ + + + + + KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability + + KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow + unauthorized access to an affected system. + + kde-base/kde + April 06, 2004 + April 06, 2004: 01 + 38256 + remote + + + 3.1.5 + 3.1.4 + + + +

+ KDE-PIM is an application suite designed to manage mail, addresses, + appointments, and contacts. +

+ + +

+ A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously + crafted VCF file is opened by a user on a vulnerable system. +

+ + +

+ A remote attacker may unauthorized access to a user's personal data or + execute commands with the user's privileges. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ KDE users should upgrade to version 3.1.5 or later: +

+ + # emerge sync + + # emerge -pv ">=kde-base/kde-3.1.5" + # emerge ">=kde-base/kde-3.1.5" + + + CAN-2003-0988 + + aescriva + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-03.xml new file mode 100644 index 0000000000..37c74e98d1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-03.xml @@ -0,0 +1,70 @@ + + + + + Tcpdump Vulnerabilities in ISAKMP Parsing + + There are multiple vulnerabilities in tcpdump and libpcap related to + parsing of ISAKMP packets. + + tcpdump + March 31, 2004 + March 31, 2004: 01 + 38206 + 46258 + remote + + + 3.8.3-r1 + 3.8.1 + + + 0.8.3-r1 + 0.8.1-r1 + + + +

+ Tcpdump is a program for monitoring IP network traffic. Libpcap is a + supporting library which is responsibile for capturing packets off a network + interface. +

+ + +

+ There are two specific vulnerabilities in tcpdump, outlined in [ reference + 1 ]. In the first scenario, an attacker may send a specially-crafted ISAKMP + Delete packet which causes tcpdump to read past the end of its buffer. In + the second scenario, an attacker may send an ISAKMP packet with the wrong + payload length, again causing tcpdump to read past the end of a buffer. +

+ + +

+ Remote attackers could potentially cause tcpdump to crash or execute + arbitrary code as the 'pcap' user. +

+ + +

+ There is no known workaround at this time. All tcpdump users are encouraged + to upgrade to the latest available version. +

+ + +

+ All tcpdump users should upgrade to the latest available version. + ADDITIONALLY, the net-libs/libpcap package should be upgraded. +

+ + # emerge sync + + # emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1" + # emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1" + + + Rapid7 Advisory + Red Hat Security Advisory + CVE Advisory + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-04.xml new file mode 100644 index 0000000000..292afdb967 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-04.xml @@ -0,0 +1,66 @@ + + + + + Multiple vulnerabilities in sysstat + + Multiple vulnerabilities in the way sysstat handles symlinks may allow an + attacker to execute arbitrary code or overwrite arbitrary files + + sysstat + April 06, 2004 + April 06, 2004: 01 + 45159 + local + + + 5.0.2 + 5.0.2 + + + +

+ sysstat is a package containing a number of performance monitoring + utilities for Linux, including sar, mpstat, iostat and sa tools +

+ + +

+ There are two vulnerabilities in the way sysstat handles symlinks: +

+
    +
  1. The isag utility, which displays sysstat data in a graphical format, + creates a temporary file in an insecure manner.
    2. +
  2. Two scripts in the sysstat package, post and trigger, create temporary + files in an insecure manner.
    3. +
+ + +

+ Both vulnerabilities may allow an attacker to overwrite arbitrary files + under the permissions of the user executing any of the affected + utilities. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Systat users should upgrade to version 4.2 or later: +

+ + # emerge sync + + # emerge -pv ">=app-admin/sysstat-5.0.2" + # emerge ">=app-admin/sysstat-5.0.2" + + + CVE (1) + CVE (2) + + klieber + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-05.xml new file mode 100644 index 0000000000..80727adab5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-05.xml @@ -0,0 +1,63 @@ + + + + + ipsec-tools contains an X.509 certificates vulnerability. + + ipsec-tools contains a vulnerability that affects connections authenticated + with X.509 certificates. + + ipsec-tools + April 07, 2004 + April 07, 2004: 01 + 47013 + remote + + + 0.2.5 + 0.2.4 + + + +

+ From http://ipsec-tools.sourceforge.net/ : +

+

+ "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 + IPsec implementation." +

+ + +

+ racoon (a utility in the ipsec-tools package) does not verify digital + signatures on Phase1 packets. This means that anybody holding the correct + X.509 certificate would be able to establish a connection, even if they did + not have the corresponding private key. +

+ + +

+ Since digital signatures are not verified by the racoon tool, an attacker may + be able to connect to the VPN gateway and/or execute a man-in-the-middle attack. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ ipsec-tools users should upgrade to version 0.2.5 or later: +

+ + # emerge sync + + # emerge -pv ">=net-firewall/ipsec-tools-0.2.5" + # emerge ">=net-firewall/ipsec-tools-0.2.5" + + + + klieber + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-06.xml new file mode 100644 index 0000000000..7804015e7e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-06.xml @@ -0,0 +1,65 @@ + + + + + Util-linux login may leak sensitive data + + The login program included in util-linux could leak sensitive information + under certain conditions. + + + April 07, 2004 + April 07, 2004: 01 + 46422 + remote + + + 2.12 + 2.11 + + + +

+ Util-linux is a suite of essential system utilites, including login, + agetty, fdisk. +

+ + +

+ In some situations the login program could leak sensitive data due to an + incorrect usage of a reallocated pointer. +

+

+ NOTE: Only users who have PAM support disabled on their + systems (i.e. -PAM in their USE variable) will be affected by this + vulnerability. By default, this USE flag is enabled on all + architectures. Users with PAM support on their system receive login binaries + as part of the pam-login package, which remains unaffected. +

+ + +

+ A remote attacker may obtain sensitive data. +

+ + +

+ A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. +

+ + +

+ All util-linux users should upgrade to version 2.12 or later: +

+ + # emerge sync + + # emerge -pv ">=sys-apps/util-linux-2.12" + # emerge ">=sys-apps/util-linux-2.12" + + + + CAN-2004-0080 + + lcars + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-07.xml new file mode 100644 index 0000000000..fdc7215de9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-07.xml @@ -0,0 +1,71 @@ + + + + + ClamAV RAR Archive Remote Denial Of Service Vulnerability + + ClamAV is vulnerable to a denial of service attack when processing certain + RAR archives. + + clamav + April 07, 2004 + May 22, 2006: 02 + 45357 + remote + + + 0.68.1 + 0.68 + + + +

+ From http://www.clamav.net/ : +

+

+ "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose + of this software is the integration with mail servers (attachment + scanning). The package provides a flexible and scalable multi-threaded + daemon, a command line scanner, and a tool for automatic updating via + Internet. The programs are based on a shared library distributed with + the Clam AntiVirus package, which you can use with your own software. + Most importantly, the virus database is kept up to date." +

+ + +

+ Certain types of RAR archives, including those created by variants of + the W32.Beagle.A@mm worm, may cause clamav to crash when it attempts to + process them. +

+ + +

+ This vulnerability causes a Denial of Service in the clamav process. + Depending on configuration, this may cause dependent services such as + mail to fail as well. +

+ + +

+ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ ClamAV users should upgrade to version 0.68.1 or later: +

+ + # emerge sync + + # emerge -pv ">=app-antivirus/clamav-0.68.1" + # emerge ">=app-antivirus/clamav-0.68.1" + + + CVE-2004-1909 + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-08.xml new file mode 100644 index 0000000000..5e6efb7880 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-08.xml @@ -0,0 +1,66 @@ + + + + + GNU Automake symbolic link vulnerability + + Automake may be vulnerable to a symbolic link attack which may allow an + attacker to modify data or elevate their privileges. + + automake + April 08, 2004 + January 31, 2005: 05 + 45646 + local + + + 1.8.5-r3 + 1.7.9-r1 + 1.7 + 1.8.5-r2 + + + +

+ Automake is a tool for automatically generating `Makefile.in' files + which is often used in conjuction with Autoconf and other GNU Autotools + to ease portability among applications. It also provides a standardized + and light way of writing complex Makefiles through the use of many + built-in macros. +

+ + +

+ Automake may be vulnerable to a symbolic link attack which may allow an + attacker to modify data or escalate their privileges. This is due to + the insecure way Automake creates directories during compilation. An + attacker may be able to create symbolic links in the place of files + contained in the affected directories, which may potentially lead to + elevated privileges due to modification of data. +

+ + +

+ An attacker may be able to use this vulnerability to modify data in an + unauthorized fashion or elevate their privileges. +

+ + +

+ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ Automake users should upgrade to the latest versions: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose sys-devel/automake + + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-09.xml new file mode 100644 index 0000000000..7c3ba4ee02 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-09.xml @@ -0,0 +1,59 @@ + + + + + Cross-realm trust vulnerability in Heimdal + + Heimdal contains cross-realm vulnerability allowing someone with control + over a realm to impersonate anyone in the cross-realm trust path. + + heimdal + April 09, 2004 + April 09, 2004: 01 + 46590 + local + + + 0.6.1 + 0.6.0 + + + +

+ Heimdal is a free implementation of Kerberos 5. +

+ + +

+ Heimdal does not properly perform certain consistency checks for + cross-realm requests, which allows remote attackers with control of a realm + to impersonate others in the cross-realm trust path. +

+ + +

+ Remote attackers with control of a realm may be able to impersonate other + users in the cross-realm trust path. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Heimdal users should upgrade to version 0.6.1 or later: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/heimdal-0.6.1" + # emerge ">=app-crypt/heimdal-0.6.1" + + + CVE + + klieber + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-10.xml new file mode 100644 index 0000000000..cb59725fa9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-10.xml @@ -0,0 +1,61 @@ + + + + + iproute local Denial of Service vulnerability + + The iproute package allows local users to cause a denial of service. + + + April 09, 2004 + April 09, 2004: 01 + 34294 + local + + + 20010824-r5 + 20010824-r4 + + + +

+ iproute is a set of tools for managing linux network routing and advanced + features. +

+ + +

+ It has been reported that iproute can accept spoofed messages on the kernel + netlink interface from local users. This could lead to a local Denial of + Service condition. +

+ + +

+ Local users could cause a Denial of Service. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ All iproute users should upgrade to version 20010824-r5 or later: +

+ + # emerge sync + + # emerge -pv ">=sys-apps/iproute-20010824-r5"; + # emerge ">=sys-apps/iproute-20010824-r5"; + + + + CAN-2003-0856 + + + lcars + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-11.xml new file mode 100644 index 0000000000..fc1bdcc38c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-11.xml @@ -0,0 +1,64 @@ + + + + + Multiple Vulnerabilities in pwlib + + Multiple vulnerabilities have been found in pwlib that may lead to a remote + denial of service or buffer overflow attack. + + dev-libs/pwlib + April 09, 2004 + April 09, 2004: 01 + 45846 + remote + + + 1.5.2-r3 + 1.5.2-r2 + + + +

+ pwlib is a multi-platform library designed for OpenH323. +

+ + +

+ Multiple vulnerabilities have been found in the implimentation of protocol + H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of + ASN.1 elements which would allow an attacker to use a maliciously crafted + ASN.1 element to cause unpredictable behavior in pwlib. +

+ + +

+ An attacker may cause a denial of service condition or cause a buffer + overflow that would allow arbitrary code to be executed with root + privileges. +

+ + +

+ Blocking ports 1719 and 1720 may reduce the likelihood of an attack. All + users are advised to upgrade to the latest version of the affected package. +

+ + +

+ All pwlib users are advised to upgrade to version 1.5.2-r3 or later: +

+ + # emerge sync + + # emerge -pv ">=dev-libs/pwlib-1.5.2-r3" + # emerge ">=dev-libs/pwlib-1.5.2-r3" + + + CAN-2004-0097 + NISCC Vulnerability Advisory 006489/H323 + + + aescriva + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-12.xml new file mode 100644 index 0000000000..341307d7a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-12.xml @@ -0,0 +1,67 @@ + + + + + Scorched 3D server chat box format string vulnerability + + Scorched 3D is vulnerable to a format string attack in the chat box that + leads to Denial of Service on the game server and possibly allows execution + of arbitrary code. + + scorched3d + April 09, 2004 + April 09, 2004: 08 + 39302 + remote + + + 37 + 37 + + + +

+ Scorched 3D is a game based loosely on the classic DOS game "Scorched + Earth". Scorched 3D adds amongst other new features a 3D island + environment and LAN and internet play. Scorched 3D is totally free and is + available for multiple operating systems. +

+ + +

+ Scorched 3D (build 36.2 and before) does not properly check the text + entered in the Chat box (T key). Using format string characters, you can + generate a heap overflow. This and several other unchecked buffers have + been corrected in the build 37 release. +

+ + +

+ This vulnerability can be easily exploited to remotely crash the Scorched + 3D server, disconnecting all clients. It could also theorically be used to + execute arbitrary code on the server with the rights of the user running + the server. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Scorched 3D users should upgrade to version 37 or later: +

+ + # emerge sync + + # emerge -pv ">=games-strategy/scorched3d-37" + # emerge ">=games-strategy/scorched3d-37" + + + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-13.xml new file mode 100644 index 0000000000..6ecbd1cb85 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-13.xml @@ -0,0 +1,71 @@ + + + + + CVS Server and Client Vulnerabilities + + There are two vulnerabilities in CVS; one in the server and one in the + client. These vulnerabilities allow the reading and writing of arbitrary + files on both client and server. + + cvs + April 14, 2004 + May 22, 2006: 02 + 47800 + remote + + + 1.11.15 + 1.11.14 + + + +

+ CVS, which stands for Concurrent Versions System, is a client/server + application which tracks changes to sets of files. It allows multiple + users to work concurrently on files, and then merge their changes back + into the main tree (which can be on a remote system). It also allows + branching, or maintaining separate versions for files. +

+ + +

+ There are two vulnerabilities in CVS; one in the server and one in the + client. The server vulnerability allows a malicious client to request + the contents of any RCS file to which the server has permission, even + those not located under $CVSROOT. The client vulnerability allows a + malicious server to overwrite files on the client machine anywhere the + client has permissions. +

+ + +

+ Arbitrary files may be read or written on CVS clients and servers by + anybody with access to the CVS tree. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest stable version of CVS. +

+ + +

+ All CVS users should upgrade to the latest stable version. +

+ + # emerge sync + + # emerge -pv ">=dev-util/cvs-1.11.15" + # emerge ">=dev-util/cvs-1.11.15" + + + CVS commit log + CVE-2004-0180 + CVE-2004-0405 + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-14.xml new file mode 100644 index 0000000000..423b20f38e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-14.xml @@ -0,0 +1,68 @@ + + + + + Multiple format string vulnerabilities in cadaver + + There are multiple format string vulnerabilities in the neon library used + in cadaver, possibly leading to execution of arbitrary code when connected + to a malicious server. + + cadaver + April 19, 2004 + April 19, 2004: 01 + 47799 + remote + + + 0.22.1 + 0.22.1 + + + +

+ According to http://www.webdav.org/cadaver, + cadaver is a command-line WebDAV client for Unix. It supports file upload, + download, on-screen display, namespace operations (move/copy), collection + creation and deletion, and locking operations. +

+ + +

+ Cadaver code includes the neon library, which in versions 0.24.4 and + previous is vulnerable to multiple format string attacks. The latest + version of cadaver uses version 0.24.5 of the neon library, which makes it + immune to this vulnerability. +

+ + +

+ When using cadaver to connect to an untrusted WebDAV server, this + vulnerability can allow a malicious remote server to execute arbitrary code + on the client with the rights of the user using cadaver. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ cadaver users should upgrade to version 0.22.1 or later: +

+ + # emerge sync + + # emerge -pv ">=net-misc/cadaver-0.22.1" + # emerge ">=net-misc/cadaver-0.22.1" + + + CAN-2004-0179 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-15.xml new file mode 100644 index 0000000000..9d92dbab1b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-15.xml @@ -0,0 +1,72 @@ + + + + + XChat 2.0.x SOCKS5 Vulnerability + + XChat is vulnerable to a stack overflow that may allow a remote attacker to + run arbitrary code. + + xchat + April 19, 2004 + May 22, 2006: 02 + 46856 + remote + + + 2.0.8-r1 + 2.0.8-r1 + + + +

+ XChat is a multiplatform IRC client. +

+ + +

+ The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. + Users would have to be using XChat through a SOCKS 5 server, enable + SOCKS 5 traversal which is disabled by default and also connect to an + attacker's custom proxy server. +

+ + +

+ This vulnerability may allow an attacker to run arbitrary code within + the context of the user ID of the XChat client. +

+ + +

+ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ All XChat users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-irc/xchat-2.0.8-r1" + # emerge ">=net-irc/xchat-2.0.8-r1" +

+ Note that users of the gtk1 version of xchat (1.8.*) should upgrade to + xchat-1.8.11-r1: +

+ + # emerge sync + + # emerge -pv "=net-irc/xchat-1.8.11-r1" + # emerge "=net-irc/xchat-1.8.11-r1" + + + XChat 2.0.x SOCKS5 Vulnerability + CVE-2004-0409 + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-16.xml new file mode 100644 index 0000000000..39357bad56 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-16.xml @@ -0,0 +1,63 @@ + + + + + Multiple new security vulnerabilities in monit + + Two new vulnerabilities have been found in the HTTP interface of monit, + possibly leading to denial of service or execution of arbitrary code. + + monit + April 19, 2004 + April 19, 2004: 01 + 47631 + remote + + + 4.2.1 + 4.2 + + + +

+ Monit is a system administration utility that allows management and + monitoring of processes, files, directories and devices on a Unix system. +

+ + +

+ Monit has several vulnerabilities in its HTTP interface : a buffer overflow + vulnerability in the authentication handling code and a off-by-one error in + the POST method handling code. +

+ + +

+ An attacker may exploit the off-by-one error to crash the Monit daemon and + create a denial of service condition, or cause a buffer overflow that would + allow arbitrary code to be executed with root privileges. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Monit users should upgrade to version 4.2.1 or later: +

+ + # emerge sync + + # emerge -pv ">=app-admin/monit-4.2.1" + # emerge ">=app-admin/monit-4.2.1" + + + Monit security advisory 20040305 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-17.xml new file mode 100644 index 0000000000..e1c3be44ee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-17.xml @@ -0,0 +1,85 @@ + + + + + ipsec-tools and iputils contain a remote DoS vulnerability + + racoon, which is included in the ipsec-tools and iputils packages in + Portage, does not check the length of ISAKMP headers. Attackers may be able + to craft an ISAKMP header of sufficient length to consume all available + system resoources, causing a Denial of Service. + + ipsec-utils + April 24, 2004 + April 24, 2004: 01 + 48847 + remote + + + 0.3.1 + 0.3.1 + + + 021109-r3 + 021109-r1 + + + +

+ From http://ipsec-tools.sourceforge.n + et/ +

+

+ "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec + implementation." +

+

+ iputils is a collection of network monitoring tools, including racoon, ping + and ping6. +

+ + +

+ When racoon receives an ISAKMP header, it allocates memory based on the + length of the header field. Thus, an attacker may be able to cause a Denial + of Services by creating a header that is large enough to consume all + available system resources. +

+ + +

+ This vulnerability may allow an attacker to remotely cause a Denial of + Service. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ ipsec-tools users should upgrade to version 0.2.5 or later: +

+ + # emerge sync + + # emerge -pv ">=net-firewall/ipsec-tools-0.3.1" + # emerge ">=net-firewall/ipsec-tools-0.3.1" +

+ iputils users should upgrade to version 021109-r3 or later: +

+ + # emerge sync + + # emerge -pv ">=net-misc/iputils-021109-r3" + # emerge ">=net-misc/iputils-021109-r3" + + + CVE + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-18.xml new file mode 100644 index 0000000000..7a5a4cb722 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-18.xml @@ -0,0 +1,69 @@ + + + + + Multiple Vulnerabilities in ssmtp + + There are multiple format string vulnerabilities in the SSMTP package, + which may allow an attacker to run arbitrary code with ssmtp's privileges + (potentially root). + + ssmtp + April 26, 2004 + April 26, 2004: 01 + 47918 + 48435 + remote root + + + 2.60.7 + 2.60.4-r2 + + + +

+ SSMTP is a very simple mail transfer agent (MTA) that relays mail from the + local machine to another SMTP host. It is not designed to function as a + full mail server; its sole purpose is to relay mail. +

+ + +

+ There are two format string vulnerabilities inside the log_event() and + die() functions of ssmtp. Strings from outside ssmtp are passed to various + printf()-like functions from within log_event() and die() as format + strings. An attacker could cause a specially-crafted string to be passed to + these functions, and potentially cause ssmtp to execute arbitrary code. +

+ + +

+ If ssmtp connects to a malicious mail relay server, this vulnerability can + be used to execute code with the rights of the mail sender, including root. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of ssmtp. +

+ + +

+ All users are advised to upgrade to the latest available version of ssmtp. +

+ + # emerge sync + + # emerge -pv ">=mail-mta/ssmtp-2.60.7" + # emerge ">=mail-mta/ssmtp-2.60.7" + + + Secunia Advisory + CVE Reference + Debian Advisory + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-19.xml new file mode 100644 index 0000000000..daa59159ab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-19.xml @@ -0,0 +1,65 @@ + + + + + Buffer overflows and format string vulnerabilities in LCDproc + + Multiple remote vulnerabilities have been found in the LCDd server, + allowing execution of arbitrary code with the rights of the LCDd user. + + lcdproc + April 27, 2004 + April 27, 2004: 01 + 47340 + remote + + + 0.4.5 + 0.4.4-r1 + + + +

+ LCDproc is a program that displays various bits of real-time system + information on an LCD. It makes use of a local server (LCDd) to collect + information to display on the LCD. +

+ + +

+ Due to insufficient checking of client-supplied data, the LCDd server is + susceptible to two buffer overflows and one string buffer vulnerability. If + the server is configured to listen on all network interfaces (see the Bind + parameter in LCDproc configuration), these vulnerabilities can be triggered + remotely. +

+ + +

+ These vulnerabilities allow an attacker to execute code with the rights of + the user running the LCDproc server. By default, this is the "nobody" user. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ LCDproc users should upgrade to version 0.4.5 or later: +

+ + # emerge sync + + # emerge -pv ">=app-misc/lcdproc-0.4.5" + # emerge ">=app-misc/lcdproc-0.4.5" + + + LCDproc advisory + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-20.xml new file mode 100644 index 0000000000..4a17cf16ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-20.xml @@ -0,0 +1,87 @@ + + + + + Multiple vulnerabilities in xine + + Several vulnerabilities have been found in xine-ui and xine-lib, + potentially allowing an attacker to overwrite files with the rights of the + user. + + xine + April 27, 2004 + May 22, 2006: 02 + 45448 + 48107 + 48108 + remote + + + 0.9.23-r2 + 0.9.23-r1 + + + 1_rc3-r3 + 1_rc3-r2 + + + +

+ xine is a multimedia player allowing to play back CDs, DVDs, and VCDs + and decoding multimedia files like AVI, MOV, WMV, and MP3 from local + disk drives, and displays multimedia streamed over the Internet. It is + available in Gentoo as a reusable library (xine-lib) with a standard + user interface (xine-ui). +

+ + +

+ Several vulnerabilities were found in xine-ui and xine-lib. By opening + a malicious MRL in any xine-lib based media player, an attacker can + write arbitrary content to an arbitrary file, only restricted by the + permissions of the user running the application. By opening a malicious + playlist in the xine-ui media player, an attacker can write arbitrary + content to an arbitrary file, only restricted by the permissions of the + user running xine-ui. Finally, a temporary file is created in an + insecure manner by the xine-check and xine-bugreport scripts, + potentially allowing a local attacker to use a symlink attack. +

+ + +

+ These three vulnerabilities may alow an attacker to corrupt system + files, thus potentially leading to a Denial of Service. It is also + theoretically possible, though very unlikely, to use these + vulnerabilities to elevate the privileges of the attacker. +

+ + +

+ There is no known workaround at this time. All users are advised to + upgrade to the latest available versions of xine-ui and xine-lib. +

+ + +

+ All users of xine-ui or another xine-based player should upgrade to the + latest stable versions: +

+ + # emerge sync + + # emerge -pv ">=media-video/xine-ui-0.9.23-r2" + # emerge ">=media-video/xine-ui-0.9.23-r2" + + # emerge -pv ">=media-libs/xine-lib-1_rc3-r3" + # emerge ">=media-libs/xine-lib-1_rc3-r3" + + + Xine Security Advisories + xine-bugreport and xine-check vulnerability + CVE-2004-0372 + CVE-2004-1951 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-21.xml new file mode 100644 index 0000000000..17dd885a3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-21.xml @@ -0,0 +1,97 @@ + + + + + Multiple Vulnerabilities in Samba + + There is a bug in smbfs which may allow local users to gain root via a + setuid file on a mounted Samba share. Also, there is a tmpfile symlink + vulnerability in the smbprint script distributed with Samba. + + samba + April 29, 2004 + April 29, 2004: 01 + 41800 + 45965 + local + + + 3.0.2a-r2 + 3.0.2a + + + +

+ Samba is a package which allows UNIX systems to act as file servers for + Windows computers. It also allows UNIX systems to mount shares exported by + a Samba/CIFS/Windows server. smbmount is a program in the Samba package + which allows normal users on a UNIX system to mount remote shares. smbprint + is an example script included in the Samba package which can be used to + facilitate network printing. +

+ + +

+ Two vulnerabilities have been discovered in Samba. The first vulnerability + allows a local user who has access to the smbmount command to gain root. An + attacker could place a setuid-root binary on a Samba share/server he or she + controls, and then use the smbmount command to mount the share on the + target UNIX box. The remote Samba server must support UNIX extensions for + this to work. This has been fixed in version 3.0.2a. +

+

+ The second vulnerability is in the smbprint script. By creating a symlink + from /tmp/smbprint.log, an attacker could cause the smbprint script to + write to an arbitrary file on the system. This has been fixed in version + 3.0.2a-r2. +

+ + +

+ Local users with access to the smbmount command may gain root access. Also, + arbitrary files may be overwritten using the smbprint script. +

+ + +

+ To workaround the setuid bug, remove the setuid bits from the + /usr/bin/smbmnt, /usr/bin/smbumount and /usr/bin/mount.cifs binaries. + However, please note that this workaround will prevent ordinary users from + mounting remote SMB and CIFS shares. +

+

+ To work around the smbprint vulnerability, set "debug=no" in the smbprint + configuration. +

+ + +

+ All users should update to the latest version of the Samba package. +

+

+ The following commands will perform the upgrade: +

+ + # emerge sync + + # emerge -pv ">=net-fs/samba-3.0.2a-r2" + # emerge ">=net-fs/samba-3.0.2a-r2" +

+ Those who are using Samba's password database also need to run the + following command: +

+ + # pdbedit --force-initialized-passwords +

+ Those using LDAP for Samba passwords also need to check the sambaPwdLastSet + attribute on each account, and ensure it is not 0. +

+ + + BugTraq Thread: Samba 3.x + kernel 2.6.x local root vulnerability + BugTraq: smbprint Vulnerability + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-01.xml new file mode 100644 index 0000000000..62aaec31a3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-01.xml @@ -0,0 +1,61 @@ + + + + + Multiple format string vulnerabilities in neon 0.24.4 and earlier + + There are multiple format string vulnerabilities in libneon which may allow + a malicious WebDAV server to execute arbitrary code. + + neon + May 09, 2004 + May 09, 2004: 01 + 48448 + remote + + + 0.24.5 + 0.24.4 + + + +

+ neon provides an HTTP and WebDAV client library. +

+ + +

+ There are multiple format string vulnerabilities in libneon which may allow + a malicious WebDAV server to execute arbitrary code under the context of + the process using libneon. +

+ + +

+ An attacker may be able to execute arbitrary code under the context of the + process using libneon. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Neon users should upgrade to version 0.24.5 or later: +

+ + # emerge sync + + # emerge -pv ">=net-misc/neon-0.24.5" + # emerge ">=net-misc/neon-0.24.5" + + + CVE + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-02.xml new file mode 100644 index 0000000000..b53e858bfc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-02.xml @@ -0,0 +1,70 @@ + + + + + Multiple vulnerabilities in LHa + + Two stack-based buffer overflows and two directory traversal problems have + been found in LHa. These vulnerabilities can be used to execute arbitrary + code or as a denial of service attack. + + lha + May 09, 2004 + October 20, 2006: 02 + 49961 + remote + + + 114i-r2 + 114i-r1 + + + +

+ LHa is a console-based program for packing and unpacking LHarc archives. +

+ + +

+ Ulf Harnhammar found two stack overflows and two directory traversal + vulnerabilities in LHa version 1.14 and 1.17. A stack overflow occurs when + testing or extracting archives containing long file or directory names. + Furthermore, LHa doesn't contain sufficient protection against relative or + absolute archive paths. +

+ + +

+ The stack overflows can be exploited to execute arbitrary code with the + rights of the user testing or extracting the archive. The directory + traversal vulnerabilities can be used to overwrite files in the filesystem + with the rights of the user extracting the archive, potentially leading to + denial of service or privilege escalation. Since LHa is often interfaced to + other software like an email virus scanner, this attack can be used + remotely. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of LHa. +

+ + +

+ All users of LHa should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-arch/lha-114i-r2" + # emerge ">=app-arch/lha-114i-r2" + + + CAN-2004-0234 + CAN-2004-0235 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-03.xml new file mode 100644 index 0000000000..e73eed4332 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-03.xml @@ -0,0 +1,76 @@ + + + + + ClamAV VirusEvent parameter vulnerability + + With a specific configuration (using %f in the VirusEvent parameter), Clam + AntiVirus is vulnerable to an attack allowing execution of arbitrary + commands. + + ClamAV + May 11, 2004 + May 22, 2006: 02 + 46264 + remote + + + 0.70 + 0.70 + + + +

+ From http://www.clamav.net/ : +

+

+ "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose + of this software is the integration with mail servers (attachment + scanning). The package provides a flexible and scalable multi-threaded + daemon, a command line scanner, and a tool for automatic updating via + Internet. The programs are based on a shared library distributed with + the Clam AntiVirus package, which you can use with your own software. + Most importantly, the virus database is kept up to date." +

+ + +

+ The VirusEvent parameter in the clamav.conf configuration file allows + to specify a system command to run whenever a virus is found. This + system command can make use of the "%f" parameter which is replaced by + the name of the file infected. The name of the file scanned is under + control of the attacker and is not sufficiently checked. Version 0.70 + of clamav disables the use of the "%f" parameter. +

+ + +

+ Sending a virus with a malicious file name can result in execution of + arbirary system commands with the rights of the antivirus process. + Since clamav is often associated to mail servers for email scanning, + this attack can be used remotely. +

+ + +

+ You should not use the "%f" parameter in your VirusEvent configuration. +

+ + +

+ All users of Clam AntiVirus should upgrade to the latest stable + version: +

+ + # emerge sync + + # emerge -pv ">=app-antivirus/clamav-0.70" + # emerge ">=app-antivirus/clamav-0.70" + + + CVE-2004-1876 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-04.xml new file mode 100644 index 0000000000..1b69db3902 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-04.xml @@ -0,0 +1,121 @@ + + + + + OpenOffice.org vulnerability when using DAV servers + + Several format string vulnerabilities are present in the Neon library + included in OpenOffice.org, allowing remote execution of arbitrary code + when connected to an untrusted WebDAV server. + + openoffice + May 11, 2004 + October 27, 2004: 02 + 47926 + remote + + + 1.1.1-r1 + 1.1.1 + + + 1.0.3-r2 + 1.0.3-r1 + + + 1.1.0-r4 + 1.1.0-r3 + + + 1.1.51-r1 + 1.1.51 + + + 1.1.2 + 1.1.2 + + + 1.1.52 + + + +

+ OpenOffice.org is an office productivity suite, including word processing, + spreadsheets, presentations, drawings, data charting, formula editing, and + file conversion facilities. +

+ + +

+ OpenOffice.org includes code from the Neon library in functions related to + publication on WebDAV servers. This library is vulnerable to several format + string attacks. +

+ + +

+ If you use the WebDAV publication and connect to a malicious WebDAV server, + this server can exploit these vulnerabilities to execute arbitrary code + with the rights of the user running OpenOffice.org. +

+ + +

+ As a workaround, you should not use the WebDAV publication facilities. +

+ + +

+ There is no Ximian OpenOffice.org binary version including the fix yet. All + users of the openoffice-ximian-bin package making use of the WebDAV + openoffice-ximian source-based package. +

+

+ openoffice users on the x86 architecture should: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-1.1.1-r1" + # emerge ">=app-office/openoffice-1.1.1-r1" +

+ openoffice users on the sparc architecture should: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-1.1.0-r3" + # emerge ">=app-office/openoffice-1.1.0-r3" +

+ openoffice users on the ppc architecture should: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-1.0.3-r1" + # emerge ">=app-office/openoffice-1.0.3-r1" +

+ openoffice-ximian users should: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1" + # emerge ">=app-office/openoffice-ximian-1.1.51-r1" +

+ openoffice-bin users should: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-bin-1.1.2" + # emerge ">=app-office/openoffice-bin-1.1.2" + + + CAN-2004-0179 + Neon vulnerabilities (GLSA 200405-01) + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-05.xml new file mode 100644 index 0000000000..7387064595 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-05.xml @@ -0,0 +1,61 @@ + + + + + Utempter symlink vulnerability + + Utempter contains a vulnerability that may allow local users to overwrite + arbitrary files via a symlink attack. + + utempter + May 13, 2004 + May 13, 2004: 01 + 49536 + local + + + 0.5.5.4 + 0.5.5.4 + + + +

+ Utempter is an application that allows non-privileged apps to write utmp + (login) info, which otherwise needs root access. +

+ + +

+ Utempter contains a vulnerability that may allow local users to overwrite + arbitrary files via a symlink attack. +

+ + +

+ This vulnerability may allow arbitrary files to be overwritten with root + privileges. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of utempter. +

+ + +

+ All users of utempter should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=sys-apps/utempter-0.5.5.4" + # emerge ">=sys-apps/utempter-0.5.5.4" + + + CAN-2004-0233 + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-06.xml new file mode 100644 index 0000000000..f799484eef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-06.xml @@ -0,0 +1,71 @@ + + + + + libpng denial of service vulnerability + + A bug in the libpng library can be abused to crash programs making use of + that library to decode PNG images. + + libpng + May 14, 2004 + May 14, 2004: 01 + 49887 + remote + + + 1.2.5-r5 + 1.2.5-r4 + + + +

+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. +

+ + +

+ libpng provides two functions (png_chunk_error and png_chunk_warning) for + default error and warning messages handling. These functions do not perform + proper bounds checking on the provided message, which is limited to 64 + bytes. Programs linked against this library may crash when handling a + malicious PNG image. +

+ + +

+ This vulnerability could be used to crash various programs using the libpng + library, potentially resulting in a denial of service attack on vulnerable + daemon processes. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of libpng. +

+ + +

+ All users of libpng should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/libpng-1.2.5-r5" + # emerge ">=media-libs/libpng-1.2.5-r5" +

+ You should also run revdep-rebuild to rebuild any packages that depend on + older versions of libpng : +

+ + # revdep-rebuild + + + CAN-2004-0421 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-07.xml new file mode 100644 index 0000000000..4a68cfcb03 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-07.xml @@ -0,0 +1,64 @@ + + + + + Exim verify=header_syntax buffer overflow + + When the verify=header_syntax option is set, there is a buffer overflow in + Exim that allows remote execution of arbitrary code. + + Exim + May 14, 2004 + May 14, 2004: 01 + 50217 + remote + + + 4.33-r1 + 4.33 + + + +

+ Exim is an highly configurable message transfer agent (MTA) developed at + the University of Cambridge. +

+ + +

+ When the option "verify = header_syntax" is used in an ACL in the + configuration file, Exim is vulnerable to a buffer overflow attack that can + be triggered remotely by sending malicious headers in an email message. + Note that this option is not enabled in Exim's default configuration file. +

+ + +

+ This vulnerability can be exploited to trigger a denial of service attack + and potentially execute arbitrary code with the rights of the user used by + the Exim daemon (by default this is the "mail" user in Gentoo Linux). +

+ + +

+ Make sure the verify=header_syntax option is not used in your exim.conf + file. +

+ + +

+ All users of Exim should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=mail-mta/exim-4.33-r1" + # emerge ">=mail-mta/exim-4.33-r1" + + + CAN-2004-0400 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-08.xml new file mode 100644 index 0000000000..ac2446576f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-08.xml @@ -0,0 +1,64 @@ + + + + + Pound format string vulnerability + + There is a format string flaw in Pound, allowing remote execution of + arbitrary code with the rights of the Pound process. + + pound + May 18, 2004 + May 22, 2006: 02 + 50421 + remote + + + 1.6 + 1.5 + + + +

+ Pound is a reverse proxy, load balancer and HTTPS front-end. It allows + to distribute the load on several web servers and offers a SSL wrapper + for web servers that do not support SSL directly. +

+ + +

+ A format string flaw in the processing of syslog messages was + discovered and corrected in Pound. +

+ + +

+ This flaw may allow remote execution of arbitrary code with the rights + of the Pound daemon process. By default, Gentoo uses the "nobody" user + to run the Pound daemon. +

+ + +

+ There is no known workaround at this time. All users are advised to + upgrade to the latest available version of Pound. +

+ + +

+ All users of Pound should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=www-servers/pound-1.6" + # emerge ">=www-servers/pound-1.6" + + + Pound announcement + CVE-2004-2026 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-09.xml new file mode 100644 index 0000000000..b8c78b25c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-09.xml @@ -0,0 +1,64 @@ + + + + + ProFTPD Access Control List bypass vulnerability + + Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based + Access Control Lists (ACLs) to be treated as "AllowAll", thereby + allowing remote users full access to files available to the FTP daemon. + + proftpd + May 19, 2004 + May 19, 2004: 01 + 49496 + remote + + + 1.2.9-r2 + 1.2.9-r1 + 1.2.9 + + + +

+ ProFTPD is an FTP daemon. +

+ + +

+ ProFTPD 1.2.9 introduced a vulnerability that allows CIDR-based ACLs (such + as 10.0.0.1/24) to be bypassed. The CIDR ACLs are disregarded, with the net + effect being similar to an "AllowAll" directive. +

+ + +

+ This vulnerability may allow unauthorized files, including critical system + files to be downloaded and/or modified, thereby allowing a potential remote + compromise of the server. +

+ + +

+ Users may work around the problem by avoiding use of CIDR-based ACLs. +

+ + +

+ ProFTPD users are encouraged to upgrade to the latest version of the + package: +

+ + # emerge sync + + # emerge -pv ">=net-ftp/proftpd-1.2.9-r2" + # emerge ">=net-ftp/proftpd-1.2.9-r2" + + + CAN-2004-0432 + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-10.xml new file mode 100644 index 0000000000..d0a4bc6c90 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-10.xml @@ -0,0 +1,64 @@ + + + + + Icecast denial of service vulnerability + + Icecast is vulnerable to a denial of service attack allowing remote users + to crash the application. + + icecast + May 19, 2004 + May 22, 2006: 02 + 50935 + remote + + + 2.0.1 + 2.0.0 + + + +

+ Icecast is a program that streams audio data to listeners over the + Internet. +

+ + +

+ There is an out-of-bounds read error in the web interface of Icecast + when handling Basic Authorization requests. This vulnerability can + theorically be exploited by sending a specially crafted Authorization + header to the server. +

+ + +

+ By exploiting this vulnerability, it is possible to crash the Icecast + server remotely, resulting in a denial of service attack. +

+ + +

+ There is no known workaround at this time. All users are advised to + upgrade to the latest available version of Icecast. +

+ + +

+ All users of Icecast should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/icecast-2.0.1" + # emerge ">=net-misc/icecast-2.0.1" + + + Icecast 2.0.1 announcement + CVE-2004-2027 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-11.xml new file mode 100644 index 0000000000..271476dfd3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-11.xml @@ -0,0 +1,76 @@ + + + + + KDE URI Handler Vulnerabilities + + Vulnerabilities in KDE URI handlers makes your system vulnerable to various + attacks. + + kdelibs + May 19, 2004 + May 19, 2004: 01 + 51276 + remote + + + 3.2.2-r1 + 3.1.5-r1 + 3.2.2 + + + +

+ The K Desktop Environment (KDE) is a powerful Free Software graphical + desktop environment. KDE makes use of URI handlers to trigger various + programs when specific URLs are received. +

+ + +

+ The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' + at the beginning of the hostname passed. By crafting a malicious URI and + entice an user to click on it, it is possible to pass an option to the + programs started by the handlers (typically telnet, kmail...). +

+ + +

+ If the attacker controls the options passed to the URI handling programs, + it becomes possible for example to overwrite arbitrary files (possibly + leading to denial of service), to open kmail on an attacker-controlled + remote display or with an alternate configuration file (possibly leading to + control of the user account). +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to a corrected version of kdelibs. +

+ + +

+ Users of KDE 3.1 should upgrade to the corrected version of kdelibs: +

+ + # emerge sync + + # emerge -pv "=kde-base/kdelibs-3.1.5-r1" + # emerge "=kde-base/kdelibs-3.1.5-r1" +

+ Users of KDE 3.2 should upgrade to the latest available version of kdelibs: +

+ + # emerge sync + + # emerge -pv ">=kde-base/kdelibs-3.2.2-r1" + # emerge ">=kde-base/kdelibs-3.2.2-r1" + + + CAN-2004-0411 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-12.xml new file mode 100644 index 0000000000..1ed75d9724 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-12.xml @@ -0,0 +1,66 @@ + + + + + CVS heap overflow vulnerability + + CVS is subject to a heap overflow vulnerability allowing source repository + compromise. + + cvs + May 20, 2004 + May 20, 2004: 01 + 51460 + remote + + + 1.11.16 + 1.11.15 + + + +

+ CVS (Concurrent Versions System) is an open-source network-transparent + version control system. It contains both a client utility and a server. +

+ + +

+ Stefan Esser discovered a heap overflow in the CVS server, which can be + triggered by sending malicious "Entry" lines and manipulating the flags + related to that Entry. This vulnerability was proven to be exploitable. +

+ + +

+ A remote attacker can execute arbitrary code on the CVS server, with the + rights of the CVS server. By default, Gentoo uses the "cvs" user to run the + CVS server. In particular, this flaw allows a complete compromise of CVS + source repositories. If you're not running a server, then you are not + vulnerable. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of CVS. +

+ + +

+ All users running a CVS server should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=dev-util/cvs-1.11.16" + # emerge ">=dev-util/cvs-1.11.16" + + + E-matters advisory 07/2004 + CAN-2004-0396 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-13.xml new file mode 100644 index 0000000000..6638fa0098 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-13.xml @@ -0,0 +1,63 @@ + + + + + neon heap-based buffer overflow + + A vulnerability potentially allowing remote execution of arbitrary code has + been discovered in the neon library. + + neon + May 20, 2004 + May 20, 2004: 01 + 51490 + remote + + + 0.24.6 + 0.24.5 + + + +

+ neon provides an HTTP and WebDAV client library. +

+ + +

+ Stefan Esser discovered a vulnerability in the code of the neon library : + if a malicious date string is passed to the ne_rfc1036_parse() function, it + can trigger a string overflow into static heap variables. +

+ + +

+ Depending on the application linked against libneon and when connected to a + malicious WebDAV server, this vulnerability could allow execution of + arbitrary code with the rights of the user running that application. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of neon. +

+ + +

+ All users of neon should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/neon-0.24.6" + # emerge ">=net-misc/neon-0.24.6" + + + E-matters advisory 06/2004 + CAN-2004-0398 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-14.xml new file mode 100644 index 0000000000..f380b67b13 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-14.xml @@ -0,0 +1,74 @@ + + + + + Buffer overflow in Subversion + + There is a vulnerability in the Subversion date parsing code which may lead + to denial of service attacks, or execution of arbitrary code. Both the + client and server are vulnerable. + + subversion + May 20, 2004 + May 22, 2006: 02 + 51462 + remote + + + 1.0.3 + 1.0.2 + + + +

+ Subversion is a version control system intended to eventually replace + CVS. Like CVS, it has an optional client-server architecture (where the + server can be an Apache server running mod_svn, or an ssh program as in + CVS's :ext: method). In addition to supporting the features found in + CVS, Subversion also provides support for moving and copying files and + directories. +

+ + +

+ All releases of Subversion prior to 1.0.3 have a vulnerability in the + date-parsing code. This vulnerability may allow denial of service or + arbitrary code execution as the Subversion user. Both the client and + server are vulnerable, and write access is NOT required to the server's + repository. +

+ + +

+ All servers and clients are vulnerable. Specifically, clients that + allow other users to write to administrative files in a working copy + may be exploited. Additionally all servers (whether they are httpd/DAV + or svnserve) are vulnerable. Write access to the server is not + required; public read-only Subversion servers are also exploitable. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All Subversion users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=dev-util/subversion-1.0.3" + # emerge ">=dev-util/subversion-1.0.3" + + + Subversion Announcement + E-Matters Advisory + CVE-2004-0397 + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-15.xml new file mode 100644 index 0000000000..daa6601c88 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-15.xml @@ -0,0 +1,63 @@ + + + + + cadaver heap-based buffer overflow + + There is a heap-based buffer overflow vulnerability in the neon library + used in cadaver, possibly leading to execution of arbitrary code when + connected to a malicious server. + + cadaver + May 20, 2004 + May 20, 2004: 01 + 51461 + remote + + + 0.22.2 + 0.22.1 + + + +

+ cadaver is a command-line WebDAV client. +

+ + +

+ Stefan Esser discovered a vulnerability in the code of the neon library + (see GLSA 200405-13). This library is also included in cadaver. +

+ + +

+ When connected to a malicious WebDAV server, this vulnerability could allow + remote execution of arbitrary code with the rights of the user running + cadaver. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of cadaver. +

+ + +

+ All users of cadaver should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/cadaver-0.22.2" + # emerge ">=net-misc/cadaver-0.22.2" + + + CAN-2004-0398 + GLSA 200405-13 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-16.xml new file mode 100644 index 0000000000..47b21e7e5b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-16.xml @@ -0,0 +1,70 @@ + + + + + Multiple XSS Vulnerabilities in SquirrelMail + + SquirrelMail is subject to several XSS and one SQL injection vulnerability. + + SquirrelMail + May 25, 2004 + May 27, 2006: 04 + 49675 + remote + + + 1.4.3_rc1 + 1.4.3_rc1 + + + +

+ SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP, and can optionally be installed with SQL support. +

+ + +

+ Several unspecified cross-site scripting (XSS) vulnerabilities and a + well hidden SQL injection vulnerability were found. An XSS attack + allows an attacker to insert malicious code into a web-based + application. SquirrelMail does not check for code when parsing + variables received via the URL query string. +

+ + +

+ One of the XSS vulnerabilities could be exploited by an attacker to + steal cookie-based authentication credentials from the user's browser. + The SQL injection issue could potentially be used by an attacker to run + arbitrary SQL commands inside the SquirrelMail database with privileges + of the SquirrelMail database user. +

+ + +

+ There is no known workaround at this time. All users are advised to + upgrade to version 1.4.3_rc1 or higher of SquirrelMail. +

+ + +

+ All SquirrelMail users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=mail-client/squirrelmail-1.4.3_rc1" + # emerge ">=mail-client/squirrelmail-1.4.3_rc1" + + + SquirrelMail 1.4.3_rc1 release annoucement + Bugtraq security annoucement + CERT description of XSS + CVE-2004-0519 + CVE-2004-0521 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-17.xml new file mode 100644 index 0000000000..a1aa9b6017 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-17.xml @@ -0,0 +1,61 @@ + + + + + Multiple vulnerabilities in metamail + + Several format string bugs and buffer overflows were discovered in + metamail, potentially allowing execution of arbitrary code remotely. + + metamail + May 21, 2004 + May 21, 2004: 01 + 42133 + remote + + + 2.7.45.3 + 2.7.45.3 + + + +

+ Metamail is a program that decodes MIME encoded mail. It is therefore often + automatically called when an email is received or read. +

+ + +

+ Ulf Harnhammar found two format string bugs and two buffer overflow bugs in + Metamail. +

+ + +

+ A remote attacker could send a malicious email message and execute + arbitrary code with the rights of the process calling the Metamail program. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users of Metamail should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-mail/metamail-2.7.45.3" + # emerge ">=net-mail/metamail-2.7.45.3" + + + CAN-2004-0104 + CAN-2004-0105 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-18.xml new file mode 100644 index 0000000000..ba653d46d0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-18.xml @@ -0,0 +1,66 @@ + + + + + Buffer Overflow in Firebird + + A buffer overflow via environmental variables in Firebird may allow a local + user to manipulate or destroy local databases and trojan the Firebird + binaries. + + firebird + May 23, 2004 + May 22, 2006: 02 + 20837 + local + + + 1.5 + 1.5 + + + +

+ Firebird is an open source relational database that runs on Linux, + Windows, and various UNIX systems. +

+ + +

+ A buffer overflow exists in three Firebird binaries (gds_inet_server, + gds_lock_mgr, and gds_drop) that is exploitable by setting a large + value to the INTERBASE environment variable. +

+ + +

+ An attacker could control program execution, allowing privilege + escalation to the UID of Firebird, full access to Firebird databases, + and trojaning the Firebird binaries. An attacker could use this to + compromise other user or root accounts. +

+ + +

+ There is no known workaround. +

+ + +

+ All users should upgrade to the latest version of Firebird: +

+ + # emerge sync + + # emerge -pv ">=dev-db/firebird-1.5" + # emerge ">=dev-db/firebird-1.5" + + + Bugtraq Security Announcement + Sourceforge BugTracker Announcement + CVE-2003-0281 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-19.xml new file mode 100644 index 0000000000..80a11fe120 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-19.xml @@ -0,0 +1,75 @@ + + + + + Opera telnet URI handler file creation/truncation vulnerability + + A vulnerability exists in Opera's telnet URI handler that may allow a + remote attacker to overwrite arbitrary files. + + opera + May 25, 2004 + December 30, 2007: 03 + 50857 + remote + + + 7.50_beta1 + 7.50_beta1 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ The telnet URI handler in Opera does not check for leading '-' + characters in the host name. Consequently, a maliciously-crafted + telnet:// link may be able to pass options to the telnet program + itself. One example would be the following: +

+

+ telnet://-nMyFile +

+

+ If MyFile exists in the user's home directory and the user clicking on + the link has write permissions to it, the contents of the file will be + overwritten with the output of the telnet trace information. If MyFile + does not exist, the file will be created in the user's home directory. +

+ + +

+ This exploit has two possible impacts. First, it may create new files + in the user's home directory. Second, and far more serious, it may + overwrite existing files that the user has write permissions to. An + attacker with some knowledge of a user's home directory might be able + to destroy important files stored within. +

+ + +

+ Disable the telnet URI handler from within Opera. +

+ + +

+ All Opera users are encouraged to upgrade to the latest version of the + program: +

+ + # emerge sync + + # emerge -pv ">=www-client/opera-7.50_beta1" + # emerge ">=www-client/opera-7.50_beta1" + + + iDEFENSE Security Advisory 05.12.04 + CVE-2004-0473 + + + klieber + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-20.xml new file mode 100644 index 0000000000..87fa404fe5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-20.xml @@ -0,0 +1,68 @@ + + + + + Insecure Temporary File Creation In MySQL + + Two MySQL utilities create temporary files with hardcoded paths, allowing + an attacker to use a symlink to trick MySQL into overwriting important + data. + + MySQL + May 25, 2004 + May 25, 2004: 01 + 46242 + local + + + 4.0.18-r2 + 4.0.18-r2 + + + +

+ MySQL is a popular open-source multi-threaded, multi-user SQL database + server. +

+ + +

+ The MySQL bug reporting utility (mysqlbug) creates a temporary file to log + bug reports to. A malicious local user with write access to the /tmp + directory could create a symbolic link of the name mysqlbug-N + pointing to a protected file, such as /etc/passwd, such that when mysqlbug + creates the Nth log file, it would end up overwriting the target + file. A similar vulnerability exists with the mysql_multi utility, which + creates a temporary file called mysql_multi.log. +

+ + +

+ Since mysql_multi runs as root, a local attacker could use this to destroy + any other users' data or corrupt and destroy system files. +

+ + +

+ One could modify both scripts to log to a directory that users do not have + write permission to, such as /var/log/mysql/. +

+ + +

+ All users should upgrade to the latest stable version of MySQL. +

+ + # emerge sync + + # emerge -pv ">=dev-db/mysql-4.0.18-r2" + # emerge ">=dev-db/mysql-4.0.18-r2" + + + CAN-2004-0381 + CAN-2004-0388 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-21.xml new file mode 100644 index 0000000000..9dce8e0e96 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-21.xml @@ -0,0 +1,67 @@ + + + + + Midnight Commander: Multiple vulnerabilities + + Multiple security issues have been discovered in Midnight Commander + including several buffer overflows and string format vulnerabilities. + + MC + May 26, 2004 + May 26, 2004: 01 + 49990 + local + + + 4.6.0-r7 + 4.6.0-r6 + + + +

+ Midnight Commander is a visual console file manager. +

+ + +

+ Numerous security issues have been discovered in Midnight Commander, + including several buffer overflow vulnerabilities, multiple vulnerabilities + in the handling of temporary file and directory creation, and multiple + format string vulnerabilities. +

+ + +

+ The buffer overflows and format string vulnerabilities may allow attackers + to cause a denial of service or execute arbitrary code with permissions of + the user running MC. The insecure creation of temporary files and + directories could lead to a privilege escalation, including root + privileges, for a local attacker. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to version 4.6.0-r7 or higher of Midnight Commander. +

+ + +

+ All Midnight Commander users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-misc/mc-4.6.0-r7 + # emerge ">=app-misc/mc-4.6.0-r7" + + + CAN-2004-0226 + CAN-2004-0231 + CAN-2004-0232 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-22.xml new file mode 100644 index 0000000000..9d7c41c63d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-22.xml @@ -0,0 +1,83 @@ + + + + + Apache 1.3: Multiple vulnerabilities + + Several security vulnerabilities have been fixed in the latest release of + Apache 1.3. + + Apache + May 26, 2004 + December 30, 2007: 02 + 51815 + remote + + + 1.3.31 + 1.3.31 + + + +

+ The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +

+ + +

+ On 64-bit big-endian platforms, mod_access does not properly parse + Allow/Deny rules using IP addresses without a netmask which could result in + failure to match certain IP addresses. +

+

+ Terminal escape sequences are not filtered from error logs. This could be + used by an attacker to insert escape sequences into a terminal emulater + vulnerable to escape sequences. +

+

+ mod_digest does not properly verify the nonce of a client response by using + a AuthNonce secret. This could permit an attacker to replay the response of + another website. This does not affect mod_auth_digest. +

+

+ On certain platforms there is a starvation issue where listening sockets + fails to handle short-lived connection on a rarely-accessed listening + socket. This causes the child to hold the accept mutex and block out new + connections until another connection arrives on the same rarely-accessed + listening socket thus leading to a denial of service. +

+ + +

+ These vulnerabilities could lead to attackers bypassing intended access + restrictions, denial of service, and possibly execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users should upgrade to the latest stable version of Apache 1.3. +

+ + # emerge sync + + # emerge -pv ">=www-servers/apache-1.3.31" + # emerge ">=www-servers/apache-1.3.31" + + + CAN-2003-0993 + CAN-2003-0020 + CAN-2003-0987 + CAN-2004-0174 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-23.xml new file mode 100644 index 0000000000..63847d121a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-23.xml @@ -0,0 +1,63 @@ + + + + + Heimdal: Kerberos 4 buffer overflow in kadmin + + A possible buffer overflow in the Kerberos 4 component of Heimdal has been + discovered. + + Heimdal + May 27, 2004 + May 27, 2004: 01 + 50208 + remote + + + 0.6.2 + 0.6.2 + + + +

+ Heimdal is a free implementation of Kerberos. +

+ + +

+ A buffer overflow was discovered in kadmind, a server for administrative + access to the Kerberos database. +

+ + +

+ By sending a specially formatted message to kadmind, a remote attacker may + be able to crash kadmind causing a denial of service, or execute arbitrary + code with the permissions of the kadmind process. +

+ + +

+ For a temporary workaround, providing you do not require Kerberos 4 + support, you may turn off Kerberos 4 kadmin by running kadmind with the + --no-kerberos4 option. +

+ + +

+ All Heimdal users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/heimdal-0.6.2" + # emerge ">=app-crypt/heimdal-0.6.2" + + + Heimdal 0.6.2 Release Notice + CAN-2004-0434 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-24.xml new file mode 100644 index 0000000000..665bdc1ec0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-24.xml @@ -0,0 +1,77 @@ + + + + + MPlayer, xine-lib: vulnerabilities in RTSP stream handling + + Multiple vulnerabilities, including remotely exploitable buffer overflows, + have been found in code common to MPlayer and the xine library. + + mplayer + May 28, 2004 + May 28, 2004: 01 + 49387 + remote + + + 1.0_pre4 + 0.92-r1 + 1.0_pre4 + + + 1_rc4 + 0.9.13-r3 + 1_rc4 + + + +

+ MPlayer is a movie player capable of handling multiple multimedia file + formats. xine-lib is a multimedia player library used by several graphical + user interfaces, including xine-ui. They both use the same code to handle + Real-Time Streaming Protocol (RTSP) streams from RealNetworks servers. +

+ + +

+ Multiple vulnerabilities have been found and fixed in the RTSP handling + code common to recent versions of these two packages. These vulnerabilities + include several remotely exploitable buffer overflows. +

+ + +

+ A remote attacker, posing as a RTSP stream server, can execute arbitrary + code with the rights of the user of the software playing the stream + (MPlayer or any player using xine-lib). Another attacker may entice a user + to use a maliciously crafted URL or playlist to achieve the same results. +

+ + +

+ For MPlayer, there is no known workaround at this time. For xine-lib, you + can delete the xineplug_inp_rtsp.so file. +

+ + +

+ All users should upgrade to non-vulnerable versions of MPlayer and + xine-lib: +

+ + # emerge sync + + # emerge -pv ">=media-video/mplayer-1.0_pre4" + # emerge ">=media-video/mplayer-1.0_pre4" + + # emerge -pv ">=media-libs/xine-lib-1_rc4" + # emerge ">=media-libs/xine-lib-1_rc4" + + + Xine security advisory + CAN-2004-0433 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-25.xml new file mode 100644 index 0000000000..8ab55fbcc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-25.xml @@ -0,0 +1,63 @@ + + + + + tla: Multiple vulnerabilities in included libneon + + tla includes a vulnerable version of the neon library. + + tla + May 30, 2004 + June 02, 2004: 02 + 51586 + remote + + + 1.2-r2 + 1.2-r1 + 1.2.1_pre1 + + + +

+ GNU Arch (tla) is a revision control system suited for widely distributed + development. +

+ + +

+ Multiple format string vulnerabilities and a heap overflow vulnerability + were discovered in the code of the neon library (GLSA 200405-01 and + 200405-13). Current versions of the tla package include their own version + of this library. +

+ + +

+ When connected to a malicious WebDAV server, these vulnerabilities could + allow execution of arbitrary code with the rights of the user running tla. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users of tla should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=dev-util/tla-1.2-r2" + # emerge ">=dev-util/tla-1.2-r2" + + + GLSA 200405-01 + GLSA 200405-13 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-01.xml new file mode 100644 index 0000000000..2d3664224a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-01.xml @@ -0,0 +1,76 @@ + + + + + Ethereal: Multiple security problems + + Multiple vulnerabilities including one buffer overflow exist in Ethereal, + which may allow an attacker to run arbitrary code or crash the program. + + Ethereal + June 04, 2004 + May 22, 2006: 02 + 51022 + remote + + + 0.10.4 + 0.10.3 + + + +

+ Ethereal is a feature rich network protocol analyzer. +

+ + +

+ There are multiple vulnerabilities in versions of Ethereal earlier than + 0.10.4, including: +

+
    +
  • A buffer overflow in the MMSE dissector.
    • +
  • Under specific conditions a SIP packet could make Ethereal + crash.
    • +
  • The AIM dissector could throw an assertion, causing Ethereal to + crash.
    • +
  • The SPNEGO dissector could dereference a null pointer, causing a + crash.
    • +
+ + +

+ An attacker could use these vulnerabilities to crash Ethereal or even + execute arbitrary code with the permissions of the user running + Ethereal, which could be the root user. +

+ + +

+ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. However, it is strongly recommended to upgrade to + the latest stable release. +

+ + +

+ All Ethereal users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-analyzer/ethereal-0.10.4" + # emerge ">=net-analyzer/ethereal-0.10.4" + + + Ethereal enpa-sa-00014 + CVE-2004-0504 + CVE-2004-0505 + CVE-2004-0506 + CVE-2004-0507 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-02.xml new file mode 100644 index 0000000000..163e95b9e5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-02.xml @@ -0,0 +1,61 @@ + + + + + tripwire: Format string vulnerability + + A vulnerability allowing arbitrary code execution under certain + circumstances has been found. + + tripwire + June 04, 2004 + May 22, 2006: 02 + 52945 + local + + + 2.3.1.2-r1 + 2.3.1.2 + + + +

+ tripwire is an open source file integrity checker. +

+ + +

+ The code that generates email reports contains a format string + vulnerability in pipedmailmessage.cpp. +

+ + +

+ With a carefully crafted filename on a local filesystem an attacker + could cause execution of arbitrary code with permissions of the user + running tripwire, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All tripwire users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-admin/tripwire-2.3.1.2-r1" + # emerge ">=app-admin/tripwire-2.3.1.2-r1" + + + Bugtraq Announcement + CVE-2004-0536 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-03.xml new file mode 100644 index 0000000000..126a845f00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-03.xml @@ -0,0 +1,64 @@ + + + + + sitecopy: Multiple vulnerabilities in included libneon + + sitecopy includes a vulnerable version of the neon library. + + sitecopy + June 05, 2004 + August 15, 2004: 04 + 51585 + remote + + + 0.13.4-r2 + 0.13.4-r1 + + + +

+ sitecopy easily maintains remote websites. It makes it simple to keep a + remote site synchronized with the local site with one command. +

+ + +

+ Multiple format string vulnerabilities and a heap overflow vulnerability + were discovered in the code of the neon library (GLSA 200405-01 and + 200405-13). Current versions of the sitecopy package include their own + version of this library. +

+ + +

+ When connected to a malicious WebDAV server, these vulnerabilities could + allow execution of arbitrary code with the rights of the user running + sitecopy. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of sitecopy. +

+ + +

+ All sitecopy users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/sitecopy-0.13.4-r2" + # emerge ">=net-misc/sitecopy-0.13.4-r2" + + + GLSA 200405-01 + GLSA 200405-13 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-04.xml new file mode 100644 index 0000000000..2e181887b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-04.xml @@ -0,0 +1,60 @@ + + + + + Mailman: Member password disclosure vulnerability + + Mailman contains a bug allowing 3rd parties to retrieve member passwords. + + mailman + June 09, 2004 + June 09, 2004: 01 + 51671 + remote + + + 2.1.5 + 2.1.5 + + + +

+ Mailman is a python-based mailing list server with an extensive web + interface. +

+ + +

+ Mailman contains an unspecified vulnerability in the handling of request + emails. +

+ + +

+ By sending a carefully crafted email request to the mailman server an + attacker could obtain member passwords. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users of Mailman should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-mail/mailman-2.1.5" + # emerge ">=net-mail/mailman-2.1.5" + + + Mailman 2.1.5 Release Announcement + CAN-2004-0412 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-05.xml new file mode 100644 index 0000000000..d040d8af8f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-05.xml @@ -0,0 +1,80 @@ + + + + + Apache: Buffer overflow in mod_ssl + + A bug in mod_ssl may allow a remote attacker to execute remote code when + Apache is configured a certain way. + + Apache + June 09, 2004 + December 30, 2007: 03 + 51368 + remote + + + 2.8.18 + 2.8.18 + + + 2.0 + 2.0.49-r3 + 2.0.49-r2 + + + +

+ Apache is the most popular Web server on the Internet. mod_ssl provides + Secure Sockets Layer encryption and authentication to Apache 1.3. Apache 2 + contains the functionality of mod_ssl. +

+ + +

+ A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead to a + remote buffer overflow on a server configured to use FakeBasicAuth that + will trust a client certificate with an issuing CA with a subject DN longer + than 6k. +

+ + +

+ Given the right server configuration, an attacker could cause a Denial of + Service or execute code as the user running Apache, usually + "apache". It is thought to be impossible to exploit this to + execute code on the x86 platform, but the possibility for other platforms + is unknown. This does not preclude a DoS on x86 systems. +

+ + +

+ A server should not be vulnerable if it is not configured to use + FakeBasicAuth and to trust a client CA with a long subject DN. +

+ + +

+ Apache 1.x users should upgrade to the latest version of mod_ssl: +

+ + # emerge sync + + # emerge -pv ">=net-www/mod_ssl-2.8.18" + # emerge ">=net-www/mod_ssl-2.8.18" +

+ Apache 2.x users should upgrade to the latest version of Apache: +

+ + # emerge sync + + # emerge -pv ">=www-servers/apache-2.0.49-r3" + # emerge ">=www-servers/apache-2.0.49-r3" + + + CAN-2004-0488 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-06.xml new file mode 100644 index 0000000000..bb2d802e15 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-06.xml @@ -0,0 +1,72 @@ + + + + + CVS: additional DoS and arbitrary code execution vulnerabilities + + Several serious new vulnerabilities have been found in CVS, which may allow + an attacker to remotely compromise a CVS server. + + CVS + June 10, 2004 + June 10, 2004: 01 + 53408 + remote + + + 1.11.17 + 1.11.16-r1 + + + +

+ CVS (Concurrent Versions System) is an open-source network-transparent + version control system. It contains both a client utility and a server. +

+ + +

+ A team audit of the CVS source code performed by Stefan Esser and Sebastian + Krahmer resulted in the discovery of several remotely exploitable + vulnerabilities including: +

+
    +
  • no-null-termination of "Entry" lines
    • +
  • error_prog_name "double-free()"
    • +
  • Argument integer overflow
    • +
  • serve_notify() out of bounds writes
    • +
+ + +

+ An attacker could use these vulnerabilities to cause a Denial of Service or + execute arbitrary code with the permissions of the user running cvs. +

+ + +

+ There is no known workaround at this time. All users are advised to upgrade + to the latest available version of CVS. +

+ + +

+ All CVS users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=dev-util/cvs-1.11.17" + # emerge ">=dev-util/cvs-1.11.17" + + + E-matters Advisory 09/2004 + CAN-2004-0414 + CAN-2004-0416 + CAN-2004-0417 + CAN-2004-0418 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-07.xml new file mode 100644 index 0000000000..3d1006b1d1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-07.xml @@ -0,0 +1,70 @@ + + + + + Subversion: Remote heap overflow + + Subversion is vulnerable to a remote Denial of Service that may be + exploitable to execute arbitrary code on the server running svnserve. + + dev-util/subversion + June 10, 2004 + June 10, 2004: 01 + remote + + + 1.0.4-r1 + 1.0.4 + + + +

+ Subversion is a revision control system that aims to be a "compelling + replacement for CVS". It enjoys wide use in the open source community. + svnserve allows access to Subversion repositories using URIs with the + svn://, svn+ssh://, and other tunelled svn+*:// protocols. +

+ + +

+ The svn protocol parser trusts the indicated length of a URI string sent by + a client. This allows a client to specify a very long string, thereby + causing svnserve to allocate enough memory to hold that string. This may + cause a Denial of Service. Alternately, given a string that causes an + integer overflow in the variable holding the string length, the server + might allocate less memory than required, allowing a heap overflow. This + heap overflow may then be exploitable, allowing remote code execution. The + attacker does not need read or write access to the Subversion repository + being served, since even un-authenticated users can send svn protocol + requests. +

+ + +

+ Ranges from remote Denial of Service to potential arbitrary code execution + with privileges of the svnserve process. +

+ + +

+ Servers without svnserve running are not vulnerable. Disable svnserve and + use DAV for access instead. +

+ + +

+ All users should upgrade to the latest version of Subversion. +

+ + # emerge sync + + # emerge -pv ">=dev-util/subversion-1.0.4-r1" + # emerge ">=dev-util/subversion-1.0.4-r1" + + + CAN-2004-0413 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-08.xml new file mode 100644 index 0000000000..e723d036bc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-08.xml @@ -0,0 +1,65 @@ + + + + + Squirrelmail: Another XSS vulnerability + + Squirrelmail fails to properly sanitize user input, which could lead to a + compromise of webmail accounts. + + Squirrelmail + June 15, 2004 + May 22, 2006: 02 + 52434 + remote + + + 1.4.3 + 1.4.3_rc1-r1 + + + +

+ SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP, and can optionally be installed with SQL support. +

+ + +

+ A new cross-site scripting (XSS) vulnerability in + Squirrelmail-1.4.3_rc1 has been discovered. In functions/mime.php + Squirrelmail fails to properly sanitize user input. +

+ + +

+ By enticing a user to read a specially crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SquirrelMail users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=mail-client/squirrelmail-1.4.3" + # emerge ">=mail-client/squirrelmail-1.4.3" + + + RS-Labs Advisory + CERT description of XSS + CVE-2004-0520 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-09.xml new file mode 100644 index 0000000000..267a461a2f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-09.xml @@ -0,0 +1,61 @@ + + + + + Horde-Chora: Remote code execution + + A vulnerability in Chora allows remote code execution and file upload. + + www-apps/horde-chora + June 15, 2004 + December 30, 2007: 02 + 53800 + remote + + + 1.2.2 + 1.2.2 + + + +

+ Chora is a PHP-based SVN/CVS repository viewer by the HORDE project. +

+ + +

+ A vulnerability in the diff viewer of Chora allows an attacker to inject + shellcode. An attacker can exploit PHP's file upload functionality to + upload a malicious binary to a vulnerable server, chmod it as executable, + and run the file. +

+ + +

+ An attacker could remotely execute arbitrary binaries with the permissions + of the PHP script, conceivably allowing further exploitation of local + vulnerabilities and remote root access. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users are advised to upgrade to the latest version of Chora: +

+ + # emerge sync + + # emerge -pv ">=www-apps/horde-chora-1.2.2" + # emerge ">=www-apps/horde-chora-1.2.2" + + + e-matters Advisory + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-10.xml new file mode 100644 index 0000000000..3d659ed4ab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-10.xml @@ -0,0 +1,66 @@ + + + + + Gallery: Privilege escalation vulnerability + + There is a vulnerability in the Gallery photo album software which may + allow an attacker to gain administrator privileges within Gallery. + + gallery + June 15, 2004 + May 22, 2006: 02 + 52798 + remote + + + 1.4.3_p2 + 1.4.3_p1 + + + +

+ Gallery is a web application written in PHP which is used to organize + and publish photo albums. It allows multiple users to build and + maintain their own albums. It also supports the mirroring of images on + other servers. +

+ + +

+ There is a vulnerability in the Gallery photo album software which may + allow an attacker to gain administrator privileges within Gallery. A + Gallery administrator has full access to all albums and photos on the + server, thus attackers may add or delete photos at will. +

+ + +

+ Attackers may gain full access to all Gallery albums. There is no risk + to the webserver itself, or the server on which it runs. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All users should upgrade to the latest available version of Gallery. +

+ + # emerge sync + + # emerge -pv ">=www-apps/gallery-1.4.3_p2" + # emerge ">=www-apps/gallery-1.4.3_p2" + + + Gallery Announcement + CVE-2004-0522 + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-11.xml new file mode 100644 index 0000000000..f24263dab9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-11.xml @@ -0,0 +1,62 @@ + + + + + Horde-IMP: Input validation vulnerability + + An input validation vulnerability has been discovered in Horde-IMP. + + horde-imp + June 16, 2004 + May 22, 2006: 02 + 53862 + remote + + + 3.2.4 + 3.2.3 + + + +

+ Horde-IMP is the Internet Messaging Program. It is written in PHP and + provides webmail access to IMAP and POP3 accounts. +

+ + +

+ Horde-IMP fails to properly sanitize email messages that contain + malicious HTML or script code. +

+ + +

+ By enticing a user to read a specially crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Horde-IMP users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=www-apps/horde-imp-3.2.4" + # emerge ">=www-apps/horde-imp-3.2.4" + + + Bugtraq Announcement + CVE-2004-0584 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-12.xml new file mode 100644 index 0000000000..b1c8807a16 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-12.xml @@ -0,0 +1,67 @@ + + + + + Webmin: Multiple vulnerabilities + + Webmin contains two security vulnerabilities which could lead to a Denial + of Service attack and information disclosure. + + webmin + June 16, 2004 + May 22, 2006: 02 + 53375 + remote + + + 1.150 + 1.140-r1 + + + +

+ Webmin is a web-based administration tool for Unix. It supports a wide + range of applications including Apache, DNS, file sharing and others. +

+ + +

+ Webmin contains two security vulnerabilities. One allows any user to + view the configuration of any module and the other could allow an + attacker to lock out a valid user by sending an invalid username and + password. +

+ + +

+ An authenticated user could use these vulnerabilities to view the + configuration of any module thus potentially obtaining important + knowledge about configuration settings. Furthermore an attacker could + lock out legitimate users by sending invalid login information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Webmin users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-admin/app-admin/webmin-1.150" + # emerge ">=app-admin/app-admin/webmin-1.150" + + + Bugtraq Announcement + Webmin Changelog + CVE-2004-0582 + CVE-2004-0583 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-13.xml new file mode 100644 index 0000000000..059710486b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-13.xml @@ -0,0 +1,64 @@ + + + + + Squid: NTLM authentication helper buffer overflow + + Squid contains a bug where it fails to properly check bounds of the 'pass' + variable. + + squid + June 17, 2004 + September 02, 2004: 02 + 53367 + remote + + + 2.5.5-r2 + 2.5.5-r1 + + + +

+ Squid contains a bug in the function ntlm_check_auth(). It fails to do + proper bounds checking on the values copyied to the 'pass' variable. +

+ + +

+ Squid is a full-featured Web Proxy Cache designed to run on Unix systems. + It supports proxying and caching of HTTP, FTP, and other URLs, as well as + SSL support, cache hierarchies, transparent caching, access control lists + and many other features. +

+ + +

+ If Squid is configured to use NTLM authentication, an attacker could + exploit this vulnerability by sending a very long password. This could lead + to arbitrary code execution with the permissions of the user running Squid. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All Squid users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-proxy/squid-2.5.5-r2" + # emerge ">=net-proxy/squid-2.5.5-r2" + + + CAN-2004-0541 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-14.xml new file mode 100644 index 0000000000..d467a5f54f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-14.xml @@ -0,0 +1,64 @@ + + + + + aspell: Buffer overflow in word-list-compress + + A bug in the aspell utility word-list-compress can allow an attacker to + execute arbitrary code. + + aspell + June 17, 2004 + May 22, 2006: 03 + 53389 + local + + + 0.50.5-r4 + 0.50.5-r3 + + + +

+ aspell is a popular spell-checker. Dictionaries are available for many + languages. +

+ + +

+ aspell includes a utility for handling wordlists called + word-list-compress. This utility fails to do proper bounds checking + when processing words longer than 256 bytes. +

+ + +

+ If an attacker could entice a user to handle a wordlist containing very + long word lengths it could result in the execution of arbitrary code + with the permissions of the user running the program. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All users should upgrade to the latest available version of aspell. +

+ + # emerge sync + + # emerge -pv ">=app-text/aspell-0.50.5-r4" + # emerge ">=app-text/aspell-0.50.5-r4" + + + Nettwerked Advisory + CVE-2004-0548 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-15.xml new file mode 100644 index 0000000000..3375b00c96 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-15.xml @@ -0,0 +1,70 @@ + + + + + Usermin: Multiple vulnerabilities + + Usermin contains two security vulnerabilities which could lead to a Denial + of Service attack and information disclosure. + + Usermin + June 18, 2004 + May 22, 2006: 02 + 54030 + remote + + + 1.080 + 1.070-r1 + + + +

+ Usermin is a web-based administration tool for Unix. It supports a wide + range of user applications including configuring mail forwarding, + setting up SSH or reading mail. +

+ + +

+ Usermin contains two security vulnerabilities. One fails to properly + sanitize email messages that contain malicious HTML or script code and + the other could allow an attacker to lock out a valid user by sending + an invalid username and password. +

+ + +

+ By sending a specially crafted e-mail, an attacker can execute + arbitrary scripts running in the context of the victim's browser. This + can be lead to cookie theft and potentially to compromise of user + accounts. Furthermore, an attacker could lock out legitimate users by + sending invalid login information. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ Usermin users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-admin/usermin-1.080" + # emerge ">=app-admin/usermin-1.080" + + + Bugtraq Announcement + SNS Advisory + CVE-2004-0583 + CVE-2004-0588 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-16.xml new file mode 100644 index 0000000000..e312b16419 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-16.xml @@ -0,0 +1,67 @@ + + + + + Apache 1.3: Buffer overflow in mod_proxy + + A bug in mod_proxy may allow a remote attacker to execute arbitrary code + when Apache is configured a certain way. + + Apache + June 21, 2004 + December 30, 2007: 02 + 53544 + remote + + + 1.3.31-r2 + 1.3.31-r1 + + + +

+ The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +

+ + +

+ A bug in the proxy_util.c file may lead to a remote buffer overflow. To + trigger the vulnerability an attacker would have to get mod_proxy to + connect to a malicous server which returns an invalid (negative) + Content-Length. +

+ + +

+ An attacker could cause a Denial of Service as the Apache child handling + the request, which will die and under some circumstances execute arbitrary + code as the user running Apache, usually "apache". +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version: +

+ + +

+ Apache 1.x users should upgrade to the latest version of Apache: +

+ + # emerge sync + + # emerge -pv ">=www-servers/apache-1.3.31-r2" + # emerge ">=www-servers/apache-1.3.31-r2" + + + Georgi Guninski security advisory #69, 2004 + CAN-2004-0492 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-17.xml new file mode 100644 index 0000000000..cf4baf5293 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-17.xml @@ -0,0 +1,66 @@ + + + + + IPsec-Tools: authentication bug in racoon + + racoon provided as part of IPsec-Tools fails do proper authentication. + + IPsec-Tools + June 22, 2004 + May 22, 2006: 02 + 53915 + remote + + + 0.3.3 + 0.3.3 + + + +

+ IPsec-Tools is a port of KAME's implementation of the IPsec utilities. + It contains a collection of network monitoring tools, including racoon, + ping, and ping6. +

+ + +

+ The KAME IKE daemon racoon is used to authenticate peers during Phase 1 + when using either preshared keys, GSS-API, or RSA signatures. When + using RSA signatures racoon validates the X.509 certificate but not the + RSA signature. +

+ + +

+ By sending a valid and trusted X.509 certificate and any private key an + attacker could exploit this vulnerability to perform man-in-the-middle + attacks and initiate unauthorized connections. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All IPsec-Tools users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-firewall/ipsec-tools-0.3.3" + # emerge ">=net-firewall/ipsec-tools-0.3.3" + + + IPsec-Tools Advisory + CVE-2004-0155 + CVE-2004-0607 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-18.xml new file mode 100644 index 0000000000..24526edbdb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-18.xml @@ -0,0 +1,69 @@ + + + + + gzip: Insecure creation of temporary files + + gzip contain a bug potentially allowing an attacker to execute arbitrary + commands. + + gzip + June 24, 2004 + May 22, 2006: 02 + 54890 + local + + + 1.3.3-r4 + 1.3.3-r3 + + + +

+ gzip (GNU zip) is popular compression program. The included gzexe + utility allows you to compress executables in place and have them + automatically uncompress and execute when you run them. +

+ + +

+ The script gzexe included with gzip contains a bug in the code that + handles tempfile creation. If the creation of a temp file fails when + using gzexe fails instead of bailing out it executes the command given + as argument. +

+ + +

+ This could lead to priviege escalation by running commands under the + rights of the user running the self extracting file. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All gzip users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-arch/gzip-1.3.3-r4" + # emerge ">=app-arch/gzip-1.3.3-r4" +

+ Additionally, once the upgrade is complete, all self extracting files + created with earlier versions gzexe should be recreated, since the + vulnerability is actually embedded in those executables. +

+ + + CVE-2004-0603 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-19.xml new file mode 100644 index 0000000000..56c05acbc0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-19.xml @@ -0,0 +1,64 @@ + + + + + giFT-FastTrack: remote denial of service attack + + There is a vulnerability where a carefully crafted signal sent to the + giFT-FastTrack plugin will cause the giFT daemon to crash. + + giFT-FastTrack + June 24, 2004 + May 22, 2006: 02 + 54452 + remote + + + 0.8.7 + 0.8.6 + + + +

+ giFT-FastTrack is a plugin for the giFT file-sharing application. It + allows giFT users to connect to the fasttrack network to share files. +

+ + +

+ Alan Fitton found a vulnerability in the giFT-FastTrack plugin in + version 0.8.6 and earlier. It can be used to remotely crash the giFT + daemon. +

+ + +

+ Attackers may use this vulnerability to perform a Denial of Service + attack against the giFT daemon. There is no risk of code execution. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All users should upgrade to the latest available version of + gift-fasttrack: +

+ + # emerge sync + + # emerge -pv ">=net-p2p/gift-fasttrack-0.8.7" + # emerge ">=net-p2p/gift-fasttrack-0.8.7" + + + giFT-FastTrack announcement + CVE-2004-0604 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-20.xml new file mode 100644 index 0000000000..fcdcababc2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-20.xml @@ -0,0 +1,120 @@ + + + + + FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling + + FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs when + authenticating PKCS#7 certificates. This could allow an attacker to + authenticate with a fake certificate. + + Openswan + June 25, 2004 + May 22, 2006: 02 + remote + + + 2.04-r1 + 1.99-r1 + 2.04-r1 + + + 2.1.4 + 1.0.6_rc1 + 2.1.4 + + + 2.1.3 + 2.1.3 + + + 1.99.7.3 + + + +

+ FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN are Open Source + implementations of IPsec for the Linux operating system. They are all + based on the discontinued FreeS/WAN project. +

+ + +

+ All these IPsec implementations have several bugs in the + verify_x509cert() function, which performs certificate validation, that + make them vulnerable to malicious PKCS#7 wrapped objects. +

+ + +

+ With a carefully crafted certificate payload an attacker can + successfully authenticate against FreeS/WAN, Openswan, strongSwan or + Super-FreeS/WAN, or make the daemon go into an endless loop. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All FreeS/WAN 1.9x users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv "=net-misc/freeswan-1.99-r1" + # emerge "=net-misc/freeswan-1.99-r1" +

+ All FreeS/WAN 2.x users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/freeswan-2.04-r1" + # emerge ">=net-misc/freeswan-2.04-r1" +

+ All Openswan 1.x users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv "=net-misc/openswan-1.0.6_rc1" + # emerge "=net-misc/openswan-1.0.6_rc1" +

+ All Openswan 2.x users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/openswan-2.1.4" + # emerge ">=net-misc/openswan-2.1.4" +

+ All strongSwan users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/strongswan-2.1.3" + # emerge ">=net-misc/strongswan-2.1.3" +

+ All Super-FreeS/WAN users should migrate to the latest stable version + of Openswan. Note that Portage will force a move for Super-FreeS/WAN + users to Openswan. +

+ + # emerge sync + + # emerge -pv "=net-misc/openswan-1.0.6_rc1" + # emerge "=net-misc/openswan-1.0.6_rc1" + + + Openswan/strongSwan Authentication Bug + CVE-2004-0590 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-21.xml new file mode 100644 index 0000000000..c7698df487 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-21.xml @@ -0,0 +1,74 @@ + + + + + mit-krb5: Multiple buffer overflows in krb5_aname_to_localname + + mit-krb5 contains multiple buffer overflows in the function + krb5_aname_to_localname(). This could potentially lead to a complete remote + system compromise. + + mit-krb5 + June 29, 2004 + June 29, 2004: 01 + 52744 + remote + + + 1.3.3-r1 + 1.3.3 + + + +

+ mit-krb5 is the free implementation of the Kerberos network authentication + protocol by the Massachusetts Institute of Technology. +

+ + +

+ The library function krb5_aname_to_localname() contains multiple buffer + overflows. This is only exploitable if explicit mapping or rules-based + mapping is enabled. These are not enabled as default. +

+

+ With explicit mapping enabled, an attacker must authenticate using a + principal name listed in the explicit mapping list. +

+

+ With rules-based mapping enabled, an attacker must first be able to create + arbitrary principal names either in the local realm Kerberos realm or in a + remote realm from which the local realm's service are reachable by + cross-realm authentication. +

+ + +

+ An attacker could use these vulnerabilities to execute arbitrary code with + the permissions of the user running mit-krb5, which could be the root user. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ mit-krb5 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/mit-krb5-1.3.3-r1" + # emerge ">=app-crypt/mit-krb5-1.3.3-r1" + + + CAN-2004-0523 + MIT krb5 Security Advisory + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-22.xml new file mode 100644 index 0000000000..adedc54c72 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-22.xml @@ -0,0 +1,60 @@ + + + + + Pavuk: Remote buffer overflow + + Pavuk contains a bug potentially allowing an attacker to run arbitrary + code. + + Pavuk + June 30, 2004 + May 22, 2006: 02 + remote + + + 0.9.28-r2 + 0.9.28-r1 + + + +

+ Pavuk is web spider and website mirroring tool. +

+ + +

+ When Pavuk connects to a web server and the server sends back the HTTP + status code 305 (Use Proxy), Pavuk copies data from the HTTP Location + header in an unsafe manner. +

+ + +

+ An attacker could cause a stack-based buffer overflow which could lead + to arbitrary code execution with the rights of the user running Pavuk. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All Pavuk users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/pavuk-0.9.28-r2" + # emerge ">="net-misc/pavuk-0.9.28-r2 + + + CVE-2004-0456 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-01.xml new file mode 100644 index 0000000000..508b29e96f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-01.xml @@ -0,0 +1,68 @@ + + + + + Esearch: Insecure temp file handling + + The eupdatedb utility in esearch creates a file in /tmp without first + checking for symlinks. This makes it possible for any user to create + arbitrary files. + + esearch + July 01, 2004 + May 22, 2006: 02 + 55424 + local + + + 0.6.2 + 0.6.1 + + + +

+ Esearch is a replacement for the Portage command "emerge search". It + uses an index to speed up searching of the Portage tree. +

+ + +

+ The eupdatedb utility uses a temporary file (/tmp/esearchdb.py.tmp) to + indicate that the eupdatedb process is running. When run, eupdatedb + checks to see if this file exists, but it does not check to see if it + is a broken symlink. In the event that the file is a broken symlink, + the script will create the file pointed to by the symlink, instead of + printing an error and exiting. +

+ + +

+ An attacker could create a symlink from /tmp/esearchdb.py.tmp to a + nonexistent file (such as /etc/nologin), and the file will be created + the next time esearchdb is run. +

+ + +

+ There is no known workaround at this time. All users should upgrade to + the latest available version of esearch. +

+ + +

+ All users should upgrade to the latest available version of esearch, as + follows: +

+ + # emerge sync + + # emerge -pv ">=app-portage/esearch-0.6.2" + # emerge ">=app-portage/esearch-0.6.2" + + + CVE-2004-0655 + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-02.xml new file mode 100644 index 0000000000..09a0f02ee3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-02.xml @@ -0,0 +1,320 @@ + + + + + Linux Kernel: Multiple vulnerabilities + + Multiple vulnerabilities have been found in the Linux kernel used by + GNU/Linux systems. Patched, or updated versions of these kernels have been + released and details are included in this advisory. + + Kernel + July 03, 2004 + March 27, 2011: 04 + 47881 + 49637 + 53804 + 54976 + 55698 + local + + + 2.4.23-r2 + 2.4.23-r2 + + + 2.4.21-r8 + 2.4.21-r8 + + + 2.4.26-r1 + 2.6.7-r1 + 2.6.7-r1 + + + 2.4.9.32.7-r7 + 2.4.9.32.7-r7 + + + 2.6.7 + 2.6.7 + + + 2.4.20-r14 + 2.4.20-r14 + + + 2.6.7 + 2.6.7 + + + 2.4.19-r17 + 2.4.20-r20 + 2.4.22-r12 + 2.4.25-r5 + 2.4.26-r3 + 2.4.26-r3 + + + 2.4.26.2.0-r5 + 2.4.26.2.0-r5 + + + 2.4.25_pre7-r7 + 2.4.25_pre7-r7 + + + 2.6.7 + 2.6.7 + + + 2.4.26-r2 + 2.4.26-r2 + + + 2.6.7 + 2.6.7 + + + 2.4.26_p6 + 2.4.26_p6 + + + 2.4.24-r5 + 2.4.24-r5 + + + 2.4.26-r3 + 2.4.26-r3 + + + 2.6.7-r1 + 2.6.7-r1 + + + 2.4.22-r10 + 2.4.22-r10 + + + 2.4.23-r8 + 2.4.23-r8 + + + 2.6.7 + 2.6.7 + + + 2.4.26-r2 + 2.4.26-r2 + + + 2.4.21-r10 + 2.4.21-r10 + + + 2.4.26-r2 + 2.4.26-r2 + + + 2.6.7 + 2.6.7 + + + 2.4.26-r2 + 2.4.26-r2 + + + 2.6.7-r1 + 2.6.7-r1 + + + 2.4.26-r2 + 2.4.26-r2 + + + 2.4.26-r2 + 2.4.26-r2 + + + 2.4.26_p0-r2 + 2.4.26_p0-r2 + + + 2.4.24-r5 + 2.4.26-r2 + 2.4.26-r2 + + + 2.0 + 2.0 + 2.4 + 2.4.26.1.3.9-r2 + + + 2.4.26-r2 + 2.4.26-r2 + + + 4.9-r9 + 4.11-r6 + 4.14-r3 + 4.14-r3 + + + 2.6.7 + 2.6.7 + + + 2.4.24-r8 + 2.4.24-r8 + + + 2.4.27 + 2.4.26 + + + +

+ The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications + as well as providing the essential structure and capability to access + hardware that is needed for a running system. +

+ + +

+ Multiple flaws have been discovered in the Linux kernel. This advisory + corrects the following issues: +

+
    +
  • + CAN-2004-0109: This vulnerability allows privilege escalation using + ISO9660 file systems through a buffer overflow via a malformed file + system containing a long symbolic link entry. This can allow arbitrary + code execution at kernel level. +
    • +
  • + CAN-2004-0133: The XFS file system in 2.4 series kernels has an + information leak by which data in the memory can be written to the + device hosting the file system, allowing users to obtain portions of + kernel memory by reading the raw block device. +
    • +
  • + CAN-2004-0177: The ext3 file system in 2.4 series kernels does not + properly initialize journal descriptor blocks, causing an information + leak by which data in the memory can be written to the device hosting + the file system, allowing users to obtain portions of kernel memory by + reading the raw device. +
    • +
  • + CAN-2004-0181: The JFS file system in 2.4 series kernels has an + information leak by which data in the memory can be written to the + device hosting the file system, allowing users to obtain portions of + kernel memory by reading the raw device. +
    • +
  • + CAN-2004-0178: The OSS Sound Blaster [R] Driver has a Denial of Service + vulnerability since it does not handle certain sample sizes properly. + This allows local users to hang the kernel. +
    • +
  • + CAN-2004-0228: Due to an integer signedness error in the CPUFreq /proc + handler code in 2.6 series Linux kernels, local users can escalate + their privileges. +
    • +
  • + CAN-2004-0229: The framebuffer driver in 2.6 series kernel drivers does + not use the fb_copy_cmap method of copying structures. The impact of + this issue is unknown, however. +
    • +
  • + CAN-2004-0394: A buffer overflow in the panic() function of 2.4 series + Linux kernels exists, but it may not be exploitable under normal + circumstances due to its functionality. +
    • +
  • + CAN-2004-0427: The do_fork() function in both 2.4 and 2.6 series Linux + kernels does not properly decrement the mm_count counter when an error + occurs, triggering a memory leak that allows local users to cause a + Denial of Service by exhausting other applications of memory; causing + the kernel to panic or to kill services. +
    • +
  • + CAN-2004-0495: Multiple vulnerabilities found by the Sparse source + checker in the kernel allow local users to escalate their privileges or + gain access to kernel memory. +
    • +
  • + CAN-2004-0535: The e1000 NIC driver does not properly initialize memory + structures before using them, allowing users to read kernel memory. +
    • +
  • + CAN-2004-0554: 2.4 and 2.6 series kernels running on an x86 or an AMD64 + architecture allow local users to cause a Denial of Service by a total + system hang, due to an infinite loop that triggers a signal handler + with a certain sequence of fsave and frstor instructions. +
    • +
  • + Local DoS in PaX: If ASLR is enabled as a GRSecurity PaX feature, a + Denial of Service can be achieved by putting the kernel into an + infinite loop. Only 2.6 series GRSecurity kernels are affected by this + issue. +
    • +
  • + RSBAC 1.2.3 JAIL issues: A flaw in the RSBAC JAIL implementation allows + suid/sgid files to be created inside the jail since the relevant module + does not check the corresponding mode values. This can allow privilege + escalation inside the jail. Only rsbac-(dev-)sources are affected by + this issue. +
    • +
+ + +

+ Arbitrary code with normal non-super-user privileges may be able to + exploit any of these vulnerabilities; gaining kernel level access to + memory structures and hardware devices. This may be used for further + exploitation of the system, to leak sensitive data or to cause a Denial + of Service on the affected kernel. +

+ + +

+ Although users may not be affected by certain vulnerabilities, all + kernels are affected by the CAN-2004-0394, CAN-2004-0427 and + CAN-2004-0554 issues which have no workaround. As a result, all users + are urged to upgrade their kernels to patched versions. +

+ + +

+ Users are encouraged to upgrade to the latest available sources for + their system: +

+ + # emerge sync + # emerge -pv your-favorite-sources + # emerge your-favorite-sources + + # # Follow usual procedure for compiling and installing a kernel. + # # If you use genkernel, run genkernel as you would do normally. + + + CVE-2004-0109 + CVE-2004-0133 + CVE-2004-0177 + CVE-2004-0178 + CVE-2004-0181 + CVE-2004-0228 + CVE-2004-0229 + CVE-2004-0394 + CVE-2004-0427 + CVE-2004-0495 + CVE-2004-0535 + CVE-2004-0554 + CVE-2004-1983 + + + plasmaroo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-03.xml new file mode 100644 index 0000000000..ddf00eb878 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-03.xml @@ -0,0 +1,70 @@ + + + + + Apache 2: Remote denial of service attack + + A bug in Apache may allow a remote attacker to perform a Denial of Service + attack. With certain configurations this could lead to a heap based buffer + overflow. + + Apache + July 04, 2004 + December 30, 2007: 02 + 55441 + remote + + + 2.0.49-r4 + 2 + 2.0.49-r3 + + + +

+ The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides services in tune with the current HTTP standards. +

+ + +

+ A bug in the protocol.c file handling header lines will cause Apache to + allocate memory for header lines starting with TAB or SPACE. +

+ + +

+ An attacker can exploit this vulnerability to perform a Denial of Service + attack by causing Apache to exhaust all memory. On 64 bit systems with more + than 4GB of virtual memory a possible integer signedness error could lead + to a buffer based overflow causing Apache to crash and under some + circumstances execute arbitrary code as the user running Apache, usually + "apache". +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version: +

+ + +

+ Apache 2 users should upgrade to the latest version of Apache: +

+ + # emerge sync + + # emerge -pv ">=www-servers/apache-2.0.49-r4" + # emerge ">=www-servers/apache-2.0.49-r4" + + + Georgi Guninski security advisory #70, 2004 + CAN-2004-0493 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-04.xml new file mode 100644 index 0000000000..9db02bb1cd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-04.xml @@ -0,0 +1,62 @@ + + + + + Pure-FTPd: Potential DoS when maximum connections is reached + + Pure-FTPd contains a bug potentially allowing a Denial of Service attack + when the maximum number of connections is reached. + + Pure-FTPd + July 04, 2004 + May 22, 2006: 02 + 54590 + remote + + + 1.0.18-r1 + 1.0.18 + + + +

+ Pure-FTPd is a fast, production-quality and standards-compliant FTP + server. +

+ + +

+ Pure-FTPd contains a bug in the accept_client function handling the + setup of new connections. +

+ + +

+ When the maximum number of connections is reached an attacker could + exploit this vulnerability to perform a Denial of Service attack. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All Pure-FTPd users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-ftp/pure-ftpd-1.0.18-r1" + # emerge ">=net-ftp/pure-ftpd-1.0.18-r1" + + + Pure-FTPd website + CVE-2004-0656 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-05.xml new file mode 100644 index 0000000000..461f99b388 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-05.xml @@ -0,0 +1,81 @@ + + + + + XFree86, X.org: XDM ignores requestPort setting + + XDM will open TCP sockets for its chooser, even if the + DisplayManager.requestPort setting is set to 0. This may allow authorized + users to access a machine remotely via X, even if the administrator has + configured XDM to refuse such connections. + + xdm + July 05, 2004 + July 05, 2004: 01 + 53226 + remote + + + 4.3.0-r6 + 4.3.0-r5 + + + 6.7.0-r1 + 6.7.0 + + + +

+ The X Display Manager (XDM) is a program which provides a graphical login + prompt to users on the console or on remote X terminals. It has largely + been superseded by programs such as GDM and KDM. +

+ + +

+ XDM will open TCP sockets for its chooser, even if the + DisplayManager.requestPort setting is set to 0. Remote clients can use this + port to connect to XDM and request a login window, thus allowing access to + the system. +

+ + +

+ Authorized users may be able to login remotely to a machine running XDM, + even if this option is disabled in XDM's configuration. Please note that an + attacker must have a preexisting account on the machine in order to exploit + this vulnerability. +

+ + +

+ There is no known workaround at this time. All users should upgrade to the + latest available version of X. +

+ + +

+ If you are using XFree86, you should run the following: +

+ + # emerge sync + + # emerge -pv ">=x11-base/xfree-4.3.0-r6" + # emerge ">=x11-base/xfree-4.3.0-r6" +

+ If you are using X.org's X11 server, you should run the following: +

+ + # emerge sync + + # emerge -pv ">=x11-base/xorg-x11-6.7.0-r1" + # emerge ">=x11-base/xorg-x11-6.7.0-r1" + + + CAN 2004-0419 + XFree86 Bug + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-06.xml new file mode 100644 index 0000000000..d304d0d7c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-06.xml @@ -0,0 +1,72 @@ + + + + + libpng: Buffer overflow on row buffers + + libpng contains a buffer overflow vulnerability potentially allowing an + attacker to perform a Denial of Service attack or even execute arbitrary + code. + + libpng + July 08, 2004 + July 08, 2004: 01 + 56307 + remote + + + 1.2.5-r7 + 1.2.5-r6 + + + +

+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several other programs, including web + browsers and potentially server processes. +

+ + +

+ Due to a wrong calculation of loop offset values, libpng contains a buffer + overflow vulnerability on the row buffers. This vulnerability was initially + patched in January 2003 but since it has been discovered that libpng + contains the same vulnerability in two other places. +

+ + +

+ An attacker could exploit this vulnerability to cause programs linked + against the library to crash or execute arbitrary code with the permissions + of the user running the vulnerable program, which could be the root user. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All libpng users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/libpng-1.2.5-r7" + # emerge ">=media-libs/libpng-1.2.5-r7" +

+ You should also run revdep-rebuild to rebuild any packages that depend on + older versions of libpng : +

+ + # revdep-rebuild + + + CAN-2002-1363 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-07.xml new file mode 100644 index 0000000000..9ce491bba1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-07.xml @@ -0,0 +1,67 @@ + + + + + Shorewall : Insecure temp file handling + + Shorewall contains a bug in the code handling the creation of temporary + files and directories. This can allow a non-root user to overwrite + arbitrary system files. + + Shorewall + July 08, 2004 + May 22, 2006: 02 + 55675 + local + + + 1.4.10f + 1.4.10c + + + +

+ Shorewall is a high level tool for configuring Netfilter, the firewall + facility included in the Linux Kernel. +

+ + +

+ Shorewall uses temporary files and directories in an insecure manner. A + local user could create symbolic links at specific locations, + eventually overwriting other files on the filesystem with the rights of + the shorewall process. +

+ + +

+ An attacker could exploit this vulnerability to overwrite arbitrary + system files with root privileges, resulting in Denial of Service or + further exploitation. +

+ + +

+ There is no known workaround at this time. All users should upgrade to + the latest available version of Shorewall. +

+ + +

+ All users should upgrade to the latest available version of Shorewall, + as follows: +

+ + # emerge sync + + # emerge -pv ">=net-firewall/shorewall-1.4.10f" + # emerge ">=net-firewall/shorewall-1.4.10f" + + + Shorewall Announcement + CVE-2004-0647 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-08.xml new file mode 100644 index 0000000000..8235ab9fcf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-08.xml @@ -0,0 +1,75 @@ + + + + + Ethereal: Multiple security problems + + Multiple vulnerabilities including one buffer overflow exist in Ethereal, + which may allow an attacker to run arbitrary code or crash the program. + + Ethereal + July 09, 2004 + May 22, 2006: 02 + 56423 + remote + + + 0.10.5 + 0.10.4 + + + +

+ Ethereal is a feature rich network protocol analyzer. +

+ + +

+ There are multiple vulnerabilities in versions of Ethereal earlier than + 0.10.5, including: +

+
    +
  • In some cases the iSNS dissector could cause Ethereal to + abort.
    • +
  • If there was no policy name for a handle for SMB SID snooping it + could cause a crash.
    • +
  • A malformed or missing community string could cause the SNMP + dissector to crash.
    • +
+ + +

+ An attacker could use these vulnerabilities to crash Ethereal or even + execute arbitrary code with the permissions of the user running + Ethereal, which could be the root user. +

+ + +

+ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. For SMB you can disable SID snooping in the SMB + protocol preference. However, it is strongly recommended to upgrade to + the latest stable version. +

+ + +

+ All Ethereal users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-analyzer/ethereal-0.10.5" + # emerge ">=net-analyzer/ethereal-0.10.5" + + + Ethereal enpa-sa-00015 + CVE-2004-0633 + CVE-2004-0634 + CVE-2004-0635 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-09.xml new file mode 100644 index 0000000000..922025f974 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-09.xml @@ -0,0 +1,66 @@ + + + + + MoinMoin: Group ACL bypass + + MoinMoin contains a bug allowing a user to bypass group ACLs (Access + Control Lists). + + MoinMoin + July 11, 2004 + May 22, 2006: 02 + 53126 + remote + + + 1.2.2 + 1.2.1 + + + +

+ MoinMoin is a Python clone of WikiWiki, based on PikiPiki. +

+ + +

+ MoinMoin contains a bug in the code handling administrative group ACLs. + A user created with the same name as an administrative group gains the + privileges of the administrative group. +

+ + +

+ If an administrative group called AdminGroup existed an attacker could + create a user called AdminGroup and gain the privileges of the group + AdminGroup. This could lead to unauthorized users gaining + administrative access. +

+ + +

+ For every administrative group with special privileges create a user + with the same name as the group. +

+ + +

+ All users should upgrade to the latest available version of MoinMoin, + as follows: +

+ + # emerge sync + + # emerge -pv ">=www-apps/moinmoin-1.2.2" + # emerge ">=www-apps/moinmoin-1.2.2" + + + MoinMoin Announcement + OSVDB Entry + CVE-2004-0708 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-10.xml new file mode 100644 index 0000000000..368fa89ec2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-10.xml @@ -0,0 +1,69 @@ + + + + + rsync: Directory traversal in rsync daemon + + Under specific conditions, the rsync daemon is vulnerable to a directory + traversal allowing to write files outside a sync module. + + rsync + July 12, 2004 + July 12, 2004: 01 + 49534 + remote + + + 2.6.0-r2 + 2.6.0-r1 + + + +

+ rsync is a utility that provides fast incremental file transfers. It is + used to efficiently synchronize files between hosts and is used by emerge + to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens + to connections from rsync clients. +

+ + +

+ When rsyncd is used without chroot ("use chroot = false" in the rsyncd.conf + file), the paths sent by the client are not checked thoroughly enough. If + rsyncd is used with read-write permissions ("read only = false"), this + vulnerability can be used to write files anywhere with the rights of the + rsyncd daemon. With default Gentoo installations, rsyncd runs in a chroot, + without write permissions and with the rights of the "nobody" user. +

+ + +

+ On affected configurations and if the rsync daemon runs under a privileged + user, a remote client can exploit this vulnerability to completely + compromise the host. +

+ + +

+ You should never set the rsync daemon to run with "use chroot = false". If + for some reason you have to run rsyncd without a chroot, then you should + not set "read only = false". +

+ + +

+ All users should update to the latest version of the rsync package. +

+ + # emerge sync + + # emerge -pv ">=net-misc/rsync-2.6.0-r2" + # emerge ">=net-misc/rsync-2.6.0-r2" + + + CAN-2004-0426 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-11.xml new file mode 100644 index 0000000000..a9f9b5858c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-11.xml @@ -0,0 +1,70 @@ + + + + + wv: Buffer overflow vulnerability + + A buffer overflow vulnerability exists in the wv library that can allow an + attacker to execute arbitrary code with the privileges of the user running + the vulnerable application. + + app-text/wv + July 14, 2004 + May 22, 2006: 02 + 56595 + remote + + + 1.0.0-r1 + 1.0.0-r1 + + + +

+ The wv library allows access to MS Word files. It can parse Word files + and allow other applications, such as abiword, to import those files + into their native formats. +

+ + +

+ A use of strcat without proper bounds checking leads to an exploitable + buffer overflow. The vulnerable code is executed when wv encounters an + unrecognized token, so a specially crafted file, loaded in wv, can + trigger the vulnerable code and execute it's own arbitrary code. This + exploit is only possible when the user loads the document into HTML + view mode. +

+ + +

+ By inducing a user into running wv on a special file, an attacker can + execute arbitrary code with the permissions of the user running the + vulnerable program. +

+ + +

+ Users should not view untrusted documents with wvHtml or applications + using wv. When loading an untrusted document in an application using + the wv library, make sure HTML view is disabled. +

+ + +

+ All users should upgrade to the latest available version. +

+ + # emerge sync + + # emerge -pv ">=app-text/wv-1.0.0-r1" + # emerge ">=app-text/wv-1.0.0-r1" + + + iDEFENSE Security Advisory + CVE-2004-0645 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-12.xml new file mode 100644 index 0000000000..e5b1764670 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-12.xml @@ -0,0 +1,133 @@ + + + + + Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling + + A flaw has been discovered in 2.6 series Linux kernels that allows an + attacker to send a malformed TCP packet, causing the affected kernel to + possibly enter an infinite loop and hang the vulnerable machine. + + Kernel + July 14, 2004 + October 10, 2004: 02 + 55694 + remote + + + 2.6.5-r5 + 2.6 + 2.6.5-r5 + + + 2.6.7-r2 + 2.6 + 2.6.7-r2 + + + 2.6.8 + 2.6.8 + + + 2.6.7-r7 + 2.6.7-r7 + + + 2.6.7-r1 + 2.6.7-r1 + + + 2.6.7_p1-r1 + 2.6.7_p1-r1 + + + 2.6.4-r4 + 2.6 + 2.6.4-r4 + + + 2.6.7-r4 + 2.6 + 2.6.7-r4 + + + 2.6.7-r1 + 2.6.7-r1 + + + 2.6.7-r1 + 2.6.7-r1 + + + 2.6.7_p0-r1 + 2.6 + 2.6.7_p0 + + + 2.6.6-r2 + 2.6 + 2.6.6-r2 + + + 2.6.7-r1 + 2.6 + 2.6.7-r1 + + + 2.6.7-r1 + 2.6 + 2.6.7-r1 + + + +

+ The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications as + well as providing the essential structure and capability to access hardware + that is needed for a running system. +

+ + +

+ An attacker can utilize an erroneous data type in the IPTables TCP option + handling code, which lies in an iterator. By making a TCP packet with a + header length larger than 127 bytes, a negative integer would be implied in + the iterator. +

+ + +

+ By sending one malformed packet, the kernel could get stuck in a loop, + consuming all of the CPU resources and rendering the machine useless, + causing a Denial of Service. This vulnerability requires no local access. +

+ + +

+ If users do not use the netfilter functionality or do not use any + ``--tcp-option'' rules they are not vulnerable to this exploit. Users that + are may remove netfilter support from their kernel or may remove any + ``--tcp-option'' rules they might be using. However, all users are urged to + upgrade their kernels to patched versions. +

+ + +

+ Users are encouraged to upgrade to the latest available sources for their + system: +

+ + # emerge sync + # emerge -pv your-favorite-sources + # emerge your-favorite-sources + + # # Follow usual procedure for compiling and installing a kernel. + # # If you use genkernel, run genkernel as you would do normally. + + + CAN-2004-0626 + + + plasmaroo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-13.xml new file mode 100644 index 0000000000..b0d43fcddd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-13.xml @@ -0,0 +1,91 @@ + + + + + PHP: Multiple security vulnerabilities + + Multiple security vulnerabilities, potentially allowing remote code + execution, were found and fixed in PHP. + + PHP + July 15, 2004 + July 15, 2004: 01 + 56985 + remote + + + 4.3.8 + 4.3.7-r1 + + + 4.3.8 + 4.3.7-r1 + + + 4.3.8 + 4.3.7-r1 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the mod_php + module or the CGI version of PHP, or can run stand-alone in a CLI. +

+ + +

+ Several security vulnerabilities were found and fixed in version 4.3.8 of + PHP. The strip_tags() function, used to sanitize user input, could in + certain cases allow tags containing \0 characters (CAN-2004-0595). When + memory_limit is used, PHP might unsafely interrupt other functions + (CAN-2004-0594). The ftok and itpc functions were missing safe_mode checks. + It was possible to bypass open_basedir restrictions using MySQL's LOAD DATA + LOCAL function. Furthermore, the IMAP extension was incorrectly allocating + memory and alloca() calls were replaced with emalloc() for better stack + protection. +

+ + +

+ Successfully exploited, the memory_limit problem could allow remote + excution of arbitrary code. By exploiting the strip_tags vulnerability, it + is possible to pass HTML code that would be considered as valid tags by the + Microsoft Internet Explorer and Safari browsers. Using ftok, itpc or + MySQL's LOAD DATA LOCAL, it is possible to bypass PHP configuration + restrictions. +

+ + +

+ There is no known workaround that would solve all these problems. All users + are encouraged to upgrade to the latest available versions. +

+ + +

+ All PHP, mod_php and php-cgi users should upgrade to the latest stable + version: +

+ + # emerge sync + + # emerge -pv ">=dev-php/php-4.3.8" + # emerge ">=dev-php/php-4.3.8" + + # emerge -pv ">=dev-php/mod_php-4.3.8" + # emerge ">=dev-php/mod_php-4.3.8" + + # emerge -pv ">=dev-php/php-cgi-4.3.8" + # emerge ">=dev-php/php-cgi-4.3.8" + + + CAN-2004-0594 + CAN-2004-0595 + E-Matters Advisory 11/2004 + E-Matters Advisory 12/2004 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-14.xml new file mode 100644 index 0000000000..87dcd762ae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-14.xml @@ -0,0 +1,89 @@ + + + + + Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries + + Game servers based on the Unreal engine are vulnerable to remote code + execution through malformed 'secure' queries. + + Unreal Tournament + July 19, 2004 + July 19, 2004: 01 + 54726 + remote + + + 2225-r3 + 2225-r2 + + + 2225-r2 + 2225-r1 + + + 3236 + 3236 + + + 3120-r4 + 3120-r3 + + + +

+ Unreal Tournament 2003 and 2004 are popular first-person-shooter games. + They are both based on the Unreal engine, and can be used in a game server + / client setup. +

+ + +

+ The Unreal-based game servers support a specific type of query called + 'secure'. Part of the Gamespy protocol, this query is used to ask if the + game server is able to calculate an exact response using a provided string. + Luigi Auriemma found that sending a long 'secure' query triggers a buffer + overflow in the game server. +

+ + +

+ By sending a malicious UDP-based 'secure' query, an attacker could execute + arbitrary code on the game server. +

+ + +

+ Users can avoid this vulnerability by not using Unreal Tournament to host + games as a server. All users running a server should upgrade to the latest + versions. +

+ + +

+ All Unreal Tournament users should upgrade to the latest available + versions: +

+ + # emerge sync + + # emerge -pv ">=games-fps/ut2003-2225-r3" + # emerge ">=games-fps/ut2003-2225-r3" + + # emerge -pv ">=games-server/ut2003-ded-2225-r2" + # emerge ">=games-server/ut2003-ded-2225-r2" + + # emerge -pv ">=games-fps/ut2004-3236" + # emerge ">=games-fps/ut2004-3236" + + # emerge -pv ">=games-fps/ut2004-demo-3120-r4" + # emerge ">=games-fps/ut2004-demo-3120-r4" + + + Luigi Auriemma advisory + CAN-2004-0608 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-15.xml new file mode 100644 index 0000000000..506b63836f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-15.xml @@ -0,0 +1,69 @@ + + + + + Opera: Multiple spoofing vulnerabilities + + Opera contains three vulnerabilities, allowing an attacker to impersonate + legitimate websites with URI obfuscation or to spoof websites with frame + injection. + + opera + July 20, 2004 + July 20, 2004: 01 + 56311 + 56109 + remote + + + 7.53 + 7.52 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ Opera fails to remove illegal characters from an URI of a link and to check + that the target frame of a link belongs to the same website as the link. + Opera also updates the address bar before loading a page. Additionally, + Opera contains a certificate verification problem. +

+ + +

+ These vulnerabilities could allow an attacker to impersonate legitimate + websites to steal sensitive information from users. This could be done by + obfuscating the real URI of a link or by injecting a malicious frame into + an arbitrary frame of another browser window. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All Opera users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=www-client/opera-7.53" + # emerge ">=www-client/opera-7.53" + + + Bugtraq Announcement + Secunia Advisory SA11978 + Secunia Advisory SA12028 + Opera Changelog + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-16.xml new file mode 100644 index 0000000000..6546586815 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-16.xml @@ -0,0 +1,299 @@ + + + + + Linux Kernel: Multiple DoS and permission vulnerabilities + + Multiple permission vulnerabilities have been found in the Linux kernel, + allowing an attacker to change the group IDs of files mounted on a remote + filesystem (CAN-2004-0497), as well as an issue in 2.6 series kernels which + allows /proc permissions to be bypassed. A context sharing vulnerability in + vserver-sources is also handled by this advisory as well as CAN-2004-0447, + CAN-2004-0496 and CAN-2004-0565. Patched, or updated versions of these + kernels have been released and details are included along with this + advisory. + + Kernel + July 22, 2004 + March 27, 2011: 03 + 56171 + 56479 + local + + + 2.4.23-r2 + 2.6.5-r5 + 2.6.5-r5 + + + 2.4.21-r9 + 2.4.21-r9 + + + 2.4.26-r1 + 2.6.7-r5 + 2.6.7-r5 + + + 2.4.9.32.7-r8 + 2.4.9.32.7-r8 + + + 2.6.8_rc1 + 2.6.8_rc1 + + + 2.6.7-r8 + 2.6.7-r8 + + + 2.4.19-r18 + 2.4.20-r21 + 2.4.22-r13 + 2.4.25-r6 + 2.4.26-r5 + 2.4.26-r5 + + + 2.4.26.2.0-r6 + 2.4.26.2.0-r6 + + + 2.4.25_pre7-r8 + 2.4.25_pre7-r8 + + + 2.6.7-r2 + 2.6.7-r2 + + + 2.4.26-r3 + 2.4.26-r3 + + + 2.6.7_p1-r2 + 2.6.7_p1-r2 + + + 2.4.26_p6-r1 + 2.4.26_p6-r1 + + + 2.4.24-r7 + 2.4.24-r7 + + + 2.6.7-r6 + 2.6.7-r6 + + + 2.4.22-r11 + 2.4.22-r11 + + + 2.4.23-r9 + 2.4.23-r9 + + + 2.4.21-r11 + 2.4.21-r11 + + + 2.6.7-r2 + 2.6.7-r2 + + + 2.4.26-r3 + 2.4.26-r3 + + + 2.4.26-r3 + 2.4.26-r3 + + + 2.4.26-r3 + 2.4.26-r3 + + + 2.6.7-r2 + 2.6.7-r2 + + + 2.4.26-r2 + 2.4.26-r2 + + + 2.4.26-r3 + 2.4.26-r3 + + + 2.4.26_p0-r3 + 2.6.7_p0-r2 + 2.6.7_p0-r2 + + + 2.4.24-r6 + 2.4.26-r3 + 2.6.6-r4 + 2.6.6-r4 + + + 2.0 + 2.4.26.1.28-r1 + 2.4 + 2.0 + + + 2.4.26-r3 + 2.6.7-r2 + 2.6.7-r2 + + + 4.9-r10 + 4.11-r7 + 4.14-r4 + 4.14-r4 + + + 2.4.26-r3 + 2.6.7-r2 + 2.6.7-r2 + + + 2.4.27 + 2.4.27 + + + 2.4.27 + 2.4.26 + + + +

+ The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications + as well as providing the essential structure and capability to access + hardware that is needed for a running system. +

+ + +

+ The Linux kernel allows a local attacker to mount a remote file system + on a vulnerable Linux host and modify files' group IDs. On 2.4 series + kernels this vulnerability only affects shared NFS file systems. This + vulnerability has been assigned CAN-2004-0497 by the Common + Vulnerabilities and Exposures project. +

+

+ Also, a flaw in the handling of /proc attributes has been found in 2.6 + series kernels; allowing the unauthorized modification of /proc + entries, especially those which rely solely on file permissions for + security to vital kernel parameters. +

+

+ An issue specific to the VServer Linux sources has been found, by which + /proc related changes in one virtual context are applied to other + contexts as well, including the host system. +

+

+ CAN-2004-0447 resolves a local DoS vulnerability on IA64 platforms + which can cause unknown behaviour and CAN-2004-0565 resolves a floating + point information leak on IA64 platforms by which registers of other + processes can be read by a local user. +

+

+ Finally, CAN-2004-0496 addresses some more unknown vulnerabilities in + 2.6 series Linux kernels older than 2.6.7 which were found by the + Sparse source code checking tool. +

+ + +

+ Bad Group IDs can possibly cause a Denial of Service on parts of a host + if the changed files normally require a special GID to properly + operate. By exploiting this vulnerability, users in the original file + group would also be blocked from accessing the changed files. +

+

+ The /proc attribute vulnerability allows local users with previously no + permissions to certain /proc entries to exploit the vulnerability and + then gain read, write and execute access to entries. +

+

+ These new privileges can be used to cause unknown behaviour ranging + from reduced system performance to a Denial of Service by manipulating + various kernel options which are usually reserved for the superuser. + This flaw might also be used for opening restrictions set through /proc + entries, allowing further attacks to take place through another + possibly unexpected attack vector. +

+

+ The VServer issue can also be used to induce similar unexpected + behaviour to other VServer contexts, including the host. By successful + exploitation, a Denial of Service for other contexts can be caused + allowing only root to read certain /proc entries. Such a change would + also be replicated to other contexts, forbidding normal users on those + contexts to read /proc entries which could contain details needed by + daemons running as a non-root user, for example. +

+

+ Additionally, this vulnerability allows an attacker to read information + from another context, possibly hosting a different server, gaining + critical information such as what processes are running. This may be + used for furthering the exploitation of either context. +

+

+ CAN-2004-0447 and CAN-2004-0496 permit various local unknown Denial of + Service vulnerabilities with unknown impacts - these vulnerabilities + can be used to possibly elevate privileges or access reserved kernel + memory which can be used for further exploitation of the system. +

+

+ CAN-2004-0565 allows FPU register values of other processes to be read + by a local user setting the MFH bit during a floating point operation - + since no check was in place to ensure that the FPH bit was owned by the + requesting process, but only an MFH bit check, an attacker can simply + set the MFH bit and access FPU registers of processes running as other + users, possibly those running as root. +

+ + +

+ 2.4 users may not be affected by CAN-2004-0497 if they do not use + remote network filesystems and do not have support for any such + filesystems in their kernel configuration. All 2.6 users are affected + by the /proc attribute issue and the only known workaround is to + disable /proc support. The VServer flaw applies only to + vserver-sources, and no workaround is currently known for the issue. + There is no known fix to CAN-2004-0447, CAN-2004-0496 or CAN-2004-0565 + other than to upgrade the kernel to a patched version. +

+

+ As a result, all users affected by any of these vulnerabilities should + upgrade their kernels to ensure the integrity of their systems. +

+ + +

+ Users are encouraged to upgrade to the latest available sources for + their system: +

+ + # emerge sync + # emerge -pv your-favorite-sources + # emerge your-favorite-sources + + # # Follow usual procedure for compiling and installing a kernel. + # # If you use genkernel, run genkernel as you would do normally. + + + CAN-2004-0447 + CAN-2004-0496 + CAN-2004-0497 + CAN-2004-0565 + VServer /proc Context Vulnerability + + + plasmaroo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-17.xml new file mode 100644 index 0000000000..4f68a9775b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-17.xml @@ -0,0 +1,64 @@ + + + + + l2tpd: Buffer overflow + + A buffer overflow in l2tpd could lead to remote code execution. It is not + known whether this bug is exploitable. + + net-dialup/l2tpd + July 22, 2004 + July 22, 2004: 01 + 53009 + remote + + + 0.69-r2 + 0.69-r2 + + + +

+ l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol. +

+ + +

+ Thomas Walpuski discovered a buffer overflow that may be exploitable by + sending a specially crafted packet. In order to exploit the vulnerable + code, an attacker would need to fake the establishment of an L2TP tunnel. +

+ + +

+ A remote attacker may be able to execute arbitrary code with the privileges + of the user running l2tpd. +

+ + +

+ There is no known workaround for this vulnerability. +

+ + +

+ All users are recommended to upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-l2tpd-0.69-r2" + # emerge ">=net-l2tpd-0.69-r2" + + + CAN-2004-0649 + Full Disclosure Report + + + koon + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-18.xml new file mode 100644 index 0000000000..b7e4e740e7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-18.xml @@ -0,0 +1,61 @@ + + + + + mod_ssl: Format string vulnerability + + A bug in mod_ssl may allow a remote attacker to execute arbitrary code when + Apache is configured to use mod_ssl and mod_proxy. + + mod_ssl + July 22, 2004 + July 22, 2004: 01 + 57379 + remote + + + 2.8.19 + 2.8.18 + + + +

+ mod_ssl provides Secure Sockets Layer encryption and authentication to + Apache 1.3. +

+ + +

+ A bug in ssl_engine_ext.c makes mod_ssl vulnerable to a ssl_log() related + format string vulnerability in the mod_proxy hook functions. +

+ + +

+ Given the right server configuration, an attacker could execute code as the + user running Apache, usually "apache". +

+ + +

+ A server should not be vulnerable if it is not using both mod_ssl and + mod_proxy. Otherwise there is no workaround other than to disable mod_ssl. +

+ + +

+ All mod_ssl users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-www/mod_ssl-2.8.19" + # emerge ">=net-www/mod_ssl-2.8.19" + + + mod_ssl Announcement + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-19.xml new file mode 100644 index 0000000000..6d2307e2cf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-19.xml @@ -0,0 +1,58 @@ + + + + + Pavuk: Digest authentication helper buffer overflow + + Pavuk contains a bug that can allow an attacker to run arbitrary code. + + Pavuk + July 26, 2004 + May 22, 2006: 02 + remote + + + 0.9.28-r3 + 0.9.28-r2 + + + +

+ Pavuk is web spider and website mirroring tool. +

+ + +

+ Pavuk contains several buffer overflow vulnerabilities in the code + handling digest authentication. +

+ + +

+ An attacker could cause a buffer overflow, leading to arbitrary code + execution with the rights of the user running Pavuk. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Pavuk. +

+ + +

+ All Pavuk users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/pavuk-0.9.28-r3" + # emerge ">=net-misc/pavuk-0.9.28-r3" + + + CVE-2004-1437 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-20.xml new file mode 100644 index 0000000000..7927c96f30 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-20.xml @@ -0,0 +1,80 @@ + + + + + Subversion: Vulnerability in mod_authz_svn + + Users with write access to parts of a Subversion repository may bypass read + restrictions in mod_authz_svn and read any part of the repository they + wish. + + subversion + July 26, 2004 + May 22, 2006: 02 + 57747 + remote + + + 1.0.6 + 1.0.4-r1 + + + +

+ Subversion is an advanced version control system, similar to CVS, which + supports additional functionality such as the ability to move, copy and + delete files and directories. A Subversion server may be run as an + Apache module, a standalone server (svnserve), or on-demand over ssh (a + la CVS' ":ext:" protocol). The mod_authz_svn Apache module works with + Subversion in Apache to limit access to parts of Subversion + repositories based on policy set by the administrator. +

+ + +

+ Users with write access to part of a Subversion repository may bypass + read restrictions on any part of that repository. This can be done + using an "svn copy" command to copy the portion of a repository the + user wishes to read into an area where they have write access. +

+

+ Since copies are versioned, any such copy attempts will be readily + apparent. +

+ + +

+ This is a low-risk vulnerability. It affects only users of Subversion + who are running servers inside Apache and using mod_authz_svn. + Additionally, this vulnerability may be exploited only by users with + write access to some portion of a repository. +

+ + +

+ Keep sensitive content separated into different Subversion + repositories, or disable the Apache Subversion server and use svnserve + instead. +

+ + +

+ All Subversion users should upgrade to the latest available version: +

+ + # emerge sync + + # emerge -pv ">=dev-util/subversion-1.0.6" + # emerve ">=dev-util/subversion-1.0.6" + + + ChangeLog for Subversion 1.0.6 + CVE-2004-1438 + + + koon + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-21.xml new file mode 100644 index 0000000000..0bb44c7791 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-21.xml @@ -0,0 +1,76 @@ + + + + + Samba: Multiple buffer overflows + + Two buffer overflows vulnerabilities were found in Samba, potentially + allowing the remote execution of arbitrary code. + + Samba + July 29, 2004 + July 29, 2004: 02 + 57962 + remote + + + 3.0.5 + 3.0.4-r1 + + + +

+ Samba is a package which allows *nix systems to act as file servers for + Windows computers. It also allows *nix systems to mount shares exported by + a Samba/CIFS/Windows server. The Samba Web Administration Tool (SWAT) is a + web-based configuration tool part of the Samba package. +

+ + +

+ Evgeny Demidov found a buffer overflow in SWAT, located in the base64 data + decoder used to handle HTTP basic authentication (CAN-2004-0600). The same + flaw is present in the code used to handle the sambaMungedDial attribute + value, when using the ldapsam passdb backend. Another buffer overflow was + found in the code used to support the 'mangling method = hash' smb.conf + option (CAN-2004-0686). Note that the default Samba value for this option + is 'mangling method = hash2' which is not vulnerable. +

+ + +

+ The SWAT authentication overflow could be exploited to execute arbitrary + code with the rights of the Samba daemon process. The overflow in the + sambaMungedDial handling code is not thought to be exploitable. The buffer + overflow in 'mangling method = hash' code could also be used to execute + arbitrary code on vulnerable configurations. +

+ + +

+ Users disabling SWAT, not using ldapsam passdb backends and not using the + 'mangling method = hash' option are not vulnerable. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-fs/samba-3.0.5" + # emerge ">=net-fs/samba-3.0.5" + + + Samba 3.0.5 Release Notes + CAN-2004-0600 + CAN-2004-0686 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-22.xml new file mode 100644 index 0000000000..84a89f01d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-22.xml @@ -0,0 +1,77 @@ + + + + + phpMyAdmin: Multiple vulnerabilities + + Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a + valid user account to alter configuration variables and execute arbitrary + PHP code. + + dev-db/phpmyadmin + July 29, 2004 + May 22, 2006: 02 + 57890 + remote + + + 2.5.7_p1 + 2.5.7 + + + +

+ phpMyAdmin is a popular, web-based MySQL administration tool written in + PHP. It allows users to administer a MySQL database from a web-browser. +

+ + +

+ Two serious vulnerabilities exist in phpMyAdmin. The first allows any + user to alter the server configuration variables (including host, name, + and password) by appending new settings to the array variables that + hold the configuration in a GET statement. The second allows users to + include arbitrary PHP code to be executed within an eval() statement in + table name configuration settings. This second vulnerability is only + exploitable if $cfg['LeftFrameLight'] is set to FALSE. +

+ + +

+ Authenticated users can alter configuration variables for their running + copy of phpMyAdmin. The impact of this should be minimal. However, the + second vulnerability would allow an authenticated user to execute + arbitrary PHP code with the permissions of the webserver, potentially + allowing a serious Denial of Service or further remote compromise. +

+ + +

+ The second, more serious vulnerability is only exploitable if + $cfg['LeftFrameLight'] is set to FALSE. In the default Gentoo + installation, this is set to TRUE. There is no known workaround for the + first. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-db/phpmyadmin-2.5.7_p1" + # emerge ">=dev-db/phpmyadmin-2.5.7_p1" + + + BugTraq Announcement + CVE-2004-2631 + CVE-2004-2632 + + + koon + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-23.xml new file mode 100644 index 0000000000..dd782192a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200407-23.xml @@ -0,0 +1,63 @@ + + + + + SoX: Multiple buffer overflows + + SoX contains two buffer overflow vulnerabilities in the WAV header parser + code. + + SoX + July 30, 2004 + May 22, 2006: 02 + 58733 + remote + + + 12.17.4-r2 + 12.17.4-r1 + + + +

+ SoX is a command line utility that can convert various formats of + computer audio files in to other formats. +

+ + +

+ Ulf Harnhammar discovered two buffer overflows in the sox and play + commands when handling WAV files with specially crafted header fields. +

+ + +

+ By enticing a user to play or convert a specially crafted WAV file an + attacker could execute arbitrary code with the permissions of the user + running SoX. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of SoX. +

+ + +

+ All SoX users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-sound/sox-12.17.4-r2" + # emerge ">=media-sound/sox-12.17.4-r2" + + + Full Disclosure Announcement + CVE-2004-0557 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-01.xml new file mode 100644 index 0000000000..e9595f4e35 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-01.xml @@ -0,0 +1,68 @@ + + + + + MPlayer: GUI filename handling overflow + + When compiled with GUI support MPlayer is vulnerable to a remotely + exploitable buffer overflow attack. + + MPlayer + August 01, 2004 + May 22, 2006: 02 + 55456 + remote + + + 1.0_pre4-r7 + 1.0_pre4-r7 + + + +

+ MPlayer is a media player capable of handling multiple multimedia file + formats. +

+ + +

+ The MPlayer GUI code contains several buffer overflow vulnerabilities, + and at least one in the TranslateFilename() function is exploitable. +

+ + +

+ By enticing a user to play a file with a carefully crafted filename an + attacker could execute arbitrary code with the permissions of the user + running MPlayer. +

+ + +

+ To work around this issue, users can compile MPlayer without GUI + support by disabling the gtk USE flag. All users are encouraged to + upgrade to the latest available version of MPlayer. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-video/mplayer-1.0_pre4-r7" + # emerge ">=media-video/mplayer-1.0_pre4-r7" + + + Bugtraq Announcement + Open-Security Announcement + CVE-2004-0659 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-02.xml new file mode 100644 index 0000000000..52b3a9e207 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-02.xml @@ -0,0 +1,71 @@ + + + + + Courier: Cross-site scripting vulnerability in SqWebMail + + The SqWebMail web application, included in the Courier suite, is vulnerable + to cross-site scripting attacks. + + Courier + August 04, 2004 + August 04, 2004: 01 + 58020 + remote + + + 0.45.6.20040618 + 0.45.6 + + + +

+ Courier is an integrated mail and groupware server based on open protocols. + It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a + single framework. The webmail functionality included in Courier called + SqWebMail allows you to access mailboxes from a web browser. +

+ + +

+ Luca Legato found that SqWebMail is vulnerable to a cross-site scripting + (XSS) attack. An XSS attack allows an attacker to insert malicious code + into a web-based application. SqWebMail doesn't filter appropriately data + coming from message headers before displaying them. +

+ + +

+ By sending a carefully crafted message, an attacker can inject and execute + script code in the victim's browser window. This allows to modify the + behaviour of the SqWebMail application, and/or leak session information + such as cookies to the attacker. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Courier. +

+ + +

+ All Courier users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=mail-mta/courier-0.45.6.20040618" + # emerge ">=mail-mta/courier-0.45.6.20040618" + + + CAN-2004-0591 + XSS definition + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-03.xml new file mode 100644 index 0000000000..1432e2ee7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-03.xml @@ -0,0 +1,71 @@ + + + + + libpng: Numerous vulnerabilities + + libpng contains numerous vulnerabilities potentially allowing an attacker + to perform a Denial of Service attack or even execute arbitrary code. + + libpng + August 05, 2004 + August 05, 2004: 01 + 59424 + remote + + + 1.2.5-r8 + 1.2.5-r7 + + + +

+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several other programs, including web + browsers and potentially server processes. +

+ + +

+ libpng contains numerous vulnerabilities including null pointer dereference + errors and boundary errors in various functions. +

+ + +

+ An attacker could exploit these vulnerabilities to cause programs linked + against the library to crash or execute arbitrary code with the permissions + of the user running the vulnerable program, which could be the root user. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All libpng users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/libpng-1.2.5-r8" + # emerge ">=media-libs/libpng-1.2.5-r8" +

+ You should also run revdep-rebuild to rebuild any packages that depend on + older versions of libpng : +

+ + # revdep-rebuild + + + CAN-2004-0597 + CAN-2004-0598 + CAN-2004-0599 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-04.xml new file mode 100644 index 0000000000..2fe7e7a5fb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-04.xml @@ -0,0 +1,68 @@ + + + + + PuTTY: Pre-authentication arbitrary code execution + + PuTTY contains a vulnerability allowing a SSH server to execute arbitrary + code on the connecting client. + + PuTTY + August 05, 2004 + May 22, 2006: 03 + 59383 + remote + + + 0.55 + 0.54 + + + +

+ PuTTY is a free implementation of Telnet and SSH for Win32 and Unix + platforms, along with an xterm terminal emulator. +

+ + +

+ PuTTY contains a vulnerability allowing a malicious server to execute + arbitrary code on the connecting client before host key verification. +

+ + +

+ When connecting to a server using the SSH2 protocol an attacker is able + to execute arbitrary code with the permissions of the user running + PuTTY by sending specially crafted packets to the client during the + authentication process but before host key verification. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of PuTTY. +

+ + +

+ All PuTTY users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/putty-0.55" + # emerge ">=net-misc/putty-0.55" + + + Corelabs Advisory + PuTTY ChangeLog + CVE-2004-1440 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-05.xml new file mode 100644 index 0000000000..aab6c652f1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-05.xml @@ -0,0 +1,70 @@ + + + + + Opera: Multiple new vulnerabilities + + Several new vulnerabilities were found and fixed in Opera, including one + allowing an attacker to read the local filesystem remotely. + + Opera + August 05, 2004 + December 30, 2007: 03 + 59503 + remote + + + 7.54 + 7.53 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ Multiple vulnerabilities have been found in the Opera web browser. + Opera fails to deny write access to the "location" browser object. An + attacker can overwrite methods in this object and gain script access to + any page that uses one of these methods. Furthermore, access to file:// + URLs is possible even from pages loaded using other protocols. Finally, + spoofing a legitimate web page is still possible, despite the fixes + announced in GLSA 200407-15. +

+ + +

+ By enticing an user to visit specially crafted web pages, an attacker + can read files located on the victim's file system, read emails written + or received by M2, Opera's mail program, steal cookies, spoof URLs, + track user browsing history, etc. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version. +

+ + +

+ All Opera users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=www-client/opera-7.54" + # emerge ">=www-client/opera-7.54" + + + Opera Changelog + Address bar spoofing issue disclosure + GreyMagic Security Advisory GM#008-OP + CVE-2004-2570 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-06.xml new file mode 100644 index 0000000000..deb745c498 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-06.xml @@ -0,0 +1,64 @@ + + + + + SpamAssassin: Denial of Service vulnerability + + SpamAssassin is vulnerable to a Denial of Service attack when handling + certain malformed messages. + + SpamAssassin + August 09, 2004 + May 22, 2006: 02 + 59483 + remote + + + 2.64 + 2.63-r1 + + + +

+ SpamAssassin is an extensible email filter which is used to identify + spam. +

+ + +

+ SpamAssassin contains an unspecified Denial of Service vulnerability. +

+ + +

+ By sending a specially crafted message an attacker could cause a Denial + of Service attack against the SpamAssassin service. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of SpamAssassin. +

+ + +

+ All SpamAssassin users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=mail-filter/spamassassin-2.64" + # emerge ">=mail-filter/spamassassin-2.64" + + + SpamAssassin Release Announcement + CVE-2004-0796 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-07.xml new file mode 100644 index 0000000000..e53ced251d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-07.xml @@ -0,0 +1,65 @@ + + + + + Horde-IMP: Input validation vulnerability for Internet Explorer users + + An input validation vulnerability has been discovered in Horde-IMP. This + only affects users of Internet Explorer. + + horde-imp + August 10, 2004 + May 22, 2006: 02 + 59336 + remote + + + 3.2.5 + 3.2.4 + + + +

+ Horde-IMP is the Internet Messaging Program. It is written in PHP and + provides webmail access to IMAP and POP3 accounts. +

+ + +

+ Horde-IMP fails to properly sanitize email messages that contain + malicious HTML or script code so that it is not safe for users of + Internet Explorer when using the inline MIME viewer for HTML messages. +

+ + +

+ By enticing a user to read a specially crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +

+ + +

+ Do not use Internet Explorer to access Horde-IMP. +

+ + +

+ All Horde-IMP users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=www-apps/horde-imp-3.2.5" + # emerge ">=www-apps/horde-imp-3.2.5" + + + Horde-IMP Changelog + Secunia Advisory SA12202 + CVE-2004-1443 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-08.xml new file mode 100644 index 0000000000..013868c676 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-08.xml @@ -0,0 +1,73 @@ + + + + + Cfengine: RSA Authentication Heap Corruption + + Cfengine is vulnerable to a remote root exploit from clients in + AllowConnectionsFrom. + + Cfengine + August 10, 2004 + May 22, 2006: 05 + 59895 + remote + + + 2.1.8 + 2.0.0 + 2.1.7 + + + +

+ Cfengine is an agent/software robot and a high level policy language + for building expert systems to administrate and configure large + computer networks. +

+ + +

+ Two vulnerabilities have been found in cfservd. One is a buffer + overflow in the AuthenticationDialogue function and the other is a + failure to check the proper return value of the ReceiveTransaction + function. +

+ + +

+ An attacker could use the buffer overflow to execute arbitrary code + with the permissions of the user running cfservd, which is usually the + root user. However, before such an attack could be mounted, the + IP-based ACL would have to be bypassed. With the second vulnerability, + an attacker could cause a denial of service attack. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Cfengine. (It should be + noted that disabling cfservd will work around this particular problem. + However, in many cases, doing so will cripple your Cfengine setup. + Upgrading is strongly recommended.) +

+ + +

+ All Cfengine users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/cfengine-2.1.8" + # emerge ">=net-misc/cfengine-2.1.8" + + + Corelabs Advisory + CVE-2004-1701 + CVE-2004-1702 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-09.xml new file mode 100644 index 0000000000..8fc9bdb961 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-09.xml @@ -0,0 +1,62 @@ + + + + + Roundup: Filesystem access vulnerability + + Roundup will make files owned by the user that it's running as accessable + to a remote attacker. + + Roundup + August 11, 2004 + May 22, 2006: 03 + 53494 + remote + + + 0.7.6 + 0.6.4 + + + +

+ Roundup is a simple to use issue-tracking system with command-line, + web, and e-mail interfaces. +

+ + +

+ Improper handling of a specially crafted URL allows access to the + server's filesystem, which could contain sensitive information. +

+ + +

+ An attacker could view files owned by the user running Roundup. This + will never be root however, as Roundup will not run as root. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Roundup. +

+ + +

+ All Roundup users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=www-apps/roundup-0.7.6" + # emerge ">=www-apps/roundup-0.7.6" + + + Secunia Advisory SA11801 + CVE-2004-1444 + + + chriswhite + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-10.xml new file mode 100644 index 0000000000..ec85a58018 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-10.xml @@ -0,0 +1,64 @@ + + + + + gv: Exploitable Buffer Overflow + + gv contains an exploitable buffer overflow that allows an attacker to + execute arbitrary code. + + gv + August 12, 2004 + August 12, 2004: 01 + 59385 + remote + + + 3.5.8-r4 + 3.5.8-r3 + + + +

+ gv is a PostScript and PDF viewer for X which provides a user interface for + the ghostscript interpreter. +

+ + +

+ gv contains a buffer overflow vulnerability where an unsafe sscanf() call + is used to interpret PDF and PostScript files. +

+ + +

+ By enticing a user to view a malformed PDF or PostScript file an attacker + could execute arbitrary code with the permissions of the user running gv. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of gv. +

+ + +

+ All gv users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-text/gv-3.5.8-r4" + # emerge ">=app-text/gv-3.5.8-r4" + + + CAN-2002-0838 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-11.xml new file mode 100644 index 0000000000..f7abf96fa2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-11.xml @@ -0,0 +1,64 @@ + + + + + Nessus: "adduser" race condition vulnerability + + Nessus contains a vulnerability allowing a user to perform a privilege + escalation attack. + + Nessus + August 12, 2004 + May 22, 2006: 02 + 58014 + local + + + 2.0.12 + 2.0.11 + + + +

+ Nessus is a free and powerful network security scanner. +

+ + +

+ A race condition can occur in "nessus-adduser" if the user has not + configured their TMPDIR variable. +

+ + +

+ A malicious user could exploit this bug to escalate privileges to the + rights of the user running "nessus-adduser". +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Nessus. +

+ + +

+ All Nessus users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-analyzer/nessus-2.0.12" + # emerge ">=net-analyzer/nessus-2.0.12" + + + Secunia Advisory + CVE-2004-1445 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-12.xml new file mode 100644 index 0000000000..7c4a93953a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-12.xml @@ -0,0 +1,64 @@ + + + + + Gaim: MSN protocol parsing function buffer overflow + + Gaim contains a remotely exploitable buffer overflow vulnerability in the + MSN-protocol parsing code that may allow remote execution of arbitrary + code. + + gaim + August 12, 2004 + May 22, 2006: 03 + 60034 + remote + + + 0.81-r1 + 0.81 + + + +

+ Gaim is a multi-protocol instant messaging client for Linux which + supports many instant messaging protocols. +

+ + +

+ Sebastian Krahmer of the SuSE Security Team has discovered a remotely + exploitable buffer overflow vulnerability in the code handling MSN + protocol parsing. +

+ + +

+ By sending a carefully-crafted message, an attacker may execute + arbitrary code with the permissions of the user running Gaim. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Gaim. +

+ + +

+ All Gaim users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-im/gaim-0.81-r1" + # emerge ">=net-im/gaim-0.81-r1" + + + OSVDB ID: 8382 + CVE-2004-0500 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-13.xml new file mode 100644 index 0000000000..3b6788df0c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-13.xml @@ -0,0 +1,79 @@ + + + + + kdebase, kdelibs: Multiple security issues + + KDE contains three security issues that can allow an attacker to compromise + system accounts, cause a Denial of Service, or spoof websites via frame + injection. + + kde, kdebase, kdelibs + August 12, 2004 + August 12, 2004: 01 + 60068 + remote and local + + + 3.2.3-r1 + 3.2.3-r1 + + + 3.2.3-r1 + 3.2.3-r1 + + + +

+ KDE is a powerful Free Software graphical desktop environment for Linux and + Unix-like Operating Systems. +

+ + +

+ KDE contains three security issues: +

+
    +
  • Insecure handling of temporary files when running KDE applications + outside of the KDE environment
    • +
  • DCOPServer creates temporary files in an insecure manner
    • +
  • The Konqueror browser allows websites to load webpages into a target + frame of any other open frame-based webpage
    • +
+ + +

+ An attacker could exploit these vulnerabilities to create or overwrite + files with the permissions of another user, compromise the account of users + running a KDE application and insert arbitrary frames into an otherwise + trusted webpage. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of kdebase. +

+ + +

+ All KDE users should upgrade to the latest versions of kdelibs and kdebase: +

+ + # emerge sync + + # emerge -pv ">=kde-base/kdebase-3.2.3-r1" + # emerge ">=kde-base/kdebase-3.2.3-r1" + + # emerge -pv ">=kde-base/kdelibs-3.2.3-r1" + # emerge ">=kde-base/kdelibs-3.2.3-r1" + + + KDE Advisory: Temporary Directory Vulnerability + KDE Advisory: DCOPServer Temporary Filename Vulnerability + KDE Advisory: Konqueror Frame Injection Vulnerability + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-14.xml new file mode 100644 index 0000000000..2512942ac0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-14.xml @@ -0,0 +1,67 @@ + + + + + acroread: UUDecode filename buffer overflow + + acroread contains two errors in the handling of UUEncoded filenames that + may lead to execution of arbitrary code or programs. + + acroread + August 15, 2004 + May 22, 2006: 03 + 60205 + remote + + + 5.09 + 5.08 + + + +

+ acroread is Adobe's Acrobat PDF reader for Linux. +

+ + +

+ acroread contains two errors in the handling of UUEncoded filenames. + First, it fails to check the length of a filename before copying it + into a fixed size buffer and, secondly, it fails to check for the + backtick shell metacharacter in the filename before executing a command + with a shell. +

+ + +

+ By enticing a user to open a PDF with a specially crafted filename, an + attacker could execute arbitrary code or programs with the permissions + of the user running acroread. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of acroread. +

+ + +

+ All acroread users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-text/acroread-5.09" + # emerge ">=app-text/acroread-5.09" + + + iDEFENSE Advisory 124 + iDEFENSE Advisory 125 + CVE-2004-0630 + CVE-2004-0631 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-15.xml new file mode 100644 index 0000000000..ff125490d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-15.xml @@ -0,0 +1,69 @@ + + + + + Tomcat: Insecure installation + + Improper file ownership may allow a member of the tomcat group to execute + scripts as root. + + tomcat + August 15, 2004 + May 22, 2006: 04 + 59232 + local + + + 5.0.27-r3 + 4.1.30-r4 + 3.3.2-r2 + 5.0.27-r3 + + + +

+ Tomcat is the Apache Jakarta Project's official implementation of Java + Servlets and Java Server Pages. +

+ + +

+ The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init + scripts as tomcat:tomcat, but those scripts are executed with root + privileges when the system is started. This may allow a member of the + tomcat group to run arbitrary code with root privileges when the Tomcat + init scripts are run. +

+ + +

+ This could lead to a local privilege escalation or root compromise by + authenticated users. +

+ + +

+ Users may change the ownership of /etc/init.d/tomcat* and + /etc/conf.d/tomcat* to be root:root: +

+ + # chown -R root:root /etc/init.d/tomcat* + # chown -R root:root /etc/conf.d/tomcat* + + +

+ All Tomcat users can upgrade to the latest stable version, or simply + apply the workaround: +

+ + # emerge sync + # emerge -pv ">=www-servers/tomcat-5.0.27-r3" + # emerge ">=www-servers/tomcat-5.0.27-r3" + + + CVE-2004-1452 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-16.xml new file mode 100644 index 0000000000..04680d3abf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-16.xml @@ -0,0 +1,81 @@ + + + + + glibc: Information leak with LD_DEBUG + + glibc contains an information leak vulnerability allowing the debugging of + SUID binaries. + + glibc + August 16, 2004 + May 28, 2006: 04 + 59526 + local + + + 2.3.2-r11 + 2.3.2-r10 + + + 2.3.3.20040420-r1 + 2.3.3.20040420 + + + 2.3.4.20040619-r1 + 2.3.3.20040420 + + + 2.3.4.20040619-r1 + 2.3.4.20040619 + + + 2.3.4.20040808 + 2.3.4.20040605 + + + +

+ The GNU C library defines various Unix-like "system calls" and other + basic facilities needed for a standard POSIX-like application to + operate. +

+ + +

+ Silvio Cesare discovered a potential information leak in glibc. It + allows LD_DEBUG on SUID binaries where it should not be allowed. This + has various security implications, which may be used to gain + confidentional information. +

+ + +

+ An attacker can gain the list of symbols a SUID application uses and + their locations and can then use a trojaned library taking precendence + over those symbols to gain information or perform further exploitation. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of glibc. +

+ + +

+ All glibc users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv your_version + # emerge your_version + + + CVE-2004-1453 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-17.xml new file mode 100644 index 0000000000..15c7c76c29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-17.xml @@ -0,0 +1,71 @@ + + + + + rsync: Potential information leakage + + rsync fails to properly sanitize paths. This vulnerability could allow the + listing of arbitrary files and allow file overwriting outside module's path + on rsync server configurations that allow uploading. + + rsync + August 17, 2004 + May 22, 2006: 02 + 60309 + remote + + + 2.6.0-r3 + 2.6.0-r2 + + + +

+ rsync is a utility that provides fast incremental file transfers. It is + used to efficiently synchronize files between hosts and is used by + emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, + which listens to connections from rsync clients. +

+ + +

+ The paths sent by the rsync client are not checked thoroughly enough. + It does not affect the normal send/receive filenames that specify what + files should be transferred. It does affect certain option paths that + cause auxilliary files to be read or written. +

+ + +

+ When rsyncd is used without chroot ("use chroot = false" in the + rsyncd.conf file), this vulnerability could allow the listing of + arbitrary files outside module's path and allow file overwriting + outside module's path on rsync server configurations that allows + uploading. Both possibilities are exposed only when chroot option is + disabled. +

+ + +

+ You should never set the rsync daemon to run with "use chroot = false". +

+ + +

+ All users should update to the latest version of the rsync package. +

+ + # emerge sync + + # emerge -pv ">=net-misc/rsync-2.6.0-r3" + # emerge ">=net-misc/rsync-2.6.0-r3" + + + rsync Advisory + rsync 2.6.2 announcement + CVE-2004-0792 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-18.xml new file mode 100644 index 0000000000..38363b4d4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-18.xml @@ -0,0 +1,68 @@ + + + + + xine-lib: VCD MRL buffer overflow + + xine-lib contains an exploitable buffer overflow in the VCD handling code + + xine-lib + August 17, 2004 + May 22, 2006: 02 + 59948 + remote + + + 1_rc5-r3 + 1_rc5-r2 + + + +

+ xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +

+ + +

+ xine-lib contains a bug where it is possible to overflow the vcd:// + input source identifier management buffer through carefully crafted + playlists. +

+ + +

+ An attacker may construct a carefully-crafted playlist file which will + cause xine-lib to execute arbitrary code with the permissions of the + user. In order to conform with the generic naming standards of most + Unix-like systems, playlists can have extensions other than .asx (the + standard xine playlist format), and made to look like another file + (MP3, AVI, or MPEG for example). If an attacker crafts a playlist with + a valid header, they can insert a VCD playlist line that can cause a + buffer overflow and possible shellcode execution. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of xine-lib. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/xine-lib-1_rc5-r3" + # emerge ">=media-libs/xine-lib-1_rc5-r3" + + + Open Security Advisory + CVE-2004-1475 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-19.xml new file mode 100644 index 0000000000..2df5a7d221 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-19.xml @@ -0,0 +1,71 @@ + + + + + courier-imap: Remote Format String Vulnerability + + There is a format string vulnerability in non-standard configurations of + courier-imapd which may be exploited remotely. An attacker may be able to + execute arbitrary code as the user running courier-imapd (oftentimes root). + + courier-imap + August 19, 2004 + May 22, 2006: 02 + 60865 + remote + + + 3.0.5 + 3.0.2-r1 + + + +

+ Courier-IMAP is an IMAP server which is part of the Courier mail + system. It provides access only to maildirs. +

+ + +

+ There is a format string vulnerability in the auth_debug() function + which can be exploited remotely, potentially leading to arbitrary code + execution as the user running the IMAP daemon (oftentimes root). A + remote attacker may send username or password information containing + printf() format tokens (such as "%s"), which will crash the server or + cause it to execute arbitrary code. +

+

+ This vulnerability can only be exploited if DEBUG_LOGIN is set to + something other than 0 in the imapd config file. +

+ + +

+ If DEBUG_LOGIN is enabled in the imapd configuration, a remote attacker + may execute arbitrary code as the root user. +

+ + +

+ Set the DEBUG_LOGIN option in /etc/courier-imap/imapd to 0. (This is + the default value.) +

+ + +

+ All courier-imap users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-mail/courier-imap-3.0.5" + # emerge ">=net-mail/courier-imap-3.0.5" + + + iDEFENSE Advisory + CVE-2004-0777 + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-20.xml new file mode 100644 index 0000000000..bbe3c4a762 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-20.xml @@ -0,0 +1,72 @@ + + + + + Qt: Image loader overflows + + There are several bugs in Qt's image-handling code which could lead to + crashes or arbitrary code execution. + + Qt + August 22, 2004 + May 22, 2006: 02 + 60855 + local + + + 3.3.3 + 3.3.2 + + + +

+ Qt is a cross-platform GUI toolkit used by KDE. +

+ + +

+ There are several unspecified bugs in the QImage class which may cause + crashes or allow execution of arbitrary code as the user running the Qt + application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image + types. +

+ + +

+ An attacker may exploit these bugs by causing a user to open a + carefully-constructed image file in any one of these formats. This may + be accomplished through e-mail attachments (if the user uses KMail), or + by simply placing a malformed image on a website and then convicing the + user to load the site in a Qt-based browser (such as Konqueror). +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Qt. +

+ + +

+ All Qt users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=x11-libs/qt-3.3.3" + # emerge ">=x11-libs/qt-3.3.3" + + + Mandrake Advisory + Qt 3.3.3 ChangeLog + CVE-2004-0691 + CVE-2004-0692 + CVE-2004-0693 + + + jaervosz + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-21.xml new file mode 100644 index 0000000000..6dc2f99716 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-21.xml @@ -0,0 +1,67 @@ + + + + + Cacti: SQL injection vulnerability + + With special configurations of Cacti it is possible to change passwords via + a SQL injection attack. + + cacti + August 23, 2004 + May 22, 2006: 04 + 60630 + remote + + + 0.8.5a-r1 + 0.8.5a + + + +

+ Cacti is a complete web-based front end to rrdtool. +

+ + +

+ Cacti is vulnerable to a SQL injection attack where an attacker may + inject SQL into the Username field. +

+ + +

+ An attacker could compromise the Cacti service and potentially execute + programs with the permissions of the user running Cacti. Only systems + with php_flag magic_quotes_gpc set to Off are vulnerable. By default, + Gentoo Linux installs PHP with this option set to On. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Cacti. +

+ + +

+ All users should upgrade to the latest available version of Cacti, as + follows: +

+ + # emerge sync + + # emerge -pv ">=net-analyzer/cacti-0.8.5a-r1" + # emerge ">=net-analyzer/cacti-0.8.5a-r1" + + + Full Disclosure Announcement + CVE-2004-1737 + + + dmargoli + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-22.xml new file mode 100644 index 0000000000..9f8781154c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-22.xml @@ -0,0 +1,117 @@ + + + + + Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities + + New releases of Mozilla, Epiphany, Galeon, Mozilla Thunderbird, and Mozilla + Firefox fix several vulnerabilities, including remote DoS and buffer + overflows. + + www-client/mozilla, www-client/mozilla-firefox, mail-client/mozilla-thunderbird, www-client/galeon, www-client/epiphany + August 23, 2004 + December 30, 2007: 06 + 57380 + 59419 + remote + + + 1.7.2 + 1.7.2 + + + 0.9.3 + 0.9.3 + + + 0.7.3 + 0.7.3 + + + 1.7.2 + 1.7.2 + + + 0.9.3 + 0.9.3 + + + 0.7.3 + 0.7.3 + + + 1.2.7-r1 + 1.2.7-r1 + + + 1.3.17 + 1.3.17 + + + +

+ Mozilla is a popular web browser that includes a mail and newsreader. + Galeon and Epiphany are both web browsers that use gecko, the Mozilla + rendering engine. Mozilla Firefox is the next-generation browser from + the Mozilla project that incorporates advanced features that are yet to + be incorporated into Mozilla. Mozilla Thunderbird is the + next-generation mail client from the Mozilla project. +

+ + +

+ Mozilla, Galeon, Epiphany, Mozilla Firefox and Mozilla Thunderbird + contain the following vulnerabilities: +

+
    +
  • All Mozilla tools use libpng for graphics. This library contains a + buffer overflow which may lead to arbitrary code execution.
    • +
  • If a user imports a forged Certificate Authority (CA) certificate, + it may overwrite and corrupt the valid CA already installed on the + machine.
    • +
+

+ Mozilla, Mozilla Firefox, and other gecko-based browsers also contain a + bug in their caching which may allow the SSL icon to remain visible, + even when the site in question is an insecure site. +

+ + +

+ Users of Mozilla, Mozilla Firefox, and other gecko-based browsers are + susceptible to SSL certificate spoofing, a Denial of Service against + legitimate SSL sites, crashes, and arbitrary code execution. Users of + Mozilla Thunderbird are susceptible to crashes and arbitrary code + execution via malicious e-mails. +

+ + +

+ There is no known workaround for most of these vulnerabilities. All + users are advised to upgrade to the latest available version. +

+ + +

+ All users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv your-version + # emerge your-version + + + CAN-2004-0763 + CAN-2004-0758 + CAN-2004-0597 + CAN-2004-0598 + CAN-2004-0599 + + + koon + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-23.xml new file mode 100644 index 0000000000..a1c27bdd35 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-23.xml @@ -0,0 +1,79 @@ + + + + + kdelibs: Cross-domain cookie injection vulnerability + + The cookie manager component in kdelibs contains a vulnerability allowing + an attacker to potentially gain access to a user's session on a legitimate + web server. + + kdelibs + August 24, 2004 + August 24, 2004: 01 + 61389 + remote + + + 3.2.3-r2 + 3.2.3-r1 + + + +

+ KDE is a widely-used desktop environment based on the Qt toolkit. + kcookiejar in kdelibs is responsible for storing and managing HTTP cookies. + Konqueror uses kcookiejar for storing and managing cookies. +

+ + +

+ kcookiejar contains a vulnerability which may allow a malicious website to + set cookies for other websites under the same second-level domain. +

+

+ This vulnerability applies to country-specific secondary top level domains + that use more than 2 characters in the secondary part of the domain name, + and that use a secondary part other than com, net, mil, org, gov, edu or + int. However, certain popular domains, such as co.uk, are not affected. +

+ + +

+ Users visiting a malicious website using the Konqueror browser may have a + session cookie set for them by that site. Later, when the user visits + another website under the same domain, the attacker's session cookie will + be used instead of the cookie issued by the legitimate site. Depending on + the design of the legitimate site, this may allow an attacker to gain + access to the user's session. For further explanation on this type of + attack, see the paper titled "Session Fixation Vulnerability in + Web-based Applications" (reference 2). +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of kdelibs. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=kde-base/kdelibs-3.2.3-r2" + # emerge ">=kde-base/kdelibs-3.2.3-r2" + + + KDE Advisory + Session Fixation Vulnerability in Web-based Applications + + + jaervosz + + + condordes + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-24.xml new file mode 100644 index 0000000000..d2fe4e66dd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-24.xml @@ -0,0 +1,233 @@ + + + + + Linux Kernel: Multiple information leaks + + Multiple information leaks have been found in the Linux kernel, allowing an + attacker to obtain sensitive data which may be used for further + exploitation of the system. + + Kernel + August 25, 2004 + March 27, 2011: 03 + 59378 + 59769 + 59905 + local + + + 2.4.23-r2 + 2.6.5-r5 + 2.6.5-r5 + + + 2.4.21-r12 + 2.4.21-r12 + + + 2.4.26-r1 + 2.6.7-r5 + 2.6.7-r5 + + + 2.6.8 + 2.6.8 + + + 2.6.7-r12 + 2.6.7-r12 + + + 2.4.19-r22 + 2.4.20-r25 + 2.4.22-r16 + 2.4.25-r9 + 2.4.26-r9 + 2.4.26-r9 + + + 2.4.27.2.0.1-r1 + 2.4.27.2.0.1-r1 + + + 2.4.25_pre7-r11 + 2.4.25_pre7-r11 + + + 2.6.7-r7 + 2.6.7-r7 + + + 2.4.27-r1 + 2.4.27-r1 + + + 2.6.7_p14-r1 + 2.6.7_p14-r1 + + + 2.4.26_p7-r1 + 2.4.26_p7-r1 + + + 2.4.24-r10 + 2.4.24-r10 + + + 2.4.25-r8 + 2.4.26-r8 + 2.6.4-r8 + 2.6.6-r8 + 2.6.7-r5 + 2.6.6-r8 + + + 2.6.8_rc4-r1 + 2.6.8_rc4-r1 + + + 2.4.24-r4 + 2.4.24-r4 + + + 2.4.23-r12 + 2.4.23-r12 + + + 2.6.8 + 2.6.8 + + + 2.4.26-r5 + 2.4.26-r5 + + + 2.6.7-r5 + 2.6.7-r5 + + + 2.4.26-r3 + 2.4.26-r3 + + + 2.4.27-r1 + 2.4.27-r1 + + + 2.4.26_p0-r6 + 2.6.7_p0-r5 + 2.6.7_p0-r5 + + + 2.4.24-r9 + 2.4.26-r6 + 2.6.6-r6 + 2.6.6-r6 + + + 2.4.27 + 2.4.27 + + + 2.0 + 2.4.26.1.28-r4 + 2.0 + 2.4 + + + 2.4.26-r6 + 2.6.7-r2 + 2.6.7-r5 + + + 4.9-r14 + 4.11-r10 + 4.14-r7 + 4.14-r7 + + + 2.4.27-r1 + 2.6.7-r5 + 2.6.7-r5 + + + +

+ The Linux kernel is responsible for managing the core aspects of a + GNU/Linux system, providing an interface for core system applications + as well as providing the essential structure and capability to access + hardware that is needed for a running system. +

+ + +

+ The Linux kernel allows a local attacker to obtain sensitive kernel + information by gaining access to kernel memory via several leaks in the + /proc interfaces. These vulnerabilities exist in various drivers which + make up a working Linux kernel, some of which are present across all + architectures and configurations. +

+

+ CAN-2004-0415 deals with addressing invalid 32 to 64 bit conversions in + the kernel, as well as insecure direct access to file offset pointers + in kernel code which can be modified by the open(...), lseek(...) and + other core system I/O functions by an attacker. +

+

+ CAN-2004-0685 deals with certain USB drivers using uninitialized + structures and then using the copy_to_user(...) kernel call to copy + these structures. This may leak uninitialized kernel memory, which can + contain sensitive information from user applications. +

+

+ Finally, a race condition with the /proc/.../cmdline node was found, + allowing environment variables to be read while the process was still + spawning. If the race is won, environment variables of the process, + which might not be owned by the attacker, can be read. +

+ + +

+ These vulnerabilities allow a local unprivileged attacker to access + segments of kernel memory or environment variables which may contain + sensitive information. Kernel memory may contain passwords, data + transferred between processes and any memory which applications did not + clear upon exiting as well as the kernel cache and kernel buffers. +

+

+ This information may be used to read sensitive data, open other attack + vectors for further exploitation or cause a Denial of Service if the + attacker can gain superuser access via the leaked information. +

+ + +

+ There is no temporary workaround for any of these information leaks + other than totally disabling /proc support - otherwise, a kernel + upgrade is required. A list of unaffected kernels is provided along + with this announcement. +

+ + +

+ Users are encouraged to upgrade to the latest available sources for + their system: +

+ + # emerge sync + # emerge -pv your-favorite-sources + # emerge your-favorite-sources + + # # Follow usual procedure for compiling and installing a kernel. + # # If you use genkernel, run genkernel as you would normally. + + + CAN-2004-0415 + CAN-2004-0685 + CVE-2004-1058 + + + plasmaroo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-25.xml new file mode 100644 index 0000000000..06fdbc9cf4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-25.xml @@ -0,0 +1,68 @@ + + + + + MoinMoin: Group ACL bypass + + MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access + Control Lists) and carry out operations that should be limited to + authorized users. + + MoinMoin + August 26, 2004 + May 22, 2006: 02 + 57913 + remote + + + 1.2.3 + 1.2.2 + + + +

+ MoinMoin is a Python clone of WikiWiki, based on PikiPiki. +

+ + +

+ MoinMoin contains two unspecified bugs, one allowing anonymous users + elevated access when not using ACLs, and the other in the ACL handling + in the PageEditor. +

+ + +

+ Restrictions on anonymous users were not properly enforced. This could + lead to unauthorized users gaining administrative access to functions + such as "revert" and "delete". Sites are vulnerable whether or not they + are using ACLs. +

+ + +

+ There is no known workaround. +

+ + +

+ All users should upgrade to the latest available version of MoinMoin, + as follows: +

+ + # emerge sync + + # emerge -pv ">=www-apps/moinmoin-1.2.3" + # emerge ">=www-apps/moinmoin-1.2.3" + + + MoinMoin Announcement + OSVDB Advisory 8194 + OSVDB Advisory 8195 + CVE-2004-1462 + CVE-2004-1463 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-26.xml new file mode 100644 index 0000000000..c95a139d41 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-26.xml @@ -0,0 +1,69 @@ + + + + + zlib: Denial of service vulnerability + + The zlib library contains a Denial of Service vulnerability. + + zlib + August 27, 2004 + May 22, 2006: 02 + 61749 + remote + + + 1.2.1-r3 + 1.2.1-r2 + + + +

+ zlib is a general-purpose data-compression library. +

+ + +

+ zlib contains a bug in the handling of errors in the "inflate()" and + "inflateBack()" functions. +

+ + +

+ An attacker could exploit this vulnerability to launch a Denial of + Service attack on any application using the zlib library. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of zlib. +

+ + +

+ All zlib users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=sys-libs/zlib-1.2.1-r3" + # emerge ">=sys-libs/zlib-1.2.1-r3" +

+ You should also run revdep-rebuild to rebuild any packages that depend + on older versions of zlib : +

+ + # revdep-rebuild + + + OpenPKG-SA-2004.038-zlib + CVE-2004-0797 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-27.xml new file mode 100644 index 0000000000..6d8bdc8fb2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200408-27.xml @@ -0,0 +1,81 @@ + + + + + Gaim: New vulnerabilities + + Gaim contains several security issues that might allow an attacker to + execute arbitrary code or commands. + + Gaim + August 27, 2004 + May 22, 2006: 02 + 61457 + remote + + + 0.81-r5 + 0.81-r5 + + + +

+ Gaim is a multi-protocol instant messaging client for Linux which + supports many instant messaging protocols. +

+ + +

+ Gaim fails to do proper bounds checking when: +

+
    +
  • Handling MSN messages (partially fixed with GLSA 200408-12).
    • +
  • Handling rich text format messages.
    • +
  • Resolving local hostname.
    • +
  • Receiving long URLs.
    • +
  • Handling groupware messages.
    • +
  • Allocating memory for webpages with fake content-length + header.
    • +
+

+ Furthermore Gaim fails to escape filenames when using drag and drop + installation of smiley themes. +

+ + +

+ These vulnerabilities could allow an attacker to crash Gaim or execute + arbitrary code or commands with the permissions of the user running + Gaim. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of Gaim. +

+ + +

+ All gaim users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-im/gaim-0.81-r5" + # emerge ">=net-im/gaim-0.81-r5" + + + Gaim security issues + CVE-2004-0500 + CVE-2004-0754 + CVE-2004-0784 + CVE-2004-0785 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-01.xml new file mode 100644 index 0000000000..159ac1f866 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-01.xml @@ -0,0 +1,64 @@ + + + + + vpopmail: Multiple vulnerabilities + + vpopmail contains several bugs making it vulnerable to several SQL + injection exploits as well as one buffer overflow and one format string + exploit when using Sybase. This could lead to the execution of arbitrary + code. + + vpopmail + September 01, 2004 + September 01, 2004: 01 + 60844 + remote + + + 5.4.6 + 5.4.6 + + + +

+ vpopmail handles virtual mail domains for qmail and Postfix. +

+ + +

+ vpopmail is vulnerable to several unspecified SQL injection exploits. + Furthermore when using Sybase as the backend database vpopmail is + vulnerable to a buffer overflow and format string exploit. +

+ + +

+ These vulnerabilities could allow an attacker to execute code with the + permissions of the user running vpopmail. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of vpopmail. +

+ + +

+ All vpopmail users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-mail/vpopmail-5.4.6" + # emerge ">=net-mail/vpopmail-5.4.6" + + + vpopmail Announcement + Bugtraq Announcement + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-02.xml new file mode 100644 index 0000000000..a042b03bc2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-02.xml @@ -0,0 +1,70 @@ + + + + + MySQL: Insecure temporary file creation in mysqlhotcopy + + The mysqlhotcopy utility can create temporary files with predictable paths, + allowing an attacker to use a symlink to trick MySQL into overwriting + important data. + + MySQL + September 01, 2004 + September 01, 2004: 01 + 60744 + local + + + 4.0.20-r1 + 4.0.20 + + + +

+ MySQL is a popular open-source multi-threaded, multi-user SQL database + server. +

+ + +

+ Jeroen van Wolffelaar discovered that the MySQL database hot copy utility + (mysqlhotcopy.sh), when using the scp method, uses temporary files with + predictable names. A malicious local user with write access to the /tmp + directory could create a symbolic link pointing to a file, which may then + be overwritten. In cases where mysqlhotcopy is run as root, a malicious + user could create a symlink to a critical file such as /etc/passwd and + cause it to be overwritten. +

+ + +

+ A local attacker could use this vulnerability to destroy other users' data + or corrupt and destroy system files, possibly leading to a denial of + service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-db/mysql-4.0.20-r1" + # emerge ">=dev-db/mysql-4.0.20-r1" + + + CAN-2004-0457 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-03.xml new file mode 100644 index 0000000000..f9ca7d2f4e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-03.xml @@ -0,0 +1,61 @@ + + + + + Python 2.2: Buffer overflow in getaddrinfo() + + Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a + malformed IPV6 address is encountered by getaddrinfo(). + + Python + September 02, 2004 + September 02, 2004: 01 + 62440 + remote + + + 2.2.2 + 2.2 + 2.2.2 + + + +

+ Python is an interpreted, interactive, object-oriented, cross-platform + programming language. +

+ + +

+ If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6 + DNS requests properly and a buffer overflow occurs. +

+ + +

+ An attacker can execute arbitrary code as the user running python. +

+ + +

+ Users with IPV6 enabled are not affected by this vulnerability. +

+ + +

+ All Python 2.2 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-lang/python-2.2.2" + # emerge ">=dev-lang/python-2.2.2" + + + CVE-2004-0150 + OSVDB:4172 + + + chriswhite + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-04.xml new file mode 100644 index 0000000000..941ee1102b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-04.xml @@ -0,0 +1,66 @@ + + + + + Squid: Denial of service when using NTLM authentication + + Squid is vulnerable to a denial of service attack which could crash its + NTLM helpers. + + squid + September 02, 2004 + December 30, 2007: 03 + 61280 + remote + + + 2.5.6-r2 + 2.5 + 2.5.6-r1 + + + +

+ Squid is a full-featured Web Proxy Cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +

+ + +

+ Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() + and ntlm_get_string() which lack checking the int32_t offset "o" for + negative values. +

+ + +

+ A remote attacker could cause a denial of service situation by sending + certain malformed NTLMSSP packets if NTLM authentication is enabled. +

+ + +

+ Disable NTLM authentication by removing any "auth_param ntlm program + ..." directives from squid.conf or use ntlm_auth from Samba-3.x. +

+ + +

+ All Squid users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=net-www/squid-2.5.6-r2" + # emerge ">=net-www/squid-2.5.6-r2" + + + Squid-2.5 Patches + CVE-2004-0832 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-05.xml new file mode 100644 index 0000000000..08546dc6fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-05.xml @@ -0,0 +1,77 @@ + + + + + Gallery: Arbitrary command execution + + The Gallery image upload code contains a temporary file handling + vulnerability which could lead to execution of arbitrary commands. + + Gallery + September 02, 2004 + May 22, 2006: 02 + 60742 + remote + + + 1.4.4_p2 + 1.4.4_p2 + + + +

+ Gallery is a PHP script for maintaining online photo albums. +

+ + +

+ The upload handling code in Gallery places uploaded files in a + temporary directory. After 30 seconds, these files are deleted if they + are not valid images. However, since the file exists for 30 seconds, a + carefully crafted script could be initiated by the remote attacker + during this 30 second timeout. Note that the temporary directory has to + be located inside the webroot and an attacker needs to have upload + rights either as an authenticated user or via "EVERYBODY". +

+ + +

+ An attacker could run arbitrary code as the user running PHP. +

+ + +

+ There are several workarounds to this vulnerability: +

+
    +
  • Make sure that your temporary directory is not contained in the + webroot; by default it is located outside the webroot.
    • +
  • Disable upload rights to all albums for "EVERYBODY"; upload is + disabled by default.
    • +
  • Disable debug and dev mode; these settings are disabled by + default.
    • +
  • Disable allow_url_fopen in php.ini.
    • +
+ + +

+ All Gallery users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=www-apps/gallery-1.4.4_p2" + # emerge ">=www-apps/gallery-1.4.4_p2" + + + Full Disclosure Announcement + Gallery Announcement + CVE-2004-1466 + + + jaervosz + + + chriswhite + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-06.xml new file mode 100644 index 0000000000..da894af3f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-06.xml @@ -0,0 +1,68 @@ + + + + + eGroupWare: Multiple XSS vulnerabilities + + The eGroupWare software contains multiple cross site scripting + vulnerabilities. + + eGroupWare + September 02, 2004 + May 22, 2006: 02 + 61510 + remote + + + 1.0.00.004 + 1.0.00.003 + + + +

+ eGroupWare is a suite of web-based group applications including + calendar, address book, messenger and email. +

+ + +

+ Joxean Koret recently discovered multiple cross site scripting + vulnerabilities in various modules for the eGroupWare suite. This + includes the calendar, address book, messenger and ticket modules. +

+ + +

+ These vulnerabilities give an attacker the ability to inject and + execute malicious script code, potentially compromising the victim's + browser. +

+ + +

+ There is no known workaround at this time. All users are encouraged to + upgrade to the latest available version of eGroupWare. +

+ + +

+ All eGroupWare users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=www-apps/egroupware-1.0.00.004" + # emerge ">=www-apps/egroupware-1.0.00.004" + + + eGroupWare Announcement + Bugtraq Announcement + CVE-2004-1467 + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-07.xml new file mode 100644 index 0000000000..e2c9d3bbab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-07.xml @@ -0,0 +1,65 @@ + + + + + xv: Buffer overflows in image handling + + xv contains multiple exploitable buffer overflows in the image handling + code. + + xv + September 03, 2004 + September 03, 2004: 01 + 61619 + remote + + + 3.10a-r7 + 3.10a-r7 + + + +

+ xv is a multi-format image manipulation utility. +

+ + +

+ Multiple buffer overflow and integer handling vulnerabilities have been + discovered in xv's image processing code. These vulnerabilities have been + found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files. +

+ + +

+ An attacker might be able to embed malicious code into an image, which + would lead to the execution of arbitrary code under the privileges of the + user viewing the image. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xv users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=media-gfx/xv-3.10a-r7" + # emerge ">=media-gfx/xv-3.10a-r7" + + + BugTraq Advisory + CAN-2004-0802 + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-08.xml new file mode 100644 index 0000000000..c9e55a88e5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-08.xml @@ -0,0 +1,72 @@ + + + + + Ruby: CGI::Session creates files insecurely + + When used for CGI scripting, Ruby creates session files in /tmp with the + permissions of the default umask. Depending on that umask, local users may + be able to read sensitive data stored in session files. + + dev-lang/ruby + September 03, 2004 + September 03, 2004: 01 + 60525 + local + + + 1.6.8-r11 + 1.8.0-r7 + 1.8.2_pre2 + 1.8.2_pre2 + + + +

+ Ruby is an Object Oriented, interpreted scripting language used for many + system scripting tasks. It can also be used for CGI web applications. +

+ + +

+ The CGI::Session::FileStore implementation (and presumably + CGI::Session::PStore), which allow data associated with a particular + Session instance to be written to a file, writes to a file in /tmp with no + regard for secure permissions. As a result, the file is left with whatever + the default umask permissions are, which commonly would allow other local + users to read the data from that session file. +

+ + +

+ Depending on the default umask, any data stored using these methods could + be read by other users on the system. +

+ + +

+ By changing the default umask on the system to not permit read access to + other users (e.g. 0700), one can prevent these files from being readable by + other users. +

+ + +

+ All Ruby users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-lang/ruby-your_version" + # emerge ">=dev-lang/ruby-your_version" + + + CAN-2004-0755 + + + jaervosz + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-09.xml new file mode 100644 index 0000000000..f4064d3652 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-09.xml @@ -0,0 +1,83 @@ + + + + + MIT krb5: Multiple vulnerabilities + + MIT krb5 contains several double-free vulnerabilities, potentially allowing + the execution of arbitrary code, as well as a denial of service + vulnerability. + + mit-krb5 + September 06, 2004 + September 06, 2004: 01 + 62417 + remote + + + 1.3.4 + 1.3.4 + + + +

+ MIT krb5 is the free implementation of the Kerberos network authentication + protocol by the Massachusetts Institute of Technology. +

+ + +

+ The implementation of the Key Distribution Center (KDC) and the MIT krb5 + library contain double-free vulnerabilities, making client programs as well + as application servers vulnerable. +

+

+ The ASN.1 decoder library is vulnerable to a denial of service attack, + including the KDC. +

+ + +

+ The double-free vulnerabilities could allow an attacker to execute + arbitrary code on a KDC host and hosts running krb524d or vulnerable + services. In the case of a KDC host, this can lead to a compromise of the + entire Kerberos realm. Furthermore, an attacker impersonating a legitimate + KDC or application server can potentially execute arbitrary code on + authenticating clients. +

+

+ An attacker can cause a denial of service for a KDC or application server + and clients, the latter if impersonating a legitimate KDC or application + server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mit-krb5 users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/mit-krb5-1.3.4" + # emerge ">=app-crypt/mit-krb5-1.3.4" + + + MIT krb5 Security Advisory 2004-002 + MIT krb5 Security Advisory 2004-003 + CAN-2004-0642 + CAN-2004-0643 + CAN-2004-0644 + CAN-2004-0772 + + + jaervosz + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-10.xml new file mode 100644 index 0000000000..7a7534b0f4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-10.xml @@ -0,0 +1,68 @@ + + + + + multi-gnome-terminal: Information leak + + Active keystroke logging in multi-gnome-terminal has been discovered in + potentially world-readable files. This could allow any authorized user on + the system to read sensitive data, including passwords. + + multi-gnome-terminal + September 06, 2004 + September 06, 2004: 01 + 62322 + local + + + 1.6.2-r1 + 1.6.2-r1 + + + +

+ multi-gnome-terminal is an enhanced terminal emulator that is derived from + gnome-terminal. +

+ + +

+ multi-gnome-terminal contains debugging code that has been known to output + active keystrokes to a potentially unsafe location. Output has been seen to + show up in the '.xsession-errors' file in the users home directory. Since + this file is world-readable on many machines, this bug has the potential to + leak sensitive information to anyone using the system. +

+ + +

+ Any authorized user on the local machine has the ability to read any + critical data that has been entered into the terminal, including passwords. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All multi-gnome-terminal users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=x11-terms/multi-gnome-terminal-1.6.2-r1" + # emerge ">=x11-terms/multi-gnome-terminal-1.6.2-r1" + + + + koon + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-11.xml new file mode 100644 index 0000000000..3df74b318a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-11.xml @@ -0,0 +1,67 @@ + + + + + star: Suid root vulnerability + + star contains a suid root vulnerability which could potentially grant + unauthorized root access to an attacker. + + star + September 07, 2004 + May 30, 2006: 03 + 61797 + local + + + 1.5_alpha46 + 1.5_alpha46 + + + +

+ star is an enhanced tape archiver, much like tar, that is recognized + for it's speed as well as it's enhanced mt/rmt support. +

+ + +

+ A suid root vulnerability exists in versions of star that are + configured to use ssh for remote tape access. +

+ + +

+ Attackers with local user level access could potentially gain root + level access. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All star users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-arch/star-1.5_alpha46" + # emerge ">=app-arch/star-1.5_alpha46" + + + Star Mailing List Announcement + CVE-2004-0850 + + + jaervosz + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-12.xml new file mode 100644 index 0000000000..db4c188982 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-12.xml @@ -0,0 +1,98 @@ + + + + + ImageMagick, imlib, imlib2: BMP decoding buffer overflows + + ImageMagick, imlib and imlib2 contain exploitable buffer overflow + vulnerabilities in the BMP image processing code. + + imagemagick imlib + September 08, 2004 + September 08, 2004: 01 + 62309 + 62487 + remote + + + 6.0.7.1 + 6.0.7.1 + + + 1.9.14-r2 + 1.9.14-r2 + + + 1.1.2 + 1.1.2 + + + +

+ ImageMagick is a suite of image manipulation utilities and libraries used + for a wide variety of image formats. imlib is a general image loading and + rendering library. +

+ + +

+ Due to improper bounds checking, ImageMagick and imlib are vulnerable to a + buffer overflow when decoding runlength-encoded bitmaps. This bug can be + exploited using a specially-crafted BMP image and could potentially allow + remote code execution when this image is decoded by the user. +

+ + +

+ A specially-crafted runlength-encoded BMP could lead ImageMagick and imlib + to crash or potentially execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-gfx/imagemagick-6.0.7.1" + # emerge ">=media-gfx/imagemagick-6.0.7.1" +

+ All imlib users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/imlib-1.9.14-r2" + # emerge ">=media-libs/imlib-1.9.14-r2" +

+ All imlib2 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/imlib2-1.1.2" + # emerge ">=media-libs/imlib2-1.1.2" + + + CAN-2004-0817 + CAN-2004-0802 + ImageMagick Mailing List + SecurityTracker #1011104 + SecurityTracker #1011105 + + + koon + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-13.xml new file mode 100644 index 0000000000..a10f7a7b2c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-13.xml @@ -0,0 +1,71 @@ + + + + + LHa: Multiple vulnerabilities + + Several buffer overflows and a shell metacharacter command execution + vulnerability have been found in LHa. These vulnerabilities can be used to + execute arbitrary code. + + lha + September 08, 2004 + October 20, 2006: 02 + 62618 + remote + + + 114i-r4 + 114i-r3 + + + +

+ LHa is a console-based program for packing and unpacking LHarc archives. +

+ + +

+ The command line argument as well as the archive parsing code of LHa lack + sufficient bounds checking. Furthermore, a shell meta character command + execution vulnerability exists in LHa, since it does no proper filtering on + directory names. +

+ + +

+ Using a specially crafted command line argument or archive, an attacker can + cause a buffer overflow and could possibly run arbitrary code. The shell + meta character command execution could lead to the execution of arbitrary + commands by an attacker using directories containing shell meta characters + in their names. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LHa users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=app-arch/lha-114i-r4" + # emerge ">=app-arch/lha-114i-r4" + + + CAN-2004-0694 + CAN-2004-0745 + CAN-2004-0769 + CAN-2004-0771 + + + vorlon078 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-14.xml new file mode 100644 index 0000000000..32d6723259 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-14.xml @@ -0,0 +1,66 @@ + + + + + Samba: Remote printing non-vulnerability + + Samba has a bug with out of sequence print change notification requests, + but it cannot be used to perform a remote denial of service attack. + + samba + September 09, 2004 + May 22, 2006: 03 + 62476 + remote + + + +

+ Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +

+ + +

+ Due to a bug in the printer_notify_info() function, authorized users + could potentially crash their smbd process by sending improperly + handled print change notification requests in an invalid order. Windows + XP SP2 clients can trigger this behavior by sending a + FindNextPrintChangeNotify() request before previously sending a + FindFirstPrintChangeNotify() request. +

+ + +

+ We incorrectly thought that this bug could be exploited to deny service + to all Samba users. It is not the case, this bug has no security impact + whatsoever. Many thanks to Jerry Carter from the Samba team for + correcting our mistake. +

+ + +

+ There is no need for a workaround. +

+ + +

+ Samba users can keep their current versions. +

+ + + Samba Release Notes + Samba Bug #1520 + CVE-2004-0829 + + + jaervosz + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-15.xml new file mode 100644 index 0000000000..295908ba73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-15.xml @@ -0,0 +1,97 @@ + + + + + Webmin, Usermin: Multiple vulnerabilities in Usermin + + A vulnerability in the webmail function of Usermin could be used by an + attacker to execute shell code via a specially-crafted e-mail. A bug in the + installation script of Webmin and Usermin also allows a local user to + execute a symlink attack at installation time. + + Usermin + September 12, 2004 + May 22, 2006: 02 + 63167 + remote + + + 1.090 + 1.090 + + + 1.160 + 1.160 + + + +

+ Webmin and Usermin are web-based system administration consoles. Webmin + allows an administrator to easily configure servers and other features. + Usermin allows users to configure their own accounts, execute commands, + and read e-mail. The Usermin functionality, including webmail, is also + included in Webmin. +

+ + +

+ There is an input validation bug in the webmail feature of Usermin. +

+

+ Additionally, the Webmin and Usermin installation scripts write to + /tmp/.webmin without properly checking if it exists first. +

+ + +

+ The first vulnerability allows a remote attacker to inject arbitrary + shell code in a specially-crafted e-mail. This could lead to remote + code execution with the privileges of the user running Webmin or + Usermin. +

+

+ The second could allow local users who know Webmin or Usermin is going + to be installed to have arbitrary files be overwritten by creating a + symlink by the name /tmp/.webmin that points to some target file, e.g. + /etc/passwd. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Usermin users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-admin/usermin-1.090" + # emerge ">=app-admin/usermin-1.090" +

+ All Webmin users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-admin/webmin-1.160" + # emerge ">=app-admin/webmin-1.160" + + + Secunia Advisory SA12488 + Usermin Changelog + CVE-2004-0559 + CVE-2004-1468 + + + koon + + + koon + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-16.xml new file mode 100644 index 0000000000..977e4266f3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-16.xml @@ -0,0 +1,70 @@ + + + + + Samba: Denial of Service vulnerabilities + + Two Denial of Service vulnerabilities have been found and fixed in Samba. + + Samba + September 13, 2004 + September 13, 2004: 01 + remote + + + 3.0.7 + 3.0 + 3.0.7 + + + +

+ Samba is a freely available SMB/CIFS implementation which allows seamless + interoperability of file and print services to other SMB/CIFS clients. smbd + and nmbd are two daemons used by the Samba server. +

+ + +

+ There is a defect in smbd's ASN.1 parsing. A bad packet received during the + authentication request could throw newly-spawned smbd processes into an + infinite loop (CAN-2004-0807). Another defect was found in nmbd's + processing of mailslot packets, where a bad NetBIOS request could crash the + nmbd process (CAN-2004-0808). +

+ + +

+ A remote attacker could send specially crafted packets to trigger both + defects. The ASN.1 parsing issue can be exploited to exhaust all available + memory on the Samba host, potentially denying all service to that server. + The nmbd issue can be exploited to crash the nmbd process, resulting in a + Denial of Service condition on the Samba server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Samba 3.x users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-fs/samba-3.0.7" + # emerge ">=net-fs/samba-3.0.7" + + + CAN-2004-0807 + CAN-2004-0808 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-17.xml new file mode 100644 index 0000000000..3157dc5d07 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-17.xml @@ -0,0 +1,70 @@ + + + + + SUS: Local root vulnerability + + SUS contains a string format bug that could lead to local privilege + escalation. + + SUS + September 14, 2004 + May 22, 2006: 02 + 63927 + local + + + 2.0.2-r1 + 2.0.2-r1 + + + +

+ SUS is a utility that allows regular users to be able to execute + certain commands as root. +

+ + +

+ Leon Juranic found a bug in the logging functionality of SUS that can + lead to local privilege escalation. A format string vulnerability + exists in the log() function due to an incorrect call to the syslog() + function. +

+ + +

+ An attacker with local user privileges can potentially exploit this + vulnerability to gain root access. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SUS users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-admin/sus-2.0.2-r1" + # emerge ">=app-admin/sus-2.0.2-r1" + + + SUS ChangeLog + BugTraq Advisory + CVE-2004-1469 + + + jaervosz + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-18.xml new file mode 100644 index 0000000000..d3d4e7cb5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-18.xml @@ -0,0 +1,74 @@ + + + + + cdrtools: Local root vulnerability in cdrecord if set SUID root + + cdrecord, if manually set SUID root, is vulnerable to a local root exploit + allowing users to escalate privileges. + + cdrtools + September 14, 2004 + September 14, 2004: 01 + 63187 + local + + + 2.01_alpha37-r1 + 2.01_alpha28-r2 + 2.01_alpha37 + + + +

+ The cdrtools package is a set of tools for CD recording, including the + popular cdrecord command-line utility. +

+ + +

+ Max Vozeler discovered that the cdrecord utility, when set to SUID root, + fails to drop root privileges before executing a user-supplied RSH program. + By default, Gentoo does not ship the cdrecord utility as SUID root and + therefore is not vulnerable. However, many users (and CD-burning + front-ends) set this manually after installation. +

+ + +

+ A local attacker could specify a malicious program using the $RSH + environment variable and have it executed by the SUID cdrecord, resulting + in root privileges escalation. +

+ + +

+ As a workaround, you could remove the SUID rights from your cdrecord + utility : +

+ + # chmod a-s /usr/bin/cdrecord + + +

+ All cdrtools users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-cdr/cdrtools-2.01_alpha37-r1" + # emerge ">=app-cdr/cdrtools-2.01_alpha37-r1" + + + CAN-2004-0806 + + + jaervosz + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-19.xml new file mode 100644 index 0000000000..2a87710565 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-19.xml @@ -0,0 +1,69 @@ + + + + + Heimdal: ftpd root escalation + + Several bugs exist in the Heimdal ftp daemon which could allow a remote + attacker to gain root privileges. + + heimdal + September 16, 2004 + September 16, 2004: 01 + 61412 + remote + + + 0.6.3 + 0.6.3 + + + +

+ Heimdal is an implementation of Kerberos 5. +

+ + +

+ Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply + to Heimdal ftpd's out-of-band signal handling code. +

+

+ Additionally, a potential vulnerability that could lead to Denial of + Service by the Key Distribution Center (KDC) has been fixed in this + version. +

+ + +

+ A remote attacker could be able to run arbitrary code with escalated + privileges, which can result in a total compromise of the server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Heimdal users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/heimdal-0.6.3" + # emerge ">=app-crypt/heimdal-0.6.3" + + + Heimdal advisory + Advisory by Przemyslaw Frasunek + CAN-2004-0794 + + + vorlon078 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-20.xml new file mode 100644 index 0000000000..18971432a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-20.xml @@ -0,0 +1,66 @@ + + + + + mpg123: Buffer overflow vulnerability + + mpg123 decoding routines contain a buffer overflow bug that might + lead to arbitrary code execution. + + mpg123 + September 16, 2004 + September 16, 2004: 01 + 63079 + remote + + + 0.59s-r4 + 0.59s-r3 + + + +

+ mpg123 is a MPEG Audio Player. +

+ + +

+ mpg123 contains a buffer overflow in the code that handles layer2 + decoding of media files. +

+ + +

+ An attacker can possibly exploit this bug with a specially-crafted mp3 or mp2 file + to execute arbitrary code with the permissions of the user running mpg123. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg123 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-sound/mpg123-0.59s-r4" + # emerge ">=media-sound/mpg123-0.59s-r4" + + + BugTraq Announcement + CAN-2004-0805 + + + jaervosz + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-21.xml new file mode 100644 index 0000000000..ddda1cd812 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-21.xml @@ -0,0 +1,99 @@ + + + + + Apache 2, mod_dav: Multiple vulnerabilities + + Several vulnerabilities have been found in Apache 2 and mod_dav for Apache + 1.3 which could allow a remote attacker to cause a Denial of Service or a + local user to get escalated privileges. + + apache + September 16, 2004 + December 30, 2007: 02 + 62626 + 63948 + 64145 + remote + + + 2.0.51 + 2.0 + 2.0.51 + + + 1.0.3-r2 + 1.0.3-r1 + + + +

+ The Apache HTTP server is one of most popular web servers on the internet. + mod_ssl provides SSL v2/v3 and TLS v1 support for it and mod_dav is the + Apache module for Distributed Authoring and Versioning (DAV). +

+ + +

+ A potential infinite loop has been found in the input filter of mod_ssl + (CAN-2004-0748) as well as a possible segmentation fault in the + char_buffer_read function if reverse proxying to a SSL server is being used + (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or + mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can + be triggered remotely (CAN-2004-0809). The third issue is an input + validation error found in the IPv6 URI parsing routines within the apr-util + library (CAN-2004-0786). Additionally a possible buffer overflow has been + reported when expanding environment variables during the parsing of + configuration files (CAN-2004-0747). +

+ + +

+ A remote attacker could cause a Denial of Service either by aborting a SSL + connection in a special way, resulting in CPU consumption, by exploiting + the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker + could also crash a httpd child process by sending a specially crafted URI. + The last vulnerabilty could be used by a local user to gain the privileges + of a httpd child, if the server parses a carefully prepared .htaccess file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache 2 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=www-servers/apache-2.0.51" + # emerge ">=www-servers/apache-2.0.51" +

+ All mod_dav users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-www/mod_dav-1.0.3-r2" + # emerge ">=net-www/mod_dav-1.0.3-r2" + + + CAN-2004-0747 + CAN-2004-0748 + CAN-2004-0751 + CAN-2004-0786 + CAN-2004-0809 + + + jaervosz + + + vorlon078 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-22.xml new file mode 100644 index 0000000000..fab7174bdf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-22.xml @@ -0,0 +1,69 @@ + + + + + phpGroupWare: XSS vulnerability in wiki module + + The phpGroupWare software contains a cross site scripting vulnerability in + the wiki module. + + phpGroupWare + September 16, 2004 + May 22, 2006: 02 + 63063 + remote + + + 0.9.16.003 + 0.9.16.003 + + + +

+ phpGroupWare is a web-based suite of group applications including + calendar, todo-list, addressbook, email, wiki, news headlines, and a + file manager. +

+ + +

+ Due to an input validation error, the wiki module in the phpGroupWare + suite is vulnerable to cross site scripting attacks. +

+ + +

+ This vulnerability gives an attacker the ability to inject and execute + malicious script code, potentially compromising the victim's browser. +

+ + +

+ The is no known workaround at this time. +

+ + +

+ All phpGroupWare users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=www-apps/phpgroupware-0.9.16.003" + # emerge ">=www-apps/phpgroupware-0.9.16.003" + + + phpGroupWare ChangeLog + Secunia Advisory SA12466 + CVE-2004-0875 + + + koon + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-23.xml new file mode 100644 index 0000000000..c1e3122afa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-23.xml @@ -0,0 +1,68 @@ + + + + + SnipSnap: HTTP response splitting + + SnipSnap is vulnerable to HTTP response splitting attacks such as web cache + poisoning, cross-user defacement, and cross-site scripting. + + snipsnap + September 17, 2004 + May 22, 2006: 02 + 64154 + remote + + + 1.0_beta1 + 1.0_beta1 + + + +

+ SnipSnap is a user friendly content management system with features + such as wiki and weblog. +

+ + +

+ SnipSnap contains various HTTP response splitting vulnerabilities that + could potentially compromise the sites data. Some of these attacks + include web cache poisoning, cross-user defacement, hijacking pages + with sensitive user information, and cross-site scripting. This + vulnerability is due to the lack of illegal input checking in the + software. +

+ + +

+ A malicious user could inject and execute arbitrary script code, + potentially compromising the victim's data or browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SnipSnap users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-java/snipsnap-bin-1.0_beta1" + # emerge ">=dev-java/snipsnap-bin-1.0beta1" + + + SnipSnap Release Notes + CVE-2004-1470 + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-24.xml new file mode 100644 index 0000000000..496d7e1fac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-24.xml @@ -0,0 +1,76 @@ + + + + + Foomatic: Arbitrary command execution in foomatic-rip filter + + The foomatic-rip filter in foomatic-filters contains a vulnerability which + may allow arbitrary command execution on the print server. + + foomatic + September 20, 2004 + September 20, 2004: 01 + 64166 + remote + + + 3.0.2 + 3.0.1 + + + 3.0.2 + 3.0.1 + + + +

+ Foomatic is a system for connecting printer drivers with spooler systems + such as CUPS and LPD. The foomatic-filters package contains wrapper scripts + which are designed to be used with Foomatic. +

+ + +

+ There is a vulnerability in the foomatic-filters package. This + vulnerability is due to insufficient checking of command-line parameters + and environment variables in the foomatic-rip filter. +

+ + +

+ This vulnerability may allow both local and remote attackers to execute + arbitrary commands on the print server with the permissions of the spooler + (oftentimes the "lp" user). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All foomatic users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-print/foomatic-3.0.2" + # emerge ">=net-print/foomatic-3.0.2" +

+ PLEASE NOTE: You should update foomatic, instead of foomatic-filters. This + will help to ensure that all other foomatic components remain functional. +

+ + + Foomatic Announcement + Mandrakesoft Security Advisory + CAN 2004-0801 + + + condordes + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-25.xml new file mode 100644 index 0000000000..aed97b95f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-25.xml @@ -0,0 +1,68 @@ + + + + + CUPS: Denial of service vulnerability + + A vulnerability in CUPS allows remote attackers to cause a denial of + service when sending a carefully-crafted UDP packet to the IPP port. + + CUPS + September 20, 2004 + September 21, 2004: 02 + 64168 + remote + + + 1.1.20-r2 + 1.1.20-r2 + + + +

+ The Common UNIX Printing System (CUPS) is a cross-platform print spooler. +

+ + +

+ Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing + Protocol (IPP) implementation that allows remote attackers to cause CUPS to + stop listening on the IPP port. +

+ + +

+ A remote user with malicious intent can easily cause a denial of service to + the CUPS daemon by sending a specially-crafted UDP datagram packet to the + IPP port. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-print/cups-1.1.20-r2" + # emerge ">=net-print/cups-1.1.20-r2" + + + CUPS Software Trouble Report + CAN-2004-0558 + + + lewk + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-26.xml new file mode 100644 index 0000000000..4e5c84e464 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-26.xml @@ -0,0 +1,119 @@ + + + + + Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities + + New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox + fix several vulnerabilities, including the remote execution of arbitrary + code. + + Mozilla + September 20, 2004 + December 30, 2007: 03 + 63996 + remote + + + 1.7.3 + 1.7.3 + + + 1.0_pre + 1.0_pre + + + 0.8 + 0.8 + + + 1.7.3 + 1.7.3 + + + 1.0_pre + 1.0_pre + + + 0.8 + 0.8 + + + 1.2.9-r1 + 1.2.9-r1 + + + +

+ Mozilla is a popular web browser that includes a mail and newsreader. + Epiphany is a web browser that uses Gecko, the Mozilla rendering + engine. Mozilla Firefox and Mozilla Thunderbird are respectively the + next-generation browser and mail client from the Mozilla project. +

+ + +

+ Mozilla-based products are vulnerable to multiple security issues. + Firstly routines handling the display of BMP images and VCards contain + an integer overflow and a stack buffer overrun. Specific pages with + long links, when sent using the "Send Page" function, and links with + non-ASCII hostnames could both cause heap buffer overruns. +

+

+ Several issues were found and fixed in JavaScript rights handling: + untrusted script code could read and write to the clipboard, signed + scripts could build confusing grant privileges dialog boxes, and when + dragged onto trusted frames or windows, JavaScript links could access + information and rights of the target frame or window. Finally, + Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are + vulnerable to a heap overflow caused by invalid POP3 mail server + responses. +

+ + +

+ An attacker might be able to run arbitrary code with the rights of the + user running the software by enticing the user to perform one of the + following actions: view a specially-crafted BMP image or VCard, use the + "Send Page" function on a malicious page, follow links with malicious + hostnames, drag multiple JavaScript links in a row to another window, + or connect to an untrusted POP3 mail server. An attacker could also use + a malicious page with JavaScript to disclose clipboard contents or + abuse previously-given privileges to request XPI installation + privileges through a confusing dialog. +

+ + +

+ There is no known workaround covering all vulnerabilities. +

+ + +

+ All users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv your-version + # emerge your-version + + + Mozilla Security Advisory + US-CERT Security Alert TA04-261A + CVE-2004-0902 + CVE-2004-0903 + CVE-2004-0904 + CVE-2004-0905 + CVE-2004-0906 + CVE-2004-0907 + CVE-2004-0908 + CVE-2004-0909 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-27.xml new file mode 100644 index 0000000000..cb50058f8c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-27.xml @@ -0,0 +1,67 @@ + + + + + glFTPd: Local buffer overflow vulnerability + + glFTPd is vulnerable to a local buffer overflow which may allow arbitrary + code execution. + + glftpd + September 21, 2004 + September 21, 2004: 01 + 64809 + local + + + 1.32-r1 + 1.32-r1 + + + +

+ glFTPd is a highly configurable FTP server with many features. +

+ + +

+ The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' + program. This vulnerability is due to an unsafe strcpy() call which can + cause the program to crash when a large argument is passed. +

+ + +

+ A local user with malicious intent can pass a parameter to the dupescan + program that exceeds the size of the buffer, causing it to overflow. This + can lead the program to crash, and potentially allow arbitrary code + execution with the permissions of the user running glFTPd, which could be + the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All glFTPd users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-ftp/glftpd-1.32-r1" + # emerge ">=net-ftp/glftpd-1.32-r1" + + + BugTraq Advisory + glFTPd Announcement + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-28.xml new file mode 100644 index 0000000000..6ff33fe880 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-28.xml @@ -0,0 +1,92 @@ + + + + + GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities + + The GdkPixbuf library, which is also included in GTK+ 2, contains several + vulnerabilities that could lead to a Denial of Service or the execution of + arbitrary code. + + gtk+ + September 21, 2004 + September 21, 2004: 01 + 64230 + remote + + + 2.4.9-r1 + 2.0.0 + 2.4.9-r1 + + + 0.22.0-r3 + 0.22.0-r3 + + + +

+ GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user interfaces. + The GdkPixbuf library provides facilities for image handling. It is + available as a standalone library as well as shipped with GTK+ 2. +

+ + +

+ A vulnerability has been discovered in the BMP image preprocessor + (CAN-2004-0753). Furthermore, Chris Evans found a possible integer overflow + in the pixbuf_create_from_xpm() function, resulting in a heap overflow + (CAN-2004-0782). He also found a potential stack-based buffer overflow in + the xpm_extract_color() function (CAN-2004-0783). A possible integer + overflow has also been found in the ICO decoder. +

+ + +

+ With a specially crafted BMP image an attacker could cause an affected + application to enter an infinite loop when that image is being processed. + Also, by making use of specially crafted XPM or ICO images an attacker + could trigger the overflows, which potentially allows the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GTK+ 2 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=x11-libs/gtk+-2.4.9-r1" + # emerge ">=x11-libs/gtk+-2.4.9-r1" +

+ All GdkPixbuf users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/gdk-pixbuf-0.22.0-r3" + # emerge ">=media-libs/gdk-pixbuf-0.22.0-r3" + + + CAN-2004-0753 + CAN-2004-0782 + CAN-2004-0783 + CAN-2004-0788 + GNOME Bug 150601 + + + jaervosz + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-29.xml new file mode 100644 index 0000000000..cc41ce0903 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-29.xml @@ -0,0 +1,70 @@ + + + + + FreeRADIUS: Multiple Denial of Service vulnerabilities + + Multiple Denial of Service vulnerabilities were found and fixed in + FreeRADIUS. + + FreeRADIUS + September 22, 2004 + May 22, 2006: 02 + 60587 + remote + + + 1.0.1 + 1.0.1 + + + +

+ FreeRADIUS is an open source RADIUS authentication server + implementation. +

+ + +

+ There are undisclosed defects in the way FreeRADIUS handles incorrect + received packets. +

+ + +

+ A remote attacker could send specially-crafted packets to the + FreeRADIUS server to deny service to other users by crashing the + server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeRADIUS users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-dialup/freeradius-1.0.1" + # emerge ">=net-dialup/freeradius-1.0.1" + + + FreeRADIUS Vulnerability Notifications + CVE-2004-0938 + CVE-2004-0960 + CVE-2004-0961 + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-30.xml new file mode 100644 index 0000000000..2353d7ac12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-30.xml @@ -0,0 +1,79 @@ + + + + + xine-lib: Multiple vulnerabilities + + xine-lib contains several vulnerabilities potentially allowing the + execution of arbitrary code. + + xine-lib + September 22, 2004 + May 22, 2006: 02 + 64348 + remote + + + 1_rc6 + 1_rc5-r3 + + + +

+ xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +

+ + +

+ xine-lib contains two stack-based overflows and one heap-based + overflow. In the code reading VCD disc labels, the ISO disc label is + copied into an unprotected stack buffer of fixed size. Also, there is a + buffer overflow in the code that parses subtitles and prepares them for + display (XSA-2004-4). Finally, xine-lib contains a heap-based overflow + in the DVD sub-picture decoder (XSA-2004-5). +

+

+ (Please note that the VCD MRL issue mentioned in XSA-2004-4 was fixed + with GLSA 200408-18.) +

+ + +

+ With carefully-crafted VCDs, DVDs, MPEGs or subtitles, an attacker may + cause xine-lib to execute arbitrary code with the permissions of the + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/xine-lib-1_rc6" + # emerge ">=media-libs/xine-lib-1_rc6" + + + BugTraq Announcement (XSA-2004-4) + BugTraq Announcement (XSA-2004-5) + CVE-2004-1379 + CVE-2004-1475 + CVE-2004-1476 + + + jaervosz + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-31.xml new file mode 100644 index 0000000000..b1e2d66fff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-31.xml @@ -0,0 +1,70 @@ + + + + + jabberd 1.x: Denial of Service vulnerability + + The jabberd server was found to be vulnerable to a remote Denial of Service + attack. + + jabberd + September 23, 2004 + May 22, 2006: 02 + 64741 + remote + + + 1.4.3-r4 + 1.4.3-r3 + + + +

+ Jabber is a set of streaming XML protocols enabling message, presence, + and other structured information exchange between two hosts. jabberd is + the original implementation of the Jabber protocol server. +

+ + +

+ Jose Antonio Calvo found a defect in routines handling XML parsing of + incoming data. jabberd 1.x may crash upon reception of invalid data on + any socket connection on which XML is parsed. +

+ + +

+ A remote attacker may send a specific sequence of bytes to an open + socket to crash the jabberd server, resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All jabberd users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-im/jabberd-1.4.3-r4" + # emerge ">=net-im/jabberd-1.4.3-r4" + + + Vulnerability disclosure + Jabber announcement + CVE-2004-1378 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-32.xml new file mode 100644 index 0000000000..bd80339bef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-32.xml @@ -0,0 +1,72 @@ + + + + + getmail: Filesystem overwrite vulnerability + + getmail contains a vulnerability that could potentially allow any local + user to create or overwrite files in any directory on the system. This flaw + can be escalated further and possibly lead to a complete system compromise. + + getmail + September 23, 2004 + May 22, 2006: 02 + 64643 + local + + + 4.2.0 + 4.2.0 + + + +

+ getmail is a reliable fetchmail replacement that supports Maildir, + Mboxrd and external MDA delivery. +

+ + +

+ David Watson discovered a vulnerability in getmail when it is + configured to run as root and deliver mail to the maildirs/mbox files + of untrusted local users. A malicious local user can then exploit a + race condition, or a similar symlink attack, and potentially cause + getmail to create or overwrite files in any directory on the system. +

+ + +

+ An untrusted local user could potentially create or overwrite files in + any directory on the system. This vulnerability may also be exploited + to have arbitrary commands executed as root. +

+ + +

+ Do not run getmail as a privileged user; or, in version 4, use an + external MDA with explicitly configured user and group privileges. +

+ + +

+ All getmail users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-mail/getmail-4.2.0" + # emerge ">=net-mail/getmail-4.2.0" + + + getmail ChangeLog + getmail Mailing List + CVE-2004-0880 + CVE-2004-0881 + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-33.xml new file mode 100644 index 0000000000..498b7aec66 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-33.xml @@ -0,0 +1,66 @@ + + + + + Apache: Exposure of protected directories + + A bug in the way Apache handles the Satisfy directive can lead to the + exposure of protected directories to unauthorized users. + + net=www/apache + September 24, 2004 + December 30, 2007: 02 + 64804 + remote + + + 2.0.51-r1 + 2.0.51 + 2.0.51 + + + +

+ The Apache HTTP server is one of most popular web servers on the Internet. +

+ + +

+ A bug in the way Apache handles the Satisfy directive, which is used to + require that certain conditions (client host, client authentication, etc) + be met before access to a certain directory is granted, could allow the + exposure of protected directories to unauthorized clients. +

+ + +

+ Directories containing protected data could be exposed to all visitors to + the webserver. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=www-servers/apache-2.0.51-r1" + # emerge ">=www-servers/apache-2.0.51-r1" + + + Apache Bug #31315 + CAN-2004-0811 + + + dmargoli + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-34.xml new file mode 100644 index 0000000000..cbfeaf5690 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-34.xml @@ -0,0 +1,96 @@ + + + + + X.org, XFree86: Integer and stack overflows in libXpm + + libXpm, the X Pixmap library that is a part of the X Window System, + contains multiple stack and integer overflows that may allow a + carefully-crafted XPM file to crash applications linked against libXpm, + potentially allowing the execution of arbitrary code. + + X + September 27, 2004 + May 27, 2006: 02 + 64152 + remote + + + 6.7.0-r2 + 6.8.0-r1 + 6.7.0-r2 + 6.8.0 + + + 4.3.0-r7 + 4.3.0-r7 + + + 4.3.0-r7 + + + +

+ XFree86 and X.org are both implementations of the X Window System. +

+ + +

+ Chris Evans has discovered multiple integer and stack overflow + vulnerabilities in the X Pixmap library, libXpm, which is a part of the + X Window System. These overflows can be exploited by the execution of a + malicious XPM file, which can crash applications that are dependent on + libXpm. +

+ + +

+ A carefully-crafted XPM file could crash applications that are linked + against libXpm, potentially allowing the execution of arbitrary code + with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X.org users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=x11-base/xorg-x11-6.7.0-r2" + # emerge ">=x11-base/xorg-x11-6.7.0-r2" +

+ All XFree86 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=x11-base/xfree-4.3.0-r7" + # emerge ">=x11-base/xfree-4.3.0-r7" +

+ Note: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS, + PPC and SPARC architectures: XFree86 users on those architectures + should switch to X.org rather than upgrading XFree86. +

+ + + X.org Security Advisory + X11R6.8.1 Release Notes + CAN-2004-0687 + CAN-2004-0688 + + + koon + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-35.xml new file mode 100644 index 0000000000..006ce47306 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200409-35.xml @@ -0,0 +1,71 @@ + + + + + Subversion: Metadata information leak + + An information leak in mod_authz_svn could allow sensitive metadata of + protected areas to be leaked to unauthorized users. + + Subversion + September 29, 2004 + September 29, 2004: 01 + 65085 + remote + + + 1.0.8 + 1.0.8 + + + +

+ Subversion is a versioning system designed to be a replacement for CVS. + mod_authz_svn is an Apache module to do path-based authentication for + Subversion repositories. +

+ + +

+ There is a bug in mod_authz_svn that causes it to reveal logged metadata + regarding commits to protected areas. +

+ + +

+ Protected files themselves will not be revealed, but an attacker could use + the metadata to reveal the existence of protected areas, such as paths, + file versions, and the commit logs from those areas. +

+ + +

+ Rather than using mod_authz_svn, move protected areas into seperate + repositories and use native Apache authentication to make these + repositories unreadable. +

+ + +

+ All Subversion users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-util/subversion-1.0.8" + # emerge ">=dev-util/subversion-1.0.8" + + + CAN-2004-0749 + Subversion Advisory + + + jaervosz + + + dmargoli + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-01.xml new file mode 100644 index 0000000000..bc8eb4793c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-01.xml @@ -0,0 +1,68 @@ + + + + + sharutils: Buffer overflows in shar.c and unshar.c + + sharutils contains two buffer overflow vulnerabilities that could lead to + arbitrary code execution. + + sharutils + October 01, 2004 + May 22, 2006: 02 + 65773 + remote + + + 4.2.1-r10 + 4.2.1-r9 + + + +

+ sharutils contains utilities to manage shell archives. +

+ + +

+ sharutils contains two buffer overflows. Ulf Harnhammar discovered a + buffer overflow in shar.c, where the length of data returned by the wc + command is not checked. Florian Schilhabel discovered another buffer + overflow in unshar.c. +

+ + +

+ An attacker could exploit these vulnerabilities to execute arbitrary + code as the user running one of the sharutils programs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All sharutils users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-arch/sharutils-4.2.1-r10" + # emerge ">=app-arch/sharutils-4.2.1-r10" + + + Debian Bug #265904 + CVE-2004-1773 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-02.xml new file mode 100644 index 0000000000..8b28b749c9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-02.xml @@ -0,0 +1,72 @@ + + + + + Netpbm: Multiple temporary file issues + + Utilities included in old Netpbm versions are vulnerable to multiple + temporary files issues, potentially allowing a local attacker to overwrite + files with the rights of the user running the utility. + + Netpbm + October 04, 2004 + October 04, 2004: 01 + 65647 + local + + + 10.0 + 9.12-r4 + + + +

+ Netpbm is a toolkit containing more than 200 separate utilities for + manipulation and conversion of graphic images. +

+ + +

+ Utilities contained in the Netpbm package prior to the 9.25 version contain + defects in temporary file handling. They create temporary files with + predictable names without checking first that the target file doesn't + already exist. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When a + user or a tool calls one of the affected utilities, this would result in + file overwriting with the rights of the user running the utility. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Netpbm users should upgrade to an unaffected version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/netpbm-10.0" + # emerge ">=media-libs/netpbm-10.0" + + + CVE-2003-0924 + US-CERT VU#487102 + + + lewk + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-03.xml new file mode 100644 index 0000000000..47d4451433 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-03.xml @@ -0,0 +1,74 @@ + + + + + NetKit-telnetd: buffer overflows in telnet and telnetd + + Buffer overflows exist in the telnet client and daemon provided by + netkit-telnetd, which could possibly allow a remote attacker to gain root + privileges and compromise the system. + + netkit-telnetd + October 05, 2004 + October 05, 2004: 01 + 64632 + remote + + + 0.17-r4 + 0.17-r3 + + + +

+ NetKit-telnetd is a standard Linux telnet client and server from the NetKit + utilities. +

+ + +

+ A possible buffer overflow exists in the parsing of option strings by the + telnet daemon, where proper bounds checking is not applied when writing to + a buffer. Additionaly, another possible buffer overflow has been found by + Josh Martin in the handling of the environment variable HOME. +

+ + +

+ A remote attacker sending a specially-crafted options string to the telnet + daemon could be able to run arbitrary code with the privileges of the user + running the telnet daemon, usually root. Furthermore, an attacker could + make use of an overlong HOME variable to cause a buffer overflow in the + telnet client, potentially leading to the local execution of arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NetKit-telnetd users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-misc/netkit-telnetd-0.17-r4" + # emerge ">=net-misc/netkit-telnetd-0.17-r4" + + + CVE-2001-0554 + Debian Bug #264846 + + + koon + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-04.xml new file mode 100644 index 0000000000..05ee584bce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-04.xml @@ -0,0 +1,91 @@ + + + + + PHP: Memory disclosure and arbitrary location file upload + + Two bugs in PHP may allow the disclosure of portions of memory and allow + remote attackers to upload files to arbitrary locations. + + PHP + October 06, 2004 + October 06, 2004: 01 + 64223 + remote + + + 4.3.9 + 4.3.9 + + + 4.3.9 + 4.3.9 + + + 4.3.9 + 4.3.9 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the mod_php + module or the CGI version of PHP, or can run stand-alone in a CLI. +

+ + +

+ Stefano Di Paola discovered two bugs in PHP. The first is a parse error in + php_variables.c that could allow a remote attacker to view the contents of + the target machine's memory. Additionally, an array processing error in the + SAPI_POST_HANDLER_FUNC() function inside rfc1867.c could lead to the + $_FILES array being overwritten. +

+ + +

+ A remote attacker could exploit the first vulnerability to view memory + contents. On a server with a script that provides file uploads, an attacker + could exploit the second vulnerability to upload files to an arbitrary + location. On systems where the HTTP server is allowed to write in a + HTTP-accessible location, this could lead to remote execution of arbitrary + commands with the rights of the HTTP server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP, mod_php and php-cgi users should upgrade to the latest stable + version: +

+ + # emerge sync + + # emerge -pv ">=dev-php/php-4.3.9" + # emerge ">=dev-php/php-4.3.9" + + # emerge -pv ">=dev-php/mod_php-4.3.9" + # emerge ">=dev-php/mod_php-4.3.9" + + # emerge -pv ">=dev-php/php-cgi-4.3.9" + # emerge ">=dev-php/php-cgi-4.3.9" + + + Secunia Advisory + BugTraq post regarding the php_variables.c issue + BugTraq post regarding the rfc1867.c issue + + + dmargoli + + + koon + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-05.xml new file mode 100644 index 0000000000..af0116967e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-05.xml @@ -0,0 +1,66 @@ + + + + + Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities + + Cyrus-SASL contains two vulnerabilities that might allow an attacker to + completely compromise the vulnerable system. + + Cyrus-SASL + October 07, 2004 + May 22, 2006: 02 + 56016 + remote + + + 2.1.18-r2 + 2.1.18-r1 + + + +

+ Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +

+ + +

+ Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. + Additionally, under certain conditions it is possible for a local user + to exploit a vulnerability in the way the SASL_PATH environment + variable is honored (CAN-2004-0884). +

+ + +

+ An attacker might be able to execute arbitrary code with the Effective + ID of the application calling the Cyrus-SASL libraries. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cyrus-SASL users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=dev-libs/cyrus-sasl-2.1.18-r2" + # emerge ">=dev-libs/cyrus-sasl-2.1.18-r2" + + + CAN-2004-0884 + CVE-2005-0373 + + + jaervosz + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-06.xml new file mode 100644 index 0000000000..4e00f7530b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-06.xml @@ -0,0 +1,63 @@ + + + + + CUPS: Leakage of sensitive information + + CUPS leaks information about user names and passwords when using remote + printing to SMB-shared printers which require authentication. + + cups + October 09, 2004 + October 09, 2004: 01 + 66501 + local + + + 1.1.20-r3 + 1.1.21-r1 + 1.1.20-r2 + 1.1.21 + + + +

+ The Common UNIX Printing System (CUPS) is a cross-platform print spooler. +

+ + +

+ When printing to a SMB-shared printer requiring authentication, CUPS leaks + the user name and password to a logfile. +

+ + +

+ A local user could gain knowledge of sensitive authentication data. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-print/cups-1.1.20-r3" + # emerge ">=net-print/cups-1.1.20-r3" + + + CAN-2004-0923 + + + vorlon078 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-07.xml new file mode 100644 index 0000000000..7d7bc6922c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-07.xml @@ -0,0 +1,70 @@ + + + + + ed: Insecure temporary file handling + + The ed utility is vulnerable to symlink attacks, potentially allowing a + local user to overwrite or change rights on arbitrary files with the rights + of the user running ed, which could be the root user. + + ed + October 09, 2004 + October 09, 2004: 01 + 66400 + local + + + 0.2-r4 + 0.2-r3 + + + +

+ ed is a line-oriented text editor, used to create or modify text files, + both interactively and via shell scripts. +

+ + +

+ ed insecurely creates temporary files in world-writeable directories with + predictable names. Given that ed is used in various system shell scripts, + they are by extension affected by the same vulnerability. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When ed is + called, this would result in file access with the rights of the user + running the utility, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ed users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=sys-apps/ed-0.2-r4" + # emerge ">=sys-apps/ed-0.2-r4" + + + CVE-2000-1137 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-08.xml new file mode 100644 index 0000000000..d2b5ae40ca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-08.xml @@ -0,0 +1,74 @@ + + + + + ncompress: Buffer overflow + + compress and uncompress, which could be used by daemon programs, contain a + buffer overflow that could lead to remote execution of arbitrary code with + the rights of the daemon process. + + ncompress + October 09, 2004 + May 22, 2006: 02 + 66251 + remote + + + 4.2.4-r1 + 4.2.4 + + + +

+ ncompress is a utility handling compression and decompression of + Lempel-Ziv archives, compatible with the original *nix compress and + uncompress utilities (.Z extensions). +

+ + +

+ compress and uncompress do not properly check bounds on command line + options, including the filename. Large parameters would trigger a + buffer overflow. +

+ + +

+ By supplying a carefully crafted filename or other option, an attacker + could execute arbitrary code on the system. A local attacker could only + execute code with his own rights, but since compress and uncompress are + called by various daemon programs, this might also allow a remote + attacker to execute code with the rights of the daemon making use of + ncompress. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ncompress users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-arch/ncompress-4.2.4-r1" + # emerge ">=app-arch/ncompress-4.2.4-r1" + + + US-CERT Vulnerability Note VU#176363 + CVE-2001-1413 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-09.xml new file mode 100644 index 0000000000..8c2e86b170 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-09.xml @@ -0,0 +1,68 @@ + + + + + LessTif: Integer and stack overflows in libXpm + + Multiple vulnerabilities have been discovered in libXpm, which is included + in LessTif, that can potentially lead to remote code execution. + + lesstif + October 09, 2004 + October 09, 2004: 01 + 66647 + remote + + + 0.93.97 + 0.93.97 + + + +

+ LessTif is a clone of OSF/Motif, which is the standard user interface + toolkit available on Unix and Linux. +

+ + +

+ Chris Evans has discovered various integer and stack overflows in libXpm, + which is shipped as a part of the X Window System. LessTif, an application + that includes this library, is susceptible to the same issues. +

+ + +

+ A carefully-crafted XPM file could crash applications that are linked + against libXpm, such as LessTif, potentially allowing the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LessTif users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=x11-libs/lesstif-0.93.97" + # emerge ">=x11-libs/lesstif-0.93.97" + + + CAN-2004-0687 + CAN-2004-0688 + GLSA-200409-34 + LessTif Release Notes + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-10.xml new file mode 100644 index 0000000000..4cbc06dbf8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-10.xml @@ -0,0 +1,71 @@ + + + + + gettext: Insecure temporary file handling + + The gettext utility is vulnerable to symlink attacks, potentially allowing + a local user to overwrite or change permissions on arbitrary files with the + rights of the user running gettext, which could be the root user. + + gettext + October 10, 2004 + May 22, 2006: 04 + 66355 + 85766 + local + + + 0.14.1-r1 + 0.12.1-r2 + 0.14.1-r1 + + + +

+ gettext is a set of utilities for the GNU Translation Project which + provides a set of tools and documentation to help produce multi-lingual + messages in programs. +

+ + +

+ gettext insecurely creates temporary files in world-writeable + directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + gettext is called, this would result in file access with the rights of + the user running the utility, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gettext users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.14.1-r1" + + + BugTraq Advisory + CVE-2004-0966 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-11.xml new file mode 100644 index 0000000000..88925e1338 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-11.xml @@ -0,0 +1,82 @@ + + + + + tiff: Buffer overflows in image decoding + + Multiple heap-based overflows have been found in the tiff library image + decoding routines, potentially allowing to execute arbitrary code with the + rights of the user viewing a malicious image. + + tiff + October 13, 2004 + October 13, 2004: 01 + remote + + + 3.6.1-r2 + 3.6.1-r2 + + + 3.10a-r8 + 3.10a-r7 + + + +

+ The tiff library contains encoding and decoding routines for the Tag Image + File Format. It is called by numerous programs, including GNOME and KDE, to + help in displaying TIFF images. xv is a multi-format image manipulation + utility that is statically linked to the tiff library. +

+ + +

+ Chris Evans found heap-based overflows in RLE decoding routines in + tif_next.c, tif_thunder.c and potentially tif_luv.c. +

+ + +

+ A remote attacker could entice a user to view a carefully crafted TIFF + image file, which would potentially lead to execution of arbitrary code + with the rights of the user viewing the image. This affects any program + that makes use of the tiff library, including GNOME and KDE web browsers or + mail readers. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All tiff library users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=media-libs/tiff-3.6.1-r2" + # emerge ">=media-libs/tiff-3.6.1-r2" +

+ xv makes use of the tiff library and needs to be recompiled to receive the + new patched version of the library. All xv users should also upgrade to the + latest version: +

+ + # emerge sync + + # emerge -pv ">=media-gfx/xv-3.10a-r8" + # emerge ">=media-gfx/xv-3.10a-r8" + + + CAN-2004-0803 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-12.xml new file mode 100644 index 0000000000..b72044ef11 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-12.xml @@ -0,0 +1,68 @@ + + + + + WordPress: HTTP response splitting and XSS vulnerabilities + + WordPress contains HTTP response splitting and cross-site scripting + vulnerabilities. + + wordpress + October 14, 2004 + May 22, 2006: 04 + 65798 + remote + + + 1.2.2 + 1.2.2 + + + +

+ WordPress is a PHP and MySQL based content management and publishing + system. +

+ + +

+ Due to the lack of input validation in the administration panel + scripts, WordPress is vulnerable to HTTP response splitting and + cross-site scripting attacks. +

+ + +

+ A malicious user could inject arbitrary response data, leading to + content spoofing, web cache poisoning and other cross-site scripting or + HTTP response splitting attacks. This could result in compromising the + victim's data or browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All WordPress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.2.2" + + + WordPress 1.2.2 Release Notes + CVE-2004-1584 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-13.xml new file mode 100644 index 0000000000..b5bbb24ff4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-13.xml @@ -0,0 +1,67 @@ + + + + + BNC: Input validation flaw + + BNC contains an input validation flaw which might allow a remote attacker + to issue arbitrary IRC related commands. + + bnc + October 15, 2004 + May 22, 2006: 02 + 66912 + remote + + + 2.8.9 + 2.8.9 + + + +

+ BNC is an IRC proxying server +

+ + +

+ A flaw exists in the input parsing of BNC where part of the + sbuf_getmsg() function handles the backspace character incorrectly. +

+ + +

+ A remote user could issue commands using fake authentication + credentials and possibly gain access to scripts running on the client + side. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BNC users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-irc/bnc-2.8.9" + # emerge ">=net-irc/bnc-2.8.9" + + + BNC Changes + CVE-2004-1482 + + + koon + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-14.xml new file mode 100644 index 0000000000..e7c9dbb27e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-14.xml @@ -0,0 +1,73 @@ + + + + + phpMyAdmin: Vulnerability in MIME-based transformation system + + A vulnerability has been found in the MIME-based transformation system of + phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's + "safe mode" is disabled. + + phpMyAdmin + October 18, 2004 + May 22, 2006: 02 + 67409 + remote + + + 2.6.0_p2 + 2.6.0_p2 + + + +

+ phpMyAdmin is a popular web-based MySQL administration tool written in + PHP. It allows users to browse and administer a MySQL database from a + web-browser. Transformations are a phpMyAdmin feature allowing plug-ins + to rewrite the contents of any column seen in phpMyAdmin's Browsing + mode, including using insertion of PHP or JavaScript code. +

+ + +

+ A defect was found in phpMyAdmin's MIME-based transformation system, + when used with "external" transformations. +

+ + +

+ A remote attacker could exploit this vulnerability to execute arbitrary + commands on the server with the rights of the HTTP server user. +

+ + +

+ Enabling PHP safe mode ("safe_mode = On" in php.ini) may serve as a + temporary workaround. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-db/phpmyadmin-2.6.0_p2" + # emerge ">=dev-db/phpmyadmin-2.6.0_p2" + + + phpMyAdmin 2.6.0_pl2 Release Announcement + Secunia Advisory SA12813 + CVE-2004-2630 + + + vorlon078 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-15.xml new file mode 100644 index 0000000000..a84b6a9bbc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-15.xml @@ -0,0 +1,80 @@ + + + + + Squid: Remote DoS vulnerability + + Squid contains a vulnerability in the SNMP module which may lead to a + denial of service. + + squid + October 18, 2004 + December 30, 2007: 03 + 67167 + remote + + + 2.5.7 + 2.5.7 + + + +

+ Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +

+ + +

+ A parsing error exists in the SNMP module of Squid where a + specially-crafted UDP packet can potentially cause the server to + restart, closing all current connections. This vulnerability only + exists in versions of Squid compiled with the 'snmp' USE flag. +

+ + +

+ An attacker can repeatedly send these malicious UDP packets to the + Squid server, leading to a denial of service. +

+ + +

+ Disable SNMP support or filter the port that has SNMP processing + (default is 3401) to allow only SNMP data from trusted hosts. +

+

+ To disable SNMP support put the entry snmp_port 0 in the squid.conf + configuration file. +

+

+ To allow only the local interface to process SNMP, add the entry + "snmp_incoming_address 127.0.0.1" in the squid.conf configuration file. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-proxy/squid-2.5.7" + # emerge ">=net-proxy/squid-2.5.7" + + + iDEFENSE Advisory + CVE-2004-0918 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-16.xml new file mode 100644 index 0000000000..b815fb6b03 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-16.xml @@ -0,0 +1,78 @@ + + + + + PostgreSQL: Insecure temporary file use in make_oidjoins_check + + The make_oidjoins_check script, part of the PostgreSQL package, is + vulnerable to symlink attacks, potentially allowing a local user to + overwrite arbitrary files with the rights of the user running the utility. + + PostgreSQL + October 18, 2004 + May 28, 2009: 04 + 66371 + local + + + 7.4.5-r2 + 7.3.7-r2 + 7.3.15 + 7.3.16 + 7.3.18 + 7.3.21 + 7.4.5-r1 + + + +

+ PostgreSQL is an open source database based on the POSTGRES database + management system. It includes several contributed scripts including + the make_oidjoins_check script. +

+ + +

+ The make_oidjoins_check script insecurely creates temporary files in + world-writeable directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + make_oidjoins_check is called, this would result in file overwrite with + the rights of the user running the utility, which could be the root + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PostgreSQL users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-db/postgresql-7.4.5-r2" + # emerge ">=dev-db/postgresql-7.4.5-r2" +

+ Upgrade notes: PostgreSQL 7.3.x users should upgrade to the latest + available 7.3.x version to retain database compatibility. +

+ + + Trustix Advisory #2004-0050 + CVE-2004-0977 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-17.xml new file mode 100644 index 0000000000..9520c5a5c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-17.xml @@ -0,0 +1,100 @@ + + + + + OpenOffice.org: Temporary files disclosure + + OpenOffice.org uses insecure temporary files which could allow a malicious + local user to gain knowledge of sensitive information from other users' + documents. + + openoffice + October 20, 2004 + October 20, 2004: 01 + 63556 + local + + + 1.1.2 + 1.1.3 + 1.1.2 + + + 1.1.2 + 1.1.3 + 1.1.2 + + + 1.1.60 + 1.3.4 + 1.1.60 + 1.1.61 + + + +

+ OpenOffice.org is an office productivity suite, including word processing, + spreadsheets, presentations, drawings, data charting, formula editing, and + file conversion facilities. +

+ + +

+ On start-up, OpenOffice.org 1.1.2 creates a temporary directory with + insecure permissions. When a document is saved, a compressed copy of it can + be found in that directory. +

+ + +

+ A malicious local user could obtain the temporary files and thus read + documents belonging to other users. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All affected OpenOffice.org users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-1.1.3" + # emerge ">=app-office/openoffice-1.1.3" +

+ All affected OpenOffice.org binary users should upgrade to the latest + version: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-bin-1.1.3" + # emerge ">=app-office/openoffice-bin-1.1.3" +

+ All affected OpenOffice.org Ximian users should upgrade to the latest + version: +

+ + # emerge sync + + # emerge -pv ">=app-office/openoffice-ximian-1.3.4" + # emerge ">=app-office/openoffice-1.3.4" + + + CAN-2004-0752 + OpenOffice.org Issue 33357 + + + koon + + + vorlon078 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-18.xml new file mode 100644 index 0000000000..396bc29cf2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-18.xml @@ -0,0 +1,79 @@ + + + + + Ghostscript: Insecure temporary file use in multiple scripts + + Multiple scripts in the Ghostscript package are vulnerable to symlink + attacks, potentially allowing a local user to overwrite arbitrary files + with the rights of the user running the script. + + Ghostscript + October 20, 2004 + December 30, 2007: 02 + 66357 + local + + + 7.07.1-r7 + 7.05.6-r2 + 7.07.1-r7 + + + +

+ Ghostscript is a software package providing an interpreter for the + PostScript language and the PDF file format. It also provides output + drivers for various file formats and printers. +

+ + +

+ The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files + in world-writeable directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When an + affected script is called, this would result in the file to be overwritten + with the rights of the user running the script, which could be the root + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Ghostscript users on all architectures except PPC should upgrade to the + latest version: +

+ + # emerge sync + + # emerge -pv ">=app-text/ghostscript-esp-7.07.1-r7" + # emerge ">=app-text/ghostscript-esp-7.07.1-r7" +

+ Ghostscript users on the PPC architecture should upgrade to the latest + stable version on their architecture: +

+ + # emerge sync + + # emerge -pv ">=app-text/ghostscript-esp-7.05.6-r2" + # emerge ">=app-text/ghostscript-esp-7.05.6-r2" + + + CAN-2004-0967 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-19.xml new file mode 100644 index 0000000000..d59b7642aa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-19.xml @@ -0,0 +1,73 @@ + + + + + glibc: Insecure tempfile handling in catchsegv script + + The catchsegv script in the glibc package is vulnerable to symlink attacks, + potentially allowing a local user to overwrite arbitrary files with the + rights of the user running the script. + + glibc + October 21, 2004 + October 21, 2004: 01 + 66358 + local + + + 2.2.5-r9 + 2.3.2-r12 + 2.3.3.20040420-r2 + 2.3.4.20040619-r2 + 2.3.4.20040808-r1 + 2.3.4.20040808 + + + +

+ glibc is a package that contains the GNU C library. +

+ + +

+ The catchsegv script creates temporary files in world-writeable directories + with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + catchsegv script is called, this would result in the file being overwritten + with the rights of the user running the utility, which could be the root + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All glibc users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv sys-libs/glibc + # emerge sys-libs/glibc + + + CAN-2004-0968 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-20.xml new file mode 100644 index 0000000000..1afa3db5b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-20.xml @@ -0,0 +1,77 @@ + + + + + Xpdf, CUPS: Multiple integer overflows + + Multiple integer overflows were discovered in Xpdf, potentially resulting + in execution of arbitrary code upon viewing a malicious PDF file. CUPS + includes Xpdf code and therefore is vulnerable to the same issues. + + Xpdf + October 21, 2004 + November 06, 2004: 02 + 69662 + remote + + + 3.00-r5 + 3.00-r4 + + + 1.1.20-r5 + 1.1.20-r4 + + + +

+ Xpdf is an open source viewer for Portable Document Format (PDF) files. The + Common UNIX Printing System (CUPS) is a cross-platform print spooler that + includes some Xpdf code. +

+ + +

+ Chris Evans discovered multiple integer overflow issues in Xpdf. +

+ + +

+ An attacker could entice an user to open a specially-crafted PDF file, + potentially resulting in execution of arbitrary code with the rights of the + user running Xpdf. By enticing an user to directly print the PDF file to a + CUPS printer, an attacker could also crash the CUPS spooler or execute + arbitrary code with the rights of the CUPS spooler, which is usually the + "lp" user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r5" +

+ All CUPS users should also upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.20-r5" + + + CAN-2004-0888 + CAN-2004-0889 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-21.xml new file mode 100644 index 0000000000..6fb13f181a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-21.xml @@ -0,0 +1,83 @@ + + + + + Apache 2, mod_ssl: Bypass of SSLCipherSuite directive + + In certain configurations, it can be possible to bypass restrictions set by + the "SSLCipherSuite" directive of mod_ssl. + + apache + October 21, 2004 + December 30, 2007: 02 + 66807 + remote + + + 2.0.52 + 2.0 + 2.0.52 + + + 2.8.20 + 2.8.20 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and + is also included in Apache 2. +

+ + +

+ A flaw has been found in mod_ssl where the "SSLCipherSuite" directive could + be bypassed in certain configurations if it is used in a directory or + location context to restrict the set of allowed cipher suites. +

+ + +

+ A remote attacker could gain access to a location using any cipher suite + allowed by the server/virtual host configuration, disregarding the + restrictions by "SSLCipherSuite" for that location. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache 2 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=www-servers/apache-2.0.52" + # emerge ">=www-servers/apache-2.0.52" +

+ All mod_ssl users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-www/mod_ssl-2.8.20" + # emerge ">=net-www/mod_ssl-2.8.20" + + + CAN-2004-0885 + Apache HTTPD Bug 31505 + + + koon + + + vorlon078 + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-22.xml new file mode 100644 index 0000000000..b71b0f38cb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-22.xml @@ -0,0 +1,89 @@ + + + + + MySQL: Multiple vulnerabilities + + Several vulnerabilities including privilege abuse, Denial of Service, and + potentially remote arbitrary code execution have been discovered in MySQL. + + MySQL + October 24, 2004 + October 24, 2004: 01 + 67062 + remote + + + 4.0.21 + 4.0.21 + + + +

+ MySQL is a popular open-source, multi-threaded, multi-user SQL database + server. +

+ + +

+ The following vulnerabilities were found and fixed in MySQL: +

+

+ Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT + rights of the old table instead of the new one (CAN-2004-0835). Another + privilege checking bug allowed users to grant rights on a database they had + no rights on. +

+

+ Dean Ellis found a defect where multiple threads ALTERing the MERGE tables + to change the UNION could cause the server to crash (CAN-2004-0837). + Another crash was found in MATCH ... AGAINST() queries with missing closing + double quote. +

+

+ Finally, a buffer overrun in the mysql_real_connect function was found by + Lukasz Wojtow (CAN-2004-0836). +

+ + +

+ The privilege checking issues could be used by remote users to bypass their + rights on databases. The two crashes issues could be exploited by a remote + user to perform a Denial of Service attack on MySQL server. The buffer + overrun issue could also be exploited as a Denial of Service attack, and + may allow to execute arbitrary code with the rights of the MySQL daemon + (typically, the "mysql" user). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=dev-db/mysql-4.0.21" + # emerge ">=dev-db/mysql-4.0.21" + + + CAN-2004-0835 + CAN-2004-0836 + CAN-2004-0837 + Privilege granting bug + MATCH ... AGAINST crash bug + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-23.xml new file mode 100644 index 0000000000..852f1fcdc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-23.xml @@ -0,0 +1,72 @@ + + + + + Gaim: Multiple vulnerabilities + + Multiple vulnerabilities have been found in Gaim which could allow a remote + attacker to crash the application, or possibly execute arbitrary code. + + gaim + October 24, 2004 + October 24, 2004: 01 + 68271 + remote + + + 1.0.2 + 1.0.2 + + + +

+ Gaim is a full featured instant messaging client which handls a variety of + instant messaging protocols. +

+ + +

+ A possible buffer overflow exists in the code processing MSN SLP messages + (CAN-2004-0891). memcpy() was used without validating the size of the + buffer, and an incorrect buffer was used as destination under certain + circumstances. Additionally, memory allocation problems were found in the + processing of MSN SLP messages and the receiving of files. These issues + could lead Gaim to try to allocate more memory than available, resulting in + the crash of the application. +

+ + +

+ A remote attacker could crash Gaim and possibly execute arbitrary code by + exploiting the buffer overflow. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gaim users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-im/gaim-1.0.2" + # emerge ">=net-im/gaim-1.0.2" + + + CAN-2004-0891 + Gaim Security Issues + + + lewk + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-24.xml new file mode 100644 index 0000000000..acda5ccbfb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-24.xml @@ -0,0 +1,69 @@ + + + + + MIT krb5: Insecure temporary file use in send-pr.sh + + The send-pr.sh script, included in the mit-krb5 package, is vulnerable to + symlink attacks, potentially allowing a local user to overwrite arbitrary + files with the rights of the user running the utility. + + mit-krb5 + October 25, 2004 + January 30, 2005: 02 + 66359 + local + + + 1.3.5-r1 + 1.3.4-r1 + 1.3.5 + + + +

+ MIT krb5 is the free implementation of the Kerberos network + authentication protocol written by the Massachusetts Institute of + Technology. +

+ + +

+ The send-pr.sh script creates temporary files in world-writeable + directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + send-pr.sh is called, this would result in the file being overwritten + with the rights of the user running the utility, which could be the + root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT krb5 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/mit-krb5-1.3.4-r1" + # emerge ">=app-crypt/mit-krb5-1.3.4-r1" + + + CAN-2004-0971 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-25.xml new file mode 100644 index 0000000000..883f0f9bb9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-25.xml @@ -0,0 +1,67 @@ + + + + + Netatalk: Insecure tempfile handling in etc2ps.sh + + The etc2ps.sh script, included in the Netatalk package, is vulnerable to + symlink attacks, potentially allowing a local user to overwrite arbitrary + files with the rights of the user running the utility. + + Netatalk + October 25, 2004 + October 25, 2004: 01 + 66370 + local + + + 1.6.4-r1 + 1.6.4-r1 + + + +

+ Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, + which allows Unix hosts to act as file, print, and time servers for Apple + computers. It includes several script utilities, including etc2ps.sh. +

+ + +

+ The etc2ps.sh script creates temporary files in world-writeable directories + with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + etc2ps.sh is executed, this would result in the file being overwritten with + the rights of the user running the utility, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Netatalk users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=net-fs/netatalk-1.6.4-r1" + # emerge ">=net-fs/netatalk-1.6.4-r1" + + + CAN-2004-0974 + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-26.xml new file mode 100644 index 0000000000..4d7ebf369f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-26.xml @@ -0,0 +1,71 @@ + + + + + socat: Format string vulnerability + + socat contains a format string vulnerability that can potentially lead to + remote or local execution of arbitrary code with the privileges of the + socat process. + + socat + October 25, 2004 + May 22, 2006: 02 + 68547 + remote + + + 1.4.0.3 + 1.4.0.3 + + + +

+ socat is a multipurpose bidirectional relay, similar to netcat. +

+ + +

+ socat contains a syslog() based format string vulnerablility in the + '_msg()' function of 'error.c'. Exploitation of this bug is only + possible when socat is run with the '-ly' option, causing it to log + messages to syslog. +

+ + +

+ Remote exploitation is possible when socat is used as a HTTP proxy + client and connects to a malicious server. Local privilege escalation + can be achieved when socat listens on a UNIX domain socket. Potential + execution of arbitrary code with the privileges of the socat process is + possible with both local and remote exploitations. +

+ + +

+ Disable logging to syslog by not using the '-ly' option when starting + socat. +

+ + +

+ All socat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/socat-1.4.0.3" + + + socat Security Advisory + CVE-2004-1484 + + + vorlon078 + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-27.xml new file mode 100644 index 0000000000..fcbf0e8050 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-27.xml @@ -0,0 +1,67 @@ + + + + + mpg123: Buffer overflow vulnerabilities + + Buffer overflow vulnerabilities have been found in mpg123 which could lead + to execution of arbitrary code. + + mpg123 + October 27, 2004 + May 22, 2006: 02 + 68343 + remote + + + 0.59s-r5 + 0.59s-r5 + + + +

+ mpg123 is a MPEG Audio Player. +

+ + +

+ Buffer overflow vulnerabilities in the getauthfromURL() and http_open() + functions have been reported by Carlos Barros. Additionally, the Gentoo + Linux Sound Team fixed additional boundary checks which were found to + be lacking. +

+ + +

+ By enticing a user to open a malicious playlist or URL or making use of + a specially-crafted symlink, an attacker could possibly execute + arbitrary code with the rights of the user running mpg123. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg123 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r5" + + + Security Advisory by Carlos Barros + CVE-2004-0982 + + + koon + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-28.xml new file mode 100644 index 0000000000..ebe7955f4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-28.xml @@ -0,0 +1,68 @@ + + + + + rssh: Format string vulnerability + + rssh is vulnerable to a format string vulnerability that allows arbitrary + execution of code with the rights of the connected user, thereby bypassing + rssh restrictions. + + rssh + October 27, 2004 + May 22, 2006: 02 + 66988 + remote + + + 2.2.2 + 2.2.2 + + + +

+ rssh is a restricted shell, allowing only a few commands like scp or + sftp. It is often used as a complement to OpenSSH to provide limited + access to users. +

+ + +

+ Florian Schilhabel from the Gentoo Linux Security Audit Team found a + format string vulnerability in rssh syslogging of failed commands. +

+ + +

+ Using a malicious command, it may be possible for a remote + authenticated user to execute arbitrary code on the target machine with + user rights, effectively bypassing any restriction of rssh. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All rssh users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/rssh-2.2.2" + + + rssh security announcement + CVE-2004-1628 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-29.xml new file mode 100644 index 0000000000..101be6b309 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-29.xml @@ -0,0 +1,71 @@ + + + + + PuTTY: Pre-authentication buffer overflow + + PuTTY contains a vulnerability allowing an SSH server to execute arbitrary + code on the connecting client. + + putty + October 27, 2004 + May 22, 2006: 02 + 69123 + remote + + + 0.56 + 0.55 + + + +

+ PuTTY is a free implementation of Telnet and SSH for Win32 and Unix + platforms, along with an xterm terminal emulator. +

+ + +

+ PuTTY fails to do proper bounds checking on SSH2_MSG_DEBUG packets. The + "stringlen" parameter value is incorrectly checked due to signedness + issues. Note that this vulnerability is similar to the one described in + GLSA 200408-04 but not the same. +

+ + +

+ When PuTTY connects to a server using the SSH2 protocol, an attacker + may be able to send specially crafted packets to the client, resulting + in the execution of arbitrary code with the permissions of the user + running PuTTY. Note that this is possible during the authentication + process but before host key verification. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PuTTY users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/putty-0.56" + + + iDEFENSE Security Advisory 10.27.04 + PuTTY ChangeLog + CVE-2004-1008 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-30.xml new file mode 100644 index 0000000000..b4c1a09847 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-30.xml @@ -0,0 +1,96 @@ + + + + + GPdf, KPDF, KOffice: Vulnerabilities in included xpdf + + GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF + files, making them vulnerable to execution of arbitrary code upon viewing a + malicious PDF file. + + GPdf + October 28, 2004 + November 06, 2004: 02 + 68558 + 68665 + 68571 + 69936 + 69624 + remote + + + 1.3.4-r1 + 1.3.3-r2 + 1.3.4-r1 + + + 2.8.0-r2 + 0.132-r2 + 2.8.0-r2 + + + 3.3.1-r2 + 3.3.0-r2 + 3.2.3-r2 + 3.3.1-r2 + + + +

+ GPdf is a Gnome-based PDF viewer. KPDF, part of the kdegraphics package, is + a KDE-based PDF viewer. KOffice is an integrated office suite for KDE. +

+ + +

+ GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is + vulnerable to multiple integer overflows, as described in GLSA 200410-20. +

+ + +

+ An attacker could entice a user to open a specially-crafted PDF file, + potentially resulting in execution of arbitrary code with the rights of the + user running the affected utility. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GPdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gpdf-0.132-r2" +

+ All KDE users should upgrade to the latest version of kdegraphics: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.0-r2" +

+ All KOffice users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/koffice-1.3.3-r2" + + + GLSA 200410-20 + CAN-2004-0888 + CAN-2004-0889 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-31.xml new file mode 100644 index 0000000000..b46e45f7fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200410-31.xml @@ -0,0 +1,71 @@ + + + + + Archive::Zip: Virus detection evasion + + Email virus scanning software relying on Archive::Zip can be fooled into + thinking a ZIP attachment is empty while it contains a virus, allowing + detection evasion. + + Archive::Zip + October 29, 2004 + May 22, 2006: 02 + 68616 + remote + + + 1.14 + 1.14 + + + +

+ Archive::Zip is a Perl module containing functions to handle ZIP + archives. +

+ + +

+ Archive::Zip can be used by email scanning software (like amavisd-new) + to uncompress attachments before virus scanning. By modifying the + uncompressed size of archived files in the global header of the ZIP + file, it is possible to fool Archive::Zip into thinking some files + inside the archive have zero length. +

+ + +

+ An attacker could send a carefully crafted ZIP archive containing a + virus file and evade detection on some email virus-scanning software + relying on Archive::Zip for decompression. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Archive::Zip users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/Archive-Zip-1.14" + + + iDEFENSE Security Advisory 10.18.04 + rt.cpan.org bug #8077 + CVE-2004-1096 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-01.xml new file mode 100644 index 0000000000..b76836ffdb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-01.xml @@ -0,0 +1,60 @@ + + + + + ppp: No denial of service vulnerability + + pppd contains a bug that allows an attacker to crash his own connection, + but it cannot be used to deny service to other users. + + ppp + November 01, 2004 + November 02, 2004: 02 + 69152 + remote + + + +

+ ppp is a Unix implementation of the Point-to-Point Protocol. +

+ + +

+ The pppd server improperly verifies header fields, potentially leading to a + crash of the pppd process handling the connection. However, since a + separate pppd process handles each ppp connection, this would not affect + any other connection, or prevent new connections from being established. +

+ + +

+ We incorrectly thought that this bug could be exploited to deny service to + all ppp users. It is not the case, this bug has no security impact + whatsoever. Many thanks to Paul Mackerras from the Samba team for + correcting our mistake. +

+ + +

+ There is no need for a workaround. +

+ + +

+ ppp users can keep their current versions. +

+ + + Incorrect BugTraq Advisory + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-02.xml new file mode 100644 index 0000000000..5fc972f79e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-02.xml @@ -0,0 +1,66 @@ + + + + + Cherokee: Format string vulnerability + + Cherokee contains a format string vulnerability that could lead to denial + of service or the execution of arbitary code. + + cherokee + November 01, 2004 + May 22, 2006: 02 + 67667 + remote + + + 0.4.17.1 + 0.4.17 + + + +

+ Cherokee is an extra-light web server. +

+ + +

+ Florian Schilhabel from the Gentoo Linux Security Audit Team found a + format string vulnerability in the cherokee_logger_ncsa_write_string() + function. +

+ + +

+ Using a specially crafted URL when authenticating via auth_pam, a + malicious user may be able to crash the server or execute arbitrary + code on the target machine with permissions of the user running + Cherokee. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cherokee users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/cherokee-0.4.17.1" + + + CVE-2004-1097 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-03.xml new file mode 100644 index 0000000000..9a74573497 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-03.xml @@ -0,0 +1,67 @@ + + + + + Apache 1.3: Buffer overflow vulnerability in mod_include + + A buffer overflow vulnerability exists in mod_include which could possibly + allow a local attacker to gain escalated privileges. + + apache + November 02, 2004 + December 30, 2007: 02 + 68564 + local + + + 1.3.32-r1 + 1.3.32-r1 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + internet. mod_include is an Apache module to handle Server Side Includes + (SSI). +

+ + +

+ A possible buffer overflow exists in the get_tag() function of + mod_include.c. +

+ + +

+ If Server Side Includes (SSI) are enabled, a local attacker may be able to + run arbitrary code with the rights of an httpd child process by making use + of a specially-crafted document with malformed SSI. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-1.3.32-r1" + + + CAN-2004-0940 + Security vulnerabilities in Apache httpd 1.3 + + + koon + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-04.xml new file mode 100644 index 0000000000..d5f246e888 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-04.xml @@ -0,0 +1,66 @@ + + + + + Speedtouch USB driver: Privilege escalation vulnerability + + A vulnerability in the Speedtouch USB driver can be exploited to allow + local users to execute arbitrary code with escalated privileges. + + speedtouch + November 02, 2004 + November 02, 2004: 01 + 68436 + local + + + 1.3.1 + 1.3.1 + + + +

+ The speedtouch package contains a driver for the ADSL SpeedTouch USB modem. +

+ + +

+ The Speedtouch USB driver contains multiple format string vulnerabilities + in modem_run, pppoa2 and pppoa3. This flaw is due to an improperly made + syslog() system call. +

+ + +

+ A malicious local user could exploit this vulnerability by causing a buffer + overflow, and potentially allowing the execution of arbitrary code with + escalated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Speedtouch USB driver users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/speedtouch-1.3.1" + + + CAN-2004-0834 + Speedtouch Project News Announcements + + + koon + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-05.xml new file mode 100644 index 0000000000..4c92af0c54 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-05.xml @@ -0,0 +1,67 @@ + + + + + libxml2: Remotely exploitable buffer overflow + + libxml2 contains multiple buffer overflows which could lead to the + execution of arbitrary code. + + libxml2 + November 02, 2004 + November 02, 2004: 01 + 69154 + remote + + + 2.6.15 + 2.6.15 + + + +

+ libxml2 is an XML parsing library written in C. +

+ + +

+ Multiple buffer overflows have been detected in the nanoftp and nanohttp + modules. These modules are responsible for parsing URLs with ftp + information, and resolving names via DNS. +

+ + +

+ An attacker could exploit an application that uses libxml2 by forcing it to + parse a specially-crafted XML file, potentially causing remote execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libxml2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.6.15" + + + BugTraq Advisory + libxml2 ChangeLog + CAN-2004-0989 + + + koon + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-06.xml new file mode 100644 index 0000000000..8671fe6b8c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-06.xml @@ -0,0 +1,67 @@ + + + + + MIME-tools: Virus detection evasion + + MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent + some virus-scanning programs which use MIME-tools from detecting certain + viruses. + + MIME-tools + November 02, 2004 + May 22, 2006: 02 + 69181 + remote + + + 5.415 + 5.415 + + + +

+ MIME-tools is a Perl module containing functions to handle MIME + attachments. +

+ + +

+ MIME-tools doesn't correctly parse attachment boundaries with an empty + name (boundary=""). +

+ + +

+ An attacker could send a carefully crafted email and evade detection on + some email virus-scanning programs using MIME-tools for attachment + decoding. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIME-tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/MIME-tools-5.415" + + + MIMEDefang announcement + CVE-2004-1098 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-07.xml new file mode 100644 index 0000000000..98471006e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-07.xml @@ -0,0 +1,71 @@ + + + + + Proxytunnel: Format string vulnerability + + Proxytunnel is vulnerable to a format string vulnerability, potentially + allowing a remote server to execute arbitrary code with the rights of the + Proxytunnel process. + + Proxytunnel + November 03, 2004 + November 03, 2004: 01 + 69379 + remote + + + 1.2.3 + 1.2.3 + + + +

+ Proxytunnel is a program that tunnels connections to a remote server + through a standard HTTPS proxy. +

+ + +

+ Florian Schilhabel of the Gentoo Linux Security Audit project found a + format string vulnerability in Proxytunnel. When the program is started in + daemon mode (-a [port]), it improperly logs invalid proxy answers to + syslog. +

+ + +

+ A malicious remote server could send specially-crafted invalid answers to + exploit the format string vulnerability, potentially allowing the execution + of arbitrary code on the tunnelling host with the rights of the Proxytunnel + process. +

+ + +

+ You can mitigate the issue by only allowing connections to trusted remote + servers. +

+ + +

+ All Proxytunnel users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3" + + + CAN-2004-0992 + Proxytunnel News + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-08.xml new file mode 100644 index 0000000000..be9b872645 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-08.xml @@ -0,0 +1,70 @@ + + + + + GD: Integer overflow + + The PNG image decoding routines in the GD library contain an integer + overflow that may allow execution of arbitrary code with the rights of the + program decoding a malicious PNG image. + + GD + November 03, 2004 + November 03, 2004: 01 + 69070 + remote + + + 2.0.32 + 2.0.32 + + + +

+ The GD graphics library is an open source library which allows programmers + to easily generate PNG, JPEG, GIF and WBMP images from many different + programming languages. +

+ + +

+ infamous41md found an integer overflow in the memory allocation procedure + of the GD routine that handles loading PNG image files. +

+ + +

+ A remote attacker could entice a user to load a carefully crafted PNG image + file in a GD-powered application, or send a PNG image to a web application + which uses GD PNG decoding functions. This could potentially lead to + execution of arbitrary code with the rights of the program loading the + image. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gd-2.0.32" + + + Original BugTraq advisory + CAN-2004-0990 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-09.xml new file mode 100644 index 0000000000..1876095e3b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-09.xml @@ -0,0 +1,65 @@ + + + + + shadow: Unauthorized modification of account information + + A flaw in the chfn and chsh utilities might allow modification of account + properties by unauthorized users. + + shadow + November 04, 2004 + November 05, 2004: 02 + 69212 + local + + + 4.0.5-r1 + 4.0.5-r1 + + + +

+ shadow provides a set of utilities to deal with user accounts. +

+ + +

+ Martin Schulze reported a flaw in the passwd_check() function in + "libmisc/pwdcheck.c" which is used by chfn and chsh. +

+ + +

+ A logged-in local user with an expired password may be able to use chfn and + chsh to change his standard shell or GECOS information (full name, phone + number...) without being required to change his password. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All shadow users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.0.5-r1" + + + shadow NEWS file + CAN-2004-1001 + + + koon + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-10.xml new file mode 100644 index 0000000000..16eab1e480 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-10.xml @@ -0,0 +1,64 @@ + + + + + Gallery: Cross-site scripting vulnerability + + Gallery is vulnerable to cross-site scripting attacks. + + gallery + November 06, 2004 + May 22, 2006: 02 + 69904 + remote + + + 1.4.4_p4 + 1.4.4_p4 + + + +

+ Gallery is a web application written in PHP which is used to organize + and publish photo albums. It allows multiple users to build and + maintain their own albums. It also supports the mirroring of images on + other servers. +

+ + +

+ Jim Paris has discovered a cross-site scripting vulnerability in + Gallery. +

+ + +

+ By sending a carefully crafted URL, an attacker can inject and execute + script code in the victim's browser window, and potentially compromise + the users gallery. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gallery users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p4" + + + Gallery Announcement + CVE-2004-1106 + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-11.xml new file mode 100644 index 0000000000..f8a886d526 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-11.xml @@ -0,0 +1,67 @@ + + + + + ImageMagick: EXIF buffer overflow + + ImageMagick contains an error in boundary checks when handling EXIF + information, which could lead to arbitrary code execution. + + imagemagick + November 06, 2004 + November 06, 2004: 01 + 69825 + remote + + + 6.1.3.2 + 6.1.3.2 + + + +

+ ImageMagick is a collection of tools to read, write and manipulate images + in many formats. +

+ + +

+ ImageMagick fails to do proper bounds checking when handling image files + with EXIF information. +

+ + +

+ An attacker could use an image file with specially-crafted EXIF information + to cause arbitrary code execution with the permissions of the user running + ImageMagick. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.3.2" + + + CAN-2004-0981 + ImageMagick ChangeLog + SA 12995 + + + koon + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-12.xml new file mode 100644 index 0000000000..e66d8583b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-12.xml @@ -0,0 +1,65 @@ + + + + + zgv: Multiple buffer overflows + + zgv contains multiple buffer overflows that can potentially lead to the + execution of arbitrary code. + + zgv + November 07, 2004 + May 22, 2006: 02 + 69150 + remote + + + 5.8 + 5.8 + + + +

+ zgv is a console image viewer based on svgalib. +

+ + +

+ Multiple arithmetic overflows have been detected in the image + processing code of zgv. +

+ + +

+ An attacker could entice a user to open a specially-crafted image file, + potentially resulting in execution of arbitrary code with the rights of + the user running zgv. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All zgv users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8" + + + BugTraq Advisory + CVE-2004-1095 + + + lewk + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-13.xml new file mode 100644 index 0000000000..45d38c7f7a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-13.xml @@ -0,0 +1,83 @@ + + + + + Portage, Gentoolkit: Temporary file vulnerabilities + + dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are + vulnerable to symlink attacks, potentially allowing a local user to + overwrite arbitrary files with the rights of the user running the script. + + portage gentoolkit + November 07, 2004 + May 22, 2006: 02 + 68846 + 69147 + local + + + 2.0.51-r3 + 2.0.51-r2 + + + 0.2.0_pre10-r1 + 0.2.0_pre8-r1 + 0.2.0_pre10 + + + +

+ Portage is Gentoo's package management tool. The dispatch-conf utility + allows for easy rollback of configuration file changes and automatic + updates of configurations files never modified by users. Gentoolkit is + a collection of Gentoo specific administration scripts, one of which is + the portage querying tool qpkg. +

+ + +

+ dispatch-conf and qpkg use predictable filenames for temporary files. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + an affected script is called, this would result in the file to be + overwritten with the rights of the user running the dispatch-conf or + qpkg, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Portage users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.0.51-r3" +

+ All Gentoolkit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-portage/gentoolkit-0.2.0_pre8-r1" + + + CVE-2004-1107 + CVE-2004-1108 + + + koon + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-14.xml new file mode 100644 index 0000000000..adb165317d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-14.xml @@ -0,0 +1,81 @@ + + + + + Kaffeine, gxine: Remotely exploitable buffer overflow + + Kaffeine and gxine both contain a buffer overflow that can be exploited + when accessing content from a malicious HTTP server with specially crafted + headers. + + kaffeine gxine + November 07, 2004 + May 22, 2006: 02 + 69663 + 70055 + remote + + + 0.5_rc1-r1 + 0.4.3b-r1 + 0.5_rc1-r1 + + + 0.3.3-r1 + 0.3.3-r1 + + + +

+ Kaffeine and gxine are graphical front-ends for xine-lib multimedia + library. +

+ + +

+ KF of Secure Network Operations has discovered an overflow that occurs + during the Content-Type header processing of Kaffeine. The vulnerable + code in Kaffeine is reused from gxine, making gxine vulnerable as well. +

+ + +

+ An attacker could create a specially-crafted Content-type header from a + malicious HTTP server, and crash a user's instance of Kaffeine or + gxine, potentially allowing the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Kaffeine users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.4.3b-r1" +

+ All gxine users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/gxine-0.3.3-r1" + + + SecurityTracker Advisory + gxine Bug Report + CVE-2004-1034 + + + koon + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-15.xml new file mode 100644 index 0000000000..3bcc5581be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-15.xml @@ -0,0 +1,89 @@ + + + + + OpenSSL, Groff: Insecure tempfile handling + + groffer, included in the Groff package, and the der_chop script, included + in the OpenSSL package, are both vulnerable to symlink attacks, potentially + allowing a local user to overwrite arbitrary files with the rights of the + user running the utility. + + OpenSSL + November 08, 2004 + August 23, 2006: 02 + 68404 + 68407 + local + + + 0.9.7d-r2 + 0.9.7d-r2 + + + 1.19.1-r2 + 1.18.1.1 + 1.19.1-r2 + + + +

+ OpenSSL is a toolkit implementing the Secure Sockets Layer and + Transport Layer Security protocols as well as a general-purpose + cryptography library. It includes the der_chop script, which is used to + convert DER-encoded certificates to PEM format. Groff (GNU Troff) is a + typesetting package which reads plain text mixed with formatting + commands and produces formatted output. It includes groffer, a command + used to display groff files and man pages on X and tty. +

+ + +

+ groffer and the der_chop script create temporary files in + world-writeable directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + groffer or der_chop is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Groff users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose sys-apps/groff +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7d-r2" +

+ Note: /etc/ssl/misc/der_chop is protected by Portage as a configuration + file. Don't forget to use etc-update and overwrite the old version with + the new one. +

+ + + CAN-2004-0969 + CAN-2004-0975 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-16.xml new file mode 100644 index 0000000000..c2ea2c53a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-16.xml @@ -0,0 +1,66 @@ + + + + + zip: Path name buffer overflow + + zip contains a buffer overflow when creating a ZIP archive of files with + very long path names. This could lead to the execution of arbitrary code. + + zip + November 09, 2004 + May 22, 2006: 02 + 70227 + remote + + + 2.3-r4 + 2.3-r3 + + + +

+ zip is a compression and file packaging utility. +

+ + +

+ zip does not check the resulting path length when doing recursive + folder compression. +

+ + +

+ An attacker could exploit this by enticing another user or web + application to create an archive including a specially-crafted path + name, potentially resulting in the execution of arbitrary code with the + permissions of the user running zip. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All zip users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/zip-2.3-r4" + + + HexView zip Advisory + CVE-2004-1010 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-17.xml new file mode 100644 index 0000000000..dc07d10c6d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-17.xml @@ -0,0 +1,68 @@ + + + + + mtink: Insecure tempfile handling + + mtink is vulnerable to symlink attacks, potentially allowing a local user + to overwrite arbitrary files with the rights of the user running the + utility. + + mtink + November 09, 2004 + May 22, 2006: 02 + 70310 + local + + + 1.0.5 + 1.0.5 + + + +

+ mtink is a status monitor and inkjet cartridge changer for some Epson + printers. +

+ + +

+ Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure + permissions on temporary files. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + mtink is executed, this would result in the file being overwritten with + the rights of the user running the utility, which could be the root + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mtink users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/mtink-1.0.5" + + + CVE-2004-1110 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-18.xml new file mode 100644 index 0000000000..5912fea82f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-18.xml @@ -0,0 +1,60 @@ + + + + + Apache 2.0: Denial of Service by memory consumption + + A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of + Service. + + apache + November 10, 2004 + December 30, 2007: 02 + 70138 + remote + + + 2.0.52-r1 + 2.0 + 2.0.52-r1 + + + +

+ The Apache HTTP Server is one of the most popular web servers on the Internet. +

+ + +

+ Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. +

+ + +

+ By sending a large amount of specially-crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache 2.0 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.52-r1" + + + CAN-2004-0942 + Security vulnerabilities in Apache httpd 2.0 + + + vorlon078 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-19.xml new file mode 100644 index 0000000000..be8937f093 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-19.xml @@ -0,0 +1,63 @@ + + + + + Pavuk: Multiple buffer overflows + + Pavuk contains multiple buffer overflows that can allow a remote attacker + to run arbitrary code. + + pavuk + November 10, 2004 + November 10, 2004: 01 + 70516 + remote + + + 0.9.31 + 0.9.31 + + + +

+ Pavuk is web spider and website mirroring tool. +

+ + +

+ Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. +

+ + +

+ A remote attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pavuk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/pavuk-0.9.31" + + + GLSA-200407-19 + SA13120 + CAN-2004-0456 + + + jaervosz + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-20.xml new file mode 100644 index 0000000000..12c87cb968 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-20.xml @@ -0,0 +1,59 @@ + + + + + ez-ipupdate: Format string vulnerability + + ez-ipupdate contains a format string vulnerability that could lead to + execution of arbitrary code. + + ez-ipupdate + November 11, 2004 + November 11, 2004: 01 + 69658 + remote + + + 3.0.11_beta8-r1 + 3.0.11_beta8 + + + +

+ ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services. +

+ + +

+ Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate. +

+ + +

+ An attacker could exploit this to execute arbitrary code with the permissions of the user running ez-ipupdate, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ez-ipupdate users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/ez-ipupdate-3.0.11_beta8-r1" + + + CAN-2004-0980 + Full Disclosure Announcement + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-21.xml new file mode 100644 index 0000000000..b5edec5763 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-21.xml @@ -0,0 +1,74 @@ + + + + + Samba: Multiple vulnerabilities + + Samba is vulnerable to a buffer overflow that could lead to execution of + arbitrary code (CAN-2004-0882). Another flaw in Samba may allow a remote + attacker to cause a Denial of Service by excessive consumption of CPU + cycles (CAN-2004-0930). + + samba + November 11, 2004 + November 15, 2004: 02 + 70429 + remote + + + 3.0.8 + 3.0 + 3.0.8 + + + +

+ Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +

+ + +

+ Samba fails to do proper bounds checking when handling + TRANSACT2_QFILEPATHINFO replies. Additionally an input validation flaw + exists in ms_fnmatch.c when matching filenames that contain wildcards. +

+ + +

+ An attacker may be able to execute arbitrary code with the permissions + of the user running Samba. A remote attacker may also be able to cause + an abnormal consumption of CPU resources, resulting in slower + performance of the server or even a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.8" + + + Samba Security Announcement + CAN-2004-0930 + CAN-2004-0882 + E-Matters Advisory 13/2004 + + + koon + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-22.xml new file mode 100644 index 0000000000..87bd3a9521 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-22.xml @@ -0,0 +1,80 @@ + + + + + Davfs2, lvm-user: Insecure tempfile handling + + Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) + are both vulnerable to symlink attacks, potentially allowing a local user + to overwrite arbitrary files with the rights of the user running them. + + davfs2 + November 11, 2004 + November 11, 2004: 01 + 68406 + 69149 + local + + + 0.2.2-r1 + 0.2.2-r1 + + + 1.0.7-r2 + 1.0.7-r2 + + + +

+ Davfs2 is a file system driver that allows you to mount a WebDAV + server as a local disk drive. lvm-user is a package providing userland + utilities for LVM (Logical Volume Management) 1.x features. +

+ + +

+ Florian Schilhabel from the Gentoo Linux Security Audit Team found + that Davfs2 insecurely created .pid files in /tmp. Furthermore, Trustix + Secure Linux found that the lvmcreate_initrd script, included in the + lvm-user Gentoo package, also creates temporary files in + world-writeable directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When Davfs2 or lvmcreate_initrd is called, this would result in the + file being overwritten with the rights of the user running the + software, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Davfs2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/davfs2-0.2.2-r1" +

+ All lvm-user users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/lvm-user-1.0.7-r2" + + + CAN-2004-0972 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-23.xml new file mode 100644 index 0000000000..82d13bc6ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-23.xml @@ -0,0 +1,73 @@ + + + + + Ruby: Denial of Service issue + + The CGI module in Ruby can be sent into an infinite loop, resulting in a + Denial of Service condition. + + Ruby + November 16, 2004 + November 16, 2004: 01 + 69985 + remote + + + 1.6.8-r12 + 1.8.2_pre3 + 1.8.2_pre3 + + + +

+ Ruby is an interpreted scripting language for quick and easy + object-oriented programming. Ruby's CGI module can be used to build web + applications. +

+ + +

+ Ruby's developers found and fixed an issue in the CGI module that + can be triggered remotely and cause an infinite loop. +

+ + +

+ A remote attacker could trigger the vulnerability through an + exposed Ruby web application and cause the server to use unnecessary + CPU resources, potentially resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby 1.6.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12" +

+ All Ruby 1.8.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3" + + + CAN-2004-0983 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-24.xml new file mode 100644 index 0000000000..6c2972c66d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-24.xml @@ -0,0 +1,65 @@ + + + + + BNC: Buffer overflow vulnerability + + BNC contains a buffer overflow vulnerability that may lead to Denial of + Service and execution of arbitrary code. + + BNC + November 16, 2004 + November 16, 2004: 01 + 70674 + remote + + + 2.9.1 + 2.9.1 + + + +

+ BNC (BouNCe) is an IRC proxy server. +

+ + +

+ Leon Juranic discovered that BNC fails to do proper bounds + checking when checking server response. +

+ + +

+ An attacker could exploit this to cause a Denial of Service and + potentially execute arbitary code with the permissions of the user + running BNC. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BNC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1" + + + BNC ChangeLog + LSS-2004-11-03 + + + lewk + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-25.xml new file mode 100644 index 0000000000..a6d2346ce0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-25.xml @@ -0,0 +1,71 @@ + + + + + SquirrelMail: Encoded text XSS vulnerability + + Squirrelmail fails to properly sanitize user input, which could lead to a + compromise of webmail accounts. + + SquirrelMail + November 17, 2004 + May 22, 2006: 02 + 70739 + remote + + + 1.4.3a-r2 + 1.4.3a-r2 + + + +

+ SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP, and can optionally be installed with SQL support. +

+ + +

+ SquirrelMail fails to properly sanitize certain strings when decoding + specially-crafted headers. +

+ + +

+ By enticing a user to read a specially-crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SquirrelMail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.3a-r2" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + SquirrelMail Advisory + CVE-2004-1036 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-26.xml new file mode 100644 index 0000000000..09c652ae9a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-26.xml @@ -0,0 +1,88 @@ + + + + + GIMPS, SETI@home, ChessBrain: Insecure installation + + Improper file ownership allows user-owned files to be run with root + privileges by init scripts. + + GIMPS,SETI@home,ChessBrain + November 17, 2004 + May 22, 2006: 03 + 69868 + local + + + 23.9-r1 + 23.9 + + + 3.08-r4 + 3.03-r2 + 3.08-r3 + + + 20407-r1 + 20407 + + + +

+ GIMPS is a client for the distributed Great Internet Mersenne Prime + Search. SETI@home is the client for the Search for Extraterrestrial + Intelligence (SETI) project. ChessBrain is the client for the + distributed chess supercomputer. +

+ + +

+ GIMPS, SETI@home and ChessBrain ebuilds install user-owned binaries and + init scripts which are executed with root privileges. +

+ + +

+ This could lead to a local privilege escalation or root compromise. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GIMPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-misc/gimps-23.9-r1" +

+ All SETI@home users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-misc/setiathome-3.03-r2" +

+ All ChessBrain users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-misc/chessbrain-20407-r1" + + + CVE-2004-1115 + CVE-2004-1116 + CVE-2004-1117 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-27.xml new file mode 100644 index 0000000000..0f405638e2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-27.xml @@ -0,0 +1,73 @@ + + + + + Fcron: Multiple vulnerabilities + + Multiple vulnerabilities in Fcron can allow a local user to potentially + cause a Denial of Service. + + fcron + November 18, 2004 + November 18, 2004: 01 + 71311 + local + + + 2.0.2 + 2.9.5.1 + 2.9.5 + + + +

+ Fcron is a command scheduler with extended capabilities over cron + and anacron. +

+ + +

+ Due to design errors in the fcronsighup program, Fcron may allow a + local user to bypass access restrictions (CAN-2004-1031), view the + contents of root owned files (CAN-2004-1030), remove arbitrary files or + create empty files (CAN-2004-1032), and send a SIGHUP to any process. A + vulnerability also exists in fcrontab which may allow local users to + view the contents of fcron.allow and fcron.deny (CAN-2004-1033). +

+ + +

+ A local attacker could exploit these vulnerabilities to perform a + Denial of Service on the system running Fcron. +

+ + +

+ Make sure the fcronsighup and fcrontab binaries are only + executable by trusted users. +

+ + +

+ All Fcron users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-process/fcron-2.0.2" + + + CAN-2004-1030 + CAN-2004-1031 + CAN-2004-1032 + CAN-2004-1033 + + + lewk + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-28.xml new file mode 100644 index 0000000000..c7a35b9839 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-28.xml @@ -0,0 +1,77 @@ + + + + + X.Org, XFree86: libXpm vulnerabilities + + libXpm contains several vulnerabilities that could lead to a Denial of + Service and arbitrary code execution. + + X.Org, XFree86 + November 19, 2004 + November 19, 2004: 01 + 68544 + remote + + + 6.8.0-r3 + 6.7.0-r3 + 6.8.0-r3 + + + 4.3.0-r8 + 4.3.0-r8 + + + +

+ libXpm is a pixmap manipulation library for the X Window System, + included in both X.Org and XFree86. +

+ + +

+ Several issues were discovered in libXpm, including integer + overflows, out-of-bounds memory accesses, insecure path traversal and + an endless loop. +

+ + +

+ An attacker could craft a malicious pixmap file and entice a user + to use it with an application linked against libXpm. This could lead to + Denial of Service or arbitrary code execution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X.Org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.7.0-r3" +

+ All XFree86 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xfree-x11-4.3.0-r8" + + + CAN-2004-0914 + + + jaervosz + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-29.xml new file mode 100644 index 0000000000..f680f7c02c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-29.xml @@ -0,0 +1,69 @@ + + + + + unarj: Long filenames buffer overflow and a path traversal vulnerability + + unarj contains a buffer overflow and a directory traversal vulnerability. + This could lead to overwriting of arbitrary files or the execution of + arbitrary code. + + unarj + November 19, 2004 + November 19, 2004: 01 + 70966 + remote + + + 2.63a-r2 + 2.63a-r2 + + + +

+ unarj is an ARJ archive decompressor. +

+ + +

+ unarj has a bounds checking vulnerability within the handling of + long filenames in archives. It also fails to properly sanitize paths + when extracting an archive (if the "x" option is used to preserve + paths). +

+ + +

+ An attacker could trigger a buffer overflow or a path traversal by + enticing a user to open an archive containing specially-crafted path + names, potentially resulting in the overwrite of files or execution of + arbitrary code with the permissions of the user running unarj. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All unarj users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unarj-2.63a-r2" + + + CAN-2004-0947 + CAN-2004-1027 + + + jaervosz + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-30.xml new file mode 100644 index 0000000000..603e72d056 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-30.xml @@ -0,0 +1,64 @@ + + + + + pdftohtml: Vulnerabilities in included Xpdf + + pdftohtml includes vulnerable Xpdf code to handle PDF files, making it + vulnerable to execution of arbitrary code upon converting a malicious PDF + file. + + pdftohtml + November 23, 2004 + November 23, 2004: 01 + 69019 + remote + + + 0.36-r1 + 0.36 + + + +

+ pdftohtml is a utility to convert PDF files to HTML or XML + formats. It makes use of Xpdf code to decode PDF files. +

+ + +

+ Xpdf is vulnerable to multiple integer overflows, as described in + GLSA 200410-20. +

+ + +

+ An attacker could entice a user to convert a specially-crafted PDF + file, potentially resulting in execution of arbitrary code with the + rights of the user running pdftohtml. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pdftohtml users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r1" + + + GLSA 200410-20 + CAN-2004-0888 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-31.xml new file mode 100644 index 0000000000..5878241f99 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-31.xml @@ -0,0 +1,67 @@ + + + + + ProZilla: Multiple vulnerabilities + + ProZilla contains several buffer overflow vulnerabilities that can be + exploited by a malicious server to execute arbitrary code with the rights + of the user running ProZilla. + + ProZilla + November 23, 2004 + May 22, 2006: 03 + 70090 + remote + + + 1.3.7.3 + + + +

+ ProZilla is a download accelerator for Linux. +

+ + +

+ ProZilla contains several exploitable buffer overflows in the code + handling the network protocols. +

+ + +

+ A remote attacker could setup a malicious server and entice a user to + retrieve files from that server using ProZilla. This could lead to the + execution of arbitrary code with the rights of the user running + ProZilla. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Currently, there is no released version of ProZilla that contains a fix + for these issues. The original author did not respond to our queries, + the code contains several other problems and more secure alternatives + exist. Therefore, the ProZilla package has been hard-masked prior to + complete removal from Portage, and current users are advised to unmerge + the package. +

+ + + CVE-2004-1120 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-32.xml new file mode 100644 index 0000000000..70b1aa895e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-32.xml @@ -0,0 +1,96 @@ + + + + + phpBB: Remote command execution + + phpBB contains a vulnerability which allows a remote attacker to execute + arbitrary commands with the rights of the web server user. + + phpBB + November 24, 2004 + May 22, 2006: 02 + 71681 + remote + + + 2.0.11 + 2.0.10 + + + +

+ phpBB is an Open Source bulletin board package. +

+ + +

+ phpBB contains a vulnerability in the highlighting code and several + vulnerabilities in the username handling code. +

+ + +

+ An attacker can exploit the highlighting vulnerability to access the + PHP exec() function without restriction, allowing them to run arbitrary + commands with the rights of the web server user (for example the apache + user). Furthermore, the username handling vulnerability might be abused + to execute SQL statements on the phpBB database. +

+ + +

+ There is a one-line patch which will remediate the remote execution + vulnerability. +

+

+ Locate the following block of code in viewtopic.php: +

+ + // + // Was a highlight request part of the URI? + // + $highlight_match = $highlight = ''; + if (isset($HTTP_GET_VARS['highlight'])) + { + // Split words and phrases + $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); + + for($i = 0; $i < sizeof($words); $i++) + { +

+ Replace with the following: +

+ + // + // Was a highlight request part of the URI? + // + $highlight_match = $highlight = ''; + if (isset($HTTP_GET_VARS['highlight'])) + { + // Split words and phrases + $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); + + for($i = 0; $i < sizeof($words); $i++) + { + + +

+ All phpBB users should upgrade to the latest version to fix all known + vulnerabilities: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpbb-2.0.11" + + + phpBB.com Announcement + CVE-2004-1315 + + + klieber + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-33.xml new file mode 100644 index 0000000000..e97fe626c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-33.xml @@ -0,0 +1,68 @@ + + + + + TWiki: Arbitrary command execution + + A bug in the TWiki search function allows an attacker to execute arbitrary + commands with the permissions of the user running TWiki. + + www-apps/twiki + November 24, 2004 + September 08, 2006: 02 + 71035 + remote + + + 20040902 + 20000000 + 20040902 + + + +

+ TWiki is a Web-based groupware tool based around the concept of wiki + pages that can be edited by anybody with a Web browser. +

+ + +

+ The TWiki search function, which uses a shell command executed via the + Perl backtick operator, does not properly escape shell metacharacters + in the user-provided search string. +

+ + +

+ An attacker can insert malicious commands into a search request, + allowing the execution of arbitrary commands with the privileges of the + user running TWiki (usually the Web server user). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/twiki-20040902" + + + TWiki Security Alert + CAN-2004-1037 + + + koon + + + dmargoli + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-34.xml new file mode 100644 index 0000000000..b25135928e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-34.xml @@ -0,0 +1,72 @@ + + + + + Cyrus IMAP Server: Multiple remote vulnerabilities + + The Cyrus IMAP Server contains multiple vulnerabilities which could lead to + remote execution of arbitrary code. + + cyrus-imapd + November 25, 2004 + November 25, 2004: 01 + 72194 + remote + + + 2.2.10 + 2.2.10 + + + +

+ The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail + server. +

+ + +

+ Multiple vulnerabilities have been discovered in the argument + parsers of the 'partial' and 'fetch' commands of the Cyrus IMAP Server + (CAN-2004-1012, CAN-2004-1013). There are also buffer overflows in the + 'imap magic plus' code that are vulnerable to exploitation as well + (CAN-2004-1011, CAN-2004-1015). +

+ + +

+ An attacker can exploit these vulnerabilities to execute arbitrary + code with the rights of the user running the Cyrus IMAP Server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cyrus-IMAP Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.10" + + + CAN-2004-1011 + CAN-2004-1012 + CAN-2004-1013 + CAN-2004-1015 + e-matters Advisory + Cyrus IMAP Server ChangeLog + + + koon + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-35.xml new file mode 100644 index 0000000000..7eec8be186 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-35.xml @@ -0,0 +1,66 @@ + + + + + phpWebSite: HTTP response splitting vulnerability + + phpWebSite is vulnerable to possible HTTP response splitting attacks. + + phpwebsite + November 26, 2004 + May 22, 2006: 03 + 71502 + remote + + + 0.9.3_p4-r2 + 0.9.3_p4-r2 + + + +

+ phpWebSite is a web site content management system. +

+ + +

+ Due to lack of proper input validation, phpWebSite has been found to be + vulnerable to HTTP response splitting attacks. +

+ + +

+ A malicious user could inject arbitrary response data, leading to + content spoofing, web cache poisoning and other cross-site scripting or + HTTP response splitting attacks. This could result in compromising the + victim's data or browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpWebSite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.9.3_p4-r2" + + + BugTraq Posting + phpWebSite Announcement + CVE-2004-1516 + + + lewk + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-36.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-36.xml new file mode 100644 index 0000000000..924495b9a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-36.xml @@ -0,0 +1,69 @@ + + + + + phpMyAdmin: Multiple XSS vulnerabilities + + phpMyAdmin is vulnerable to cross-site scripting attacks. + + phpmyadmin + November 27, 2004 + November 27, 2004: 01 + 71819 + remote + + + 2.6.0_p3 + 2.6.0_p3 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +

+ + +

+ Cedric Cochin has discovered multiple cross-site scripting + vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited + through the PmaAbsoluteUri parameter, the zero_rows parameter in + read_dump.php, the confirm form, or an error message generated by the + internal phpMyAdmin parser. +

+ + +

+ By sending a specially-crafted request, an attacker can inject and + execute malicious script code, potentially compromising the victim's + browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.0_p3" + + + CAN-2004-1055 + PMASA-2004-3 + netVigilance Advisory + + + jaervosz + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-37.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-37.xml new file mode 100644 index 0000000000..5e7cfa9121 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-37.xml @@ -0,0 +1,62 @@ + + + + + Open DC Hub: Remote code execution + + Open DC Hub contains a buffer overflow that can be exploited to allow + remote code execution. + + opendchub + November 28, 2004 + May 22, 2006: 02 + 72371 + remote + + + 0.7.14-r2 + 0.7.14-r2 + + + +

+ Open DC Hub is the hub software for the Direct Connect file sharing + network. +

+ + +

+ Donato Ferrante discovered a buffer overflow vulnerability in the + RedirectAll command of the Open DC Hub. +

+ + +

+ Upon exploitation, a remote user with administrative privileges can + execute arbitrary code on the system running the Open DC Hub. +

+ + +

+ Only give administrative rights to trusted users. +

+ + +

+ All Open DC Hub users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.7.14-r2" + + + Full-Disclosure Advisory + CVE-2004-1127 + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-38.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-38.xml new file mode 100644 index 0000000000..faa22f30a6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200411-38.xml @@ -0,0 +1,105 @@ + + + + + Sun and Blackdown Java: Applet privilege escalation + + The Java plug-in security in Sun and Blackdown Java environments can be + bypassed to access arbitrary packages, allowing untrusted Java applets to + perform unrestricted actions on the host system. + + Java + November 29, 2004 + May 31, 2006: 02 + 72172 + 72221 + remote + + + 1.4.2.06 + 1.4.2.06 + + + 1.4.2.06 + 1.4.2.06 + + + 1.4.2.01 + 1.4.2.01 + + + 1.4.2.01 + 1.4.2.01 + + + +

+ Sun and Blackdown both provide implementations of Java Development Kits + (JDK) and Java Runtime Environments (JRE). All these implementations + provide a Java plug-in that can be used to execute Java applets in a + restricted environment for web browsers. +

+ + +

+ All Java plug-ins are subject to a vulnerability allowing unrestricted + Java package access. +

+ + +

+ A remote attacker could embed a malicious Java applet in a web page and + entice a victim to view it. This applet can then bypass security + restrictions and execute any command or access any file with the rights + of the user running the web browser. +

+ + +

+ As a workaround you could disable Java applets on your web browser. +

+ + +

+ All Sun JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.06" +

+ All Sun JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.06" +

+ All Blackdown JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.01" +

+ All Blackdown JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.01" +

+ Note: You should unmerge all vulnerable versions to be fully protected. +

+ + + iDEFENSE Security Advisory 11.22.04 + CAN-2004-1029 + Blackdown Security Advisory 2004-01 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-01.xml new file mode 100644 index 0000000000..7c1f32144b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-01.xml @@ -0,0 +1,83 @@ + + + + + rssh, scponly: Unrestricted command execution + + rssh and scponly do not filter command-line options that can be exploited + to execute any command, thereby allowing a remote user to completely bypass + the restricted shell. + + scponly + December 03, 2004 + May 22, 2006: 03 + 72815 + 72816 + remote + + + 4.0 + 4.0 + + + 2.2.3 + 2.2.2 + + + +

+ rssh and scponly are two restricted shells, allowing only a few + predefined commands. They are often used as a complement to OpenSSH to + provide access to remote users without providing any remote execution + privileges. +

+ + +

+ Jason Wies discovered that when receiving an authorized command from an + authorized user, rssh and scponly do not filter command-line options + that can be used to execute any command on the target host. +

+ + +

+ Using a malicious command, it is possible for a remote authenticated + user to execute any command (or upload and execute any file) on the + target machine with user rights, effectively bypassing any restriction + of scponly or rssh. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All scponly users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/scponly-4.0" +

+ All rssh users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/rssh/rssh-2.2.3" + + + BugTraq Posting + CVE-2004-1161 + CVE-2004-1162 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-02.xml new file mode 100644 index 0000000000..180b8f2390 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-02.xml @@ -0,0 +1,67 @@ + + + + + PDFlib: Multiple overflows in the included TIFF library + + PDFlib is vulnerable to multiple overflows, which can potentially lead to + the execution of arbitrary code. + + PDFlib + December 05, 2004 + December 05, 2004: 01 + 69043 + remote + + + 5.0.4_p1 + 5.0.4_p1 + + + +

+ PDFlib is a library providing functions to handle PDF files. It + includes a modified TIFF library used to process TIFF images. +

+ + +

+ The TIFF library is subject to several known vulnerabilities (see + GLSA 200410-11). Most of these overflows also apply to PDFlib. +

+ + +

+ A remote attacker could entice a user or web application to + process a carefully crafted PDF file or TIFF image using a + PDFlib-powered program. This can potentially lead to the execution of + arbitrary code with the rights of the program processing the file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PDFlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/pdflib-5.0.4_p1" + + + PDFlib ChangeLog + CAN-2004-0803 + CAN-2004-0804 + CAN-2004-0886 + GLSA 200410-11 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-03.xml new file mode 100644 index 0000000000..cb198e01e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-03.xml @@ -0,0 +1,66 @@ + + + + + imlib: Buffer overflows in image decoding + + Multiple overflows have been found in the imlib library image decoding + routines, potentially allowing execution of arbitrary code. + + imlib + December 06, 2004 + December 06, 2004: 01 + 72681 + remote + + + 1.9.14-r3 + 1.9.14-r2 + + + +

+ imlib is an advanced replacement library for image manipulation + libraries like libXpm. It is called by numerous programs, including + gkrellm and several window managers, to help in displaying images. +

+ + +

+ Pavel Kankovsky discovered that several overflows found in the + libXpm library (see GLSA 200409-34) also applied to imlib. He also + fixed a number of other potential flaws. +

+ + +

+ A remote attacker could entice a user to view a carefully-crafted + image file, which would potentially lead to execution of arbitrary code + with the rights of the user viewing the image. This affects any program + that makes use of the imlib library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All imlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/imlib-1.9.14-r3" + + + GLSA 200409-34 + CAN-2004-1026 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-04.xml new file mode 100644 index 0000000000..b8ed263479 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-04.xml @@ -0,0 +1,67 @@ + + + + + Perl: Insecure temporary file creation + + Perl is vulnerable to symlink attacks, potentially allowing a local user to + overwrite arbitrary files. + + perl + December 07, 2004 + December 07, 2004: 01 + 66360 + local + + + 5.8.5-r2 + 5.8.6-r1 + 5.8.5-r2 + 5.8.6 + + + +

+ Perl is a stable, cross-platform programming language created by + Larry Wall. +

+ + +

+ Some Perl modules create temporary files in world-writable + directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When a Perl script is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Perl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=perl-5.8.5-r2" + + + CAN-2004-0976 + Trustix Advisory #2004-0050 + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-05.xml new file mode 100644 index 0000000000..de5fbd81ac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-05.xml @@ -0,0 +1,63 @@ + + + + + mirrorselect: Insecure temporary file creation + + mirrorselect is vulnerable to symlink attacks, potentially allowing a local + user to overwrite arbitrary files. + + mirrorselect + December 07, 2004 + May 22, 2006: 04 + 73545 + local + + + 0.89 + 0.89 + + + +

+ mirrorselect is a tool to help select distfiles mirrors for Gentoo. +

+ + +

+ Ervin Nemeth discovered that mirrorselect creates temporary files in + world-writable directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + mirrorselect is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mirrorselect users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-portage/mirrorselect-0.89" + + + CVE-2004-1167 + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-06.xml new file mode 100644 index 0000000000..f482c8e364 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-06.xml @@ -0,0 +1,66 @@ + + + + + PHProjekt: setup.php vulnerability + + PHProjekt contains a vulnerability in the setup procedure allowing remote + users without admin rights to change the configuration. + + PHProjekt + December 10, 2004 + December 10, 2004: 01 + 73021 + remote + + + 4.2-r1 + 4.2-r1 + + + +

+ PHProjekt is a modular groupware web application used to + coordinate group activities and share files. +

+ + +

+ Martin Muench, from it.sec, found a flaw in the setup.php file. +

+ + +

+ Successful exploitation of the flaw allows a remote attacker + without admin rights to make unauthorized changes to PHProjekt + configuration. +

+ + +

+ As a workaround, you could replace the existing setup.php file in + PHProjekt root directory by the one provided on the PHProjekt Advisory + (see References). +

+ + +

+ All PHProjekt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1" + + + PHProjekt Advisory + + + vorlon078 + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-07.xml new file mode 100644 index 0000000000..d20e9a88b2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-07.xml @@ -0,0 +1,64 @@ + + + + + file: Arbitrary code execution + + The code for parsing ELF headers in file contains a flaw which may allow an + attacker to execute arbitrary code. + + file + December 13, 2004 + May 22, 2006: 02 + 72521 + remote + + + 4.12 + 4.12 + + + +

+ file is a utility used to identify the type of a file. +

+ + +

+ A possible stack overflow has been found in the ELF header parsing code + of file. +

+ + +

+ An attacker may be able to create a specially crafted ELF file which, + when processed with file, may allow the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All file users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-4.12" + + + SecurityTracker Alert ID 1012433 + CVE-2004-1304 + + + koon + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-08.xml new file mode 100644 index 0000000000..c8d6fbab5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-08.xml @@ -0,0 +1,69 @@ + + + + + nfs-utils: Multiple remote vulnerabilities + + Multiple vulnerabilities have been discovered in nfs-utils that could lead + to a Denial of Service, or the execution of arbitrary code. + + nfs-utils + December 14, 2004 + December 14, 2004: 01 + 72113 + remote + + + 1.0.6-r6 + 1.0.6-r6 + + + +

+ nfs-utils is a package containing the client and daemon + implementations for the NFS protocol. +

+ + +

+ Arjan van de Ven has discovered a buffer overflow on 64-bit + architectures in 'rquota_server.c' of nfs-utils (CAN-2004-0946). A + remotely exploitable flaw on all architectures also exists in the + 'statd.c' file of nfs-utils (CAN-2004-1014), which can be triggered by + a mishandled SIGPIPE. +

+ + +

+ A remote attacker could potentially cause a Denial of Service, or + even execute arbitrary code (64-bit architectures only) on a remote NFS + server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All nfs-utils users should upgarde to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.0.6-r6" + + + CAN-2004-0946 + CAN-2004-1014 + + + koon + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-09.xml new file mode 100644 index 0000000000..ea8cb262a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-09.xml @@ -0,0 +1,68 @@ + + + + + ncpfs: Buffer overflow in ncplogin and ncpmap + + ncpfs is vulnerable to a buffer overflow that could lead to local execution + of arbitrary code with elevated privileges. + + ncpfs + December 15, 2004 + December 15, 2004: 01 + 72820 + local + + + 2.2.5 + 2.2.5 + + + +

+ ncpfs is a NCP protocol network filesystem that allows access to + Netware services, for example to mount volumes of NetWare servers or + print to NetWare print queues. +

+ + +

+ Karol Wiesek discovered a buffer overflow in the handling of the + '-T' option in the ncplogin and ncpmap utilities, which are both + installed as SUID root by default. +

+ + +

+ A local attacker could trigger the buffer overflow by calling one + of these utilities with a carefully crafted command line, potentially + resulting in execution of arbitrary code with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ncpfs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/ncpfs-2.2.5" + + + Full Disclosure Advisory + CAN-2004-1079 + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-10.xml new file mode 100644 index 0000000000..b79551b8e5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-10.xml @@ -0,0 +1,80 @@ + + + + + Vim, gVim: Vulnerable options in modelines + + Several vulnerabilities related to the use of options in modelines have + been found and fixed in Vim. They could potentially result in a local user + escalating privileges. + + vim + December 15, 2004 + December 15, 2004: 01 + 73715 + local + + + 6.3-r2 + 6.3-r2 + + + 6.3-r2 + 6.3-r2 + + + +

+ Vim is an efficient, highly configurable improved version of the + classic 'vi' text editor. gVim is the GUI version of Vim. +

+ + +

+ Gentoo's Vim maintainer, Ciaran McCreesh, found several + vulnerabilities related to the use of options in Vim modelines. Options + like 'termcap', 'printdevice', 'titleold', 'filetype', 'syntax', + 'backupext', 'keymap', 'patchmode' or 'langmenu' could be abused. +

+ + +

+ A local attacker could write a malicious file in a world readable + location which, when opened in a modeline-enabled Vim, could trigger + arbitrary commands with the rights of the user opening the file, + resulting in privilege escalation. Please note that modelines are + disabled by default in the /etc/vimrc file provided in Gentoo. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Vim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/vim-6.3-r2" +

+ All gVim users should also upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/gvim-6.3-r2" + + + CAN-2004-1138 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-11.xml new file mode 100644 index 0000000000..e825577ec4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-11.xml @@ -0,0 +1,68 @@ + + + + + Cscope: Insecure creation of temporary files + + Cscope is vulnerable to symlink attacks, potentially allowing a local user + to overwrite arbitrary files. + + cscope + December 16, 2004 + December 16, 2004: 01 + 71595 + local + + + 15.5-r2 + 15.5-r2 + + + +

+ Cscope is a developer utility used to browse and manage source + code. +

+ + +

+ Cscope creates temporary files in world-writable directories with + predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When Cscope is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cscope users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5-r2" + + + CAN-2004-0996 + BugTraq Advisory + + + lewk + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-12.xml new file mode 100644 index 0000000000..a9292af251 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-12.xml @@ -0,0 +1,69 @@ + + + + + Adobe Acrobat Reader: Buffer overflow vulnerability + + Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to + remote execution of arbitrary code. + + acroread + December 16, 2004 + December 16, 2004: 01 + 74406 + remote + + + 5.10 + 5.10 + + + +

+ Adobe Acrobat Reader is a utility used to view PDF files. +

+ + +

+ A buffer overflow has been discovered in the email processing of + Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function, + which checks if the input file is an email message containing a PDF + file. +

+ + +

+ A remote attacker could send the victim a specially-crafted email + and PDF attachment, which would trigger the buffer overflow and + possibly lead to the execution of arbitrary code with the permissions + of the user running Adobe Acrobat Reader. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Acrobat Reader users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-5.10" + + + CAN-2004-1152 + Adobe Announcement + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-13.xml new file mode 100644 index 0000000000..8d4de3b9b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-13.xml @@ -0,0 +1,62 @@ + + + + + Samba: Integer overflow + + Samba contains a bug that could lead to remote execution of arbitrary code. + + Samba + December 17, 2004 + December 17, 2004: 01 + 73943 + remote + + + 3.0.9-r1 + 3.0.9 + + + +

+ Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +

+ + +

+ Samba contains a bug when unmarshalling specific MS-RPC requests from + clients. +

+ + +

+ A remote attacker may be able to execute arbitrary code with the + permissions of the user running Samba, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.9-r1" + + + CAN 2004-1154 + Samba Announcement + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-14.xml new file mode 100644 index 0000000000..9ac9b72792 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-14.xml @@ -0,0 +1,112 @@ + + + + + PHP: Multiple vulnerabilities + + Several vulnerabilities were found and fixed in PHP, ranging from an + information leak and a safe_mode restriction bypass to a potential remote + execution of arbitrary code. + + PHP + December 19, 2004 + May 22, 2006: 02 + 74547 + remote + + + 4.3.10 + 4.3.10 + + + 4.3.10 + 4.3.10 + + + 4.3.10 + 4.3.10 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +

+ + +

+ Stefan Esser and Marcus Boerger reported several different issues in + the unserialize() function, including serious exploitable bugs in the + way it handles negative references (CAN-2004-1019). +

+

+ Stefan Esser also discovered that the pack() and unpack() functions are + subject to integer overflows that can lead to a heap buffer overflow + and a heap information leak. Finally, he found that the way + multithreaded PHP handles safe_mode_exec_dir restrictions can be + bypassed, and that various path truncation issues also allow to bypass + path and safe_mode restrictions. +

+

+ Ilia Alshanetsky found a stack overflow issue in the exif_read_data() + function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes + and magic_quotes_gpc do not properly escape null characters and that + magic_quotes_gpc contains a bug that could lead to one level directory + traversal. +

+ + +

+ These issues could be exploited by a remote attacker to retrieve web + server heap information, bypass safe_mode or path restrictions and + potentially execute arbitrary code with the rights of the web server + running a PHP application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/php-4.3.10" +

+ All mod_php users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.10" +

+ All php-cgi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.10" + + + PHP 4.3.10 Release Announcement + Hardened-PHP Security Advisory + SEC Consult Advisory + CAN-2004-1019 + CAN-2004-1020 + CVE-2004-1063 + CVE-2004-1064 + CVE-2004-1065 + + + jaervosz + + + Koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-15.xml new file mode 100644 index 0000000000..2d23d195a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-15.xml @@ -0,0 +1,81 @@ + + + + + Ethereal: Multiple vulnerabilities + + Multiple vulnerabilities exist in Ethereal, which may allow an attacker to + run arbitrary code, crash the program or perform DoS by CPU and disk + utilization. + + Ethereal + December 19, 2004 + December 19, 2004: 01 + 74443 + remote + + + 0.10.8 + 0.10.8 + + + +

+ Ethereal is a feature rich network protocol analyzer. +

+ + +

+ There are multiple vulnerabilities in versions of Ethereal earlier + than 0.10.8, including: +

+
    +
  • Bug in DICOM dissection + discovered by Bing could make Ethereal crash (CAN 2004-1139).
    • +
  • An invalid RTP timestamp could make Ethereal hang and create a + large temporary file (CAN 2004-1140).
    • +
  • The HTTP dissector could + access previously-freed memory (CAN 2004-1141).
    • +
  • Brian Caswell + discovered that an improperly formatted SMB could make Ethereal hang + (CAN 2004-1142).
    • +
+ + +

+ An attacker might be able to use these vulnerabilities to crash + Ethereal, perform DoS by CPU and disk space utilization or even execute + arbitrary code with the permissions of the user running Ethereal, which + could be the root user. +

+ + +

+ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. However, it is strongly recommended to upgrade to + the latest stable version. +

+ + +

+ All ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.8" + + + Ethereal enpa-sa-00016 + CAN 2004-1139 + CAN 2004-1140 + CAN 2004-1141 + CAN 2004-1142 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-16.xml new file mode 100644 index 0000000000..2757d8b7f4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-16.xml @@ -0,0 +1,91 @@ + + + + + kdelibs, kdebase: Multiple vulnerabilities + + kdelibs and kdebase contain a flaw allowing password disclosure when + creating a link to a remote file. Furthermore Konqueror is vulnerable to + window injection. + + KDE + December 19, 2004 + December 19, 2004: 01 + 72804 + 73869 + remote and local + + + 3.2.3-r4 + 3.3.1-r2 + 3.3.2-r1 + 3.3.2-r1 + + + 3.2.3-r3 + 3.3.1-r2 + 3.3.2-r1 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. The KDE core libraries (kdebase and + kdelibs) provide native support for many protocols. Konqueror is the + KDE web browser and filemanager. +

+ + +

+ Daniel Fabian discovered that the KDE core libraries contain a + flaw allowing password disclosure by making a link to a remote file. + When creating this link, the resulting URL contains authentication + credentials used to access the remote file (CAN 2004-1171). +

+

+ The Konqueror webbrowser allows websites to load webpages into a window + or tab currently used by another website (CAN-2004-1158). +

+ + +

+ A malicious user could have access to the authentication + credentials of other users depending on the file permissions. +

+

+ A malicious website could use the window injection vulnerability to + load content in a window apparently belonging to another website. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.2.3-r4" +

+ All kdebase users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdebase-3.2.3-r3" + + + KDE Security Advisory: plain text password exposure + CAN 2004-1171 + KDE Security Advisory: Konqueror Window Injection Vulnerability + CAN 2004-1158 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-17.xml new file mode 100644 index 0000000000..d1bd0585f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-17.xml @@ -0,0 +1,80 @@ + + + + + kfax: Multiple overflows in the included TIFF library + + kfax contains several buffer overflows potentially leading to execution of + arbitrary code. + + kfax + December 19, 2004 + January 12, 2005: 04 + 73795 + remote + + + 3.3.2 + 3.3.2 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. kfax (part of kdegraphics) is the KDE fax + file viewer. +

+ + +

+ Than Ngo discovered that kfax contains a private copy of the TIFF + library and is therefore subject to several known vulnerabilities (see + References). +

+ + +

+ A remote attacker could entice a user to view a carefully-crafted TIFF + image file with kfax, which would potentially lead to execution of + arbitrary code with the rights of the user running kfax. +

+ + +

+ The KDE Team recommends to remove the kfax binary as well as the + kfaxpart.la KPart: +

+ + rm /usr/kde/3.*/lib/kde3/kfaxpart.la + rm /usr/kde/3.*/bin/kfax +

+ Note: This will render the kfax functionality useless, if kfax + functionality is needed you should upgrade to the KDE 3.3.2 which is + not stable at the time of this writing. +

+

+ There is no known workaround at this time. +

+ + +

+ All kfax users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.2" + + + KDE Security Advisory: kfax libtiff vulnerabilities + GLSA 200410-11 + CAN-2004-0803 + CAN-2004-0804 + CAN-2004-0886 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-18.xml new file mode 100644 index 0000000000..08c8a70a3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-18.xml @@ -0,0 +1,67 @@ + + + + + abcm2ps: Buffer overflow vulnerability + + abcm2ps is vulnerable to a buffer overflow that could lead to remote + execution of arbitrary code. + + abcm2ps + December 19, 2004 + December 19, 2004: 02 + 74702 + remote + + + 3.7.21 + 3.7.21 + + + +

+ abcm2ps is a utility used to convert ABC music sheet files into + PostScript format. +

+ + +

+ Limin Wang has located a buffer overflow inside the put_words() + function in the abcm2ps code. +

+ + +

+ A remote attacker could convince the victim to download a + specially-crafted ABC file. Upon execution, this file would trigger the + buffer overflow and lead to the execution of arbitrary code with the + permissions of the user running abcm2ps. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All abcm2ps users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/abcm2ps-3.7.21" + + + abcm2ps ChangeLog + Secunia Advisory + + + lewk + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-19.xml new file mode 100644 index 0000000000..43481dc89a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-19.xml @@ -0,0 +1,70 @@ + + + + + phpMyAdmin: Multiple vulnerabilities + + phpMyAdmin contains multiple vulnerabilities which could lead to file + disclosure or command execution. + + phpmyadmin + December 19, 2004 + December 19, 2004: 01 + 74303 + remote + + + 2.6.1_rc1 + 2.6.1_rc1 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +

+ + +

+ Nicolas Gregoire (exaprobe.com) has discovered two vulnerabilities + that exist only on a webserver where PHP safe_mode is off. These + vulnerabilities could lead to command execution or file disclosure. +

+ + +

+ On a system where external MIME-based transformations are enabled, + an attacker can insert offensive values in MySQL, which would start a + shell when the data is browsed. On a system where the UploadDir is + enabled, read_dump.php could use the unsanitized sql_localfile variable + to disclose a file. +

+ + +

+ You can temporarily enable PHP safe_mode or disable external + MIME-based transformation AND disable the UploadDir. But instead, we + strongly advise to update your version to 2.6.1_rc1. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_rc1" + + + CAN-2004-1147 + CAN-2004-1148 + PHPMyAdmin advisory: PMASA-2004-4 + Exaprobe.com advisory: esa-2004-1213 + + + SeJo + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-20.xml new file mode 100644 index 0000000000..18f7199307 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-20.xml @@ -0,0 +1,68 @@ + + + + + NASM: Buffer overflow vulnerability + + NASM is vulnerable to a buffer overflow that allows an attacker to execute + arbitrary code through the use of a malicious object file. + + NASM + December 20, 2004 + December 20, 2004: 01 + 74477 + remote + + + 0.98.38-r1 + 0.98.38 + + + +

+ NASM is a 80x86 assembler that has been created for portability + and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow + extensions. It also supports a wide range of objects formats (ELF, + a.out, COFF, ...), and has its own disassembler. +

+ + +

+ Jonathan Rockway discovered that NASM-0.98.38 has an unprotected + vsprintf() to an array in preproc.c. This code vulnerability may lead + to a buffer overflow and potential execution of arbitrary code. +

+ + +

+ A remote attacker could craft a malicious object file which, when + supplied in NASM, would result in the execution of arbitrary code with + the rights of the user running NASM. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NASM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/nasm-0.98.38-r1" + + + Original Advisory + + + koon + + + koon + + + SeJo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-21.xml new file mode 100644 index 0000000000..98d92da4e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-21.xml @@ -0,0 +1,72 @@ + + + + + MPlayer: Multiple overflows + + Multiple overflow vulnerabilities have been found in MPlayer, potentially + resulting in remote executing of arbitrary code. + + MPlayer + December 20, 2004 + December 20, 2004: 01 + 74473 + remote + + + 1.0_pre5-r5 + 1.0_pre5-r4 + + + +

+ MPlayer is a media player capable of handling multiple multimedia + file formats. +

+ + +

+ iDEFENSE, Ariel Berkman and the MPlayer development team found + multiple vulnerabilities in MPlayer. These include potential heap + overflows in Real RTSP and pnm streaming code, stack overflows in MMST + streaming code and multiple buffer overflows in BMP demuxer and mp3lib + code. +

+ + +

+ A remote attacker could craft a malicious file or design a + malicious streaming server. Using MPlayer to view this file or connect + to this server could trigger an overflow and execute + attacker-controlled code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre5-r5" + + + iDEFENSE Advisory + iDEFENSE Advisory + iDEFENSE Advisory + Ariel Berkman Advisory + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-22.xml new file mode 100644 index 0000000000..5e03ada41a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-22.xml @@ -0,0 +1,66 @@ + + + + + mpg123: Playlist buffer overflow + + mpg123 is vulnerable to a buffer overflow that allows an attacker to + execute arbitrary code through the use of a malicious playlist. + + mpg123 + December 21, 2004 + December 21, 2004: 01 + 74692 + remote + + + 0.59s-r8 + 0.59s-r8 + + + +

+ mpg123 is a MPEG Audio Player. +

+ + +

+ Bartlomiej Sieka discovered that mpg123 contains an unsafe + strcat() to an array in playlist.c. This code vulnerability may lead to + a buffer overflow. +

+ + +

+ A remote attacker could craft a malicious playlist which, when + used, would result in the execution of arbitrary code with the rights + of the user running mpg123. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg123 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r8" + + + Original Advisory + CAN-2004-1284 + + + koon + + + koon + + + SeJo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-23.xml new file mode 100644 index 0000000000..7b9107d007 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-23.xml @@ -0,0 +1,64 @@ + + + + + Zwiki: XSS vulnerability + + Zwiki is vulnerable to cross-site scripting attacks. + + zwiki + December 21, 2004 + May 22, 2006: 02 + 72315 + remote + + + 0.36.2-r1 + 0.36.2-r1 + + + +

+ Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. +

+ + +

+ Due to improper input validation, Zwiki can be exploited to perform + cross-site scripting attacks. +

+ + +

+ By enticing a user to read a specially-crafted wiki entry, an attacker + can execute arbitrary script code running in the context of the + victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Zwiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1" + + + Zwiki Bug Report + CVE-2004-1075 + + + vorlon078 + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-24.xml new file mode 100644 index 0000000000..5ffa1f6886 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-24.xml @@ -0,0 +1,75 @@ + + + + + Xpdf, GPdf: New integer overflows + + New integer overflows were discovered in Xpdf, potentially resulting in the + execution of arbitrary code. GPdf includes Xpdf code and therefore is + vulnerable to the same issues. + + Xpdf + December 28, 2004 + December 28, 2004: 01 + 75191 + 75201 + remote + + + 3.00-r7 + 3.00-r6 + + + 2.8.1-r1 + 2.8.1 + + + +

+ Xpdf is an open source viewer for Portable Document Format (PDF) + files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code. +

+ + +

+ A new integer overflow issue was discovered in Xpdf's + Gfx::doImage() function. +

+ + +

+ An attacker could entice an user to open a specially-crafted PDF + file, potentially resulting in execution of arbitrary code with the + rights of the user running Xpdf or GPdf. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r7" +

+ All GPdf users should also upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.8.1-r1" + + + CAN-2004-1125 + iDEFENSE Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-25.xml new file mode 100644 index 0000000000..54f58a7c2a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-25.xml @@ -0,0 +1,82 @@ + + + + + CUPS: Multiple vulnerabilities + + Multiple vulnerabilities have been found in CUPS, ranging from local Denial + of Service attacks to the remote execution of arbitrary code. + + CUPS + December 28, 2004 + January 12, 2005: 02 + 74479 + 75197 + 77023 + remote and local + + + 1.1.23 + 1.1.23 + + + +

+ The Common UNIX Printing System (CUPS) is a cross-platform print + spooler, hpgltops is a CUPS filter handling printing of HPGL files and + lppasswd is a program used locally to manage spooler passwords. +

+ + +

+ CUPS makes use of vulnerable Xpdf code to handle PDF files + (CAN-2004-1125). Furthermore, Ariel Berkman discovered a buffer + overflow in the ParseCommand function in hpgl-input.c in the hpgltops + program (CAN-2004-1267). Finally, Bartlomiej Sieka discovered several + problems in the lppasswd program: it ignores some write errors + (CAN-2004-1268), it can leave the passwd.new file in place + (CAN-2004-1269) and it does not verify that passwd.new file is + different from STDERR (CAN-2004-1270). +

+ + +

+ The Xpdf and hpgltops vulnerabilities may be exploited by a remote + attacker to execute arbitrary code by sending specific print jobs to a + CUPS spooler. The lppasswd vulnerabilities may be exploited by a local + attacker to write data to the CUPS password file or deny further + password modifications. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23" + + + CAN-2004-1125 + CAN-2004-1267 + CAN-2004-1268 + CAN-2004-1269 + CAN-2004-1270 + Ariel Berkman Advisory + Bartlomiej Sieka Advisory + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-26.xml new file mode 100644 index 0000000000..99052ec259 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-26.xml @@ -0,0 +1,68 @@ + + + + + ViewCVS: Information leak and XSS vulnerabilities + + ViewCVS is vulnerable to an information leak and to cross-site scripting + (XSS) issues. + + ViewCVS + December 28, 2004 + December 28, 2004: 01 + 72461 + 73772 + remote + + + 0.9.2_p20041207-r1 + 0.9.2_p20041207 + + + +

+ ViewCVS is a browser interface for viewing CVS and Subversion + version control repositories through a web browser. +

+ + +

+ The tar export functions in ViewCVS bypass the 'hide_cvsroot' and + 'forbidden' settings and therefore expose information that should be + kept secret (CAN-2004-0915). Furthermore, some error messages in + ViewCVS do not filter user-provided information, making it vulnerable + to a cross-site scripting attack (CAN-2004-1062). +

+ + +

+ By using the tar export functions, a remote attacker could access + information that is configured as restricted. Through the use of a + malicious request, an attacker could also inject and execute malicious + script code, potentially compromising another user's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ViewCVS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/viewcvs-0.9.2_p20041207-r1" + + + CAN-2004-0915 + CAN-2004-1062 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-27.xml new file mode 100644 index 0000000000..486973e7c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200412-27.xml @@ -0,0 +1,62 @@ + + + + + PHProjekt: Remote code execution vulnerability + + PHProjekt contains a vulnerability that allows a remote attacker to execute + arbitrary PHP code. + + PHProjekt + December 30, 2004 + December 30, 2004: 01 + 75858 + remote + + + 4.2-r2 + 4.2-r2 + + + +

+ PHProjekt is a modular groupware web application used to + coordinate group activities and share files. +

+ + +

+ cYon discovered that the authform.inc.php script allows a remote + user to define the global variable $path_pre. +

+ + +

+ A remote attacker can exploit this vulnerability to force + authform.inc.php to download and execute arbitrary PHP code with the + privileges of the web server user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHProjekt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r2" + + + PHProjekt Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-01.xml new file mode 100644 index 0000000000..e0cffee1a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-01.xml @@ -0,0 +1,68 @@ + + + + + LinPopUp: Buffer overflow in message reply + + LinPopUp contains a buffer overflow potentially allowing execution of + arbitrary code. + + Linpopup + January 04, 2005 + January 04, 2005: 01 + 74705 + remote + + + 2.0.4-r1 + 2.0.4-r1 + + + +

+ LinPopUp is a graphical application that acts as a frontend to + Samba client messaging functions, allowing a Linux desktop to + communicate with a Microsoft Windows computer that runs Winpopup. +

+ + +

+ Stephen Dranger discovered that LinPopUp contains a buffer + overflow in string.c, triggered when replying to a remote user message. +

+ + +

+ A remote attacker could craft a malicious message that, when + replied using LinPopUp, would exploit the buffer overflow. This would + result in the execution of arbitrary code with the privileges of the + user running LinPopUp. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LinPopUp users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/linpopup-2.0.4-r1" + + + CAN-2004-1282 + Stephen Dranger Advisory + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-02.xml new file mode 100644 index 0000000000..29b3fff64c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-02.xml @@ -0,0 +1,79 @@ + + + + + a2ps: Multiple vulnerabilities + + The fixps and psmandup scripts in the a2ps package are vulnerable to + symlink attacks, potentially allowing a local user to overwrite arbitrary + files. A vulnerability in a2ps filename handling could also result in + arbitrary command execution. + + a2ps + January 04, 2005 + May 22, 2006: 03 + 75784 + 61500 + local and remote + + + 4.13c-r2 + 4.13c-r2 + + + +

+ a2ps is an Any to Postscript filter that can convert to Postscript from + many filetypes. fixps is a script that fixes errors in Postscript + files. psmandup produces a Postscript file for printing in manual + duplex mode. +

+ + +

+ Javier Fernandez-Sanguino Pena discovered that the a2ps package + contains two scripts that create insecure temporary files (fixps and + psmandup). Furthermore, we fixed in a previous revision a vulnerability + in a2ps filename handling (CAN-2004-1170). +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + fixps or psmandup is executed, this would result in the file being + overwritten with the rights of the user running the utility. By + enticing a user or script to run a2ps on a malicious filename, an + attacker could execute arbitrary commands on the system with the rights + of that user or script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All a2ps users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/a2ps-4.13c-r2" + + + Secunia SA13641 + CAN-2004-1170 + CVE-2004-1377 + Full-Disclosure Advisory + + + koon + + + koon + + + SeJo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-03.xml new file mode 100644 index 0000000000..e5c4124ba0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-03.xml @@ -0,0 +1,131 @@ + + + + + Mozilla, Firefox, Thunderbird: Various vulnerabilities + + Various vulnerabilities were found and fixed in Mozilla-based products, + ranging from a potential buffer overflow and temporary files disclosure to + anti-spoofing issues. + + Mozilla + January 05, 2005 + December 30, 2007: 03 + 76112 + 68976 + 70749 + remote and local + + + 1.7.5 + 1.7.5 + + + 1.7.5 + 1.7.5 + + + 1.0 + 1.0 + + + 1.0 + 1.0 + + + 0.9 + 0.9 + + + 0.9 + 0.9 + + + +

+ Mozilla is a popular web browser that includes a mail and newsreader. + Mozilla Firefox and Mozilla Thunderbird are respectively the + next-generation browser and mail client from the Mozilla project. +

+ + +

+ Maurycy Prodeus from isec.pl found a potentially exploitable buffer + overflow in the handling of NNTP URLs. Furthermore, Martin (from + ptraced.net) discovered that temporary files in recent versions of + Mozilla-based products were sometimes stored world-readable with + predictable names. The Mozilla Team also fixed a way of spoofing + filenames in Firefox's "What should Firefox do with this file" dialog + boxes and a potential information leak about the existence of local + filenames. +

+ + +

+ A remote attacker could craft a malicious NNTP link and entice a user + to click it, potentially resulting in the execution of arbitrary code + with the rights of the user running the browser. A local attacker could + leverage the temporary file vulnerability to read the contents of + another user's attachments or downloads. A remote attacker could also + design a malicious web page that would allow to spoof filenames if the + user uses the "Open with..." function in Firefox, or retrieve + information on the presence of specific files in the local filesystem. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.5" +

+ All Mozilla binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.5" +

+ All Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0" +

+ All Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0" +

+ All Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-0.9" +

+ All Thunderbird binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-0.9" + + + isec.pl Advisory + Martin (from ptraced.net) Advisory + Secunia Advisory SA13144 + CVE-2004-2227 + CVE-2004-2228 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-04.xml new file mode 100644 index 0000000000..588604f6c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-04.xml @@ -0,0 +1,67 @@ + + + + + Shoutcast Server: Remote code execution + + Shoutcast Server contains a possible buffer overflow that could lead to the + execution of arbitrary code. + + Shoutcast-server-bin + January 05, 2005 + May 22, 2006: 02 + 75482 + remote + + + 1.9.5 + 1.9.4-r1 + + + +

+ Shoutcast Server is Nullsoft's streaming audio server. It runs on a + variety of platforms, including Linux, and is extremely popular with + Internet broadcasters. +

+ + +

+ Part of the Shoutcast Server Linux binary has been found to improperly + handle sprintf() parsing. +

+ + +

+ A malicious attacker could send a formatted URL request to the + Shoutcast Server. This formatted URL would cause either the server + process to crash, or the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Shoutcast Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/shoutcast-server-bin-1.9.5" + + + BugTraq Announcement + CVE-2004-1373 + + + lewk + + + koon + + + chriswhite + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-05.xml new file mode 100644 index 0000000000..0bc9bce070 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-05.xml @@ -0,0 +1,65 @@ + + + + + mit-krb5: Heap overflow in libkadm5srv + + The MIT Kerberos 5 administration library (libkadm5srv) contains a heap + overflow that could lead to execution of arbitrary code. + + mit-krb5 + January 05, 2005 + January 05, 2005: 01 + 75143 + remote + + + 1.3.6 + 1.3.6 + + + +

+ MIT krb5 is the free implementation of the Kerberos network + authentication protocol by the Massachusetts Institute of Technology. +

+ + +

+ The MIT Kerberos 5 administration library libkadm5srv contains a + heap overflow in the code handling password changing. +

+ + +

+ Under specific circumstances an attacker could execute arbitary + code with the permissions of the user running mit-krb5, which could be + the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mit-krb5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6" + + + CAN 2004-1189 + + + koon + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-06.xml new file mode 100644 index 0000000000..a783c67c82 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-06.xml @@ -0,0 +1,70 @@ + + + + + tiff: New overflows in image decoding + + An integer overflow has been found in the TIFF library image decoding + routines and the tiffdump utility, potentially allowing arbitrary code + execution. + + tiff + January 05, 2005 + January 05, 2005: 01 + 75213 + remote + + + 3.7.1-r1 + 3.7.1-r1 + + + +

+ The TIFF library contains encoding and decoding routines for the + Tag Image File Format. It is called by numerous programs, including + GNOME and KDE applications, to interpret TIFF images. +

+ + +

+ infamous41md found a potential integer overflow in the directory + entry count routines of the TIFF library (CAN-2004-1308). Dmitry V. + Levin found another similar issue in the tiffdump utility + (CAN-2004-1183). +

+ + +

+ A remote attacker could entice a user to view a carefully crafted + TIFF image file, which would potentially lead to execution of arbitrary + code with the rights of the user viewing the image. This affects any + program that makes use of the TIFF library, including many web browsers + or mail readers. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TIFF library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.1-r1" + + + CAN-2004-1183 + CAN-2004-1308 + iDEFENSE Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-07.xml new file mode 100644 index 0000000000..3c2d07ada4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-07.xml @@ -0,0 +1,78 @@ + + + + + xine-lib: Multiple overflows + + xine-lib contains multiple overflows potentially allowing execution of + arbitrary code. + + xine-lib + January 06, 2005 + January 06, 2005: 01 + 74475 + remote + + + 1_rc8-r1 + 1_rc6-r1 + 1_rc8-r1 + + + +

+ xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +

+ + +

+ Ariel Berkman discovered that xine-lib reads specific input data + into an array without checking the input size in demux_aiff.c, making + it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense + discovered that the PNA_TAG handling code in pnm_get_chunk() does not + check if the input size is larger than the buffer size (CAN-2004-1187). + iDefense also discovered that in this same function, a negative value + could be given to an unsigned variable that specifies the read length + of input data (CAN-2004-1188). +

+ + +

+ A remote attacker could craft a malicious movie or convince a + targeted user to connect to a malicious PNM server, which could result + in the execution of arbitrary code with the rights of the user running + any xine-lib frontend. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose media-libs/xine-lib + + + CAN-2004-1187 + CAN-2004-1188 + CAN-2004-1300 + iDefense Advisory + iDefense Advisory + Ariel Berkman Advisory + + + koon + + + SeJo + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-08.xml new file mode 100644 index 0000000000..6b79d2f815 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-08.xml @@ -0,0 +1,73 @@ + + + + + phpGroupWare: Various vulnerabilities + + Multiple vulnerabilities have been discovered in phpGroupWare that could + lead to information disclosure or remote compromise. + + phpgroupware + January 06, 2005 + May 22, 2006: 04 + 74487 + remote + + + 0.9.16.004 + 0.9.16.004 + + + +

+ phpGroupWare is a web-based suite of group applications including a + calendar, todo-list, addressbook, email, wiki, news headlines, and a + file manager. +

+ + +

+ Several flaws were discovered in phpGroupWare making it vulnerable to + cross-site scripting attacks, SQL injection, and full path disclosure. +

+ + +

+ These vulnerabilities could allow an attacker to perform cross-site + scripting attacks, execute SQL queries, and disclose the full path of + the web directory. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpGroupWare users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.004" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + BugTraq Advisory + CVE-2004-1383 + CVE-2004-1384 + CVE-2004-1385 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-09.xml new file mode 100644 index 0000000000..f0a8d8e031 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-09.xml @@ -0,0 +1,64 @@ + + + + + xzgv: Multiple overflows + + xzgv contains multiple overflows that may lead to the execution of + arbitrary code. + + xzgv + January 06, 2005 + January 06, 2005: 01 + 74069 + remote + + + 0.8-r1 + 0.8 + + + +

+ xzgv is a picture viewer for X, with a thumbnail-based file + selector. +

+ + +

+ Multiple overflows have been found in the image processing code of + xzgv, including an integer overflow in the PRF parsing code + (CAN-2004-0994). +

+ + +

+ An attacker could entice a user to open or browse a + specially-crafted image file, potentially resulting in the execution of + arbitrary code with the rights of the user running xzgv. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xzgv users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r1" + + + CAN-2004-0994 + iDEFENSE Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-10.xml new file mode 100644 index 0000000000..20a1823a1b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-10.xml @@ -0,0 +1,66 @@ + + + + + Vilistextum: Buffer overflow vulnerability + + Vilistextum is vulnerable to a buffer overflow that allows an attacker to + execute arbitrary code through the use of a malicious webpage. + + vilistextum + January 06, 2005 + January 06, 2005: 01 + 74694 + remote + + + 2.6.7 + 2.6.7 + + + +

+ Vilistextum is an HTML to text converter. +

+ + +

+ Ariel Berkman discovered that Vilistextum unsafely reads data into + an array without checking the length. This code vulnerability may lead + to a buffer overflow. +

+ + +

+ A remote attacker could craft a malicious webpage which, when + converted, would result in the execution of arbitrary code with the + rights of the user running Vilistextum. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Vilistextum users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/vilistextum-2.6.7" + + + Original Advisory + CAN-2004-1299 + + + koon + + + koon + + + SeJo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-11.xml new file mode 100644 index 0000000000..23b864e2ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-11.xml @@ -0,0 +1,66 @@ + + + + + Dillo: Format string vulnerability + + Dillo is vulnerable to a format string bug, which may result in the + execution of arbitrary code. + + Dillo + January 09, 2005 + January 09, 2005: 01 + 76665 + remote + + + 0.8.3-r4 + 0.8.3-r4 + + + +

+ Dillo is a small and fast multi-platform web browser based on + GTK+. +

+ + +

+ Gentoo Linux developer Tavis Ormandy found a format string bug in + Dillo's handling of messages in a_Interface_msg(). +

+ + +

+ An attacker could craft a malicious web page which, when accessed + using Dillo, would trigger the format string vulnerability and + potentially execute arbitrary code with the rights of the user running + Dillo. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dillo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/dillo-0.8.3-r4" + + + CAN-2005-0012 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-12.xml new file mode 100644 index 0000000000..f25d5faa80 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-12.xml @@ -0,0 +1,68 @@ + + + + + TikiWiki: Arbitrary command execution + + A bug in TikiWiki allows certain users to upload and execute malicious PHP + scripts. + + tikiwiki + January 10, 2005 + May 22, 2006: 03 + 75568 + remote + + + 1.8.4.1 + 1.8.4.1 + + + +

+ TikiWiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +

+ + +

+ TikiWiki lacks a check on uploaded images in the Wiki edit page. +

+ + +

+ A malicious user could run arbitrary commands on the server by + uploading and calling a PHP script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.4.1" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + TikiWiki Advisory + CVE-2004-1386 + + + koon + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-13.xml new file mode 100644 index 0000000000..b1ae8dc71c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-13.xml @@ -0,0 +1,64 @@ + + + + + pdftohtml: Vulnerabilities in included Xpdf + + pdftohtml includes vulnerable Xpdf code to handle PDF files, making it + vulnerable to execution of arbitrary code upon converting a malicious PDF + file. + + pdftohtml + January 10, 2005 + January 10, 2005: 01 + 75200 + remote + + + 0.36-r2 + 0.36-r2 + + + +

+ pdftohtml is a utility to convert PDF files to HTML or XML + formats. It makes use of Xpdf code to decode PDF files. +

+ + +

+ Xpdf is vulnerable to integer overflows, as described in GLSA + 200412-24. +

+ + +

+ An attacker could entice a user to convert a specially-crafted PDF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running pdftohtml. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pdftohtml users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r2" + + + GLSA 200412-24 + CAN-2004-1125 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-14.xml new file mode 100644 index 0000000000..52f2e0ae6c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-14.xml @@ -0,0 +1,64 @@ + + + + + mpg123: Buffer overflow + + An attacker may be able to execute arbitrary code by way of specially + crafted MP2 or MP3 files. + + media-sound/mpg123 + January 10, 2005 + January 10, 2005: 01 + 76862 + remote + + + 0.59s-r9 + 0.59s-r9 + + + +

+ mpg123 is a real-time MPEG audio player. +

+ + +

+ mpg123 improperly parses frame headers in input streams. +

+ + +

+ By inducing a user to play a malicious file, an attacker may be + able to exploit a buffer overflow to execute arbitrary code with the + permissions of the user running mpg123. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg123 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r9" + + + CAN-2004-0991 + Bugtraq Announcement + + + koon + + + vorlon078 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-15.xml new file mode 100644 index 0000000000..5082046fd2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-15.xml @@ -0,0 +1,65 @@ + + + + + UnRTF: Buffer overflow + + A buffer overflow in UnRTF allows an attacker to execute arbitrary code by + way of a specially crafted RTF file. + + app-text/unrtf + January 10, 2005 + January 10, 2005: 01 + 74480 + remote + + + 0.19.3-r1 + 0.19.3-r1 + + + +

+ UnRTF is a utility to convert files in the Rich Text Format into + other formats. +

+ + +

+ An unchecked strcat() in unrtf may overflow the bounds of a static + buffer. +

+ + +

+ Using a specially crafted file, possibly delivered by e-mail or + over the web, an attacker may execute arbitrary code with the + permissions of the user running UnRTF. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All unrtf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/unrtf-0.19.3-r1" + + + Original Announcement + + + vorlon078 + + + vorlon078 + + + dmargoli + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-16.xml new file mode 100644 index 0000000000..40691e9e67 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-16.xml @@ -0,0 +1,66 @@ + + + + + Konqueror: Java sandbox vulnerabilities + + The Java sandbox environment in Konqueror can be bypassed to access + arbitrary packages, allowing untrusted Java applets to perform unrestricted + actions on the host system. + + Konqueror, kde, kdelibs + January 11, 2005 + January 12, 2005: 02 + 72750 + remote + + + 3.3.2 + 3.3.2 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. Konqueror is the KDE web browser and file + manager. +

+ + +

+ Konqueror contains two errors that allow JavaScript scripts and Java + applets to have access to restricted Java classes. +

+ + +

+ A remote attacker could embed a malicious Java applet in a web page and + entice a victim to view it. This applet can then bypass security + restrictions and execute any command, or access any file with the + rights of the user running Konqueror. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdelibs + + + KDE Security Advisory: Konqueror Java Vulnerability + CAN 2004-1145 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-17.xml new file mode 100644 index 0000000000..7fd89abb95 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-17.xml @@ -0,0 +1,79 @@ + + + + + KPdf, KOffice: More vulnerabilities in included Xpdf + + KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, + making them vulnerable to the execution of arbitrary code if a user is + enticed to view a malicious PDF file. + + kpdf, koffice + January 11, 2005 + January 12, 2005: 02 + 75203 + 75204 + remote + + + 1.3.5-r1 + 1.3.5-r1 + + + 3.3.2-r1 + 3.2.3-r3 + 3.3.2-r1 + + + +

+ KPdf is a KDE-based PDF viewer included in the kdegraphics package. + KOffice is an integrated office suite for KDE. +

+ + +

+ KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is + vulnerable to multiple new integer overflows, as described in GLSA + 200412-24. +

+ + +

+ An attacker could entice a user to open a specially-crafted PDF file, + potentially resulting in the execution of arbitrary code with the + rights of the user running the affected utility. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KPdf users should upgrade to the latest version of kdegraphics: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdegraphics +

+ All KOffice users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-office/koffice + + + GLSA 200412-24 + CAN-2004-1125 + KDE Security Advisory: kpdf Buffer Overflow Vulnerability + KOffice XPDF Integer Overflow 2 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-18.xml new file mode 100644 index 0000000000..61ad41d4d1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-18.xml @@ -0,0 +1,67 @@ + + + + + KDE FTP KIOslave: Command injection + + The FTP KIOslave contains a bug allowing users to execute arbitrary FTP + commands. + + konqueror + January 11, 2005 + January 12, 2005: 02 + 73759 + remote + + + 3.3.2-r2 + 3.2.3-r5 + 3.3.2-r2 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KDE provided KIOslaves for many protocols + in the kdelibs package, one of them being FTP. These are used by KDE + applications such as Konqueror. +

+ + +

+ The FTP KIOslave fails to properly parse URL-encoded newline + characters. +

+ + +

+ An attacker could exploit this to execute arbitrary FTP commands on the + server and due to similiarities between the FTP and the SMTP protocol, + this vulnerability also allows an attacker to connect to a SMTP server + and issue arbitrary commands, for example sending an email. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdelibs + + + KDE Security Advisory: ftp kioslave command injection + CAN-2004-1165 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-19.xml new file mode 100644 index 0000000000..3beddb86b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-19.xml @@ -0,0 +1,70 @@ + + + + + imlib2: Buffer overflows in image decoding + + Multiple overflows have been found in the imlib2 library image decoding + routines, potentially allowing the execution of arbitrary code. + + imlib2 + January 11, 2005 + January 11, 2005: 01 + 77002 + remote + + + 1.2.0 + 1.2.0 + + + +

+ imlib2 is an advanced replacement for image manipulation libraries + such as libXpm. It is utilized by numerous programs, including gkrellm + and several window managers, to display images. +

+ + +

+ Pavel Kankovsky discovered that several buffer overflows found in + the libXpm library (see GLSA 200409-34) also apply to imlib (see GLSA + 200412-03) and imlib2. He also fixed a number of other potential + security vulnerabilities. +

+ + +

+ A remote attacker could entice a user to view a carefully-crafted + image file, which would potentially lead to the execution of arbitrary + code with the rights of the user viewing the image. This affects any + program that utilizes of the imlib2 library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All imlib2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.2.0" + + + CAN-2004-1026 + GLSA 200412-03 + + + koon + + + dmargoli + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-20.xml new file mode 100644 index 0000000000..d53b2ef21e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-20.xml @@ -0,0 +1,67 @@ + + + + + o3read: Buffer overflow during file conversion + + A buffer overflow in o3read allows an attacker to execute arbitrary code by + way of a specially crafted XML file. + + o3read + January 11, 2005 + January 11, 2005: 01 + 74478 + remote + + + 0.0.4 + 0.0.3 + + + +

+ o3read is a standalone converter for OpenOffice.org files. It + allows a user to dump the contents tree (o3read) and convert to plain + text (o3totxt) or to HTML (o3tohtml) Writer and Calc files. +

+ + +

+ Wiktor Kopec discovered that the parse_html function in o3read.c + copies any number of bytes into a 1024-byte t[] array. +

+ + +

+ Using a specially crafted file, possibly delivered by e-mail or + over the Web, an attacker may execute arbitrary code with the + permissions of the user running o3read. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All o3read users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4" + + + CAN-2004-1288 + Wiktor Kopec advisory + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-21.xml new file mode 100644 index 0000000000..634a42450e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-21.xml @@ -0,0 +1,73 @@ + + + + + HylaFAX: hfaxd unauthorized login vulnerability + + HylaFAX is subject to a vulnerability in its username matching code, + potentially allowing remote users to bypass access control lists. + + HylaFAX + January 11, 2005 + January 11, 2005: 01 + 75941 + remote + + + 4.2.0-r2 + 4.2.0-r2 + + + +

+ HylaFAX is a software package for sending and receiving facsimile + messages. +

+ + +

+ The code used by hfaxd to match a given username and hostname with + an entry in the hosts.hfaxd file is insufficiently protected against + malicious entries. +

+ + +

+ If the HylaFAX installation uses a weak hosts.hfaxd file, a remote + attacker could authenticate using a malicious username or hostname and + bypass the intended access restrictions. +

+ + +

+ As a workaround, administrators may consider adding passwords to + all entries in the hosts.hfaxd file. +

+ + +

+ All HylaFAX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.0-r2" +

+ Note: Due to heightened security, weak entries in the + hosts.hfaxd file may no longer work. Please see the HylaFAX + documentation for details of accepted syntax in the hosts.hfaxd file. +

+ + + CAN-2004-1182 + HylaFAX Announcement + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-22.xml new file mode 100644 index 0000000000..dd598b3842 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-22.xml @@ -0,0 +1,77 @@ + + + + + poppassd_pam: Unauthorized password changing + + poppassd_pam allows anyone to change any user's password without + authenticating the user first. + + poppassd_pam + January 11, 2005 + January 11, 2005: 01 + 75820 + remote + + + 1.8.4 + 1.0 + + + 1.0 + + + +

+ poppassd_pam is a PAM-enabled server for changing system passwords + that can be used to change POP server passwords. +

+ + +

+ Gentoo Linux developer Marcus Hanwell discovered that poppassd_pam + did not check that the old password was valid before changing + passwords. Our investigation revealed that poppassd_pam did not call + pam_authenticate before calling pam_chauthtok. +

+ + +

+ A remote attacker could change the system password of any user, + including root. This leads to a complete compromise of the POP + accounts, and may also lead to a complete root compromise of the + affected server, if it also provides shell access authenticated using + system passwords. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All poppassd_pam users should migrate to the new package called + poppassd_ceti: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/poppassd_ceti-1.8.4" +

+ Note: Portage will automatically replace the poppassd_pam + package by the poppassd_ceti package. +

+ + + CAN-2005-0002 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-23.xml new file mode 100644 index 0000000000..a049ddac0d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-23.xml @@ -0,0 +1,72 @@ + + + + + Exim: Two buffer overflows + + Buffer overflow vulnerabilities, which could lead to arbitrary code + execution, have been found in the handling of IPv6 addresses as well as in + the SPA authentication mechanism in Exim. + + exim + January 12, 2005 + January 12, 2005: 01 + 76893 + remote + + + 4.43-r2 + 4.43-r2 + + + +

+ Exim is an highly configurable message transfer agent (MTA) + developed at the University of Cambridge. +

+ + +

+ Buffer overflows have been found in the host_aton() function + (CAN-2005-0021) as well as in the spa_base64_to_bits() function + (CAN-2005-0022), which is part of the SPA authentication code. +

+ + +

+ A local attacker could trigger the buffer overflow in host_aton() + by supplying an illegal IPv6 address with more than 8 components, using + a command line option. The second vulnerability could be remotely + exploited during SPA authentication, if it is enabled on the server. + Both buffer overflows can potentially lead to the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Exim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.43-r2" + + + Exim Announcement + CAN-2005-0021 + CAN-2005-0022 + + + koon + + + vorlon078 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-24.xml new file mode 100644 index 0000000000..d6ae2e0b28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-24.xml @@ -0,0 +1,65 @@ + + + + + tnftp: Arbitrary file overwriting + + tnftp fails to validate filenames when downloading files, making it + vulnerable to arbitrary file overwriting. + + tnftp + January 14, 2005 + January 14, 2005: 01 + 74704 + remote + + + 20050103 + 20050103 + + + +

+ tnftp is a NetBSD FTP client with several advanced features. +

+ + +

+ The 'mget' function in cmds.c lacks validation of the filenames + that are supplied by the server. +

+ + +

+ An attacker running an FTP server could supply clients with + malicious filenames, potentially allowing the overwriting of arbitrary + files with the permission of the connected user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All tnftp users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/tnftp-20050103" + + + CAN-2004-1294 + Original Advisory + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-25.xml new file mode 100644 index 0000000000..326f299b5c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-25.xml @@ -0,0 +1,81 @@ + + + + + Squid: Multiple vulnerabilities + + Squid contains vulnerabilities in the the code handling NTLM (NT Lan + Manager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol) + which could lead to ACL bypass, denial of service and arbitrary code + execution. + + squid + January 16, 2005 + February 07, 2005: 03 + 77934 + 77521 + remote + + + 2.5.7-r2 + 2.5.7-r2 + + + +

+ Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +

+ + +

+ Squid contains a vulnerability in the gopherToHTML function + (CAN-2005-0094) and incorrectly checks the 'number of caches' field + when parsing WCCP_I_SEE_YOU messages (CAN-2005-0095). Furthermore the + NTLM code contains two errors. One is a memory leak in the + fakeauth_auth helper (CAN-2005-0096) and the other is a NULL pointer + dereferencing error (CAN-2005-0097). Finally Squid also contains an + error in the ACL parsing code (CAN-2005-0194). +

+ + +

+ With the WCCP issue an attacker could cause denial of service by + sending a specially crafted UDP packet. With the Gopher issue an + attacker might be able to execute arbitrary code by enticing a user to + connect to a malicious Gopher server. The NTLM issues could lead to + denial of service by memory consumption or by crashing Squid. The ACL + issue could lead to ACL bypass. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.7-r2" + + + Secunia Advisory SA13825 + Secunia Advisory SA13789 + CAN-2005-0094 + CAN-2005-0095 + CAN-2005-0096 + CAN-2005-0097 + CAN-2005-0194 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-26.xml new file mode 100644 index 0000000000..43deeb5192 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-26.xml @@ -0,0 +1,63 @@ + + + + + ImageMagick: PSD decoding heap overflow + + ImageMagick is vulnerable to a heap overflow when decoding Photoshop + Document (PSD) files, which could lead to arbitrary code execution. + + imagemagick + January 20, 2005 + January 20, 2005: 01 + 77932 + remote + + + 6.1.8.8 + 6.1.8.8 + + + +

+ ImageMagick is a collection of tools to read, write and manipulate + images in many formats. +

+ + +

+ Andrei Nigmatulin discovered that a Photoshop Document (PSD) file + with more than 24 layers could trigger a heap overflow. +

+ + +

+ An attacker could potentially design a mailicous PSD image file to + cause arbitrary code execution with the permissions of the user running + ImageMagick. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.8.8" + + + CAN-2005-0005 + iDEFENSE Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-27.xml new file mode 100644 index 0000000000..79a3964122 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-27.xml @@ -0,0 +1,87 @@ + + + + + Ethereal: Multiple vulnerabilities + + Multiple vulnerabilities exist in Ethereal, which may allow an attacker to + run arbitrary code, crash the program or perform DoS by CPU and disk + utilization. + + ethereal + January 20, 2005 + January 20, 2005: 01 + 78559 + remote + + + 0.10.9 + 0.10.9 + + + +

+ Ethereal is a feature rich network protocol analyzer. +

+ + +

+ There are multiple vulnerabilities in versions of Ethereal earlier + than 0.10.9, including: +

+
    +
  • The COPS dissector could go into + an infinite loop (CAN-2005-0006).
    • +
  • The DLSw dissector could + cause an assertion, making Ethereal exit prematurely + (CAN-2005-0007).
    • +
  • The DNP dissector could cause memory + corruption (CAN-2005-0008).
    • +
  • The Gnutella dissector could cause + an assertion, making Ethereal exit prematurely (CAN-2005-0009).
    • +
  • The MMSE dissector could free statically-allocated memory + (CAN-2005-0010).
    • +
  • The X11 dissector is vulnerable to a string + buffer overflow (CAN-2005-0084).
    • +
+ + +

+ An attacker might be able to use these vulnerabilities to crash + Ethereal, perform DoS by CPU and disk space utilization or even execute + arbitrary code with the permissions of the user running Ethereal, which + could be the root user. +

+ + +

+ For a temporary workaround you can disable all affected protocol + dissectors by selecting Analyze->Enabled Protocols... and deselecting + them from the list. However, it is strongly recommended to upgrade to + the latest stable version. +

+ + +

+ All Ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.9" + + + CAN-2005-0006 + CAN-2005-0007 + CAN-2005-0008 + CAN-2005-0009 + CAN-2005-0010 + CAN-2005-0084 + Ethereal Release Notes + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-28.xml new file mode 100644 index 0000000000..a603e2d4ac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-28.xml @@ -0,0 +1,77 @@ + + + + + Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 + + A stack overflow was discovered in Xpdf, potentially resulting in the + execution of arbitrary code. GPdf includes Xpdf code and therefore is + vulnerable to the same issue. + + Xpdf + January 21, 2005 + January 21, 2005: 01 + 77888 + 78128 + remote + + + 3.00-r8 + 3.00-r7 + + + 2.8.2 + 2.8.2 + + + +

+ Xpdf is an open source viewer for Portable Document Format (PDF) + files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code. +

+ + +

+ iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf's + Decrypt.cc insufficiently checks boundaries when processing /Encrypt + /Length tags in PDF files. +

+ + +

+ An attacker could entice an user to open a specially-crafted PDF + file which would trigger a stack overflow, potentially resulting in + execution of arbitrary code with the rights of the user running Xpdf or + GPdf. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r8" +

+ All GPdf users should also upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.8.2" + + + CAN-2005-0064 + iDEFENSE Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-29.xml new file mode 100644 index 0000000000..f256e77561 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-29.xml @@ -0,0 +1,64 @@ + + + + + Mailman: Cross-site scripting vulnerability + + Mailman is vulnerable to cross-site scripting attacks. + + mailman + January 22, 2005 + January 22, 2005: 01 + 77524 + remote + + + 2.1.5-r3 + 2.1.5-r3 + + + +

+ Mailman is a Python-based mailing list server with an extensive + web interface. +

+ + +

+ Florian Weimer has discovered a cross-site scripting vulnerability + in the error messages that are produced by Mailman. +

+ + +

+ By enticing a user to visiting a specially-crafted URL, an + attacker can execute arbitrary script code running in the context of + the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mailman users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3" + + + CAN-2004-1177 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-30.xml new file mode 100644 index 0000000000..cbebbe4d41 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-30.xml @@ -0,0 +1,64 @@ + + + + + CUPS: Stack overflow in included Xpdf code + + CUPS includes Xpdf code and therefore is vulnerable to the recent stack + overflow issue, potentially resulting in the remote execution of arbitrary + code. + + CUPS + January 22, 2005 + January 22, 2005: 01 + 78249 + remote + + + 1.1.23-r1 + 1.1.23-r1 + + + +

+ The Common UNIX Printing System (CUPS) is a cross-platform print + spooler. It makes use of Xpdf code to handle PDF files. +

+ + +

+ The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc + insufficiently checks boundaries when processing /Encrypt /Length tags + in PDF files (GLSA 200501-28). +

+ + +

+ This issue could be exploited by a remote attacker to execute + arbitrary code by sending a malicious print job to a CUPS spooler. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1" + + + CAN-2005-0064 + GLSA 200501-28 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-31.xml new file mode 100644 index 0000000000..ef8d273b12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-31.xml @@ -0,0 +1,99 @@ + + + + + teTeX, pTeX, CSTeX: Multiple vulnerabilities + + teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the + remote execution of arbitrary code. Furthermore, the xdvizilla script is + vulnerable to temporary file handling issues. + + teTeX + January 23, 2005 + January 23, 2005: 01 + 75801 + remote and local + + + 2.0.2-r5 + 2.0.2-r5 + + + 2.0.2-r1 + 2.0.2-r1 + + + 3.1.4-r2 + 3.1.4-r2 + + + +

+ teTeX is a complete and open source TeX distribution. CSTeX is + another TeX distribution including Czech and Slovak support. pTeX is + another alternative that allows Japanese publishing with TeX. xdvizilla + is an auxiliary script used to integrate DVI file viewing in + Mozilla-based browsers. +

+ + +

+ teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore + be vulnerable to the various overflows that were discovered in Xpdf + code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). + Furthermore, Javier Fernandez-Sanguino Pena discovered that the + xdvizilla script does not handle temporary files correctly. +

+ + +

+ An attacker could design a malicious input file which, when + processed using one of the TeX distributions, could lead to the + execution of arbitrary code. Furthermore, a local attacker could create + symbolic links in the temporary files directory, pointing to a valid + file somewhere on the filesystem. When xdvizilla is called, this would + result in the file being overwritten with the rights of the user + running the script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All teTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r5" +

+ All CSTeX users should also upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r1" +

+ Finally, all pTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.4-r2" + + + CAN-2004-0888 + CAN-2004-0889 + CAN-2004-1125 + CAN-2005-0064 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-32.xml new file mode 100644 index 0000000000..0698405037 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-32.xml @@ -0,0 +1,78 @@ + + + + + KPdf, KOffice: Stack overflow in included Xpdf code + + KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, + making them vulnerable to the execution of arbitrary code. + + kpdf, koffice + January 23, 2005 + January 23, 2005: 01 + 78619 + 78620 + remote + + + 1.3.5-r2 + 1.3.5-r2 + + + 3.3.2-r2 + 3.2.3-r4 + 3.3.2-r2 + + + +

+ KPdf is a KDE-based PDF viewer included in the kdegraphics + package. KOffice is an integrated office suite for KDE. +

+ + +

+ KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf + is vulnerable to a new stack overflow, as described in GLSA 200501-28. +

+ + +

+ An attacker could entice a user to open a specially-crafted PDF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running the affected application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KPdf users should upgrade to the latest version of + kdegraphics: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdegraphics +

+ All KOffice users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-office/koffice + + + GLSA 200501-18 + CAN-2005-0064 + KDE Security Advisory: kpdf Buffer Overflow Vulnerability + KDE Security Advisory: KOffice PDF Import Filter Vulnerability + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-33.xml new file mode 100644 index 0000000000..4cb3ac3530 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-33.xml @@ -0,0 +1,68 @@ + + + + + MySQL: Insecure temporary file creation + + MySQL is vulnerable to symlink attacks, potentially allowing a local user + to overwrite arbitrary files. + + mysql + January 23, 2005 + January 23, 2005: 01 + 77805 + local + + + 4.0.22-r2 + 4.0.22-r2 + + + +

+ MySQL is a fast, multi-threaded, multi-user SQL database server. +

+ + +

+ Javier Fernandez-Sanguino Pena from the Debian Security Audit + Project discovered that the 'mysqlaccess' script creates temporary + files in world-writeable directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When the mysqlaccess script is executed, this would result in the file + being overwritten with the rights of the user running the software, + which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.22-r2" + + + CAN-2005-0004 + Secunia Advisory SA13867 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-34.xml new file mode 100644 index 0000000000..377bf955d8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-34.xml @@ -0,0 +1,79 @@ + + + + + Konversation: Various vulnerabilities + + Konversation contains multiple vulnerabilities that could lead to remote + command execution or information leaks. + + konversation + January 24, 2005 + January 24, 2005: 01 + 78712 + remote + + + 0.15.1 + 0.15.1 + + + +

+ Konversation is a user-friendly IRC client for KDE. +

+ + +

+ Wouter Coekaerts has discovered three vulnerabilities within + Konversation: +

+
    +
  • The Server::parseWildcards function, which + is used by the "Quick Buttons", does not properly handle variable + expansion (CAN-2005-0129).
    • +
  • Perl scripts included with + Konversation do not properly escape shell metacharacters + (CAN-2005-0130).
    • +
  • The 'Nick' and 'Password' fields in the Quick + Connect dialog can be easily confused (CAN-2005-0131).
    • +
+ + +

+ A malicious server could create specially-crafted channels, which + would exploit certain flaws in Konversation, potentially leading to the + execution of shell commands. A user could also unintentionally input + their password into the 'Nick' field in the Quick Connect dialog, + exposing his password to IRC users, and log files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Konversation users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/konversation-0.15.1" + + + CAN-2005-0129 + CAN-2005-0130 + CAN-2005-0131 + KDE Security Advisory: Multiple vulnerabilities in Konversation + + + jaervosz + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-35.xml new file mode 100644 index 0000000000..83722a5ec0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-35.xml @@ -0,0 +1,64 @@ + + + + + Evolution: Integer overflow in camel-lock-helper + + An overflow in the camel-lock-helper application can be exploited by an + attacker to execute arbitrary code with elevated privileges. + + evolution + January 24, 2005 + January 24, 2005: 01 + 79183 + local and remote + + + 2.0.2-r1 + 2.0.2 + + + +

+ Evolution is a GNOME groupware application similar to Microsoft + Outlook. +

+ + +

+ Max Vozeler discovered an integer overflow in the + camel-lock-helper application, which is installed as setgid mail by + default. +

+ + +

+ A local attacker could exploit this vulnerability to execute + malicious code with the privileges of the 'mail' group. A remote + attacker could also setup a malicious POP server to execute arbitrary + code when an Evolution user connects to it. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Evolution users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.0.2-r1" + + + CAN-2005-0102 + + + DerCorny + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-36.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-36.xml new file mode 100644 index 0000000000..1d0c50f3a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-36.xml @@ -0,0 +1,77 @@ + + + + + AWStats: Remote code execution + + AWStats fails to validate certain input, which could lead to the remote + execution of arbitrary code or to the leak of information. + + awstats + January 25, 2005 + May 28, 2009: 04 + 77963 + 81775 + remote + + + 6.3-r2 + 6.3-r2 + + + +

+ AWStats is an advanced log file analyzer and statistics generator. +

+ + +

+ When 'awstats.pl' is run as a CGI script, it fails to validate specific + inputs which are used in a Perl open() function call. Furthermore, a + user could read log file content even when plugin rawlog was not + enabled. +

+ + +

+ A remote attacker could supply AWStats malicious input, potentially + allowing the execution of arbitrary code with the rights of the web + server. He could also access raw log contents. +

+ + +

+ Making sure that AWStats does not run as a CGI script will avoid the + issue, but we recommend that users upgrade to the latest version, which + fixes these bugs. +

+ + +

+ All AWStats users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-misc/awstats-6.3-r2" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + AWStats ChangeLog + iDEFENSE Advisory + CAN-2005-0116 + CAN-2005-0362 + CAN-2005-0363 + + + koon + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-37.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-37.xml new file mode 100644 index 0000000000..fc0ac731f1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-37.xml @@ -0,0 +1,66 @@ + + + + + GraphicsMagick: PSD decoding heap overflow + + GraphicsMagick is vulnerable to a heap overflow when decoding Photoshop + Document (PSD) files, which could lead to arbitrary code execution. + + GraphicsMagick + January 26, 2005 + January 26, 2005: 01 + 79336 + remote + + + 1.1.5 + 1.1.5 + + + +

+ GraphicsMagick is a collection of tools to read, write and + manipulate images in many formats. GraphicsMagick is originally derived + from ImageMagick 5.5.2. +

+ + +

+ Andrei Nigmatulin discovered that handling a Photoshop Document + (PSD) file with more than 24 layers in ImageMagick could trigger a heap + overflow (GLSA 200501-26). GraphicsMagick is based on the same code and + therefore suffers from the same flaw. +

+ + +

+ An attacker could potentially design a malicious PSD image file to + cause arbitrary code execution with the permissions of the user running + GraphicsMagick. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GraphicsMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.5" + + + CAN-2005-0005 + GLSA 200501-26 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-38.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-38.xml new file mode 100644 index 0000000000..d941af80b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-38.xml @@ -0,0 +1,84 @@ + + + + + Perl: rmtree and DBI tmpfile vulnerabilities + + The Perl DBI library and File::Path::rmtree function are vulnerable to + symlink attacks. + + Perl + January 26, 2005 + March 15, 2005: 03 + 75696 + 78634 + 79685 + local + + + 1.37-r1 + 1.38-r1 + 1.38 + + + 5.8.6-r4 + 5.8.5-r5 + 5.8.4-r4 + 5.8.2-r4 + 5.8.6-r3 + + + +

+ Perl is a cross platform programming language. The DBI is the standard + database interface module for Perl. +

+ + +

+ Javier Fernandez-Sanguino Pena discovered that the DBI library creates + temporary files in an insecure, predictable way (CAN-2005-0077). Paul + Szabo found out that "File::Path::rmtree" is vulnerable to various race + conditions (CAN-2004-0452, CAN-2005-0448). +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory that point to a valid file somewhere on the filesystem. When + the DBI library or File::Path::rmtree is executed, this could be used + to overwrite or remove files with the rights of the user calling these + functions. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Perl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-lang/perl +

+ All DBI library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-perl/DBI + + + CAN-2004-0452 + CAN-2005-0077 + CAN-2005-0448 + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-39.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-39.xml new file mode 100644 index 0000000000..4f0c700aeb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-39.xml @@ -0,0 +1,83 @@ + + + + + SquirrelMail: Multiple vulnerabilities + + SquirrelMail fails to properly sanitize user input, which could lead to + arbitrary code execution and compromise webmail accounts. + + SquirrelMail + January 28, 2005 + January 28, 2005: 01 + 78116 + remote + + + 1.4.4 + 1.4.3a-r2 + + + +

+ SquirrelMail is a webmail package written in PHP. It supports IMAP + and SMTP and can optionally be installed with SQL support. +

+ + +

+ SquirrelMail fails to properly sanitize certain strings when + decoding specially-crafted strings, which can lead to PHP file + inclusion and XSS. +

+
    +
  • Insufficient checking of incoming URLs + in prefs.php (CAN-2005-0075) and in webmail.php (CAN-2005-0103).
    • +
  • Insufficient escaping of integers in webmail.php + (CAN-2005-0104).
    • +
+ + +

+ By sending a specially-crafted URL, an attacker can execute + arbitrary code from the local system with the permissions of the web + server. Furthermore by enticing a user to load a specially-crafted URL, + it is possible to display arbitrary remote web pages in Squirrelmail's + frameset and execute arbitrary scripts running in the context of the + victim's browser. This could lead to a compromise of the user's webmail + account, cookie theft, etc. +

+ + +

+ The arbitrary code execution is only possible with + "register_globals" set to "On". Gentoo ships PHP with + "register_globals" set to "Off" by default. There are no known + workarounds for the other issues at this time. +

+ + +

+ All SquirrelMail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.4" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + SquirrelMail Advisory + CAN-2005-0075 + CAN-2005-0103 + CAN-2005-0104 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-40.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-40.xml new file mode 100644 index 0000000000..9e60708852 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-40.xml @@ -0,0 +1,65 @@ + + + + + ngIRCd: Buffer overflow + + ngIRCd is vulnerable to a buffer overflow that can be used to crash the + daemon and possibly execute arbitrary code. + + ngIRCd + January 28, 2005 + May 22, 2006: 02 + 79705 + remote + + + 0.8.2 + 0.8.2 + + + +

+ ngIRCd is a free open source daemon for Internet Relay Chat (IRC). +

+ + +

+ Florian Westphal discovered a buffer overflow caused by an integer + underflow in the Lists_MakeMask() function of lists.c. +

+ + +

+ A remote attacker can exploit this buffer overflow to crash the ngIRCd + daemon and possibly execute arbitrary code with the rights of the + ngIRCd daemon process. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ngIRCd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/ngIRCd-0.8.2" + + + ngIRCd Release Annoucement + CVE-2005-0199 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-41.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-41.xml new file mode 100644 index 0000000000..bb6acb9d4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-41.xml @@ -0,0 +1,61 @@ + + + + + TikiWiki: Arbitrary command execution + + A bug in TikiWiki allows certain users to upload and execute malicious PHP + scripts. + + tikiwiki + January 30, 2005 + May 22, 2006: 02 + 78944 + remote + + + 1.8.5 + 1.8.5 + + + +

+ TikiWiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +

+ + +

+ TikiWiki does not validate files uploaded to the "temp" directory. +

+ + +

+ A malicious user could run arbitrary commands on the server by + uploading and calling a PHP script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5" + + + TikiWiki Advisory + CVE-2005-0200 + + + DerCorny + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-42.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-42.xml new file mode 100644 index 0000000000..2e20cf95d0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-42.xml @@ -0,0 +1,65 @@ + + + + + VDR: Arbitrary file overwriting issue + + VDR insecurely accesses files with elevated privileges, which may result in + the overwriting of arbitrary files. + + VDR + January 30, 2005 + January 30, 2005: 01 + 78230 + local + + + 1.2.6-r1 + 1.2.6-r1 + + + +

+ Video Disk Recorder (VDR) is a Linux-based digital video recorder. + The VDR program handles the On Screen Menu system that offers complete + control over channel settings, timers and recordings. +

+ + +

+ Javier Fernandez-Sanguino Pena from the Debian Security Audit Team + discovered that VDR accesses user-controlled files insecurely. +

+ + +

+ A local attacker could create malicious links and invoke a VDR + recording that would overwrite arbitrary files on the system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VDR users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vdr-1.2.6-r1" + + + CAN-2005-0071 + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-43.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-43.xml new file mode 100644 index 0000000000..29f5ae2c98 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-43.xml @@ -0,0 +1,65 @@ + + + + + f2c: Insecure temporary file creation + + f2c is vulnerable to symlink attacks, potentially allowing a local user to + overwrite arbitrary files. + + f2c + January 30, 2005 + January 30, 2005: 01 + 79725 + local + + + 20030320-r1 + 20030320 + + + +

+ f2c is a Fortran to C translator. Portage uses this package in + some ebuilds to build Fortran sources. +

+ + +

+ Javier Fernandez-Sanguino Pena from the Debian Security Audit Team + discovered that f2c creates temporary files in world-writeable + directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When f2c is executed, this would result in the file being overwritten + with the rights of the user running the software, which could be the + root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All f2c users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/f2c-20030320-r1" + + + CAN-2005-0017 + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-44.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-44.xml new file mode 100644 index 0000000000..ef393b11e2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-44.xml @@ -0,0 +1,73 @@ + + + + + ncpfs: Multiple vulnerabilities + + The ncpfs utilities contain multiple flaws, potentially resulting in the + remote execution of arbitrary code or local file access with elevated + privileges. + + ncpfs + January 30, 2005 + January 30, 2005: 01 + 77414 + remote and local + + + 2.2.6 + 2.2.6 + + + +

+ ncpfs is a NCP protocol network filesystem driver that allows + access to NetWare services, to mount volumes of NetWare servers or + print to NetWare print queues. +

+ + +

+ Erik Sjolund discovered two vulnerabilities in the programs + bundled with ncpfs: there is a potentially exploitable buffer overflow + in ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities + using the NetWare client functions insecurely access files with + elevated privileges (CAN-2005-0013). +

+ + +

+ The buffer overflow might allow a malicious remote NetWare server + to execute arbitrary code on the NetWare client. Furthermore, a local + attacker may be able to create links and access files with elevated + privileges using SUID ncpfs utilities. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ncpfs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/ncpfs-2.2.6" + + + CAN-2005-0013 + CAN-2005-0014 + ncpfs ChangeLog + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-45.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-45.xml new file mode 100644 index 0000000000..39f31e059d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-45.xml @@ -0,0 +1,69 @@ + + + + + Gallery: Cross-site scripting vulnerability + + Gallery is vulnerable to cross-site scripting attacks. + + gallery + January 30, 2005 + May 22, 2006: 04 + 78522 + remote + + + 1.4.4_p6 + 1.4.4_p6 + + + +

+ Gallery is a web application written in PHP which is used to organize + and publish photo albums. It allows multiple users to build and + maintain their own albums. It also supports the mirroring of images on + other servers. +

+ + +

+ Rafel Ivgi has discovered a cross-site scripting vulnerability where + the 'username' parameter is not properly sanitized in 'login.php'. +

+ + +

+ By sending a carefully crafted URL, an attacker can inject and execute + script code in the victim's browser window, and potentially compromise + the user's gallery. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gallery users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p6" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + Gallery Announcement + Secunia Advisory SA13887 + CVE-2005-0220 + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-46.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-46.xml new file mode 100644 index 0000000000..e09944285b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200501-46.xml @@ -0,0 +1,69 @@ + + + + + ClamAV: Multiple issues + + ClamAV contains two vulnerabilities that could lead to Denial of Service + and evasion of virus scanning. + + clamav + January 31, 2005 + May 22, 2006: 02 + 78656 + 79194 + remote + + + 0.81 + 0.80 + + + +

+ ClamAV is an antivirus toolkit. It includes a multi-threaded daemon and + a command line scanner. +

+ + +

+ ClamAV fails to properly scan ZIP files with special headers + (CAN-2005-0133) and base64 encoded images in URLs. +

+ + +

+ By sending a base64 encoded image file in a URL an attacker could evade + virus scanning. By sending a specially-crafted ZIP file an attacker + could cause a Denial of Service by crashing the clamd daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.81" + + + CAN-2005-0133 + CVE-2005-0218 + ClamAV Release Announcement + Secunia SA13900 + + + koon + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-01.xml new file mode 100644 index 0000000000..dc4c970f79 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-01.xml @@ -0,0 +1,65 @@ + + + + + FireHOL: Insecure temporary file creation + + FireHOL is vulnerable to symlink attacks, potentially allowing a local user + to overwrite arbitrary files. + + FireHOL + February 01, 2005 + May 22, 2006: 02 + 79330 + local + + + 1.224 + 1.224 + + + +

+ FireHOL is an iptables rules generator. +

+ + +

+ FireHOL insecurely creates temporary files with predictable names. +

+ + +

+ A local attacker could create malicious symbolic links to arbitrary + system files. When FireHOL is executed, this could lead to these files + being overwritten with the rights of the user launching FireHOL, + usually the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FireHOL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/firehol-1.224" + + + FireHOL CVS log + CVE-2005-0225 + + + koon + + + vorlon078 + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-02.xml new file mode 100644 index 0000000000..f0adcaebb5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-02.xml @@ -0,0 +1,65 @@ + + + + + UW IMAP: CRAM-MD5 authentication bypass + + UW IMAP contains a vulnerability in the code handling CRAM-MD5 + authentication allowing authentication bypass. + + uw-imap + February 02, 2005 + May 22, 2006: 02 + 79874 + remote + + + 2004b + 2004a + + + +

+ UW IMAP is the University of Washington IMAP toolkit which includes + POP3 and IMAP daemons. +

+ + +

+ A logic bug in the code handling CRAM-MD5 authentication incorrectly + specifies the condition for successful authentication. +

+ + +

+ An attacker could exploit this vulnerability to authenticate as any + mail user on a server with CRAM-MD5 authentication enabled. +

+ + +

+ Disable CRAM-MD5 authentication. +

+ + +

+ All UW IMAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004b" + + + US-CERT VU#702777 + CVE-2005-0198 + + + koon + + + jaervosz + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-03.xml new file mode 100644 index 0000000000..b1528150fe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-03.xml @@ -0,0 +1,69 @@ + + + + + enscript: Multiple vulnerabilities + + enscript suffers from vulnerabilities and design flaws, potentially + resulting in the execution of arbitrary code. + + enscript + February 02, 2005 + February 02, 2005: 01 + 77408 + remote + + + 1.6.3-r3 + 1.6.3-r3 + + + +

+ enscript is a powerful ASCII to PostScript file converter. +

+ + +

+ Erik Sjolund discovered several issues in enscript: it suffers + from several buffer overflows (CAN-2004-1186), quotes and shell escape + characters are insufficiently sanitized in filenames (CAN-2004-1185), + and it supported taking input from an arbitrary command pipe, with + unwanted side effects (CAN-2004-1184). +

+ + +

+ An attacker could design malicious files or input data which, once + feeded into enscript, would trigger the execution of arbitrary code + with the rights of the user running enscript. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All enscript users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.3-r3" + + + CAN-2004-1184 + CAN-2004-1185 + CAN-2004-1186 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-04.xml new file mode 100644 index 0000000000..bcdf616b94 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-04.xml @@ -0,0 +1,85 @@ + + + + + Squid: Multiple vulnerabilities + + Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP + which could lead to Denial of Service, access control bypass, web cache and + log poisoning. + + squid + February 02, 2005 + February 02, 2005: 02 + 79495 + 78776 + 80201 + 80341 + remote + + + 2.5.7-r5 + 2.5.7-r5 + + + +

+ Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other + protocols, as well as SSL support, cache hierarchies, transparent + caching, access control lists and many other features. +

+ + +

+ Squid contains several vulnerabilities: +

+
    +
  • Buffer overflow when handling WCCP recvfrom() + (CAN-2005-0211).
    • +
  • Loose checking of HTTP headers (CAN-2005-0173 and + CAN-2005-0174).
    • +
  • Incorrect handling of LDAP login names with spaces + (CAN-2005-0175).
    • +
+ + +

+ An attacker could exploit: +

+
    +
  • the WCCP buffer overflow to cause Denial of Service.
    • +
  • the HTTP header parsing vulnerabilities to inject arbitrary + response data, potentially leading to content spoofing, web cache + poisoning and other cross-site scripting or HTTP response splitting + attacks.
    • +
  • the LDAP issue to login with several variations of the same login + name, leading to log poisoning.
    • +
+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.7-r5" + + + CAN-2005-0173 + CAN-2005-0174 + CAN-2005-0175 + CAN-2005-0211 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-05.xml new file mode 100644 index 0000000000..980864b9fb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-05.xml @@ -0,0 +1,64 @@ + + + + + Newspost: Buffer overflow vulnerability + + A buffer overflow can be exploited to crash Newspost remotely and + potentially execute arbitrary code. + + newspost + February 03, 2005 + February 21, 2005: 02 + 78530 + remote + + + 2.0-r1 + 2.1.1-r1 + 2.1.1-r1 + + + +

+ Newspost is a Usenet News binary autoposter. +

+ + +

+ Niels Heinen has discovered a buffer overflow in the socket_getline() + function of Newspost, which can be triggered by providing long strings + that do not end with a newline character. +

+ + +

+ A remote attacker could setup a malicious NNTP server and entice a + Newspost user to post to it, leading to the crash of the Newspost + process and potentially the execution of arbitrary code with the rights + of the Newspost user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Newspost users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nntp/newspost-2.0-r1" + + + CAN-2005-0101 + + + DerCorny + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-06.xml new file mode 100644 index 0000000000..b03beab3e0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-06.xml @@ -0,0 +1,65 @@ + + + + + LessTif: Multiple vulnerabilities in libXpm + + Multiple vulnerabilities have been discovered in libXpm, which is included + in LessTif, that can potentially lead to remote code execution. + + lesstif + February 06, 2005 + February 06, 2005: 01 + 78483 + remote + + + 0.94.0 + 0.94.0 + + + +

+ LessTif is a clone of OSF/Motif, which is a standard user + interface toolkit available on Unix and Linux. +

+ + +

+ Multiple vulnerabilities, including buffer overflows, out of + bounds memory access and directory traversals, have been discovered in + libXpm, which is shipped as a part of the X Window System. LessTif, an + application that includes libXpm, suffers from the same issues. +

+ + +

+ A carefully-crafted XPM file could crash applications making use + of the LessTif toolkit, potentially allowing the execution of arbitrary + code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LessTif users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0" + + + CAN-2004-0914 + LessTif Release Notes + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-07.xml new file mode 100644 index 0000000000..e182e7a723 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-07.xml @@ -0,0 +1,77 @@ + + + + + OpenMotif: Multiple vulnerabilities in libXpm + + Multiple vulnerabilities have been discovered in libXpm, which is included + in OpenMotif, that can potentially lead to remote code execution. + + openmotif + February 07, 2005 + February 25, 2005: 03 + 78111 + remote + + + 2.2.3-r1 + 2.1.30-r7 + 2.2.3-r1 + + + +

+ OpenMotif provides a free version of the Motif toolkit for open source + applications. +

+ + +

+ Multiple vulnerabilities, such as buffer overflows, out of bounds + memory access or directory traversals, have been discovered in libXpm + that is shipped as a part of the X Window System (see GLSA 200409-34 + and 200411-28). OpenMotif, an application that includes this library, + suffers from the same issues. +

+ + +

+ A carefully-crafted XPM file could crash applications making use of the + OpenMotif toolkit, potentially allowing the execution of arbitrary code + with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenMotif users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose x11-libs/openmotif +

+ Note: You should run 'revdep-rebuild' to ensure that all applications + linked to OpenMotif are properly rebuilt. +

+ + + CAN-2004-0687 + CAN-2004-0688 + CAN-2004-0914 + GLSA 200409-34 + GLSA 200411-28 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-08.xml new file mode 100644 index 0000000000..64d6fd8a30 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-08.xml @@ -0,0 +1,82 @@ + + + + + PostgreSQL: Multiple vulnerabilities + + PostgreSQL contains several vulnerabilities which could lead to execution + of arbitrary code, Denial of Service and security bypass. + + postgresql + February 07, 2005 + June 26, 2007: 06 + 80342 + remote and local + + + 7.3* + 7.4* + 8.0.1 + 7.3.10 + 7.4.7 + 8.0.1 + + + +

+ PostgreSQL is a SQL compliant, open source object-relational database + management system. +

+ + +

+ PostgreSQL's contains several vulnerabilities: +

+
    +
  • John Heasman discovered that the LOAD extension is vulnerable to + local privilege escalation (CAN-2005-0227).
    • +
  • It is possible to bypass the EXECUTE permission check for functions + (CAN-2005-0244).
    • +
  • The PL/PgSQL parser is vulnerable to heap-based buffer overflow + (CAN-2005-0244).
    • +
  • The intagg contrib module is vulnerable to a Denial of Service + (CAN-2005-0246).
    • +
+ + +

+ An attacker could exploit this to execute arbitrary code with the + privileges of the PostgreSQL server, bypass security restrictions and + crash the server. +

+ + +

+ There is no know workaround at this time. +

+ + +

+ All PostgreSQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-db/postgresql + + + PostgreSQL Announcement + CAN-2005-0227 + CAN-2005-0244 + CAN-2005-0245 + CAN-2005-0246 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-09.xml new file mode 100644 index 0000000000..445b64ea5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-09.xml @@ -0,0 +1,72 @@ + + + + + Python: Arbitrary code execution through SimpleXMLRPCServer + + Python-based XML-RPC servers may be vulnerable to remote execution of + arbitrary code. + + Python + February 08, 2005 + February 08, 2005: 01 + 80592 + remote + + + 2.3.4-r1 + 2.3.3-r2 + 2.2.3-r6 + 2.3.4 + + + +

+ Python is an interpreted, interactive, object-oriented, + cross-platform programming language. +

+ + +

+ Graham Dumpleton discovered that XML-RPC servers making use of the + SimpleXMLRPCServer library that use the register_instance() method to + register an object without a _dispatch() method are vulnerable to a + flaw allowing to read or modify globals of the associated module. +

+ + +

+ A remote attacker may be able to exploit the flaw in such XML-RPC + servers to execute arbitrary code on the server host with the rights of + the XML-RPC server. +

+ + +

+ Python users that don't make use of any SimpleXMLRPCServer-based + XML-RPC servers, or making use of servers using only the + register_function() method are not affected. +

+ + +

+ All Python users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-lang/python + + + CAN-2005-0089 + Python PSF-2005-001 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-10.xml new file mode 100644 index 0000000000..a91da56579 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-10.xml @@ -0,0 +1,64 @@ + + + + + pdftohtml: Vulnerabilities in included Xpdf + + pdftohtml includes vulnerable Xpdf code to handle PDF files, making it + vulnerable to execution of arbitrary code upon converting a malicious PDF + file. + + pdftohtml + February 09, 2005 + February 09, 2005: 01 + 78629 + remote + + + 0.36-r3 + 0.36-r3 + + + +

+ pdftohtml is a utility to convert PDF files to HTML or XML + formats. It makes use of Xpdf code to decode PDF files. +

+ + +

+ Xpdf is vulnerable to a buffer overflow, as described in GLSA + 200501-28. +

+ + +

+ An attacker could entice a user to convert a specially-crafted PDF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running pdftohtml. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pdftohtml users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r3" + + + GLSA 200501-28 + CAN-2005-0064 + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-11.xml new file mode 100644 index 0000000000..87c17e8f67 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-11.xml @@ -0,0 +1,65 @@ + + + + + Mailman: Directory traversal vulnerability + + Mailman fails to properly sanitize input, leading to information + disclosure. + + mailman + February 10, 2005 + February 10, 2005: 01 + 81109 + remote + + + 2.1.5-r4 + 2.1.5-r4 + + + +

+ Mailman is a Python-based mailing list server with an extensive + web interface. +

+ + +

+ Mailman contains an error in private.py which fails to properly + sanitize input paths. +

+ + +

+ An attacker could exploit this flaw to obtain arbitrary files on + the web server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mailman users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r4" + + + Full Disclosure Announcement + CAN-2005-0202 + + + koon + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-12.xml new file mode 100644 index 0000000000..176b21e3a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-12.xml @@ -0,0 +1,73 @@ + + + + + Webmin: Information leak in Gentoo binary package + + Portage-built Webmin binary packages accidentally include a file containing + the local encrypted root password. + + Webmin + February 11, 2005 + May 22, 2006: 02 + 77731 + remote + + + 1.170-r3 + 1.170-r3 + + + +

+ Webmin is a web-based system administration console allowing an + administrator to easily configure servers and other features. Using the + 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build + reusable binary packages for any of the packages available through the + Portage tree. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + the Webmin ebuild contains a design flaw. It imports the encrypted + local root password into the miniserv.users file before building binary + packages that include this file. +

+ + +

+ A remote attacker could retrieve Portage-built Webmin binary packages + and recover the encrypted root password from the build host. +

+ + +

+ Users who never built or shared a Webmin binary package are unaffected + by this. +

+ + +

+ Webmin users should delete any old shared Webmin binary package as soon + as possible. They should also consider their buildhost root password + potentially exposed and follow proper audit procedures. +

+

+ If you plan to build binary packages, you should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/webmin-1.170-r3" + + + CVE-2005-0427 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-13.xml new file mode 100644 index 0000000000..9887db4e0d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-13.xml @@ -0,0 +1,75 @@ + + + + + Perl: Vulnerabilities in perl-suid wrapper + + Vulnerabilities leading to file overwriting and code execution with + elevated privileges have been discovered in the perl-suid wrapper. + + Perl + February 11, 2005 + February 11, 2005: 01 + 80460 + local + + + 5.8.6-r3 + 5.8.5-r4 + 5.8.4-r3 + 5.8.2-r3 + 5.8.6-r3 + + + +

+ Perl is a stable, cross-platform programming language created by + Larry Wall. The perl-suid wrapper allows the use of setuid perl + scripts, i.e. user-callable Perl scripts which have elevated + privileges. This function is enabled only if you have the perlsuid USE + flag set. +

+ + +

+ perl-suid scripts honor the PERLIO_DEBUG environment variable and + write to that file with elevated privileges (CAN-2005-0155). + Furthermore, calling a perl-suid script with a very long path while + PERLIO_DEBUG is set could trigger a buffer overflow (CAN-2005-0156). +

+ + +

+ A local attacker could set the PERLIO_DEBUG environment variable + and call existing perl-suid scripts, resulting in file overwriting and + potentially the execution of arbitrary code with root privileges. +

+ + +

+ You are not vulnerable if you do not have the perlsuid USE flag + set or do not use perl-suid scripts. +

+ + +

+ All Perl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-lang/perl + + + CAN-2005-0155 + CAN-2005-0156 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-14.xml new file mode 100644 index 0000000000..355f10b83f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-14.xml @@ -0,0 +1,65 @@ + + + + + mod_python: Publisher Handler vulnerability + + mod_python contains a vulnerability in the Publisher Handler potentially + leading to information disclosure. + + mod_python + February 13, 2005 + December 30, 2007: 03 + 80109 + remote + + + 3.1.3-r1 + 2.7.11 + 3.1.3-r1 + + + +

+ mod_python is an Apache module that embeds the Python interpreter + within the server allowing Python-based web-applications to be created. +

+ + +

+ Graham Dumpleton discovered a vulnerability in mod_python's Publisher + Handler. +

+ + +

+ By requesting a specially crafted URL for a published module page, an + attacker could obtain information about restricted variables. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mod_python users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose www-apache/mod_python + + + CAN-2005-0088 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-15.xml new file mode 100644 index 0000000000..6e37278163 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-15.xml @@ -0,0 +1,62 @@ + + + + + PowerDNS: Denial of Service vulnerability + + A vulnerability in PowerDNS could lead to a temporary Denial of Service. + + PowerDNS + February 13, 2005 + May 22, 2006: 02 + 80713 + remote + + + 2.9.17 + 2.9.17 + + + +

+ The PowerDNS Nameserver is an authoritative-only nameserver which uses + a flexible backend architecture. +

+ + +

+ A vulnerability has been reported in the DNSPacket::expand method of + dnspacket.cc. +

+ + +

+ An attacker could cause a temporary Denial of Service by sending a + random stream of bytes to the PowerDNS Daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PowerDNS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdns-2.9.17" + + + PowerDNS Release Notes + PowerDNS Ticket #21 + CVE-2005-0428 + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-16.xml new file mode 100644 index 0000000000..2f9347fb0b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-16.xml @@ -0,0 +1,67 @@ + + + + + ht://Dig: Cross-site scripting vulnerability + + ht://Dig is vulnerable to cross-site scripting attacks. + + htdig + February 13, 2005 + February 13, 2005: 01 + 80602 + remote + + + 3.1.6-r7 + 3.1.6-r7 + + + +

+ ht://Dig is an HTTP/HTML indexing and searching system. +

+ + +

+ Michael Krax discovered that ht://Dig fails to validate the + 'config' parameter before displaying an error message containing the + parameter. This flaw could allow an attacker to conduct cross-site + scripting attacks. +

+ + +

+ By sending a carefully crafted message, an attacker can inject and + execute script code in the victim's browser window. This allows to + modify the behaviour of ht://Dig, and/or leak session information such + as cookies to the attacker. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ht://Dig users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-misc/htdig-3.1.6-r7" + + + CAN-2005-0085 + SecurityTracker #1013078 + + + vorlon078 + + + vorlon078 + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-17.xml new file mode 100644 index 0000000000..3cfecd370e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-17.xml @@ -0,0 +1,83 @@ + + + + + Opera: Multiple vulnerabilities + + Opera is vulnerable to several vulnerabilities which could result in + information disclosure and facilitate execution of arbitrary code. + + Opera + February 14, 2005 + December 30, 2007: 03 + 73871 + 74076 + 74321 + 81747 + remote + + + 7.54-r3 + 7.54-r3 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ Opera contains several vulnerabilities: +

+
    +
  • fails to properly validate Content-Type and filename.
    • +
  • fails to properly validate date: URIs.
    • +
  • uses kfmclient exec as the Default Application to handle downloaded + files when integrated with KDE.
    • +
  • fails to properly control frames.
    • +
  • uses Sun Java packages insecurely.
    • +
  • searches an insecure path for plugins.
    • +
+ + +

+ An attacker could exploit these vulnerabilities to: +

+
    +
  • execute arbitrary code.
    • +
  • load a malicious frame in the context of another browser + session.
    • +
  • leak information.
    • +
+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-7.54-r3" + + + Opera Changelog for 7.54u1 + Opera Changelog for 7.54u2 + CVE-2004-1157 + CVE-2004-1489 + CVE-2004-1490 + CVE-2004-1491 + CVE-2005-0456 + CVE-2005-0457 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-18.xml new file mode 100644 index 0000000000..d0dedb3f00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-18.xml @@ -0,0 +1,70 @@ + + + + + VMware Workstation: Untrusted library search path + + VMware may load shared libraries from an untrusted, world-writable + directory, resulting in the execution of arbitrary code. + + VMware + February 14, 2005 + May 25, 2006: 03 + 81344 + local + + + 4.5.2.8848-r5 + 3.2.1.2242-r4 + 4.5.2.8848-r5 + + + +

+ VMware Workstation is a powerful virtual machine for developers and + system administrators. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered + that VMware Workstation searches for gdk-pixbuf loadable modules in an + untrusted, world-writable directory. +

+ + +

+ A local attacker could create a malicious shared object that would be + loaded by VMware, resulting in the execution of arbitrary code with the + privileges of the user running VMware. +

+ + +

+ The system administrator may create the file /tmp/rrdharan to prevent + malicious users from creating a directory at that location: +

+ + # touch /tmp/rrdharan + + +

+ All VMware Workstation users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/vmware-workstation-3.2.1.2242-r4" + + + CVE-2005-0444 + + + koon + + + koon + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-19.xml new file mode 100644 index 0000000000..84a26a3615 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-19.xml @@ -0,0 +1,69 @@ + + + + + PostgreSQL: Buffer overflows in PL/PgSQL parser + + PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser + leading to execution of arbitrary code. + + postgresql + February 14, 2005 + June 26, 2007: 04 + 81350 + remote + + + 7.3* + 7.4* + 8.0.1-r1 + 7.3.9-r1 + 7.4.13 + 8.0.1-r1 + + + +

+ PostgreSQL is a SQL compliant, open source object-relational database + management system. +

+ + +

+ PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL + parser. +

+ + +

+ A remote attacker could send a malicious query resulting in the + execution of arbitrary code with the permissions of the user running + PostgreSQL. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PostgreSQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-db/postgresql + + + CAN-2005-0247 + + + koon + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-20.xml new file mode 100644 index 0000000000..c335bf1f89 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-20.xml @@ -0,0 +1,78 @@ + + + + + Emacs, XEmacs: Format string vulnerabilities in movemail + + The movemail utility shipped with Emacs and XEmacs contains several format + string vulnerabilities, potentially leading to the execution of arbitrary + code. + + Emacs + February 15, 2005 + July 23, 2006: 02 + 79686 + remote + + + 21.4 + 19 + 21.4 + + + 21.4.15-r3 + 21.4.15-r3 + + + +

+ GNU Emacs and XEmacs are highly extensible and customizable text + editors. movemail is an Emacs utility that can fetch mail on remote + mail servers. +

+ + +

+ Max Vozeler discovered that the movemail utility contains several + format string errors. +

+ + +

+ An attacker could set up a malicious POP server and entice a user to + connect to it using movemail, resulting in the execution of arbitrary + code with the rights of the victim user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Emacs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-21.4" +

+ All XEmacs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/xemacs-21.4.15-r3" + + + CAN-2005-0100 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-21.xml new file mode 100644 index 0000000000..16a9a7bc71 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-21.xml @@ -0,0 +1,67 @@ + + + + + lighttpd: Script source disclosure + + An attacker can trick lighttpd into revealing the source of scripts that + should be executed as CGI or FastCGI applications. + + lighttpd + February 15, 2005 + May 22, 2006: 02 + 81776 + remote + + + 1.3.10-r1 + 1.3.10-r1 + + + +

+ lighttpd is a small-footprint, fast, compliant and very flexible + web-server which is optimized for high-performance environments. +

+ + +

+ lighttpd uses file extensions to determine which elements are programs + that should be executed and which are static pages that should be sent + as-is. By appending %00 to the filename, you can evade the extension + detection mechanism while still accessing the file. +

+ + +

+ A remote attacker could send specific queries and access the source of + scripts that should have been executed as CGI or FastCGI applications. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.3.10-r1" + + + lighttpd-announce Advisory + CVE-2005-0453 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-22.xml new file mode 100644 index 0000000000..92a3529c4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-22.xml @@ -0,0 +1,65 @@ + + + + + wpa_supplicant: Buffer overflow vulnerability + + wpa_supplicant contains a buffer overflow that could lead to a Denial of + Service. + + wpa_supplicant + February 16, 2005 + May 22, 2006: 02 + 81993 + remote + + + 0.2.7 + 0.2.7 + + + +

+ wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE + 802.11i / RSN). +

+ + +

+ wpa_supplicant contains a possible buffer overflow due to the lacking + validation of received EAPOL-Key frames. +

+ + +

+ An attacker could cause the crash of wpa_supplicant using a specially + crafted packet. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All wpa_supplicant users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-0.2.7" + + + wpa_supplicant Announcement + CVE-2005-0470 + + + jaervosz + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-23.xml new file mode 100644 index 0000000000..e6fb174aa3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-23.xml @@ -0,0 +1,65 @@ + + + + + KStars: Buffer overflow in fliccd + + KStars is vulnerable to a buffer overflow that could lead to arbitrary code + execution with elevated privileges. + + kstars + February 16, 2005 + February 16, 2005: 01 + 79585 + remote and local + + + 3.3.2-r1 + 3.3.2-r1 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KStars is a desktop planetarium for KDE. + It includes support for the Instrument Neutral Distributed Interface + (INDI). +

+ + +

+ Erik Sjolund discovered a buffer overflow in fliccd which is part + of the INDI support in KStars. +

+ + +

+ An attacker could exploit this vulnerability to execute code with + elevated privileges. If fliccd does not run as daemon remote + exploitation of this vulnerability is not possible. KDE as shipped by + Gentoo does not start the daemon in the default installation. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KStars users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdeedu-3.3.2-r1" + + + CAN-2005-0011 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-24.xml new file mode 100644 index 0000000000..95b79e561e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-24.xml @@ -0,0 +1,69 @@ + + + + + Midnight Commander: Multiple vulnerabilities + + Midnight Commander contains several format string errors, buffer overflows + and one buffer underflow leading to execution of arbitrary code. + + mc + February 17, 2005 + February 17, 2005: 01 + 77992 + remote + + + 4.6.0-r13 + 4.6.0-r13 + + + +

+ Midnight Commander is a visual console file manager. +

+ + +

+ Midnight Commander contains several format string vulnerabilities + (CAN-2004-1004), buffer overflows (CAN-2004-1005), a memory + deallocation error (CAN-2004-1092) and a buffer underflow + (CAN-2004-1176). +

+ + +

+ An attacker could exploit these vulnerabilities to execute + arbitrary code with the permissions of the user running Midnight + Commander or cause Denial of Service by freeing unallocated memory. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Midnight Commander users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/mc-4.6.0-r13" + + + CAN-2004-1004 + CAN-2004-1005 + CAN-2004-1092 + CAN-2004-1176 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-25.xml new file mode 100644 index 0000000000..9cdf5e07d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-25.xml @@ -0,0 +1,65 @@ + + + + + Squid: Denial of Service through DNS responses + + Squid contains a bug in the handling of certain DNS responses resulting in + a Denial of Service. + + Squid + February 18, 2005 + February 18, 2005: 01 + 81997 + remote + + + 2.5.8 + 2.5.8 + + + +

+ Squid is a full-featured Web proxy cache designed to run on + Unix-like systems. It supports proxying and caching of HTTP, FTP, and + other protocols, as well as SSL support, cache hierarchies, transparent + caching, access control lists and many other features. +

+ + +

+ Handling of certain DNS responses trigger assertion failures. +

+ + +

+ By returning a specially crafted DNS response an attacker could + cause Squid to crash by triggering an assertion failure. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.8" + + + CAN-2005-0446 + + + vorlon078 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-26.xml new file mode 100644 index 0000000000..3e2513bfa6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-26.xml @@ -0,0 +1,67 @@ + + + + + GProFTPD: gprostats format string vulnerability + + gprostats, distributed with GProFTPD, is vulnerable to a format string + vulnerability, potentially leading to the execution of arbitrary code. + + GProFTPD + February 18, 2005 + May 22, 2006: 02 + 81894 + remote + + + 8.1.9 + 8.1.9 + + + +

+ GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD + is distributed with gprostats, a utility to parse ProFTPD transfer + logs. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a + format string vulnerability in the gprostats utility. +

+ + +

+ An attacker could exploit the vulnerability by performing a specially + crafted FTP transfer, the resulting ProFTPD transfer log could + potentially trigger the execution of arbitrary code when parsed by + GProFTPD. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GProFTPD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/gproftpd-8.1.9" + + + CVE-2005-0484 + + + koon + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-27.xml new file mode 100644 index 0000000000..1100596609 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-27.xml @@ -0,0 +1,66 @@ + + + + + gFTP: Directory traversal vulnerability + + gFTP is vulnerable to directory traversal attacks, possibly leading to the + creation or overwriting of arbitrary files. + + gFTP + February 19, 2005 + February 19, 2005: 01 + 81994 + remote + + + 2.0.18-r1 + 2.0.18-r1 + + + +

+ gFTP is a GNOME based, multi-threaded file transfer client. +

+ + +

+ gFTP lacks input validation of filenames received by remote + servers. +

+ + +

+ An attacker could entice a user to connect to a malicious FTP + server and conduct a directory traversal attack by making use of + specially crafted filenames. This could lead to arbitrary files being + created or overwritten. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gFTP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/gftp-2.0.18-r1" + + + gFTP Announcement + CAN-2005-0372 + + + koon + + + vorlon078 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-28.xml new file mode 100644 index 0000000000..ad9f4be5de --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-28.xml @@ -0,0 +1,70 @@ + + + + + PuTTY: Remote code execution + + PuTTY was found to contain vulnerabilities that can allow a malicious SFTP + server to execute arbitrary code on unsuspecting PSCP and PSFTP clients. + + Putty + February 21, 2005 + February 21, 2005: 01 + 82753 + remote + + + 0.57 + 0.57 + + + +

+ PuTTY is a popular SSH client, PSCP is a secure copy + implementation, and PSFTP is a SSH File Transfer Protocol client. +

+ + +

+ Two vulnerabilities have been discovered in the PSCP and PSFTP + clients, which can be triggered by the SFTP server itself. These issues + are caused by the improper handling of the FXP_READDIR response, along + with other string fields. +

+ + +

+ An attacker can setup a malicious SFTP server that would send + these malformed responses to a client, potentially allowing the + execution of arbitrary code on their system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PuTTY users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/putty-0.57" + + + PuTTY vulnerability vuln-sftp-readdir + PuTTY vulnerability vuln-sftp-string + CAN-2005-0467 + iDEFENSE Advisory + + + vorlon078 + + + vorlon078 + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-29.xml new file mode 100644 index 0000000000..fbb66001ff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-29.xml @@ -0,0 +1,68 @@ + + + + + Cyrus IMAP Server: Multiple overflow vulnerabilities + + The Cyrus IMAP Server is affected by several overflow vulnerabilities which + could potentially lead to the remote execution of arbitrary code. + + cyrus-imapd + February 23, 2005 + May 22, 2006: 02 + 82404 + remote + + + 2.2.12 + 2.2.12 + + + +

+ The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail + server. +

+ + +

+ Possible single byte overflows have been found in the imapd annotate + extension and mailbox handling code. Furthermore stack buffer overflows + have been found in fetchnews, the backend and imapd. +

+ + +

+ An attacker, who could be an authenticated user or an admin of a + peering news server, could exploit these vulnerabilities to execute + arbitrary code with the rights of the user running the Cyrus IMAP + Server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cyrus IMAP Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.12" + + + Cyrus IMAP Announcement + CVE-2005-0546 + + + koon + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-30.xml new file mode 100644 index 0000000000..14f232130d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-30.xml @@ -0,0 +1,65 @@ + + + + + cmd5checkpw: Local password leak vulnerability + + cmd5checkpw contains a flaw allowing local users to access other users + cmd5checkpw passwords. + + cmd5checkpw + February 25, 2005 + May 22, 2006: 02 + 78256 + local + + + 0.22-r2 + 0.22-r1 + + + +

+ cmd5checkpw is a checkpassword compatible authentication program that + uses CRAM-MD5 authentication mode. +

+ + +

+ Florian Westphal discovered that cmd5checkpw is installed setuid + cmd5checkpw but does not drop privileges before calling execvp(), so + the invoked program retains the cmd5checkpw euid. +

+ + +

+ Local users that know at least one valid /etc/poppasswd user/password + combination can read the /etc/poppasswd file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All cmd5checkpw users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2" + + + CVE-2005-0580 + + + vorlon078 + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-31.xml new file mode 100644 index 0000000000..878b71a397 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-31.xml @@ -0,0 +1,67 @@ + + + + + uim: Privilege escalation vulnerability + + Under certain conditions, applications linked against uim suffer from a + privilege escalation vulnerability. + + uim + February 28, 2005 + February 28, 2005: 01 + 82678 + local + + + 0.4.5.1 + 0.4.5.1 + + + +

+ uim is a simple, secure and flexible input method library. +

+ + +

+ Takumi Asaki discovered that uim insufficiently checks environment + variables. setuid/setgid applications linked against libuim could end + up executing arbitrary code. This vulnerability only affects + immodule-enabled Qt (if you build Qt 3.3.2 or later versions with + USE="immqt" or USE="immqt-bc"). +

+ + +

+ A malicious local user could exploit this vulnerability to execute + arbitrary code with escalated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All uim users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-i18n/uim-0.4.5.1" + + + CAN-2005-0503 + uim announcement + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-32.xml new file mode 100644 index 0000000000..6224c72c94 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-32.xml @@ -0,0 +1,60 @@ + + + + UnAce: Buffer overflow and directory traversal vulnerabilities + UnAce is vulnerable to several buffer overflow and directory + traversal attacks. + + unace + February 28, 2005 + May 19, 2014: 2 + 81958 + remote + + + 2.5-r3 + 2.5-r3 + + + +

UnAce is an utility to extract, view and test the contents of an ACE + archive. +

+ + +

Ulf Harnhammar discovered that UnAce suffers from buffer overflows when + testing, unpacking or listing specially crafted ACE archives + (CAN-2005-0160). He also found out that UnAce is vulnerable to directory + traversal attacks, if an archive contains “./..” sequences or + absolute filenames (CAN-2005-0161). +

+ + +

An attacker could exploit the buffer overflows to execute malicious code + or the directory traversals to overwrite arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All UnAce users should upgrade to the latest available version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unace-2.5-r3" + + + + + + CAN-2005-0160 + + + CAN-2005-0161 + + + system + system + system + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-33.xml new file mode 100644 index 0000000000..045f2c127c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200502-33.xml @@ -0,0 +1,76 @@ + + + + + MediaWiki: Multiple vulnerabilities + + MediaWiki is vulnerable to cross-site scripting, data manipulation and + security bypass attacks. + + mediawiki + February 28, 2005 + February 28, 2005: 01 + 80729 + 82954 + remote + + + 1.3.11 + 1.3.11 + + + +

+ MediaWiki is a collaborative editing software, used by big + projects like Wikipedia. +

+ + +

+ A security audit of the MediaWiki project discovered that + MediaWiki is vulnerable to several cross-site scripting and cross-site + request forgery attacks, and that the image deletion code does not + sufficiently sanitize input parameters. +

+ + +

+ By tricking a user to load a carefully crafted URL, a remote + attacker could hijack sessions and authentication cookies to inject + malicious script code that will be executed in a user's browser session + in context of the vulnerable site, or use JavaScript submitted forms to + perform restricted actions. Using the image deletion flaw, it is also + possible for authenticated administrators to delete arbitrary files via + directory traversal. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MediaWiki users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.3.11" + + + Secunia Advisory SA14125 + CAN-2005-0534 + CAN-2005-0535 + CAN-2005-0536 + + + vorlon078 + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-01.xml new file mode 100644 index 0000000000..a992d8104f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-01.xml @@ -0,0 +1,62 @@ + + + + + Qt: Untrusted library search path + + Qt may load shared libraries from an untrusted, world-writable directory, + resulting in the execution of arbitrary code. + + qt + March 01, 2005 + May 22, 2006: 02 + 75181 + local + + + 3.3.4-r2 + 3.3.4-r2 + + + +

+ Qt is a cross-platform GUI toolkit used by KDE. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered + that Qt searches for shared libraries in an untrusted, world-writable + directory. +

+ + +

+ A local attacker could create a malicious shared object that would be + loaded by Qt, resulting in the execution of arbitrary code with the + privileges of the Qt application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Qt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r2" + + + CVE-2005-0627 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-02.xml new file mode 100644 index 0000000000..3c399ba38e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-02.xml @@ -0,0 +1,77 @@ + + + + + phpBB: Multiple vulnerabilities + + Several vulnerabilities allow remote attackers to gain phpBB administrator + rights or expose and manipulate sensitive data. + + phpbb + March 01, 2005 + March 01, 2005: 01 + 82955 + local and remote + + + 2.0.13 + 2.0.13 + + + +

+ phpBB is an Open Source bulletin board package. +

+ + +

+ It was discovered that phpBB contains a flaw in the session + handling code and a path disclosure bug. AnthraX101 discovered that + phpBB allows local users to read arbitrary files, if the "Enable remote + avatars" and "Enable avatar uploading" options are set (CAN-2005-0259). + He also found out that incorrect input validation in + "usercp_avatar.php" and "usercp_register.php" makes phpBB vulnerable to + directory traversal attacks, if the "Gallery avatars" setting is + enabled (CAN-2005-0258). +

+ + +

+ Remote attackers can exploit the session handling flaw to gain + phpBB administrator rights. By providing a local and a remote location + for an avatar and setting the "Upload Avatar from a URL:" field to + point to the target file, a malicious local user can read arbitrary + local files. By inserting "/../" sequences into the "avatarselect" + parameter, a remote attacker can exploit the directory traversal + vulnerability to delete arbitrary files. A flaw in the "viewtopic.php" + script can be exploited to expose the full path of PHP scripts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpBB users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.13" + + + CAN-2005-0258 + CAN-2005-0259 + phpBB announcement + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-03.xml new file mode 100644 index 0000000000..5fc3180652 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-03.xml @@ -0,0 +1,68 @@ + + + + + Gaim: Multiple Denial of Service issues + + Multiple vulnerabilities have been found in Gaim which could allow a remote + attacker to crash the application. + + gaim + March 01, 2005 + March 01, 2005: 01 + 83253 + remote + + + 1.1.4 + 1.1.4 + + + +

+ Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +

+ + +

+ Specially crafted SNAC packets sent by other instant-messaging + users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML + code could lead to invalid memory accesses (CAN-2005-0208 and + CAN-2005-0473). +

+ + +

+ Remote attackers could exploit these issues, resulting in a Denial + of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gaim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gaim-1.1.4" + + + CAN-2005-0208 + CAN-2005-0472 + CAN-2005-0473 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-04.xml new file mode 100644 index 0000000000..192c2c946a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-04.xml @@ -0,0 +1,67 @@ + + + + + phpWebSite: Arbitrary PHP execution and path disclosure + + Remote attackers can upload and execute arbitrary PHP scripts, another flaw + reveals the full path of scripts. + + phpwebsite + March 01, 2005 + May 22, 2006: 02 + 83297 + remote + + + 0.10.0-r2 + 0.10.0-r2 + + + +

+ phpWebSite provides a complete web site content management system. +

+ + +

+ NST discovered that, when submitting an announcement, uploaded files + aren't correctly checked for malicious code. They also found out that + phpWebSite is vulnerable to a path disclosure. +

+ + +

+ A remote attacker can exploit this issue to upload files to a directory + within the web root. By calling the uploaded script the attacker could + then execute arbitrary PHP code with the rights of the web server. By + passing specially crafted requests to the search module, remote + attackers can also find out the full path of PHP scripts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpWebSite users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.0-r2" + + + Secunia Advisory SA14399 + phpWebSite announcement + CVE-2005-0565 + CVE-2005-0572 + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-05.xml new file mode 100644 index 0000000000..d3a5173e4b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-05.xml @@ -0,0 +1,83 @@ + + + + + xli, xloadimage: Multiple vulnerabilities + + xli and xloadimage are vulnerable to multiple issues, potentially leading + to the execution of arbitrary code. + + xli + March 02, 2005 + May 22, 2006: 02 + 79762 + remote + + + 4.1-r2 + 4.1-r2 + + + 1.17.0-r1 + 1.17.0-r1 + + + +

+ xli and xloadimage are X11 utilities for displaying and manipulating a + wide range of image formats. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that + xli and xloadimage contain a flaw in the handling of compressed images, + where shell meta-characters are not adequately escaped. Rob Holland of + the Gentoo Linux Security Audit Team has reported that an xloadimage + vulnerability in the handling of Faces Project images discovered by + zen-parse in 2001 remained unpatched in xli. Additionally, it has been + reported that insufficient validation of image properties in xli could + potentially result in buffer management errors. +

+ + +

+ Successful exploitation would permit a remote attacker to execute + arbitrary shell commands, or arbitrary code with the privileges of the + xloadimage or xli user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xli users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r1" +

+ All xloadimage users should also upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r2" + + + CAN-2001-0775 + CVE-2005-0638 + CVE-2005-0639 + + + koon + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-06.xml new file mode 100644 index 0000000000..9be933515c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-06.xml @@ -0,0 +1,65 @@ + + + + + BidWatcher: Format string vulnerability + + BidWatcher is vulnerable to a format string vulnerability, potentially + allowing arbitrary code execution. + + bidwatcher + March 03, 2005 + March 03, 2005: 01 + 82460 + remote + + + 1.3.17 + 1.3.17 + + + +

+ BidWatcher is a free auction tool for eBay users to keep track of + their auctions. +

+ + +

+ Ulf Harnhammar discovered a format string vulnerability in + "netstuff.cpp". +

+ + +

+ Remote attackers can potentially exploit this vulnerability by + sending specially crafted responses via an eBay HTTP server or a + man-in-the-middle attack to execute arbitrary malicious code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BidWatcher users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/bidwatcher-1.13.17" + + + CAN-2005-0158 + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-07.xml new file mode 100644 index 0000000000..b44ef69860 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-07.xml @@ -0,0 +1,81 @@ + + + + + phpMyAdmin: Multiple vulnerabilities + + phpMyAdmin contains multiple vulnerabilities that could lead to command + execution, XSS issues and bypass of security restrictions. + + phpMyAdmin + March 03, 2005 + May 22, 2006: 02 + 83190 + 83792 + remote + + + 2.6.1_p2-r1 + 2.6.1_p2-r1 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +

+ + +

+ phpMyAdmin contains several security issues: +

+
    +
  • Maksymilian Arciemowicz has discovered multiple variable injection + vulnerabilities that can be exploited through "$cfg" and "GLOBALS" + variables and localized strings
    • +
  • It is possible to force phpMyAdmin to disclose information in error + messages
    • +
  • Failure to correctly escape special characters
    • +
+ + +

+ By sending a specially-crafted request, an attacker can include and + execute arbitrary PHP code or cause path information disclosure. + Furthermore the XSS issue allows an attacker to inject malicious script + code, potentially compromising the victim's browser. Lastly the + improper escaping of special characters results in unintended privilege + settings for MySQL. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_p2-r1" + + + PMASA-2005-1 + PMASA-2005-2 + phpMyAdmin bug 1113788 + CVE-2005-0543 + CVE-2005-0544 + CVE-2005-0653 + + + koon + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-08.xml new file mode 100644 index 0000000000..f9e5f54d92 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-08.xml @@ -0,0 +1,80 @@ + + + + + OpenMotif, LessTif: New libXpm buffer overflows + + A new vulnerability has been discovered in libXpm, which is included in + OpenMotif and LessTif, that can potentially lead to remote code execution. + + openmotif + March 04, 2005 + March 04, 2005: 01 + 83655 + 83656 + remote + + + 2.2.3-r3 + 2.1.30-r9 + 2.2.3-r3 + + + 0.94.0-r2 + 0.94.0-r2 + + + +

+ LessTif is a clone of OSF/Motif, which is a standard user + interface toolkit available on Unix and Linux. OpenMotif also provides + a free version of the Motif toolkit for open source applications. +

+ + +

+ Chris Gilbert discovered potentially exploitable buffer overflow + cases in libXpm that weren't fixed in previous libXpm security + advisories. +

+ + +

+ A carefully-crafted XPM file could crash applications making use + of the OpenMotif or LessTif toolkits, potentially allowing the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenMotif users should upgrade to an unaffected version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose x11-libs/openmotif +

+ All LessTif users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0-r2" + + + CAN-2005-0605 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-09.xml new file mode 100644 index 0000000000..d9b8ddb725 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-09.xml @@ -0,0 +1,64 @@ + + + + + xv: Filename handling vulnerability + + xv contains a format string vulnerability, potentially resulting in the + execution of arbitrary code. + + xv + March 04, 2005 + May 22, 2006: 02 + 83686 + remote + + + 3.10a-r10 + 3.10a-r10 + + + +

+ xv is an interactive image manipulation package for X11. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw + in the handling of image filenames by xv. +

+ + +

+ Successful exploitation would require a victim to process a specially + crafted image with a malformed filename, potentially resulting in the + execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xv users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r10" + + + CVE-2005-0665 + + + koon + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-10.xml new file mode 100644 index 0000000000..c670e55077 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-10.xml @@ -0,0 +1,139 @@ + + + + + Mozilla Firefox: Various vulnerabilities + + Mozilla Firefox is vulnerable to a local file deletion issue and to various + issues allowing to trick the user into trusting fake web sites or + interacting with privileged content. + + Firefox + March 04, 2005 + March 04, 2005: 01 + 83267 + remote and local + + + 1.0.1 + 1.0.1 + + + 1.0.1 + 1.0.1 + + + +

+ Mozilla Firefox is the popular next-generation browser from the + Mozilla project. +

+ + +

+ The following vulnerabilities were found and fixed in Mozilla + Firefox: +

+
    +
  • Michael Krax reported that plugins can be used + to load privileged content and trick the user to interact with it + (CAN-2005-0232, CAN-2005-0527)
    • +
  • Michael Krax also reported + potential spoofing or cross-site-scripting issues through overlapping + windows, image drag-and-drop, and by dropping javascript: links on tabs + (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)
    • +
  • Daniel de Wildt + and Gael Delalleau discovered a memory overwrite in a string library + (CAN-2005-0255)
    • +
  • Wind Li discovered a possible heap overflow in + UTF8 to Unicode conversion (CAN-2005-0592)
    • +
  • Eric Johanson + reported that Internationalized Domain Name (IDN) features allow + homograph attacks (CAN-2005-0233)
    • +
  • Mook, Doug Turner, Kohei + Yoshino and M. Deaudelin reported various ways of spoofing the SSL + "secure site" indicator (CAN-2005-0593)
    • +
  • Matt Brubeck reported + a possible Autocomplete data leak (CAN-2005-0589)
    • +
  • Georgi + Guninski discovered that XSLT can include stylesheets from arbitrary + hosts (CAN-2005-0588)
    • +
  • Secunia discovered a way of injecting + content into a popup opened by another website (CAN-2004-1156)
    • +
  • Phil Ringnalda reported a possible way to spoof Install source with + user:pass@host (CAN-2005-0590)
    • +
  • Jakob Balle from Secunia + discovered a possible way of spoofing the Download dialog source + (CAN-2005-0585)
    • +
  • Christian Schmidt reported a potential + spoofing issue in HTTP auth prompt tab (CAN-2005-0584)
    • +
  • Andreas + Sanblad from Secunia discovered a possible way of spoofing the Download + dialog using the Content-Disposition header (CAN-2005-0586)
    • +
  • Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team + discovered that Firefox insecurely creates temporary filenames in + /tmp/plugtmp (CAN-2005-0578)
    • +
+ + +
    +
  • By setting up malicious websites and convincing users to + follow untrusted links or obey very specific drag-and-drop or download + instructions, attackers may leverage the various spoofing issues to + fake other websites to get access to confidential information, push + users to download malicious files or make them interact with their + browser preferences.
    • +
  • The temporary directory issue allows + local attackers to overwrite arbitrary files with the rights of another + local user.
    • +
  • The overflow issues, while not thought to be + exploitable, may allow a malicious downloaded page to execute arbitrary + code with the rights of the user viewing the page.
    • +
+ + +

+ There is no known workaround at this time. +

+ + +

+ All Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.1" +

+ All Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.1" + + + CAN-2004-1156 + CAN-2005-0230 + CAN-2005-0231 + CAN-2005-0232 + CAN-2005-0233 + CAN-2005-0255 + CAN-2005-0527 + CAN-2005-0578 + CAN-2005-0584 + CAN-2005-0585 + CAN-2005-0586 + CAN-2005-0588 + CAN-2005-0589 + CAN-2005-0590 + CAN-2005-0591 + CAN-2005-0592 + CAN-2005-0593 + Mozilla Security Advisories + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-11.xml new file mode 100644 index 0000000000..27c0df1f27 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-11.xml @@ -0,0 +1,64 @@ + + + + + ImageMagick: Filename handling vulnerability + + A format string vulnerability exists in ImageMagick that may allow an + attacker to execute arbitrary code. + + ImageMagick + March 06, 2005 + May 22, 2006: 02 + 83542 + remote + + + 6.2.0.4 + 6.2.0.4 + + + +

+ ImageMagick is a collection of tools and libraries for manipulating a + wide variety of image formats. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a + flaw in the handling of filenames by the ImageMagick utilities. +

+ + +

+ Successful exploitation may disrupt web applications that depend on + ImageMagick for image processing, potentially executing arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.0.4" + + + CVE-2005-0397 + + + koon + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-12.xml new file mode 100644 index 0000000000..611c6c283b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-12.xml @@ -0,0 +1,65 @@ + + + + + Hashcash: Format string vulnerability + + A format string vulnerability in the Hashcash utility could allow an + attacker to execute arbitrary code. + + Hashcash + March 06, 2005 + May 22, 2006: 02 + 83541 + remote + + + 1.16-r1 + 1.16-r1 + + + +

+ Hashcash is a utility for generating Hashcash tokens, a proof-of-work + system to reduce the impact of spam. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw + in the Hashcash utility that an attacker could expose by specifying a + malformed reply address. +

+ + +

+ Successful exploitation would permit an attacker to disrupt Hashcash + users, and potentially execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Hashcash users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.16-r1" + + + CVE-2005-0687 + + + koon + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-13.xml new file mode 100644 index 0000000000..a86ca959b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-13.xml @@ -0,0 +1,67 @@ + + + + + mlterm: Integer overflow vulnerability + + mlterm is vulnerable to an integer overflow, which could potentially allow + the execution of arbitrary code. + + mlterm + March 07, 2005 + May 22, 2006: 02 + 84174 + remote + + + 2.9.2 + 2.9.2 + + + +

+ mlterm is a multi-lingual terminal emulator. +

+ + +

+ mlterm is vulnerable to an integer overflow that can be triggered by + specifying a large image file as a background. This only effects users + that have compiled mlterm with the 'gtk' USE flag, which enables + gdk-pixbuf support. +

+ + +

+ An attacker can create a specially-crafted image file which, when used + as a background by the victim, can lead to the execution of arbitrary + code with the privileges of the user running mlterm. +

+ + +

+ Re-compile mlterm without the 'gtk' USE flag. +

+ + +

+ All mlterm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/mlterm-2.9.2" + + + mlterm ChangeLog + CVE-2005-0686 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-14.xml new file mode 100644 index 0000000000..079de819aa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-14.xml @@ -0,0 +1,66 @@ + + + + + KDE dcopidlng: Insecure temporary file creation + + The dcopidlng script is vulnerable to symlink attacks, potentially allowing + a local user to overwrite arbitrary files. + + dcopidlng + March 07, 2005 + March 07, 2005: 01 + 81652 + local + + + 3.3.2-r5 + 3.2.3-r7 + 3.3.2-r5 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. + dcopidlng is a DCOP helper script. +

+ + +

+ Davide Madrisan has discovered that the dcopidlng script creates + temporary files in a world-writable directory with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When dcopidlng is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdelibs + + + CAN-2005-0365 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-15.xml new file mode 100644 index 0000000000..7a6d0cd243 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-15.xml @@ -0,0 +1,67 @@ + + + + + X.org: libXpm vulnerability + + A new vulnerability has been discovered in libXpm, which is included in + X.org, that can potentially lead to remote code execution. + + X.org + March 12, 2005 + March 12, 2005: 02 + 83598 + remote + + + 6.8.0-r5 + 6.8.2-r1 + 6.8.2-r1 + + + +

+ libXpm is a pixmap manipulation library for the X Window System, + included in X.org. +

+ + +

+ Chris Gilbert has discovered potentially exploitable buffer overflow + cases in libXpm that weren't fixed in previous libXpm versions. +

+ + +

+ A carefully-crafted XPM file could crash X.org, potentially allowing + the execution of arbitrary code with the privileges of the user running + the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose x11-base/xorg-x11 + + + CAN-2005-0605 + Freedesktop bug + + + koon + + + SeJo + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-16.xml new file mode 100644 index 0000000000..fba6a0ac28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-16.xml @@ -0,0 +1,76 @@ + + + + + Ethereal: Multiple vulnerabilities + + Multiple vulnerabilities exist in Ethereal, which may allow an attacker to + run arbitrary code or crash the program. + + ethereal + March 12, 2005 + May 22, 2006: 03 + 84547 + remote + + + 0.10.10 + 0.10.10 + + + +

+ Ethereal is a feature rich network protocol analyzer. +

+ + +

+ There are multiple vulnerabilities in versions of Ethereal earlier than + 0.10.10, including: +

+
    +
  • The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer + overflows (CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739).
    • +
  • The GPRS-LLC could crash when the "ignore cipher bit" option is + enabled (CAN-2005-0705).
    • +
  • Various vulnerabilities in JXTA and sFlow dissectors.
    • +
+ + +

+ An attacker might be able to use these vulnerabilities to crash + Ethereal and execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +

+ + +

+ For a temporary workaround you can disable all affected protocol + dissectors. However, it is strongly recommended that you upgrade to the + latest stable version. +

+ + +

+ All Ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.10" + + + CAN-2005-0699 + CAN-2005-0704 + CAN-2005-0705 + CAN-2005-0739 + CVE-2005-0765 + CVE-2005-0766 + Ethereal enpa-sa-00018 + + + jaervosz + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-17.xml new file mode 100644 index 0000000000..029cfb4de6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-17.xml @@ -0,0 +1,66 @@ + + + + + libexif: Buffer overflow vulnerability + + libexif fails to validate certain inputs, making it vulnerable to buffer + overflows. + + libexif + March 12, 2005 + March 12, 2005: 01 + 84076 + remote + + + 0.5.12-r1 + 0.5.12-r1 + + + +

+ libexif is a library for parsing, editing and saving EXIF data. +

+ + +

+ libexif contains a buffer overflow vulnerability in the EXIF tag + validation code. When opening an image with a specially crafted EXIF + tag, the lack of validation can cause applications linked to libexif to + crash. +

+ + +

+ A specially crafted EXIF file could crash applications making use + of libexif, potentially allowing the execution of arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libexif users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.5.12-r1" + + + CAN-2005-0664 + + + vorlon078 + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-18.xml new file mode 100644 index 0000000000..bd00804963 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-18.xml @@ -0,0 +1,66 @@ + + + + + Ringtone Tools: Buffer overflow vulnerability + + The Ringtone Tools utilities contain a buffer overflow vulnerability, + potentially leading to the execution of arbitrary code. + + ringtonetools + March 15, 2005 + March 15, 2005: 01 + 74700 + remote + + + 2.23 + 2.23 + + + +

+ Ringtone Tools is a program for creating ringtones and logos for + mobile phones. +

+ + +

+ Qiao Zhang has discovered a buffer overflow vulnerability in the + 'parse_emelody' function in 'parse_emelody.c'. +

+ + +

+ A remote attacker could entice a Ringtone Tools user to open a + specially crafted eMelody file, which would potentially lead to the + execution of arbitrary code with the rights of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ringtone Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-mobilephone/ringtonetools-2.23" + + + CAN-2004-1292 + + + lewk + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-19.xml new file mode 100644 index 0000000000..11627d5850 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-19.xml @@ -0,0 +1,70 @@ + + + + + MySQL: Multiple vulnerabilities + + MySQL contains several vulnerabilities potentially leading to the + overwriting of local files or to the execution of arbitrary code. + + mysql + March 16, 2005 + March 16, 2005: 02 + 84819 + remote and local + + + 4.0.24 + 4.0.24 + + + +

+ MySQL is a fast, multi-threaded, multi-user SQL database server. +

+ + +

+ MySQL fails to properly validate input for authenticated users with + INSERT and DELETE privileges (CAN-2005-0709 and CAN-2005-0710). + Furthermore MySQL uses predictable filenames when creating temporary + files with CREATE TEMPORARY TABLE (CAN-2005-0711). +

+ + +

+ An attacker with INSERT and DELETE privileges could exploit this to + manipulate the mysql table or accessing libc calls, potentially leading + to the execution of arbitrary code with the permissions of the user + running MySQL. An attacker with CREATE TEMPORARY TABLE privileges could + exploit this to overwrite arbitrary files via a symlink attack. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.24" + + + CAN-2005-0709 + CAN-2005-0710 + CAN-2005-0711 + + + jaervosz + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-20.xml new file mode 100644 index 0000000000..2d3869fe53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-20.xml @@ -0,0 +1,66 @@ + + + + + curl: NTLM response buffer overflow + + curl is vulnerable to a buffer overflow which could lead to the execution + of arbitrary code. + + curl + March 16, 2005 + March 16, 2005: 01 + 82534 + remote + + + 7.13.1 + 7.13.1 + + + +

+ curl is a command line tool for transferring files via many + different protocols. +

+ + +

+ curl fails to properly check boundaries when handling NTLM + authentication. +

+ + +

+ With a malicious server an attacker could send a carefully crafted + NTLM response to a connecting client leading to the execution of + arbitrary code with the permissions of the user running curl. +

+ + +

+ Disable NTLM authentication by not using the --anyauth or --ntlm + options. +

+ + +

+ All curl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1" + + + CAN-2005-0490 + + + vorlon078 + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-21.xml new file mode 100644 index 0000000000..7431289333 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-21.xml @@ -0,0 +1,66 @@ + + + + + Grip: CDDB response overflow + + Grip contains a buffer overflow that can be triggered by a large CDDB + response, potentially allowing the execution of arbitrary code. + + grip + March 17, 2005 + March 17, 2005: 01 + 84704 + remote + + + 3.3.0 + 3.3.0 + + + +

+ Grip is a GTK+ based audio CD player/ripper. +

+ + +

+ Joseph VanAndel has discovered a buffer overflow in Grip when + processing large CDDB results. +

+ + +

+ A malicious CDDB server could cause Grip to crash by returning + more then 16 matches, potentially allowing the execution of arbitrary + code with the privileges of the user running the application. +

+ + +

+ Disable automatic CDDB queries, but we highly encourage users to + upgrade to 3.3.0. +

+ + +

+ All Grip users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/grip-3.3.0" + + + CAN-2005-0706 + Original Bug Report + + + koon + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-22.xml new file mode 100644 index 0000000000..440e9e3de7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-22.xml @@ -0,0 +1,62 @@ + + + + + KDE: Local Denial of Service + + KDE is vulnerable to a local Denial of Service attack. + + kde, dcopserver + March 19, 2005 + March 19, 2005: 01 + 83814 + local + + + 3.3.2-r7 + 3.2.3-r8 + 3.3.2-r7 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. +

+ + +

+ Sebastian Krahmer discovered that it is possible to stall the + dcopserver of other users. +

+ + +

+ An attacker could exploit this to cause a local Denial of Service + by stalling the dcopserver in the authentication process. As a result + all desktop functionality relying on DCOP will cease to function. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdelibs + + + CAN-2005-0396 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-23.xml new file mode 100644 index 0000000000..7c58343a2f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-23.xml @@ -0,0 +1,64 @@ + + + + + rxvt-unicode: Buffer overflow + + rxvt-unicode is vulnerable to a buffer overflow that could lead to the + execution of arbitrary code. + + rxvt-unicode + March 20, 2005 + March 20, 2005: 01 + 84680 + remote + + + 5.3 + 4.8 + 5.3 + + + +

+ rxvt-unicode is a clone of the well known terminal emulator rxvt. +

+ + +

+ Rob Holland of the Gentoo Linux Security Audit Team discovered + that rxvt-unicode fails to properly check input length. +

+ + +

+ Successful exploitation would allow an attacker to execute + arbitrary code with the permissions of the user running rxvt-unicode. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All rxvt-unicode users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-5.3" + + + CAN-2005-0764 + + + koon + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-24.xml new file mode 100644 index 0000000000..fa844335fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-24.xml @@ -0,0 +1,61 @@ + + + + + LTris: Buffer overflow + + LTris is vulnerable to a buffer overflow which could lead to the execution + of arbitrary code. + + LTris + March 20, 2005 + March 20, 2005: 01 + 85770 + local + + + 1.0.10 + 1.0.10 + + + +

+ LTris is a Tetris clone. +

+ + +

+ LTris is vulnerable to a buffer overflow when reading the global + highscores file. +

+ + +

+ By modifying the global highscores file a malicious user could + trick another user to execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LTris users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10" + + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-25.xml new file mode 100644 index 0000000000..7beb0c8286 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-25.xml @@ -0,0 +1,66 @@ + + + + + OpenSLP: Multiple buffer overflows + + Multiple buffer overflows have been found in OpenSLP, which could lead to + the remote execution of arbitrary code. + + OpenSLP + March 20, 2005 + May 22, 2006: 02 + 85347 + remote + + + 1.2.1 + 1.2.1 + + + +

+ OpenSLP is an open-source implementation of Service Location Protocol + (SLP). +

+ + +

+ Multiple buffer overflows have been found in OpenSLP, when handling + malformed SLP packets. +

+ + +

+ By sending specially crafted SLP packets, a remote attacker could + potentially execute arbitrary code with the rights of the OpenSLP + daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSLP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/openslp-1.2.1" + + + SUSE Security Announcement + CVE-2005-0769 + + + lewk + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-26.xml new file mode 100644 index 0000000000..6e722122a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-26.xml @@ -0,0 +1,77 @@ + + + + + Sylpheed, Sylpheed-claws: Message reply overflow + + Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered + when replying to specially crafted messages. + + sylpheed sylpheed-claws + March 20, 2005 + March 20, 2005: 01 + 84056 + remote + + + 1.0.3 + 1.0.3 + + + 1.0.3 + 1.0.3 + + + +

+ Sylpheed is a lightweight email client and newsreader. + Sylpheed-claws is a 'bleeding edge' version of Sylpheed. +

+ + +

+ Sylpheed and Sylpheed-claws fail to properly handle non-ASCII + characters in email headers when composing reply messages. +

+ + +

+ An attacker can send an email containing a malicious non-ASCII + header which, when replied to, would cause the program to crash, + potentially allowing the execution of arbitrary code with the + privileges of the user running the software. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sylpheed users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.3" +

+ All Sylpheed-claws users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.3" + + + Sylpheed ChangeLog + CAN-2005-0667 + + + koon + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-27.xml new file mode 100644 index 0000000000..3ae24aaa8d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-27.xml @@ -0,0 +1,64 @@ + + + + + Xzabite dyndnsupdate: Multiple vulnerabilities + + Xzabite's dyndnsupdate software suffers from multiple vulnerabilities, + potentially resulting in the remote execution of arbitrary code. + + dyndnsupdate + March 21, 2005 + May 22, 2006: 02 + 84659 + remote + + + 0.6.15 + + + +

+ dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite" + Haglund. +

+ + +

+ Toby Dickenson discovered that dyndnsupdate suffers from multiple + overflows. +

+ + +

+ A remote attacker, posing as a dyndns.org server, could execute + arbitrary code with the rights of the user running dyndnsupdate. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Currently, there is no released version of dyndnsupdate that contains a + fix for these issues. The original xzabite.org distribution site is + dead, the code contains several other problems and more secure + alternatives exist, such as the net-dns/ddclient package. Therefore, + the dyndnsupdate package has been hard-masked prior to complete removal + from Portage, and current users are advised to unmerge the package: +

+ + # emerge --unmerge net-misc/dyndnsupdate + + + CVE-2005-0830 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-28.xml new file mode 100644 index 0000000000..5cf43afeba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-28.xml @@ -0,0 +1,82 @@ + + + + + Sun Java: Web Start argument injection vulnerability + + Java Web Start JNLP files can be abused to evade sandbox restriction and + execute arbitrary code. + + Java + March 24, 2005 + May 22, 2006: 02 + 85804 + remote + + + 1.4.2.07 + 1.4.2 + 1.4.2.07 + + + 1.4.2.07 + 1.4.2 + 1.4.2.07 + + + +

+ Sun provides implementations of Java Development Kits (JDK) and Java + Runtime Environments (JRE). These implementations provide the Java Web + Start technology that can be used for easy client-side deployment of + Java applications. +

+ + +

+ Jouko Pynnonen discovered that Java Web Start contains a vulnerability + in the way it handles property tags in JNLP files. +

+ + +

+ By enticing a user to open a malicious JNLP file, a remote attacker + could pass command line arguments to the Java Virtual machine, which + can be used to bypass the Java "sandbox" and to execute arbitrary code + with the permissions of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sun JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.07" +

+ All Sun JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.07" + + + Jouko Pynnonen advisory + Sun Microsystems Alert Notification + CVE-2005-0836 + + + koon + + + koon + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-29.xml new file mode 100644 index 0000000000..ebeee9ed62 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-29.xml @@ -0,0 +1,68 @@ + + + + + GnuPG: OpenPGP protocol attack + + Automated systems using GnuPG may leak plaintext portions of an encrypted + message. + + GnuPG + March 24, 2005 + March 24, 2005: 01 + 85547 + remote + + + 1.4.1 + 1.4.1 + + + +

+ GnuPG is complete and free replacement for PGP, a tool for secure + communication and data storage. +

+ + +

+ A flaw has been identified in an integrity checking mechanism of + the OpenPGP protocol. +

+ + +

+ An automated system using GnuPG that allows an attacker to + repeatedly discover the outcome of an integrity check (perhaps by + observing the time required to return a response, or via overly verbose + error messages) could theoretically reveal a small portion of + plaintext. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuPG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.1" + + + CERT VU#303094 + CAN-2005-0366 + + + koon + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-30.xml new file mode 100644 index 0000000000..077b7e9de9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-30.xml @@ -0,0 +1,138 @@ + + + + + Mozilla Suite: Multiple vulnerabilities + + The Mozilla Suite is vulnerable to multiple issues ranging from the remote + execution of arbitrary code to various issues allowing to trick the user + into trusting fake web sites or interacting with privileged content. + + Mozilla + March 25, 2005 + March 25, 2005: 01 + 84074 + remote and local + + + 1.7.6 + 1.7.6 + + + 1.7.6 + 1.7.6 + + + +

+ The Mozilla Suite is a popular all-in-one web browser that + includes a mail and news reader. +

+ + +

+ The following vulnerabilities were found and fixed in the Mozilla + Suite: +

+
    +
  • Mark Dowd from ISS X-Force reported an exploitable + heap overrun in the GIF processing of obsolete Netscape extension 2 + (CAN-2005-0399)
    • +
  • Michael Krax reported that plugins can be used + to load privileged content and trick the user to interact with it + (CAN-2005-0232, CAN-2005-0527)
    • +
  • Michael Krax also reported + potential spoofing or cross-site-scripting issues through overlapping + windows, image or scrollbar drag-and-drop, and by dropping javascript: + links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401, + CAN-2005-0591)
    • +
  • Daniel de Wildt and Gael Delalleau discovered a + memory overwrite in a string library (CAN-2005-0255)
    • +
  • Wind Li + discovered a possible heap overflow in UTF8 to Unicode conversion + (CAN-2005-0592)
    • +
  • Eric Johanson reported that Internationalized + Domain Name (IDN) features allow homograph attacks (CAN-2005-0233)
    • +
  • Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various + ways of spoofing the SSL "secure site" indicator (CAN-2005-0593)
    • +
  • Georgi Guninski discovered that XSLT can include stylesheets from + arbitrary hosts (CAN-2005-0588)
    • +
  • Secunia discovered a way of + injecting content into a popup opened by another website + (CAN-2004-1156)
    • +
  • Phil Ringnalda reported a possible way to + spoof Install source with user:pass@host (CAN-2005-0590)
    • +
  • Jakob + Balle from Secunia discovered a possible way of spoofing the Download + dialog source (CAN-2005-0585)
    • +
  • Christian Schmidt reported a + potential spoofing issue in HTTP auth prompt tab (CAN-2005-0584)
    • +
  • Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team + discovered that Mozilla insecurely creates temporary filenames in + /tmp/plugtmp (CAN-2005-0578)
    • +
+ + +
    +
  • The GIF heap overflow could be triggered by a malicious GIF + image that would end up executing arbitrary code with the rights of the + user running Mozilla. The other overflow issues, while not thought to + be exploitable, would have the same impact
    • +
  • By setting up + malicious websites and convincing users to follow untrusted links or + obey very specific drag-and-drop or download instructions, attackers + may leverage the various spoofing issues to fake other websites to get + access to confidential information, push users to download malicious + files or make them interact with their browser preferences
    • +
  • The + temporary directory issue allows local attackers to overwrite arbitrary + files with the rights of another local user
    • +
+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Suite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6" +

+ All Mozilla Suite binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6" + + + CAN-2004-1156 + CAN-2005-0230 + CAN-2005-0231 + CAN-2005-0232 + CAN-2005-0233 + CAN-2005-0255 + CAN-2005-0399 + CAN-2005-0401 + CAN-2005-0527 + CAN-2005-0578 + CAN-2005-0584 + CAN-2005-0585 + CAN-2005-0588 + CAN-2005-0590 + CAN-2005-0591 + CAN-2005-0592 + CAN-2005-0593 + Mozilla Security Advisories + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-31.xml new file mode 100644 index 0000000000..6a9c3db2e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-31.xml @@ -0,0 +1,97 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the + remote execution of arbitrary code through malicious GIF images or + sidebars. + + Firefox + March 25, 2005 + March 25, 2005: 01 + 86148 + remote + + + 1.0.2 + 1.0.2 + + + 1.0.2 + 1.0.2 + + + +

+ Mozilla Firefox is the popular next-generation browser from the + Mozilla project. +

+ + +

+ The following vulnerabilities were found and fixed in Mozilla + Firefox: +

+
    +
  • Mark Dowd from ISS X-Force reported an + exploitable heap overrun in the GIF processing of obsolete Netscape + extension 2 (CAN-2005-0399)
    • +
  • Kohei Yoshino discovered that a + page bookmarked as a sidebar could bypass privileges control + (CAN-2005-0402)
    • +
  • Michael Krax reported a new way to bypass XUL + security restrictions through drag-and-drop of items like scrollbars + (CAN-2005-0401)
    • +
+ + +
    +
  • The GIF heap overflow could be triggered by a malicious GIF + image that would end up executing arbitrary code with the rights of the + user running Firefox
    • +
  • By tricking the user into bookmarking a + malicious page as a Sidebar, a remote attacker could potentially + execute arbitrary code with the rights of the user running the + browser
    • +
  • By setting up a malicious website and convincing users + to obey very specific drag-and-drop instructions, attackers may + leverage drag-and-drop features to bypass XUL security restrictions, + which could be used as a stepping stone to exploit other + vulnerabilities
    • +
+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.2" +

+ All Mozilla Firefox binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.2" + + + CAN-2005-0399 + CAN-2005-0401 + CAN-2005-0402 + Mozilla Security Advisories + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-32.xml new file mode 100644 index 0000000000..6965ffc6e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-32.xml @@ -0,0 +1,93 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Mozilla Thunderbird is vulnerable to multiple issues, including the remote + execution of arbitrary code through malicious GIF images. + + Thunderbird + March 25, 2005 + March 25, 2005: 01 + 84075 + remote + + + 1.0.2 + 1.0.2 + + + 1.0.2 + 1.0.2 + + + +

+ Mozilla Thunderbird is the next-generation mail client from the + Mozilla project. +

+ + +

+ The following vulnerabilities were found and fixed in Mozilla + Thunderbird: +

+
    +
  • Mark Dowd from ISS X-Force reported an + exploitable heap overrun in the GIF processing of obsolete Netscape + extension 2 (CAN-2005-0399)
    • +
  • Daniel de Wildt and Gael Delalleau + discovered a memory overwrite in a string library (CAN-2005-0255)
    • +
  • Wind Li discovered a possible heap overflow in UTF8 to Unicode + conversion (CAN-2005-0592)
    • +
  • Phil Ringnalda reported a possible + way to spoof Install source with user:pass@host (CAN-2005-0590)
    • +
+ + +

+ The GIF heap overflow could be triggered by a malicious GIF image + that would end up executing arbitrary code with the rights of the user + running Thunderbird. The other overflow issues, while not thought to be + exploitable, would have the same impact. Furthermore, by setting up + malicious websites and convincing users to follow untrusted links, + attackers may leverage the spoofing issue to trick user into installing + malicious extensions. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.2" +

+ All Mozilla Thunderbird binary users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.2" + + + CAN-2005-0255 + CAN-2005-0399 + CAN-2005-0590 + CAN-2005-0592 + Mozilla Security Advisories + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-33.xml new file mode 100644 index 0000000000..049b4e4d78 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-33.xml @@ -0,0 +1,66 @@ + + + + + IPsec-Tools: racoon Denial of Service + + IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. + + IPsec-Tools + March 25, 2005 + March 25, 2005: 01 + 84479 + remote + + + 0.4-r1 + 0.5-r1 + 0.5-r1 + + + +

+ IPsec-Tools is a port of KAME's implementation of the IPsec + utilities. It contains a collection of network monitoring tools, + including racoon, ping, and ping6. +

+ + +

+ Sebastian Krahmer has reported a potential remote Denial of + Service vulnerability in the ISAKMP header parsing code of racoon. +

+ + +

+ An attacker could possibly cause a Denial of Service of racoon + using a specially crafted ISAKMP packet. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IPsec-Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.4-r1" + + + CAN-2005-0398 + ipsec-tools-devel posting + + + jaervosz + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-34.xml new file mode 100644 index 0000000000..d3a27c7ec3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-34.xml @@ -0,0 +1,67 @@ + + + + + mpg321: Format string vulnerability + + A flaw in the processing of ID3 tags in mpg321 could potentially lead to + the execution of arbitrary code. + + mpg321 + March 28, 2005 + March 28, 2005: 01 + 86033 + remote + + + 0.2.10-r2 + 0.2.10-r2 + + + +

+ mpg321 is a GPL replacement for mpg123, a command line audio + player with support for ID3. ID3 is a tagging system that allows + metadata to be embedded within media files. +

+ + +

+ A routine security audit of the mpg321 package revealed a known + security issue remained unpatched. The vulnerability is a result of + mpg321 printing embedded ID3 data to the console in an unsafe manner. +

+ + +

+ Successful exploitation would require a victim to play a specially + crafted audio file using mpg321, potentially resulting in the execution + of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg321 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg321-0.2.10-r2" + + + CVE-2003-0969 + + + koon + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-35.xml new file mode 100644 index 0000000000..4647de95c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-35.xml @@ -0,0 +1,68 @@ + + + + + Smarty: Template vulnerability + + Smarty's "Template security" feature can be bypassed, potentially allowing + a remote attacker to execute arbitrary PHP code. + + smarty + March 30, 2005 + May 22, 2006: 03 + 86488 + remote + + + 2.6.9 + 2.6.9 + + + +

+ Smarty is a template engine for PHP. The "template security" feature of + Smarty is designed to help reduce the risk of a system compromise when + you have untrusted parties editing templates. +

+ + +

+ A vulnerability has been discovered within the regex_replace modifier + of the Smarty templates when allowing access to untrusted users. + Furthermore, it was possible to call functions from {if} statements and + {math} functions. +

+ + +

+ These issues may allow a remote attacker to bypass the "template + security" feature of Smarty, and execute arbitrary PHP code. +

+ + +

+ Do not grant template access to untrusted users. +

+ + +

+ All Smarty users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.9" + + + Smarty ChangeLog + CVE-2005-0913 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-36.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-36.xml new file mode 100644 index 0000000000..1b48e63840 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-36.xml @@ -0,0 +1,66 @@ + + + + + netkit-telnetd: Buffer overflow + + The netkit-telnetd telnet client is vulnerable to a buffer overflow, which + could allow a malicious telnet server operator to execute arbitrary code. + + netkit-telnetd + March 31, 2005 + March 31, 2005: 01 + 87211 + remote + + + 0.17-r6 + 0.17-r6 + + + +

+ netkit-telnetd provides standard Linux telnet client and server. +

+ + +

+ A buffer overflow has been identified in the slc_add_reply() + function of netkit-telnetd client, where a large number of SLC commands + can overflow a fixed size buffer. +

+ + +

+ Successful explotation would require a vulnerable user to connect + to an attacker-controlled host using telnet, potentially executing + arbitrary code with the permissions of the telnet user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All netkit-telnetd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/netkit-telnetd-0.17-r6" + + + CAN-2005-0469 + iDEFENSE Advisory 03-28-05 + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-37.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-37.xml new file mode 100644 index 0000000000..4c21db1c5c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200503-37.xml @@ -0,0 +1,67 @@ + + + + + LimeWire: Disclosure of sensitive information + + Two vulnerabilities in LimeWire can be exploited to disclose sensitive + information. + + LimeWire + March 31, 2005 + March 31, 2005: 01 + 85380 + remote + + + 4.8.1 + 4.8.1 + + + +

+ LimeWire is a Java peer-to-peer client compatible with the + Gnutella file-sharing protocol. +

+ + +

+ Two input validation errors were found in the handling of Gnutella + GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789). +

+ + +

+ A remote attacker can craft a specific Gnutella GET request or use + directory traversal on magnet requests to read arbitrary files on the + system with the rights of the user running LimeWire. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LimeWire users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1" + + + CAN-2005-0788 + CAN-2005-0789 + Secunia Advisory SA14555 + + + koon + + + koon + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-01.xml new file mode 100644 index 0000000000..71d20af6a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-01.xml @@ -0,0 +1,71 @@ + + + + + telnet-bsd: Multiple buffer overflows + + The telnet-bsd telnet client is vulnerable to two buffer overflows, which + could allow a malicious telnet server operator to execute arbitrary code. + + telnet + April 01, 2005 + April 01, 2005: 01 + 87019 + remote + + + 1.0-r1 + 1.0-r1 + + + +

+ telnet-bsd provides a command line telnet client which is used for + remote login using the telnet protocol. +

+ + +

+ A buffer overflow has been identified in the env_opt_add() + function of telnet-bsd, where a response requiring excessive escaping + can cause a heap-based buffer overflow. Another issue has been + identified in the slc_add_reply() function, where a large number of SLC + commands can overflow a fixed size buffer. +

+ + +

+ Successful exploitation would require a vulnerable user to connect + to an attacker-controlled host using telnet, potentially executing + arbitrary code with the permissions of the telnet user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All telnet-bsd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/telnet-bsd-1.0-r1" + + + CAN-2005-0468 + IDEF0867 + CAN-2005-0469 + IDEF0866 + + + koon + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-02.xml new file mode 100644 index 0000000000..e5cdd5c84c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-02.xml @@ -0,0 +1,73 @@ + + + + + Sylpheed, Sylpheed-claws: Buffer overflow on message display + + Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered + when displaying messages with specially crafted attachments. + + sylpheed + April 02, 2005 + April 02, 2005: 01 + 86541 + remote + + + 1.0.4 + 1.0.4 + + + 1.0.4 + 1.0.4 + + + +

+ Sylpheed is a lightweight email client and newsreader. + Sylpheed-claws is a 'bleeding edge' version of Sylpheed. +

+ + +

+ Sylpheed and Sylpheed-claws fail to properly handle messages + containing attachments with MIME-encoded filenames. +

+ + +

+ An attacker can send a malicious email message which, when + displayed, would cause the program to crash, potentially allowing the + execution of arbitrary code with the privileges of the user running the + software. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sylpheed users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.4" +

+ All Sylpheed-claws users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.4" + + + Sylpheed ChangeLog + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-03.xml new file mode 100644 index 0000000000..ef44389f1f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-03.xml @@ -0,0 +1,69 @@ + + + + + Dnsmasq: Poisoning and Denial of Service vulnerabilities + + Dnsmasq is vulnerable to DNS cache poisoning attacks and a potential Denial + of Service from the local network. + + Dnsmasq + April 04, 2005 + April 04, 2005: 01 + 86718 + remote + + + 2.22 + 2.22 + + + +

+ Dnsmasq is a lightweight and easily-configurable DNS forwarder and + DHCP server. +

+ + +

+ Dnsmasq does not properly detect that DNS replies received do not + correspond to any DNS query that was sent. Rob Holland of the Gentoo + Linux Security Audit team also discovered two off-by-one buffer + overflows that could crash DHCP lease files parsing. +

+ + +

+ A remote attacker could send malicious answers to insert arbitrary + DNS data into the Dnsmasq cache. These attacks would in turn help an + attacker to perform man-in-the-middle and site impersonation attacks. + The buffer overflows might allow an attacker on the local network to + crash Dnsmasq upon restart. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dnsmasq users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.22" + + + Dnsmasq Changelog + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-04.xml new file mode 100644 index 0000000000..301e37aa7b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-04.xml @@ -0,0 +1,67 @@ + + + + + mit-krb5: Multiple buffer overflows in telnet client + + The mit-krb5 telnet client is vulnerable to two buffer overflows, which + could allow a malicious telnet server operator to execute arbitrary code. + + telnet + April 06, 2005 + April 06, 2005: 01 + 87145 + remote + + + 1.3.6-r2 + 1.3.6-r2 + + + +

+ The MIT Kerberos 5 implementation provides a command line telnet + client which is used for remote login via the telnet protocol. +

+ + +

+ A buffer overflow has been identified in the env_opt_add() + function, where a response requiring excessive escaping can cause a + heap-based buffer overflow. Another issue has been identified in the + slc_add_reply() function, where a large number of SLC commands can + overflow a fixed size buffer. +

+ + +

+ Successful exploitation would require a vulnerable user to connect + to an attacker-controlled telnet host, potentially executing arbitrary + code with the permissions of the telnet user on the client. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mit-krb5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6-r2" + + + CAN-2005-0468 + CAN-2005-0469 + MITKRB5-SA-2005-001 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-05.xml new file mode 100644 index 0000000000..1a05644d7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-05.xml @@ -0,0 +1,74 @@ + + + + + Gaim: Denial of Service issues + + Gaim contains multiple vulnerabilities that can lead to a Denial of + Service. + + Gaim + April 06, 2005 + April 06, 2005: 03 + 87903 + remote + + + 1.2.1 + 1.2.1 + + + +

+ Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +

+ + +

+ Multiple vulnerabilities have been addressed in the latest release of + Gaim: +

+
  • A buffer overread in the gaim_markup_strip_html() function, + which is used when logging conversations (CAN-2005-0965).
    • +
  • Markup tags are improperly escaped using Gaim's IRC plugin + (CAN-2005-0966).
    • +
  • Sending a specially crafted file transfer request to a Gaim Jabber + user can trigger a crash (CAN-2005-0967).
    • +
+ + +

+ An attacker could possibly cause a Denial of Service by exploiting any + of these vulnerabilities. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gaim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1" + + + CAN-2005-0967 + CAN-2005-0966 + CAN-2005-0965 + Gaim Vulnerability Index + + + koon + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-06.xml new file mode 100644 index 0000000000..1215382038 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-06.xml @@ -0,0 +1,67 @@ + + + + + sharutils: Insecure temporary file creation + + The unshar utility is vulnerable to symlink attacks, potentially allowing a + local user to overwrite arbitrary files. + + sharutils + April 06, 2005 + April 06, 2005: 01 + 87939 + local + + + 4.2.1-r11 + 4.2.1-r11 + + + +

+ sharutils is a collection of tools to deal with shar archives. +

+ + +

+ Joey Hess has discovered that the program unshar, which is a part + of sharutils, creates temporary files in a world-writable directory + with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When unshar is executed, this would result in the file being + overwritten with the rights of the user running the utility, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All sharutils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/sharutils-4.2.1-r11" + + + Ubuntu Advisory + + + koon + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-07.xml new file mode 100644 index 0000000000..72b81b11f2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-07.xml @@ -0,0 +1,78 @@ + + + + + GnomeVFS, libcdaudio: CDDB response overflow + + The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be + triggered by a large CDDB response, potentially allowing the execution of + arbitrary code. + + GnomeVFS + April 08, 2005 + April 13, 2005: 02 + 84936 + remote + + + 2.8.4-r1 + 1.0.5-r4 + 2.8.4-r1 + + + 0.99.10-r1 + 0.99.10-r1 + + + +

+ GnomeVFS is a filesystem abstraction library for the GNOME desktop + environment. libcdaudio is a multi-platform CD player development + library. They both include code to query CDDB servers to get Audio CD + track titles. +

+ + +

+ Joseph VanAndel has discovered a buffer overflow in Grip when + processing large CDDB results (see GLSA 200503-21). The same overflow + is present in GnomeVFS and libcdaudio code. +

+ + +

+ A malicious CDDB server could cause applications making use of GnomeVFS + or libcdaudio libraries to crash, potentially allowing the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnomeVFS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose gnome-base/gnome-vfs +

+ All libcdaudio users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libcdaudio-0.99.10-r1" + + + CAN-2005-0706 + GLSA 200503-21 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-08.xml new file mode 100644 index 0000000000..b17f7101be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-08.xml @@ -0,0 +1,66 @@ + + + + + phpMyAdmin: Cross-site scripting vulnerability + + phpMyAdmin is vulnerable to a cross-site scripting attack. + + phpMyAdmin + April 11, 2005 + May 22, 2006: 02 + 87952 + remote + + + 2.6.2_rc1 + 2.6.2_rc1 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +

+ + +

+ Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate + input to the "convcharset" variable, rendering it vulnerable to + cross-site scripting attacks. +

+ + +

+ By sending a specially-crafted request, an attacker can inject and + execute malicious script code, potentially compromising the victim's + browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2_rc1" + + + PMASA-2005-3 + CVE-2005-0992 + + + lewk + + + lewk + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-09.xml new file mode 100644 index 0000000000..1bdaf21ccc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-09.xml @@ -0,0 +1,65 @@ + + + + + Axel: Vulnerability in HTTP redirection handling + + A buffer overflow vulnerability has been found in Axel which could lead to + the execution of arbitrary code. + + Axel + April 12, 2005 + April 12, 2005: 01 + 88264 + remote + + + 1.0b + 1.0b + + + +

+ Axel is a console-based FTP/HTTP download accelerator. +

+ + +

+ A possible buffer overflow has been reported in the HTTP + redirection handling code in conn.c. +

+ + +

+ A remote attacker could exploit this vulnerability by setting up a + malicious site and enticing a user to connect to it. This could + possibly lead to the execution of arbitrary code with the permissions + of the user running Axel. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Axel users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/axel-1.0b" + + + CAN-2005-0390 + + + koon + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-10.xml new file mode 100644 index 0000000000..b160c2cd8d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-10.xml @@ -0,0 +1,63 @@ + + + + + Gld: Remote execution of arbitrary code + + Gld contains several serious vulnerabilities, potentially resulting in the + execution of arbitrary code as the root user. + + Gld + April 13, 2005 + May 22, 2006: 02 + 88904 + remote + + + 1.5 + 1.4 + + + +

+ Gld is a standalone greylisting server for Postfix. +

+ + +

+ dong-hun discovered several buffer overflows in server.c, as well as + several format string vulnerabilities in cnf.c. +

+ + +

+ An attacker could exploit this vulnerability to execute arbitrary code + with the permissions of the user running Gld, the default user being + root. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gld users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/gld-1.5" + + + SecurityTracker ID 1013678 + CVE-2005-1099 + CVE-2005-1100 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-11.xml new file mode 100644 index 0000000000..659fdfb5d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-11.xml @@ -0,0 +1,72 @@ + + + + + JunkBuster: Multiple vulnerabilities + + JunkBuster is vulnerable to a heap corruption vulnerability, and under + certain configurations may allow an attacker to modify settings. + + junkbuster + April 13, 2005 + April 21, 2005: 02 + 88537 + remote + + + 2.0.2-r3 + 2.0.2-r3 + + + +

+ JunkBuster is a filtering HTTP proxy, designed to enhance privacy and + remove unwanted content. +

+ + +

+ James Ranson reported a vulnerability when JunkBuster is configured to + run in single-threaded mode, an attacker can modify the referrer + setting by getting a victim to request a specially crafted URL + (CAN-2005-1108). Tavis Ormandy of the Gentoo Linux Security Audit Team + identified a heap corruption issue in the filtering of URLs + (CAN-2005-1109). +

+ + +

+ If JunkBuster has been configured to run in single-threaded mode, an + attacker can disable or modify the filtering of Referrer: HTTP headers, + potentially compromising the privacy of users. The heap corruption + vulnerability could crash or disrupt the operation of the proxy, + potentially executing arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All JunkBuster users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/junkbuster-2.0.2-r3" + + + CAN-2005-1108 + CAN-2005-1109 + + + jaervosz + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-12.xml new file mode 100644 index 0000000000..210e00bf4f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-12.xml @@ -0,0 +1,69 @@ + + + + + rsnapshot: Local privilege escalation + + rsnapshot allows a local user to take ownership of local files, resulting + in privilege escalation. + + rsnapshot + April 13, 2005 + December 30, 2007: 05 + 88681 + local + + + 1.2.1 + 1.1.7 + 1.2.1 + + + +

+ rsnapshot is a filesystem snapshot utility based on rsync, allowing + local and remote systems backups. +

+ + +

+ The copy_symlink() subroutine in rsnapshot follows symlinks when + changing file ownership, instead of changing the ownership of the + symlink itself. +

+ + +

+ Under certain circumstances, local attackers can exploit this + vulnerability to take ownership of arbitrary files, resulting in local + privilege escalation. +

+ + +

+ The copy_symlink() subroutine is not called if the cmd_cp parameter has + been enabled. +

+ + +

+ All rsnapshot users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-backup/rsnapshot + + + rsnapshot Security Advisory 001 + CVE-2005-1064 + + + koon + + + lewk + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-13.xml new file mode 100644 index 0000000000..a3806adad0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-13.xml @@ -0,0 +1,100 @@ + + + + + OpenOffice.Org: DOC document Heap Overflow + + OpenOffice.Org is vulnerable to a heap overflow when processing DOC + documents, which could lead to arbitrary code execution. + + OpenOffice + April 15, 2005 + May 08, 2005: 02 + 88863 + remote + + + 1.1.4-r1 + 1.1.4-r1 + + + 1.1.4-r1 + 1.1.4-r1 + + + 1.3.9-r1 + 1.3.6-r1 + 1.3.7-r1 + 1.3.9-r1 + + + +

+ OpenOffice.org is an office productivity suite, including word + processing, spreadsheets, presentations, drawings, data charting, + formula editing, and file conversion facilities. +

+ + +

+ AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load()" + function when processing DOC documents. +

+ + +

+ An attacker could design a malicious DOC document containing a + specially crafted header which, when processed by OpenOffice.Org, would + result in the execution of arbitrary code with the rights of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.Org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-1.1.4-r1" +

+ All OpenOffice.Org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-1.1.4-r1" +

+ All OpenOffice.Org Ximian users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-office/openoffice-ximian +

+ Note to PPC users: There is no stable OpenOffice.Org fixed version for + the PPC architecture. Affected users should switch to the latest + OpenOffice.Org Ximian version. +

+

+ Note to SPARC users: There is no stable OpenOffice.Org fixed version + for the SPARC architecture. Affected users should switch to the latest + OpenOffice.Org Ximian version. +

+ + + OpenOffice.Org Issue 46388 + CAN-2005-0941 + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-14.xml new file mode 100644 index 0000000000..677435e776 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-14.xml @@ -0,0 +1,72 @@ + + + + + monkeyd: Multiple vulnerabilities + + Format string and Denial of Service vulnerabilities have been discovered in + the monkeyd HTTP server, potentially resulting in the execution of + arbitrary code. + + monkeyd + April 15, 2005 + May 22, 2006: 02 + 87916 + remote + + + 0.9.1 + 0.9.1 + + + +

+ monkeyd is a fast, efficient, small and easy to configure web server + for Linux. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + double expansion error in monkeyd, resulting in a format string + vulnerability. Ciaran McCreesh of Gentoo Linux discovered a Denial of + Service vulnerability, a syntax error caused monkeyd to zero out + unallocated memory should a zero byte file be requested. +

+ + +

+ The format string vulnerability could allow an attacker to send a + specially crafted request to the monkeyd server, resulting in the + execution of arbitrary code with the permissions of the user running + monkeyd. The DoS vulnerability could allow an attacker to disrupt the + operation of the web server, should a zero byte file be accessible. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All monkeyd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/monkeyd-0.9.1" + + + CVE-2005-1122 + CVE-2005-1123 + + + koon + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-15.xml new file mode 100644 index 0000000000..e5dfac0eb6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-15.xml @@ -0,0 +1,95 @@ + + + + + PHP: Multiple vulnerabilities + + Several vulnerabilities were found and fixed in PHP image handling + functions, potentially resulting in Denial of Service conditions or the + remote execution of arbitrary code. + + PHP + April 18, 2005 + April 18, 2005: 01 + 87517 + remote + + + 4.3.11 + 4.3.11 + + + 4.3.11 + 4.3.11 + + + 4.3.11 + 4.3.11 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +

+ + +

+ An integer overflow and an unbound recursion were discovered in + the processing of Image File Directory tags in PHP's EXIF module + (CAN-2005-1042, CAN-2005-1043). Furthermore, two infinite loops have + been discovered in the getimagesize() function when processing IFF or + JPEG images (CAN-2005-0524, CAN-2005-0525). +

+ + +

+ A remote attacker could craft an image file with a malicious EXIF + IFD tag, a large IFD nesting level or invalid size parameters and send + it to a web application that would process this user-provided image + using one of the affected functions. This could result in denying + service on the attacked server and potentially executing arbitrary code + with the rights of the web server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11" +

+ All mod_php users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11" +

+ All php-cgi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11" + + + PHP 4.3.11 Release Announcement + CAN-2005-0524 + CAN-2005-0525 + CAN-2005-1042 + CAN-2005-1043 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-16.xml new file mode 100644 index 0000000000..14ce82f7d6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-16.xml @@ -0,0 +1,66 @@ + + + + + CVS: Multiple vulnerabilities + + Several serious vulnerabilities have been found in CVS, which may allow an + attacker to remotely compromise a CVS server or cause a DoS. + + CVS + April 18, 2005 + April 22, 2005: 03 + 86476 + 89579 + remote + + + 1.11.20 + 1.11.20 + + + +

+ CVS (Concurrent Versions System) is an open-source network-transparent + version control system. It contains both a client utility and a server. +

+ + +

+ Alen Zukich has discovered several serious security issues in CVS, + including at least one buffer overflow (CAN-2005-0753), memory leaks + and a NULL pointer dereferencing error. Furthermore when launching + trigger scripts CVS includes a user controlled directory. +

+ + +

+ An attacker could exploit these vulnerabilities to cause a Denial of + Service or execute arbitrary code with the permissions of the CVS + pserver or the authenticated user (depending on the connection method + used). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CVS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.20" + + + CAN-2005-0753 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-17.xml new file mode 100644 index 0000000000..51225907dc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-17.xml @@ -0,0 +1,67 @@ + + + + + XV: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in XV, potentially resulting + in the execution of arbitrary code. + + xv + April 19, 2005 + April 19, 2005: 01 + 88742 + remote + + + 3.10a-r11 + 3.10a-r11 + + + +

+ XV is an interactive image manipulation program for the X Window + System. +

+ + +

+ Greg Roelofs has reported multiple input validation errors in XV + image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team + has reported insufficient validation in the PDS (Planetary Data System) + image decoder, format string vulnerabilities in the TIFF and PDS + decoders, and insufficient protection from shell meta-characters in + malformed filenames. +

+ + +

+ Successful exploitation would require a victim to view a specially + created image file using XV, potentially resulting in the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All XV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11" + + + + koon + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-18.xml new file mode 100644 index 0000000000..536c1bcca1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-18.xml @@ -0,0 +1,135 @@ + + + + + Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities + + New Mozilla Firefox and Mozilla Suite releases fix new security + vulnerabilities, including memory disclosure and various ways of executing + JavaScript code with elevated privileges. + + Mozilla + April 19, 2005 + May 22, 2006: 02 + 89303 + 89305 + remote + + + 1.0.3 + 1.0.3 + + + 1.0.3 + 1.0.3 + + + 1.7.7 + 1.7.7 + + + 1.7.7 + 1.7.7 + + + +

+ The Mozilla Suite is a popular all-in-one web browser that includes a + mail and news reader. Mozilla Firefox is the next-generation browser + from the Mozilla project. +

+ + +

+ The following vulnerabilities were found and fixed in the Mozilla Suite + and Mozilla Firefox: +

+
    +
  • Vladimir V. Perepelitsa reported a memory disclosure bug in + JavaScript's regular expression string replacement when using an + anonymous function as the replacement argument (CAN-2005-0989).
    • +
  • moz_bug_r_a4 discovered that Chrome UI code was overly trusting DOM + nodes from the content window, allowing privilege escalation via DOM + property overrides.
    • +
  • Michael Krax reported a possibility to run JavaScript code with + elevated privileges through the use of javascript: favicons.
    • +
  • Michael Krax also discovered that malicious Search plugins could + run JavaScript in the context of the displayed page or stealthily + replace existing search plugins.
    • +
  • shutdown discovered a technique to pollute the global scope of a + window in a way that persists from page to page.
    • +
  • Doron Rosenberg discovered a possibility to run JavaScript with + elevated privileges when the user asks to "Show" a blocked popup that + contains a JavaScript URL.
    • +
  • Finally, Georgi Guninski reported missing Install object instance + checks in the native implementations of XPInstall-related JavaScript + objects.
    • +
+

+ The following Firefox-specific vulnerabilities have also been + discovered: +

+
    +
  • Kohei Yoshino discovered a new way to abuse the sidebar panel to + execute JavaScript with elevated privileges.
    • +
  • Omar Khan reported that the Plugin Finder Service can be tricked to + open javascript: URLs with elevated privileges.
    • +
+ + +

+ The various JavaScript execution with elevated privileges issues can be + exploited by a remote attacker to install malicious code or steal data. + The memory disclosure issue can be used to reveal potentially sensitive + information. Finally, the cache pollution issue and search plugin abuse + can be leveraged in cross-site-scripting attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.3" +

+ All Mozilla Suite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7" +

+ All Mozilla Suite binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7" + + + Mozilla Security Advisories + CAN-2005-0989 + CVE-2005-1153 + CVE-2005-1154 + CVE-2005-1155 + CVE-2005-1156 + CVE-2005-1159 + CVE-2005-1160 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-19.xml new file mode 100644 index 0000000000..db4e981913 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-19.xml @@ -0,0 +1,68 @@ + + + + + MPlayer: Two heap overflow vulnerabilities + + Two vulnerabilities have been found in MPlayer which could lead to the + remote execution of arbitrary code. + + MPlayer + April 20, 2005 + May 22, 2006: 02 + 89277 + remote + + + 1.0_pre6-r4 + 1.0_pre6-r4 + + + +

+ MPlayer is a media player capable of handling multiple multimedia file + formats. +

+ + +

+ Heap overflows have been found in the code handling RealMedia RTSP and + Microsoft Media Services streams over TCP (MMST). +

+ + +

+ By setting up a malicious server and enticing a user to use its + streaming data, a remote attacker could possibly execute arbitrary code + on the client computer with the permissions of the user running + MPlayer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre6-r4" + + + MPlayer News: Real RTSP heap overflow + MPlayer News: MMST heap overflow + CVE-2005-1195 + + + koon + + + vorlon078 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-20.xml new file mode 100644 index 0000000000..3573e29127 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-20.xml @@ -0,0 +1,66 @@ + + + + + openMosixview: Insecure temporary file creation + + openMosixview and the openMosixcollector daemon are vulnerable to symlink + attacks, potentially allowing a local user to overwrite arbitrary files. + + openMosixview + April 21, 2005 + April 21, 2005: 01 + 86686 + local + + + 1.5-r1 + 1.5-r1 + + + +

+ The openMosixview package contains several tools used to manage + openMosix clusters, including openMosixview (the main monitoring and + administration application) and openMosixcollector (a daemon collecting + cluster and node information). +

+ + +

+ Gangstuck and Psirac from Rexotec discovered that openMosixview + insecurely creates several temporary files with predictable filenames. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When openMosixView or the openMosixcollector daemon runs, this would + result in the file being overwritten with the rights of the user + running the utility, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All openMosixview users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/openmosixview-1.5-r1" + + + CAN-2005-0894 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-21.xml new file mode 100644 index 0000000000..742232a841 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-21.xml @@ -0,0 +1,77 @@ + + + + + RealPlayer, Helix Player: Buffer overflow vulnerability + + RealPlayer and Helix Player are vulnerable to a buffer overflow that could + lead to remote execution of arbitrary code. + + RealPlayer + April 22, 2005 + April 22, 2005: 01 + 89862 + remote + + + 10.0.4 + 10.0.4 + + + 1.0.4 + 1.0.4 + + + +

+ RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. Helix Player is the Open Source version of + RealPlayer. +

+ + +

+ Piotr Bania has discovered a buffer overflow vulnerability in + RealPlayer and Helix Player when processing malicious RAM files. +

+ + +

+ By enticing a user to play a specially crafted RAM file an + attacker could execute arbitrary code with the permissions of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RealPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.4" +

+ All Helix Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/helixplayer-1.0.4" + + + CAN-2005-0755 + RealNetworks Advisory + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-22.xml new file mode 100644 index 0000000000..79a10fbbc6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-22.xml @@ -0,0 +1,63 @@ + + + + + KDE kimgio: PCX handling buffer overflow + + KDE fails to properly validate input when handling PCX images, potentially + resulting in the execution of arbitrary code. + + KDE + April 22, 2005 + April 22, 2005: 01 + 88862 + remote + + + 3.2.3-r9 + 3.3.2-r8 + 3.3.2-r8 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. kimgio is the KDE image handler provided + by kdelibs. +

+ + +

+ kimgio fails to properly validate input when handling PCX files. +

+ + +

+ By enticing a user to load a specially-crafted PCX image in a KDE + application, an attacker could execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdelibs + + + CAN-2005-1046 + KDE Security Advisory: kimgio input validation errors + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-23.xml new file mode 100644 index 0000000000..179cb1626a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-23.xml @@ -0,0 +1,63 @@ + + + + + Kommander: Insecure remote script execution + + Kommander executes remote scripts without confirmation, potentially + resulting in the execution of arbitrary code. + + Kommander + April 22, 2005 + May 20, 2005: 02 + 89092 + remote + + + 3.3.2-r2 + 3.3.2-r2 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. Kommander is a visual dialog editor and + interpreter for KDE applications, part of the kdewebdev package. +

+ + +

+ Kommander executes data files from possibly untrusted locations without + user confirmation. +

+ + +

+ An attacker could exploit this to execute arbitrary code with the + permissions of the user running Kommander. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdewebdev users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2" + + + CAN-2005-0754 + KDE Security Advisory: Kommander untrusted code execution + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-24.xml new file mode 100644 index 0000000000..1eb0943a4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-24.xml @@ -0,0 +1,69 @@ + + + + + eGroupWare: XSS and SQL injection vulnerabilities + + eGroupWare is affected by several SQL injection and cross-site scripting + (XSS) vulnerabilities. + + eGroupWare + April 25, 2005 + May 22, 2006: 02 + 89517 + remote + + + 1.0.0.007 + 1.0.0.007 + + + +

+ eGroupWare is a suite of web-based group applications including + calendar, address book, messenger and email. +

+ + +

+ Multiple SQL injection and cross-site scripting vulnerabilities have + been found in several eGroupWare modules. +

+ + +

+ An attacker could possibly use the SQL injection vulnerabilities to gain + information from the database. Furthermore the cross-site scripting + issues give an attacker the ability to inject and execute malicious + script code or to steal cookie based authentication credentials, + potentially compromising the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All eGroupWare users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.0.0.007" + + + GulfTech Security Research Advisory + CVE-2005-1202 + CVE-2005-1203 + + + jaervosz + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-25.xml new file mode 100644 index 0000000000..5fe87837a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-25.xml @@ -0,0 +1,68 @@ + + + + + Rootkit Hunter: Insecure temporary file creation + + Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a + local user to overwrite arbitrary files. + + rkhunter + April 26, 2005 + April 26, 2005: 01 + 90007 + local + + + 1.2.3-r1 + 1.2.3-r1 + + + +

+ Rootkit Hunter is a scanning tool to detect rootkits, backdoors + and local exploits on a local machine. Rootkit Hunter uses downloaded + data files to check file integrity. These files are updated via the + check_update.sh script. +

+ + +

+ Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux + Security Team have reported that the check_update.sh script and the + main rkhunter script insecurely creates several temporary files with + predictable filenames. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When rkhunter or the check_update.sh script runs, this would result in + the file being overwritten with the rights of the user running the + utility, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Rootkit Hunter users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.2.3-r1" + + + CAN-2005-1270 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-26.xml new file mode 100644 index 0000000000..68327d5758 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-26.xml @@ -0,0 +1,66 @@ + + + + + Convert-UUlib: Buffer overflow + + A buffer overflow has been reported in Convert-UUlib, potentially resulting + in the execution of arbitrary code. + + Convert-UUlib + April 26, 2005 + May 22, 2006: 02 + 89501 + remote + + + 1.051 + 1.051 + + + +

+ Convert-UUlib provides a Perl interface to the uulib library, allowing + Perl applications to access data encoded in a variety of formats. +

+ + +

+ A vulnerability has been reported in Convert-UUlib where a malformed + parameter can be provided by an attacker allowing a read operation to + overflow a buffer. The vendor credits Mark Martinec and Robert Lewis + with the discovery. +

+ + +

+ Successful exploitation would permit an attacker to run arbitrary code + with the privileges of the user running the Perl application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Convert-UUlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/Convert-UUlib-1.051" + + + CVE-2005-1349 + + + koon + + + koon + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-27.xml new file mode 100644 index 0000000000..d5edd70ade --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-27.xml @@ -0,0 +1,64 @@ + + + + + xine-lib: Two heap overflow vulnerabilities + + Two vulnerabilities have been found in xine-lib which could lead to the + remote execution of arbitrary code. + + xine-lib + April 26, 2005 + April 26, 2005: 01 + 89976 + remote + + + 1.0-r2 + 1_rc6-r2 + 1.0-r2 + + + +

+ xine-lib is a multimedia library which can be utilized to create + multimedia frontends. +

+ + +

+ Heap overflows have been found in the code handling RealMedia RTSP + and Microsoft Media Services streams over TCP (MMST). +

+ + +

+ By setting up a malicious server and enticing a user to use its + streaming data, a remote attacker could possibly execute arbitrary code + on the client computer with the permissions of the user running any + multimedia frontend making use of the xine-lib library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose media-libs/xine-lib + + + Xine Advisory XSA-2004-8 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-28.xml new file mode 100644 index 0000000000..5612743e95 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-28.xml @@ -0,0 +1,68 @@ + + + + + Heimdal: Buffer overflow vulnerabilities + + Buffer overflow vulnerabilities have been found in the telnet client in + Heimdal which could lead to execution of arbitrary code. + + Heimdal + April 28, 2005 + April 28, 2005: 01 + 89861 + remote + + + 0.6.4 + 0.6.4 + + + +

+ Heimdal is a free implementation of Kerberos 5 that includes a + telnet client program. +

+ + +

+ Buffer overflow vulnerabilities in the slc_add_reply() and + env_opt_add() functions have been discovered by Gael Delalleau in the + telnet client in Heimdal. +

+ + +

+ Successful exploitation would require a vulnerable user to connect + to an attacker-controlled host using the telnet client, potentially + executing arbitrary code with the permissions of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Heimdal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.4" + + + CAN-2005-0468 + CAN-2005-0469 + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-29.xml new file mode 100644 index 0000000000..37d82560ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-29.xml @@ -0,0 +1,66 @@ + + + + + Pound: Buffer overflow vulnerability + + Pound is vulnerable to a buffer overflow that could lead to the remote + execution of arbitrary code. + + Pound + April 30, 2005 + May 22, 2006: 02 + 90851 + remote + + + 1.8.3 + 1.8.3 + + + +

+ Pound is a reverse proxy, load balancer and HTTPS front-end. +

+ + +

+ Steven Van Acker has discovered a buffer overflow vulnerability in the + "add_port()" function in Pound. +

+ + +

+ A remote attacker could send a request for an overly long hostname + parameter, which could lead to the remote execution of arbitrary code + with the rights of the Pound daemon process (by default, Gentoo uses + the "nobody" user to run the Pound daemon). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pound users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/pound-1.8.3" + + + Original announcement + CVE-2005-1391 + + + koon + + + formula7 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-30.xml new file mode 100644 index 0000000000..808ef3dac6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200504-30.xml @@ -0,0 +1,73 @@ + + + + + phpMyAdmin: Insecure SQL script installation + + phpMyAdmin leaves the SQL install script with insecure permissions, + potentially leading to a database compromise. + + phpmyadmin + April 30, 2005 + May 22, 2006: 02 + 88831 + local + + + 2.6.2-r1 + 2.6.2-r1 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. phpMyAdmin uses a + pma MySQL user to control the linked-tables infrastructure. The SQL + install script sets the initial password for the pma user. +

+ + +

+ The phpMyAdmin installation process leaves the SQL install script with + insecure permissions. +

+ + +

+ A local attacker could exploit this vulnerability to obtain the initial + phpMyAdmin password and from there obtain information about databases + accessible by phpMyAdmin. +

+ + +

+ Change the password for the phpMyAdmin MySQL user (pma): +

+ + mysql -u root -p + SET PASSWORD FOR 'pma'@'localhost' = PASSWORD('MyNewPassword'); +

+ Update your phpMyAdmin config.inc.php: +

+ + $cfg['Servers'][$i]['controlpass'] = 'MyNewPassword'; + + +

+ All phpMyAdmin users should change password for the pma user as + described above and upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2-r1" + + + CVE-2005-1392 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-01.xml new file mode 100644 index 0000000000..a801e6bf5e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-01.xml @@ -0,0 +1,165 @@ + + + + + Horde Framework: Multiple XSS vulnerabilities + + Various modules of the Horde Framework are vulnerable to multiple + cross-site scripting (XSS) vulnerabilities. + + Horde + May 01, 2005 + May 01, 2005: 01 + 90365 + remote + + + 2.2.2 + 2.2.2 + + + 1.2.5 + 1.2.5 + + + 2.2.2 + 2.2.2 + + + 1.1.3 + 1.1.3 + + + 1.1.4 + 1.1.4 + + + 1.1.4 + 1.1.4 + + + 3.2.8 + 3.2.8 + + + 2.1.2 + 2.1.2 + + + 2.2.2 + 2.2.2 + + + 1.2.3 + 1.2.3 + + + 2.2.8 + 2.2.8 + + + +

+ The Horde Framework is a PHP based framework for building web + applications. It provides many modules including calendar, address + book, CVS viewer and Internet Messaging Program. +

+ + +

+ Cross-site scripting vulnerabilities have been discovered in + various modules of the Horde Framework. +

+ + +

+ These vulnerabilities could be exploited by an attacker to execute + arbitrary HTML and script code in context of the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Horde users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.8" +

+ All Horde Vacation users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-vacation-2.2.2" +

+ All Horde Turba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-turba-1.2.5" +

+ All Horde Passwd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-passwd-2.2.2" +

+ All Horde Nag users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-nag-1.1.3" +

+ All Horde Mnemo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-1.1.4" +

+ All Horde Kronolith users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-1.1.4" +

+ All Horde IMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-3.2.8" +

+ All Horde Accounts users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-accounts-2.1.2" +

+ All Horde Forwards users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-forwards-2.2.2" +

+ All Horde Chora users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-chora-1.2.3" + + + Horde Announcement + + + koon + + + koon + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-02.xml new file mode 100644 index 0000000000..4bf8fac430 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-02.xml @@ -0,0 +1,66 @@ + + + + + Oops!: Remote code execution + + The Oops! proxy server contains a remotely exploitable format string + vulnerability, which could potentially lead to the execution of arbitrary + code. + + oops + May 05, 2005 + May 05, 2005: 02 + 91303 + remote + + + 1.5.24_pre20050503 + 1.5.24_pre20050503 + + + +

+ Oops! is an advanced, multithreaded caching web proxy. +

+ + +

+ A format string flaw has been detected in the my_xlog() function of the + Oops! proxy, which is called by the passwd_mysql and passwd_pgsql + module's auth() functions. +

+ + +

+ A remote attacker could send a specially crafted HTTP request to the + Oops! proxy, potentially triggering this vulnerability and leading to + the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Oops! users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/oops-1.5.24_pre20050503" + + + CAN-2005-1121 + + + jaervosz + + + jaervosz + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-03.xml new file mode 100644 index 0000000000..5dd7699724 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-03.xml @@ -0,0 +1,101 @@ + + + + + Ethereal: Numerous vulnerabilities + + Ethereal is vulnerable to numerous vulnerabilities potentially resulting in + the execution of arbitrary code or abnormal termination. + + Ethereal + May 06, 2005 + May 06, 2005: 01 + 90539 + remote + + + 0.10.11 + 0.10.11 + + + +

+ Ethereal is a feature rich network protocol analyzer. +

+ + +

+ There are numerous vulnerabilities in versions of Ethereal prior + to 0.10.11, including: +

+
    +
  • The ANSI A and DHCP dissectors are + vulnerable to format string vulnerabilities.
    • +
  • The DISTCC, + FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX + Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP and Presentation + dissectors are vulnerable to buffer overflows.
    • +
  • The KINK, WSP, + SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB NETLOGON dissectors + are vulnerable to pointer handling errors.
    • +
  • The LMP, KINK, + MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and L2TP dissectors are + vulnerable to looping problems.
    • +
  • The Telnet and DHCP dissectors + could abort.
    • +
  • The TZSP, Bittorrent, SMB, MGCP and ISUP + dissectors could cause a segmentation fault.
    • +
  • The WSP, 802.3 + Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2, RADIUS, SMB PIPE, + MRDISC and TCAP dissectors could throw assertions.
    • +
  • The DICOM, + NDPS and ICEP dissectors are vulnerable to memory handling errors.
    • +
  • The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP + dissectors could terminate abnormallly.
    • +
+ + +

+ An attacker might be able to use these vulnerabilities to crash + Ethereal and execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.11" + + + Ethereal enpa-sa-00019 + CAN-2005-1456 + CAN-2005-1457 + CAN-2005-1458 + CAN-2005-1459 + CAN-2005-1460 + CAN-2005-1461 + CAN-2005-1462 + CAN-2005-1463 + CAN-2005-1464 + CAN-2005-1465 + CAN-2005-1466 + CAN-2005-1467 + CAN-2005-1468 + CAN-2005-1469 + CAN-2005-1470 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-04.xml new file mode 100644 index 0000000000..19056a1bbd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-04.xml @@ -0,0 +1,81 @@ + + + + + GnuTLS: Denial of Service vulnerability + + The GnuTLS library is vulnerable to Denial of Service attacks. + + GnuTLS + May 09, 2005 + May 09, 2005: 01 + 90726 + remote + + + 1.2.3 + 1.0.25 + 1.2.3 + + + +

+ GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU + project. +

+ + +

+ A vulnerability has been discovered in the record packet parsing + in the GnuTLS library. Additionally, a flaw was also found in the RSA + key export functionality. +

+ + +

+ A remote attacker could exploit this vulnerability and cause a + Denial of Service to any application that utilizes the GnuTLS library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuTLS users should remove the existing installation and + upgrade to the latest version: +

+ + # emerge --sync + # emerge --unmerge gnutls + # emerge --ask --oneshot --verbose net-libs/gnutls +

+ Due to small API changes with the previous version, please do + the following to ensure your applications are using the latest GnuTLS + that you just emerged. +

+ + # revdep-rebuild --soname-regexp libgnutls.so.1[0-1] +

+ Previously exported RSA keys can be fixed by executing the + following command on the key files: +

+ + # certtool -k infile outfile + + + GnuTLS Announcement + CAN-2005-1431 + + + koon + + + koon + + + lewk + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-05.xml new file mode 100644 index 0000000000..097a411087 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-05.xml @@ -0,0 +1,68 @@ + + + + + gzip: Multiple vulnerabilities + + gzip contains multiple vulnerabilities potentially allowing an attacker to + execute arbitrary commands. + + gzip + May 09, 2005 + May 09, 2005: 01 + 89946 + 90626 + local + + + 1.3.5-r6 + 1.3.5-r6 + + + +

+ gzip (GNU zip) is a popular compression program. The included + zgrep utility allows you to grep gzipped files in place. +

+ + +

+ The gzip and gunzip programs are vulnerable to a race condition + when setting file permissions (CAN-2005-0988), as well as improper + handling of filename restoration (CAN-2005-1228). The zgrep utility + improperly sanitizes arguments, which may come from an untrusted source + (CAN-2005-0758). +

+ + +

+ These vulnerabilities could allow arbitrary command execution, + changing the permissions of arbitrary files, and installation of files + to an aribitrary location in the filesystem. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gzip users should upgrade to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6" + + + CAN-2005-0758 + CAN-2005-0988 + CAN-2005-1228 + + + r2d2 + + + r2d2 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-06.xml new file mode 100644 index 0000000000..9fa4462da5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-06.xml @@ -0,0 +1,70 @@ + + + + + TCPDump: Decoding routines Denial of Service vulnerability + + A flaw in the decoding of network packets renders TCPDump vulnerable to a + remote Denial of Service attack. + + tcpdump + May 09, 2005 + June 12, 2005: 02 + 90541 + 95349 + remote + + + 3.8.3-r3 + 3.8.3-r3 + + + +

+ TCPDump is a tool for network monitoring and data acquisition. +

+ + +

+ TCPDump improperly handles and decodes ISIS (CAN-2005-1278), BGP + (CAN-2005-1267, CAN-2005-1279), LDP (CAN-2005-1279) and RSVP + (CAN-2005-1280) packets. TCPDump might loop endlessly after receiving + malformed packets. +

+ + +

+ A malicious remote attacker can exploit the decoding issues for a + Denial of Service attack by sending specially crafted packets, possibly + causing TCPDump to loop endlessly. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TCPDump users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r3" + + + CAN-2005-1267 + CAN-2005-1278 + CAN-2005-1279 + CAN-2005-1280 + + + jaervosz + + + DerCorny + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-07.xml new file mode 100644 index 0000000000..2d5b9be1c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-07.xml @@ -0,0 +1,63 @@ + + + + + libTIFF: Buffer overflow + + The libTIFF library is vulnerable to a buffer overflow, potentially + resulting in the execution of arbitrary code. + + tiff + May 10, 2005 + May 22, 2006: 02 + 91584 + remote + + + 3.7.2 + 3.7.2 + + + +

+ libTIFF provides support for reading and manipulating TIFF (Tag Image + File Format) images. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + stack based buffer overflow in the libTIFF library when reading a TIFF + image with a malformed BitsPerSample tag. +

+ + +

+ Successful exploitation would require the victim to open a specially + crafted TIFF image, resulting in the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libTIFF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2" + + + LIBTIFF BUG#863 + CVE-2005-1544 + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-08.xml new file mode 100644 index 0000000000..019696bf23 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-08.xml @@ -0,0 +1,68 @@ + + + + + HT Editor: Multiple buffer overflows + + Two vulnerabilities have been discovered in HT Editor, potentially leading + to the execution of arbitrary code. + + hteditor + May 10, 2005 + May 22, 2006: 02 + 91569 + remote + + + 0.8.0-r2 + 0.8.0-r2 + + + +

+ HT is a hex editor, designed to help analyse and modify executable + files. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Team discovered an integer + overflow in the ELF parser, leading to a heap-based buffer overflow. + The vendor has reported that an unrelated buffer overflow has been + discovered in the PE parser. +

+ + +

+ Successful exploitation would require the victim to open a specially + crafted file using HT, potentially permitting an attacker to execute + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All hteditor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2" + + + CVE-2005-1545 + CVE-2005-1546 + + + jaervosz + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-09.xml new file mode 100644 index 0000000000..7ad2973371 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-09.xml @@ -0,0 +1,69 @@ + + + + + Gaim: Denial of Service and buffer overflow vulnerabilties + + Gaim contains two vulnerabilities, potentially resulting in the execution + of arbitrary code or Denial of Service. + + gaim + May 12, 2005 + May 12, 2005: 01 + 91862 + remote + + + 1.3.0 + 1.3.0 + + + +

+ Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +

+ + +

+ Stu Tomlinson discovered that Gaim is vulnerable to a remote stack + based buffer overflow when receiving messages in certain protocols, + like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe + Tolsma discovered that Gaim is also vulnerable to a remote Denial of + Service attack when receiving a specially crafted MSN message + (CAN-2005-1262). +

+ + +

+ A remote attacker could cause a buffer overflow by sending an + instant message with a very long URL, potentially leading to the + execution of malicious code. By sending a SLP message with an empty + body, a remote attacker could cause a Denial of Service or crash of the + Gaim client. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Gaim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0" + + + CAN-2005-1261 + CAN-2005-1262 + + + DerCorny + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-10.xml new file mode 100644 index 0000000000..8496d94a23 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-10.xml @@ -0,0 +1,67 @@ + + + + + phpBB: Cross-Site Scripting Vulnerability + + phpBB is vulnerable to a cross-site scripting attack that could allow + arbitrary scripting code execution. + + phpBB + May 14, 2005 + May 14, 2005: 01 + 90213 + remote + + + 2.0.15 + 2.0.15 + + + +

+ phpBB is an Open Source bulletin board package. +

+ + +

+ phpBB is vulnerable to a cross-site scripting vulnerability due to + improper sanitization of user supplied input. Coupled with poor + validation of BBCode URLs which may be included in a forum post, an + unsuspecting user may follow a posted link triggering the + vulnerability. +

+ + +

+ Successful exploitation of the vulnerability could cause arbitrary + scripting code to be executed in the browser of a user. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All phpBB users should upgrade to the latest version: +

+ + emerge --sync + emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.15" + + + BugTraq ID 13344 + SecurityTracker ID 1013918 + + + koon + + + koon + + + r2d2 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-11.xml new file mode 100644 index 0000000000..6824b7fd6c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-11.xml @@ -0,0 +1,116 @@ + + + + + Mozilla Suite, Mozilla Firefox: Remote compromise + + Several vulnerabilities in the Mozilla Suite and Firefox allow an attacker + to conduct cross-site scripting attacks or to execute arbitrary code. + + mozilla + May 15, 2005 + May 15, 2005: 01 + 91859 + 92393 + 92394 + remote + + + 1.0.4 + 1.0.4 + + + 1.0.4 + 1.0.4 + + + 1.7.8 + 1.7.8 + + + 1.7.8 + 1.7.8 + + + +

+ The Mozilla Suite is a popular all-in-one web browser that + includes a mail and news reader. Mozilla Firefox is the next-generation + browser from the Mozilla project. +

+ + +

+ The Mozilla Suite and Firefox do not properly protect "IFRAME" + JavaScript URLs from being executed in context of another URL in the + history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail + to verify the "IconURL" parameter of the "InstallTrigger.install()" + function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered + that it is possible to bypass JavaScript-injection security checks by + wrapping the javascript: URL within the view-source: or jar: + pseudo-protocols (MFSA2005-43). +

+ + +

+ A malicious remote attacker could use the "IFRAME" issue to + execute arbitrary JavaScript code within the context of another + website, allowing to steal cookies or other sensitive data. By + supplying a javascript: URL as the "IconURL" parameter of the + "InstallTrigger.Install()" function, a remote attacker could also + execute arbitrary JavaScript code. Combining both vulnerabilities with + a website which is allowed to install software or wrapping javascript: + URLs within the view-source: or jar: pseudo-protocols could possibly + lead to the execution of arbitrary code with user privileges. +

+ + +

+ Affected systems can be protected by disabling JavaScript. + However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade + to the latest available version. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.4" +

+ All Mozilla Firefox binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.4" +

+ All Mozilla Suite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.8" +

+ All Mozilla Suite binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.8" + + + CAN-2005-1476 + CAN-2005-1477 + Mozilla Foundation Security Advisory 2005-43 + + + jaervosz + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-12.xml new file mode 100644 index 0000000000..57b3e95210 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-12.xml @@ -0,0 +1,78 @@ + + + + + PostgreSQL: Multiple vulnerabilities + + PostgreSQL is vulnerable to Denial of Service attacks and possibly allows + unprivileged users to gain administrator rights. + + postgresql + May 15, 2005 + June 26, 2007: 04 + 91231 + remote + + + 7.3* + 7.4* + 8.0.1-r3 + 8.0.2-r1 + 7.3.10 + 7.4.7-r2 + 8.0.2-r1 + + + +

+ PostgreSQL is a SQL compliant, open source object-relational database + management system. +

+ + +

+ PostgreSQL gives public EXECUTE access to a number of character + conversion routines, but doesn't validate the given arguments + (CAN-2005-1409). It has also been reported that the contrib/tsearch2 + module of PostgreSQL misdeclares the return value of some functions as + "internal" (CAN-2005-1410). +

+ + +

+ An attacker could call the character conversion routines with specially + setup arguments to crash the backend process of PostgreSQL or to + potentially gain administrator rights. A malicious user could also call + the misdeclared functions of the contrib/tsearch2 module, resulting in + a Denial of Service or other, yet uninvestigated, impacts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PostgreSQL users should update to the latest available version and + follow the guide at http://www.postgresql.o + rg/about/news.315 +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose dev-db/postgresql + + + CAN-2005-1409 + CAN-2005-1410 + PostgreSQL Announcement + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-13.xml new file mode 100644 index 0000000000..7c630928e1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-13.xml @@ -0,0 +1,72 @@ + + + + + FreeRADIUS: SQL injection and Denial of Service vulnerability + + The FreeRADIUS server is vulnerable to an SQL injection attack and a buffer + overflow, possibly resulting in disclosure and modification of data and + Denial of Service. + + freeradius + May 17, 2005 + May 22, 2006: 03 + 91736 + remote + + + 1.0.2-r4 + 1.0.2-r4 + + + +

+ FreeRADIUS is an open source RADIUS authentication server + implementation. +

+ + +

+ Primoz Bratanic discovered that the sql_escape_func function of + FreeRADIUS may be vulnerable to a buffer overflow (BID 13541). He also + discovered that FreeRADIUS fails to sanitize user-input before using it + in a SQL query, possibly allowing SQL command injection (BID 13540). +

+ + +

+ By supplying carefully crafted input, a malicious user could cause an + SQL injection or a buffer overflow, possibly leading to the disclosure + and the modification of sensitive data or Denial of Service by crashing + the server. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All FreeRADIUS users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.0.2-r4" + + + BugTraq ID 13540 + BugTraq ID 13541 + CVE-2005-1454 + CVE-2005-1455 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-14.xml new file mode 100644 index 0000000000..36d0bf4453 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-14.xml @@ -0,0 +1,63 @@ + + + + + Cheetah: Untrusted module search path + + Cheetah contains a vulnerability in the module importing code that can + allow a local user to gain escalated privileges. + + Cheetah + May 19, 2005 + May 17, 2006: 02 + 92926 + local + + + 0.9.17_rc1 + 0.9.17_rc1 + + + +

+ Cheetah is a Python powered template engine and code generator. +

+ + +

+ Brian Bird discovered that Cheetah searches for modules in the + world-writable /tmp directory. +

+ + +

+ A malicious local user could place a module containing arbitrary code + in /tmp, which when imported would run with escalated privileges. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Cheetah users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/cheetah-0.9.17_rc1" + + + Secunia Advisory SA15386 + + + jaervosz + + + r2d2 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-15.xml new file mode 100644 index 0000000000..da2e894f01 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-15.xml @@ -0,0 +1,71 @@ + + + + + gdb: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in the GNU debugger, + potentially allowing the execution of arbitrary code. + + gdb + May 20, 2005 + May 22, 2006: 02 + 88398 + 91398 + 91654 + local + + + 6.3-r3 + 6.3-r3 + + + +

+ gdb is the GNU project's debugger, facilitating the analysis and + debugging of applications. The BFD library provides a uniform method of + accessing a variety of object file formats. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an + integer overflow in the BFD library, resulting in a heap overflow. A + review also showed that by default, gdb insecurely sources + initialisation files from the working directory. +

+ + +

+ Successful exploitation would result in the execution of arbitrary code + on loading a specially crafted object file or the execution of + arbitrary commands. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gdb users should upgrade to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/gdb-6.3-r3" + + + CVE-2005-1704 + CVE-2005-1705 + + + jaervosz + + + r2d2 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-16.xml new file mode 100644 index 0000000000..94ee3b47ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-16.xml @@ -0,0 +1,77 @@ + + + + + ImageMagick, GraphicsMagick: Denial of Service vulnerability + + ImageMagick and GraphicsMagick utilities can be abused to perform a Denial + of Service attack. + + ImageMagick + May 21, 2005 + May 22, 2006: 02 + 90423 + 90595 + remote + + + 6.2.2.3 + 6.2.2.3 + + + 1.1.6-r1 + 1.1.6-r1 + + + +

+ Both ImageMagick and GraphicsMagick are collection of tools to read, + write and manipulate images in many formats. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + Denial of Service vulnerability in the XWD decoder of ImageMagick and + GraphicsMagick when setting a color mask to zero. +

+ + +

+ A remote attacker could submit a specially crafted image to a user or + an automated system making use of an affected utility, resulting in a + Denial of Service by consumption of CPU time. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.2.3" +

+ All GraphicsMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.6-r1" + + + CVE-2005-1739 + + + jaervosz + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-17.xml new file mode 100644 index 0000000000..cc6b590895 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-17.xml @@ -0,0 +1,64 @@ + + + + + Qpopper: Multiple Vulnerabilities + + Qpopper contains two vulnerabilities allowing an attacker to overwrite + arbitrary files and create files with insecure permissions. + + qpopper + May 23, 2005 + May 23, 2005: 01 + 90622 + local + + + 4.0.5-r3 + 4.0.5-r3 + + + +

+ Qpopper is a widely used server for the POP3 protocol. +

+ + +

+ Jens Steube discovered that Qpopper doesn't drop privileges to + process local files from normal users (CAN-2005-1151). The upstream + developers discovered that Qpopper can be forced to create group or + world writeable files (CAN-2005-1152). +

+ + +

+ A malicious local attacker could exploit Qpopper to overwrite + arbitrary files as root or create new files which are group or world + writeable. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Qpopper users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/qpopper-4.0.5-r3" + + + CAN-2005-1151 + CAN-2005-1152 + + + DerCorny + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-18.xml new file mode 100644 index 0000000000..adb4d75abe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-18.xml @@ -0,0 +1,68 @@ + + + + + Net-SNMP: fixproc insecure temporary file creation + + Net-SNMP creates temporary files in an insecure manner, possibly allowing + the execution of arbitrary code. + + net-snmp + May 23, 2005 + May 22, 2006: 02 + 91792 + local + + + 5.2.1-r1 + 5.2.1-r1 + + + +

+ Net-SNMP is a suite of applications used to implement the Simple + Network Management Protocol. +

+ + +

+ The fixproc application of Net-SNMP creates temporary files with + predictable filenames. +

+ + +

+ A malicious local attacker could exploit a race condition to change the + content of the temporary files before they are executed by fixproc, + possibly leading to the execution of arbitrary code. A local attacker + could also create symbolic links in the temporary files directory, + pointing to a valid file somewhere on the filesystem. When fixproc is + executed, this would result in the file being overwritten. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Net-SNMP users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1-r1" + + + CVE-2005-1740 + + + vorlon078 + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-19.xml new file mode 100644 index 0000000000..6aae76c0f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-19.xml @@ -0,0 +1,64 @@ + + + + + gxine: Format string vulnerability + + A format string vulnerability in gxine could allow a remote attacker to + execute arbitrary code. + + gxine + May 26, 2005 + May 26, 2005: 01 + 93532 + remote + + + 0.3.3-r2 + 0.4.1-r1 + 0.4.4 + 0.4.4 + + + +

+ gxine is a GTK+ and xine-lib based media player. +

+ + +

+ Exworm discovered that gxine insecurely implements formatted + printing in the hostname decoding function. +

+ + +

+ A remote attacker could entice a user to open a carefully crafted + file with gxine, possibly leading to the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gxine users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose media-video/gxine + + + CAN-2005-1692 + Bugtraq ID 13707 + Original Advisory + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-20.xml new file mode 100644 index 0000000000..d02c849e4d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200505-20.xml @@ -0,0 +1,77 @@ + + + + + Mailutils: Multiple vulnerabilities in imap4d and mail + + The imap4d server and the mail utility from GNU Mailutils contain multiple + vulnerabilities, potentially allowing a remote attacker to execute + arbitrary code with root privileges. + + mailutils + May 27, 2005 + May 27, 2005: 01 + 94053 + remote + + + 0.6-r1 + 0.6-r1 + + + +

+ GNU Mailutils is a collection of mail-related utilities, including + an IMAP4 server (imap4d) and a Mail User Agent (mail). +

+ + +

+ infamous41d discovered several vulnerabilities in GNU Mailutils. + imap4d does not correctly implement formatted printing of command tags + (CAN-2005-1523), fails to validate the range sequence of the "FETCH" + command (CAN-2005-1522), and contains an integer overflow in the + "fetch_io" routine (CAN-2005-1521). mail contains a buffer overflow in + "header_get_field_name()" (CAN-2005-1520). +

+ + +

+ A remote attacker can exploit the format string and integer + overflow in imap4d to execute arbitrary code as the imap4d user, which + is usually root. By sending a specially crafted email message, a remote + attacker could exploit the buffer overflow in the "mail" utility to + execute arbitrary code with the rights of the user running mail. + Finally, a remote attacker can also trigger a Denial of Service by + sending a malicious FETCH command to an affected imap4d, causing + excessive resource consumption. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All GNU Mailutils users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r1" + + + CAN-2005-1520 + CAN-2005-1521 + CAN-2005-1522 + CAN-2005-1523 + iDEFENSE 05.25.05 advisories + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-01.xml new file mode 100644 index 0000000000..ad788bef86 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-01.xml @@ -0,0 +1,81 @@ + + + + + Binutils, elfutils: Buffer overflow + + Various utilities from the GNU Binutils and elfutils packages are + vulnerable to a heap based buffer overflow, potentially resulting in the + execution of arbitrary code. + + binutils + June 01, 2005 + May 22, 2006: 02 + 91398 + 91817 + remote + + + 0.108 + 0.108 + + + 2.14.90.0.8-r3 + 2.15.90.0.1.1-r5 + 2.15.90.0.3-r5 + 2.15.91.0.2-r2 + 2.15.92.0.2-r10 + 2.16-r1 + 2.16-r1 + + + +

+ The GNU Binutils are a collection of tools to create, modify and + analyse binary files. Many of the files use BFD, the Binary File + Descriptor library, to do low-level manipulation. Elfutils provides a + library and utilities to access, modify and analyse ELF objects. +

+ + +

+ Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team + discovered an integer overflow in the BFD library and elfutils, + resulting in a heap based buffer overflow. +

+ + +

+ Successful exploitation would require a user to access a specially + crafted binary file, resulting in the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU Binutils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose sys-devel/binutils +

+ All elfutils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.108" + + + CVE-2005-1704 + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-02.xml new file mode 100644 index 0000000000..0d85c6d056 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-02.xml @@ -0,0 +1,65 @@ + + + + + Mailutils: SQL Injection + + GNU Mailutils is vulnerable to SQL command injection attacks. + + mailutils + June 06, 2005 + June 06, 2005: 01 + 94824 + remote + + + 0.6-r1 + 0.6-r1 + + + +

+ GNU Mailutils is a collection of mail-related utilities. +

+ + +

+ When GNU Mailutils is built with the "mysql" or "postgres" USE + flag, the sql_escape_string function of the authentication module fails + to properly escape the "\" character, rendering it vulnerable to a SQL + command injection. +

+ + +

+ A malicious remote user could exploit this vulnerability to inject + SQL commands to the underlying database. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU Mailutils users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r1" + + + CAN-2005-1824 + + + jaervosz + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-03.xml new file mode 100644 index 0000000000..36a4e8e452 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-03.xml @@ -0,0 +1,63 @@ + + + + + Dzip: Directory traversal vulnerability + + Dzip is vulnerable to a directory traversal attack. + + dzip + June 06, 2005 + May 22, 2006: 02 + 93079 + remote + + + 2.9-r1 + 2.9-r1 + + + +

+ Dzip is a compressor and uncompressor especially made for demo + recordings of id's Quake. +

+ + +

+ Dzip is vulnerable to a directory traversal attack when extracting + archives. +

+ + +

+ An attacker could exploit this vulnerability by creating a specially + crafted archive to extract files to arbitrary locations. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dzip users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-utils/dzip-2.9-r1" + + + CVE-2005-1874 + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-04.xml new file mode 100644 index 0000000000..afa084d9e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-04.xml @@ -0,0 +1,69 @@ + + + + + Wordpress: Multiple vulnerabilities + + Wordpress contains SQL injection and XSS vulnerabilities. + + Wordpress + June 06, 2005 + May 22, 2006: 02 + 88926 + 94512 + remote + + + 1.5.1.2 + 1.5.1.2 + + + +

+ WordPress is a PHP and MySQL based content management and publishing + system. +

+ + +

+ Due to a lack of input validation, WordPress is vulnerable to SQL + injection and XSS attacks. +

+ + +

+ An attacker could use the SQL injection vulnerabilities to gain + information from the database. Furthermore the cross-site scripting + issues give an attacker the ability to inject and execute malicious + script code or to steal cookie-based authentication credentials, + potentially compromising the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wordpress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.2" + + + CVE-2005-1102 + CVE-2005-1687 + CVE-2005-1810 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-05.xml new file mode 100644 index 0000000000..9e88bb7f8b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-05.xml @@ -0,0 +1,65 @@ + + + + + SilverCity: Insecure file permissions + + Executable files with insecure permissions can be modified causing an + unsuspecting user to run arbitrary code. + + silvercity + June 08, 2005 + May 22, 2006: 02 + 93558 + local + + + 0.9.5-r1 + 0.9.5-r1 + + + +

+ SilverCity provides lexical analysis for over 20 programming and markup + languages. +

+ + +

+ The SilverCity package installs three executable files with insecure + permissions. +

+ + +

+ A local attacker could modify the executable files, causing arbitrary + code to be executed with the permissions of an unsuspecting SilverCity + user. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All SilverCity users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/silvercity-0.9.5-r1" + + + CVE-2005-1941 + + + koon + + + koon + + + r2d2 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-06.xml new file mode 100644 index 0000000000..cf23d455b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-06.xml @@ -0,0 +1,70 @@ + + + + + libextractor: Multiple overflow vulnerabilities + + libextractor is affected by several overflow vulnerabilities in the PDF, + Real and PNG extractors, making it vulnerable to execution of arbitrary + code. + + libextractor + June 09, 2005 + June 09, 2005: 01 + 79704 + remote + + + 0.5.0 + 0.5.0 + + + +

+ libextractor is a library used to extract meta-data from files. It + makes use of Xpdf code to extract information from PDF files. +

+ + +

+ Xpdf is vulnerable to multiple overflows, as described in GLSA + 200501-28. Also, integer overflows were discovered in Real and PNG + extractors. +

+ + +

+ An attacker could design malicious PDF, PNG or Real files which, + when processed by an application making use of libextractor, would + result in the execution of arbitrary code with the rights of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libextractor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.0" + + + CAN-2005-0064 + GLSA 200501-28 + libextractor security announcement + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-07.xml new file mode 100644 index 0000000000..b74ef01de5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-07.xml @@ -0,0 +1,65 @@ + + + + + Ettercap: Format string vulnerability + + A format string vulnerability in Ettercap could allow a remote attacker to + execute arbitrary code. + + ettercap + June 11, 2005 + June 11, 2005: 01 + 94474 + remote + + + 0.7.3 + 0.7.3 + + + +

+ Ettercap is a suite of tools for content filtering, sniffing and + man in the middle attacks on a LAN. +

+ + +

+ The curses_msg function of Ettercap's Ncurses-based user interface + insecurely implements formatted printing. +

+ + +

+ A remote attacker could craft a malicious network flow that would + result in executing arbitrary code with the rights of the user running + the Ettercap tool, which is often root. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ettercap users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.3" + + + CAN-2005-1796 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-08.xml new file mode 100644 index 0000000000..4bb6a65489 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-08.xml @@ -0,0 +1,81 @@ + + + + + GNU shtool, ocaml-mysql: Insecure temporary file creation + + GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially + allowing a local user to overwrite arbitrary files. + + GNU shtool + June 11, 2005 + June 11, 2005: 01 + 93782 + 93784 + local + + + 2.0.1-r2 + 2.0.1-r2 + + + 1.0.3-r1 + 1.0.3-r1 + + + +

+ GNU shtool is a compilation of small shell scripts into a single + shell tool. The ocaml-mysql package includes the GNU shtool code. +

+ + +

+ Eric Romang has discovered that GNU shtool insecurely creates + temporary files with predictable filenames (CAN-2005-1751). On closer + inspection, Gentoo Security discovered that the shtool temporary file, + once created, was being reused insecurely (CAN-2005-1759). +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When a GNU shtool script is executed, this would result in the file + being overwritten with the rights of the user running the script, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU shtool users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/shtool-2.0.1-r2" +

+ All ocaml-mysql users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ml/ocaml-mysql-1.0.3-r1" + + + CAN-2005-1751 + CAN-2005-1759 + + + vorlon078 + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-09.xml new file mode 100644 index 0000000000..fd359ad1f8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-09.xml @@ -0,0 +1,65 @@ + + + + + gedit: Format string vulnerability + + gedit suffers from a format string vulnerability that could allow arbitrary + code execution. + + gedit + June 11, 2005 + May 22, 2006: 02 + 93352 + remote + + + 2.10.3 + 2.10.3 + + + +

+ gedit is the official text editor of the GNOME desktop environement. +

+ + +

+ A format string vulnerability exists when opening files with names + containing format specifiers. +

+ + +

+ A specially crafted file with format specifiers in the filename can + cause arbitrary code execution. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All gedit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.10.3" + + + BugTraq ID 13699 + gedit 10.3 Release Notes + CVE-2005-1686 + + + koon + + + r2d2 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-10.xml new file mode 100644 index 0000000000..f7910c4f03 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-10.xml @@ -0,0 +1,66 @@ + + + + + LutelWall: Insecure temporary file creation + + LutelWall is vulnerable to symlink attacks, potentially allowing a local + user to overwrite arbitrary files. + + LutelWall + June 11, 2005 + June 11, 2005: 01 + 95378 + local + + + 0.98 + 0.98 + + + +

+ LutelWall is a high-level Linux firewall configuration tool. +

+ + +

+ Eric Romang has discovered that the new_version_check() function + in LutelWall insecurely creates a temporary file when updating to a new + version. +

+ + +

+ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + the update script is executed (usually by the root user), this would + result in the file being overwritten with the rights of this user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LutelWall users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/lutelwall-0.98" + + + CAN-2005-1879 + + + vorlon078 + + + koon + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-11.xml new file mode 100644 index 0000000000..76f87c6779 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-11.xml @@ -0,0 +1,71 @@ + + + + + Gaim: Denial of Service vulnerabilities + + Gaim contains two remote Denial of Service vulnerabilities. + + gaim + June 12, 2005 + June 12, 2005: 01 + 95347 + remote + + + 1.3.1 + 1.3.1 + + + +

+ Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +

+ + +

+ Jacopo Ottaviani discovered a vulnerability in the Yahoo! file + transfer code when being offered files with names containing non-ASCII + characters (CAN-2005-1269). +

+

+ Hugo de Bokkenrijder discovered a + vulnerability when receiving malformed MSN messages (CAN-2005-1934). +

+ + +

+ Both vulnerabilities cause Gaim to crash, resulting in a Denial of + Service. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Gaim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.1" + + + Gaim Vulnerability: Remote Yahoo! crash + Gaim Vulnerability: MSN Remote DoS + CAN-2005-1269 + CAN-2005-1934 + + + koon + + + r2d2 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-12.xml new file mode 100644 index 0000000000..e26f0aa363 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-12.xml @@ -0,0 +1,67 @@ + + + + + MediaWiki: Cross-site scripting vulnerability + + MediaWiki is vulnerable to a cross-site scripting attack that could allow + arbitrary scripting code execution. + + mediawiki + June 13, 2005 + June 13, 2005: 01 + 95255 + remote + + + 1.4.5 + 1.3.13 + 1.4.5 + + + +

+ MediaWiki is a collaborative editing software, used by big + projects like Wikipedia. +

+ + +

+ MediaWiki incorrectly handles page template inclusions, rendering + it vulnerable to cross-site scripting attacks. +

+ + +

+ A remote attacker could exploit this vulnerability to inject + malicious script code that will be executed in a user's browser session + in the context of the vulnerable site. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MediaWiki users should upgrade to the latest available + versions: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose www-apps/mediawiki + + + MediaWiki 1.4.5 Release Notes + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-13.xml new file mode 100644 index 0000000000..9f50360e10 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-13.xml @@ -0,0 +1,69 @@ + + + + + webapp-config: Insecure temporary file handling + + The webapp-config utility insecurely creates temporary files in a world + writable directory, potentially allowing the execution of arbitrary + commands. + + webapp-config + June 17, 2005 + December 30, 2007: 03 + 91785 + local + + + 1.11 + 1.11 + + + +

+ webapp-config is a Gentoo Linux utility to help manage the installation + of web-based applications. +

+ + +

+ Eric Romang discovered webapp-config uses a predictable temporary + filename while processing certain options, resulting in a race + condition. +

+ + +

+ Successful exploitation of the race condition would allow an attacker + to disrupt the operation of webapp-config, or execute arbitrary shell + commands with the privileges of the user running webapp-config. A local + attacker could use a symlink attack to create or overwrite files with + the permissions of the user running webapp-config. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All webapp-config users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/webapp-config-1.11" + + + CVE-2005-1707 + + + jaervosz + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-14.xml new file mode 100644 index 0000000000..3557bde771 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-14.xml @@ -0,0 +1,103 @@ + + + + + Sun and Blackdown Java: Applet privilege escalation + + Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate + their privileges. + + sun-jdk sun-jre-bin blackdown-jre blackdown-jdk + June 19, 2005 + June 19, 2005: 01 + 96092 + 96229 + remote + + + 1.4.2.08 + 1.4.2.08 + + + 1.4.2.08 + 1.4.2.08 + + + 1.4.2.02 + 1.4.2.02 + + + 1.4.2.02 + 1.4.2.02 + + + +

+ Sun and Blackdown both provide implementations of the Java + Development Kit (JDK) and Java Runtime Environment (JRE). +

+ + +

+ Both Sun's and Blackdown's JDK and JRE may allow untrusted applets + to elevate privileges. +

+ + +

+ A remote attacker could embed a malicious Java applet in a web + page and entice a victim to view it. This applet can then bypass + security restrictions and execute any command or access any file with + the rights of the user running the web browser. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Sun JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.08" +

+ All Sun JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.08" +

+ All Blackdown JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.02" +

+ All Blackdown JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.02" +

+ Note to SPARC users: There is no stable secure Blackdown Java + for the SPARC architecture. Affected users should remove the package + until a SPARC package is released. +

+ + + Sun Security Alert ID 101749 + Blackdown Java Security Advisory + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-15.xml new file mode 100644 index 0000000000..dd92091f40 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-15.xml @@ -0,0 +1,67 @@ + + + + + PeerCast: Format string vulnerability + + PeerCast suffers from a format string vulnerability that could allow + arbitrary code execution. + + peercast + June 19, 2005 + May 22, 2006: 02 + 96199 + remote + + + 0.1212 + 0.1212 + + + +

+ PeerCast is a media streaming system based on P2P technology. +

+ + +

+ James Bercegay of the GulfTech Security Research Team discovered that + PeerCast insecurely implements formatted printing when receiving a + request with a malformed URL. +

+ + +

+ A remote attacker could exploit this vulnerability by sending a request + with a specially crafted URL to a PeerCast server to execute arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PeerCast users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1212" + + + GulfTech Advisory + PeerCast Announcement + CVE-2005-1806 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-16.xml new file mode 100644 index 0000000000..4c0f246bcd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-16.xml @@ -0,0 +1,69 @@ + + + + + cpio: Directory traversal vulnerability + + cpio contains a flaw which may allow a specially crafted cpio archive to + extract files to an arbitrary directory. + + cpio + June 20, 2005 + June 20, 2005: 01 + 90619 + local + + + 2.6-r3 + 2.6-r3 + + + +

+ cpio is a file archival tool which can also read and write tar + files. +

+ + +

+ A vulnerability has been found in cpio that can potentially allow + a cpio archive to extract its files to an arbitrary directory of the + creator's choice. +

+ + +

+ An attacker could create a malicious cpio archive which would + create files in arbitrary locations on the victim's system. This issue + could also be used in conjunction with a previous race condition + vulnerability (CAN-2005-1111) to change permissions on files owned by + the victim. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All cpio users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.6-r3" + + + Original Advisory + CAN-2005-1111 + + + jaervosz + + + lewk + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-17.xml new file mode 100644 index 0000000000..70de5953da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-17.xml @@ -0,0 +1,78 @@ + + + + + SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability + + SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack + when handling certain malformed messages. + + SpamAssassin, Vipul's Razor + June 21, 2005 + May 22, 2006: 03 + 94722 + 95492 + 96776 + remote + + + 3.0.4 + 3.0.1 + 3.0.4 + + + 2.74 + 2.74 + + + +

+ SpamAssassin is an extensible email filter which is used to identify + junk email. Vipul's Razor is a client for a distributed, collaborative + spam detection and filtering network. +

+ + +

+ SpamAssassin and Vipul's Razor contain a Denial of Service + vulnerability when handling special misformatted long message headers. +

+ + +

+ By sending a specially crafted message an attacker could cause a Denial + of Service attack against the SpamAssassin/Vipul's Razor server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SpamAssassin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4" +

+ All Vipul's Razor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/razor-2.74" + + + CAN-2005-1266 + CVE-2005-2024 + SpamAssassin Announcement + Vipul's Razor Announcement + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-18.xml new file mode 100644 index 0000000000..4d105d99aa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-18.xml @@ -0,0 +1,64 @@ + + + + + Tor: Information disclosure + + A flaw in Tor may allow the disclosure of arbitrary memory portions. + + tor + June 21, 2005 + May 22, 2006: 02 + 96320 + remote + + + 0.0.9.10 + 0.0.9.10 + + + +

+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

+ A bug in Tor allows attackers to view arbitrary memory contents from an + exit server's process space. +

+ + +

+ A remote attacker could exploit the memory disclosure to gain sensitive + information and possibly even private keys. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tor users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.0.9.10" + + + Tor Security Announcement + CVE-2005-2050 + + + vorlon078 + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-19.xml new file mode 100644 index 0000000000..7735e3d01a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-19.xml @@ -0,0 +1,69 @@ + + + + + SquirrelMail: Several XSS vulnerabilities + + Squirrelmail is vulnerable to several cross-site scripting vulnerabilities + which could lead to a compromise of webmail accounts. + + SquirrelMail + June 21, 2005 + June 21, 2005: 01 + 95937 + remote + + + 1.4.4 + 1.4.0 + 1.4.4 + + + +

+ SquirrelMail is a webmail package written in PHP. It supports IMAP + and SMTP protocols. +

+ + +

+ SquirrelMail is vulnerable to several cross-site scripting issues, + most reported by Martijn Brinkers. +

+ + +

+ By enticing a user to read a specially-crafted e-mail or using a + manipulated URL, an attacker can execute arbitrary scripts running in + the context of the victim's browser. This could lead to a compromise of + the user's webmail account, cookie theft, etc. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SquirrelMail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.4" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + SquirrelMail Advisory + CAN-2005-1769 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-20.xml new file mode 100644 index 0000000000..a4291aae95 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-20.xml @@ -0,0 +1,80 @@ + + + + + Cacti: Several vulnerabilities + + Cacti is vulnerable to several SQL injection, authentication bypass and + file inclusion vulnerabilities. + + cacti + June 22, 2005 + May 22, 2006: 03 + 96243 + 97475 + remote + + + 0.8.6f + 0.8.6f + + + +

+ Cacti is a complete web-based frontend to rrdtool. +

+ + +

+ Cacti fails to properly sanitize input which can lead to SQL injection, + authentication bypass as well as PHP file inclusion. +

+ + +

+ An attacker could potentially exploit the file inclusion to execute + arbitrary code with the permissions of the web server. An attacker + could exploit these vulnerabilities to bypass authentication or inject + SQL queries to gain information from the database. Only systems with + register_globals set to "On" are affected by the file inclusion and + authentication bypass vulnerabilities. Gentoo Linux ships with + register_globals set to "Off" by default. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cacti users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6f" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + Cacti Release Notes - 0.8.6e + iDEFENSE SQL injection advisory + iDEFENSE config_settings advisory + iDEFENSE remote file inclusion advisory + Cacti Release Notes - 0.8.6f + Hardened - PHP Project Cacti Multiple SQL Injection Vulnerabilities + Hardened - PHP Project Cacti Remote Command Execution Vulnerability + Hardened - PHP Project Cacti Authentification/Addslashes Bypass Vulnerability + CVE-2005-1524 + CVE-2005-1525 + CVE-2005-1526 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-21.xml new file mode 100644 index 0000000000..b58232f035 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-21.xml @@ -0,0 +1,66 @@ + + + + + Trac: File upload vulnerability + + Trac may allow remote attackers to upload files, possibly leading to the + execution of arbitrary code. + + trac + June 22, 2005 + June 22, 2005: 01 + 96572 + remote + + + 0.8.4 + 0.8.4 + + + +

+ Trac is a minimalistic web-based project management, wiki and bug + tracking system including a Subversion interface. +

+ + +

+ Stefan Esser of the Hardened-PHP project discovered that Trac + fails to validate the "id" parameter when uploading attachments to the + wiki or the bug tracking system. +

+ + +

+ A remote attacker could exploit the vulnerability to upload + arbitrary files to a directory where the webserver has write access to, + possibly leading to the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Trac users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/trac-0.8.4" + + + Hardened PHP Advisory 012005 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-22.xml new file mode 100644 index 0000000000..0ca9e67489 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-22.xml @@ -0,0 +1,66 @@ + + + + + sudo: Arbitrary command execution + + A vulnerability in sudo may allow local users to elevate privileges. + + sudo + June 23, 2005 + June 23, 2005: 01 + 96618 + local + + + 1.6.8_p9 + 1.6.8_p9 + + + +

+ sudo allows a system administrator to give users the ability to + run commands as other users. +

+ + +

+ The sudoers file is used to define the actions sudo users are + permitted to perform. Charles Morris discovered that a specific layout + of the sudoers file could cause the results of an internal check to be + clobbered, leaving sudo vulnerable to a race condition. +

+ + +

+ Successful exploitation would permit a local sudo user to execute + arbitrary commands as another user. +

+ + +

+ Reorder the sudoers file using the visudo utility to ensure the + 'ALL' pseudo-command precedes other command definitions. +

+ + +

+ All sudo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.6.8_p9" + + + Sudo Announcement + + + koon + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-23.xml new file mode 100644 index 0000000000..04041a6310 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-23.xml @@ -0,0 +1,69 @@ + + + + + Clam AntiVirus: Denial of Service vulnerability + + Clam AntiVirus is vulnerable to a Denial of Service attack when processing + certain Quantum archives. + + clamav + June 27, 2005 + May 22, 2006: 02 + 96960 + remote + + + 0.86.1 + 0.86.1 + + + +

+ Clam AntiVirus is a GPL anti-virus toolkit, designed for integration + with mail servers to perform attachment scanning. Clam AntiVirus also + provides a command line scanner and a tool for fetching updates of the + virus database. +

+ + +

+ Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's + Quantum archive decompressor renders Clam AntiVirus vulnerable to a + Denial of Service attack. +

+ + +

+ A remote attacker could exploit this vulnerability to cause a Denial of + Service by sending a specially crafted Quantum archive to the server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Clam AntiVirus users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.86.1" + + + Clam AntiVirus Release Notes + CVE-2005-2056 + + + jaervosz + + + DerCorny + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-24.xml new file mode 100644 index 0000000000..c00864d8ff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200506-24.xml @@ -0,0 +1,65 @@ + + + + + Heimdal: Buffer overflow vulnerabilities + + Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could + allow the execution of arbitrary code. + + heimdal + June 29, 2005 + June 29, 2005: 01 + 96727 + remote + + + 0.6.5 + 0.6.5 + + + +

+ Heimdal is a free implementation of Kerberos 5 that includes a + telnetd server. +

+ + +

+ It has been reported that the "getterminaltype" function of + Heimdal's telnetd server is vulnerable to buffer overflows. +

+ + +

+ An attacker could exploit this vulnerability to execute arbitrary + code with the permission of the telnetd server program. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5" + + + CAN-2005-2040 + Heimdal Advisory 2005-06-20 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-01.xml new file mode 100644 index 0000000000..8536d4c622 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-01.xml @@ -0,0 +1,80 @@ + + + + + PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability + + The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute + arbitrary PHP script commands. + + pear-xml_rpc phpxmlrpc + July 03, 2005 + July 03, 2005: 01 + 97399 + 97629 + remote + + + 1.3.1 + 1.3.1 + + + 1.1.1 + 1.1.1 + + + +

+ The PEAR XML-RPC and phpxmlrpc libraries are both PHP + implementations of the XML-RPC protocol. +

+ + +

+ James Bercegay of GulfTech Security Research discovered that the + PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using + the "POST" method. +

+ + +

+ A remote attacker could exploit this vulnerability to execute + arbitrary PHP script code by sending a specially crafted XML document + to web applications making use of these libraries. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All PEAR-XML_RPC users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-XML_RPC-1.3.1" +

+ All phpxmlrpc users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/phpxmlrpc-1.1.1" + + + CAN-2005-1921 + GulfTech Advisory + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-02.xml new file mode 100644 index 0000000000..6f29d958ff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-02.xml @@ -0,0 +1,71 @@ + + + + + WordPress: Multiple vulnerabilities + + WordPress contains PHP script injection, cross-site scripting and path + disclosure vulnerabilities. + + wordpress + July 04, 2005 + July 04, 2005: 01 + 97374 + remote + + + 1.5.1.3 + 1.5.1.3 + + + +

+ WordPress is a PHP and MySQL based content management and + publishing system. +

+ + +

+ James Bercegay of the GulfTech Security Research Team discovered + that WordPress insufficiently checks data passed to the XML-RPC server. + He also discovered that WordPress has several cross-site scripting and + full path disclosure vulnerabilities. +

+ + +

+ An attacker could use the PHP script injection vulnerabilities to + execute arbitrary PHP script commands. Furthermore the cross-site + scripting vulnerabilities could be exploited to execute arbitrary + script code in a user's browser session in context of a vulnerable + site. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All WordPress users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.3" + + + CAN-2005-1921 + GulfTech Advisory + + + jaervosz + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-03.xml new file mode 100644 index 0000000000..f68b346464 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-03.xml @@ -0,0 +1,69 @@ + + + + + phpBB: Arbitrary command execution + + A vulnerability in phpBB allows a remote attacker to execute arbitrary + commands with the rights of the web server. + + phpBB + July 04, 2005 + September 03, 2005: 03 + 97278 + remote + + + 2.0.16 + 2.0.16 + + + +

+ phpBB is an Open Source bulletin board package. +

+ + +

+ Ron van Daal discovered that phpBB contains a vulnerability in the + highlighting code. +

+ + +

+ Successful exploitation would grant an attacker unrestricted access to + the PHP exec() or system() functions, allowing the execution of + arbitrary commands with the rights of the web server. +

+ + +

+ Please follow the instructions given in the phpBB announcement. +

+ + +

+ The phpBB package is no longer supported by Gentoo Linux and has been + masked in the Portage repository, no further announcements will be + issued regarding phpBB updates. Users who wish to continue using phpBB + are advised to monitor and refer to www.phpbb.com for more information. +

+

+ To continue using the Gentoo-provided phpBB package, please refer to + the Portage documentation on unmasking packages and upgrade to 2.0.16. +

+ + + CAN-2005-2086 + phpBB Announcement + + + jaervosz + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-04.xml new file mode 100644 index 0000000000..1d2e094751 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-04.xml @@ -0,0 +1,67 @@ + + + + + RealPlayer: Heap overflow vulnerability + + RealPlayer is vulnerable to a heap overflow that could lead to remote + execution of arbitrary code. + + realplayer + July 06, 2005 + July 06, 2005: 01 + 96923 + remote + + + 10.0.5 + 10.0.5 + + + +

+ RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +

+ + +

+ RealPlayer is vulnerable to a heap overflow when opening RealMedia + files which make use of RealText. +

+ + +

+ By enticing a user to play a specially crafted RealMedia file an + attacker could execute arbitrary code with the permissions of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RealPlayer users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.5" + + + RealNetworks Security Advisory + CAN-2005-1766 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-05.xml new file mode 100644 index 0000000000..7ba55f82a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-05.xml @@ -0,0 +1,65 @@ + + + + + zlib: Buffer overflow + + A buffer overflow has been discovered in zlib, potentially resulting in the + execution of arbitrary code. + + zlib + July 06, 2005 + July 06, 2005: 01 + 98121 + remote + + + 1.2.2-r1 + 1.2.2-r1 + + + +

+ zlib is a widely used free and patent unencumbered data + compression library. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a + buffer overflow in zlib. A bounds checking operation failed to take + invalid data into account, allowing a specifically malformed deflate + data stream to overrun a buffer. +

+ + +

+ An attacker could construct a malformed data stream, embedding it + within network communication or an application file format, potentially + resulting in the execution of arbitrary code when decoded by the + application using the zlib library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All zlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.2-r1" + + + CAN-2005-2096 + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-06.xml new file mode 100644 index 0000000000..4a3d53672f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-06.xml @@ -0,0 +1,66 @@ + + + + + TikiWiki: Arbitrary command execution through XML-RPC + + TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary + command execution. + + Tikiwiki + July 06, 2005 + July 06, 2005: 01 + 97648 + remote + + + 1.8.5-r1 + 1.8.5-r1 + + + +

+ TikiWiki is a web-based groupware and content management system + (CMS), using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP + XML-RPC code. +

+ + +

+ TikiWiki is vulnerable to arbitrary command execution as described + in GLSA 200507-01. +

+ + +

+ A remote attacker could exploit this vulnerability to execute + arbitrary PHP code by sending specially crafted XML data. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r1" + + + GLSA 200507-01 + CAN-2005-1921 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-07.xml new file mode 100644 index 0000000000..d8117247c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-07.xml @@ -0,0 +1,68 @@ + + + + + phpWebSite: Multiple vulnerabilities + + phpWebSite is vulnerable to the remote execution of arbitrary PHP script + code and to other, yet undisclosed, vulnerabilities. + + phpwebsite + July 10, 2005 + July 10, 2005: 01 + 97461 + remote + + + 0.10.1-r1 + 0.10.1-r1 + + + +

+ phpWebSite is a content management system written in PHP. +

+ + +

+ phpWebSite fails to sanitize input sent to the XML-RPC server + using the "POST" method. Other unspecified vulnerabilities have been + discovered by Diabolic Crab of Hackers Center. +

+ + +

+ A remote attacker could exploit the XML-RPC vulnerability to + execute arbitrary PHP script code by sending specially crafted XML data + to phpWebSite. The undisclosed vulnerabilities do have an unknown + impact. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpWebSite users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-app/phpwebsite-0.10.1-r1" + + + CAN-2005-1921 + phpWebSite announcement + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-08.xml new file mode 100644 index 0000000000..581e092747 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-08.xml @@ -0,0 +1,78 @@ + + + + + phpGroupWare, eGroupWare: PHP script injection vulnerability + + phpGroupWare and eGroupWare include an XML-RPC implementation which allows + remote attackers to execute arbitrary PHP script commands. + + phpgroupware egroupware + July 10, 2005 + July 10, 2005: 01 + 97460 + 97651 + remote + + + 0.9.16.006 + 0.9.16.006 + + + 1.0.0.008 + 1.0.0.008 + + + +

+ phpGroupWare and eGroupWare are web based collaboration software + suites. +

+ + +

+ The XML-RPC implementations of phpGroupWare and eGroupWare fail to + sanitize input sent to the XML-RPC server using the "POST" method. +

+ + +

+ A remote attacker could exploit the XML-RPC vulnerability to + execute arbitrary PHP script code by sending specially crafted XML data + to the XML-RPC servers of phpGroupWare or eGroupWare. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All phpGroupWare users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-app/phpgroupware-0.9.16.006" +

+ All eGroupWare users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-app/egroupware-1.0.0.008" + + + CAN-2005-1921 + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-09.xml new file mode 100644 index 0000000000..7768b11488 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-09.xml @@ -0,0 +1,69 @@ + + + + + Adobe Acrobat Reader: Buffer overflow vulnerability + + Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to + remote execution of arbitrary code. + + acroread + July 11, 2005 + July 11, 2005: 01 + 98101 + remote + + + 7.0 + 5.10 + + + +

+ Adobe Acrobat Reader is a utility used to view PDF files. +

+ + +

+ A buffer overflow has been discovered in the + UnixAppOpenFilePerform() function, which is called when Adobe Acrobat + Reader tries to open a file with the "\Filespec" tag. +

+ + +

+ By enticing a user to open a specially crafted PDF document, a + remote attacker could exploit this vulnerability to execute arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Since Adobe will most likely not update the 5.0 series of Adobe + Acrobat Reader for Linux, all users should upgrade to the latest + available version of the 7.0 series: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-7.0" + + + CAN-2005-1625 + iDEFENSE Security Advisory + Adobe Security Advisory + + + koon + + + DerCorny + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-10.xml new file mode 100644 index 0000000000..baed01a1fb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-10.xml @@ -0,0 +1,66 @@ + + + + + Ruby: Arbitrary command execution through XML-RPC + + A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute + arbitrary commands. + + ruby + July 11, 2005 + July 11, 2005: 01 + 96784 + remote + + + 1.8.2-r2 + 1.8.2-r2 + + + +

+ Ruby is an interpreted scripting language for quick and easy + object-oriented programming. XML-RPC is a remote procedure call + protocol encoded in XML. +

+ + +

+ Nobuhiro IMAI reported that an invalid default value in "utils.rb" + causes the security protections of the XML-RPC server to fail. +

+ + +

+ A remote attacker could exploit this vulnerability to execute + arbitrary commands. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2-r2" + + + CAN-2005-1992 + Ruby Security Announcement + + + vorlon078 + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-11.xml new file mode 100644 index 0000000000..82a22a7626 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-11.xml @@ -0,0 +1,77 @@ + + + + + MIT Kerberos 5: Multiple vulnerabilities + + MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote + execution of arbitrary code, possibly leading to the compromise of the + entire Kerberos realm. + + mit-krb5 + July 12, 2005 + July 12, 2005: 01 + 98799 + remote + + + 1.4.1-r1 + 1.4.1-r1 + + + +

+ MIT Kerberos 5 is the free implementation of the Kerberos network + authentication protocol by the Massachusetts Institute of Technology. +

+ + +

+ Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the + heap by freeing unallocated memory when receiving a special TCP request + (CAN-2005-1174). He also discovered that the same request could lead to + a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered + that krb5_recvauth() function of MIT Kerberos 5 might try to + double-free memory (CAN-2005-1689). +

+ + +

+ Although exploitation is considered difficult, a remote attacker + could exploit the single-byte heap overflow and the double-free + vulnerability to execute arbitrary code, which could lead to the + compromise of the whole Kerberos realm. A remote attacker could also + use the heap corruption to cause a Denial of Service. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.4.1-r1" + + + CAN-2005-1174 + CAN-2005-1175 + CAN-2005-1689 + MITKRB5-SA-2005-002 + MITKRB5-SA-2005-003 + + + koon + + + DerCorny + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-12.xml new file mode 100644 index 0000000000..455644eaec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-12.xml @@ -0,0 +1,71 @@ + + + + + Bugzilla: Unauthorized access and information disclosure + + Multiple vulnerabilities in Bugzilla could allow remote users to modify bug + flags or gain sensitive information. + + bugzilla + July 13, 2005 + July 13, 2005: 01 + 98348 + remote + + + 2.18.3 + 2.18.3 + + + +

+ Bugzilla is a web-based bug-tracking system used by many projects. +

+ + +

+ Bugzilla allows any user to modify the flags of any bug + (CAN-2005-2173). Bugzilla inserts bugs into the database before marking + them as private, in connection with MySQL replication this could lead + to a race condition (CAN-2005-2174). +

+ + +

+ By manually changing the URL to process_bug.cgi, a remote attacker + could modify the flags of any given bug, which could trigger an email + including the bug summary to be sent to the attacker. The race + condition when using Bugzilla with MySQL replication could lead to a + short timespan (usually less than a second) where the summary of + private bugs is exposed to all users. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Bugzilla users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.3" + + + CAN-2005-2173 + CAN-2005-2174 + Bugzilla Security Advisory + + + vorlon078 + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-13.xml new file mode 100644 index 0000000000..7ee8984115 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-13.xml @@ -0,0 +1,81 @@ + + + + + pam_ldap and nss_ldap: Plain text authentication leak + + pam_ldap and nss_ldap fail to restart TLS when following a referral, + possibly leading to credentials being sent in plain text. + + pam_ldap nss_ldap + July 14, 2005 + July 14, 2005: 01 + 96767 + remote + + + 239-r1 + 226-r1 + 239-r1 + + + 178-r1 + 178-r1 + + + +

+ pam_ldap is a Pluggable Authentication Module which allows + authentication against an LDAP directory. nss_ldap is a Name Service + Switch module which allows 'passwd', 'group' and 'host' database + information to be pulled from LDAP. TLS is Transport Layer Security, a + protocol that allows encryption of network communications. +

+ + +

+ Rob Holland of the Gentoo Security Audit Team discovered that + pam_ldap and nss_ldap fail to use TLS for referred connections if they + are referred to a master after connecting to a slave, regardless of the + "ssl start_tls" ldap.conf setting. +

+ + +

+ An attacker could sniff passwords or other sensitive information + as the communication is not encrypted. +

+ + +

+ pam_ldap and nss_ldap can be set to force the use of SSL instead + of TLS. +

+ + +

+ All pam_ldap users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-178-r1" +

+ All nss_ldap users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose sys-auth/nss_ldap + + + CAN-2005-2069 + + + tigger + + + tigger + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-14.xml new file mode 100644 index 0000000000..5b74ccc792 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-14.xml @@ -0,0 +1,98 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + Several vulnerabilities in Mozilla Firefox allow attacks ranging from + execution of script code with elevated privileges to information leak. + + mozilla + July 15, 2005 + July 15, 2005: 01 + 95199 + remote + + + 1.0.5 + 1.0.5 + + + 1.0.5 + 1.0.5 + + + +

+ Mozilla Firefox is the next-generation web browser from the + Mozilla project. +

+ + +

+ The following vulnerabilities were found and fixed in Mozilla + Firefox: +

+
    +
  • "moz_bug_r_a4" and "shutdown" discovered that + Firefox was improperly cloning base objects (MFSA 2005-56).
    • +
  • Michael Krax reported that Firefox was not correctly handling + JavaScript URLs from external applications (MFSA 2005-53), and that the + "Set as wallpaper" function in versions 1.0.3 and 1.0.4 could be abused + to load JavaScript (MFSA 2005-47).
    • +
  • Several researchers + reported ways to trick Firefox into accepting events generated by web + content (MFSA 2005-45).
    • +
  • Kohei Yoshino discovered a new way to + inject script from the sidebar panel using data: (MFSA 2005-49).
    • +
  • "moz_bug_r_a4" reported that Firefox failed to validate XHTML DOM + nodes properly (MFSA 2005-55), and that XBL scripts ran even when + Javascript is disabled (MFSA 2005-46).
    • +
  • "shutdown" discovered a + possibly exploitable crash in InstallVersion.compareTo (MFSA + 2005-50).
    • +
  • Finally, Secunia discovered that a child frame can + call top.focus() even if the framing page comes from a different origin + and has overridden the focus() routine (MFSA 2005-52), and that the + frame injection spoofing bug fixed in 1.0.2 was mistakenly reintroduced + in 1.0.3 and 1.0.4 (MFSA 2005-51).
    • +
+ + +

+ A remote attacker could craft malicious web pages that would + leverage these issues to inject and execute arbitrary script code with + elevated privileges, steal cookies or other information from web pages, + or spoof content. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.5" +

+ All Mozilla Firefox binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.5" + + + Mozilla Foundation Security Advisories + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-15.xml new file mode 100644 index 0000000000..09ed534409 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-15.xml @@ -0,0 +1,68 @@ + + + + + PHP: Script injection through XML-RPC + + PHP includes an XML-RPC implementation which allows remote attackers to + execute arbitrary PHP script commands. + + PHP + July 15, 2005 + July 15, 2005: 01 + 97655 + remote + + + 4.4.0 + 4.4.0 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +

+ + +

+ James Bercegay has discovered that the XML-RPC implementation in + PHP fails to sanitize input passed in an XML document, which is used in + an "eval()" statement. +

+ + +

+ A remote attacker could exploit the XML-RPC vulnerability to + execute arbitrary PHP script code by sending specially crafted XML data + to applications making use of this XML-RPC implementation. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/php-4.4.0" + + + CAN-2005-1921 + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-16.xml new file mode 100644 index 0000000000..b6b7c43bfe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-16.xml @@ -0,0 +1,65 @@ + + + + + dhcpcd: Denial of Service vulnerability + + A vulnerability in dhcpcd may cause the dhcpcd daemon to crash. + + dhcpcd + July 15, 2005 + July 15, 2005: 01 + 98394 + remote + + + 1.3.22_p4-r11 + 1.3.22_p4-r11 + + + +

+ dhcpcd is a standards compliant DHCP client daemon. It requests an + IP address and other information from the DHCP server, automatically + configures the network interface, and tries to renew the lease time. +

+ + +

+ infamous42md discovered that dhcpcd can be tricked to read past + the end of the supplied DHCP buffer. As a result, this might lead to a + crash of the daemon. +

+ + +

+ With a malicious DHCP server an attacker could cause a Denial of + Service by crashing the DHCP client. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All dhcpcd users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-1.3.22_p4-r11" + + + CAN-2005-1848 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-17.xml new file mode 100644 index 0000000000..d5ff482d69 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-17.xml @@ -0,0 +1,99 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from + execution of script code with elevated privileges to information leak. + + thunderbird + July 18, 2005 + July 18, 2005: 01 + 98855 + remote + + + 1.0.5 + 1.0.5 + + + 1.0.5 + 1.0.5 + + + +

+ Mozilla Thunderbird is the next-generation mail client from the + Mozilla project. +

+ + +

+ The following vulnerabilities were found and fixed in Mozilla + Thunderbird: +

+
    +
  • "moz_bug_r_a4" and "shutdown" discovered + that Thunderbird was improperly cloning base objects (MFSA + 2005-56).
    • +
  • "moz_bug_r_a4" also reported that Thunderbird was + overly trusting contents, allowing privilege escalation via property + overrides (MFSA 2005-41, 2005-44), that it failed to validate XHTML DOM + nodes properly (MFSA 2005-55), and that XBL scripts ran even when + Javascript is disabled (MFSA 2005-46).
    • +
  • "shutdown" discovered a + possibly exploitable crash in InstallVersion.compareTo (MFSA + 2005-50).
    • +
  • Andreas Sandblad from Secunia reported that a child + frame can call top.focus() even if the framing page comes from a + different origin and has overridden the focus() routine (MFSA + 2005-52).
    • +
  • Georgi Guninski reported missing Install object + instance checks in the native implementations of XPInstall-related + JavaScript objects (MFSA 2005-40).
    • +
  • Finally, Vladimir V. + Perepelitsa discovered a memory disclosure bug in JavaScript's regular + expression string replacement when using an anonymous function as the + replacement argument (CAN-2005-0989 and MFSA 2005-33).
    • +
+ + +

+ A remote attacker could craft malicious email messages that would + leverage these issues to inject and execute arbitrary script code with + elevated privileges or help in stealing information. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.5" +

+ All Mozilla Thunderbird binary users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.5" + + + Mozilla Foundation Security Advisories + CAN-2005-0989 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-18.xml new file mode 100644 index 0000000000..076ef7d476 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-18.xml @@ -0,0 +1,67 @@ + + + + + MediaWiki: Cross-site scripting vulnerability + + MediaWiki is vulnerable to a cross-site scripting attack that could allow + arbitrary JavaScript code execution. + + mediawiki + July 20, 2005 + August 11, 2005: 03 + 99132 + remote + + + 1.4.6 + 1.4.6 + + + +

+ MediaWiki is a collaborative editing software, used by big projects + like Wikipedia. +

+ + +

+ MediaWiki fails to escape a parameter in the page move template + correctly. +

+ + +

+ By enticing a user to visit a specially crafted URL, a remote attacker + could exploit this vulnerability to inject malicious JavaScript code + that will be executed in a user's browser session in the context of the + vulnerable site. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MediaWiki users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.4.7" + + + CAN-2005-2396 + MediaWiki Release Notes + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-19.xml new file mode 100644 index 0000000000..4e8649c734 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-19.xml @@ -0,0 +1,66 @@ + + + + + zlib: Buffer overflow + + zlib is vulnerable to a buffer overflow which could potentially lead to + execution of arbitrary code. + + zlib + July 22, 2005 + July 22, 2005: 01 + 99751 + remote + + + 1.2.3 + 1.2.3 + + + +

+ zlib is a widely used free and patent unencumbered data + compression library. +

+ + +

+ zlib improperly handles invalid data streams which could lead to a + buffer overflow. +

+ + +

+ By creating a specially crafted compressed data stream, attackers + can overwrite data structures for applications that use zlib, resulting + in arbitrary code execution or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All zlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.3" + + + Full Disclosure Announcement + CAN-2005-1849 + + + jaervosz + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-20.xml new file mode 100644 index 0000000000..6251aeed78 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-20.xml @@ -0,0 +1,70 @@ + + + + + Shorewall: Security policy bypass + + A vulnerability in Shorewall allows clients authenticated by MAC address + filtering to bypass all other security rules. + + shorewall + July 22, 2005 + September 14, 2005: 02 + 99398 + remote + + + 2.4.2 + 2.4.1 + + + +

+ Shorewall is a high level tool for configuring Netfilter, the firewall + facility included in the Linux Kernel. +

+ + +

+ Shorewall fails to enforce security policies if configured with + "MACLIST_DISPOSITION" set to "ACCEPT" or "MACLIST_TTL" set to a value + greater or equal to 0. +

+ + +

+ A client authenticated by MAC address filtering could bypass all + security policies, possibly allowing him to gain access to restricted + services. The default installation has MACLIST_DISPOSITION=REJECT and + MACLIST_TTL=(blank) (equivalent to 0). This can be checked by looking + at the settings in /etc/shorewall/shorewall.conf +

+ + +

+ Set "MACLIST_TTL" to "0" and "MACLIST_DISPOSITION" to "REJECT" in the + Shorewall configuration file (usually /etc/shorewall/shorewall.conf). +

+ + +

+ All Shorewall users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-firewall/shorewall + + + CAN-2005-2317 + Shorewall Announcement + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-21.xml new file mode 100644 index 0000000000..bdf105c4ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-21.xml @@ -0,0 +1,64 @@ + + + + + fetchmail: Buffer Overflow + + fetchmail is susceptible to a buffer overflow resulting in a Denial of + Service or arbitrary code execution. + + fetchmail + July 25, 2005 + July 25, 2005: 01 + 99865 + remote + + + 6.2.5.2 + 6.2.5.2 + + + +

+ fetchmail is a utility that retrieves and forwards mail from + remote systems using IMAP, POP, and other protocols. +

+ + +

+ fetchmail does not properly validate UIDs coming from a POP3 mail + server. The UID is placed in a fixed length buffer on the stack, which + can be overflown. +

+ + +

+ Very long UIDs returned from a malicious or compromised POP3 + server can cause fetchmail to crash, resulting in a Denial of Service, + or allow arbitrary code to be placed on the stack. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All fetchmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2" + + + Fetchmail Security Advisory + CAN-2005-2335 + + + r2d2 + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-22.xml new file mode 100644 index 0000000000..a63a7a26b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-22.xml @@ -0,0 +1,64 @@ + + + + + sandbox: Insecure temporary file handling + + The sandbox utility may create temporary files in an insecure manner. + + sandbox + July 25, 2005 + August 11, 2005: 02 + 96782 + local + + + 1.2.11 + 1.2.11 + + + +

+ sandbox is a Gentoo Linux utility used by the Portage package + management system. +

+ + +

+ The Gentoo Linux Security Audit Team discovered that the sandbox + utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use) + file creation race conditions. +

+ + +

+ Local users may be able to create or overwrite arbitrary files with the + permissions of the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All sandbox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11" + + + CAN-2005-2449 + + + jaervosz + + + taviso + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-23.xml new file mode 100644 index 0000000000..9f697949c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-23.xml @@ -0,0 +1,75 @@ + + + + + Kopete: Vulnerability in included Gadu library + + Kopete is vulnerable to several input validation vulnerabilities which may + lead to execution of arbitrary code. + + kopete + July 25, 2005 + July 25, 2005: 01 + 99754 + remote + + + 3.4.1-r1 + 3.3.2-r2 + 3.4.1-r1 + + + 3.4.1-r1 + 3.4.1-r1 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. Kopete (also part of kdenetwork) is the + KDE Instant Messenger. +

+ + +

+ Kopete contains an internal copy of libgadu and is therefore + subject to several input validation vulnerabilities in libgadu. +

+ + +

+ A remote attacker could exploit this vulnerability to execute + arbitrary code or crash Kopete. +

+ + +

+ Delete all Gadu Gadu contacts. +

+ + +

+ All Kopete users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdenetwork +

+ All KDE Split Ebuild Kopete users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kopete-3.4.1-r1" + + + KDE Security Advisory: libgadu vulnerabilities + CAN-2005-1852 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-24.xml new file mode 100644 index 0000000000..53e2e7791f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-24.xml @@ -0,0 +1,110 @@ + + + + + Mozilla Suite: Multiple vulnerabilities + + Several vulnerabilities in the Mozilla Suite allow attacks ranging from the + execution of javascript code with elevated privileges to information + leakage. + + mozilla + July 26, 2005 + July 26, 2005: 01 + 98846 + remote + + + 1.7.10 + 1.7.10 + + + 1.7.10 + 1.7.10 + + + +

+ The Mozilla Suite is an all-in-one Internet application suite + including a web browser, an advanced e-mail and newsgroup client, IRC + client and HTML editor. +

+ + +

+ The following vulnerabilities were found and fixed in the Mozilla + Suite: +

+
    +
  • "moz_bug_r_a4" and "shutdown" discovered that the + Mozilla Suite was improperly cloning base objects (MFSA 2005-56).
    • +
  • "moz_bug_r_a4" reported that the suite failed to validate XHTML DOM + nodes properly (MFSA 2005-55).
    • +
  • Secunia reported that alerts + and prompts scripts are presented with the generic title [JavaScript + Application] which could lead to tricking a user (MFSA 2005-54).
    • +
  • Andreas Sandblad of Secunia reported that top.focus() can be called + in the context of a child frame even if the framing page comes from a + different origin and has overridden the focus() routine (MFSA + 2005-52).
    • +
  • Secunia reported that a frame-injection spoofing bug + which was fixed in earlier versions, was accidently bypassed in Mozilla + Suite 1.7.7 (MFSA 2005-51).
    • +
  • "shutdown" reported that + InstallVersion.compareTo() might be exploitable. When it gets an object + rather than a string, the browser would generally crash with an access + violation (MFSA 2005-50).
    • +
  • Matthew Mastracci reported that by + forcing a page navigation immediately after calling the install method + can end up running in the context of the new page selected by the + attacker (MFSA 2005-48).
    • +
  • "moz_bug_r_a4" reported that XBL + scripts run even when Javascript is disabled (MFSA 2005-46).
    • +
  • + Omar Khan, Jochen, "shutdown" and Matthew Mastracci reported that the + Mozilla Suite incorrectly distinguished between true events like mouse + clicks or keystrokes and synthetic events generated by a web content + (MFSA 2005-45).
    • +
+ + +

+ A remote attacker could craft malicious web pages that would + leverage these issues to inject and execute arbitrary javascript code + with elevated privileges, steal cookies or other information from web + pages, or spoof content. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Suite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.10" +

+ All Mozilla Suite binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.10" + + + Mozilla Foundation Security Advisories + + + DerCorny + + + DerCorny + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-25.xml new file mode 100644 index 0000000000..81f3657dcf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-25.xml @@ -0,0 +1,68 @@ + + + + + Clam AntiVirus: Integer overflows + + Clam AntiVirus is vulnerable to integer overflows when handling several + file formats, potentially resulting in the execution of arbitrary code. + + clamav + July 26, 2005 + August 11, 2005: 02 + 100178 + remote + + + 0.86.2 + 0.86.2 + + + +

+ Clam AntiVirus is a GPL anti-virus toolkit, designed for integration + with mail servers to perform attachment scanning. Clam AntiVirus also + provides a command line scanner and a tool for fetching updates of the + virus database. +

+ + +

+ Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is + vulnerable to integer overflows when handling the TNEF, CHM and FSG + file formats. +

+ + +

+ By sending a specially-crafted file an attacker could execute arbitrary + code with the permissions of the user running Clam AntiVirus. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Clam AntiVirus users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.86.2" + + + CAN-2005-2450 + Clam AntiVirus: Release Notes + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-26.xml new file mode 100644 index 0000000000..39db4491ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-26.xml @@ -0,0 +1,113 @@ + + + + + GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library + + GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer + overflow which could potentially lead to the execution of arbitrary code or + a Denial of Service. + + gnugadu centericq kadu ekg libgadu + July 27, 2005 + February 26, 2007: 02 + 99816 + 99890 + 99583 + remote + + + 2.2.6-r1 + 2.2.6-r1 + + + 4.20.0-r3 + 4.20.0-r3 + + + 0.4.1 + 0.4.1 + + + 1.6_rc3 + 1.6_rc3 + + + 1.7.0_pre20050719 + 1.7.0_pre20050719 + + + +

+ GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications + created to support Gadu Gadu instant messaging protocol. libgadu is a + library that implements the client side of the Gadu-Gadu protocol. +

+ + +

+ GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer + overflow. +

+ + +

+ A remote attacker could exploit the integer overflow to execute + arbitrary code or cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU Gadu users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gnugadu-2.2.6-r1" +

+ All Kadu users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/kadu-0.4.1" +

+ All EKG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/ekg-1.6_rc3" +

+ All libgadu users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libgadu-20050719" +

+ All CenterICQ users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/centericq-4.20.0-r3" +

+ CenterICQ is no longer distributed with Gadu Gadu support, affected + users are encouraged to migrate to an alternative package. +

+ + + CAN-2005-1852 + BugTraq Announcement + + + jaervosz + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-27.xml new file mode 100644 index 0000000000..1a08c99b02 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-27.xml @@ -0,0 +1,79 @@ + + + + + Ethereal: Multiple vulnerabilities + + Ethereal is vulnerable to numerous vulnerabilities potentially resulting in + the execution of arbitrary code or abnormal termination. + + Ethereal + July 28, 2005 + July 28, 2005: 01 + 100316 + remote + + + 0.10.12 + 0.10.12 + + + +

+ Ethereal is a feature-rich network protocol analyzer. +

+ + +

+ There are numerous vulnerabilities in versions of Ethereal prior + to 0.10.12, including: +

+
    +
  • The SMB dissector could overflow a + buffer or exhaust memory (CAN-2005-2365).
    • +
  • iDEFENSE discovered + that several dissectors are vulnerable to format string overflows + (CAN-2005-2367).
    • +
  • Additionally multiple potential crashes in + many dissectors have been fixed, see References for further + details.
    • +
+ + +

+ An attacker might be able to use these vulnerabilities to crash + Ethereal or execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.12" + + + Ethereal enpa-sa-00020 + CAN-2005-2360 + CAN-2005-2361 + CAN-2005-2362 + CAN-2005-2363 + CAN-2005-2364 + CAN-2005-2365 + CAN-2005-2366 + CAN-2005-2367 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-28.xml new file mode 100644 index 0000000000..307121c427 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-28.xml @@ -0,0 +1,70 @@ + + + + + AMD64 x86 emulation base libraries: Buffer overflow + + The x86 emulation base libraries for AMD64 contain a vulnerable version of + zlib which could potentially lead to execution of arbitrary code. + + emul-linux-x86-baselibs + July 30, 2005 + August 02, 2005: 02 + 100686 + remote + + + 2.1.2 + 2.1.2 + + + +

+ The x86 emulation base libraries for AMD64 emulate the x86 (32-bit) + architecture on the AMD64 (64-bit) architecture. +

+ + +

+ Earlier versions of emul-linux-x86-baselibs contain a vulnerable + version of zlib, which may lead to a buffer overflow. +

+ + +

+ By creating a specially crafted compressed data stream, attackers can + overwrite data structures for applications that use the x86 emulation + base libraries for AMD64, resulting in a Denial of Service and + potentially arbitrary code execution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AMD64 x86 emulation base libraries users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-baselibs + + + GLSA 200507-05 + GLSA 200507-19 + CAN-2005-1849 + CAN-2005-2096 + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-29.xml new file mode 100644 index 0000000000..5865f8edc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-29.xml @@ -0,0 +1,66 @@ + + + + + pstotext: Remote execution of arbitrary code + + pstotext contains a vulnerability which can potentially result in the + execution of arbitrary code. + + pstotext + July 31, 2005 + August 11, 2005: 02 + 100245 + remote + + + 1.8g-r1 + 1.8g-r1 + + + +

+ pstotext is a program that works with GhostScript to extract plain text + from PostScript and PDF files. +

+ + +

+ Max Vozeler reported that pstotext calls the GhostScript interpreter on + untrusted PostScript files without specifying the -dSAFER option. +

+ + +

+ An attacker could craft a malicious PostScript file and entice a user + to run pstotext on it, resulting in the execution of arbitrary commands + with the permissions of the user running pstotext. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pstotext users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/pstotext-1.8g-r1" + + + CAN-2005-2536 + Secunia Advisory SA16183 + + + koon + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-01.xml new file mode 100644 index 0000000000..8cb9ee8e46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-01.xml @@ -0,0 +1,69 @@ + + + + + Compress::Zlib: Buffer overflow + + Compress::Zlib is vulnerable to a buffer overflow which could potentially + lead to execution of arbitrary code. + + Compress-Zlib + August 01, 2005 + May 28, 2009: 02 + 100540 + remote + + + 1.35 + 1.35 + + + +

+ The Compress::Zlib is a Perl module which provides an interface to + the zlib compression library. +

+ + +

+ Compress::Zlib 1.34 contains a local vulnerable version of zlib, + which may lead to a buffer overflow. +

+ + +

+ By creating a specially crafted compressed data stream, attackers + can overwrite data structures for applications that use Compress::Zlib, + resulting in a Denial of Service and potentially arbitrary code + execution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Compress::Zlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=perl-core/Compress-Zlib-1.35" + + + GLSA 200507-19 + GLSA 200507-05 + CAN-2005-1849 + CAN-2005-2096 + + + koon + + + adir + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-02.xml new file mode 100644 index 0000000000..ce7f372897 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-02.xml @@ -0,0 +1,72 @@ + + + + + ProFTPD: Format string vulnerabilities + + Under specific circumstances, ProFTPD is vulnerable to format string + vulnerabilities, potentially resulting in the execution of arbitrary code. + + proftpd + August 01, 2005 + August 01, 2005: 01 + 100364 + remote + + + 1.2.10-r7 + 1.2.10-r7 + + + +

+ ProFTPD is a configurable GPL-licensed FTP server software. +

+ + +

"infamous42md" reported that ProFTPD is vulnerable to format + string vulnerabilities when displaying a shutdown message containing + the name of the current directory, and when displaying response + messages to the client using information retrieved from a database + using mod_sql. +

+ + +

+ A remote attacker could create a directory with a malicious name + that would trigger the format string issue if specific variables are + used in the shutdown message, potentially resulting in a Denial of + Service or the execution of arbitrary code with the rights of the user + running the ProFTPD server. An attacker with control over the database + contents could achieve the same result by introducing malicious + messages that would trigger the other format string issue when used in + server responses. +

+ + +

+ Do not use the "%C", "%R", or "%U" in shutdown messages, and do + not set the "SQLShowInfo" directive. +

+ + +

+ All ProFTPD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.2.10-r7" + + + CAN-2005-2390 + + + koon + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-03.xml new file mode 100644 index 0000000000..25da2e0583 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-03.xml @@ -0,0 +1,65 @@ + + + + + nbSMTP: Format string vulnerability + + nbSMTP is vulnerable to a format string vulnerability which may result in + remote execution of arbitrary code. + + nbsmtp + August 02, 2005 + August 11, 2005: 02 + 100274 + remote + + + 1.00 + 1.00 + + + +

+ nbSMTP is an SMTP client suitable to run in chroot jails, in embedded + systems, laptops and workstations. +

+ + +

+ Niels Heinen discovered a format string vulnerability. +

+ + +

+ An attacker can setup a malicious SMTP server and exploit this + vulnerability to execute arbitrary code with the permissions of the + user running nbSMTP. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All nbSMTP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/nbsmtp-1.0" + + + CAN-2005-2409 + nbSMTP official site + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-04.xml new file mode 100644 index 0000000000..8fde1cebaf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-04.xml @@ -0,0 +1,77 @@ + + + + + Netpbm: Arbitrary code execution in pstopnm + + The pstopnm utility, part of the Netpbm tools, contains a vulnerability + which can potentially result in the execution of arbitrary code. + + Netpbm + August 05, 2005 + May 28, 2009: 06 + 100398 + remote + + + 10.28 + 10.26.32 + 10.26.33 + 10.26.42 + 10.26.43 + 10.26.44 + 10.26.48 + 10.26.49 + 10.26.59 + 10.26.61 + 10.28 + + + +

+ Netpbm is a package of 220 graphics programs and a programming + libraries, including pstopnm. pstopnm is a tool which converts + PostScript files to PNM image files. +

+ + +

+ Max Vozeler reported that pstopnm calls the GhostScript interpreter on + untrusted PostScript files without specifying the -dSAFER option, to + convert a PostScript file into a PBM, PGM, or PNM file. +

+ + +

+ An attacker could craft a malicious PostScript file and entice a user + to run pstopnm on it, resulting in the execution of arbitrary commands + with the permissions of the user running pstopnm. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Netpbm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose media-libs/netpbm + + + CAN-2005-2471 + Secunia Advisory SA16184 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-05.xml new file mode 100644 index 0000000000..ef3ab947cf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-05.xml @@ -0,0 +1,68 @@ + + + + + Heartbeat: Insecure temporary file creation + + Heartbeat is vulnerable to symlink attacks, potentially allowing a local + user to overwrite arbitrary files. + + Heartbeat + August 07, 2005 + August 07, 2005: 01 + 97175 + local + + + 1.2.3-r1 + 1.2.3-r1 + + + +

+ Heartbeat is a component of the High-Availability Linux project. + It it used to perform death-of-node detection, communications and + cluster management. +

+ + +

+ Eric Romang has discovered that Heartbeat insecurely creates + temporary files with predictable filenames. +

+ + +

+ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When a + vulnerable script is executed, this could lead to the file being + overwritten with the rights of the user running the affected + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Heartbeat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/heartbeat-1.2.3-r1" + + + CAN-2005-2231 + + + koon + + + formula7 + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-06.xml new file mode 100644 index 0000000000..bf1454d1f0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-06.xml @@ -0,0 +1,69 @@ + + + + + Gaim: Remote execution of arbitrary code + + Gaim is vulnerable to a buffer overflow which could lead to the execution + of arbitrary code or to a Denial of Service. + + Gaim + August 15, 2005 + August 15, 2005: 01 + 102000 + remote + + + 1.5.0 + 1.5.0 + + + +

+ Gaim is a full featured instant messaging client which handles a + variety of instant messaging protocols. +

+ + +

+ Brandon Perry discovered that Gaim is vulnerable to a heap-based + buffer overflow when handling away messages (CAN-2005-2103). + Furthermore, Daniel Atallah discovered a vulnerability in the handling + of file transfers (CAN-2005-2102). +

+ + +

+ A remote attacker could create a specially crafted away message + which, when viewed by the target user, could lead to the execution of + arbitrary code. Also, an attacker could send a file with a non-UTF8 + filename to a user, which would result in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gaim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gaim-1.5.0" + + + CAN-2005-2102 + CAN-2005-2103 + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-07.xml new file mode 100644 index 0000000000..d4ecdd3b46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-07.xml @@ -0,0 +1,70 @@ + + + + + AWStats: Arbitrary code execution using malicious Referrer information + + AWStats fails to validate certain log input, which could lead to the + execution of arbitrary Perl code during the generation of the statistics. + + awstats + August 16, 2005 + May 28, 2009: 02 + 102145 + remote + + + 6.5 + 6.5 + + + +

+ AWStats is an advanced log file analyzer and statistics generator. + In HTTP reports it parses Referrer information in order to display the + most common Referrer values that caused users to visit the website. +

+ + +

+ When using a URLPlugin, AWStats fails to sanitize Referrer URL + data before using them in a Perl eval() routine. +

+ + +

+ A remote attacker can include arbitrary Referrer information in a + HTTP request to a web server, therefore injecting tainted data in the + log files. When AWStats is run on this log file, this can result in the + execution of arbitrary Perl code with the rights of the user running + AWStats. +

+ + +

+ Disable all URLPlugins in the AWStats configuration. +

+ + +

+ All AWStats users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-misc/awstats-6.5" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + CAN-2005-1527 + iDEFENSE Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-08.xml new file mode 100644 index 0000000000..13ff3f7082 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-08.xml @@ -0,0 +1,101 @@ + + + + + Xpdf, Kpdf, GPdf: Denial of Service vulnerability + + Xpdf, Kpdf and GPdf may crash as a result of a Denial of Service + vulnerability. + + xpdf kpdf gpdf + August 16, 2005 + August 16, 2005: 01 + 99769 + 100263 + 100265 + remote + + + 3.00-r10 + 3.00-r10 + + + 3.3.2-r3 + 3.3.2-r3 + + + 3.4.1-r1 + 3.4.1-r1 + + + 2.10.0-r1 + 2.10.0-r1 + + + +

+ Xpdf, Kpdf and GPdf are PDF file viewers that run under the X + Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part + of kdegraphics. +

+ + +

+ Xpdf, Kpdf and GPdf do not handle a broken table of embedded + TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and + GPdf attempt to reconstruct the information in it by decoding the PDF + file, which causes the generation of a huge temporary file. +

+ + +

+ A remote attacker may cause a Denial of Service by creating a + specially crafted PDF file, sending it to a CUPS printing system (which + uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r10" +

+ All GPdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r1" +

+ All Kpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.2-r3" +

+ All KDE Split Ebuild Kpdf users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.1-r1" + + + CAN-2005-2097 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-09.xml new file mode 100644 index 0000000000..725701fa71 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-09.xml @@ -0,0 +1,66 @@ + + + + + bluez-utils: Bluetooth device name validation vulnerability + + Improper validation of Bluetooth device names can lead to arbitrary command + execution. + + bluez-utils + August 17, 2005 + August 17, 2005: 01 + 101557 + remote + + + 2.19 + 2.19 + + + +

+ bluez-utils are the utilities for use with the BlueZ + implementation of the Bluetooth wireless standards for Linux. +

+ + +

+ The name of a Bluetooth device is improperly validated by the hcid + utility when a remote device attempts to pair itself with a computer. +

+ + +

+ An attacker could create a malicious device name on a Bluetooth + device resulting in arbitrary commands being executed as root upon + attempting to pair the device with the computer. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All bluez-utils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-2.19" + + + CAN-2005-2547 + bluez-utils ChangeLog + + + koon + + + r2d2 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-10.xml new file mode 100644 index 0000000000..1bbea807ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-10.xml @@ -0,0 +1,66 @@ + + + + + Kismet: Multiple vulnerabilities + + Kismet is vulnerable to multiple issues potentially resulting in the + execution of arbitrary code. + + Kismet + August 19, 2005 + May 22, 2006: 02 + 102702 + remote + + + 2005.08.1 + 2005.08.1 + + + +

+ Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and + intrusion detection system. +

+ + +

+ Kismet is vulnerable to a heap overflow when handling pcap captures and + to an integer underflow in the CDP protocol dissector. +

+ + +

+ With a specially crafted packet an attacker could cause Kismet to + execute arbitrary code with the rights of the user running the program. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Kismet users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/kismet-2005.08.1" + + + Kismet Release Notes + CVE-2005-2626 + CVE-2005-2627 + + + jaervosz + + + jaervosz + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-11.xml new file mode 100644 index 0000000000..0828e25e5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-11.xml @@ -0,0 +1,65 @@ + + + + + Adobe Reader: Buffer Overflow + + Adobe Reader is vulnerable to a buffer overflow which could potentially + lead to execution of arbitrary code. + + acroread + August 19, 2005 + August 19, 2005: 01 + 102730 + remote + + + 7.0.1.1 + 7.0.1.1 + + + +

+ Adobe Reader is a utility used to view PDF files. +

+ + +

+ A buffer overflow has been reported within a core application + plug-in, which is part of Adobe Reader. +

+ + +

+ An attacker may create a specially-crafted PDF file, enticing a + user to open it. This could trigger a buffer overflow as the file is + being loaded, resulting in the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-7.0.1.1" + + + CAN-2005-2470 + Adobe Document 321644 + + + formula7 + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-12.xml new file mode 100644 index 0000000000..6794894ee4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-12.xml @@ -0,0 +1,72 @@ + + + + + Evolution: Format string vulnerabilities + + Evolution is vulnerable to format string vulnerabilities which may result + in remote execution of arbitrary code. + + evolution + August 23, 2005 + August 23, 2005: 01 + 102051 + remote + + + 2.2.3-r3 + 2.2.3-r3 + + + +

+ Evolution is a GNOME groupware application. +

+ + +

+ Ulf Harnhammar discovered that Evolution is vulnerable to format + string bugs when viewing attached vCards and when displaying contact + information from remote LDAP servers or task list data from remote + servers (CAN-2005-2549). He also discovered that Evolution fails to + handle special calendar entries if the user switches to the Calendars + tab (CAN-2005-2550). +

+ + +

+ An attacker could attach specially crafted vCards to emails or + setup malicious LDAP servers or calendar entries which would trigger + the format string vulnerabilities when viewed or accessed from + Evolution. This could potentially result in the execution of arbitrary + code with the rights of the user running Evolution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Evolution users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.2.3-r3" + + + CAN-2005-2549 + CAN-2005-2550 + SITIC Vulnerability Advisory SA05-001 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-13.xml new file mode 100644 index 0000000000..5de3ef7124 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-13.xml @@ -0,0 +1,78 @@ + + + + + PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability + + The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute + arbitrary PHP script commands. + + pear-xml_rpc phpxmlrpc + August 24, 2005 + August 24, 2005: 01 + 102378 + 102576 + remote + + + 1.4.0 + 1.4.0 + + + 1.2-r1 + 1.2-r1 + + + +

+ The PEAR XML-RPC and phpxmlrpc libraries are both PHP + implementations of the XML-RPC protocol. +

+ + +

+ Stefan Esser of the Hardened-PHP Project discovered that the PEAR + XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC + requests and responses with malformed nested tags. +

+ + +

+ A remote attacker could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document to web applications making use of these libraries. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All PEAR-XML_RPC users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-XML_RPC-1.4.0" +

+ All phpxmlrpc users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/phpxmlrpc-1.2-r1" + + + CAN-2005-2498 + Hardened-PHP 14/2005 Advisory + Hardened-PHP 15/2005 Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-14.xml new file mode 100644 index 0000000000..3440351e4d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-14.xml @@ -0,0 +1,78 @@ + + + + + TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC + + TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to + arbitrary command execution. + + tikiwiki egroupware + August 24, 2005 + August 24, 2005: 01 + 102374 + 102377 + remote + + + 1.8.5-r2 + 1.8.5-r2 + + + 1.0.0.009 + 1.0.0.009 + + + +

+ TikiWiki is a full featured Free Software Wiki, CMS and Groupware + written in PHP. eGroupWare is a web-based collaboration software suite. + Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC + requests. +

+ + +

+ The XML-RPC library shipped in TikiWiki and eGroupWare improperly + handles XML-RPC requests and responses with malformed nested tags. +

+ + +

+ A remote attacker could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document to TikiWiki or eGroupWare. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r2" +

+ All eGroupWare users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.0.0.009" + + + CAN-2005-2498 + + + DerCorny + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-15.xml new file mode 100644 index 0000000000..d775a2811b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-15.xml @@ -0,0 +1,67 @@ + + + + + Apache 2.0: Denial of Service vulnerability + + A bug in Apache may allow a remote attacker to perform a Denial of Service + attack. + + apache + August 25, 2005 + December 30, 2007: 03 + 102991 + remote + + + 2.0.54-r9 + 2.0 + 2.0.54-r9 + + + +

+ The Apache HTTP Server Project is a featureful, freely-available HTTP + (Web) server. +

+ + +

+ Filip Sneppe discovered that Apache improperly handles byterange + requests to CGI scripts. +

+ + +

+ A remote attacker may access vulnerable scripts in a malicious way, + exhausting all RAM and swap space on the server, resulting in a Denial + of Service of the Apache server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All apache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r9" + + + ASF Bugzilla Bug 29962 + CVE-2005-2728 + + + DerCorny + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-16.xml new file mode 100644 index 0000000000..c90d5976ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-16.xml @@ -0,0 +1,66 @@ + + + + + Tor: Information disclosure + + A flaw in Tor leads to the disclosure of information and the loss of + anonymity, integrity and confidentiality. + + tor + August 25, 2005 + August 25, 2005: 01 + 102245 + remote + + + 0.1.0.14 + 0.1.0.14 + + + +

+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

+ The Diffie-Hellman implementation of Tor fails to verify the + cryptographic strength of keys which are used during handshakes. +

+ + +

+ By setting up a malicious Tor server and enticing users to use + this server as first hop, a remote attacker could read and modify all + traffic of the user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.1.0.14" + + + CAN-2005-2643 + Tor Security Announcement + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-17.xml new file mode 100644 index 0000000000..6ec5e04693 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-17.xml @@ -0,0 +1,66 @@ + + + + + libpcre: Heap integer overflow + + libpcre is vulnerable to a heap integer overflow, possibly leading to the + execution of arbitrary code. + + libpcre + August 25, 2005 + August 25, 2005: 01 + 103337 + remote + + + 6.3 + 6.3 + + + +

+ libpcre is a library providing functions for Perl-compatible + regular expressions. +

+ + +

+ libpcre fails to check certain quantifier values in regular + expressions for sane values. +

+ + +

+ An attacker could possibly exploit this vulnerability to execute + arbitrary code by sending specially crafted regular expressions to + applications making use of the libpcre library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpcre users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-6.3" + + + CAN-2005-2491 + SecurityTracker Alert ID 1014744 + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-18.xml new file mode 100644 index 0000000000..cb56908d0c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-18.xml @@ -0,0 +1,66 @@ + + + + + PhpWiki: Arbitrary command execution through XML-RPC + + PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary command + execution. + + phpwiki + August 26, 2005 + August 26, 2005: 01 + 102380 + remote + + + 1.3.10-r2 + 1.3.10-r2 + + + +

+ PhpWiki is an application that creates a web site where anyone can + edit the pages through HTML forms. +

+ + +

+ Earlier versions of PhpWiki contain an XML-RPC library that + improperly handles XML-RPC requests and responses with malformed nested + tags. +

+ + +

+ A remote attacker could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document to PhpWiki. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PhpWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r2" + + + CAN-2005-2498 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-19.xml new file mode 100644 index 0000000000..7f29c0cc9f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-19.xml @@ -0,0 +1,69 @@ + + + + + lm_sensors: Insecure temporary file creation + + lm_sensors is vulnerable to linking attacks, potentially allowing a local + user to overwrite arbitrary files. + + lm_sensors + August 30, 2005 + August 30, 2005: 01 + 103568 + local + + + 2.9.1-r1 + 2.9.1-r1 + + + +

+ lm_sensors is a software package that provides drivers for + monitoring the temperatures, voltages, and fans of Linux systems with + hardware monitoring devices. +

+ + +

+ Javier Fernandez-Sanguino Pena has discovered that lm_sensors + insecurely creates temporary files with predictable filenames when + saving configurations. +

+ + +

+ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + the pwmconfig script of lm_sensors is executed, this would result in + the file being overwritten with the rights of the user running the + script, which typically is the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All lm_sensors users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/lm_sensors-2.9.1-r1" + + + CAN-2005-2672 + + + koon + + + koon + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-20.xml new file mode 100644 index 0000000000..54cb4f99b0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-20.xml @@ -0,0 +1,68 @@ + + + + + phpGroupWare: Multiple vulnerabilities + + phpGroupWare is vulnerable to multiple issues ranging from information + disclosure to a potential execution of arbitrary code. + + phpgroupware + August 30, 2005 + August 30, 2005: 01 + 102379 + remote + + + 0.9.16.008 + 0.9.16.008 + + + +

+ phpGroupWare is a multi-user groupware suite written in PHP. +

+ + +

+ phpGroupWare improperly validates the "mid" parameter retrieved + via a forum post. The current version of phpGroupWare also adds several + safeguards to prevent XSS issues, and disables the use of a potentially + vulnerable XML-RPC library. +

+ + +

+ A remote attacker may leverage the XML-RPC vulnerability to + execute arbitrary PHP script code. He could also create a specially + crafted request that will reveal private posts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpGroupWare users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008" + + + CAN-2005-2498 + CAN-2005-2600 + Secunia Advisory SA16414 + + + DerCorny + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-21.xml new file mode 100644 index 0000000000..0299cda391 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-21.xml @@ -0,0 +1,68 @@ + + + + + phpWebSite: Arbitrary command execution through XML-RPC and SQL injection + + phpWebSite is vulnerable to multiple issues which result in the execution + of arbitrary code and SQL injection. + + phpwebsite + August 31, 2005 + August 31, 2005: 01 + 102785 + remote + + + 0.10.2_rc2 + 0.10.2_rc2 + + + +

+ phpWebSite is a web site content management system. +

+ + +

+ phpWebSite uses an XML-RPC library that improperly handles XML-RPC + requests and responses with malformed nested tags. Furthermore, + "matrix_killer" reported that phpWebSite is vulnerable to an SQL + injection attack. +

+ + +

+ A malicious remote user could exploit this vulnerability to inject + arbitrary PHP script code into eval() statements by sending a specially + crafted XML document, and also inject SQL commands to access the + underlying database directly. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpWebSite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2_rc2" + + + CAN-2005-2498 + Original Advisory + + + koon + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-22.xml new file mode 100644 index 0000000000..9023f08899 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200508-22.xml @@ -0,0 +1,68 @@ + + + + + pam_ldap: Authentication bypass vulnerability + + pam_ldap contains a vulnerability that may allow a remote attacker to gain + system access. + + pam_ldap + August 31, 2005 + August 31, 2005: 01 + 103659 + remote + + + 180 + 180 + + + +

+ pam_ldap is a Pluggable Authentication Module which allows + authentication against LDAP directories. +

+ + +

+ When a pam_ldap client attempts to authenticate against an LDAP + server that omits the optional error value from the + PasswordPolicyResponseValue, the authentication attempt will always + succeed. +

+ + +

+ A remote attacker may exploit this vulnerability to bypass the + LDAP authentication mechanism, gaining access to the system possibly + with elevated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pam_ldap users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-180" + + + CAN-2005-2641 + US-CERT VU#778916 + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-01.xml new file mode 100644 index 0000000000..c3c6aff17b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-01.xml @@ -0,0 +1,64 @@ + + + + + MPlayer: Heap overflow in ad_pcm.c + + A heap overflow in MPlayer might lead to the execution of arbitrary code. + + MPlayer + September 01, 2005 + September 01, 2005: 01 + 103555 + remote + + + 1.0_pre7-r1 + 1.0_pre7-r1 + + + +

+ MPlayer is a media player capable of handling multiple multimedia + file formats. +

+ + +

+ Sven Tantau discovered a heap overflow in the code handling the + strf chunk of PCM audio streams. +

+ + +

+ An attacker could craft a malicious video or audio file which, + when opened using MPlayer, would end up executing arbitrary code on the + victim's computer with the permissions of the user running MPlayer. +

+ + +

+ You can mitigate the issue by adding "ac=-pcm," to your MPlayer + configuration file (note that this will prevent you from playing + uncompressed audio). +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre7-r1" + + + CAN-2005-2718 + Original Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-02.xml new file mode 100644 index 0000000000..81fe8cca76 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-02.xml @@ -0,0 +1,68 @@ + + + + + Gnumeric: Heap overflow in the included PCRE library + + Gnumeric is vulnerable to a heap overflow, possibly leading to the + execution of arbitrary code. + + Gnumeric + September 03, 2005 + September 03, 2005: 01 + 104010 + remote + + + 1.4.3-r2 + 1.4.3-r2 + + + +

+ The Gnumeric spreadsheet is a versatile application developed as + part of the GNOME Office project. libpcre is a library providing + functions for Perl-compatible regular expressions. +

+ + +

+ Gnumeric contains a private copy of libpcre which is subject to an + integer overflow leading to a heap overflow (see GLSA 200508-17). +

+ + +

+ An attacker could potentially exploit this vulnerability by + tricking a user into opening a specially crafted spreadsheet, which + could lead to the execution of arbitrary code with the privileges of + the user running Gnumeric. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gnumeric users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2" + + + CAN-2005-2491 + GLSA 200508-17 + + + koon + + + koon + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-03.xml new file mode 100644 index 0000000000..ac11b90de0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-03.xml @@ -0,0 +1,66 @@ + + + + + OpenTTD: Format string vulnerabilities + + OpenTTD is vulnerable to format string vulnerabilities which may result in + remote execution of arbitrary code. + + openttd + September 05, 2005 + May 22, 2006: 02 + 102631 + remote + + + 0.4.0.1-r1 + 0.4.0.1-r1 + + + +

+ OpenTTD is an open source clone of the simulation game "Transport + Tycoon Deluxe" by Microprose. +

+ + +

+ Alexey Dobriyan discovered several format string vulnerabilities in + OpenTTD. +

+ + +

+ A remote attacker could exploit these vulnerabilities to crash the + OpenTTD server or client and possibly execute arbitrary code with the + rights of the user running OpenTTD. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All OpenTTD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.0.1-r1" + + + CAN-2005-2763 + CVE-2005-2764 + + + jaervosz + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-04.xml new file mode 100644 index 0000000000..c9e7331445 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-04.xml @@ -0,0 +1,66 @@ + + + + + phpLDAPadmin: Authentication bypass + + A flaw in phpLDAPadmin may allow attackers to bypass security restrictions + and connect anonymously. + + phpLDAPadmin + September 06, 2005 + September 06, 2005: 01 + 104293 + remote + + + 0.9.7_alpha6 + 0.9.7_alpha6 + + + +

+ phpLDAPadmin is a web-based LDAP client allowing to easily manage + LDAP servers. +

+ + +

+ Alexander Gerasiov discovered a flaw in login.php preventing the + application from validating whether anonymous bind has been disabled in + the target LDAP server configuration. +

+ + +

+ Anonymous users can access the LDAP server, even if the + "disable_anon_bind" parameter was explicitly set to avoid this. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpLDAPadmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nds/phpldapadmin-0.9.7_alpha6" + + + CAN-2005-2654 + Secunia Advisory SA16611 + + + DerCorny + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-05.xml new file mode 100644 index 0000000000..479da6e6c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-05.xml @@ -0,0 +1,67 @@ + + + + + Net-SNMP: Insecure RPATH + + The Gentoo Net-SNMP package may provide Perl modules containing an insecure + DT_RPATH, potentially allowing privilege escalation. + + net-snmp + September 06, 2005 + May 22, 2006: 02 + 103776 + local + + + 5.2.1.2-r1 + 5.2.1.2-r1 + + + +

+ Net-SNMP is a suite of applications used to implement the Simple + Network Management Protocol. +

+ + +

+ James Cloos reported that Perl modules from the Net-SNMP package look + for libraries in an untrusted location. This is due to a flaw in the + Gentoo package, and not the Net-SNMP suite. +

+ + +

+ A local attacker (member of the portage group) may be able to create a + shared object that would be loaded by the Net-SNMP Perl modules, + executing arbitrary code with the privileges of the user invoking the + Perl script. +

+ + +

+ Limit group portage access to trusted users. +

+ + +

+ All Net-SNMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1.2-r1" + + + CVE-2005-2811 + + + DerCorny + + + DerCorny + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-06.xml new file mode 100644 index 0000000000..44e14710e2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-06.xml @@ -0,0 +1,66 @@ + + + + + Squid: Denial of Service vulnerabilities + + Squid contains several bugs when handling certain malformed requests + resulting in a Denial of Service. + + Squid + September 07, 2005 + May 22, 2006: 03 + 104603 + remote + + + 2.5.10-r2 + 2.5.10-r2 + + + +

+ Squid is a full-featured Web proxy cache designed to run on Unix-like + systems. It supports proxying and caching of HTTP, FTP, and other + protocols, as well as SSL support, cache hierarchies, transparent + caching, access control lists and many more features. +

+ + +

+ Certain malformed requests result in a segmentation fault in the + sslConnectTimeout function, handling of other certain requests trigger + assertion failures. +

+ + +

+ By performing malformed requests an attacker could cause Squid to crash + by triggering an assertion failure or invalid memory reference. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.5.10-r2" + + + Squid Patches + CVE-2005-2794 + CVE-2005-2796 + + + jaervosz + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-07.xml new file mode 100644 index 0000000000..f09f61d559 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-07.xml @@ -0,0 +1,61 @@ + + + + + X.Org: Heap overflow in pixmap allocation + + An integer overflow in pixmap memory allocation potentially allows any + X.Org user to execute arbitrary code with elevated privileges. + + X.Org + September 12, 2005 + September 12, 2005: 01 + 105688 + local + + + 6.8.2-r3 + 6.8.2-r3 + + + +

+ X.Org is X.Org Foundation's Public Implementation of the X Window + System. +

+ + +

+ X.Org is missing an integer overflow check during pixmap memory + allocation. +

+ + +

+ An X.Org user could exploit this issue to make the X server + execute arbitrary code with elevated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.8.2-r3" + + + CAN-2005-2495 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-08.xml new file mode 100644 index 0000000000..4f8d849ca7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-08.xml @@ -0,0 +1,71 @@ + + + + + Python: Heap overflow in the included PCRE library + + The "re" Python module is vulnerable to a heap overflow, possibly leading + to the execution of arbitrary code. + + Python + September 12, 2005 + September 12, 2005: 01 + 104009 + remote + + + 2.3.5-r2 + 2.3.5-r2 + + + +

+ Python is an interpreted, interactive, object-oriented, + cross-platform programming language. The "re" Python module provides + regular expression functions. +

+ + +

+ The "re" Python module makes use of a private copy of libpcre + which is subject to an integer overflow leading to a heap overflow (see + GLSA 200508-17). +

+ + +

+ An attacker could target a Python-based web application (or SUID + application) that would use untrusted data as regular expressions, + potentially resulting in the execution of arbitrary code (or privilege + escalation). +

+ + +

+ Python users that don't run any Python web application or SUID + application (or that run one that wouldn't use untrusted inputs as + regular expressions) are not affected by this issue. +

+ + +

+ All Python users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.5-r2" + + + CAN-2005-2491 + GLSA 200508-17 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-09.xml new file mode 100644 index 0000000000..15c976c91b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-09.xml @@ -0,0 +1,67 @@ + + + + + Py2Play: Remote execution of arbitrary Python code + + A design error in Py2Play allows attackers to execute arbitrary code. + + py2play + September 17, 2005 + September 05, 2006: 02 + 103524 + remote + + + 0.1.8 + 0.1.7 + + + +

+ Py2Play is a peer-to-peer network game engine written in Python. + Pickling is a Python feature allowing to serialize Python objects into + string representations (called pickles) that can be sent over the + network. +

+ + +

+ Arc Riley discovered that Py2Play uses Python pickles to send objects + over a peer-to-peer game network, and that clients accept without + restriction the objects and code sent by peers. +

+ + +

+ A remote attacker participating in a Py2Play-powered game can send + malicious Python pickles, resulting in the execution of arbitrary + Python code on the targeted game client. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All py2play users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/py2play-0.1.8" + + + CAN-2005-2875 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-10.xml new file mode 100644 index 0000000000..aeb1a38dfe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-10.xml @@ -0,0 +1,63 @@ + + + + + Mailutils: Format string vulnerability in imap4d + + The imap4d server contains a vulnerability allowing an authenticated user + to execute arbitrary code with the privileges of the imap4d process. + + mailutils + September 17, 2005 + May 22, 2006: 02 + 105458 + remote + + + 0.6-r2 + 0.6-r2 + + + +

+ The GNU Mailutils are a collection of mail-related utilities, including + an IMAP4 server (imap4d). +

+ + +

+ The imap4d server contains a format string bug in the handling of IMAP + SEARCH requests. +

+ + +

+ An authenticated IMAP user could exploit the format string error in + imap4d to execute arbitrary code as the imap4d user, which is usually + root. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All GNU Mailutils users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r2" + + + iDEFENSE 09.09.05 advisory + CVE-2005-2878 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-11.xml new file mode 100644 index 0000000000..83904701e1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-11.xml @@ -0,0 +1,132 @@ + + + + + Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities + + Mozilla Suite and Firefox are vulnerable to multiple issues, including some + that might be exploited to execute arbitrary code. + + mozilla + September 18, 2005 + September 29, 2005: 02 + 105396 + remote + + + 1.0.7-r2 + 1.0.7-r2 + + + 1.7.12-r2 + 1.7.12-r2 + + + 1.0.7 + 1.0.7 + + + 1.7.12 + 1.7.12 + + + 1.7.12 + 1.7.12 + + + +

+ The Mozilla Suite is a popular all-in-one web browser that includes a + mail and news reader. Mozilla Firefox is the next-generation browser + from the Mozilla project. Gecko is the layout engine used in both + products. +

+ + +

+ The Mozilla Suite and Firefox are both vulnerable to the following + issues: +

+
    +
  • Tom Ferris reported a heap overflow in IDN-enabled browsers with + malicious Host: headers (CAN-2005-2871).
    • +
  • "jackerror" discovered a heap overrun in XBM image processing + (CAN-2005-2701).
    • +
  • Mats Palmgren reported a potentially exploitable stack corruption + using specific Unicode sequences (CAN-2005-2702).
    • +
  • Georgi Guninski discovered an integer overflow in the JavaScript + engine (CAN-2005-2705)
    • +
  • Other issues ranging from DOM object spoofing to request header + spoofing were also found and fixed in the latest versions + (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707).
    • +
+

+ The Gecko engine in itself is also affected by some of these issues and + has been updated as well. +

+ + +

+ A remote attacker could setup a malicious site and entice a victim to + visit it, potentially resulting in arbitrary code execution with the + victim's privileges or facilitated spoofing of known websites. +

+ + +

+ There is no known workaround for all the issues. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.7-r2" +

+ All Mozilla Suite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.12-r2" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.7" +

+ All Mozilla Suite binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.12" +

+ All Gecko library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gecko-sdk-1.7.12" +

+ +

+ + + CAN-2005-2701 + CAN-2005-2702 + CAN-2005-2703 + CAN-2005-2704 + CAN-2005-2705 + CAN-2005-2706 + CAN-2005-2707 + CAN-2005-2871 + Mozilla Foundation Security Advisories + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-12.xml new file mode 100644 index 0000000000..2499a5735b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-12.xml @@ -0,0 +1,85 @@ + + + + + Apache, mod_ssl: Multiple vulnerabilities + + mod_ssl and Apache are vulnerable to a restriction bypass and a potential + local privilege escalation. + + Apache + September 19, 2005 + December 30, 2007: 03 + 103554 + 104807 + remote and local + + + 2.8.24 + 2.8.24 + + + 2.0.54-r15 + 2 + 2.0.54-r15 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 + and is also included in Apache 2. +

+ + +

+ mod_ssl contains a security issue when "SSLVerifyClient optional" is + configured in the global virtual host configuration (CAN-2005-2700). + Also, Apache's httpd includes a PCRE library, which makes it vulnerable + to an integer overflow (CAN-2005-2491). +

+ + +

+ Under a specific configuration, mod_ssl does not properly enforce the + client-based certificate authentication directive, "SSLVerifyClient + require", in a per-location context, which could be potentially used by + a remote attacker to bypass some restrictions. By creating a specially + crafted ".htaccess" file, a local attacker could possibly exploit + Apache's vulnerability, which would result in a local privilege + escalation. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mod_ssl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-www/mod_ssl-2.8.24" +

+ All Apache 2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r15" + + + CAN-2005-2491 + CAN-2005-2700 + + + koon + + + koon + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-13.xml new file mode 100644 index 0000000000..b8096bd62d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-13.xml @@ -0,0 +1,68 @@ + + + + + Clam AntiVirus: Multiple vulnerabilities + + Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service + to execution of arbitrary code when handling compressed executables. + + clamav + September 19, 2005 + September 19, 2005: 01 + 106279 + remote + + + 0.87 + 0.87 + + + +

+ Clam AntiVirus is a GPL anti-virus toolkit, designed for + integration with mail servers to perform attachment scanning. Clam + AntiVirus also provides a command line scanner and a tool for fetching + updates of the virus database. +

+ + +

+ Clam AntiVirus is vulnerable to a buffer overflow in + "libclamav/upx.c" when processing malformed UPX-packed executables. It + can also be sent into an infinite loop in "libclamav/fsg.c" when + processing specially-crafted FSG-packed executables. +

+ + +

+ By sending a specially-crafted file an attacker could execute + arbitrary code with the permissions of the user running Clam AntiVirus, + or cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Clam AntiVirus users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87" + + + CAN-2005-2919 + CAN-2005-2920 + Clam AntiVirus: Release Notes + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-14.xml new file mode 100644 index 0000000000..0239eba343 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-14.xml @@ -0,0 +1,66 @@ + + + + + Zebedee: Denial of Service vulnerability + + A bug in Zebedee allows a remote attacker to perform a Denial of Service + attack. + + zebedee + September 20, 2005 + May 22, 2006: 02 + 105115 + remote + + + 2.4.1-r1 + 2.5.3 + 2.5.3 + + + +

+ Zebedee is an application that establishes an encrypted, compressed + tunnel for TCP/IP or UDP data transfer between two systems. +

+ + +

+ "Shiraishi.M" reported that Zebedee crashes when "0" is received as the + port number in the protocol option header. +

+ + +

+ By performing malformed requests a remote attacker could cause Zebedee + to crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Zebedee users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-misc/zebedee + + + BugTraq ID 14796 + CVE-2005-2904 + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-15.xml new file mode 100644 index 0000000000..9a8648d4c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-15.xml @@ -0,0 +1,73 @@ + + + + + util-linux: umount command validation error + + A command validation error in umount can lead to an escalation of + privileges. + + util-linux + September 20, 2005 + September 20, 2005: 01 + 105805 + local + + + 2.12q-r3 + 2.12q-r3 + + + +

+ util-linux is a suite of useful Linux programs including umount, a + program used to unmount filesystems. +

+ + +

+ When a regular user mounts a filesystem, they are subject to + restrictions in the /etc/fstab configuration file. David Watson + discovered that when unmounting a filesystem with the '-r' option, the + read-only bit is set, while other bits, such as nosuid or nodev, are + not set, even if they were previously. +

+ + +

+ An unprivileged user facing nosuid or nodev restrictions can + umount -r a filesystem clearing those bits, allowing applications to be + executed suid, or have device nodes interpreted. In the case where the + user can freely modify the contents of the filesystem, privilege + escalation may occur as a custom program may execute with suid + permissions. +

+ + +

+ Two workarounds exist, first, the suid bit can be removed from the + umount utility, or users can be restricted from mounting and unmounting + filesystems in /etc/fstab. +

+ + +

+ All util-linux users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.12q-r3" + + + CAN-2005-2876 + + + koon + + + r2d2 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-16.xml new file mode 100644 index 0000000000..76baa76ef2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-16.xml @@ -0,0 +1,66 @@ + + + + + Mantis: XSS and SQL injection vulnerabilities + + Mantis is affected by an SQL injection and several cross-site scripting + (XSS) vulnerabilities. + + Mantis + September 24, 2005 + September 24, 2005: 01 + 103308 + remote + + + 0.19.2 + 0.19.2 + + + +

+ Mantis is a web-based bugtracking system written in PHP. +

+ + +

+ Mantis fails to properly sanitize untrusted input before using it. + This leads to an SQL injection and several cross-site scripting + vulnerabilities. +

+ + +

+ An attacker could possibly use the SQL injection vulnerability to + access or modify information from the Mantis database. Furthermore the + cross-site scripting issues give an attacker the ability to inject and + execute malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mantis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.2" + + + CAN-2005-2556 + CAN-2005-2557 + Secunia Advisory SA16506 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-17.xml new file mode 100644 index 0000000000..df15ad4711 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-17.xml @@ -0,0 +1,79 @@ + + + + + Webmin, Usermin: Remote code execution through PAM authentication + + If Webmin or Usermin is configured to use full PAM conversations, it is + vulnerable to the remote execution of arbitrary code with root privileges. + + Webmin Usermin + September 24, 2005 + September 24, 2005: 01 + 106705 + remote + + + 1.230 + 1.230 + + + 1.160 + 1.160 + + + +

+ Webmin and Usermin are web-based system administration consoles. + Webmin allows an administrator to easily configure servers and other + features. Usermin allows users to configure their own accounts, execute + commands, and read e-mails. +

+ + +

+ Keigo Yamazaki discovered that the miniserv.pl webserver, used in + both Webmin and Usermin, does not properly validate authentication + credentials before sending them to the PAM (Pluggable Authentication + Modules) authentication process. The default configuration shipped with + Gentoo does not enable the "full PAM conversations" option and is + therefore unaffected by this flaw. +

+ + +

+ A remote attacker could bypass the authentication process and run + any command as the root user on the target server. +

+ + +

+ Do not enable "full PAM conversations" in the Authentication + options of Webmin and Usermin. +

+ + +

+ All Webmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/webmin-1.230" +

+ All Usermin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/usermin-1.160" + + + CAN-2005-3042 + Original Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-18.xml new file mode 100644 index 0000000000..8db1bf579f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-18.xml @@ -0,0 +1,64 @@ + + + + + Qt: Buffer overflow in the included zlib library + + Qt is vulnerable to a buffer overflow which could potentially lead to the + execution of arbitrary code. + + qt + September 26, 2005 + September 26, 2005: 02 + 105695 + local + + + 3.3.4-r8 + 3.3.4-r8 + + + +

+ Qt is a cross-platform GUI toolkit used by KDE. +

+ + +

+ Qt links to a bundled vulnerable version of zlib when emerged with the + zlib USE-flag disabled. This may lead to a buffer overflow. +

+ + +

+ By creating a specially crafted compressed data stream, attackers can + overwrite data structures for applications that use Qt, resulting in a + Denial of Service or potentially arbitrary code execution. +

+ + +

+ Emerge Qt with the zlib USE-flag enabled. +

+ + +

+ All Qt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r8" + + + GLSA 200507-05 + GLSA 200507-19 + CAN-2005-1849 + CAN-2005-2096 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-19.xml new file mode 100644 index 0000000000..b884de3d0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-19.xml @@ -0,0 +1,95 @@ + + + + + PHP: Vulnerabilities in included PCRE and XML-RPC libraries + + PHP makes use of an affected PCRE library and ships with an affected + XML-RPC library and is therefore potentially vulnerable to remote execution + of arbitrary code. + + PHP + September 27, 2005 + September 27, 2005: 01 + 102373 + remote + + + 4.3.11-r1 + 4.4.0-r1 + 4.4.0-r1 + + + 4.3.11-r1 + 4.4.0-r2 + 4.4.0-r2 + + + 4.3.11-r2 + 4.4.0-r2 + 4.4.0-r2 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version of PHP, or can run stand-alone in a + CLI. +

+ + +

+ PHP makes use of a private copy of libpcre which is subject to an + integer overflow leading to a heap overflow (see GLSA 200508-17). It + also ships with an XML-RPC library affected by a script injection + vulnerability (see GLSA 200508-13). +

+ + +

+ An attacker could target a PHP-based web application that would + use untrusted data as regular expressions, potentially resulting in the + execution of arbitrary code. If web applications make use of the + XML-RPC library shipped with PHP, they are also vulnerable to remote + execution of arbitrary PHP code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-php/php +

+ All mod_php users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-php/mod_php +

+ All php-cgi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-php/php-cgi + + + CAN-2005-2491 + CAN-2005-2498 + GLSA 200508-13 + GLSA 200508-17 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-20.xml new file mode 100644 index 0000000000..3228b85ea9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-20.xml @@ -0,0 +1,65 @@ + + + + + AbiWord: RTF import stack-based buffer overflow + + AbiWord is vulnerable to a stack-based buffer overflow during RTF import, + making it vulnerable to the execution of arbitrary code. + + AbiWord + September 30, 2005 + September 30, 2005: 01 + 107351 + remote + + + 2.2.10 + 2.2.10 + + + +

+ AbiWord is a free and cross-platform word processing program. It + allows to import RTF files into AbiWord documents. +

+ + +

+ Chris Evans discovered that the RTF import function in AbiWord is + vulnerable to a stack-based buffer overflow. +

+ + +

+ An attacker could design a malicious RTF file and entice the user + to import it in AbiWord, potentially resulting in the execution of + arbitrary code with the rights of the user running AbiWord. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AbiWord users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/abiword-2.2.10" + + + CAN-2005-2964 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-21.xml new file mode 100644 index 0000000000..270185c848 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200509-21.xml @@ -0,0 +1,70 @@ + + + + + Hylafax: Insecure temporary file creation in xferfaxstats script + + Hylafax is vulnerable to linking attacks, potentially allowing a local user + to overwrite arbitrary files. + + hylafax + September 30, 2005 + May 22, 2006: 02 + 106882 + local + + + 4.2.0-r3 + 4.2.1-r2 + 4.2.2 + 4.2.2 + + + +

+ Hylafax is a client-server fax package for class 1 and 2 fax modems. +

+ + +

+ Javier Fernandez-Sanguino has discovered that xferfaxstats cron script + supplied by Hylafax insecurely creates temporary files with predictable + filenames. +

+ + +

+ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + the xferfaxstats script of Hylafax is executed, this would result in + the file being overwritten with the rights of the user running the + script, which typically is the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Hylafax users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-misc/hylafax + + + Original bug report + CVE-2005-3069 + + + jaervosz + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-01.xml new file mode 100644 index 0000000000..6d6bb803bc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-01.xml @@ -0,0 +1,63 @@ + + + + + gtkdiskfree: Insecure temporary file creation + + gtkdiskfree is vulnerable to symlink attacks, potentially allowing a local + user to overwrite arbitrary files. + + gtkdiskfree + October 03, 2005 + October 03, 2005: 01 + 104565 + local + + + 1.9.3-r1 + 1.9.3-r1 + + + +

+ gtkdiskfree is a GTK-based GUI to show free disk space. +

+ + +

+ Eric Romang discovered that gtkdiskfree insecurely creates a + predictable temporary file to handle command output. +

+ + +

+ A local attacker could create a symbolic link in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When gtkdiskfree is executed, this would result in the file being + overwritten with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gtkdiskfree users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/gtkdiskfree-1.9.3-r1" + + + CAN-2005-2918 + Original Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-02.xml new file mode 100644 index 0000000000..51b9f3478b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-02.xml @@ -0,0 +1,71 @@ + + + + + Berkeley MPEG Tools: Multiple insecure temporary files + + The Berkeley MPEG Tools use temporary files in various insecure ways, + potentially allowing a local user to overwrite arbitrary files. + + MPEG Tools + October 03, 2005 + October 03, 2005: 01 + 107344 + local + + + 1.5b-r2 + 1.5b-r2 + + + +

+ The Berkeley MPEG Tools are a collection of utilities for + manipulating MPEG video technology, including an encoder (mpeg_encode) + and various conversion utilities. +

+ + +

+ Mike Frysinger of the Gentoo Security Team discovered that + mpeg_encode and the conversion utilities were creating temporary files + with predictable or fixed filenames. The 'test' make target of the MPEG + Tools also relied on several temporary files created insecurely. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When the utilities are executed (or 'make test' is run), this would + result in the file being overwritten with the rights of the user + running the command. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Berkeley MPEG Tools users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mpeg-tools-1.5b-r2" + + + CAN-2005-3115 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-03.xml new file mode 100644 index 0000000000..2e9a8ab715 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-03.xml @@ -0,0 +1,68 @@ + + + + + Uim: Privilege escalation vulnerability + + Under certain conditions, applications linked against Uim suffer from a + privilege escalation vulnerability. + + uim + October 04, 2005 + May 22, 2006: 02 + 107748 + local + + + 0.4.9.1 + 0.4.9.1 + + + +

+ Uim is a multilingual input method library which provides secure and + useful input method for all languages. +

+ + +

+ Masanari Yamamoto discovered that Uim uses environment variables + incorrectly. This bug causes a privilege escalation if setuid/setgid + applications are linked to libuim. This bug only affects + immodule-enabled Qt (if you build Qt 3.3.2 or later versions with + USE="immqt" or USE="immqt-bc"). +

+ + +

+ A malicious local user could exploit this vulnerability to execute + arbitrary code with escalated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Uim users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-i18n/uim-0.4.9.1" + + + Original advisory + CVE-2005-3149 + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-04.xml new file mode 100644 index 0000000000..ee67cc9cca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-04.xml @@ -0,0 +1,67 @@ + + + + + Texinfo: Insecure temporary file creation + + Texinfo is vulnerable to symlink attacks, potentially allowing a local user + to overwrite arbitrary files. + + Texinfo + October 05, 2005 + October 05, 2005: 01 + 106105 + local + + + 4.8-r1 + 4.8-r1 + + + +

+ Texinfo is the official documentation system created by the GNU + project. +

+ + +

+ Frank Lichtenheld has discovered that the "sort_offline()" + function in texindex insecurely creates temporary files with + predictable filenames. +

+ + +

+ A local attacker could create symbolic links in the temporary + files directory, pointing to a valid file somewhere on the filesystem. + When texindex is executed, this would result in the file being + overwritten with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Texinfo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/texinfo-4.8-r1" + + + CAN-2005-3011 + + + koon + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-05.xml new file mode 100644 index 0000000000..70e6814535 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-05.xml @@ -0,0 +1,65 @@ + + + + + Ruby: Security bypass vulnerability + + Ruby is vulnerable to a security bypass of the safe level mechanism. + + ruby + October 06, 2005 + October 06, 2005: 01 + 106996 + remote + + + 1.8.3 + 1.8.3 + + + +

+ Ruby is an interpreted scripting language for quick and easy + object-oriented programming. Ruby supports the safe execution of + untrusted code using a safe level and taint flag mechanism. +

+ + +

+ Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce + safe level protections. +

+ + +

+ An attacker could exploit this vulnerability to execute arbitrary + code beyond the restrictions specified in each safe level. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.3" + + + CAN-2005-2337 + Ruby release announcement + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-06.xml new file mode 100644 index 0000000000..b6632aa652 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-06.xml @@ -0,0 +1,64 @@ + + + + + Dia: Arbitrary code execution through SVG import + + Improperly sanitised data in Dia allows remote attackers to execute + arbitrary code. + + dia + October 06, 2005 + October 06, 2005: 01 + 107916 + remote + + + 0.94-r3 + 0.94-r3 + + + +

+ Dia is a gtk+ based diagram creation program released under the + GPL license. +

+ + +

+ Joxean Koret discovered that the SVG import plugin in Dia fails to + properly sanitise data read from an SVG file. +

+ + +

+ An attacker could create a specially crafted SVG file, which, when + imported into Dia, could lead to the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dia users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r3" + + + CAN-2005-2966 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-07.xml new file mode 100644 index 0000000000..c9929b9916 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-07.xml @@ -0,0 +1,74 @@ + + + + + RealPlayer, Helix Player: Format string vulnerability + + RealPlayer and Helix Player are vulnerable to a format string vulnerability + resulting in the execution of arbitrary code. + + realplayer helixplayer + October 07, 2005 + November 22, 2005: 02 + 107309 + remote + + + 10.0.6 + 10.0.6 + + + 1.0.6 + + + +

+ RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. Helix Player is an open source media player + for Linux. +

+ + +

+ "c0ntex" reported that RealPlayer and Helix Player suffer from a heap + overflow. +

+ + +

+ By enticing a user to play a specially crafted realpix (.rp) or + realtext (.rt) file, an attacker could execute arbitrary code with the + permissions of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RealPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.6" +

+ Note to Helix Player users: There is currently no stable secure Helix + Player package. Affected users should remove the package until an + updated Helix Player package is released. +

+ + + CAN-2005-2710 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-08.xml new file mode 100644 index 0000000000..ec0416845f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-08.xml @@ -0,0 +1,66 @@ + + + + + xine-lib: Format string vulnerability + + xine-lib contains a format string error in CDDB response handling that may + be exploited to execute arbitrary code. + + xine-lib + October 08, 2005 + October 08, 2005: 01 + 107854 + remote + + + 1.1.0-r5 + 1.0.1-r4 + 1_rc8-r2 + 1.1.0-r5 + + + +

+ xine-lib is a multimedia library which can be utilized to create + multimedia frontends. It includes functions to retrieve information + about audio CD contents from public CDDB servers. +

+ + +

+ Ulf Harnhammar discovered a format string bug in the routines + handling CDDB server response contents. +

+ + +

+ An attacker could submit malicious information about an audio CD + to a public CDDB server (or impersonate a public CDDB server). When the + victim plays this CD on a multimedia frontend relying on xine-lib, it + could end up executing arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose media-libs/xine-lib + + + CAN-2005-2967 + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-09.xml new file mode 100644 index 0000000000..074cfa30e7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-09.xml @@ -0,0 +1,63 @@ + + + + + Weex: Format string vulnerability + + Weex contains a format string error that may be exploited by malicious + servers to execute arbitrary code. + + Weex + October 08, 2005 + October 08, 2005: 01 + 107849 + remote + + + 2.6.1.5-r1 + 2.6.1.5-r1 + + + +

+ Weex is a non-interactive FTP client typically used to update web + pages. +

+ + +

+ Ulf Harnhammar discovered a format string bug in Weex that can be + triggered when it is first run (or when its cache files are rebuilt, + using the -r option). +

+ + +

+ An attacker could setup a malicious FTP server which, when + accessed using Weex, could trigger the format string bug and end up + executing arbitrary code with the rights of the user running Weex. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Weex users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/weex-2.6.1.5-r1" + + + CAN-2005-3150 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-10.xml new file mode 100644 index 0000000000..b7d8a20086 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-10.xml @@ -0,0 +1,66 @@ + + + + + uw-imap: Remote buffer overflow + + uw-imap is vulnerable to remote overflow of a buffer in the IMAP server + leading to execution of arbitrary code. + + uw-imap + October 11, 2005 + October 11, 2005: 01 + 108206 + remote + + + 2004g + 2004g + + + +

+ uw-imap is the University of Washington's IMAP and POP server + daemons. +

+ + +

+ Improper bounds checking of user supplied data while parsing IMAP + mailbox names can lead to overflowing the stack buffer. +

+ + +

+ Successful exploitation requires an authenticated IMAP user to + request a malformed mailbox name. This can lead to execution of + arbitrary code with the permissions of the IMAP server. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All uw-imap users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004g" + + + CAN-2005-2933 + iDEFENSE Security Advisory + + + koon + + + koon + + + r2d2 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-11.xml new file mode 100644 index 0000000000..070e070a63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-11.xml @@ -0,0 +1,71 @@ + + + + + OpenSSL: SSL 2.0 protocol rollback + + When using a specific option, OpenSSL can be forced to fallback to the less + secure SSL 2.0 protocol. + + OpenSSL + October 12, 2005 + November 07, 2005: 02 + 108852 + remote + + + 0.9.7h + 0.9.7g-r1 + 0.9.7e-r2 + 0.9.7h + + + +

+ OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. +

+ + +

+ Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the + SSL_OP_ALL option, that implies it) can be forced by a third-party to + fallback to the less secure SSL 2.0 protocol, even if both parties + support the more secure SSL 3.0 or TLS 1.0 protocols. +

+ + +

+ A man-in-the-middle attacker can weaken the encryption used to + communicate between two parties, potentially revealing sensitive + information. +

+ + +

+ If possible, disable the use of SSL 2.0 in all OpenSSL-enabled + applications. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-libs/openssl + + + CAN-2005-2969 + OpenSSL security advisory + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-12.xml new file mode 100644 index 0000000000..86a53c3599 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-12.xml @@ -0,0 +1,73 @@ + + + + + KOffice, KWord: RTF import buffer overflow + + KOffice and KWord are vulnerable to a buffer overflow in the RTF importer, + potentially resulting in the execution of arbitrary code. + + koffice, kword + October 14, 2005 + October 14, 2005: 01 + 108411 + remote + + + 1.4.1-r1 + 1.4.1-r1 + + + 1.4.1-r1 + 1.4.1-r1 + + + +

+ KOffice is an integrated office suite for KDE. KWord is the + KOffice word processor. +

+ + +

+ Chris Evans discovered that the KWord RTF importer was vulnerable + to a heap-based buffer overflow. +

+ + +

+ An attacker could entice a user to open a specially-crafted RTF + file, potentially resulting in the execution of arbitrary code with the + rights of the user running the affected application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KOffice users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.1-r1" +

+ All KWord users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.1-r1" + + + CAN-2005-2971 + KDE Security Advisory: KWord RTF import buffer overflow + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-13.xml new file mode 100644 index 0000000000..121f11d93e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-13.xml @@ -0,0 +1,65 @@ + + + + + SPE: Insecure file permissions + + SPE files are installed with world-writeable permissions, potentially + leading to privilege escalation. + + spe + October 15, 2005 + May 22, 2006: 02 + 108538 + local + + + 0.7.5c-r1 + 0.5.1f-r1 + 0.7.5c-r1 + + + +

+ SPE is a cross-platform Python Integrated Development Environment + (IDE). +

+ + +

+ It was reported that due to an oversight all SPE's files are set as + world-writeable. +

+ + +

+ A local attacker could modify the executable files, causing arbitrary + code to be executed with the permissions of the user running SPE. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SPE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-util/spe + + + CVE-2005-3291 + + + jaervosz + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-14.xml new file mode 100644 index 0000000000..d53181a6ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-14.xml @@ -0,0 +1,95 @@ + + + + + Perl, Qt-UnixODBC, CMake: RUNPATH issues + + Multiple packages suffer from RUNPATH issues that may allow users in the + "portage" group to escalate privileges. + + Perl Qt-UnixODBC CMake + October 17, 2005 + May 22, 2006: 03 + 105719 + 105721 + 106678 + local + + + 5.8.7-r1 + 5.8.6-r6 + 5.8.7-r1 + + + 3.3.4-r1 + 3.3.4-r1 + + + 2.2.0-r1 + 2.0.6-r1 + 2.2.0-r1 + + + +

+ Perl is a stable, cross-platform programming language created by Larry + Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform + build environment. +

+ + +

+ Some packages may introduce insecure paths into the list of directories + that are searched for libraries at runtime. Furthermore, packages + depending on the MakeMaker Perl module for build configuration may have + incorrectly copied the LD_RUN_PATH into the DT_RPATH. +

+ + +

+ A local attacker, who is a member of the "portage" group, could create + a malicious shared object in the Portage temporary build directory that + would be loaded at runtime by a dependent executable, potentially + resulting in privilege escalation. +

+ + +

+ Only grant "portage" group rights to trusted users. +

+ + +

+ All Perl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-lang/perl +

+ All Qt-UnixODBC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/qt-unixODBC-3.3.4-r1" +

+ All CMake users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-util/cmake + + + CVE-2005-4278 + CVE-2005-4279 + CVE-2005-4280 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-15.xml new file mode 100644 index 0000000000..cd4ff86bad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-15.xml @@ -0,0 +1,66 @@ + + + + + Lynx: Buffer overflow in NNTP processing + + Lynx contains a buffer overflow that may be exploited to execute arbitrary + code. + + Lynx + October 17, 2005 + October 17, 2005: 01 + 108451 + remote + + + 2.8.5-r1 + 2.8.5-r1 + + + +

+ Lynx is a text-mode browser for the World Wide Web. It supports + multiple URL types, including HTTP and NNTP URLs. +

+ + +

+ When accessing a NNTP URL, Lynx connects to a NNTP server and + retrieves information about the available articles in the target + newsgroup. Ulf Harnhammar discovered a buffer overflow in a function + that handles the escaping of special characters. +

+ + +

+ An attacker could setup a malicious NNTP server and entice a user + to access it using Lynx (either by creating NNTP links on a web page or + by forcing a redirect for Lynx users). The data returned by the NNTP + server would trigger the buffer overflow and execute arbitrary code + with the rights of the user running Lynx. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Lynx users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.5-r1" + + + CAN-2005-3120 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-16.xml new file mode 100644 index 0000000000..aa2df98dbe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-16.xml @@ -0,0 +1,67 @@ + + + + + phpMyAdmin: Local file inclusion vulnerability + + phpMyAdmin contains a local file inclusion vulnerability that may lead to + the execution of arbitrary code. + + phpmyadmin + October 17, 2005 + May 22, 2006: 02 + 108939 + local + + + 2.6.4_p2 + 2.6.4_p2 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL over the web. +

+ + +

+ Maksymilian Arciemowicz reported that in + libraries/grab_globals.lib.php, the $__redirect parameter was not + correctly validated. Systems running PHP in safe mode are not affected. +

+ + +

+ A local attacker may exploit this vulnerability by sending malicious + requests, causing the execution of arbitrary code with the rights of + the user running the web server. +

+ + +

+ Run PHP in safe mode. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.4_p2" + + + PMASA-2005-4 + CVE-2005-3299 + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-17.xml new file mode 100644 index 0000000000..c2a2192799 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-17.xml @@ -0,0 +1,67 @@ + + + + + AbiWord: New RTF import buffer overflows + + AbiWord is vulnerable to an additional set of buffer overflows during RTF + import, making it vulnerable to the execution of arbitrary code. + + AbiWord + October 20, 2005 + October 20, 2005: 01 + 109157 + remote + + + 2.2.11 + 2.2.11 + + + +

+ AbiWord is a free and cross-platform word processing program. It + allows to import RTF files into AbiWord documents. +

+ + +

+ Chris Evans discovered a different set of buffer overflows than + the one described in GLSA 200509-20 in the RTF import function in + AbiWord. +

+ + +

+ An attacker could design a malicious RTF file and entice a user to + import it in AbiWord, potentially resulting in the execution of + arbitrary code with the rights of the user running AbiWord. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AbiWord users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/abiword-2.2.11" + + + GLSA-200509-20 + CAN-2005-2972 + + + koon + + + formula7 + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-18.xml new file mode 100644 index 0000000000..5dc29e79ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-18.xml @@ -0,0 +1,73 @@ + + + + + Netpbm: Buffer overflow in pnmtopng + + The pnmtopng utility, part of the Netpbm tools, contains a vulnerability + which can potentially result in the execution of arbitrary code. + + Netpbm + October 20, 2005 + May 28, 2009: 06 + 109705 + remote + + + 10.29 + 10.26.32 + 10.26.33 + 10.26.42 + 10.26.43 + 10.26.44 + 10.26.48 + 10.26.49 + 10.26.52 + 10.26.53 + 10.26.59 + 10.26.61 + 10.29 + + + +

+ Netpbm is a package of 220 graphics programs and a programming library, + including pnmtopng, a tool to convert PNM image files to the PNG + format. +

+ + +

+ RedHat reported that pnmtopng is vulnerable to a buffer overflow. +

+ + +

+ An attacker could craft a malicious PNM file and entice a user to run + pnmtopng on it, potentially resulting in the execution of arbitrary + code with the permissions of the user running pnmtopng. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Netpbm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose media-libs/netpbm + + + CAN-2005-2978 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-19.xml new file mode 100644 index 0000000000..a102d105d8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-19.xml @@ -0,0 +1,68 @@ + + + + + cURL: NTLM username stack overflow + + cURL is vulnerable to a buffer overflow which could lead to the execution + of arbitrary code. + + cURL + October 22, 2005 + October 22, 2005: 01 + 109097 + remote + + + 7.15.0 + 7.15.0 + + + +

+ cURL is a command line tool and library for transferring files via + many different protocols. It supports NTLM authentication to retrieve + files from Windows-based systems. +

+ + +

+ iDEFENSE reported that insufficient bounds checking on a memcpy() + of the supplied NTLM username can result in a stack overflow. +

+ + +

+ A remote attacker could setup a malicious server and entice an + user to connect to it using a cURL client, potentially leading to the + execution of arbitrary code with the permissions of the user running + cURL. +

+ + +

+ Disable NTLM authentication by not using the --anyauth or --ntlm + options when using cURL (the command line version). Workarounds for + programs that use the cURL library depend on the configuration options + presented by those programs. +

+ + +

+ All cURL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.0" + + + CVE-2005-3185 + iDefense Security Advisory 10.13.05 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-20.xml new file mode 100644 index 0000000000..996f84d659 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-20.xml @@ -0,0 +1,69 @@ + + + + + Zope: File inclusion through RestructuredText + + Zope is vulnerable to a file inclusion vulnerability when exposing + RestructuredText functionalities to untrusted users. + + Zope + October 25, 2005 + May 22, 2006: 02 + 109087 + remote + + + 2.7.8 + 2.7.8 + 2.8.0 + 2.8.1 + + + +

+ Zope is an application server that can be used to build content + management systems, intranets, portals or other custom applications. +

+ + +

+ Zope honors file inclusion directives in RestructuredText objects by + default. +

+ + +

+ An attacker could exploit the vulnerability by sending malicious input + that would be interpreted in a RestructuredText Zope object, + potentially resulting in the execution of arbitrary Zope code with the + rights of the Zope server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Zope users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-zope/zope + + + Zope Hotfix 2005-10-09 Alert + CVE-2005-3323 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-21.xml new file mode 100644 index 0000000000..e7c7719b2b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-21.xml @@ -0,0 +1,72 @@ + + + + + phpMyAdmin: Local file inclusion and XSS vulnerabilities + + phpMyAdmin contains a local file inclusion vulnerability that may lead to + the execution of arbitrary code, along with several cross-site scripting + issues. + + phpmyadmin + October 25, 2005 + May 22, 2006: 02 + 110146 + local and remote + + + 2.6.4_p3 + 2.6.4_p3 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL over the web. +

+ + +

+ Stefan Esser discovered that by calling certain PHP files directly, it + was possible to workaround the grab_globals.lib.php security model and + overwrite the $cfg configuration array. Systems running PHP in safe + mode are not affected. Futhermore, Tobias Klein reported several + cross-site-scripting issues resulting from insufficient user input + sanitizing. +

+ + +

+ A local attacker may exploit this vulnerability by sending malicious + requests, causing the execution of arbitrary code with the rights of + the user running the web server. Furthermore, the cross-site scripting + issues give a remote attacker the ability to inject and execute + malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +

+ + +

+ There is no known workaround for all those issues at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.4_p3" + + + PMASA-2005-5 + CVE-2005-3300 + CVE-2005-3301 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-22.xml new file mode 100644 index 0000000000..a382162144 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-22.xml @@ -0,0 +1,69 @@ + + + + + SELinux PAM: Local password guessing attack + + A vulnerability in the SELinux version of PAM allows a local attacker to + brute-force system passwords. + + PAM + October 28, 2005 + October 28, 2005: 01 + 109485 + local + + + 0.78-r3 + 0.78-r3 + + + +

+ PAM (Pluggable Authentication Modules) is an architecture allowing + the separation of the development of privilege granting software from + the development of secure and appropriate authentication schemes. + SELinux is an operating system based on Linux which includes Mandatory + Access Control. +

+ + +

+ The SELinux patches for PAM introduce a vulnerability allowing a + password to be checked with the unix_chkpwd utility without delay or + logging. This vulnerability doesn't affect users who do not run + SELinux. +

+ + +

+ A local attacker could exploit this vulnerability to brute-force + passwords and escalate privileges on an SELinux system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SELinux PAM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/pam-0.78-r3" + + + CVE-2005-2977 + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-23.xml new file mode 100644 index 0000000000..0cf8291c9c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-23.xml @@ -0,0 +1,65 @@ + + + + + TikiWiki: XSS vulnerability + + TikiWiki is vulnerable to cross-site scripting attacks. + + tikiwiki + October 28, 2005 + May 22, 2006: 02 + 109858 + remote + + + 1.9.1.1 + 1.9.1.1 + + + +

+ TikiWiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +

+ + +

+ Due to improper input validation, TikiWiki can be exploited to perform + cross-site scripting attacks. +

+ + +

+ A remote attacker could exploit this to inject and execute malicious + script code or to steal cookie-based authentication credentials, + potentially compromising the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.1.1" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + CVE-2005-3283 + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-24.xml new file mode 100644 index 0000000000..876c266cda --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-24.xml @@ -0,0 +1,76 @@ + + + + + Mantis: Multiple vulnerabilities + + Mantis is affected by multiple vulnerabilities ranging from information + disclosure to arbitrary script execution. + + Mantis + October 28, 2005 + May 22, 2006: 02 + 110326 + remote + + + 0.19.3 + 0.19.3 + + + +

+ Mantis is a web-based bugtracking system written in PHP. +

+ + +

+ Mantis contains several vulnerabilities, including: +

+
    +
  • a remote file inclusion vulnerability
    • +
  • an SQL injection vulnerability
    • +
  • multiple cross site scripting vulnerabilities
    • +
  • multiple information disclosure vulnerabilities
    • +
+ + +

+ An attacker could exploit the remote file inclusion vulnerability to + execute arbitrary script code, and the SQL injection vulnerability to + access or modify sensitive information from the Mantis database. + Furthermore the cross-site scripting issues give an attacker the + ability to inject and execute malicious script code or to steal + cookie-based authentication credentials, potentially compromising the + victim's browser. An attacker could exploit other vulnerabilities to + disclose information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mantis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.3" + + + Mantis ChangeLog + CVE-2005-3335 + CVE-2005-3336 + CVE-2005-3337 + CVE-2005-3338 + CVE-2005-3339 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-25.xml new file mode 100644 index 0000000000..09939cd84b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-25.xml @@ -0,0 +1,85 @@ + + + + + Ethereal: Multiple vulnerabilities in protocol dissectors + + Ethereal is vulnerable to numerous vulnerabilities, potentially resulting + in the execution of arbitrary code or abnormal termination. + + Ethereal + October 30, 2005 + October 30, 2005: 01 + 109348 + remote + + + 0.10.13-r1 + 0.10.13-r1 + + + +

+ Ethereal is a feature-rich network protocol analyzer. +

+ + +

+ There are numerous vulnerabilities in versions of Ethereal prior + to 0.10.13, including: +

+
    +
  • The SLIM3 and AgentX dissectors + could overflow a buffer (CVE-2005-3243).
    • +
  • iDEFENSE discovered a + buffer overflow in the SRVLOC dissector (CVE-2005-3184).
    • +
  • Multiple potential crashes in many dissectors have been fixed, see + References for further details.
    • +
+

+ Furthermore an infinite + loop was discovered in the IRC protocol dissector of the 0.10.13 + release (CVE-2005-3313). +

+ + +

+ An attacker might be able to use these vulnerabilities to crash + Ethereal or execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.13-r1" + + + CVE-2005-3184 + CVE-2005-3241 + CVE-2005-3242 + CVE-2005-3243 + CVE-2005-3244 + CVE-2005-3245 + CVE-2005-3246 + CVE-2005-3247 + CVE-2005-3248 + CVE-2005-3249 + CVE-2005-3313 + Ethereal enpa-sa-00021 + + + jaervosz + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-26.xml new file mode 100644 index 0000000000..9caa1d54ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200510-26.xml @@ -0,0 +1,79 @@ + + + + + XLI, Xloadimage: Buffer overflow + + XLI and Xloadimage contain a vulnerability which could potentially result + in the execution of arbitrary code. + + xli xloadimage + October 30, 2005 + October 30, 2005: 01 + 108365 + remote + + + 1.17.0-r2 + 1.17.0-r2 + + + 4.1-r4 + 4.1-r4 + + + +

+ XLI and Xloadimage are X11 image manipulation utilities. +

+ + +

+ When XLI or Xloadimage process an image, they create a new image + object to contain the new image, copying the title from the old image + to the newly created image. Ariel Berkman reported that the 'zoom', + 'reduce', and 'rotate' functions use a fixed length buffer to contain + the new title, which could be overwritten by the NIFF or XPM image + processors. +

+ + +

+ A malicious user could craft a malicious XPM or NIFF file and + entice a user to view it using XLI, or manipulate it using Xloadimage, + potentially resulting in the execution of arbitrary code with the + permissions of the user running XLI or Xloadimage. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All XLI users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r2" +

+ All Xloadimage users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r4" + + + CAN-2005-3178 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-01.xml new file mode 100644 index 0000000000..a486e0716c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-01.xml @@ -0,0 +1,67 @@ + + + + + libgda: Format string vulnerabilities + + Two format string vulnerabilities in libgda may lead to the execution of + arbitrary code. + + libgda + November 02, 2005 + November 02, 2005: 01 + 110467 + remote + + + 1.2.2-r1 + 1.2.2-r1 + + + +

+ libgda is the library handling the data abstraction layer in the + Gnome data access architecture (GNOME-DB). It can also be used by + non-GNOME applications to manage data stored in databases or XML files. +

+ + +

+ Steve Kemp discovered two format string vulnerabilities in the + gda_log_error and gda_log_message functions. Some applications may pass + untrusted input to those functions and be vulnerable. +

+ + +

+ An attacker could pass malicious input to an application making + use of the vulnerable libgda functions, potentially resulting in the + execution of arbitrary code with the rights of that application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libgda users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-extra/libgda-1.2.2-r1" + + + CVE-2005-2958 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-02.xml new file mode 100644 index 0000000000..55f8f16005 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-02.xml @@ -0,0 +1,91 @@ + + + + + QDBM, ImageMagick, GDAL: RUNPATH issues + + Multiple packages suffer from RUNPATH issues that may allow users in the + "portage" group to escalate privileges. + + QDBM ImageMagick GDAL + November 02, 2005 + May 22, 2006: 02 + 105717 + 105760 + 108534 + local + + + 1.8.33-r2 + 1.8.33-r2 + + + 6.2.4.2-r1 + 6.2.4.2-r1 + + + 1.3.0-r1 + 1.2.6-r4 + 1.3.0-r1 + + + +

+ QDBM is a library of routines for managing a database. ImageMagick is a + collection of tools to read, write and manipulate images. GDAL is a + geospatial data abstraction library. +

+ + +

+ Some packages may introduce insecure paths into the list of directories + that are searched for libraries at runtime. Furthermore, packages + depending on the MakeMaker Perl module for build configuration may have + incorrectly copied the LD_RUN_PATH into the DT_RPATH. +

+ + +

+ A local attacker, who is a member of the "portage" group, could create + a malicious shared object in the Portage temporary build directory that + would be loaded at runtime by a dependent executable, potentially + resulting in privilege escalation. +

+ + +

+ Only grant "portage" group rights to trusted users. +

+ + +

+ All QDBM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/qdbm-1.8.33-r2" +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.4.2-r1" +

+ All GDAL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose sci-libs/gdal + + + CVE-2005-3580 + CVE-2005-3581 + CVE-2005-3582 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-03.xml new file mode 100644 index 0000000000..9ddf1b008c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-03.xml @@ -0,0 +1,68 @@ + + + + + giflib: Multiple vulnerabilities + + giflib may dereference NULL or write out of bounds when processing + malformed images, potentially resulting in Denial of Service or arbitrary + code execution. + + giflib + November 04, 2005 + November 04, 2005: 01 + 109997 + remote + + + 4.1.4 + 4.1.4 + + + +

+ giflib is a library for reading and writing GIF images. +

+ + +

+ Chris Evans and Daniel Eisenbud independently discovered two + out-of-bounds memory write operations and a NULL pointer dereference in + giflib. +

+ + +

+ An attacker could craft a malicious GIF image and entice users to + load it using an application making use of the giflib library, + resulting in an application crash or potentially the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All giflib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/giflib-4.1.4" + + + CVE-2005-2974 + CVE-2005-3350 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-04.xml new file mode 100644 index 0000000000..140fd276ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-04.xml @@ -0,0 +1,76 @@ + + + + + ClamAV: Multiple vulnerabilities + + ClamAV has many security flaws which make it vulnerable to remote execution + of arbitrary code and a Denial of Service. + + clamav + November 06, 2005 + May 22, 2006: 02 + 109213 + remote + + + 0.87.1 + 0.87.1 + + + +

+ ClamAV is a GPL anti-virus toolkit, designed for integration with mail + servers to perform attachment scanning. ClamAV also provides a command + line scanner and a tool for fetching updates of the virus database. +

+ + +

+ ClamAV has multiple security flaws: a boundary check was performed + incorrectly in petite.c, a buffer size calculation in unfsg_133 was + incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a + possible infinite loop in cabd_find was fixed in cabd.c . In addition + to this, Marcin Owsiany reported that a corrupted DOC file causes a + segmentation fault in ClamAV. +

+ + +

+ By sending a malicious attachment to a mail server that is hooked with + ClamAV, a remote attacker could cause a Denial of Service or the + execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87.1" + + + CAN-2005-3239 + CAN-2005-3303 + CVE-2005-3500 + CVE-2005-3501 + CVE-2005-3587 + ClamAV release notes + Zero Day Initiative advisory + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-05.xml new file mode 100644 index 0000000000..a38eba1252 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-05.xml @@ -0,0 +1,70 @@ + + + + + GNUMP3d: Directory traversal and XSS vulnerabilities + + GNUMP3d is vulnerable to directory traversal and cross-site scripting + attacks that may result in information disclosure or the compromise of a + browser. + + gnump3d + November 06, 2005 + August 21, 2007: 02 + 109667 + remote + + + 2.9_pre7 + 2.9_pre7 + + + +

+ GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and + other media formats. +

+ + +

+ Steve Kemp reported about two cross-site scripting attacks that are + related to the handling of files (CVE-2005-3424, CVE-2005-3425). Also + reported is a directory traversal vulnerability which comes from the + attempt to sanitize input paths (CVE-2005-3123). +

+ + +

+ A remote attacker could exploit this to disclose sensitive information + or inject and execute malicious script code, potentially compromising + the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNUMP3d users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9_pre7" + + + CVE-2005-3123 + CVE-2005-3424 + CVE-2005-3425 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-06.xml new file mode 100644 index 0000000000..67ff8f87bb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-06.xml @@ -0,0 +1,65 @@ + + + + + fetchmail: Password exposure in fetchmailconf + + fetchmailconf fails to properly handle file permissions, temporarily + exposing sensitive information to other local users. + + fetchmail + November 06, 2005 + November 06, 2005: 01 + 110366 + local + + + 6.2.5.2-r1 + 6.2.5.2-r1 + + + +

+ fetchmail is a utility that retrieves and forwards mail from + remote systems using IMAP, POP, and other protocols. It ships with + fetchmailconf, a graphical utility used to create configuration files. +

+ + +

+ Thomas Wolff discovered that fetchmailconf opens the configuration + file with default permissions, writes the configuration to it, and only + then restricts read permissions to the owner. +

+ + +

+ A local attacker could exploit the race condition to retrieve + sensitive information like IMAP/POP passwords. +

+ + +

+ Run "umask 077" to temporarily strengthen default permissions, + then run "fetchmailconf" from the same shell. +

+ + +

+ All fetchmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2-r1" + + + Fetchmail Security Advisory + CVE-2005-3088 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-07.xml new file mode 100644 index 0000000000..64c36820be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-07.xml @@ -0,0 +1,71 @@ + + + + + OpenVPN: Multiple vulnerabilities + + The OpenVPN client is potentially vulnerable to the execution of arbitrary + code and the OpenVPN server is vulnerable to a Denial of Service issue. + + OpenVPN + November 06, 2005 + November 06, 2005: 01 + 111116 + remote + + + 2.0.4 + 2.0.4 + + + +

+ OpenVPN is a multi-platform, full-featured SSL VPN solution. +

+ + +

+ The OpenVPN client contains a format string bug in the handling of + the foreign_option in options.c. Furthermore, when the OpenVPN server + runs in TCP mode, it may dereference a NULL pointer under specific + error conditions. +

+ + +

+ A remote attacker could setup a malicious OpenVPN server and trick + the user into connecting to it, potentially executing arbitrary code on + the client's computer. A remote attacker could also exploit the NULL + dereference issue by sending specific packets to an OpenVPN server + running in TCP mode, resulting in a Denial of Service condition. +

+ + +

+ Do not use "pull" or "client" options in the OpenVPN client + configuration file, and use UDP mode for the OpenVPN server. +

+ + +

+ All OpenVPN users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.0.4" + + + CVE-2005-3393 + CVE-2005-3409 + OpenVPN changelog + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-08.xml new file mode 100644 index 0000000000..7b7f495dea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-08.xml @@ -0,0 +1,116 @@ + + + + + PHP: Multiple vulnerabilities + + PHP suffers from multiple issues, resulting in security functions bypass, + local Denial of service, cross-site scripting or PHP variables overwrite. + + PHP + November 13, 2005 + November 13, 2005: 01 + 107602 + 111032 + remote and local + + + 4.3.11-r4 + 4.4.0-r4 + 4.4.0-r4 + + + 4.3.11-r4 + 4.4.0-r8 + 4.4.0-r8 + + + 4.3.11-r5 + 4.4.0-r5 + 4.4.0-r5 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run inside a web server using the + mod_php module or the CGI version and also stand-alone in a CLI. +

+ + +

+ Multiple vulnerabilities have been found and fixed in PHP: +

+
    +
  • a possible $GLOBALS variable overwrite problem through file + upload handling, extract() and import_request_variables() + (CVE-2005-3390)
    • +
  • a local Denial of Service through the use of + the session.save_path option (CVE-2005-3319)
    • +
  • an issue with + trailing slashes in allowed basedirs (CVE-2005-3054)
    • +
  • an issue + with calling virtual() on Apache 2, allowing to bypass safe_mode and + open_basedir restrictions (CVE-2005-3392)
    • +
  • a problem when a + request was terminated due to memory_limit constraints during certain + parse_str() calls (CVE-2005-3389)
    • +
  • The curl and gd modules + allowed to bypass the safe mode open_basedir restrictions + (CVE-2005-3391)
    • +
  • a cross-site scripting (XSS) vulnerability in + phpinfo() (CVE-2005-3388)
    • +
+ + +

+ Attackers could leverage these issues to exploit applications that + are assumed to be secure through the use of proper register_globals, + safe_mode or open_basedir parameters. Remote attackers could also + conduct cross-site scripting attacks if a page calling phpinfo() was + available. Finally, a local attacker could cause a local Denial of + Service using malicious session.save_path options. +

+ + +

+ There is no known workaround that would solve all issues at this + time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-php/php +

+ All mod_php users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-php/mod_php +

+ All php-cgi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-php/php-cgi + + + CVE-2005-3054 + CVE-2005-3319 + CVE-2005-3388 + CVE-2005-3389 + CVE-2005-3390 + CVE-2005-3391 + CVE-2005-3392 + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-09.xml new file mode 100644 index 0000000000..3193f8a99a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-09.xml @@ -0,0 +1,71 @@ + + + + + Lynx: Arbitrary command execution + + Lynx is vulnerable to an issue which allows the remote execution of + arbitrary commands. + + lynx + November 13, 2005 + November 13, 2005: 01 + 112213 + remote + + + 2.8.5-r2 + 2.8.5-r2 + + + +

+ Lynx is a fully-featured WWW client for users running + cursor-addressable, character-cell display devices such as vt100 + terminals and terminal emulators. +

+ + +

+ iDefense labs discovered a problem within the feature to execute + local cgi-bin programs via the "lynxcgi:" URI handler. Due to a + configuration error, the default settings allow websites to specify + commands to run as the user running Lynx. +

+ + +

+ A remote attacker can entice a user to access a malicious HTTP + server, causing Lynx to execute arbitrary commands. +

+ + +

+ Disable "lynxcgi" links by specifying the following directive in + lynx.cfg: +

+ + TRUSTED_LYNXCGI:none + + +

+ All Lynx users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.5-r2" + + + CVE-2005-2929 + iDefense Security Advisory 11.11.05 + + + taviso + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-10.xml new file mode 100644 index 0000000000..e29eb2a006 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-10.xml @@ -0,0 +1,81 @@ + + + + + RAR: Format string and buffer overflow vulnerabilities + + RAR contains a format string error and a buffer overflow vulnerability that + may be used to execute arbitrary code. + + rar + November 13, 2005 + November 13, 2005: 01 + 111926 + remote + + + 3.5.1 + 3.5.1 + + + +

+ RAR is a powerful archive manager that can decompress RAR, ZIP and + other files, and can create new archives in RAR and ZIP file format. +

+ + +

+ Tan Chew Keong reported about two vulnerabilities found in RAR: +

+
    +
  • A format string error exists when displaying a diagnostic + error message that informs the user of an invalid filename in an + UUE/XXE encoded file.
    • +
  • Some boundary errors in the processing + of malicious ACE archives can be exploited to cause a buffer + overflow.
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by enticing + a user to: +

+
  • decode a specially crafted UUE/XXE file, + or
    • +
  • extract a malicious ACE archive containing a file with an + overly long filename.
    • +
+

+ When the user performs these + actions, the arbitrary code of the attacker's choice will be executed. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RAR users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/rar-3.5.1" + + + RAR Release Notes + Secunia Research 11/10/2005 + + + jaervosz + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-11.xml new file mode 100644 index 0000000000..4af034f0d0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-11.xml @@ -0,0 +1,66 @@ + + + + + linux-ftpd-ssl: Remote buffer overflow + + A buffer overflow vulnerability has been found, allowing a remote attacker + to execute arbitrary code with escalated privileges on the local system. + + linux-ftpd-ssl + November 13, 2005 + December 30, 2007: 02 + 111573 + remote + + + 0.17-r3 + 0.17-r3 + + + +

+ linux-ftpd-ssl is the netkit FTP server with encryption support. +

+ + +

+ A buffer overflow vulnerability has been found in the + linux-ftpd-ssl package. A command that generates an excessively long + response from the server may overrun a stack buffer. +

+ + +

+ An attacker that has permission to create directories that are + accessible via the FTP server could exploit this vulnerability. + Successful exploitation would execute arbitrary code on the local + machine with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ftpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r3" + + + CVE-2005-3524 + + + koon + + + shellsage + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-12.xml new file mode 100644 index 0000000000..35ac66b13f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-12.xml @@ -0,0 +1,68 @@ + + + + + Scorched 3D: Multiple vulnerabilities + + Multiple vulnerabilities in Scorched 3D allow a remote attacker to deny + service or execute arbitrary code on game servers. + + scorched3d + November 15, 2005 + August 10, 2006: 03 + 111421 + remote + + + 40 + 39.1 + + + +

+ Scorched 3D is a clone of the classic "Scorched Earth" DOS game, adding + features like a 3D island environment and Internet multiplayer + capabilities. +

+ + +

+ Luigi Auriemma discovered multiple flaws in the Scorched 3D game + server, including a format string vulnerability and several buffer + overflows. +

+ + +

+ A remote attacker can exploit these vulnerabilities to crash a game + server or execute arbitrary code with the rights of the game server + user. Users not running a Scorched 3D game server are not affected by + these flaws. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Scorched 3D users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-strategy/scorched3d-40" + + + Original advisory + CVE-2005-3486 + CVE-2005-3487 + CVE-2005-3488 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-13.xml new file mode 100644 index 0000000000..5c01d1118f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-13.xml @@ -0,0 +1,80 @@ + + + + + Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer + + Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability which + may lead to the execution of arbitrary code. + + sylpheed sylpheed-claws + November 15, 2005 + November 15, 2005: 01 + 111853 + remote + + + 2.0.4 + 2.0.4 + + + 1.0.5-r1 + 1.0.5-r1 + + + +

+ Sylpheed is a lightweight email client and newsreader. + Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both + support the import of address books in LDIF (Lightweight Directory + Interchange Format). +

+ + +

+ Colin Leroy reported buffer overflow vulnerabilities in Sylpheed + and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to + store data of variable length. Two similar problems exist also in the + Mutt and Pine addressbook importers of Sylpheed-Claws. +

+ + +

+ By convincing a user to import a specially-crafted LDIF file into + the address book, a remote attacker could cause the program to crash, + potentially allowing the execution of arbitrary code with the + privileges of the user running the software. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sylpheed users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-2.0.4" +

+ All Sylpheed-Claws users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.5-r1" + + + CVE-2005-3354 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-14.xml new file mode 100644 index 0000000000..9720f8708c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-14.xml @@ -0,0 +1,83 @@ + + + + + GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities + + The GdkPixbuf library, that is also included in GTK+ 2, contains + vulnerabilities that could lead to a Denial of Service or the execution of + arbitrary code. + + gtk+ + November 16, 2005 + November 16, 2005: 01 + 112608 + remote + + + 2.8.6-r1 + 2.6.10-r1 + 2.0 + 2.8.6-r1 + + + 0.22.0-r5 + 0.22.0-r5 + + + +

+ GTK+ (the GIMP Toolkit) is a toolkit for creating graphical user + interfaces. The GdkPixbuf library provides facilities for image + handling. It is available as a standalone library and also packaged + with GTK+ 2. +

+ + +

+ iDEFENSE reported a possible heap overflow in the XPM loader + (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two + additional issues in the XPM processing functions : an integer overflow + (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop + (CVE-2005-2975). +

+ + +

+ Using a specially crafted XPM image an attacker could cause an + affected application to enter an infinite loop or trigger the + overflows, potentially allowing the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GTK+ 2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose x11-libs/gtk+ +

+ All GdkPixbuf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gdk-pixbuf-0.22.0-r5" + + + CVE-2005-2975 + CVE-2005-2976 + CVE-2005-3186 + iDefense Security Advisory 11.15.05 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-15.xml new file mode 100644 index 0000000000..1773b7842f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-15.xml @@ -0,0 +1,67 @@ + + + + + Smb4k: Local unauthorized file access + + A vulnerability has been identified that allows unauthorized access to the + contents of /etc/sudoers and /etc/super.tab files. + + Smb4k + November 18, 2005 + November 18, 2005: 01 + 111089 + local + + + 0.6.4 + 0.6.4 + + + +

+ Smb4K is a SMB/CIFS share browser for KDE. +

+ + +

+ A vulnerability leading to unauthorized file access has been + found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a + textfile will cause Smb4k to write the contents of these files to the + target of the symlink, as Smb4k does not check for the existence of + these files before writing to them. +

+ + +

+ An attacker could acquire local privilege escalation by adding + username(s) to the list of sudoers. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All smb4k users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.4" + + + CVE-2005-2851 + Smb4k Announcement + + + koon + + + koon + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-16.xml new file mode 100644 index 0000000000..cd4078c085 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-16.xml @@ -0,0 +1,73 @@ + + + + + GNUMP3d: Directory traversal and insecure temporary file creation + + Two vulnerabilities have been identified in GNUMP3d allowing for limited + directory traversal and insecure temporary file creation. + + GNUMP3d + November 21, 2005 + August 21, 2007: 02 + 111990 + remote + + + 2.9_pre7 + 2.9_pre7 + + + +

+ GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and + other media formats. +

+ + +

+ Ludwig Nussel from SUSE Linux has identified two vulnerabilities in + GNUMP3d. GNUMP3d fails to properly check for the existence of + /tmp/index.lok before writing to the file, allowing for local + unauthorized access to files owned by the user running GNUMP3d. GNUMP3d + also fails to properly validate the "theme" GET variable from CGI + input, allowing for unauthorized file inclusion. +

+ + +

+ An attacker could overwrite files owned by the user running GNUMP3d by + symlinking /tmp/index.lok to the file targeted for overwrite. An + attacker could also include arbitrary files by traversing up the + directory tree (at most two times, i.e. "../..") with the "theme" GET + variable. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNUMP3d users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9_pre7" + + + CVE-2005-3349 + CVE-2005-3355 + GNUMP3d Changelog + + + koon + + + koon + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-17.xml new file mode 100644 index 0000000000..3b0c673bf3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-17.xml @@ -0,0 +1,69 @@ + + + + + FUSE: mtab corruption through fusermount + + The fusermount utility from FUSE can be abused to corrupt the /etc/mtab + file contents, potentially allowing a local attacker to set unauthorized + mount options. + + FUSE + November 22, 2005 + November 22, 2005: 01 + 112902 + local + + + 2.4.1-r1 + 2.4.1-r1 + + + +

+ FUSE (Filesystem in Userspace) allows implementation of a fully + functional filesystem in a userspace program. The fusermount utility is + used to mount/unmount FUSE file systems. +

+ + +

+ Thomas Biege discovered that fusermount fails to securely handle + special characters specified in mount points. +

+ + +

+ A local attacker could corrupt the contents of the /etc/mtab file + by mounting over a maliciously-named directory using fusermount, + potentially allowing the attacker to set unauthorized mount options. + This is possible only if fusermount is installed setuid root, which is + the default in Gentoo. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FUSE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/fuse-2.4.1-r1" + + + CVE-2005-3531 + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-18.xml new file mode 100644 index 0000000000..78dbe89b08 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-18.xml @@ -0,0 +1,74 @@ + + + + + phpSysInfo: Multiple vulnerabilities + + phpSysInfo is vulnerable to multiple issues, including a local file + inclusion leading to information disclosure and the potential execution of + arbitrary code. + + phpsysinfo + November 22, 2005 + November 22, 2005: 01 + 112482 + local and remote + + + 2.4.1 + 2.4.1 + + + +

+ phpSysInfo displays various system stats via PHP scripts. +

+ + +

+ Christopher Kunz from the Hardened-PHP Project discovered + that phpSysInfo is vulnerable to local file inclusion, cross-site + scripting and a HTTP Response Splitting attacks. +

+ + +

+ A local attacker may exploit the file inclusion vulnerability by + sending malicious requests, causing the execution of arbitrary code + with the rights of the user running the web server. A remote attacker + could exploit the vulnerability to disclose local file content. + Furthermore, the cross-site scripting issues gives a remote attacker + the ability to inject and execute malicious script code in the user's + browser context or to steal cookie-based authentication credentials. + The HTTP response splitting issue give an attacker the ability to + perform site hijacking and cache poisoning. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpSysInfo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpsysinfo-2.4.1" + + + Original advisory + CVE-2005-3347 + CVE-2005-3348 + + + jaervosz + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-19.xml new file mode 100644 index 0000000000..7a5e26db4e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-19.xml @@ -0,0 +1,69 @@ + + + + + eix: Insecure temporary file creation + + eix has an insecure temporary file creation vulnerability, potentially + allowing a local user to overwrite arbitrary files. + + eix + November 22, 2005 + May 22, 2006: 02 + 112061 + local + + + 0.5.0_pre2 + 0.3.0-r2 + 0.5.0_pre2 + + + +

+ eix is a small utility for searching ebuilds with indexing for fast + results. +

+ + +

+ Eric Romang discovered that eix creates a temporary file with a + predictable name. eix creates a temporary file in /tmp/eix.*.sync where + * is the process ID of the shell running eix. +

+ + +

+ A local attacker can watch the process list and determine the process + ID of the shell running eix while the "emerge --sync" command is + running, then create a link from the corresponding temporary file to a + system file, which would result in the file being overwritten with the + rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All eix users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-portage/eix + + + CVE-2005-3785 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-20.xml new file mode 100644 index 0000000000..779863bc7f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-20.xml @@ -0,0 +1,72 @@ + + + + + Horde Application Framework: XSS vulnerability + + The Horde Application Framework is vulnerable to a cross-site scripting + vulnerability which could lead to the compromise of the victim's browser + content. + + horde + November 22, 2005 + November 22, 2005: 01 + 112491 + remote + + + 2.2.9 + 2.2.9 + + + +

+ The Horde Application Framework is a general-purpose web + application framework written in PHP, providing classes for handling + preferences, compression, browser detection, connection tracking, MIME, + and more. +

+ + +

+ The Horde Team reported a potential XSS vulnerability. Horde fails + to properly escape error messages which may lead to displaying + unsanitized error messages via Notification_Listener::getMessage() +

+ + +

+ By enticing a user to read a specially-crafted e-mail or using a + manipulated URL, an attacker can execute arbitrary scripts running in + the context of the victim's browser. This could lead to a compromise of + the user's browser content. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Horde Application Framework users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.9" + + + CVE-2005-3570 + Horde Announcement + + + jaervosz + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-21.xml new file mode 100644 index 0000000000..762ca04859 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-21.xml @@ -0,0 +1,73 @@ + + + + + Macromedia Flash Player: Remote arbitrary code execution + + A vulnerability has been identified that allows arbitrary code execution on + a user's system via the handling of malicious SWF files. + + Flash + November 25, 2005 + May 28, 2009: 02 + 112251 + remote + + + 7.0.61 + 7.0.61 + + + +

+ The Macromedia Flash Player is a renderer for the popular SWF + filetype which is commonly used to provide interactive websites, + digital experiences and mobile content. +

+ + +

+ When handling a SWF file, the Macromedia Flash Player incorrectly + validates the frame type identifier stored in the SWF file which is + used as an index to reference an array of function pointers. A + specially crafted SWF file can cause this index to reference memory + outside of the scope of the Macromedia Flash Player, which in turn can + cause the Macromedia Flash Player to use unintended memory address(es) + as function pointers. +

+ + +

+ An attacker serving a maliciously crafted SWF file could entice a + user to view the SWF file and execute arbitrary code on the user's + machine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Macromedia Flash Player users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-7.0.61" + + + CVE-2005-2628 + Macromedia Announcement + + + koon + + + shellsage + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-22.xml new file mode 100644 index 0000000000..2ba0a5f91b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-22.xml @@ -0,0 +1,67 @@ + + + + + Inkscape: Buffer overflow + + A vulnerability has been identified that allows a specially crafted SVG + file to exploit a buffer overflow and potentially execute arbitrary code + when opened. + + Inkscape + November 28, 2005 + November 28, 2005: 01 + 109993 + remote + + + 0.43 + 0.43 + + + +

+ Inkscape is an Open Source vector graphics editor using the W3C + standard Scalable Vector Graphics (SVG) file format. +

+ + +

+ Joxean Koret has discovered that Inkscape incorrectly allocates + memory when opening an SVG file, creating the possibility of a buffer + overflow if the SVG file being opened is specially crafted. +

+ + +

+ An attacker could entice a user into opening a maliciously crafted + SVG file, allowing for the execution of arbitrary code on a machine + with the privileges of the user running Inkscape. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Inkscape users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/inkscape-0.43" + + + CVE-2005-3737 + + + koon + + + shellsage + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-23.xml new file mode 100644 index 0000000000..24e69b190e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200511-23.xml @@ -0,0 +1,78 @@ + + + + + chmlib, KchmViewer: Stack-based buffer overflow + + chmlib and KchmViewer contain a buffer overflow vulnerability which may + lead to the execution of arbitrary code. + + chmlib kchmviewer + November 28, 2005 + May 28, 2009: 03 + 110557 + remote + + + 0.37.4 + 0.37.4 + + + 1.1 + 1.1 + + + +

+ chmlib is a library for dealing with Microsoft ITSS and CHM format + files. KchmViewer is a CHM viewer that includes its own copy of the + chmlib library. +

+ + +

+ Sven Tantau reported about a buffer overflow vulnerability in + chmlib. The function "_chm_decompress_block()" does not properly + perform boundary checking, resulting in a stack-based buffer overflow. +

+ + +

+ By convincing a user to open a specially crafted ITSS or CHM file, + using KchmViewer or a program makes use of chmlib, a remote attacker + could execute arbitrary code with the privileges of the user running + the software. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All chmlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/chmlib-0.37.4" +

+ All KchmViewer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/kchmviewer-1.1" + + + CVE-2005-3318 + + + koon + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-01.xml new file mode 100644 index 0000000000..5ff3cfcff3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-01.xml @@ -0,0 +1,84 @@ + + + + + Perl: Format string errors can lead to code execution + + A fix is available for Perl to mitigate the effects of format string + programming errors, that could otherwise be exploited to execute arbitrary + code. + + Perl + December 07, 2005 + December 07, 2005: 01 + 114113 + remote and local + + + 5.8.7-r3 + 5.8.6-r8 + 5.8.7-r3 + + + +

+ Perl is a stable, cross-platform programming language created by + Larry Wall. It contains printf functions that allows construction of + strings from format specifiers and parameters, like the C printf + functions. A well-known class of vulnerabilities, called format string + errors, result of the improper use of the printf functions in C. Perl + in itself is vulnerable to a limited form of format string errors + through its own sprintf function, especially through wrapper functions + that call sprintf (for example the syslog function) and by taking + advantage of Perl powerful string expansion features rather than using + format string specifiers. +

+ + +

+ Jack Louis discovered a new way to exploit format string errors in + Perl that could lead to the execution of arbitrary code. This is + perfomed by causing an integer wrap overflow in the efix variable + inside the function Perl_sv_vcatpvfn. The proposed fix closes that + specific exploitation vector to mitigate the risk of format string + programming errors in Perl. This fix does not remove the need to fix + such errors in Perl code. +

+ + +

+ Perl applications making improper use of printf functions (or + derived functions) using untrusted data may be vulnerable to the + already-known forms of Perl format string exploits and also to the + execution of arbitrary code. +

+ + +

+ Fix all misbehaving Perl applications so that they make proper use + of the printf and derived Perl functions. +

+ + +

+ All Perl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-lang/perl + + + CVE-2005-3962 + Dyad Security Advisory + Research on format string errors in Perl + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-02.xml new file mode 100644 index 0000000000..0da8a3d03c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-02.xml @@ -0,0 +1,81 @@ + + + + + Webmin, Usermin: Format string vulnerability + + Webmin and Usermin are vulnerable to a format string vulnerability which + may lead to the execution of arbitrary code. + + webmin usermin + December 07, 2005 + December 07, 2005: 01 + 113888 + remote + + + 1.250 + 1.250 + + + 1.180 + 1.180 + + + +

+ Webmin is a web-based interface for Unix-like systems. Usermin is + a simplified version of Webmin designed for use by normal users rather + than system administrators. +

+ + +

+ Jack Louis discovered that the Webmin and Usermin "miniserv.pl" + web server component is vulnerable to a Perl format string + vulnerability. Login with the supplied username is logged via the Perl + "syslog" facility in an unsafe manner. +

+ + +

+ A remote attacker can trigger this vulnerability via a specially + crafted username containing format string data. This can be exploited + to consume a large amount of CPU and memory resources on a vulnerable + system, and possibly to execute arbitrary code of the attacker's choice + with the permissions of the user running Webmin. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Webmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/webmin-1.250" +

+ All Usermin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/usermin-1.180" + + + CVE-2005-3912 + Dyad Security Advisory + + + koon + + + jaervosz + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-03.xml new file mode 100644 index 0000000000..6d5388c3b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-03.xml @@ -0,0 +1,78 @@ + + + + + phpMyAdmin: Multiple vulnerabilities + + Multiple flaws in phpMyAdmin may lead to several XSS issues and local and + remote file inclusion vulnerabilities. + + phpmyadmin + December 11, 2005 + December 11, 2005: 01 + 114662 + remote + + + 2.7.0_p1 + 2.7.0_p1 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL over the web. +

+ + +

+ Stefan Esser from Hardened-PHP reported about multiple + vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows + modifying the global variable import_blacklist to open phpMyAdmin to + local and remote file inclusion, depending on your PHP version + (CVE-2005-4079, PMASA-2005-9). Furthermore, it is also possible to + conduct an XSS attack via the $HTTP_HOST variable and a local and + remote file inclusion because the contents of the variable are under + total control of the attacker (CVE-2005-3665, PMASA-2005-8). +

+ + +

+ A remote attacker may exploit these vulnerabilities by sending + malicious requests, causing the execution of arbitrary code with the + rights of the user running the web server. The cross-site scripting + issues allow a remote attacker to inject and execute malicious script + code or to steal cookie-based authentication credentials, potentially + allowing unauthorized access to phpMyAdmin. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.7.0_p1" + + + CVE-2005-3665 + CVE-2005-4079 + PMASA-2005-8 + PMASA-2005-9 + Hardened-PHP Advisory 25/2005 + + + jaervosz + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-04.xml new file mode 100644 index 0000000000..e13e4a17ee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-04.xml @@ -0,0 +1,87 @@ + + + + + Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation + + Openswan and IPsec-Tools suffer from an implementation flaw which may allow + a Denial of Service attack. + + openswan ipsec-tools + December 12, 2005 + December 14, 2005: 02 + 112568 + 113201 + remote + + + 2.4.4 + 2.4.4 + + + 0.6.3 + 0.6.2-r1 + 0.4-r2 + 0.6.3 + + + +

+ Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port + of KAME's implementation of the IPsec utilities, including racoon, an + Internet Key Exchange daemon. Internet Key Exchange version 1 (IKEv1), + a derivate of ISAKMP, is an important part of IPsec. IPsec is widely + used to secure exchange of packets at the IP layer and mostly used to + implement Virtual Private Networks (VPNs). +

+ + +

+ The Oulu University Secure Programming Group (OUSPG) discovered that + various ISAKMP implementations, including Openswan and racoon (included + in the IPsec-Tools package), behave in an anomalous way when they + receive and handle ISAKMP Phase 1 packets with invalid or abnormal + contents. +

+ + +

+ A remote attacker could craft specific packets that would result in a + Denial of Service attack, if Openswan and racoon are used in specific, + weak configurations. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Openswan users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.4" +

+ All IPsec-Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-firewall/ipsec-tools + + + CVE-2005-3671 + CVE-2005-3732 + Original Advisory + + + jaervosz + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-05.xml new file mode 100644 index 0000000000..36c17e95ee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-05.xml @@ -0,0 +1,66 @@ + + + + + Xmail: Privilege escalation through sendmail + + The sendmail program in Xmail is vulnerable to a buffer overflow, + potentially resulting in local privilege escalation. + + xmail + December 14, 2005 + December 14, 2005: 01 + 109381 + local + + + 1.22 + 1.22 + + + +

+ Xmail is an Internet and intranet mail server. +

+ + +

+ iDEFENSE reported that the AddressFromAtPtr function in the + sendmail program fails to check bounds on arguments passed from other + functions, and as a result an exploitable stack overflow condition + occurs when specifying the "-t" command line option. +

+ + +

+ A local attacker can make a malicious call to sendmail, + potentially resulting in code execution with elevated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/xmail-1.22" + + + CVE-2005-2943 + iDEFENSE Security Advisory + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-06.xml new file mode 100644 index 0000000000..79a82a847a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-06.xml @@ -0,0 +1,67 @@ + + + + + Ethereal: Buffer overflow in OSPF protocol dissector + + Ethereal is missing bounds checking in the OSPF protocol dissector that + could lead to abnormal program termination or the execution of arbitrary + code. + + Ethereal + December 14, 2005 + December 14, 2005: 01 + 115030 + remote + + + 0.10.13-r2 + 0.10.13-r2 + + + +

+ Ethereal is a feature-rich network protocol analyzer. It provides + protocol analyzers for various network flows, including one for Open + Shortest Path First (OSPF) Interior Gateway Protocol. +

+ + +

+ iDEFENSE reported a possible overflow due to the lack of bounds + checking in the dissect_ospf_v3_address_prefix() function, part of the + OSPF protocol dissector. +

+ + +

+ An attacker might be able to craft a malicious network flow that + would crash Ethereal. It may be possible, though unlikely, to exploit + this flaw to execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.13-r2" + + + CVE-2005-3651 + iDEFENSE Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-07.xml new file mode 100644 index 0000000000..52d8604c26 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-07.xml @@ -0,0 +1,77 @@ + + + + + OpenLDAP, Gauche: RUNPATH issues + + OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the + "portage" group to escalate privileges. + + OpenLDAP Gauche + December 15, 2005 + December 30, 2007: 03 + 105380 + 112577 + local + + + 2.2.28-r3 + 2.1.30-r6 + 2.2.28-r3 + + + 0.8.6-r1 + 0.8.6-r1 + + + +

+ OpenLDAP is a suite of LDAP-related application and development tools. + Gauche is an R5RS Scheme interpreter. +

+ + +

+ Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths + into the list of directories that are searched for libraries at + runtime. +

+ + +

+ A local attacker, who is a member of the "portage" group, could create + a malicious shared object in the Portage temporary build directory that + would be loaded at runtime by a dependent binary, potentially resulting + in privilege escalation. +

+ + +

+ Only grant "portage" group rights to trusted users. +

+ + +

+ All OpenLDAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-nds/openldap +

+ All Gauche users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-scheme/gauche-0.8.6-r1" + + + CVE-2005-4442 + CVE-2005-4443 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-08.xml new file mode 100644 index 0000000000..7bb32e7dea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-08.xml @@ -0,0 +1,102 @@ + + + + + Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and + Poppler potentially resulting in the execution of arbitrary code. + + xpdf, gpdf, poppler,cups + December 16, 2005 + December 17, 2005: 02 + 114428 + 115286 + remote + + + 3.01-r2 + 3.01-r2 + + + 2.10.0-r2 + 2.10.0-r2 + + + 0.4.2-r1 + 0.3.0-r1 + 0.4.2-r1 + + + 1.1.23-r3 + 1.1.23-r3 + + + +

+ Xpdf and GPdf are PDF file viewers that run under the X Window System. + Poppler is a PDF rendering library based on Xpdf code. The Common UNIX + Printing System (CUPS) is a cross-platform print spooler. It makes use + of Xpdf code to handle PDF files. +

+ + +

+ infamous41md discovered that several Xpdf functions lack sufficient + boundary checking, resulting in multiple exploitable buffer overflows. +

+ + +

+ An attacker could entice a user to open a specially-crafted PDF file + which would trigger an overflow, potentially resulting in execution of + arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or + Poppler. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r2" +

+ All GPdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r2" +

+ All Poppler users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-text/poppler +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r3" + + + CVE-2005-3191 + CVE-2005-3192 + CVE-2005-3193 + + + jaervosz + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-09.xml new file mode 100644 index 0000000000..72d3f938a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-09.xml @@ -0,0 +1,75 @@ + + + + + cURL: Off-by-one errors in URL handling + + cURL is vulnerable to local arbitrary code execution via buffer overflow + due to the insecure parsing of URLs. + + cURL + December 16, 2005 + December 16, 2005: 01 + 114710 + local + + + 7.15.1 + 7.15.1 + + + +

+ cURL is a command line tool for transferring files with URL + syntax, supporting numerous protocols. +

+ + +

+ Stefan Esser from the Hardened-PHP Project has reported a + vulnerability in cURL that allows for a local buffer overflow when cURL + attempts to parse specially crafted URLs. The URL can be specially + crafted in one of two ways: the URL could be malformed in a way that + prevents a terminating null byte from being added to either a hostname + or path buffer; or the URL could contain a "?" separator in the + hostname portion, which causes a "/" to be prepended to the resulting + string. +

+ + +

+ An attacker capable of getting cURL to parse a maliciously crafted + URL could cause a denial of service or execute arbitrary code with the + privileges of the user making the call to cURL. An attacker could also + escape open_basedir or safe_mode pseudo-restrictions when exploiting + this problem from within a PHP program when PHP is compiled with + libcurl. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All cURL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.1" + + + CVE-2005-4077 + Hardened-PHP Advisory + + + koon + + + shellsage + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-10.xml new file mode 100644 index 0000000000..8425233746 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-10.xml @@ -0,0 +1,67 @@ + + + + + Opera: Command-line URL shell command injection + + Lack of URL validation in Opera command-line wrapper could be abused to + execute arbitrary commands. + + opera + December 18, 2005 + December 18, 2005: 01 + 113239 + remote + + + 8.51 + 8.51 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ Peter Zelezny discovered that the shell script used to launch + Opera parses shell commands that are enclosed within backticks in the + URL provided via the command line. +

+ + +

+ A remote attacker could exploit this vulnerability by enticing a + user to follow a specially crafted URL from a tool that uses Opera to + open URLs, resulting in the execution of arbitrary commands on the + targeted machine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-8.51" + + + CVE-2005-3750 + Opera 8.51 Changelog + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-11.xml new file mode 100644 index 0000000000..238fee3659 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-11.xml @@ -0,0 +1,73 @@ + + + + + CenterICQ: Multiple vulnerabilities + + CenterICQ is vulnerable to a Denial of Service issue, and also potentially + to the execution of arbitrary code through an included vulnerable ktools + library. + + CenterICQ + December 20, 2005 + December 20, 2005: 01 + 100519 + 114038 + remote + + + 4.21.0-r2 + 4.21.0-r2 + + + +

+ CenterICQ is a text-based instant messaging interface that + supports multiple protocols. It includes the ktools library, which + provides text-mode user interface controls. +

+ + +

+ Gentoo developer Wernfried Haas discovered that when the "Enable + peer-to-peer communications" option is enabled, CenterICQ opens a port + that insufficiently validates whatever is sent to it. Furthermore, + Zone-H Research reported a buffer overflow in the ktools library. +

+ + +

+ A remote attacker could cause a crash of CenterICQ by sending + packets to the peer-to-peer communications port, and potentially cause + the execution of arbitrary code by enticing a CenterICQ user to edit + overly long contact details. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CenterICQ users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/centericq-4.21.0-r2" + + + CVE-2005-3694 + CVE-2005-3863 + Zone-H Research ZRCSA 200503 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-12.xml new file mode 100644 index 0000000000..dc2da3e906 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-12.xml @@ -0,0 +1,77 @@ + + + + + Mantis: Multiple vulnerabilities + + Mantis is affected by multiple vulnerabilities ranging from file upload and + SQL injection to cross-site scripting and HTTP response splitting. + + Mantis + December 22, 2005 + May 22, 2006: 02 + 116036 + remote + + + 0.19.4 + 0.19.4 + + + +

+ Mantis is a web-based bugtracking system written in PHP. +

+ + +

+ Tobias Klein discovered that Mantis contains several vulnerabilities, + including: +

+
    +
  • a file upload vulnerability.
    • +
  • an injection vulnerability in filters.
    • +
  • an SQL injection vulnerability in the user-management page.
    • +
  • a port cross-site-scripting vulnerability in filters.
    • +
  • an HTTP header CRLF injection vulnerability.
    • +
+ + +

+ An attacker could possibly exploit the file upload vulnerability to + execute arbitrary script code, and the SQL injection vulnerability to + access or modify sensitive information from the Mantis database. + Furthermore, the cross-site scripting and HTTP response splitting may + allow an attacker to inject and execute malicious script code or to + steal cookie-based authentication credentials, potentially compromising + the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mantis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.4" + + + Mantis ChangeLog + CVE-2005-4518 + CVE-2005-4519 + CVE-2005-4520 + CVE-2005-4521 + CVE-2005-4522 + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-13.xml new file mode 100644 index 0000000000..efe43b69a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-13.xml @@ -0,0 +1,66 @@ + + + + + Dropbear: Privilege escalation + + A buffer overflow in Dropbear could allow authenticated users to execute + arbitrary code as the root user. + + dropbear + December 23, 2005 + December 23, 2005: 01 + 116006 + remote + + + 0.47 + 0.47 + + + +

+ Dropbear is an SSH server and client with a small memory + footprint. +

+ + +

+ Under certain conditions Dropbear could fail to allocate a + sufficient amount of memory, possibly resulting in a buffer overflow. +

+ + +

+ By sending specially crafted data to the server, authenticated + users could exploit this vulnerability to execute arbitrary code with + the permissions of the SSH server user, which is the root user by + default. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dropbear users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dropbear-0.47" + + + CVE-2005-4178 + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-14.xml new file mode 100644 index 0000000000..3532089379 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-14.xml @@ -0,0 +1,62 @@ + + + + + NBD Tools: Buffer overflow in NBD server + + The NBD server is vulnerable to a buffer overflow that may result in the + execution of arbitrary code. + + NBD + December 23, 2005 + December 23, 2005: 01 + 116314 + remote + + + 2.8.2-r1 + 2.8.2-r1 + + + +

+ The NBD Tools are the Network Block Device utilities allowing one + to use remote block devices over a TCP/IP network. It includes a + userland NBD server. +

+ + +

+ Kurt Fitzner discovered that the NBD server allocates a request + buffer that fails to take into account the size of the reply header. +

+ + +

+ A remote attacker could send a malicious request that can result + in the execution of arbitrary code with the rights of the NBD server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NBD Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-block/nbd-2.8.2-r1" + + + CVE-2005-3534 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-15.xml new file mode 100644 index 0000000000..4613e4d32e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-15.xml @@ -0,0 +1,66 @@ + + + + + rssh: Privilege escalation + + Local users could gain root privileges by chrooting into arbitrary + directories. + + rssh + December 27, 2005 + December 27, 2005: 01 + 115082 + local + + + 2.3.0 + 2.3.0 + + + +

+ rssh is a restricted shell, allowing only a few commands like scp + or sftp. It is often used as a complement to OpenSSH to provide limited + access to users. +

+ + +

+ Max Vozeler discovered that the rssh_chroot_helper command allows + local users to chroot into arbitrary directories. +

+ + +

+ A local attacker could exploit this vulnerability to gain root + privileges by chrooting into arbitrary directories. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All rssh users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.0" + + + CVE-2005-3345 + rssh security announcement + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-16.xml new file mode 100644 index 0000000000..c5ee35508e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-16.xml @@ -0,0 +1,79 @@ + + + + + OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library + + Two buffer overflows have been discovered in libUil, part of the OpenMotif + toolkit, that can potentially lead to the execution of arbitrary code. + + openmotif + December 28, 2005 + January 29, 2006: 03 + 114234 + 116481 + remote + + + 2.2.3-r8 + 2.1.30-r13 + 2.2.3-r8 + + + 2.2.1 + 2.2.1 + + + +

+ OpenMotif provides a free version of the Motif toolkit for open source + applications. The OpenMotif libraries are included in the AMD64 x86 + emulation X libraries, which emulate the x86 (32-bit) architecture on + the AMD64 (64-bit) architecture. +

+ + +

+ xfocus discovered two potential buffer overflows in the libUil library, + in the diag_issue_diagnostic and open_source_file functions. +

+ + +

+ Remotely-accessible or SUID applications making use of the affected + functions might be exploited to execute arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenMotif users should upgrade to an unaffected version: +

+ + # emerge --sync + # emerge --ask --oneshot --unmerge --verbose x11-libs/openmotif + # emerge --ask --oneshot --verbose x11-libs/openmotif +

+ All AMD64 x86 emulation X libraries users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-xlibs + + + CVE-2005-3964 + xfocus SD-051202 Original Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-17.xml new file mode 100644 index 0000000000..fa0d13a483 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-17.xml @@ -0,0 +1,70 @@ + + + + + scponly: Multiple privilege escalation issues + + Local users can exploit an scponly flaw to gain root privileges, and + scponly restricted users can use another vulnerability to evade shell + restrictions. + + scponly + December 29, 2005 + May 22, 2006: 02 + 116526 + local and remote + + + 4.2 + 4.2 + + + +

+ scponly is a restricted shell, allowing only a few predefined commands. + It is often used as a complement to OpenSSH to provide access to remote + users without providing any remote execution privileges. +

+ + +

+ Max Vozeler discovered that the scponlyc command allows users to chroot + into arbitrary directories. Furthermore, Pekka Pessi reported that + scponly insufficiently validates command-line parameters to a scp or + rsync command. +

+ + +

+ A local attacker could gain root privileges by chrooting into arbitrary + directories containing hardlinks to setuid programs. A remote scponly + user could also send malicious parameters to a scp or rsync command + that would allow to escape the shell restrictions and execute arbitrary + programs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All scponly users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/scponly-4.2" + + + scponly release notes + CVE-2005-4532 + CVE-2005-4533 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-18.xml new file mode 100644 index 0000000000..808df8257c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-18.xml @@ -0,0 +1,71 @@ + + + + + XnView: Privilege escalation + + XnView may search for shared libraries in an untrusted location, + potentially allowing local users to execute arbitrary code with the + privileges of another user. + + xnview + December 30, 2005 + May 22, 2006: 02 + 117063 + local + + + 1.70-r1 + 1.70-r1 + + + +

+ XnView is an efficient multimedia viewer, browser and converter, + distributed free for non-commercial use. +

+ + +

+ Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for + IA32 used the DT_RPATH field insecurely, causing the dynamic loader to + search for shared libraries in potentially untrusted directories. +

+ + +

+ A local attacker could create a malicious shared object that would be + loaded and executed when a user attempted to use an XnView utility. + This would allow a malicious user to effectively hijack XnView and + execute arbitrary code with the privileges of the user running the + program. +

+ + +

+ The system administrator may use the chrpath utility to remove the + DT_RPATH field from the XnView utilities: +

+ + # emerge app-admin/chrpath + # chrpath --delete /opt/bin/nconvert /opt/bin/nview /opt/bin/xnview + + +

+ All XnView users on the x86 platform should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/xnview-1.70-r1" + + + CVE-2005-4595 + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-01.xml new file mode 100644 index 0000000000..31f3e169eb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-01.xml @@ -0,0 +1,65 @@ + + + + + pinentry: Local privilege escalation + + pinentry is vulnerable to privilege escalation. + + pinentry + January 03, 2006 + January 03, 2006: 01 + 116822 + local + + + 0.7.2-r2 + 0.7.2-r2 + + + +

+ pinentry is a collection of simple PIN or passphrase entry dialogs + which utilize the Assuan protocol. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team has + discovered that the pinentry ebuild incorrectly sets the permissions of + the pinentry binaries upon installation, so that the sgid bit is set + making them execute with the privileges of group ID 0. +

+ + +

+ A user of pinentry could potentially read and overwrite files with + a group ID of 0. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pinentry users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/pinentry-0.7.2-r2" + + + CVE-2006-0071 + + + koon + + + koon + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-02.xml new file mode 100644 index 0000000000..79ec4e782c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-02.xml @@ -0,0 +1,106 @@ + + + + + KPdf, KWord: Multiple overflows in included Xpdf code + + KPdf and KWord both include vulnerable Xpdf code to handle PDF files, + making them vulnerable to the execution of arbitrary code. + + kdegraphics, kpdf, koffice, kword + January 04, 2006 + January 07, 2006: 03 + 114429 + 115851 + remote + + + 3.4.3-r3 + 3.4.3-r3 + + + 3.4.3-r3 + 3.4.3-r3 + + + 1.4.2-r6 + 1.4.2-r6 + + + 1.4.2-r6 + 1.4.2-r6 + + + +

+ KPdf is a KDE-based PDF viewer included in the kdegraphics package. + KWord is a KDE-based word processor also included in the koffice + package. +

+ + +

+ KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf + code is vulnerable to several heap overflows (GLSA 200512-08) as well + as several buffer and integer overflows discovered by Chris Evans + (CESA-2005-003). +

+ + +

+ An attacker could entice a user to open a specially crafted PDF file + with Kpdf or KWord, potentially resulting in the execution of arbitrary + code with the rights of the user running the affected application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdegraphics users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r3" +

+ All Kpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r3" +

+ All KOffice users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.2-r6" +

+ All KWord users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.2-r6" + + + CAN-2005-3191 + CAN-2005-3192 + CAN-2005-3193 + CVE-2005-3624 + CVE-2005-3625 + CVE-2005-3626 + CVE-2005-3627 + CVE-2005-3628 + GLSA 200512-08 + KDE Security Advisory: kpdf/xpdf multiple integer overflows + CESA-2005-003 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-03.xml new file mode 100644 index 0000000000..e5907b8969 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-03.xml @@ -0,0 +1,66 @@ + + + + + HylaFAX: Multiple vulnerabilities + + HylaFAX is vulnerable to arbitrary code execution and unauthorized access + vulnerabilities. + + hylafax + January 06, 2006 + January 06, 2006: 01 + 116389 + remote + + + 4.2.3-r1 + 4.2.3-r1 + + + +

+ HylaFAX is an enterprise-class system for sending and receiving + facsimile messages and for sending alpha-numeric pages. +

+ + +

+ Patrice Fournier discovered that HylaFAX runs the notify script on + untrusted user input. Furthermore, users can log in without a password + when HylaFAX is installed with the pam USE-flag disabled. +

+ + +

+ An attacker could exploit the input validation vulnerability to + run arbitrary code as the user running HylaFAX, which is usually uucp. + The password vulnerability could be exploited to log in without proper + user credentials. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All HylaFAX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.3-r1" + + + CVE-2005-3538 + CVE-2005-3539 + HylaFAX release announcement + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-04.xml new file mode 100644 index 0000000000..17792d3cd1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-04.xml @@ -0,0 +1,68 @@ + + + + + VMware Workstation: Vulnerability in NAT networking + + VMware guest operating systems can execute arbitrary code with elevated + privileges on the host operating system through a flaw in NAT networking. + + VMware + January 07, 2006 + May 25, 2006: 02 + 116238 + remote and local + + + 5.5.1.19175 + 4.5.3.19414 + 3.2.1.2242-r10 + 5.5.1.19175 + + + +

+ VMware Workstation is a powerful virtual machine for developers and + system administrators. +

+ + +

+ Tim Shelton discovered that vmnet-natd, the host module providing + NAT-style networking for VMware guest operating systems, is unable to + process incorrect 'EPRT' and 'PORT' FTP requests. +

+ + +

+ Malicious guest operating systems using the NAT networking feature or + local VMware Workstation users could exploit this vulnerability to + execute arbitrary code on the host system with elevated privileges. +

+ + +

+ Disable the NAT service by following the instructions at http://www.vmware.com/support/k + b, Answer ID 2002. +

+ + +

+ All VMware Workstation users should upgrade to a fixed version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose app-emulation/vmware-workstation + + + CVE-2005-4459 + VMware Security Response + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-05.xml new file mode 100644 index 0000000000..17a8018948 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-05.xml @@ -0,0 +1,68 @@ + + + + + mod_auth_pgsql: Multiple format string vulnerabilities + + Format string vulnerabilities in mod_auth_pgsql may lead to the execution + of arbitrary code. + + mod_auth_pgsql + January 10, 2006 + December 30, 2007: 03 + 118096 + remote + + + 2.0.3 + 1.0.0 + 2.0.3 + + + +

+ mod_auth_pgsql is an Apache2 module that allows user authentication + against a PostgreSQL database. +

+ + +

+ The error logging functions of mod_auth_pgsql fail to validate certain + strings before passing them to syslog, resulting in format string + vulnerabilities. +

+ + +

+ An unauthenticated remote attacker could exploit these vulnerabilities + to execute arbitrary code with the rights of the user running the + Apache2 server by sending specially crafted login names. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mod_auth_pgsql users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_auth_pgsql-2.0.3" + + + CVE-2005-3656 + FrSIRT ADV-2006-0070 + + + DerCorny + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-06.xml new file mode 100644 index 0000000000..2cc1ea14cf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-06.xml @@ -0,0 +1,81 @@ + + + + + xine-lib, FFmpeg: Heap-based buffer overflow + + xine-lib and FFmpeg are vulnerable to a buffer overflow that may be + exploited by attackers to execute arbitrary code. + + xine-lib ffmpeg + January 10, 2006 + January 10, 2006: 01 + 115849 + 116181 + remote + + + 1.1.1-r3 + 1.1.1-r3 + + + 0.4.9_p20051216 + 0.4.9_p20051216 + + + +

+ xine is a GPL high-performance, portable and reusable multimedia + playback engine. xine-lib is xine's core engine. FFmpeg is a very fast + video and audio converter and is used in xine-lib. +

+ + +

+ Simon Kilvington has reported a vulnerability in FFmpeg + libavcodec. The flaw is due to a buffer overflow error in the + "avcodec_default_get_buffer()" function. This function doesn't properly + handle specially crafted PNG files as a result of a heap overflow. +

+ + +

+ A remote attacker could entice a user to run an FFmpeg based + application on a maliciously crafted PNG file, resulting in the + execution of arbitrary code with the permissions of the user running + the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.1-r3" +

+ All FFmpeg users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20051216" + + + CVE-2005-4048 + Original advisory + + + koon + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-07.xml new file mode 100644 index 0000000000..67c792702f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-07.xml @@ -0,0 +1,67 @@ + + + + + ClamAV: Remote execution of arbitrary code + + ClamAV is vulnerable to a buffer overflow which may lead to remote + execution of arbitrary code. + + clamav + January 13, 2006 + January 13, 2006: 01 + 118459 + remote + + + 0.88 + 0.88 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ Zero Day Initiative (ZDI) reported a heap buffer overflow + vulnerability. The vulnerability is due to an incorrect boundary check + of the user-supplied data prior to copying it to an insufficiently + sized memory buffer. The flaw occurs when the application attempts to + handle compressed UPX files. +

+ + +

+ For example by sending a maliciously crafted UPX file into a mail + server that is integrated with ClamAV, a remote attacker's supplied + code could be executed with escalated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88" + + + CVE-2006-0162 + + + DerCorny + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-08.xml new file mode 100644 index 0000000000..c533c06926 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-08.xml @@ -0,0 +1,66 @@ + + + + + Blender: Heap-based buffer overflow + + Blender is vulnerable to a buffer overflow that may be exploited by + attackers to execute arbitrary code. + + blender + January 13, 2006 + January 13, 2006: 01 + 118163 + remote + + + 2.40 + 2.40 + + + +

+ Blender is an open source software for 3D modeling, animation, + rendering, post-production, interactive creation and playback. +

+ + +

+ Damian Put has reported a flaw due to an integer overflow in the + "get_bhead()" function, leading to a heap overflow when processing + malformed ".blend" files. +

+ + +

+ A remote attacker could entice a user into opening a specially + crafted ".blend" file, resulting in the execution of arbitrary code + with the permissions of the user running Blender. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Blender users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.40" + + + CVE-2005-4470 + + + DerCorny + + + DerCorny + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-09.xml new file mode 100644 index 0000000000..be6b5c02a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-09.xml @@ -0,0 +1,66 @@ + + + + + Wine: Windows Metafile SETABORTPROC vulnerability + + There is a flaw in Wine in the handling of Windows Metafiles (WMF) files, + which could possibly result in the execution of arbitrary code. + + wine + January 13, 2006 + February 26, 2007: 03 + 118101 + remote + + + 0.9 + 20060000 + 20040000 + + + +

+ Wine is a free implementation of Windows APIs for Unix-like systems. +

+ + +

+ H D Moore discovered that Wine implements the insecure-by-design + SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. +

+ + +

+ An attacker could entice a user to open a specially crafted Windows + Metafile (WMF) file from within a Wine executed Windows application, + possibly resulting in the execution of arbitrary code with the rights + of the user running Wine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wine users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0" + + + CVE-2006-0106 + + + DerCorny + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-10.xml new file mode 100644 index 0000000000..b581baffa4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-10.xml @@ -0,0 +1,104 @@ + + + + + Sun and Blackdown Java: Applet privilege escalation + + Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate + their privileges. + + sun-jdk sun-jre-bin blackdown-jre blackdown-jdk + January 16, 2006 + January 16, 2006: 01 + 118114 + remote + + + 1.4.2.09 + 1.4.2.09 + + + 1.4.2.09 + 1.4.2.09 + + + 1.4.2.03 + 1.4.2.03 + + + 1.4.2.03 + 1.4.2.03 + + + +

+ Sun and Blackdown both provide implementations of the Java + Development Kit (JDK) and Java Runtime Environment (JRE). +

+ + +

+ Adam Gowdiak discovered multiple vulnerabilities in the Java + Runtime Environment's Reflection APIs that may allow untrusted applets + to elevate privileges. +

+ + +

+ A remote attacker could embed a malicious Java applet in a web + page and entice a victim to view it. This applet can then bypass + security restrictions and execute any command or access any file with + the rights of the user running the web browser. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Sun JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.09" +

+ All Sun JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.09" +

+ All Blackdown JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.03" +

+ All Blackdown JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.03" +

+ Note to SPARC and PPC users: There is no stable secure + Blackdown Java for the SPARC or PPC architectures. Affected users on + the PPC architecture should consider switching to the IBM Java packages + (ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should + remove the package until a SPARC package is released. +

+ + + CVE-2005-3905 + CVE-2005-3906 + Sun Security Alert ID 102003 + Blackdown Java-Linux Security Advisory + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-11.xml new file mode 100644 index 0000000000..4ec44092f1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-11.xml @@ -0,0 +1,64 @@ + + + + + KDE kjs: URI heap overflow vulnerability + + KDE fails to properly validate URIs when handling javascript, potentially + resulting in the execution of arbitrary code. + + KDE + January 22, 2006 + January 22, 2006: 01 + 118550 + remote + + + 3.4.3-r1 + 3.4.3-r1 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. kjs is the javascript interpreter used in + Konqueror and other parts of KDE. +

+ + +

+ Maksim Orlovich discovered an incorrect bounds check in kjs when + handling URIs. +

+ + +

+ By enticing a user to load a specially crafted webpage containing + malicious javascript, an attacker could execute arbitrary code with the + rights of the user running kjs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdelibs-3.4.3-r1 + + + CVE-2006-0019 + KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability + + + jaervosz + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-12.xml new file mode 100644 index 0000000000..68319bdf67 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-12.xml @@ -0,0 +1,70 @@ + + + + + Trac: Cross-site scripting vulnerability + + Trac is vulnerable to a cross-site scripting attack that could allow + arbitrary JavaScript code execution. + + trac + January 26, 2006 + January 26, 2006: 01 + 118302 + remote + + + 0.9.3 + 0.9.3 + + + +

+ Trac is a minimalistic web-based project management, wiki and bug + tracking system including a Subversion interface. +

+ + +

+ Christophe Truc discovered that Trac fails to properly sanitize + input passed in the URL. +

+ + +

+ A remote attacker could exploit this to inject and execute + malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Trac users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/trac-0.9.3" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + CVE-2005-4305 + Trac Changelog + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-13.xml new file mode 100644 index 0000000000..3b34bd6c5a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-13.xml @@ -0,0 +1,73 @@ + + + + + Gallery: Cross-site scripting vulnerability + + Gallery is possibly vulnerable to a cross-site scripting attack that could + allow arbitrary JavaScript code execution. + + gallery + January 26, 2006 + January 26, 2006: 01 + 119590 + remote + + + 1.5.2 + 1.5.2 + + + +

+ Gallery is a web application written in PHP which is used to + organize and publish photo albums. It allows multiple users to build + and maintain their own albums. It also supports the mirroring of images + on other servers. +

+ + +

+ Peter Schumacher discovered that Gallery fails to sanitize the + fullname set by users, possibly leading to a cross-site scripting + vulnerability. +

+ + +

+ By setting a specially crafted fullname, an attacker can inject + and execute script code in the victim's browser window and potentially + compromise the user's gallery. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gallery users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.2" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + Gallery Announcement + CVE-2006-0330 + + + DerCorny + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-14.xml new file mode 100644 index 0000000000..bf262341b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-14.xml @@ -0,0 +1,67 @@ + + + + + LibAST: Privilege escalation + + A buffer overflow in LibAST may result in execution of arbitrary code with + escalated privileges. + + LibAST + January 29, 2006 + January 29, 2006: 02 + 120106 + local + + + 0.7 + 0.7 + + + +

+ LibAST is a utility library that was originally intended to accompany + Eterm, but may be used by various other applications. +

+ + +

+ Michael Jennings discovered an exploitable buffer overflow in the + configuration engine of LibAST. +

+ + +

+ The vulnerability can be exploited to gain escalated privileges if the + application using LibAST is setuid/setgid and passes a specifically + crafted filename to LibAST's configuration engine. +

+ + +

+ Identify all applications linking against LibAST and verify they are + not setuid/setgid. +

+ + +

+ All users should upgrade to the latest version and run revdep-rebuild: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libast-0.7" + # revdep-rebuild + + + CVE-2006-0224 + + + DerCorny + + + frilled + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-15.xml new file mode 100644 index 0000000000..b5c2a15b25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-15.xml @@ -0,0 +1,64 @@ + + + + + Paros: Default administrator password + + Paros's database component is installed without a password, allowing + execution of arbitrary system commands. + + Paros + January 29, 2006 + January 29, 2006: 01 + 120352 + remote + + + 3.2.5 + 3.2.5 + + + +

+ Paros is an intercepting proxy between a web server and a client + meant to be used for security assessments. It allows the user to watch + and modify the HTTP(S) traffic. +

+ + +

+ Andrew Christensen discovered that in older versions of Paros the + database component HSQLDB is installed with an empty password for the + database administrator "sa". +

+ + +

+ Since the database listens globally by default, an attacker can + connect and issue arbitrary commands, including execution of binaries + installed on the host. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Paros users should upgrade to the latest version: +

+ + # emerge --snyc + # emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8" + + + CVE-2005-3280 + + + frilled + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-16.xml new file mode 100644 index 0000000000..55ab9402fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-16.xml @@ -0,0 +1,63 @@ + + + + + MyDNS: Denial of Service + + MyDNS contains a vulnerability that may lead to a Denial of Service attack. + + MyDNS + January 30, 2006 + January 30, 2006: 01 + 119548 + remote + + + 1.1.0 + 1.1.0 + + + +

+ MyDNS is a DNS server using a MySQL database as a backend. It is + designed to allow for fast updates and small resource usage. +

+ + +

+ MyDNS contains an unspecified flaw that may allow a remote Denial + of Service. +

+ + +

+ An attacker could cause a Denial of Service by sending malformed + DNS queries to the MyDNS server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MyDNS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/mydns-1.1.0" + + + CVE-2006-0351 + + + DerCorny + + + frilled + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-17.xml new file mode 100644 index 0000000000..0f2c314026 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200601-17.xml @@ -0,0 +1,115 @@ + + + + + Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows + + Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer + overflows that may be exploited to execute arbitrary code. + + xpdf poppler gpdf libextractor pdftohtml + January 30, 2006 + January 30, 2006: 01 + 117481 + 117494 + 117495 + 115789 + 118665 + remote + + + 3.01-r5 + 3.01-r5 + + + 0.4.3-r4 + 0.4.3-r4 + + + 2.10.0-r3 + 2.10.0-r3 + + + 0.5.9 + 0.5.9 + + + 0.36-r4 + + + +

+ Xpdf is a PDF file viewer that runs under the X Window System. + Poppler is a PDF rendering library based on the Xpdf 3.0 code base. + GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. + libextractor is a library which includes Xpdf code to extract arbitrary + meta-data from files. pdftohtml is a utility to convert PDF files to + HTML or XML formats that makes use of Xpdf code to decode PDF files. +

+ + +

+ Chris Evans has reported some integer overflows in Xpdf when + attempting to calculate buffer sizes for memory allocation, leading to + a heap overflow and a potential infinite loop when handling malformed + input files. +

+ + +

+ By sending a specially crafted PDF file to a victim, an attacker + could cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5" +

+ All Poppler users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4" +

+ All GPdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3" +

+ All libextractor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9" +

+ All pdftohtml users should migrate to the latest stable version + of Poppler. +

+ + + CVE-2005-3627 + CVE-2005-3626 + CVE-2005-3625 + CVE-2005-3624 + + + jaervosz + + + adir + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-01.xml new file mode 100644 index 0000000000..9cc96bc3c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-01.xml @@ -0,0 +1,72 @@ + + + + + GStreamer FFmpeg plugin: Heap-based buffer overflow + + The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be + exploited by attackers to execute arbitrary code. + + gst-plugins-ffmpeg + February 05, 2006 + February 05, 2006: 01 + 119512 + remote + + + 0.8.7-r1 + 0.8.7-r1 + + + +

+ The GStreamer FFmpeg plugin uses code from the FFmpeg library to + provide fast colorspace conversion and multimedia decoders to the + GStreamer open source media framework. +

+ + +

+ The GStreamer FFmpeg plugin contains derived code from the FFmpeg + library, which is vulnerable to a heap overflow in the + "avcodec_default_get_buffer()" function discovered by Simon Kilvington + (see GLSA 200601-06). +

+ + +

+ A remote attacker could entice a user to run an application using + the GStreamer FFmpeg plugin on a maliciously crafted PIX_FMT_PAL8 + format image file (like PNG images), possibly leading to the execution + of arbitrary code with the permissions of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GStreamer FFmpeg plugin users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-ffmpeg-0.8.7-r1" + + + CVE-2005-4048 + GLSA 200601-06 + + + DerCorny + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-02.xml new file mode 100644 index 0000000000..b0c676c2f3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-02.xml @@ -0,0 +1,62 @@ + + + + + ADOdb: PostgresSQL command injection + + ADOdb is vulnerable to SQL injections if used in conjunction with a + PostgreSQL database. + + ADOdb + February 06, 2006 + February 06, 2006: 01 + 120215 + remote + + + 4.71 + 4.71 + + + +

+ ADOdb is an abstraction library for PHP creating a common API for + a wide range of database backends. +

+ + +

+ Andy Staudacher discovered that ADOdb does not properly sanitize + all parameters. +

+ + +

+ By sending specifically crafted requests to an application that + uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw + to execute arbitrary SQL queries on the host. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ADOdb users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71" + + + CVE-2006-0410 + + + DerCorny + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-03.xml new file mode 100644 index 0000000000..26d6ee249e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-03.xml @@ -0,0 +1,99 @@ + + + + + Apache: Multiple vulnerabilities + + Apache can be exploited for cross-site scripting attacks and is vulnerable + to a Denial of Service attack. + + Apache + February 06, 2006 + December 30, 2007: 03 + 115324 + 118875 + remote + + + 2.0.55-r1 + 2.0.54-r16 + 1.3.34-r2 + 1.3.34-r11 + 1.3.37 + 2.0.55-r1 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + Internet. mod_imap provides support for server-side image maps; mod_ssl + provides secure HTTP connections. +

+ + +

+ Apache's mod_imap fails to properly sanitize the "Referer" directive of + imagemaps in some cases, leaving the HTTP Referer header unescaped. A + flaw in mod_ssl can lead to a NULL pointer dereference if the site uses + a custom "Error 400" document. These vulnerabilities were reported by + Marc Cox and Hartmut Keil, respectively. +

+ + +

+ A remote attacker could exploit mod_imap to inject arbitrary HTML or + JavaScript into a user's browser to gather sensitive information. + Attackers could also cause a Denial of Service on hosts using the SSL + module (Apache 2.0.x only). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache users should upgrade to the latest version, depending on + whether they still use the old configuration style + (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf). +

+

+ 2.0.x users, new style config: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.55-r1" +

+ 2.0.x users, old style config: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=www-servers/apache-2.0.54-r16" +

+ 1.x users, new style config: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=www-servers/apache-1.3.34-r11" +

+ 1.x users, old style config: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=www-servers/apache-1.3.34-r2" + + + CVE-2005-3352 + CVE-2005-3357 + + + koon + + + frilled + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-04.xml new file mode 100644 index 0000000000..d950f9fba3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-04.xml @@ -0,0 +1,75 @@ + + + + + Xpdf, Poppler: Heap overflow + + Xpdf and Poppler are vulnerable to a heap overflow that may be exploited to + execute arbitrary code. + + xpdf poppler + February 12, 2006 + February 12, 2006: 01 + 120985 + remote + + + 3.01-r7 + 3.01-r7 + + + 0.5.0-r4 + 0.5.0-r4 + + + +

+ Xpdf is a PDF file viewer that runs under the X Window System. + Poppler is a PDF rendering library based on the Xpdf 3.0 code base. +

+ + +

+ Dirk Mueller has reported a vulnerability in Xpdf. It is caused by + a missing boundary check in the splash rasterizer engine when handling + PDF splash images with overly large dimensions. +

+ + +

+ By sending a specially crafted PDF file to a victim, an attacker + could cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r7" +

+ All Poppler users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.5.0-r4" +

+

+ + + CVE-2006-0301 + + + adir + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-05.xml new file mode 100644 index 0000000000..ed8fc501fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-05.xml @@ -0,0 +1,74 @@ + + + + + KPdf: Heap based overflow + + KPdf includes vulnerable Xpdf code to handle PDF files, making it + vulnerable to the execution of arbitrary code. + + kdegraphics, kpdf + February 12, 2006 + February 12, 2006: 01 + 121375 + remote + + + 3.4.3-r4 + 3.4.3-r4 + + + 3.4.3-r4 + 3.4.3-r4 + + + +

+ KPdf is a KDE-based PDF viewer included in the kdegraphics + package. +

+ + +

+ KPdf includes Xpdf code to handle PDF files. Dirk Mueller + discovered that the Xpdf code is vulnerable a heap based overflow in + the splash rasterizer engine. +

+ + +

+ An attacker could entice a user to open a specially crafted PDF + file with Kpdf, potentially resulting in the execution of arbitrary + code with the rights of the user running the affected application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdegraphics users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r4" +

+ All Kpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r4" + + + CVE-2006-0301 + KDE Security Advisory: kpdf/xpdf heap based buffer overflow + + + jaervosz + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-06.xml new file mode 100644 index 0000000000..41c5b8ed00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-06.xml @@ -0,0 +1,69 @@ + + + + + ImageMagick: Format string vulnerability + + A vulnerability in ImageMagick allows attackers to crash the application + and potentially execute arbitrary code. + + ImageMagick + February 13, 2006 + February 13, 2006: 01 + 83542 + remote + + + 6.2.5.5 + 6.2.5.5 + + + +

+ ImageMagick is an application suite to manipulate and convert + images. It is often used as a utility backend by web applications like + forums, content management systems or picture galleries. +

+ + +

+ The SetImageInfo function was found vulnerable to a format string + mishandling. Daniel Kobras discovered that the handling of "%"-escaped + sequences in filenames passed to the function is inadequate. This is a + new vulnerability that is not addressed by GLSA 200503-11. +

+ + +

+ By feeding specially crafted file names to ImageMagick, an + attacker can crash the program and possibly execute arbitrary code with + the privileges of the user running ImageMagick. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.5.5" + + + CVE-2006-0082 + GLSA 200503-11 + + + jaervosz + + + frilled + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-07.xml new file mode 100644 index 0000000000..84b77ebd24 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-07.xml @@ -0,0 +1,85 @@ + + + + + Sun JDK/JRE: Applet privilege escalation + + Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not + adequately constrain applets from privilege escalation and arbitrary code + execution. + + Sun JDK, applet + February 15, 2006 + February 15, 2006: 01 + 122156 + remote + + + 1.4.2.10 + 1.4.2.10 + + + 1.4.2.10 + 1.4.2.10 + + + +

+ Sun's JDK and JRE provide interpreters for Java Applets in a + sandboxed environment. These implementations provide the Java Web Start + technology that can be used for easy client-side deployment of Java + applications. +

+ + +

+ Applets executed using JRE or JDK can use "reflection" APIs + functions to elevate its privileges beyond the sandbox restrictions. + Adam Gowdiak discovered five vulnerabilities that use this method for + privilege escalation. Two more vulnerabilities were discovered by the + vendor. Peter Csepely discovered that Web Start Java applications also + can an escalate their privileges. +

+ + +

+ A malicious Java applet can bypass Java sandbox restrictions and + hence access local files, connect to arbitrary network locations and + execute arbitrary code on the user's machine. Java Web Start + applications are affected likewise. +

+ + +

+ Select another Java implementation using java-config. +

+ + +

+ All Sun JDK users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.10" +

+ All Sun JRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.10" + + + Sun Security Alert ID 102170 + Sun Security Alert ID 102171 + CVE-2006-0614 + CVE-2006-0615 + CVE-2006-0616 + CVE-2006-0617 + + + dragonheart + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-08.xml new file mode 100644 index 0000000000..85b9cabc42 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-08.xml @@ -0,0 +1,80 @@ + + + + + libtasn1, GNU TLS: Security flaw in DER decoding + + A flaw in the parsing of Distinguished Encoding Rules (DER) has been + discovered in libtasn1, potentially resulting in the execution of arbitrary + code. + + libtasn1 + February 16, 2006 + February 16, 2006: 01 + 122307 + remote + + + 0.2.18 + 0.2.18 + + + 1.2.10 + 1.2.10 + + + +

+ Libtasn1 is a library used to parse ASN.1 (Abstract Syntax + Notation One) objects, and perform DER (Distinguished Encoding Rules) + decoding. Libtasn1 is included with the GNU TLS library, which is used + by applications to provide a cryptographically secure communications + channel. +

+ + +

+ Evgeny Legerov has reported a flaw in the DER decoding routines + provided by libtasn1, which could cause an out of bounds access to + occur. +

+ + +

+ A remote attacker could cause an application using libtasn1 to + crash and potentially execute arbitrary code by sending specially + crafted input. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libtasn1 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-0.2.18" +

+ All GNU TLS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-1.2.10" + + + CVE-2006-0645 + + + koon + + + koon + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-09.xml new file mode 100644 index 0000000000..5b5e5a435d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-09.xml @@ -0,0 +1,65 @@ + + + + + BomberClone: Remote execution of arbitrary code + + BomberClone is vulnerable to a buffer overflow which may lead to remote + execution of arbitrary code. + + games-action/bomberclone + February 16, 2006 + February 16, 2006: 01 + 121605 + remote + + + 0.11.6.2-r1 + 0.11.6.2-r1 + + + +

+ BomberClone is a remake of the classic game "BomberMan". It + supports multiple players via IP network connection. +

+ + +

+ Stefan Cornelius of the Gentoo Security team discovered multiple + missing buffer checks in BomberClone's code. +

+ + +

+ By sending overly long error messages to the game via network, a + remote attacker may exploit buffer overflows to execute arbitrary code + with the rights of the user running BomberClone. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BomberClone users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-action/bomberclone-0.11.6.2-r1" + + + CVE-2006-0460 + + + koon + + + koon + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-10.xml new file mode 100644 index 0000000000..a949449012 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-10.xml @@ -0,0 +1,69 @@ + + + + + GnuPG: Incorrect signature verification + + Applications relying on GnuPG to authenticate digital signatures may + incorrectly believe a signature has been verified. + + gnupg + February 18, 2006 + February 18, 2006: 01 + 122721 + remote + + + 1.4.2.1 + 1.4.2.1 + + + +

+ GnuPG (The GNU Privacy Guard) is a free replacement for PGP + (Pretty Good Privacy). As GnuPG does not rely on any patented + algorithms, it can be used without any restrictions. gpgv is the + OpenPGP signature verification tool provided by the GnuPG system. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Auditing Team + discovered that automated systems relying on the return code of GnuPG + or gpgv to authenticate digital signatures may be misled by malformed + signatures. GnuPG documentation states that a return code of zero (0) + indicates success, however gpg and gpgv may also return zero if no + signature data was found in a detached signature file. +

+ + +

+ An attacker may be able to bypass authentication in automated + systems relying on the return code of gpg or gpgv to authenticate + digital signatures. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuPG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.2.1" + + + GnuPG Security Announcement + CVE-2006-0455 + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-11.xml new file mode 100644 index 0000000000..cc92681b7a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-11.xml @@ -0,0 +1,80 @@ + + + + + OpenSSH, Dropbear: Insecure use of system() call + + A flaw in OpenSSH and Dropbear allows local users to elevate their + privileges via scp. + + OpenSSH + February 20, 2006 + February 20, 2006: 01 + 119232 + local + + + 4.2_p1-r1 + 4.2_p1-r1 + + + 0.47-r1 + 0.47-r1 + + + +

+ OpenSSH is a free application suite consisting of server and + clients that replace tools like telnet, rlogin, rcp and ftp with more + secure versions offering additional functionality. Dropbear is an SSH + server and client designed with a small memory footprint that includes + OpenSSH scp code. +

+ + +

+ To copy from a local filesystem to another local filesystem, scp + constructs a command line using 'cp' which is then executed via + system(). Josh Bressers discovered that special characters are not + escaped by scp, but are simply passed to the shell. +

+ + +

+ By tricking other users or applications to use scp on maliciously + crafted filenames, a local attacker user can execute arbitrary commands + with the rights of the user running scp. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSH users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.2_p1-r1" +

+ All Dropbear users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dropbear-0.47-r1" + + + CVE-2006-0225 + + + jaervosz + + + frilled + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-12.xml new file mode 100644 index 0000000000..caee5f4337 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-12.xml @@ -0,0 +1,65 @@ + + + + + GPdf: heap overflows in included Xpdf code + + GPdf includes vulnerable Xpdf code to handle PDF files, making it + vulnerable to the execution of arbitrary code. + + gpdf + February 21, 2006 + February 21, 2006: 01 + 121511 + remote + + + 2.10.0-r4 + 2.10.0-r4 + + + +

+ GPdf is a Gnome PDF viewer. +

+ + +

+ Dirk Mueller found a heap overflow vulnerability in the XPdf + codebase when handling splash images that exceed size of the associated + bitmap. +

+ + +

+ An attacker could entice a user to open a specially crafted PDF + file with GPdf, potentially resulting in the execution of arbitrary + code with the rights of the user running the affected application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GPdf users should upgrade to the latest version. +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r4" + + + CVE-2006-0301 + + + koon + + + koon + + + dragonheart + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-13.xml new file mode 100644 index 0000000000..6a05487d3b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-13.xml @@ -0,0 +1,69 @@ + + + + + GraphicsMagick: Format string vulnerability + + A vulnerability in GraphicsMagick allows attackers to crash the application + and potentially execute arbitrary code. + + graphicsmagick + February 26, 2006 + February 26, 2006: 01 + 119476 + remote + + + 1.1.7 + 1.1.7 + + + +

+ GraphicsMagick is a collection of tools to read, write and + manipulate images in many formats. +

+ + +

+ The SetImageInfo function was found vulnerable to a format string + mishandling. Daniel Kobras discovered that the handling of "%"-escaped + sequences in filenames passed to the function is inadequate in + ImageMagick GLSA 200602-06 and the same vulnerability exists in + GraphicsMagick. +

+ + +

+ By feeding specially crafted file names to GraphicsMagick an + attacker can crash the program and possibly execute arbitrary code with + the privileges of the user running GraphicsMagick. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GraphicsMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.7" + + + GLSA 200602-06 + CVE-2006-0082 + + + koon + + + dragonheart + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-14.xml new file mode 100644 index 0000000000..6bb30b05fe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200602-14.xml @@ -0,0 +1,67 @@ + + + + + noweb: Insecure temporary file creation + + noweb is vulnerable to symlink attacks, potentially allowing a local user + to overwrite arbitrary files. + + noweb + February 26, 2006 + February 26, 2006: 01 + 122705 + local + + + 2.9-r5 + 2.9-r5 + + + +

+ noweb is a simple, extensible, and language independent literate + programming tool. +

+ + +

+ Javier Fernandez-Sanguino has discovered that the lib/toascii.nw + and shell/roff.mm scripts insecurely create temporary files with + predictable filenames. +

+ + +

+ A local attacker could create symbolic links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + an affected script is called, this would result in the file being + overwritten with the rights of the user running the script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All noweb users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/noweb-2.9-r5" + + + CVE-2005-3342 + + + DerCorny + + + DerCorny + + + formula7 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-01.xml new file mode 100644 index 0000000000..83b7d94301 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-01.xml @@ -0,0 +1,66 @@ + + + + + WordPress: SQL injection vulnerability + + WordPress is vulnerable to an SQL injection vulnerability. + + WordPress + March 04, 2006 + March 04, 2006: 01 + 121661 + remote + + + 2.0.1 + 1.5.2 + + + +

+ WordPress is a PHP and MySQL based content management and + publishing system. +

+ + +

+ Patrik Karlsson reported that WordPress 1.5.2 makes use of an + insufficiently filtered User Agent string in SQL queries related to + comments posting. This vulnerability was already fixed in the + 2.0-series of WordPress. +

+ + +

+ An attacker could send a comment with a malicious User Agent + parameter, resulting in SQL injection and potentially in the subversion + of the WordPress database. This vulnerability wouldn't affect WordPress + sites which do not allow comments or which require that comments go + through a moderator. +

+ + +

+ Disable or moderate comments on your WordPress blogs. +

+ + +

+ All WordPress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.1" + + + CVE-2006-1012 + + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-02.xml new file mode 100644 index 0000000000..ceec8b49c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-02.xml @@ -0,0 +1,91 @@ + + + + + teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code + + CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle PDF files, + making them vulnerable to the execution of arbitrary code. + + tetex + March 04, 2006 + March 04, 2006: 01 + 115775 + remote + + + 2.0.2-r8 + 2.0.2-r8 + + + 2.0.2-r2 + 2.0.2-r2 + + + 3.1.5-r1 + 3.1.5-r1 + + + +

+ teTex is a complete TeX distribution. It is used for creating and + manipulating LaTeX documents. CSTeX is a TeX distribution with Czech + and Slovak support. pTeX is and ASCII publishing TeX distribution. +

+ + +

+ CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This + XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as + well as several buffer and integer overflows discovered by Chris Evans + (CESA-2005-003). +

+ + +

+ An attacker could entice a user to open a specially crafted PDF + file with teTeX, pTeX or CSTeX, potentially resulting in the execution + of arbitrary code with the rights of the user running the affected + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All teTex users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8" +

+ All CSTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2" +

+ All pTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1" + + + CVE-2005-3193 + GLSA 200512-08 + CESA-2005-003 + + + koon + + + dragonheart + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-03.xml new file mode 100644 index 0000000000..5200b6ce65 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-03.xml @@ -0,0 +1,71 @@ + + + + + MPlayer: Multiple integer overflows + + MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding that + could potentially result in the execution of arbitrary code. + + MPlayer + March 04, 2006 + June 21, 2006: 02 + 115760 + 122029 + remote + + + 1.0.20060217 + 1.0_pre8 + 1.0.20060217 + + + +

+ MPlayer is a media player capable of handling multiple multimedia file + formats. +

+ + +

+ MPlayer makes use of the FFmpeg library, which is vulnerable to a heap + overflow in the avcodec_default_get_buffer() function discovered by + Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security + Research discovered two integer overflows in ASF file format decoding, + in the new_demux_packet() function from libmpdemux/demuxer.h and the + demux_asf_read_packet() function from libmpdemux/demux_asf.c. +

+ + +

+ An attacker could craft a malicious media file which, when opened using + MPlayer, would lead to a heap-based buffer overflow. This could result + in the execution of arbitrary code with the permissions of the user + running MPlayer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060217" + + + CVE-2005-4048 + CVE-2006-0579 + GLSA 200601-06 + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-04.xml new file mode 100644 index 0000000000..e9fed24633 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-04.xml @@ -0,0 +1,64 @@ + + + + + IMAP Proxy: Format string vulnerabilities + + Format string vulnerabilities in IMAP Proxy may lead to the execution of + arbitrary code when connected to malicious IMAP servers. + + up-imapproxy + March 06, 2006 + March 06, 2006: 01 + 107679 + remote + + + 1.2.4 + 1.2.4 + + + +

+ IMAP Proxy (also known as up-imapproxy) proxies IMAP transactions + between an IMAP client and an IMAP server. +

+ + +

+ Steve Kemp discovered two format string errors in IMAP Proxy. +

+ + +

+ A remote attacker could design a malicious IMAP server and entice + someone to connect to it using IMAP Proxy, resulting in the execution + of arbitrary code with the rights of the victim user. +

+ + +

+ Only connect to trusted IMAP servers using IMAP Proxy. +

+ + +

+ All IMAP Proxy users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/up-imapproxy-1.2.4" + + + CVE-2005-2661 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-05.xml new file mode 100644 index 0000000000..033a4b7afe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-05.xml @@ -0,0 +1,68 @@ + + + + + zoo: Stack-based buffer overflow + + A stack-based buffer overflow in zoo may be exploited to execute arbitrary + code through malicious ZOO archives. + + zoo + March 06, 2006 + March 06, 2006: 01 + 123782 + remote + + + 2.10-r1 + 2.10-r1 + + + +

+ zoo is a file archiving utility for maintaining collections of + files, written by Rahul Dhesi. +

+ + +

+ Jean-Sebastien Guay-Leroux discovered a boundary error in the + fullpath() function in misc.c when processing overly long file and + directory names in ZOO archives. +

+ + +

+ An attacker could craft a malicious ZOO archive and entice someone + to open it using zoo. This would trigger a stack-based buffer overflow + and potentially allow execution of arbitrary code with the rights of + the victim user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All zoo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/zoo-2.10-r1" + + + CVE-2006-0855 + Original Advisory + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-06.xml new file mode 100644 index 0000000000..d59679606a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-06.xml @@ -0,0 +1,67 @@ + + + + + GNU tar: Buffer overflow + + A malicious tar archive could trigger a Buffer overflow in GNU tar, + potentially resulting in the execution of arbitrary code. + + tar + March 10, 2006 + March 10, 2006: 01 + 123038 + remote + + + 1.15.1-r1 + 1.15.1-r1 + + + +

+ GNU tar is the standard GNU utility for creating and manipulating + tar archives, a common format used for creating backups and + distributing files on UNIX-like systems. +

+ + +

+ Jim Meyering discovered a flaw in the handling of certain header + fields that could result in a buffer overflow when extracting or + listing the contents of an archive. +

+ + +

+ A remote attacker could construct a malicious tar archive that + could potentially execute arbitrary code with the privileges of the + user running GNU tar. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU tar users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/tar-1.15.1-r1" + + + CVE-2006-0300 + + + koon + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-07.xml new file mode 100644 index 0000000000..84fc016a4d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-07.xml @@ -0,0 +1,67 @@ + + + + + flex: Potential insecure code generation + + flex might generate code with a buffer overflow, making applications using + such scanners vulnerable to the execution of arbitrary code. + + flex + March 10, 2006 + March 10, 2006: 01 + 122940 + remote and local + + + 2.5.33-r1 + 2.5.33-r1 + + + +

+ flex is a programming tool used to generate scanners (programs + which recognize lexical patterns in text). +

+ + +

+ Chris Moore discovered a buffer overflow in a special class of + lexicographical scanners generated by flex. Only scanners generated by + grammars which use either REJECT, or rules with a "variable trailing + context" might be at risk. +

+ + +

+ An attacker could feed malicious input to an application making + use of an affected scanner and trigger the buffer overflow, potentially + resulting in the execution of arbitrary code. +

+ + +

+ Avoid using vulnerable grammar in your flex scanners. +

+ + +

+ All flex users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/flex-2.5.33-r1" + + + CVE-2006-0459 + + + koon + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-08.xml new file mode 100644 index 0000000000..e4f1315da9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-08.xml @@ -0,0 +1,71 @@ + + + + + GnuPG: Incorrect signature verification + + GnuPG may erroneously report a modified or unsigned message has a valid + digital signature. + + gnupg + March 10, 2006 + March 10, 2006: 01 + 125217 + remote + + + 1.4.2.2 + 1.4.2.2 + + + +

+ The GNU Privacy Guard, GnuPG, is a free replacement for the PGP + suite of cryptographic software that may be used without restriction, + as it does not rely on any patented algorithms. GnuPG can be used to + digitally sign messages, a method of ensuring the authenticity of a + message using public key cryptography. +

+ + +

+ OpenPGP is the standard that defines the format of digital + signatures supported by GnuPG. OpenPGP signatures consist of multiple + sections, in a strictly defined order. Tavis Ormandy of the Gentoo + Linux Security Audit Team discovered that certain illegal signature + formats could allow signed data to be modified without detection. GnuPG + has previously attempted to be lenient when processing malformed or + legacy signature formats, but this has now been found to be insecure. +

+ + +

+ A remote attacker may be able to construct or modify a + digitally-signed message, potentially allowing them to bypass + authentication systems, or impersonate another user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuPG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.2.2" + + + CVE-2006-0049 + GnuPG Announcement + + + taviso + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-09.xml new file mode 100644 index 0000000000..f7356de1e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-09.xml @@ -0,0 +1,80 @@ + + + + + SquirrelMail: Cross-site scripting and IMAP command injection + + SquirrelMail is vulnerable to several cross-site scripting vulnerabilities + and IMAP command injection. + + squirrelmail + March 12, 2006 + March 12, 2006: 01 + 123781 + remote + + + 1.4.6 + 1.4.6 + + + +

+ SquirrelMail is a webmail package written in PHP. It supports IMAP + and SMTP protocols. +

+ + +

+ SquirrelMail does not validate the right_frame parameter in + webmail.php, possibly allowing frame replacement or cross-site + scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered + that MagicHTML fails to handle certain input correctly, potentially + leading to cross-site scripting (only Internet Explorer, + CVE-2006-0195). Vicente Aguilera reported that the + sqimap_mailbox_select function did not strip newlines from the mailbox + or subject parameter, possibly allowing IMAP command injection + (CVE-2006-0377). +

+ + +

+ By exploiting the cross-site scripting vulnerabilities, an + attacker can execute arbitrary scripts running in the context of the + victim's browser. This could lead to a compromise of the user's webmail + account, cookie theft, etc. A remote attacker could exploit the IMAP + command injection to execute arbitrary IMAP commands on the configured + IMAP server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SquirrelMail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.6" +

+ Note: Users with the vhosts USE flag set should manually use + webapp-config to finalize the update. +

+ + + CVE-2006-0188 + CVE-2006-0195 + CVE-2006-0377 + + + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-10.xml new file mode 100644 index 0000000000..8d84ed7e70 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-10.xml @@ -0,0 +1,71 @@ + + + + + Cube: Multiple vulnerabilities + + Cube is vulnerable to a buffer overflow, invalid memory access and remote + client crashes, possibly leading to a Denial of Service or remote code + execution. + + cube + March 13, 2006 + March 13, 2006: 01 + 125289 + remote + + + 20050829 + + + +

+ Cube is an open source first person shooter game engine supporting + multiplayer via LAN or internet. +

+ + +

+ Luigi Auriemma reported that Cube is vulnerable to a buffer + overflow in the sgetstr() function (CVE-2006-1100) and that the + sgetstr() and getint() functions fail to verify the length of the + supplied argument, possibly leading to the access of invalid memory + regions (CVE-2006-1101). Furthermore, he discovered that a client + crashes when asked to load specially crafted mapnames (CVE-2006-1102). +

+ + +

+ A remote attacker could exploit the buffer overflow to execute + arbitrary code with the rights of the user running cube. An attacker + could also exploit the other vulnerabilities to crash a Cube client or + server, resulting in a Denial of Service. +

+ + +

+ Play solo games or restrict your multiplayer games to trusted + parties. +

+ + +

+ Upstream stated that there will be no fixed version of Cube, thus + the Gentoo Security Team decided to hardmask Cube for security reasons. + All Cube users are encouraged to uninstall Cube: +

+ + # emerge --ask --unmerge games-fps/cube + + + CVE-2006-1100 + CVE-2006-1101 + CVE-2006-1102 + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-11.xml new file mode 100644 index 0000000000..761a0ecdd2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-11.xml @@ -0,0 +1,66 @@ + + + + + Freeciv: Denial of Service + + A memory allocation bug in Freeciv allows a remote attacker to perform a + Denial of Service attack. + + freeciv + March 16, 2006 + March 16, 2006: 01 + 125304 + remote + + + 2.0.8 + 2.0.8 + + + +

+ Freeciv is an open source turn-based multiplayer strategy game, + similar to the famous Civilization series. +

+ + +

+ Luigi Auriemma discovered that Freeciv could be tricked into the + allocation of enormous chunks of memory when trying to uncompress + malformed data packages, possibly leading to an out of memory condition + which causes Freeciv to crash or freeze. +

+ + +

+ A remote attacker could exploit this issue to cause a Denial of + Service by sending specially crafted data packages to the Freeciv game + server. +

+ + +

+ Play solo games or restrict your multiplayer games to trusted + parties. +

+ + +

+ All Freeciv users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-strategy/freeciv-2.0.8" + + + CVE-2006-0047 + Original advisory + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-12.xml new file mode 100644 index 0000000000..f3b2774cd6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-12.xml @@ -0,0 +1,68 @@ + + + + + zoo: Buffer overflow + + A buffer overflow in zoo may be exploited to execute arbitrary when + creating archives of specially crafted directories and files. + + zoo + March 16, 2006 + March 16, 2006: 01 + 125622 + local + + + 2.10-r2 + 2.10-r2 + + + +

+ zoo is a file archiving utility for maintaining collections of + files, written by Rahul Dhesi. +

+ + +

+ zoo is vulnerable to a new buffer overflow due to insecure use of + the strcpy() function when trying to create an archive from certain + directories or filenames. +

+ + +

+ An attacker could exploit this issue by enticing a user to create + a zoo archive of specially crafted directories and filenames, possibly + leading to the execution of arbitrary code with the rights of the user + running zoo. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All zoo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/zoo-2.10-r2" + + + RedHat Bug #183426 + CVE-2006-1269 + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-13.xml new file mode 100644 index 0000000000..d36156cade --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-13.xml @@ -0,0 +1,66 @@ + + + + + PEAR-Auth: Potential authentication bypass + + PEAR-Auth did not correctly verify data passed to the DB and LDAP + containers, thus allowing to inject false credentials to bypass the + authentication. + + pear-auth + March 17, 2006 + March 17, 2006: 01 + 123832 + remote + + + 1.2.4 + 1.2.4 + + + +

+ PEAR-Auth is a PEAR package that provides methods to create a PHP + based authentication system. +

+ + +

+ Matt Van Gundy discovered that PEAR-Auth did not correctly + validate data passed to the DB and LDAP containers. +

+ + +

+ A remote attacker could possibly exploit this vulnerability to + bypass the authentication mechanism by injecting specially crafted + input to the underlying storage containers. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PEAR-Auth users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Auth-1.2.4" + + + CVE-2006-0868 + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-14.xml new file mode 100644 index 0000000000..5b4b9ae371 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-14.xml @@ -0,0 +1,64 @@ + + + + + Heimdal: rshd privilege escalation + + An error in the rshd daemon of Heimdal could allow authenticated users to + elevate privileges. + + heimdal + March 17, 2006 + March 17, 2006: 01 + 121839 + remote + + + 0.7.2 + 0.7.2 + + + +

+ Heimdal is a free implementation of Kerberos 5. +

+ + +

+ An unspecified privilege escalation vulnerability in the rshd + server of Heimdal has been reported. +

+ + +

+ Authenticated users could exploit the vulnerability to escalate + privileges or to change the ownership and content of arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Heimdal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2" + + + CVE-2006-0582 + Heimdal Advisory 2006-02-06 + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-15.xml new file mode 100644 index 0000000000..06bdd9b55c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-15.xml @@ -0,0 +1,69 @@ + + + + + Crypt::CBC: Insecure initialization vector + + Crypt::CBC uses an insecure initialization vector, potentially resulting in + a weaker encryption. + + crypt-cbc + March 17, 2006 + March 17, 2006: 01 + 126048 + remote + + + 2.17 + 2.17 + + + +

+ Crypt::CBC is a Perl module to encrypt data using cipher block + chaining (CBC). +

+ + +

+ Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes + long initializiation vectors correctly when running in the RandomIV + mode, resulting in a weaker encryption because the second part of every + block will always be encrypted with zeros if the blocksize of the + cipher is greater than 8 bytes. +

+ + +

+ An attacker could exploit weak ciphertext produced by Crypt::CBC + to bypass certain security restrictions or to gain access to sensitive + data. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Crypt::CBC users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/crypt-cbc-2.17" + + + CVE-2006-0898 + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-16.xml new file mode 100644 index 0000000000..7b0e76a268 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-16.xml @@ -0,0 +1,64 @@ + + + + + Metamail: Buffer overflow + + A buffer overflow in Metamail could possibly be exploited to execute + arbitrary code. + + metamail + March 17, 2006 + March 17, 2006: 01 + 126052 + remote + + + 2.7.45.3-r1 + 2.7.45.3-r1 + + + +

+ Metamail is a program that decodes MIME encoded mail. +

+ + +

+ Ulf Harnhammar discovered a buffer overflow in Metamail when + processing mime boundraries. +

+ + +

+ By sending a specially crafted email, attackers could potentially + exploit this vulnerability to crash Metamail or to execute arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Metamail users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/metamail-2.7.45.3-r1" + + + CVE-2006-0709 + + + koon + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-17.xml new file mode 100644 index 0000000000..88cbeea2e5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-17.xml @@ -0,0 +1,66 @@ + + + + + PeerCast: Buffer overflow + + PeerCast is vulnerable to a buffer overflow that may lead to the execution + of arbitrary code. + + peercast + March 21, 2006 + March 21, 2006: 01 + 123432 + remote + + + 0.1217 + 0.1217 + + + +

+ PeerCast is a Peer to Peer broadcasting technology for listening + to radio and watching video on the Internet. +

+ + +

+ INFIGO discovered a problem in the URL handling code. Buffers that + are allocated on the stack can be overflowed inside of nextCGIarg() + function. +

+ + +

+ By sending a specially crafted request to the HTTP server, a + remote attacker can cause a stack overflow, resulting in the execution + of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PeerCast users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1217" + + + CVE-2006-1148 + + + koon + + + DerCorny + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-18.xml new file mode 100644 index 0000000000..77e9b19bfb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-18.xml @@ -0,0 +1,65 @@ + + + + + Pngcrush: Buffer overflow + + Pngcrush is vulnerable to a buffer overflow which could potentially lead to + the execution of arbitrary code. + + pngcrush + March 21, 2006 + March 21, 2006: 01 + 123286 + remote + + + 1.6.2 + 1.6.2 + + + +

+ Pngcrush is an optimizer for PNG files. +

+ + +

+ Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a + vulnerable version of zlib (GLSA 200507-19). +

+ + +

+ By creating a specially crafted data stream, attackers can + overwrite data structures for applications that use Pngcrush, resulting + in a Denial of Service and potentially arbitrary code execution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pngcrush users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/pngcrush-1.6.2" + + + GLSA 200507-19 + CVE-2005-1849 + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-19.xml new file mode 100644 index 0000000000..4d5fff83df --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-19.xml @@ -0,0 +1,70 @@ + + + + + cURL/libcurl: Buffer overflow in the handling of TFTP URLs + + libcurl is affected by a buffer overflow in the handling of URLs for the + TFTP protocol, which could be exploited to compromise a user's system. + + curl + March 21, 2006 + March 21, 2006: 01 + 125766 + remote + + + 7.15.1-r1 + 7.15.3 + 7.14.1 + 7.15.3 + + + +

+ cURL is a command line tool for transferring files with URL + syntax, supporting numerous protocols. libcurl is the corresponding + client-side library. +

+ + +

+ Ulf Harnhammar reported a possible buffer overflow in the handling + of TFTP URLs in libcurl due to the lack of boundary checks. +

+ + +

+ An attacker could exploit this vulnerability to compromise a + user's system by enticing the user to request a malicious URL with + cURL/libcurl or to use a HTTP server redirecting to a malicious TFTP + URL. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All cURL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.1-r1" + + + Project cURL Security Advisory, March 20th 2006 + CVE-2006-1061 + + + koon + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-20.xml new file mode 100644 index 0000000000..e9ab680c03 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-20.xml @@ -0,0 +1,65 @@ + + + + + Macromedia Flash Player: Arbitrary code execution + + Multiple vulnerabilities have been identified that allows arbitrary code execution on + a user's system via the handling of malicious SWF files. + + Flash + March 21, 2006 + May 28, 2009: 02 + 102777 + remote + + + 7.0.63 + 7.0.63 + + + +

+ The Macromedia Flash Player is a renderer for the popular SWF + filetype which is commonly used to provide interactive websites, + digital experiences and mobile content. +

+ + +

+ The Macromedia Flash Player contains multiple unspecified + vulnerabilities. +

+ + +

+ An attacker serving a maliciously crafted SWF file could entice a + user to view the SWF file and execute arbitrary code on the user's + machine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Macromedia Flash Player users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-7.0.63" + + + CVE-2006-0024 + Macromedia Announcement + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-21.xml new file mode 100644 index 0000000000..68e74c36d5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-21.xml @@ -0,0 +1,61 @@ + + + + + Sendmail: Race condition in the handling of asynchronous signals + + Sendmail is vulnerable to a race condition which could lead to the + execution of arbitrary code with sendmail privileges. + + sendmail + March 22, 2006 + March 22, 2006: 01 + 125623 + remote + + + 8.13.6 + 8.13.6 + + + +

+ Sendmail is a popular mail transfer agent (MTA). +

+ + +

+ ISS discovered that Sendmail is vulnerable to a race condition in + the handling of asynchronous signals. +

+ + +

+ An attacker could exploit this via certain crafted timing + conditions. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sendmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6" + + + CVE-2006-0058 + Sendmail Inc. advisory + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-22.xml new file mode 100644 index 0000000000..f146d9e698 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-22.xml @@ -0,0 +1,89 @@ + + + + + PHP: Format string and XSS vulnerabilities + + Multiple vulnerabilities in PHP allow remote attackers to inject arbitrary + HTTP headers, perform cross site scripting or in some cases execute + arbitrary code. + + php + March 22, 2006 + March 22, 2006: 01 + 125878 + remote + + + 5.1.2 + 4.4.2 + 5.1.1 + 5.0.5 + 5.0.4 + + + +

+ PHP is a general-purpose scripting language widely used to develop + web-based applications. It can run on a web server with the mod_php + module or the CGI version and also stand-alone in a CLI. +

+ + +

+ Stefan Esser of the Hardened PHP project has reported a few + vulnerabilities found in PHP: +

+
    +
  • Input passed to the session + ID in the session extension isn't properly sanitised before being + returned to the user via a "Set-Cookie" HTTP header, which can contain + arbitrary injected data.
    • +
  • A format string error while + processing error messages using the mysqli extension in version 5.1 and + above.
    • +
+ + +

+ By sending a specially crafted request, a remote attacker can + exploit this vulnerability to inject arbitrary HTTP headers, which will + be included in the response sent to the user. The format string + vulnerability may be exploited to execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP 5.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.2" +

+ All PHP 4.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.2" + + + CVE-2006-0207 + CVE-2006-0208 + Hardened-PHP Advisory 01/2006 + Hardened-PHP Advisory 02/2006 + + + koon + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-23.xml new file mode 100644 index 0000000000..2d5c78de52 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-23.xml @@ -0,0 +1,93 @@ + + + + + NetHack, Slash'EM, Falcon's Eye: Local privilege escalation + + NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege + escalation vulnerabilities that could potentially allow the execution of + arbitrary code as other users. + + nethack slashem falconseye + March 23, 2006 + March 30, 2006: 01 + 125902 + 122376 + 127167 + 127319 + local + + + 3.4.3-r1 + + + 1.9.4a + + + 0.0.760 + + + +

+ NetHack is the classic single player dungeon exploration game. Slash'EM + and Falcon's Eye are NetHack variants. +

+ + +

+ NetHack, Slash'EM and Falcon's Eye have been found to be incompatible + with the system used for managing games on Gentoo Linux. As a result, + they cannot be played securely on systems with multiple users. +

+ + +

+ A local user who is a member of group "games" may be able to modify the + state data used by NetHack, Slash'EM or Falcon's Eye to trigger the + execution of arbitrary code with the privileges of other players. + Additionally, the games may create save game files in a manner not + suitable for use on Gentoo Linux, potentially allowing a local user to + create or overwrite files with the permissions of other players. +

+ + +

+ Do not add untrusted users to the "games" group. +

+ + +

+ NetHack has been masked in Portage pending the resolution of these + issues. Vulnerable NetHack users are advised to uninstall the package + until further notice. +

+ + # emerge --ask --verbose --unmerge "games-roguelike/nethack" +

+ Slash'EM has been masked in Portage pending the resolution of these + issues. Vulnerable Slash'EM users are advised to uninstall the package + until further notice. +

+ + # emerge --ask --verbose --unmerge "games-roguelike/slashem" +

+ Falcon's Eye has been masked in Portage pending the resolution of these + issues. Vulnerable Falcon's Eye users are advised to uninstall the + package until further notice. +

+ + # emerge --ask --verbose --unmerge "games-roguelike/falconseye" + + + CVE-2006-1390 + + + DerCorny + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-24.xml new file mode 100644 index 0000000000..3d658cfaff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-24.xml @@ -0,0 +1,66 @@ + + + + + RealPlayer: Buffer overflow vulnerability + + RealPlayer is vulnerable to a buffer overflow that could lead to remote + execution of arbitrary code. + + RealPlayer + March 26, 2006 + March 26, 2006: 01 + 127352 + remote + + + 10.0.7 + 10.0.7 + + + +

+ RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +

+ + +

+ RealPlayer is vulnerable to a buffer overflow when processing + malicious SWF files. +

+ + +

+ By enticing a user to open a specially crafted SWF file an + attacker could execute arbitrary code with the permissions of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RealPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.7" + + + CVE-2006-0323 + RealNetworks Advisory + + + vorlon078 + + + formula7 + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-25.xml new file mode 100644 index 0000000000..bbabbd8e9f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-25.xml @@ -0,0 +1,82 @@ + + + + + OpenOffice.org: Heap overflow in included libcurl + + OpenOffice.org contains a vulnerable version of libcurl that may cause a + heap overflow when parsing URLs. + + openoffice openoffice-bin + March 27, 2006 + March 27, 2006: 01 + 126433 + remote + + + 2.0.2 + 2.0.2 + + + 2.0.1-r1 + 2.0.1-r1 + + + +

+ OpenOffice.org is an office productivity suite, including word + processing, spreadsheet, presentation, data charting, formula editing + and file conversion facilities. libcurl, which is included in + OpenOffice.org, is a free and easy-to-use client-side library for + transferring files with URL syntaxes, supporting numerous protocols. +

+ + +

+ OpenOffice.org includes libcurl code. This libcurl code is + vulnerable to a heap overflow when it tries to parse a URL that exceeds + a 256-byte limit (GLSA 200512-09). +

+ + +

+ An attacker could entice a user to call a specially crafted URL + with OpenOffice.org, potentially resulting in the execution of + arbitrary code with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.0.2" +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.1-r1" + + + CVE-2005-4077 + Hardened-PHP Advisory 24/2005 + GLSA 200512-09 + + + DerCorny + + + koon + + + adir + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-26.xml new file mode 100644 index 0000000000..732fb11c32 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200603-26.xml @@ -0,0 +1,68 @@ + + + + + bsd-games: Local privilege escalation in tetris-bsd + + tetris-bsd is prone to local privilege escalation vulnerabilities. + + bsd-games + March 29, 2006 + May 22, 2006: 02 + 122399 + local + + + 2.17-r1 + 2.17-r1 + + + +

+ bsd-games is a collection of NetBSD games ported to Linux. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + the checkscores() function in scores.c reads in the data from the + /var/games/tetris-bsd.scores file without validation, rendering it + vulnerable to buffer overflows and incompatible with the system used + for managing games on Gentoo Linux. As a result, it cannot be played + securely on systems with multiple users. Please note that this is + probably a Gentoo-specific issue. +

+ + +

+ A local user who is a member of group "games" may be able to modify the + tetris-bsd.scores file to trigger the execution of arbitrary code with + the privileges of other players. +

+ + +

+ Do not add untrusted users to the "games" group. +

+ + +

+ All bsd-games users are advised to update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-misc/bsd-games-2.17-r1" + + + CVE-2006-1539 + + + jaervosz + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-01.xml new file mode 100644 index 0000000000..29c276061f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-01.xml @@ -0,0 +1,66 @@ + + + + + MediaWiki: Cross-site scripting vulnerability + + MediaWiki is vulnerable to a cross-site scripting attack that could allow + arbitrary JavaScript code execution. + + mediawiki + April 04, 2006 + April 04, 2006: 01 + 127971 + remote + + + 1.4.15 + 1.4.15 + + + +

+ MediaWiki is a collaborative editing software, used by big + projects like Wikipedia. +

+ + +

+ MediaWiki fails to decode certain encoded URLs correctly. +

+ + +

+ By supplying specially crafted links, a remote attacker could + exploit this vulnerability to inject malicious HTML or JavaScript code + that will be executed in a user's browser session in the context of the + vulnerable site. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MediaWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.4.15" + + + CVE-2006-1498 + MediaWiki 1.4.15 Release Notes + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-02.xml new file mode 100644 index 0000000000..df7eb2b157 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-02.xml @@ -0,0 +1,75 @@ + + + + + Horde Application Framework: Remote code execution + + The help viewer of the Horde Framework allows attackers to execute + arbitrary remote code. + + horde + April 04, 2006 + April 04, 2006: 01 + 127889 + 126435 + remote + + + 3.1.1 + 3.1.1 + + + +

+ The Horde Application Framework is a general-purpose web + application framework written in PHP, providing classes for handling + preferences, compression, browser detection, connection tracking, MIME + and more. +

+ + +

+ Jan Schneider of the Horde team discovered a vulnerability in the + help viewer of the Horde Application Framework that could allow remote + code execution (CVE-2006-1491). Paul Craig reported that + "services/go.php" fails to validate the passed URL parameter correctly + (CVE-2006-1260). +

+ + +

+ An attacker could exploit the vulnerability in the help viewer to + execute arbitrary code with the privileges of the web server user. By + embedding a NULL character in the URL parameter, an attacker could + exploit the input validation issue in go.php to read arbitrary files. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All Horde Application Framework users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.1" + + + CVE-2006-1260 + CVE-2006-1491 + Horde Announcement + + + vorlon078 + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-03.xml new file mode 100644 index 0000000000..0c1a76248e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-03.xml @@ -0,0 +1,66 @@ + + + + + FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module + + The EAP-MSCHAPv2 module of FreeRADIUS is affected by a validation issue + which causes some authentication checks to be bypassed. + + freeradius + April 04, 2006 + April 04, 2006: 01 + 127229 + remote + + + 1.1.1 + 1.0.0 + 1.1.1 + + + +

+ FreeRADIUS is an open source RADIUS authentication server + implementation. +

+ + +

+ FreeRADIUS suffers from insufficient input validation in the + EAP-MSCHAPv2 state machine. +

+ + +

+ An attacker could cause the server to bypass authentication checks + by manipulating the EAP-MSCHAPv2 client state machine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeRADIUS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.1" + + + CVE-2006-1354 + FreeRADIUS Vulnerability Notifications + + + koon + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-04.xml new file mode 100644 index 0000000000..7519fd1e29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-04.xml @@ -0,0 +1,66 @@ + + + + + Kaffeine: Buffer overflow + + Kaffeine is vulnerable to a buffer overflow that could lead to the + execution of arbitrary code. + + kaffeine + April 05, 2006 + April 05, 2006: 01 + 127326 + remote + + + 0.7.1-r2 + 0.7.1-r2 + + + +

+ Kaffeine is a graphical front-end for the xine-lib multimedia + library. +

+ + +

+ Kaffeine uses an unchecked buffer when fetching remote RAM + playlists via HTTP. +

+ + +

+ A remote attacker could entice a user to play a specially-crafted + RAM playlist resulting in the execution of arbitrary code with the + permissions of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Kaffeine users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.7.1-r2" + + + CVE-2006-0051 + KDE Security Advisory: Kaffeine buffer overflow + + + DerCorny + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-05.xml new file mode 100644 index 0000000000..594b35ceb4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-05.xml @@ -0,0 +1,66 @@ + + + + + Doomsday: Format string vulnerability + + Format string vulnerabilities in Doomsday may lead to the execution of + arbitrary code. + + doomsday + April 06, 2006 + June 15, 2006: 02 + 128690 + remote + + + 1.9.0_beta4 + 1.9.0_beta4 + + + +

+ Doomsday is a modern gaming engine for popular ID games like Doom, + Heretic and Hexen. +

+ + +

+ Luigi Auriemma discovered that Doomsday incorrectly implements + formatted printing. +

+ + +

+ A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the rights of the user running the Doomsday server + or client by sending specially crafted strings. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Doomsday users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-fps/doomsday-1.9.0_beta4" + + + CVE-2006-1618 + Original advisory by Luigi Auriemma + + + jaervosz + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-06.xml new file mode 100644 index 0000000000..c18346c228 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-06.xml @@ -0,0 +1,67 @@ + + + + + ClamAV: Multiple vulnerabilities + + ClamAV contains multiple vulnerabilities that could lead to remote + execution of arbitrary code or cause an application crash. + + clamav + April 07, 2006 + April 07, 2006: 01 + 128963 + remote + + + 0.88.1 + 0.88.1 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ ClamAV contains format string vulnerabilities in the logging code + (CVE-2006-1615). Furthermore Damian Put discovered an integer overflow + in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered + that ClamAV can be tricked into performing an invalid memory access + (CVE-2006-1630). +

+ + +

+ By sending a malicious attachment to a mail server running ClamAV, + a remote attacker could cause a Denial of Service or the execution of + arbitrary code. Note that the overflow in the PE header parser is only + exploitable when the ArchiveMaxFileSize option is disabled. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.1" + + + CVE-2006-1614 + CVE-2006-1615 + CVE-2006-1630 + + + jaervosz + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-07.xml new file mode 100644 index 0000000000..2519553fa0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-07.xml @@ -0,0 +1,73 @@ + + + + + Cacti: Multiple vulnerabilities in included ADOdb + + Multiple vulnerabilities have been discovered in the ADOdb layer included + in Cacti, potentially resulting in the execution of arbitrary code. + + Cacti + April 14, 2006 + April 14, 2006: 01 + 129284 + remote + + + 0.8.6h_p20060108-r2 + 0.8.6h_p20060108-r2 + + + +

+ Cacti is a complete web-based frontend to rrdtool. ADOdb is a + PHP-based database abstraction layer which is included in Cacti. +

+ + +

+ Several vulnerabilities have been identified in the copy of ADOdb + included in Cacti. Andreas Sandblad discovered a dynamic code + evaluation vulnerability (CVE-2006-0147) and a potential SQL injection + vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL + injection vulnerability (CVE-2006-0410), and Gulftech Security + discovered multiple cross-site-scripting issues (CVE-2006-0806). +

+ + +

+ Remote attackers could trigger these vulnerabilities by sending + malicious queries to the Cacti web application, resulting in arbitrary + code execution, database compromise through arbitrary SQL execution, + and malicious HTML or JavaScript code injection. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cacti users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6h_p20060108-r2" + + + CVE-2006-0146 + CVE-2006-0147 + CVE-2006-0410 + CVE-2006-0806 + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-08.xml new file mode 100644 index 0000000000..ba9dd6e9d2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-08.xml @@ -0,0 +1,65 @@ + + + + + libapreq2: Denial of Service vulnerability + + A vulnerability has been reported in libapreq2 which could lead to a Denial + of Service. + + libapreq2 + April 17, 2006 + April 17, 2006: 01 + 128610 + remote + + + 2.07 + 2.07 + + + +

+ libapreq is a shared library with associated modules for + manipulating client request data via the Apache API. +

+ + +

+ A vulnerability has been reported in the apreq_parse_headers() and + apreq_parse_urlencoded() functions of Apache2::Request. +

+ + +

+ A remote attacker could possibly exploit the vulnerability to + cause a Denial of Service by CPU consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libapreq2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.07" + + + CVE-2006-0042 + libapreq2 Changes + + + jaervosz + + + koon + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-09.xml new file mode 100644 index 0000000000..2d4140449d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-09.xml @@ -0,0 +1,65 @@ + + + + + Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service + + Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could + lead to a Denial of Service. + + cyrus-sasl + April 21, 2006 + April 21, 2006: 01 + 129523 + remote + + + 2.1.21-r2 + 2.1.21-r2 + + + +

+ Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +

+ + +

+ Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 + process that could lead to a Denial of Service. +

+ + +

+ An attacker could possibly exploit this vulnerability by sending + specially crafted data stream to the Cyrus-SASL server, resulting in a + Denial of Service even if the attacker is not able to authenticate. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cyrus-SASL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.21-r2" + + + CVE-2006-1721 + + + koon + + + koon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-10.xml new file mode 100644 index 0000000000..a76b8b1803 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-10.xml @@ -0,0 +1,80 @@ + + + + + zgv, xzgv: Heap overflow + + xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour + space incorrectly, potentially resulting in the execution of arbitrary + code. + + xzgv + April 21, 2006 + June 10, 2006: 02 + 127008 + remote + + + 0.8-r2 + 0.8-r2 + + + 5.9 + 5.9 + + + +

+ xzgv and zgv are picture viewing utilities with a thumbnail based file + selector. +

+ + +

+ Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate + insufficient memory when rendering images with more than 3 output + components, such as images using the YCCK or CMYK colour space. When + xzgv or zgv attempt to render the image, data from the image overruns a + heap allocated buffer. +

+ + +

+ An attacker may be able to construct a malicious image that executes + arbitrary code with the permissions of the xzgv or zgv user when + attempting to render the image. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xzgv users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r2" +

+ All zgv users should also upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.9" + + + CVE-2006-1060 + homepage plus Changelog + + + jaervosz + + + koon + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-11.xml new file mode 100644 index 0000000000..f6217d58bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-11.xml @@ -0,0 +1,68 @@ + + + + + Crossfire server: Denial of Service and potential arbitrary code execution + + The Crossfire game server is vulnerable to a Denial of Service and + potentially to the execution of arbitrary code. + + Crossfire + April 22, 2006 + April 22, 2006: 01 + 126169 + remote + + + 1.9.0 + 1.9.0 + + + +

+ Crossfire is a cooperative multiplayer graphical adventure and + role-playing game. The Crossfire game server allows various compatible + clients to connect to participate in a cooperative game. +

+ + +

+ Luigi Auriemma discovered a vulnerability in the Crossfire game + server, in the handling of the "oldsocketmode" option when processing + overly large requests. +

+ + +

+ An attacker can set up a malicious Crossfire client that would + send a large request in "oldsocketmode", resulting in a Denial of + Service on the Crossfire server and potentially in the execution of + arbitrary code on the server with the rights of the game server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Crossfire server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-server/crossfire-server-1.9.0" + + + CVE-2006-1010 + + + DerCorny + + + DerCorny + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-12.xml new file mode 100644 index 0000000000..78c8281772 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-12.xml @@ -0,0 +1,98 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + Several vulnerabilities in Mozilla Firefox allow attacks ranging from + execution of script code with elevated privileges to information leaks. + + mozilla-firefox + April 23, 2006 + April 23, 2006: 01 + 129924 + remote + + + 1.0.8 + 1.0.8 + + + 1.0.8 + 1.0.8 + + + +

+ Mozilla Firefox is the next-generation web browser from the + Mozilla project. +

+ + +

+ Several vulnerabilities were found in Mozilla Firefox. Versions + 1.0.8 and 1.5.0.2 were released to fix them. +

+ + +

+ A remote attacker could craft malicious web pages that would + leverage these issues to inject and execute arbitrary script code with + elevated privileges, steal local files, cookies or other information + from web pages, and spoof content. Some of these vulnerabilities might + even be exploited to execute arbitrary code with the rights of the + browser user. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.8" +

+ All Mozilla Firefox binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.8" + + + CVE-2005-4134 + CVE-2006-0292 + CVE-2006-0296 + CVE-2006-0748 + CVE-2006-0749 + CVE-2006-1727 + CVE-2006-1728 + CVE-2006-1729 + CVE-2006-1730 + CVE-2006-1731 + CVE-2006-1732 + CVE-2006-1733 + CVE-2006-1734 + CVE-2006-1735 + CVE-2006-1736 + CVE-2006-1737 + CVE-2006-1738 + CVE-2006-1739 + CVE-2006-1740 + CVE-2006-1741 + CVE-2006-1742 + CVE-2006-1790 + Mozilla Foundation Security Advisories + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-13.xml new file mode 100644 index 0000000000..16cf9d74ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-13.xml @@ -0,0 +1,66 @@ + + + + + fbida: Insecure temporary file creation + + fbida is vulnerable to linking attacks, potentially allowing a local user + to overwrite arbitrary files. + + fbida + April 23, 2006 + April 23, 2006: 01 + 129470 + local + + + 2.03-r3 + 2.03-r3 + + + +

+ fbida is a collection of image viewers and editors for the + framebuffer console and X11. +

+ + +

+ Jan Braun has discovered that the "fbgs" script provided by fbida + insecurely creates temporary files in the "/var/tmp" directory. +

+ + +

+ A local attacker could create links in the temporary file + directory, pointing to a valid file somewhere on the filesystem. When + an affected script is called, this could result in the file being + overwritten with the rights of the user running the script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All fbida users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r3" + + + CVE-2006-1695 + + + DerCorny + + + koon + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-14.xml new file mode 100644 index 0000000000..60a2f69626 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-14.xml @@ -0,0 +1,64 @@ + + + + + Dia: Arbitrary code execution through XFig import + + Buffer overflows in Dia's XFig import could allow remote attackers to + execute arbitrary code. + + dia + April 23, 2006 + April 23, 2006: 01 + 128107 + remote + + + 0.94-r5 + 0.94-r5 + + + +

+ Dia is a GTK+ based diagram creation program. +

+ + +

+ infamous41md discovered multiple buffer overflows in Dia's XFig + file import plugin. +

+ + +

+ By enticing a user to import a specially crafted XFig file into + Dia, an attacker could exploit this issue to execute arbitrary code + with the rights of the user running Dia. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dia users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r5" + + + CVE-2006-1550 + + + koon + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-15.xml new file mode 100644 index 0000000000..a6cde25b70 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-15.xml @@ -0,0 +1,66 @@ + + + + + xine-ui: Format string vulnerabilities + + Format string vulnerabilities in xine-ui may lead to the execution of + arbitrary code. + + xine-ui + April 26, 2006 + April 26, 2006: 01 + 130801 + remote + + + 0.99.4-r5 + 0.99.4-r5 + + + +

+ xine-ui is a skin-based user interface for xine. xine is a free + multimedia player. It plays CDs, DVDs, and VCDs, and can also decode + other common multimedia formats. +

+ + +

+ Ludwig Nussel discovered that xine-ui incorrectly implements + formatted printing. +

+ + +

+ By constructing a malicious playlist file, a remote attacker could + exploit these vulnerabilities to execute arbitrary code with the rights + of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-ui users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.4-r5" + + + CVE-2006-1905 + + + koon + + + adir + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-16.xml new file mode 100644 index 0000000000..107af43217 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-16.xml @@ -0,0 +1,68 @@ + + + + + xine-lib: Buffer overflow vulnerability + + xine-lib contains a buffer overflow vulnerability which may lead to the + execution of arbitrary code. + + xine-lib + April 26, 2006 + April 26, 2006: 01 + 128838 + remote + + + 1.1.2_pre20060328-r1 + 1.1.2_pre20060328-r1 + + + +

+ xine-lib is the xine core engine. xine is a free multimedia + player. It plays CDs, DVDs, and VCDs, and can also decode other common + multimedia formats. +

+ + +

+ Federico L. Bossi Bonin discovered that when handling MPEG streams + xine-lib fails to make a proper boundary check of the input data + supplied by the user before copying it to an insufficiently sized + memory buffer. +

+ + +

+ A remote attacker could entice a user to play a specially-crafted + MPEG file, resulting in the execution of arbitrary code with the + permissions of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2_pre20060328-r1" + + + CVE-2006-1664 + + + koon + + + adir + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-17.xml new file mode 100644 index 0000000000..8cf94c2d59 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-17.xml @@ -0,0 +1,82 @@ + + + + + Ethereal: Multiple vulnerabilities in protocol dissectors + + Ethereal is vulnerable to numerous vulnerabilities, potentially resulting + in the execution of arbitrary code. + + Ethereal + April 27, 2006 + April 27, 2006: 01 + 130505 + remote + + + 0.99.0 + 0.99.0 + + + +

+ Ethereal is a feature-rich network protocol analyzer. +

+ + +

+ Coverity discovered numerous vulnerabilities in versions of + Ethereal prior to 0.99.0, including: +

+
    +
  • + buffer overflows in the ALCAP (CVE-2006-1934), COPS (CVE-2006-1935) + and telnet (CVE-2006-1936) dissectors.
    • +
  • buffer overflows + in the NetXray/Windows Sniffer and Network Instruments file code + (CVE-2006-1934).
    • +
+

+ For further details please consult the + references below. +

+ + +

+ An attacker might be able to exploit these vulnerabilities to crash + Ethereal or execute arbitrary code with the permissions of the user + running Ethereal, which could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ethereal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.99.0" + + + CVE-2006-1932 + CVE-2006-1933 + CVE-2006-1934 + CVE-2006-1935 + CVE-2006-1936 + CVE-2006-1937 + CVE-2006-1938 + CVE-2006-1939 + CVE-2006-1940 + Ethereal enpa-sa-00023 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-18.xml new file mode 100644 index 0000000000..266b620df9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200604-18.xml @@ -0,0 +1,104 @@ + + + + + Mozilla Suite: Multiple vulnerabilities + + Several vulnerabilities in Mozilla Suite allow attacks ranging from script + execution with elevated privileges to information leaks. + + mozilla + April 28, 2006 + April 28, 2006: 01 + 130887 + remote + + + 1.7.13 + 1.7.13 + + + 1.7.13 + 1.7.13 + + + +

+ The Mozilla Suite is a popular all-in-one web browser that + includes a mail and news reader. +

+ + +

+ Several vulnerabilities were found in Mozilla Suite. Version + 1.7.13 was released to fix them. +

+ + +

+ A remote attacker could craft malicious web pages or emails that + would leverage these issues to inject and execute arbitrary script code + with elevated privileges, steal local files, cookies or other + information from web pages or emails, and spoof content. Some of these + vulnerabilities might even be exploited to execute arbitrary code with + the rights of the user running the client. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Suite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.13" +

+ All Mozilla Suite binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.13" + + + CVE-2005-4134 + CVE-2006-0292 + CVE-2006-0293 + CVE-2006-0296 + CVE-2006-0748 + CVE-2006-0749 + CVE-2006-0884 + CVE-2006-1045 + CVE-2006-1727 + CVE-2006-1728 + CVE-2006-1729 + CVE-2006-1730 + CVE-2006-1731 + CVE-2006-1732 + CVE-2006-1733 + CVE-2006-1734 + CVE-2006-1735 + CVE-2006-1736 + CVE-2006-1737 + CVE-2006-1738 + CVE-2006-1739 + CVE-2006-1740 + CVE-2006-1741 + CVE-2006-1742 + CVE-2006-1790 + Mozilla Foundation Security Advisories + + + koon + + + falco + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-01.xml new file mode 100644 index 0000000000..30d1523f0e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-01.xml @@ -0,0 +1,76 @@ + + + + + MPlayer: Heap-based buffer overflow + + MPlayer contains multiple integer overflows that may lead to a heap-based + buffer overflow. + + mplayer mplayer-bin + May 01, 2006 + June 21, 2006: 02 + 127969 + remote + + + 1.0.20060415 + 1.0_pre8 + 1.0.20060415 + + + 1.0.20060415 + 1.0_pre8 + 1.0.20060415 + + + +

+ MPlayer is a media player that supports many multimedia file types. +

+ + +

+ Xfocus Team discovered multiple integer overflows that may lead to a + heap-based buffer overflow. +

+ + +

+ An attacker could entice a user to play a specially crafted multimedia + file, potentially resulting in the execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060415" +

+ All MPlayer binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-bin-1.0.20060415" + + + CVE-2006-1502 + + + koon + + + adir + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-02.xml new file mode 100644 index 0000000000..0435d3cc5c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-02.xml @@ -0,0 +1,60 @@ + + + + + X.Org: Buffer overflow in XRender extension + + A buffer overflow in the XRender extension potentially allows any X.Org + user to execute arbitrary code with elevated privileges. + + X.Org + May 02, 2006 + May 02, 2006: 01 + 130979 + local + + + 6.8.2-r7 + 6.8.2-r7 + + + +

+ X.Org is X.Org Foundation's public implementation of the X Window + System. +

+ + +

+ X.Org miscalculates the size of a buffer in the XRender extension. +

+ + +

+ An X.Org user could exploit this issue to make the X server + execute arbitrary code with elevated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X.Org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.8.2-r7" + + + CVE-2006-1526 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-03.xml new file mode 100644 index 0000000000..fafb06fe38 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-03.xml @@ -0,0 +1,62 @@ + + + + + ClamAV: Buffer overflow in Freshclam + + Freshclam is vulnerable to a buffer overflow that could lead to execution + of arbitrary code. + + clamav + May 02, 2006 + May 02, 2006: 01 + 131791 + remote + + + 0.88.2 + 0.88.2 + + + +

+ ClamAV is a GPL virus scanner. Freshclam is a utility to download + virus signature updates. +

+ + +

+ Ulf Harnhammar and an anonymous German researcher discovered that + Freshclam fails to check the size of the header data returned by a + webserver. +

+ + +

+ By enticing a user to connect to a malicious webserver an attacker + could cause the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.2" + + + CVE-2006-1989 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-04.xml new file mode 100644 index 0000000000..e3f89cea1c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-04.xml @@ -0,0 +1,68 @@ + + + + + phpWebSite: Local file inclusion + + Remote attackers can include local files which may lead to the execution of + arbitrary code. + + phpwebsite + May 02, 2006 + May 02, 2006: 01 + 130295 + remote + + + 0.10.2 + 0.10.2 + + + +

+ phpWebSite provides a complete web site content management system. +

+ + +

+ rgod has reported that the "hub_dir" parameter in "index.php" + isn't properly verified. When "magic_quotes_gpc" is disabled, this can + be exploited to include arbitrary files from local ressources. +

+ + +

+ If "magic_quotes_gpc" is disabled, which is not the default on + Gentoo Linux, a remote attacker could exploit this issue to include and + execute PHP scripts from local ressources with the rights of the user + running the web server, or to disclose sensitive information and + potentially compromise a vulnerable system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpWebSite users should upgrade to the latest available + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2" + + + CVE-2006-1819 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-05.xml new file mode 100644 index 0000000000..1c0176902f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-05.xml @@ -0,0 +1,69 @@ + + + + + rsync: Potential integer overflow + + An attacker having write access to an rsync module might be able to execute + arbitrary code on an rsync server. + + rsync + May 06, 2006 + May 06, 2006: 01 + 131631 + remote + + + 2.6.8 + 2.6.8 + + + +

+ rsync is a server and client utility that provides fast + incremental file transfers. It is used to efficiently synchronize files + between hosts and is used by emerge to fetch Gentoo's Portage tree. +

+ + +

+ An integer overflow was found in the receive_xattr function from + the extended attributes patch (xattr.c) for rsync. The vulnerable + function is only present when the "acl" USE flag is set. +

+ + +

+ A remote attacker with write access to an rsync module could craft + malicious extended attributes which would trigger the integer overflow, + potentially resulting in the execution of arbitrary code with the + rights of the rsync daemon. +

+ + +

+ Do not provide write access to an rsync module to untrusted + parties. +

+ + +

+ All rsync users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.8" + + + CVE-2006-2083 + + + jaervosz + + + koon + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-06.xml new file mode 100644 index 0000000000..d9b657ea44 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-06.xml @@ -0,0 +1,84 @@ + + + + + Mozilla Firefox: Potential remote code execution + + The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow in the + JavaScript extension which may in theory lead to remote execution of + arbitrary code. + + mozilla-firefox + May 06, 2006 + May 06, 2006: 01 + 131138 + remote + + + 1.5.0.3 + 1.5 + 1.5.0.3 + + + 1.5.0.3 + 1.5 + 1.5.0.3 + + + +

+ Mozilla Firefox is the next-generation web browser from the + Mozilla project. +

+ + +

+ Martijn Wargers and Nick Mott discovered a vulnerability when + rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is + not affected. +

+ + +

+ If JavaScript is enabled, by tricking a user into visiting a + malicious web page which would send a specially crafted HTML script + that contains references to deleted objects with the "designMode" + property enabled, an attacker can crash the web browser and in theory + manage to execute arbitrary code with the rights of the user running + the browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox 1.5 users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.3" +

+ All Mozilla Firefox 1.5 binary users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.3" + + + CVE-2006-1993 + + + koon + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-07.xml new file mode 100644 index 0000000000..67eab2eeb2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-07.xml @@ -0,0 +1,67 @@ + + + + + Nagios: Buffer overflow + + Nagios is vulnerable to a buffer overflow which may lead to remote + execution of arbitrary code. + + nagios + May 07, 2006 + May 25, 2006: 03 + 132159 + 133487 + remote + + + 1.4.1 + 1.4.1 + + + +

+ Nagios is an open source host, service and network monitoring program. +

+ + +

+ Sebastian Krahmer of the SuSE security team discovered a buffer + overflow vulnerability in the handling of a negative HTTP + Content-Length header. +

+ + +

+ A buffer overflow in Nagios CGI scripts under certain web servers + allows remote attackers to execute arbitrary code via a negative + content length HTTP header. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Nagios users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-1.4.1" + + + CVE-2006-2162 + CVE-2006-2489 + + + koon + + + fox2mike + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml new file mode 100644 index 0000000000..fcd579a94d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml @@ -0,0 +1,91 @@ + + + + + PHP: Multiple vulnerabilities + + PHP is affected by multiple issues, including a buffer overflow in + wordwrap() which may lead to execution of arbitrary code. + + php + May 08, 2006 + May 15, 2007: 09 + 127939 + 128883 + 131135 + 133524 + remote + + + 5.1.4 + 4.4.2-r2 + 4.4.3-r1 + 4.4.4-r4 + 4.4.6 + 4.4.7 + 5.1.4 + + + 5.1.4-r4 + 4.4.2-r6 + 4.4.3-r1 + 4.4.4-r4 + 4.4.6 + 4.4.7 + 5.1.4-r4 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo, + Tonu Samuel and Maksymilian Arciemowicz. These included a buffer + overflow in the wordwrap() function, restriction bypasses in the copy() + and tempname() functions, a cross-site scripting issue in the phpinfo() + function, a potential crash in the substr_compare() function and a + memory leak in the non-binary-safe html_entity_decode() function. +

+ + +

+ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +

+ + +

+ There is no known workaround at this point. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-lang/php + + + CVE-2006-0996 + CVE-2006-1490 + CVE-2006-1990 + CVE-2006-1991 + + + koon + + + fox2mike + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-09.xml new file mode 100644 index 0000000000..39de7dff1c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-09.xml @@ -0,0 +1,104 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from + script execution with elevated privileges to information leaks. + + mozilla-thunderbird + May 08, 2006 + May 08, 2006: 01 + 130888 + remote + + + 1.0.8 + 1.0.8 + + + 1.0.8 + 1.0.8 + + + +

+ Mozilla Thunderbird is the next-generation mail client from the + Mozilla project. +

+ + +

+ Several vulnerabilities were found and fixed in Mozilla + Thunderbird. +

+ + +

+ A remote attacker could craft malicious emails that would leverage + these issues to inject and execute arbitrary script code with elevated + privileges, steal local files or other information from emails, and + spoof content. Some of these vulnerabilities might even be exploited to + execute arbitrary code with the rights of the user running Thunderbird. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.8" +

+ All Mozilla Thunderbird binary users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.8" +

+ Note: There is no stable fixed version for the ALPHA + architecture yet. Users of Mozilla Thunderbird on ALPHA should consider + unmerging it until such a version is available. +

+ + + CVE-2006-0292 + CVE-2006-0296 + CVE-2006-0748 + CVE-2006-0749 + CVE-2006-0884 + CVE-2006-1045 + CVE-2006-1727 + CVE-2006-1728 + CVE-2006-1730 + CVE-2006-1731 + CVE-2006-1732 + CVE-2006-1733 + CVE-2006-1734 + CVE-2006-1735 + CVE-2006-1737 + CVE-2006-1738 + CVE-2006-1739 + CVE-2006-1741 + CVE-2006-1742 + CVE-2006-1790 + Mozilla Foundation Security Advisories + + + koon + + + falco + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-10.xml new file mode 100644 index 0000000000..2d918a1f7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-10.xml @@ -0,0 +1,65 @@ + + + + + pdnsd: Denial of Service and potential arbitrary code execution + + pdnsd is vulnerable to a buffer overflow that may result in arbitrary code + execution. + + pdnsd + May 10, 2006 + May 10, 2006: 01 + 131341 + remote + + + 1.2.4 + 1.2.4 + + + +

+ pdnsd is a proxy DNS server with permanent caching that is + designed to cope with unreachable DNS servers. +

+ + +

+ The pdnsd team has discovered an unspecified buffer overflow + vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure + Programming Group (OUSPG), has also revealed a memory leak error within + the handling of the QTYPE and QCLASS DNS queries, leading to + consumption of large amounts of memory. +

+ + +

+ An attacker can craft malicious DNS queries leading to a Denial of + Service, and potentially the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pdnsd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdnsd-1.2.4-r1" + + + CVE-2006-2076 + CVE-2006-2077 + + + koon + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-11.xml new file mode 100644 index 0000000000..4f66a89ffa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-11.xml @@ -0,0 +1,61 @@ + + + + + Ruby: Denial of Service + + Ruby WEBrick and XMLRPC servers are vulnerable to Denial of Service. + + ruby + May 10, 2006 + May 10, 2006: 01 + 130657 + remote + + + 1.8.4-r1 + 1.8.4-r1 + + + +

+ Ruby is an interpreted scripting language for quick and easy + object-oriented programming. It comes bundled with HTTP ("WEBrick") and + XMLRPC server objects. +

+ + +

+ Ruby uses blocking sockets for WEBrick and XMLRPC servers. +

+ + +

+ An attacker could send large amounts of data to an affected server + to block the socket and thus deny other connections to the server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.4-r1" + + + CVE-2006-1931 + Ruby release announcement + + + frilled + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-12.xml new file mode 100644 index 0000000000..50ca3902e7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-12.xml @@ -0,0 +1,85 @@ + + + + + Quake 3 engine based games: Buffer Overflow + + The Quake 3 engine has a vulnerability that could be exploited to execute + arbitrary code. + + quake + May 10, 2006 + May 10, 2006: 01 + 132377 + remote + + + 1.32c + 1.32c + + + 1.41b + 1.41b + + + 2.60b + 2.60b + + + +

+ Quake 3 is a multiplayer first person shooter. +

+ + +

+ landser discovered a vulnerability within the "remapShader" + command. Due to a boundary handling error in "remapShader", there is a + possibility of a buffer overflow. +

+ + +

+ An attacker could set up a malicious game server and entice users + to connect to it, potentially resulting in the execution of arbitrary + code with the rights of the game user. +

+ + +

+ Do not connect to untrusted game servers. +

+ + +

+ All Quake 3 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c" +

+ All RTCW users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b" +

+ All Enemy Territory users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b" + + + CVE-2006-2236 + + + koon + + + koon + + + fox2mike + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-13.xml new file mode 100644 index 0000000000..6a5a63a89b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-13.xml @@ -0,0 +1,75 @@ + + + + + MySQL: Information leakage + + A MySQL server may leak information to unauthorized users. + + MySQL + May 11, 2006 + May 15, 2006: 04 + 132146 + remote + + + 4.1.19 + 4.0.27 + 4.1.19 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL database server. +

+ + +

+ The processing of the COM_TABLE_DUMP command by a MySQL server fails to + properly validate packets that arrive from the client via a network + socket. +

+ + +

+ By crafting specific malicious packets an attacker could gather + confidential information from the memory of a MySQL server process, for + example results of queries by other users or applications. By using PHP + code injection or similar techniques it would be possible to exploit + this flaw through web applications that use MySQL as a database + backend. +

+

+ Note that on 5.x versions it is possible to overwrite the stack and + execute arbitrary code with this technique. Users of MySQL 5.x are + urged to upgrade to the latest available version. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version. +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.27" + + + Original advisory + CVE-2006-1516 + CVE-2006-1517 + + + koon + + + frilled + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-14.xml new file mode 100644 index 0000000000..e9a385c4a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-14.xml @@ -0,0 +1,69 @@ + + + + + libextractor: Two heap-based buffer overflows + + libextractor is vulnerable to two heap overflow vulnerabilities which could + lead to the execution of arbitrary code. + + libextractor + May 21, 2006 + May 21, 2006: 01 + 133570 + remote + + + 0.5.14 + 0.5.14 + + + +

+ libextractor is a library used to extract metadata from arbitrary + files. +

+ + +

+ Luigi Auriemma has found two heap-based buffer overflows in + libextractor 0.5.13 and earlier: one of them occurs in the + asf_read_header function in the ASF plugin, and the other occurs in the + parse_trak_atom function in the Qt plugin. +

+ + +

+ By enticing a user to open a malformed file using an application + that employs libextractor and its ASF or Qt plugins, an attacker could + execute arbitrary code in the context of the application running the + affected library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libextractor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.14" + + + CVE-2006-2458 + Original advisory + + + DerCorny + + + DerCorny + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-15.xml new file mode 100644 index 0000000000..d8f690eaac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-15.xml @@ -0,0 +1,75 @@ + + + + + Quagga Routing Suite: Multiple vulnerabilities + + Quagga's RIP daemon allows the injection of routes and the disclosure of + routing information. The BGP daemon is vulnerable to a Denial of Service. + + quagga + May 21, 2006 + May 21, 2006: 01 + 132353 + remote + + + 0.98.6-r1 + 0.98.6-r1 + + + +

+ The Quagga Routing Suite implements three major routing protocols: + RIP (v1/v2/v3), OSPF (v2/v3) and BGP4. +

+ + +

+ Konstantin V. Gavrilenko discovered two flaws in the Routing + Information Protocol (RIP) daemon that allow the processing of RIP v1 + packets (carrying no authentication) even when the daemon is configured + to use MD5 authentication or, in another case, even if RIP v1 is + completely disabled. Additionally, Fredrik Widell reported that the + Border Gateway Protocol (BGP) daemon contains a flaw that makes it lock + up and use all available CPU when a specific command is issued from the + telnet interface. +

+ + +

+ By sending RIP v1 response packets, an unauthenticated attacker + can alter the routing table of a router running Quagga's RIP daemon and + disclose routing information. Additionally, it is possible to lock up + the BGP daemon from the telnet interface. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Quagga users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r1" + + + CVE-2006-2223 + CVE-2006-2224 + CVE-2006-2276 + Official release information + + + jaervosz + + + koon + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-16.xml new file mode 100644 index 0000000000..ec8868e8e2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-16.xml @@ -0,0 +1,64 @@ + + + + + CherryPy: Directory traversal vulnerability + + CherryPy is vulnerable to a directory traversal that could allow attackers + to read arbitrary files. + + cherrypy + May 30, 2006 + May 30, 2006: 01 + 134273 + remote + + + 2.1.1 + 2.1.1 + + + +

+ CherryPy is a Python-based, object-oriented web development + framework. +

+ + +

+ Ivo van der Wijk discovered that the "staticfilter" component of + CherryPy fails to sanitize input correctly. +

+ + +

+ An attacker could exploit this flaw to obtain arbitrary files from + the web server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CherryPy users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-2.1.1" + + + CVE-2006-0847 + + + DerCorny + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-17.xml new file mode 100644 index 0000000000..9be437b2b3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-17.xml @@ -0,0 +1,64 @@ + + + + + libTIFF: Multiple vulnerabilities + + Multiple vulnerabilities in libTIFF could lead to the execution of + arbitrary code or a Denial of Service. + + libtiff + May 30, 2006 + May 30, 2006: 01 + 129675 + remote + + + 3.8.1 + 3.8.1 + + + +

+ libTIFF provides support for reading and manipulating TIFF images. +

+ + +

+ Multiple vulnerabilities, ranging from integer overflows and NULL + pointer dereferences to double frees, were reported in libTIFF. +

+ + +

+ An attacker could exploit these vulnerabilities by enticing a user + to open a specially crafted TIFF image, possibly leading to the + execution of arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libTIFF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1" + + + CVE-2006-0405 + CVE-2006-2024 + CVE-2006-2025 + CVE-2006-2026 + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-01.xml new file mode 100644 index 0000000000..21e987bfb5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-01.xml @@ -0,0 +1,65 @@ + + + + + Opera: Buffer overflow + + Opera contains an integer signedness error resulting in a buffer overflow + which may allow a remote attacker to execute arbitrary code. + + opera + June 07, 2006 + June 07, 2006: 01 + 129800 + remote + + + 8.54 + 8.54 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ SEC Consult has discovered a buffer overflow in the code + processing style sheet attributes. It is caused by an integer + signedness error in a length check followed by a call to a string + function. It seems to be hard to exploit this buffer overflow to + execute arbitrary code because of the very large amount memory that has + to be copied. +

+ + +

+ A remote attacker can entice a user to visit a web page containing + a specially crafted style sheet attribute that will crash the user's + browser and maybe lead to the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-8.54" + + + CVE-2006-1834 + + + falco + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-02.xml new file mode 100644 index 0000000000..c8f25a6a45 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-02.xml @@ -0,0 +1,67 @@ + + + + + shadow: Privilege escalation + + A security issue in shadow allows a local user to perform certain actions + with escalated privileges. + + shadow + June 07, 2006 + June 07, 2006: 01 + 133615 + local + + + 4.0.15-r2 + 4.0.15-r2 + + + +

+ shadow provides a set of utilities to deal with user accounts. +

+ + +

+ When the mailbox is created in useradd, the "open()" function does + not receive the three arguments it expects while O_CREAT is present, + which leads to random permissions on the created file, before fchmod() + is executed. +

+ + +

+ Depending on the random permissions given to the mailbox file + which is at this time owned by root, a local user may be able to open + this file for reading or writing, or even executing it, maybe as the + root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All shadow users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.0.15-r2" + + + CVE-2006-1174 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-03.xml new file mode 100644 index 0000000000..d7df00d740 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-03.xml @@ -0,0 +1,66 @@ + + + + + Dia: Format string vulnerabilities + + Format string vulnerabilities in Dia may lead to the execution of arbitrary + code. + + dia + June 07, 2006 + June 07, 2006: 01 + 133699 + remote + + + 0.95.1 + 0.95.1 + + + +

+ Dia is a GTK+ based diagram creation program. +

+ + +

+ KaDaL-X discovered a format string error within the handling of + filenames. Hans de Goede also discovered several other format + string errors in the processing of dia files. +

+ + +

+ By enticing a user to open a specially crafted file, a remote + attacker could exploit these vulnerabilities to execute arbitrary code + with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dia users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1" + + + CVE-2006-2453 + CVE-2006-2480 + + + DerCorny + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-04.xml new file mode 100644 index 0000000000..92a993a747 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-04.xml @@ -0,0 +1,70 @@ + + + + + Tor: Several vulnerabilities + + Tor is vulnerable to a possible buffer overflow, a Denial of Service, + information disclosure and information leak. + + tor + June 07, 2006 + September 05, 2006: 02 + 134329 + remote + + + 0.1.1.20 + 0.1.0.18 + 0.1.1.20 + + + +

+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

+ Some integer overflows exist when adding elements to the smartlists. + Non-printable characters received from the network are not properly + sanitised before being logged. There are additional unspecified bugs in + the directory server and in the internal circuits. +

+ + +

+ The possible buffer overflow may allow a remote attacker to execute + arbitrary code on the server by sending large inputs. The other + vulnerabilities can lead to a Denial of Service, a lack of logged + information, or some information disclosure. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-misc/tor + + + CVE-2006-0414 + Tor ChangeLog + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-05.xml new file mode 100644 index 0000000000..85082e5799 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-05.xml @@ -0,0 +1,69 @@ + + + + + Pound: HTTP request smuggling + + Pound is vulnerable to HTTP request smuggling, which could be exploited to + bypass security restrictions or poison web caches. + + pound + June 07, 2006 + November 24, 2006: 03 + 118541 + remote + + + 2.0.5 + 1.10 + 1.9.4 + 2.0.5 + + + +

+ Pound is a reverse proxy, load balancer and HTTPS front-end. It allows + to distribute the load on several web servers and offers a SSL wrapper + for web servers that do not support SSL directly. +

+ + +

+ Pound fails to handle HTTP requests with conflicting "Content-Length" + and "Transfer-Encoding" headers correctly. +

+ + +

+ An attacker could exploit this vulnerability by sending HTTP requests + with specially crafted "Content-Length" and "Transfer-Encoding" headers + to bypass certain security restrictions or to poison the web proxy + cache. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pound users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose www-servers/pound + + + CVE-2005-3751 + + + DerCorny + + + koon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-06.xml new file mode 100644 index 0000000000..b37239d479 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-06.xml @@ -0,0 +1,73 @@ + + + + + AWStats: Remote execution of arbitrary code + + AWStats contains a bug in the sanitization of the input parameters which + can lead to the remote execution of arbitrary code. + + awstats + June 07, 2006 + May 28, 2009: 02 + 130487 + remote + + + 6.5-r1 + 6.5-r1 + + + +

+ AWStats is an advanced log file analyzer and statistics generator. +

+ + +

+ Hendrik Weimer has found that if updating the statistics via the + web frontend is enabled, it is possible to inject arbitrary code via a + pipe character in the "migrate" parameter. Additionally, r0t has + discovered that AWStats fails to properly sanitize user-supplied input + in awstats.pl. +

+ + +

+ A remote attacker can execute arbitrary code on the server in the + context of the application running the AWStats CGI script if updating + of the statistics via web frontend is allowed. Nonetheless, all + configurations are affected by a cross-site scripting vulnerability in + awstats.pl, allowing a remote attacker to execute arbitrary scripts + running in the context of the victim's browser. +

+ + +

+ Disable statistics updates using the web frontend to avoid code + injection. However, there is no known workaround at this time + concerning the cross-site scripting vulnerability. +

+ + +

+ All AWStats users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-misc/awstats-6.5-r1" + + + CVE-2006-1945 + CVE-2006-2237 + + + koon + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-07.xml new file mode 100644 index 0000000000..ec106f47b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-07.xml @@ -0,0 +1,65 @@ + + + + + Vixie Cron: Privilege Escalation + + Vixie Cron allows local users to execute programs as root. + + vixie-cron + June 09, 2006 + June 09, 2006: 01 + 134194 + local + + + 4.1-r9 + 4.1-r9 + + + +

+ Vixie Cron is a command scheduler with extended syntax over cron. +

+ + +

+ Roman Veretelnikov discovered that Vixie Cron fails to properly + check whether it can drop privileges accordingly if setuid() in + do_command.c fails due to a user exceeding assigned resource limits. +

+ + +

+ Local users can execute code with root privileges by deliberately + exceeding their assigned resource limits and then starting a command + through Vixie Cron. This requires resource limits to be in place on the + machine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Vixie Cron users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r9" + + + CVE-2006-2607 + + + jaervosz + + + frilled + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-08.xml new file mode 100644 index 0000000000..c7e60797ed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-08.xml @@ -0,0 +1,62 @@ + + + + + WordPress: Arbitrary command execution + + WordPress fails to sufficiently check the format of cached username data. + + wordpress + June 09, 2006 + June 10, 2006: 02 + 134397 + remote + + + 2.0.3 + 2.0.3 + + + +

+ WordPress is a PHP and MySQL based content management and publishing + system. +

+ + +

+ rgod discovered that WordPress insufficiently checks the format of + cached username data. +

+ + +

+ An attacker could exploit this vulnerability to execute arbitrary + commands by sending a specially crafted username. As of Wordpress 2.0.2 + the user data cache is disabled by default. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All WordPress users should upgrade to the latest available version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3" + + + CVE-2006-2667 + CVE-2006-2702 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-09.xml new file mode 100644 index 0000000000..88d5e6608c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-09.xml @@ -0,0 +1,67 @@ + + + + + SpamAssassin: Execution of arbitrary code + + SpamAssassin, when running with certain options, could allow local or even + remote attackers to execute arbitrary commands, possibly as the root user. + + Spamassassin + June 11, 2006 + June 11, 2006: 01 + 135746 + remote + + + 3.1.3 + 3.1.3 + + + +

+ SpamAssassin is an extensible email filter used to identify junk + email. spamd is the daemonized version of SpamAssassin. +

+ + +

+ When spamd is run with both the "--vpopmail" (-v) and + "--paranoid" (-P) options, it is vulnerable to an unspecified issue. +

+ + +

+ With certain configuration options, a local or even remote + attacker could execute arbitrary code with the rights of the user + running spamd, which is root by default, by sending a crafted message + to the spamd daemon. Furthermore, the attack can be remotely + performed if the "--allowed-ips" (-A) option is present and specifies + non-local adresses. Note that Gentoo Linux is not vulnerable in the + default configuration. +

+ + +

+ Don't use both the "--paranoid" (-P) and the "--vpopmail" (-v) + options. +

+ + +

+ All SpamAssassin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3" + + + CVE-2006-2447 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-10.xml new file mode 100644 index 0000000000..a0da0eb37a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-10.xml @@ -0,0 +1,64 @@ + + + + + Cscope: Many buffer overflows + + Cscope is vulnerable to multiple buffer overflows that could lead to the + execution of arbitrary code. + + Cscope + June 11, 2006 + June 11, 2006: 01 + 133829 + remote + + + 15.5-r6 + 15.5-r6 + + + +

+ Cscope is a developer's tool for browsing source code. +

+ + +

+ Cscope does not verify the length of file names sourced in + #include statements. +

+ + +

+ A user could be enticed to source a carefully crafted file which + will allow the attacker to execute arbitrary code with the permissions + of the user running Cscope. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cscope users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5-r6" + + + CVE-2004-2541 + + + falco + + + falco + + + dizzutch + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-11.xml new file mode 100644 index 0000000000..a9a2921fc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-11.xml @@ -0,0 +1,64 @@ + + + + + JPEG library: Denial of Service + + The JPEG library is vulnerable to a Denial of Service. + + jpeg + June 11, 2006 + July 29, 2006: 02 + 130889 + remote + + + 6b-r7 + 6b-r7 + + + +

+ The JPEG library is able to load, handle and manipulate images in the + JPEG format. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the + vulnerable JPEG library ebuilds compile JPEG without the --maxmem + feature which is not recommended. +

+ + +

+ By enticing a user to load a specially crafted JPEG image file an + attacker could cause a Denial of Service, due to memory exhaustion. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ JPEG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/jpeg-6b-r7" + + + CVE-2006-3005 + + + falco + + + falco + + + daxomatic + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-12.xml new file mode 100644 index 0000000000..43b3e1e067 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-12.xml @@ -0,0 +1,93 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + Vulnerabilities in Mozilla Firefox allow privilege escalations for + JavaScript code, cross site scripting attacks, HTTP response smuggling and + possibly the execution of arbitrary code. + + mozilla-firefox + June 11, 2006 + June 11, 2006: 01 + 135254 + remote + + + 1.5.0.4 + 1.5.0.4 + + + 1.5.0.4 + 1.5.0.4 + + + +

+ Mozilla Firefox is the next-generation web browser from the + Mozilla project. +

+ + +

+ A number of vulnerabilities were found and fixed in Mozilla + Firefox. For details please consult the references below. +

+ + +

+ By enticing the user to visit a malicious website, a remote + attacker can inject arbitrary HTML and JavaScript Code into the user's + browser, execute JavaScript code with elevated privileges and possibly + execute arbitrary code with the permissions of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.4" +

+ All Mozilla Firefox binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.4" +

+ Note: There is no stable fixed version for the Alpha + architecture yet. Users of Mozilla Firefox on Alpha should consider + unmerging it until such a version is available. +

+ + + CVE-2006-2775 + CVE-2006-2776 + CVE-2006-2777 + CVE-2006-2778 + CVE-2006-2779 + CVE-2006-2780 + CVE-2006-2782 + CVE-2006-2783 + CVE-2006-2784 + CVE-2006-2785 + CVE-2006-2786 + CVE-2006-2787 + Mozilla Foundation Security Advisories + + + frilled + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-13.xml new file mode 100644 index 0000000000..8ba2156fe5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-13.xml @@ -0,0 +1,72 @@ + + + + + MySQL: SQL Injection + + MySQL is vulnerable to an SQL Injection flaw in the multi-byte encoding + process. + + MySQL + June 11, 2006 + December 13, 2006: 04 + 135076 + remote + + + 5.0.22 + 4.1.20 + 4.1.21 + 4.1.22 + 4.1 + 5.0.22 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL server. +

+ + +

+ MySQL is vulnerable to an injection flaw in mysql_real_escape() when + used with multi-byte characters. +

+ + +

+ Due to a flaw in the multi-byte character process, an attacker is still + able to inject arbitary SQL statements into the MySQL server for + execution. +

+ + +

+ There are a few workarounds available: NO_BACKSLASH_ESCAPES mode as a + workaround for a bug in mysql_real_escape_string(): SET + sql_mode='NO_BACKSLASH_ESCAPES'; SET GLOBAL + sql_mode='NO_BACKSLASH_ESCAPES'; and server command line options: + --sql-mode=NO_BACKSLASH_ESCAPES. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.1.20" + + + CVE-2006-2753 + + + falco + + + falco + + + daxomatic + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-14.xml new file mode 100644 index 0000000000..dbf89202e1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-14.xml @@ -0,0 +1,64 @@ + + + + + GDM: Privilege escalation + + An authentication error in GDM could allow users to gain elevated + privileges. + + gdm + June 12, 2006 + June 19, 2006: 02 + 135027 + local + + + 2.8.0.8 + 2.8.0.8 + + + +

+ GDM is the GNOME display manager. +

+ + +

+ GDM allows a normal user to access the configuration manager. +

+ + +

+ When the "face browser" in GDM is enabled, a normal user can use the + "configure login manager" with his/her own password instead of the root + password, and thus gain additional privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GDM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-base/gdm-2.8.0.8" + + + Gnome Bugzilla entry + CVE-2006-2452 + + + falco + + + daxomatic + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-15.xml new file mode 100644 index 0000000000..79dba3e6f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-15.xml @@ -0,0 +1,66 @@ + + + + + Asterisk: IAX2 video frame buffer overflow + + Asterisk contains a bug in the IAX2 channel driver making it vulnerable to + the remote execution of arbitrary code. + + asterisk + June 14, 2006 + June 14, 2006: 01 + 135680 + remote + + + 1.0.11_p1 + 1.0.11_p1 + + + +

+ Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +

+ + +

+ Asterisk fails to properly check the length of truncated video frames + in the IAX2 channel driver which results in a buffer overflow. +

+ + +

+ An attacker could exploit this vulnerability by sending a specially + crafted IAX2 video stream resulting in the execution of arbitrary code + with the permissions of the user running Asterisk. +

+ + +

+ Disable public IAX2 support. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.0.11_p1" + + + CVE-2006-2898 + Corelabs Asterisk PBX truncated video frame vulnerability advisory + + + falco + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-16.xml new file mode 100644 index 0000000000..1034751585 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-16.xml @@ -0,0 +1,66 @@ + + + + + DokuWiki: PHP code injection + + A flaw in DokuWiki's spell checker allows for the execution of arbitrary + PHP commands, even without proper authentication. + + DokuWiki + June 14, 2006 + June 14, 2006: 01 + 135623 + remote + + + 20060309-r1 + 20060309-r1 + + + +

+ DokuWiki is a simple to use wiki targeted at developer teams, + workgroups and small companies. +

+ + +

+ Stefan Esser discovered that the DokuWiki spell checker fails to + properly sanitize PHP's "complex curly syntax". +

+ + +

+ A unauthenticated remote attacker may execute arbitrary PHP commands - + and thus possibly arbitrary system commands - with the permissions of + the user running the webserver that serves DokuWiki pages. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All DokuWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309-r1" + + + Hardened-PHP advisory + CVE-2006-2878 + + + falco + + + frilled + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-17.xml new file mode 100644 index 0000000000..c4af643527 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-17.xml @@ -0,0 +1,67 @@ + + + + + OpenLDAP: Buffer overflow + + The OpenLDAP replication server slurpd contains a buffer overflow that + could result in arbitrary code execution. + + net-nds/openldap + June 15, 2006 + June 15, 2006: 01 + 134010 + local + + + 2.3.22 + 2.3.22 + + + +

+ OpenLDAP is a suite of LDAP-related applications and development tools. + It includes slapd (the standalone LDAP server), slurpd (the standalone + LDAP replication server), various LDAP libraries, utilities and example + clients. +

+ + +

+ slurpd contains a buffer overflow when reading very long hostnames from + the status file. +

+ + +

+ By injecting an overly long hostname in the status file, an attacker + could possibly cause the execution of arbitrary code with the + permissions of the user running slurpd. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All openLDAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.22" + + + CVE-2006-2754 + + + falco + + + jaervosz + + + SeJo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-18.xml new file mode 100644 index 0000000000..43524c844e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-18.xml @@ -0,0 +1,68 @@ + + + + + PAM-MySQL: Multiple vulnerabilities + + Vulnerabilities in PAM-MySQL can lead to a Denial of Service, making it + impossible to log into a machine. + + pam_mysql + June 15, 2006 + July 29, 2006: 02 + 120842 + local + + + 0.7_rc1 + 0.7_rc1 + + + +

+ PAM-MySQL is a PAM module used to authenticate users against a MySQL + backend. +

+ + +

+ A flaw in handling the result of pam_get_item() as well as further + unspecified flaws were discovered in PAM-MySQL. +

+ + +

+ By exploiting the mentioned flaws an attacker can cause a Denial of + Service and thus prevent users that authenticate against PAM-MySQL from + logging into a machine. There is also a possible additional attack + vector with more malicious impact that has not been confirmed yet. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PAM-MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_mysql-0.7_rc1" + + + Official release information + CVE-2005-4713 + CVE-2006-0056 + + + falco + + + falco + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-19.xml new file mode 100644 index 0000000000..f16f72e72f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-19.xml @@ -0,0 +1,73 @@ + + + + + Sendmail: Denial of Service + + Faulty multipart MIME messages can cause forked Sendmail processes to + crash. + + sendmail + June 15, 2006 + June 15, 2006: 01 + 135141 + remote + + + 8.13.6-r1 + 8.13.6-r1 + + + +

+ Sendmail is a popular mail transfer agent (MTA). +

+ + +

+ Frank Sheiness discovered that the mime8to7() function can recurse + endlessly during the decoding of multipart MIME messages until the + stack of the process is filled and the process crashes. +

+ + +

+ By sending specially crafted multipart MIME messages, a remote + attacker can cause a subprocess forked by Sendmail to crash. If + Sendmail is not set to use a randomized queue processing, the attack + will effectively halt the delivery of queued mails as well as the + malformed one, incoming mail delivered interactively is not affected. + Additionally, on systems where core dumps with an individual naming + scheme (like "core.pid") are enabled, a filesystem may fill up with + core dumps. Core dumps are disabled by default in Gentoo. +

+ + +

+ The Sendmail 8.13.7 release information offers some workarounds, please + see the Reference below. Note that the issue has actually been fixed in + the 8.13.6-r1 ebuild. +

+ + +

+ All Sendmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6-r1" + + + CVE-2006-1173 + Sendmail 8.13.7 release information + + + jaervosz + + + frilled + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-20.xml new file mode 100644 index 0000000000..106e157a00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-20.xml @@ -0,0 +1,66 @@ + + + + + Typespeed: Remote execution of arbitrary code + + A buffer overflow in the network code of Typespeed can lead to the + execution of arbitrary code. + + typespeed + June 19, 2006 + June 19, 2006: 01 + 135071 + remote + + + 0.5.0 + 0.5.0 + + + +

+ Typespeed is a game to test and practice 10-finger-typing. Network code + allows two users to compete head-to-head. +

+ + +

+ Niko Tyni discovered a buffer overflow in the addnewword() function of + Typespeed's network code. +

+ + +

+ By sending specially crafted network packets to a machine running + Typespeed in multiplayer mode, a remote attacker can execute arbitrary + code with the permissions of the user running the game. +

+ + +

+ Do not run Typespeed in multiplayer mode. There is no known workaround + at this time for multiplayer mode. +

+ + +

+ All Typespeed users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-misc/typespeed-0.5.0" + + + CVE-2006-1515 + + + falco + + + frilled + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-21.xml new file mode 100644 index 0000000000..d517b9d00b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-21.xml @@ -0,0 +1,88 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Several vulnerabilities in Mozilla Thunderbird allow cross site scripting, + JavaScript privilege escalation and possibly execution of arbitrary code. + + mozilla-thunderbird + June 19, 2006 + June 19, 2006: 01 + 135256 + remote + + + 1.5.0.4 + 1.5.0.4 + + + 1.5.0.4 + 1.5.0.4 + + + +

+ Mozilla Thunderbird is the next-generation mail client from the Mozilla + project. +

+ + +

+ Several vulnerabilities were found and fixed in Mozilla Thunderbird. + For details, please consult the references below. +

+ + +

+ A remote attacker could craft malicious emails that would leverage + these issues to inject and execute arbitrary script code with elevated + privileges, spoof content, and possibly execute arbitrary code with the + rights of the user running the application. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.4" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.4" +

+ Note: There is no stable fixed version for the Alpha architecture yet. + Users of Mozilla Thunderbird on Alpha should consider unmerging it + until such a version is available. +

+ + + CVE-2006-2775 + CVE-2006-2776 + CVE-2006-2778 + CVE-2006-2779 + CVE-2006-2780 + CVE-2006-2781 + CVE-2006-2783 + CVE-2006-2786 + CVE-2006-2787 + Mozilla Foundation Security Advisories + + + frilled + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-22.xml new file mode 100644 index 0000000000..fea23a7708 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-22.xml @@ -0,0 +1,64 @@ + + + + + aRts: Privilege escalation + + The artswrapper part of aRts allows local users to execute arbitrary code + with elevated privileges. + + aRts + June 22, 2006 + June 22, 2006: 01 + 135970 + local + + + 3.5.2-r1 + 3.4.3-r1 + 3.5.2-r1 + + + +

+ aRts is a real time modular system for synthesizing audio used by KDE. + artswrapper is a helper application used to start the aRts daemon. +

+ + +

+ artswrapper fails to properly check whether it can drop privileges + accordingly if setuid() fails due to a user exceeding assigned resource + limits. +

+ + +

+ Local attackers could exploit this vulnerability to execute arbitrary + code with elevated privileges. Note that the aRts package provided by + Gentoo is only vulnerable if the artswrappersuid USE-flag is enabled. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All aRts users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/arts + + + CVE-2006-2916 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-23.xml new file mode 100644 index 0000000000..d1d0df32f0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-23.xml @@ -0,0 +1,78 @@ + + + + + KDM: Symlink vulnerability + + KDM is vulnerable to a symlink vulnerability that can lead to disclosure of + information. + + kdebase, KDM + June 22, 2006 + June 24, 2006: 02 + 136201 + local + + + 3.5.2-r2 + 3.4.3-r2 + 3.5.2-r2 + + + 3.5.2-r1 + 3.4.3-r2 + 3.5.2-r1 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KDM is the KDE Display Manager and is part + of the kdebase package. +

+ + +

+ Ludwig Nussel discovered that KDM could be tricked into allowing users + to read files that would otherwise not be readable. +

+ + +

+ A local attacker could exploit this issue to obtain potentially + sensitive information that is usually not accessable to the local user + such as shadow files or other user's files. The default Gentoo user + running KDM is root and, as a result, the local attacker can read any + file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdebase users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdebase +

+ All KDE split ebuild users should upgrade to the latest KDM version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose kde-base/kdm + + + KDE Security Advisory: KDM symlink attack vulnerability + CVE-2006-2449 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-24.xml new file mode 100644 index 0000000000..fb1eab0a78 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-24.xml @@ -0,0 +1,64 @@ + + + + + wv2: Integer overflow + + An integer overflow could allow an attacker to execute arbitrary code. + + wv2 + June 23, 2006 + June 23, 2006: 01 + 136759 + remote + + + 0.2.3 + 0.2.3 + + + +

+ wv2 is a filter library for Microsoft Word files, used in many Office + suites. +

+ + +

+ A boundary checking error was found in wv2, which could lead to an + integer overflow. +

+ + +

+ An attacker could execute arbitrary code with the rights of the user + running the program that uses the library via a maliciously crafted + Microsoft Word document. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All wv2 users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/wv2-0.2.3" + + + CVE 2006-2197 + + + DerCorny + + + hlieberman + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-25.xml new file mode 100644 index 0000000000..e2cde2516a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-25.xml @@ -0,0 +1,67 @@ + + + + + Hashcash: Possible heap overflow + + A heap overflow vulnerability in the Hashcash utility could allow an + attacker to execute arbitrary code. + + hashcash + June 26, 2006 + July 29, 2006: 02 + 134960 + remote + + + 1.21 + 1.21 + + + +

+ Hashcash is a utility for generating Hashcash tokens, a proof-of-work + system to reduce the impact of spam. +

+ + +

+ Andreas Seltenreich has reported a possible heap overflow in the + array_push() function in hashcash.c, as a result of an incorrect amount + of allocated memory for the "ARRAY" structure. +

+ + +

+ By sending malicious entries to the Hashcash utility, an attacker may + be able to cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Hashcash users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.21" + + + Hashcash ChangeLog + CVE-2006-3251 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-26.xml new file mode 100644 index 0000000000..1c9bfd7976 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-26.xml @@ -0,0 +1,64 @@ + + + + + EnergyMech: Denial of Service + + A Denial of Service vulnerability was discovered in EnergyMech that is + easily exploitable via IRC. + + emech + June 26, 2006 + July 29, 2006: 02 + 132749 + remote + + + 3.0.2 + 3.0.2 + + + +

+ EnergyMech is an IRC bot programmed in C. +

+ + +

+ A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and + will cause a crash from a segmentation fault. +

+ + +

+ By sending an empty CTCP NOTICE, a remote attacker could exploit this + vulnerability to cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All EnergyMech users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/emech-3.0.2" + + + EnergyMech Changelog + CVE-2006-3293 + + + jaervosz + + + hlieberman + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-27.xml new file mode 100644 index 0000000000..93416ecae5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-27.xml @@ -0,0 +1,65 @@ + + + + + Mutt: Buffer overflow + + Mutt contains a buffer overflow that could result in arbitrary code + execution. + + mutt + June 28, 2006 + June 28, 2006: 01 + 138125 + remote + + + 1.5.11-r2 + 1.5.11-r2 + + + +

+ Mutt is a small but very powerful text-based mail client. +

+ + +

+ TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in + the "browse_get_namespace()" function in browse.c, which can be + triggered when receiving an overly long namespace from an IMAP server. +

+ + +

+ A malicious IMAP server can send an overly long namespace to Mutt in + order to crash the application, and possibly execute arbitrary code + with the permissions of the user running Mutt. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mutt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mutt-1.5.11-r2" + + + CVE-2006-3242 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-28.xml new file mode 100644 index 0000000000..b55ba57039 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-28.xml @@ -0,0 +1,63 @@ + + + + + Horde Web Application Framework: XSS vulnerability + + The Horde Web Application Framework is vulnerable to a cross-site scripting + vulnerability. + + horde + June 29, 2006 + June 29, 2006: 01 + 136830 + remote + + + 3.1.1-r1 + 3.1.1-r1 + + + +

+ The Horde Web Application Framework is a general-purpose web + application framework written in PHP, providing classes for handling + preferences, compression, browser detection, connection tracking, MIME, + and more. +

+ + +

+ Michael Marek discovered that the Horde Web Application Framework + performs insufficient input sanitizing. +

+ + +

+ An attacker could exploit these vulnerabilities to execute arbitrary + scripts running in the context of the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All horde users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.1-r1" + + + CVE-2006-2195 + + + dizzutch + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-29.xml new file mode 100644 index 0000000000..a877330588 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-29.xml @@ -0,0 +1,64 @@ + + + + + Tikiwiki: SQL injection and multiple XSS vulnerabilities + + An SQL injection vulnerability and multiple XSS vulnerabilities have been + discovered. + + tikiwiki + June 29, 2006 + June 29, 2006: 01 + 136723 + 134483 + remote + + + 1.9.4 + 1.9.4 + + + +

+ Tikiwiki is a web-based groupware and content management system (CMS), + using PHP, ADOdb and Smarty. +

+ + +

+ Tikiwiki fails to properly sanitize user input before processing it, + including in SQL statements. +

+ + +

+ An attacker could execute arbitrary SQL statements on the underlying + database, or inject arbitrary scripts into the context of a user's + browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tikiwiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.4" + + + CVE-2006-3048 + CVE-2006-3047 + + + shellsage + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-30.xml new file mode 100644 index 0000000000..cea0726d43 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200606-30.xml @@ -0,0 +1,67 @@ + + + + + Kiax: Arbitrary code execution + + A security vulnerability in the iaxclient library could lead to the + execution of arbitrary code by a remote attacker. + + kiax + June 30, 2006 + June 30, 2006: 01 + 136099 + remote + + + 0.8.5_p1 + 0.8.5_p1 + + + +

+ Kiax is a graphical softphone supporting the IAX protocol (Inter + Asterisk eXchange), which allows PC users to make VoIP calls to + Asterisk servers. +

+ + +

+ The iax_net_read function in the iaxclient library fails to properly + handle IAX2 packets with truncated full frames or mini-frames. These + frames are detected in a length check but processed anyway, leading to + buffer overflows. +

+ + +

+ By sending a specially crafted IAX2 packet, an attacker could execute + arbitrary code with the permissions of the user running Kiax. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Kiax users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/kiax-0.8.5_p1" + + + CVE-2006-2923 + + + falco + + + falco + + + dizzutch + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-01.xml new file mode 100644 index 0000000000..a2e990465d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-01.xml @@ -0,0 +1,64 @@ + + + + + mpg123: Heap overflow + + A heap overflow in mpg123 was discovered, which could result in the + execution of arbitrary code. + + mpg123 + July 03, 2006 + July 29, 2006: 02 + 133988 + remote + + + 0.59s-r11 + 0.59s-r11 + + + +

+ mpg123 is a real time audio player designed for the MPEG format. +

+ + +

+ In httpdget.c, a variable is assigned to the heap, and is supposed to + receive a smaller allocation. As this variable was not terminated + properly, strncpy() will overwrite the data assigned next in memory. +

+ + +

+ By enticing a user to visit a malicious URL, an attacker could possibly + execute arbitrary code with the rights of the user running mpg123. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg123 users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r11" + + + CVE-2006-3355 + + + jaervosz + + + hlieberman + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-02.xml new file mode 100644 index 0000000000..52bfc6c3b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-02.xml @@ -0,0 +1,65 @@ + + + + + FreeType: Multiple integer overflows + + Multiple remotely exploitable buffer overflows have been discovered in + FreeType, resulting in the execution of arbitrary code. + + FreeType + July 09, 2006 + September 03, 2006: 02 + 124828 + remote + + + 2.1.10-r2 + 2.0 + 2.1.10-r2 + + + +

+ FreeType is a portable font engine. +

+ + +

+ Multiple integer overflows exist in a variety of files (bdf/bdflib.c, + sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c). +

+ + +

+ A remote attacker could exploit these buffer overflows by enticing a + user to load a specially crafted font, which could result in the + execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeType users should upgrade to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r2" + + + CVE-2006-1861 + + + falco + + + hlieberman + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-03.xml new file mode 100644 index 0000000000..5dd5d186b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-03.xml @@ -0,0 +1,63 @@ + + + + + libTIFF: Multiple buffer overflows + + libTIFF contains buffer overflows that could result in arbitrary code + execution. + + tiff + July 09, 2006 + July 09, 2006: 01 + 135881 + remote + + + 3.8.2-r1 + 3.8.2-r1 + + + +

+ libTIFF provides support for reading and manipulating TIFF images. +

+ + +

+ A buffer overflow has been found in the t2p_write_pdf_string function + in tiff2pdf, which can been triggered with a TIFF file containing a + DocumentName tag with UTF-8 characters. An additional buffer overflow + has been found in the handling of the parameters in tiffsplit. +

+ + +

+ A remote attacker could entice a user to load a specially crafted TIFF + file, resulting in the possible execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libTIFF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r1" + + + CVE-2006-2193 + CVE-2006-2656 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-04.xml new file mode 100644 index 0000000000..fb9c91f87c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-04.xml @@ -0,0 +1,77 @@ + + + + + PostgreSQL: SQL injection + + A flaw in the multibyte character handling allows execution of arbitrary + SQL statements. + + postgresql + July 09, 2006 + June 26, 2007: 03 + 134168 + remote + + + 8.0.8 + 7.4* + 8.0.8 + 7.4.13 + + + +

+ PostgreSQL is an open source object-relational database management + system. +

+ + +

+ PostgreSQL contains a flaw in the string parsing routines that allows + certain backslash-escaped characters to be bypassed with some multibyte + character encodings. This vulnerability was discovered by Akio Ishida + and Yasuo Ohgaki. +

+ + +

+ An attacker could execute arbitrary SQL statements on the PostgreSQL + server. Be aware that web applications using PostgreSQL as a database + back-end might be used to exploit this vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PostgreSQL users should upgrade to the latest version in the + respective branch they are using: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose dev-db/postgresql +

+ Note: While a fix exists for the 7.3 branch it doesn't currently work + on Gentoo. All 7.3.x users of PostgreSQL should consider updating their + installations to the 7.4 (or higher) branch as soon as possible! +

+ + + PostgreSQL technical information + CVE-2006-2313 + CVE-2006-2314 + + + falco + + + frilled + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-05.xml new file mode 100644 index 0000000000..20681066f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-05.xml @@ -0,0 +1,73 @@ + + + + + SHOUTcast server: Multiple vulnerabilities + + The SHOUTcast server is vulnerable to a file disclosure vulnerability and + multiple XSS vulnerabilities. + + shoutcast + July 09, 2006 + July 29, 2006: 03 + 136721 + 136221 + remote + + + 1.9.7 + 1.9.7 + + + +

+ SHOUTcast server is a streaming audio server. +

+ + +

+ The SHOUTcast server is vulnerable to a file disclosure when the server + receives a specially crafted GET request. Furthermore it also fails to + sanitize the input passed to the "Description", "URL", "Genre", "AIM", + and "ICQ" fields. +

+ + +

+ By sending a specially crafted GET request to the SHOUTcast server, the + attacker can read any file that can be read by the SHOUTcast process. + Furthermore it is possible that various request variables could also be + exploited to execute arbitrary scripts in the context of a victim's + browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SHOUTcast server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/shoutcast-server-bin-1.9.7" + + + Original advisory + SA20524 + CVE-2006-3007 + CVE-2006-3534 + CVE-2006-3535 + + + jaervosz + + + daxomatic + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-06.xml new file mode 100644 index 0000000000..6db1c7610f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-06.xml @@ -0,0 +1,80 @@ + + + + + libpng: Buffer overflow + + A buffer overflow has been found in the libpng library that could lead to + the execution of arbitrary code. + + libpng + July 19, 2006 + July 19, 2006: 01 + 138433 + 138672 + remote + + + 1.2.12 + 1.2.12 + + + 2.5.1 + 2.5.1 + + + +

+ libpng is an open, extensible image format library, with lossless + compression. +

+ + +

+ In pngrutil.c, the function png_decompress_chunk() allocates + insufficient space for an error message, potentially overwriting stack + data, leading to a buffer overflow. +

+ + +

+ By enticing a user to load a maliciously crafted PNG image, an attacker + could execute arbitrary code with the rights of the user, or crash the + application using the libpng library, such as the + emul-linux-x86-baselibs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.12" +

+ All AMD64 emul-linux-x86-baselibs users should also upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.1" + + + libpng Changelog + CVE-2006-3334 + + + falco + + + daxomatic + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-07.xml new file mode 100644 index 0000000000..5a394049a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-07.xml @@ -0,0 +1,65 @@ + + + + + xine-lib: Buffer overflow + + A buffer overflow has been found in the libmms library shipped with + xine-lib, potentially resulting in the execution of arbitrary code. + + xine-lib + July 20, 2006 + July 20, 2006: 01 + 139319 + remote + + + 1.1.2-r2 + 1.1.2-r2 + + + +

+ xine-lib is the core library of xine, a multimedia player. +

+ + +

+ There is a stack based overflow in the libmms library included with + xine-lib which can be triggered by malicious use of the send_command, + string_utf16, get_data and get_media_packet functions. +

+ + +

+ A remote attacker could design a malicious media file that would + trigger the overflow, potentially resulting in the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r2" + + + CVE-2006-2200 + + + jaervosz + + + daxomatic + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-08.xml new file mode 100644 index 0000000000..ed8a087469 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-08.xml @@ -0,0 +1,65 @@ + + + + + GIMP: Buffer overflow + + GIMP is prone to a buffer overflow which may lead to the execution of + arbitrary code when loading specially crafted XCF files. + + gimp + July 23, 2006 + July 24, 2006: 02 + 139524 + remote + + + 2.2.12 + 2.2.12 + + + +

+ GIMP is the GNU Image Manipulation Program. XCF is the native image + file format used by GIMP. +

+ + +

+ Henning Makholm discovered that the "xcf_load_vector()" function is + vulnerable to a buffer overflow when loading a XCF file with a large + "num_axes" value. +

+ + +

+ An attacker could exploit this issue to execute arbitrary code by + enticing a user to open a specially crafted XCF file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GIMP users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.2.12" + + + CVE-2006-3404 + + + jaervosz + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-09.xml new file mode 100644 index 0000000000..93b1992155 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-09.xml @@ -0,0 +1,89 @@ + + + + + Wireshark: Multiple vulnerabilities + + Wireshark (formerly known as Ethereal) is vulnerable to several security + issues, potentially allowing the execution of arbitrary code by a remote + attacker. + + wireshark ethereal + July 25, 2006 + July 25, 2006: 01 + 140856 + remote + + + 0.99.2 + 0.99.2 + + + 0.99.0-r1 + + + +

+ Wireshark, formerly known as Ethereal, is a popular network protocol + analyzer. +

+ + +

+ Wireshark dissectors have been found vulnerable to a large number of + exploits, including off-by-one errors, buffer overflows, format string + overflows and an infinite loop. +

+ + +

+ Running an affected version of Wireshark or Ethereal could allow for a + remote attacker to execute arbitrary code on the user's computer by + sending specially crafted packets. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2" +

+ All Ethereal users should migrate to Wireshark: +

+ + # emerge --sync + # emerge --ask --unmerge net-analyzer/ethereal + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2" +

+ To keep the [saved] configuration from Ethereal and reuse it with + Wireshark: +

+ + # mv ~/.ethereal ~/.wireshark + + + Wireshark wnpa-sec-2006-01 + CVE-2006-3627 + CVE-2006-3628 + CVE-2006-3629 + CVE-2006-3630 + CVE-2006-3631 + CVE-2006-3632 + + + koon + + + dizzutch + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-10.xml new file mode 100644 index 0000000000..8bf0b5aff9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-10.xml @@ -0,0 +1,67 @@ + + + + + Samba: Denial of Service vulnerability + + A large number of share connection requests could cause a Denial of Service + within Samba. + + samba + July 25, 2006 + July 25, 2006: 01 + 139369 + remote + + + 3.0.22-r3 + 3.0.22-r3 + + + +

+ Samba is a freely available SMB/CIFS implementation which allows + seamless interoperability of file and print services to other SMB/CIFS + clients. +

+ + +

+ During an internal audit the Samba team discovered that a flaw in the + way Samba stores share connection requests could lead to a Denial of + Service. +

+ + +

+ By sending a large amount of share connection requests to a vulnerable + Samba server, an attacker could cause a Denial of Service due to memory + consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.22-r3" + + + CVE-2006-3403 + + + koon + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-11.xml new file mode 100644 index 0000000000..489e3f3055 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-11.xml @@ -0,0 +1,64 @@ + + + + + TunePimp: Buffer overflow + + A vulnerability in TunePimp has been reported which could lead to the + execution of arbitrary code. + + Tunepimp + July 28, 2006 + June 01, 2007: 02 + 140184 + remote + + + 0.5.0 + 0.4.2 + + + +

+ The TunePimp library (also referred to as libtunepimp) is a development + library geared towards developers who wish to create MusicBrainz + enabled tagging applications. +

+ + +

+ Kevin Kofler has reported a vulnerability where three stack variables + are allocated with 255, 255 and 100 bytes respectively, yet 256 bytes + are read into each. This could lead to buffer overflows. +

+ + +

+ Running an affected version of TunePimp could lead to the execution of + arbitrary code by a remote attacker. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All tunepimp users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tunepimp-0.5." + + + CVE-2006-3600 + MusicBrainz bug #1764 + + + dizzutch + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-12.xml new file mode 100644 index 0000000000..407f5074af --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-12.xml @@ -0,0 +1,81 @@ + + + + + OpenOffice.org: Multiple vulnerabilities + + OpenOffice.org is affected by three security vulnerabilities which can be + exploited to allow the execution of arbitrary code by a remote attacker. + + OpenOffice.org + July 28, 2006 + July 28, 2006: 01 + 138545 + remote + + + 2.0.3 + 2.0.3 + + + 2.0.3 + 2.0.3 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ Internal security audits by OpenOffice.org have discovered three + security vulnerabilities related to Java applets, macros and the XML + file format parser. +

+
  • Specially crafted Java applets can + break through the "sandbox".
    • +
  • Specially crafted macros make it + possible to inject BASIC code into documents which is executed when the + document is loaded.
    • +
  • Loading a malformed XML file can cause a + buffer overflow.
    • +
+ + +

+ An attacker might exploit these vulnerabilities to escape the Java + sandbox, execute arbitrary code or BASIC code with the permissions of + the user running OpenOffice.org. +

+ + +

+ Disabling Java applets will protect against the vulnerability in the + handling of Java applets. There are no workarounds for the macro and + file format vulnerabilities. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.3" + + + OpenOffice.org Security Bulletin 2006-06-29 + CVE-2006-2199 + CVE-2006-2198 + CVE-2006-3117 + + + dizzutch + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-13.xml new file mode 100644 index 0000000000..ca6c6ddeb0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200607-13.xml @@ -0,0 +1,67 @@ + + + + + Audacious: Multiple heap and buffer overflows + + The adplug library included in Audacious is vulnerable to various overflows + that could result in the execution of arbitrary code. + + audacious + July 29, 2006 + July 29, 2006: 01 + 139957 + remote + + + 1.1.0 + 1.1.0 + + + +

+ Audacious is a media player that has been forked from Beep Media + Player. +

+ + +

+ Luigi Auriemma has found that the adplug library fails to verify the + size of the destination buffers in the unpacking instructions, + resulting in various possible heap and buffer overflows. +

+ + +

+ An attacker can entice a user to load a specially crafted media file, + resulting in a crash or possible execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Audacious users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/audacious-1.1.0" + + + BugTraq Announcement + CVE-2006-3581 + CVE-2006-3582 + + + jaervosz + + + daxomatic + + + koon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-01.xml new file mode 100644 index 0000000000..171f078a0f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-01.xml @@ -0,0 +1,71 @@ + + + + + Apache: Off-by-one flaw in mod_rewrite + + A flaw in mod_rewrite could result in a Denial of Service or the execution + of arbitrary code. + + apache + August 01, 2006 + December 30, 2007: 02 + 141986 + remote + + + 1.3.34-r14 + 1.3.37 + 2.0.58-r2 + 2.0.58-r2 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + Internet. The Apache module mod_rewrite provides a rule-based engine to + rewrite requested URLs on the fly. +

+ + +

+ An off-by-one flaw has been found in Apache's mod_rewrite module by + Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on + the types of rewrite rules being used. +

+ + +

+ A remote attacker could exploit the flaw to cause a Denial of Service + or execution of arbitrary code. Note that Gentoo Linux is not + vulnerable in the default configuration. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose www-servers/apache + + + CVE-2006-3747 + Apache HTTP Server 2.0 Announcement + Apache HTTP Server 1.3 Announcement + + + vorlon078 + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-02.xml new file mode 100644 index 0000000000..41fe3ae0ba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-02.xml @@ -0,0 +1,129 @@ + + + + + Mozilla SeaMonkey: Multiple vulnerabilities + + The Mozilla Foundation has reported numerous security vulnerabilities + related to Mozilla SeaMonkey. + + SeaMonkey + August 03, 2006 + August 03, 2006: 01 + 141842 + remote + + + 1.0.3 + 1.0.3 + + + +

+ The Mozilla SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as "Mozilla Application Suite". +

+ + +

+ The following vulnerabilities have been reported: +

+
    +
  • Benjamin Smedberg discovered that chrome URL's could be made to + reference remote files.
    • +
  • Developers in the Mozilla community + looked for and fixed several crash bugs to improve the stability of + Mozilla clients, which could lead to the execution of arbitrary code by + a remote attacker.
    • +
  • "shutdown" reports that cross-site + scripting (XSS) attacks could be performed using the construct + XPCNativeWrapper(window).Function(...), which created a function that + appeared to belong to the window in question even after it had been + navigated to the target site.
    • +
  • "shutdown" reports that scripts + granting the UniversalBrowserRead privilege can leverage that into the + equivalent of the far more powerful UniversalXPConnect since they are + allowed to "read" into a privileged context.
    • +
  • "moz_bug_r_a4" + reports that A malicious Proxy AutoConfig (PAC) server could serve a + PAC script that can execute code with elevated privileges by setting + the required FindProxyForURL function to the eval method on a + privileged object that leaked into the PAC sandbox.
    • +
  • "moz_bug_r_a4" discovered that Named JavaScript functions have a + parent object created using the standard Object() constructor + (ECMA-specified behavior) and that this constructor can be redefined by + script (also ECMA-specified behavior).
    • +
  • Igor Bukanov and + shutdown found additional places where an untimely garbage collection + could delete a temporary object that was in active use.
    • +
  • Georgi + Guninski found potential integer overflow issues with long strings in + the toSource() methods of the Object, Array and String objects as well + as string function arguments.
    • +
  • H. D. Moore reported a testcase + that was able to trigger a race condition where JavaScript garbage + collection deleted a temporary variable still being used in the + creation of a new Function object.
    • +
  • A malicious page can hijack + native DOM methods on a document object in another domain, which will + run the attacker's script when called by the victim page.
    • +
  • Secunia Research has discovered a vulnerability which is caused due + to an memory corruption error within the handling of simultaneously + happening XPCOM events. This leads to use of a deleted timer + object.
    • +
  • An anonymous researcher for TippingPoint and the Zero + Day Initiative showed that when used in a web page Java would reference + properties of the window.navigator object as it started up.
    • +
  • Thilo Girmann discovered that in certain circumstances a JavaScript + reference to a frame or window was not properly cleared when the + referenced content went away.
    • +
+ + +

+ A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.3" + + + CVE-2006-3113 + CVE-2006-3677 + CVE-2006-3801 + CVE-2006-3802 + CVE-2006-3803 + CVE-2006-3804 + CVE-2006-3805 + CVE-2006-3806 + CVE-2006-3807 + CVE-2006-3808 + CVE-2006-3809 + CVE-2006-3810 + CVE-2006-3811 + CVE-2006-3812 + + + DerCorny + + + dizzutch + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-03.xml new file mode 100644 index 0000000000..b551ff20a9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-03.xml @@ -0,0 +1,133 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + The Mozilla Foundation has reported numerous security vulnerabilities + related to Mozilla Firefox. + + Firefox + August 03, 2006 + August 03, 2006: 01 + 141842 + remote + + + 1.5.0.5 + 1.5.0.5 + + + 1.5.0.5 + 1.5.0.5 + + + +

+ Mozilla Firefox is a redesign of the Mozilla Navigator component. The + goal is to produce a cross-platform stand-alone browser application. +

+ + +

+ The following vulnerabilities have been reported: +

+
    +
  • Benjamin Smedberg discovered that chrome URL's could be made to + reference remote files.
    • +
  • Developers in the Mozilla community + looked for and fixed several crash bugs to improve the stability of + Mozilla clients.
    • +
  • "shutdown" reports that cross-site scripting + (XSS) attacks could be performed using the construct + XPCNativeWrapper(window).Function(...), which created a function that + appeared to belong to the window in question even after it had been + navigated to the target site.
    • +
  • "shutdown" reports that scripts + granting the UniversalBrowserRead privilege can leverage that into the + equivalent of the far more powerful UniversalXPConnect since they are + allowed to "read" into a privileged context.
    • +
  • "moz_bug_r_a4" + reports that A malicious Proxy AutoConfig (PAC) server could serve a + PAC script that can execute code with elevated privileges by setting + the required FindProxyForURL function to the eval method on a + privileged object that leaked into the PAC sandbox.
    • +
  • "moz_bug_r_a4" discovered that Named JavaScript functions have a + parent object created using the standard Object() constructor + (ECMA-specified behavior) and that this constructor can be redefined by + script (also ECMA-specified behavior).
    • +
  • Igor Bukanov and + shutdown found additional places where an untimely garbage collection + could delete a temporary object that was in active use.
    • +
  • Georgi + Guninski found potential integer overflow issues with long strings in + the toSource() methods of the Object, Array and String objects as well + as string function arguments.
    • +
  • H. D. Moore reported a testcase + that was able to trigger a race condition where JavaScript garbage + collection deleted a temporary variable still being used in the + creation of a new Function object.
    • +
  • A malicious page can hijack + native DOM methods on a document object in another domain, which will + run the attacker's script when called by the victim page.
    • +
  • Secunia Research has discovered a vulnerability which is caused due + to an memory corruption error within the handling of simultaneously + happening XPCOM events. This leads to use of a deleted timer + object.
    • +
  • An anonymous researcher for TippingPoint and the Zero + Day Initiative showed that when used in a web page Java would reference + properties of the window.navigator object as it started up.
    • +
  • Thilo Girmann discovered that in certain circumstances a JavaScript + reference to a frame or window was not properly cleared when the + referenced content went away.
    • +
+ + +

+ A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.5" +

+ Users of the binary package should upgrade as well: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.5" + + + CVE-2006-3113 + CVE-2006-3677 + CVE-2006-3801 + CVE-2006-3802 + CVE-2006-3803 + CVE-2006-3805 + CVE-2006-3806 + CVE-2006-3807 + CVE-2006-3808 + CVE-2006-3809 + CVE-2006-3810 + CVE-2006-3811 + CVE-2006-3812 + + + dizzutch + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-04.xml new file mode 100644 index 0000000000..0e405f7d3d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-04.xml @@ -0,0 +1,126 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + The Mozilla Foundation has reported numerous security vulnerabilities + related to Mozilla Thunderbird. + + Thunderbird + August 03, 2006 + August 03, 2006: 01 + 141842 + remote + + + 1.5.0.5 + 1.5.0.5 + + + 1.5.0.5 + 1.5.0.5 + + + +

+ The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail + component. The goal is to produce a cross-platform stand-alone mail + application using XUL (XML User Interface Language). +

+ + +

+ The following vulnerabilities have been reported: +

+
    +
  • Benjamin Smedberg discovered that chrome URLss could be made to + reference remote files.
    • +
  • Developers in the Mozilla community + looked for and fixed several crash bugs to improve the stability of + Mozilla clients.
    • +
  • "shutdown" reports that cross-site scripting + (XSS) attacks could be performed using the construct + XPCNativeWrapper(window).Function(...), which created a function that + appeared to belong to the window in question even after it had been + navigated to the target site.
    • +
  • "shutdown" reports that scripts + granting the UniversalBrowserRead privilege can leverage that into the + equivalent of the far more powerful UniversalXPConnect since they are + allowed to "read" into a privileged context.
    • +
  • "moz_bug_r_a4" + discovered that Named JavaScript functions have a parent object created + using the standard Object() constructor (ECMA-specified behavior) and + that this constructor can be redefined by script (also ECMA-specified + behavior).
    • +
  • Igor Bukanov and shutdown found additional places + where an untimely garbage collection could delete a temporary object + that was in active use.
    • +
  • Georgi Guninski found potential + integer overflow issues with long strings in the toSource() methods of + the Object, Array and String objects as well as string function + arguments.
    • +
  • H. D. Moore reported a testcase that was able to + trigger a race condition where JavaScript garbage collection deleted a + temporary variable still being used in the creation of a new Function + object.
    • +
  • A malicious page can hijack native DOM methods on a + document object in another domain, which will run the attacker's script + when called by the victim page.
    • +
  • Secunia Research has + discovered a vulnerability which is caused due to an memory corruption + error within the handling of simultaneously happening XPCOM events. + This leads to use of a deleted timer object.
    • +
+ + +

+ A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.5" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.5" + + + CVE-2006-3113 + CVE-2006-3802 + CVE-2006-3803 + CVE-2006-3804 + CVE-2006-3805 + CVE-2006-3806 + CVE-2006-3807 + CVE-2006-3809 + CVE-2006-3810 + CVE-2006-3811 + CVE-2006-3812 + + + DerCorny + + + dizzutch + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-05.xml new file mode 100644 index 0000000000..1f4a8436d2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-05.xml @@ -0,0 +1,66 @@ + + + + + LibVNCServer: Authentication bypass + + VNC servers created with LibVNCServer accept insecure protocol types, even + when the server does not offer it, resulting in unauthorized access to the + server. + + libvncserver + August 04, 2006 + August 04, 2006: 01 + 136916 + remote + + + 0.8.2 + 0.8.2 + + + +

+ LibVNCServer is a GPL'ed library for creating VNC servers. +

+ + +

+ LibVNCServer fails to properly validate protocol types effectively + letting users decide what protocol to use, such as "Type 1 - None". + LibVNCServer will accept this security type, even if it is not offered + by the server. +

+ + +

+ An attacker could use this vulnerability to gain unauthorized access + with the privileges of the user running the VNC server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LibVNCServer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.8.2" + + + CVE-2006-2450 + + + vorlon078 + + + vorlon078 + + + hlieberman + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-06.xml new file mode 100644 index 0000000000..51f1c4e9a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-06.xml @@ -0,0 +1,65 @@ + + + + + Courier MTA: Denial of Service vulnerability + + Courier MTA has fixed a DoS issue related to usernames containing a "=" + character. + + Courier + August 04, 2006 + August 04, 2006: 01 + 135005 + remote + + + 0.53.2 + 0.53.2 + + + +

+ Courier MTA is an integrated mail and groupware server based on open + protocols. +

+ + +

+ Courier MTA has fixed a security issue relating to usernames containing + the "=" character, causing high CPU utilization. +

+ + +

+ An attacker could exploit this vulnerability by sending a specially + crafted email to a mail gateway running a vulnerable version of Courier + MTA. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Courier MTA users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/courier-0.53.2" + + + CVE-2006-2659 + + + koon + + + koon + + + dizzutch + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-07.xml new file mode 100644 index 0000000000..0662daaa76 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-07.xml @@ -0,0 +1,69 @@ + + + + + libTIFF: Multiple vulnerabilities + + libTIFF contains several vulnerabilities that could result in arbitrary + code execution. + + tiff + August 04, 2006 + August 04, 2006: 01 + 142383 + remote + + + 3.8.2-r2 + 3.8.2-r2 + + + +

+ libTIFF provides support for reading and manipulating TIFF images. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered several heap and + stack buffer overflows and other flaws in libTIFF. The affected parts + include the TIFFFetchShortPair(), TIFFScanLineSize() and + EstimateStripByteCounts() functions, and the PixarLog and NeXT RLE + decoders. +

+ + +

+ A remote attacker could entice a user to open a specially crafted TIFF + file, resulting in the possible execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libTIFF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r2" + + + CVE-2006-3459 + CVE-2006-3460 + CVE-2006-3461 + CVE-2006-3462 + CVE-2006-3463 + CVE-2006-3464 + CVE-2006-3465 + + + falco + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-08.xml new file mode 100644 index 0000000000..03090349b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-08.xml @@ -0,0 +1,65 @@ + + + + + GnuPG: Integer overflow vulnerability + + GnuPG is vulnerable to an integer overflow that could lead to the execution + of arbitrary code. + + gnupg + August 05, 2006 + August 08, 2006: 02 + 142248 + remote + + + 1.4.5 + 1.4.5 + + + +

+ The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite + of cryptographic software. +

+ + +

+ Evgeny Legerov discovered a vulnerability in GnuPG that when certain + packets are handled an integer overflow may occur. +

+ + +

+ By sending a specially crafted email to a user running an affected + version of GnuPG, a remote attacker could possibly execute arbitrary + code with the permissions of the user running GnuPG. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuPG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*" + + + CVE-2006-3746 + + + koon + + + dizzutch + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-09.xml new file mode 100644 index 0000000000..753f527709 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-09.xml @@ -0,0 +1,66 @@ + + + + + MySQL: Denial of Service + + An authenticated user can crash MySQL through invalid parameters to the + date_format function. + + mysql + August 06, 2006 + August 07, 2006: 02 + 142429 + remote + + + 4.1.21 + 4.1.0 + 4.1.21 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL server. +

+ + +

+ Jean-David Maillefer discovered a format string vulnerability in + time.cc where MySQL fails to properly handle specially formatted user + input to the date_format function. +

+ + +

+ By specifying a format string as the first parameter to the date_format + function, an authenticated attacker could cause MySQL to crash, + resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --verbose --oneshot ">=dev-db/mysql-4.1.21" + + + CVE-2006-3469 + + + koon + + + koon + + + hlieberman + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-10.xml new file mode 100644 index 0000000000..d766b2a358 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-10.xml @@ -0,0 +1,65 @@ + + + + + pike: SQL injection vulnerability + + A flaw in the input handling could lead to the execution of arbitrary SQL + statements in the underlying PostgreSQL database. + + pike + August 06, 2006 + December 13, 2006: 02 + 136065 + remote + + + 7.6.86 + 7.6.86 + + + +

+ Pike is a general purpose programming language, able to be used for + multiple tasks. +

+ + +

+ Some input is not properly sanitised before being used in a SQL + statement in the underlying PostgreSQL database. +

+ + +

+ A remote attacker could provide malicious input to a pike program, + which might result in the execution of arbitrary SQL statements. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pike users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/pike-7.6.86" + + + Secunia Advisory SA20494 + CVE-2006-4041 + + + koon + + + koon + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-11.xml new file mode 100644 index 0000000000..45cb3d2de6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-11.xml @@ -0,0 +1,75 @@ + + + + + Webmin, Usermin: File Disclosure + + Webmin and Usermin are vulnerable to an arbitrary file disclosure through a + specially crafted URL. + + webmin/usermin + August 06, 2006 + August 06, 2006: 01 + 138552 + remote + + + 1.290 + 1.290 + + + 1.220 + 1.220 + + + +

+ Webmin is a web-based interface for Unix-like systems. Usermin is a + simplified version of Webmin designed for use by normal users rather + than system administrators. +

+ + +

+ A vulnerability in both Webmin and Usermin has been discovered by Kenny + Chen, wherein simplify_path is called before the HTML is decoded. +

+ + +

+ A non-authenticated user can read any file on the server using a + specially crafted URL. +

+ + +

+ For a temporary workaround, IP Access Control can be setup on Webmin + and Usermin. +

+ + +

+ All Webmin users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --verbose --oneshot ">=app-admin/webmin-1.290" +

+ All Usermin users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --verbose --oneshot ">=app-admin/usermin-1.220" + + + CVE-2006-3392 + + + + + koon + + + hlieberman + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-12.xml new file mode 100644 index 0000000000..22f8bb68df --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-12.xml @@ -0,0 +1,67 @@ + + + + + x11vnc: Authentication bypass in included LibVNCServer code + + VNC servers created with x11vnc accept insecure protocol types, even when + the server does not offer it, resulting in the possibility of unauthorized + access to the server. + + x11vnc + August 07, 2006 + August 07, 2006: 01 + 142559 + remote + + + 0.8.1 + 0.8.1 + + + +

+ x11vnc provides VNC servers for X displays. +

+ + +

+ x11vnc includes vulnerable LibVNCServer code, which fails to properly + validate protocol types effectively letting users decide what protocol + to use, such as "Type 1 - None" (GLSA-200608-05). x11vnc will accept + this security type, even if it is not offered by the server. +

+ + +

+ An attacker could exploit this vulnerability to gain unauthorized + access with the privileges of the user running the VNC server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All x11vnc users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/x11vnc-0.8.1" + + + CVE-2006-2450 + GLSA-200608-05 + + + jaervosz + + + koon + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-13.xml new file mode 100644 index 0000000000..1556aa6827 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-13.xml @@ -0,0 +1,65 @@ + + + + + ClamAV: Heap buffer overflow + + ClamAV is vulnerable to a heap-based buffer overflow resulting in a Denial + of Service and potentially remote execution of arbitrary code. + + clamav + August 08, 2006 + August 08, 2006: 02 + 143093 + remote + + + 0.88.4 + 0.88.4 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ Damian Put has discovered a boundary error in the pefromupx() function + used by the UPX extraction module, which unpacks PE Windows executable + files. Both the "clamscan" command-line utility and the "clamd" daemon + are affected. +

+ + +

+ By sending a malicious attachment to a mail server running ClamAV, a + remote attacker can cause a Denial of Service and potentially the + execution of arbitrary code with the permissions of the user running + ClamAV. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.4" + + + ClamAV security advisory + CVE-2006-4018 + + + falco + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-14.xml new file mode 100644 index 0000000000..806ab3eff6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-14.xml @@ -0,0 +1,67 @@ + + + + + DUMB: Heap buffer overflow + + A heap-based buffer overflow in DUMB could result in the execution of + arbitrary code. + + dumb + August 08, 2006 + August 08, 2006: 01 + 142387 + remote + + + 0.9.3-r1 + 0.9.3-r1 + + + +

+ DUMB (Dynamic Universal Music Bibliotheque) is an IT, XM, S3M and MOD + player library. +

+ + +

+ Luigi Auriemma found a heap-based buffer overflow in the + it_read_envelope function which reads the envelope values for volume, + pan and pitch of the instruments referenced in a ".it" (Impulse + Tracker) file with a large number of nodes. +

+ + +

+ By enticing a user to load a malicious ".it" (Impulse Tracker) file, an + attacker may execute arbitrary code with the rights of the user running + the application that uses a vulnerable DUMB library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users of DUMB should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/dumb-0.9.3-r1" + + + CVE-2006-3668 + + + koon + + + falco + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-15.xml new file mode 100644 index 0000000000..b22e412979 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-15.xml @@ -0,0 +1,68 @@ + + + + + MIT Kerberos 5: Multiple local privilege escalation vulnerabilities + + Some applications shipped with MIT Kerberos 5 are vulnerable to local + privilege escalation. + + MIT Kerberos 5 + August 10, 2006 + August 10, 2006: 01 + 143240 + local + + + 1.4.3-r3 + 1.4.3-r3 + + + +

+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. It is designed to provide strong authentication for + client/server applications by using secret-key cryptography. +

+ + +

+ Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked + calls to seteuid() in kftpd and in ksu, have been found in the MIT + Kerberos 5 program suite and may lead to a local root privilege + escalation. +

+ + +

+ A local attacker could exploit this vulnerability to execute arbitrary + code with elevated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.4.3-r3" + + + CVE-2006-3083 + CVE-2006-3084 + + + jaervosz + + + daxomatic + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-16.xml new file mode 100644 index 0000000000..c8b11f5ac8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-16.xml @@ -0,0 +1,73 @@ + + + + + Warzone 2100 Resurrection: Multiple buffer overflows + + Warzone 2100 Resurrection server and client are vulnerable to separate + buffer overflows, potentially allowing remote code execution. + + warzone2100 + August 10, 2006 + September 04, 2006: 02 + 142389 + remote + + + 2.0.4 + 2.0.3 + + + +

+ Warzone 2100 Resurrection is a real-time strategy game, developed by + Pumpkin Studios and published by Eidos Interactive. +

+ + +

+ Luigi Auriemma discovered two buffer overflow vulnerabilities in + Warzone 2100 Resurrection. The recvTextMessage function of the Warzone + 2100 Resurrection server and the NETrecvFile function of the client use + insufficiently sized buffers. +

+ + +

+ A remote attacker could exploit these vulnerabilities by sending + specially crafted input to the server, or enticing a user to load a + specially crafted file from a malicious server. This may result in the + execution of arbitrary code with the permissions of the user running + Warzone 2100 Resurrection. +

+ + +

+ There is no known workaround for this issue. +

+

+ There is no known workaround at this time. +

+ + +

+ All Warzone 2100 Resurrection users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-strategy/warzone2100-2.0.4" + + + CVE-2006-3849 + + + jaervosz + + + jaervosz + + + dizzutch + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-17.xml new file mode 100644 index 0000000000..ba5244f2c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-17.xml @@ -0,0 +1,67 @@ + + + + + libwmf: Buffer overflow vulnerability + + libwmf is vulnerable to an integer overflow potentially resulting in the + execution of arbitrary code. + + libwmf + August 10, 2006 + August 10, 2006: 01 + 139325 + remote + + + 0.2.8.4 + 0.2.8.4 + + + +

+ libwmf is a library for reading and converting vector images in + Microsoft's native Windows Metafile Format (WMF). +

+ + +

+ infamous41md discovered that libwmf fails to do proper bounds checking + on the MaxRecordSize variable in the WMF file header. This could lead + to an head-based buffer overflow. +

+ + +

+ By enticing a user to open a specially crafted WMF file, a remote + attacker could cause a heap-based buffer overflow and execute arbitrary + code with the permissions of the user running the application that uses + libwmf. +

+ + +

+ There is no known workaround for this issue. +

+ + +

+ All libwmf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4" + + + CVE-2006-3376 + + + falco + + + dizzutch + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-18.xml new file mode 100644 index 0000000000..738c3ab74b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-18.xml @@ -0,0 +1,64 @@ + + + + + Net::Server: Format string vulnerability + + A format string vulnerability has been reported in Net::Server which can be + exploited to cause a Denial of Service. + + net-server + August 10, 2006 + August 10, 2006: 01 + 142386 + remote + + + 0.88 + 0.88 + + + +

+ Net::Server is an extensible, generic Perl server engine. It is used by + several Perl applications like Postgrey. +

+ + +

+ The log function of Net::Server does not handle format string + specifiers properly before they are sent to syslog. +

+ + +

+ By sending a specially crafted datastream to an application using + Net::Server, an attacker could cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Net::Server should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/net-server-0.88" + + + CVE-2005-1127 + + + falco + + + dizzutch + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-19.xml new file mode 100644 index 0000000000..6bba056522 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-19.xml @@ -0,0 +1,67 @@ + + + + + WordPress: Privilege escalation + + A flaw in WordPress allows registered WordPress users to elevate + privileges. + + wordpress + August 10, 2006 + December 13, 2006: 02 + 142142 + remote + + + 2.0.4 + 2.0.4 + + + +

+ WordPress is a PHP and MySQL based multiuser blogging system. +

+ + +

+ The WordPress developers have confirmed a vulnerability in capability + checking for plugins. +

+ + +

+ By exploiting a flaw, a user can circumvent WordPress access + restrictions when using plugins. The actual impact depends on the + configuration of WordPress and may range from trivial to critical, + possibly even the execution of arbitrary PHP code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All WordPress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.4" + + + CVE-2006-3389 + CVE-2006-3390 + CVE-2006-4028 + + + jaervosz + + + dizzutch + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-20.xml new file mode 100644 index 0000000000..251733a201 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-20.xml @@ -0,0 +1,71 @@ + + + + + Ruby on Rails: Several vulnerabilities + + Ruby on Rails has some weaknesses potentially allowing a Denial of Service + and maybe the remote execution of arbitrary Ruby scripts. + + rails + August 14, 2006 + December 13, 2006: 02 + 143369 + remote + + + 1.1.6 + 1.1.6 + + + +

+ Ruby on Rails is an open-source web framework. +

+ + +

+ The Ruby on Rails developers have corrected some weaknesses in + action_controller/, relative to the handling of the user input and the + LOAD_PATH variable. A remote attacker could inject arbitrary entries + into the LOAD_PATH variable and alter the main Ruby on Rails process. + The security hole has only been partly solved in version 1.1.5. Version + 1.1.6 now fully corrects it. +

+ + +

+ A remote attacker that would exploit these weaknesses might cause a + Denial of Service of the web framework and maybe inject arbitrary Ruby + scripts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby on Rails users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rails-1.1.6" + + + Ruby on Rails original advisory (1.1.5) + Ruby on Rails update (1.1.6) + CVE-2006-4111 + CVE-2006-4112 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-21.xml new file mode 100644 index 0000000000..3f2016b054 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-21.xml @@ -0,0 +1,65 @@ + + + + + Heimdal: Multiple local privilege escalation vulnerabilities + + Certain Heimdal components, ftpd and rcp, are vulnerable to a local + privilege escalation. + + Heimdal + August 23, 2006 + August 23, 2006: 01 + 143371 + local + + + 0.7.2-r3 + 0.7.2-r3 + + + +

+ Heimdal is a free implementation of Kerberos 5. +

+ + +

+ The ftpd and rcp applications provided by Heimdal fail to check the + return value of calls to seteuid(). +

+ + +

+ A local attacker could exploit this vulnerability to execute arbitrary + code with elevated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Heimdal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2-r3" + + + Official advisory + CVE-2006-3083 + CVE-2006-3084 + + + koon + + + daxomatic + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-22.xml new file mode 100644 index 0000000000..01edfe6e5a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-22.xml @@ -0,0 +1,69 @@ + + + + + fbida: Arbitrary command execution + + The fbgs script provided by fbida allows the execution of arbitrary code. + + fbida + August 23, 2006 + August 23, 2006: 01 + 141684 + remote + + + 2.03-r4 + 2.03-r4 + + + +

+ fbida is a collection of image viewers and editors for the framebuffer + console and X11. fbgs is a PostScript and PDF viewer for the linux + framebuffer console. +

+ + +

+ Toth Andras has discovered a typographic mistake in the "fbgs" script, + shipped with fbida if the "fbcon" and "pdf" USE flags are both enabled. + This script runs "gs" without the -dSAFER option, thus allowing a + PostScript file to execute, delete or create any kind of file on the + system. +

+ + +

+ A remote attacker can entice a vulnerable user to view a malicious + PostScript or PDF file with fbgs, which may result with the execution + of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All fbida users with the "fbcon" and "pdf" USE flags both enabled + should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r4" + + + CVE-2006-3119 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-23.xml new file mode 100644 index 0000000000..5e60c7384e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-23.xml @@ -0,0 +1,71 @@ + + + + + Heartbeat: Denial of Service + + Heartbeat is vulnerable to a Denial of Service which can be triggered by a + remote attacker without authentication. + + heartbeat + August 24, 2006 + September 22, 2006: 02 + 141894 + remote + + + 2.0.7 + 1.2.5 + 2.0.7 + + + +

+ Heartbeat is a component of the High-Availability Linux project. It is + used to perform death-of-node detection, communications and cluster + management. +

+ + +

+ Yan Rong Ge discovered that the peel_netstring() function in + cl_netstring.c does not validate the "length" parameter of user input, + which can lead to an out-of-bounds memory access when processing + certain Heartbeat messages (CVE-2006-3121). Furthermore an unspecified + local DoS issue was fixed (CVE-2006-3815). +

+ + +

+ By sending a malicious UDP Heartbeat message, even before + authentication, a remote attacker can crash the master control process + of the cluster. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Heartbeat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose sys-cluster/heartbeat + + + CVE-2006-3121 + CVE-2006-3815 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-24.xml new file mode 100644 index 0000000000..a3dbc4031f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-24.xml @@ -0,0 +1,66 @@ + + + + + AlsaPlayer: Multiple buffer overflows + + AlsaPlayer is vulnerable to multiple buffer overflows which could lead to + the execution of arbitrary code. + + AlsaPlayer + August 26, 2006 + August 26, 2006: 01 + 143402 + remote + + + 0.99.76-r3 + + + +

+ AlsaPlayer is a heavily multithreaded PCM player that tries to utilize + ALSA utilities and drivers. As of June 2004, the project is inactive. +

+ + +

+ AlsaPlayer contains three buffer overflows: in the function that + handles the HTTP connections, the GTK interface, and the CDDB querying + mechanism. +

+ + +

+ An attacker could exploit the first vulnerability by enticing a user to + load a malicious URL resulting in the execution of arbitrary code with + the permissions of the user running AlsaPlayer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ AlsaPlayer has been masked in Portage pending the resolution of these + issues. AlsaPlayer users are advised to uninstall the package until + further notice: +

+ + # emerge --ask --unmerge "media-sound/alsaplayer" + + + CVE-2006-4089 + + + falco + + + hlieberman + + + hlieberman + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-25.xml new file mode 100644 index 0000000000..d8d3046343 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-25.xml @@ -0,0 +1,163 @@ + + + + + X.org and some X.org libraries: Local privilege escalations + + X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable + to local privilege escalations because of unchecked setuid() calls. + + xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11 + August 28, 2006 + December 13, 2006: 02 + 135974 + local + + + 1.0.4-r1 + 1.0.4-r1 + + + 1.0.2-r6 + 1.0.2-r6 + + + 1.0.1-r1 + 1.0.1-r1 + + + 1.0.1-r1 + 1.0.1-r1 + + + 6.8.2-r8 + 6.9.0-r2 + 6.9.0-r2 + + + 1.0.2-r6 + 1.1.0-r1 + 1.1.0-r1 + + + 1.0.1-r1 + 1.0.1-r1 + + + 1.0.0-r1 + 1.0.0-r1 + + + 215 + 215 + + + 7.0-r2 + 7.0-r2 + + + +

+ X.org is an implementation of the X Window System. +

+ + +

+ Several X.org libraries and X.org itself contain system calls to + set*uid() functions, without checking their result. +

+ + +

+ Local users could deliberately exceed their assigned resource limits + and elevate their privileges after an unsuccessful set*uid() system + call. This requires resource limits to be enabled on the machine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X.Org xdm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1" +

+ All X.Org xinit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6" +

+ All X.Org xload users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1" +

+ All X.Org xf86dga users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1" +

+ All X.Org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2" +

+ All X.Org X servers users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1" +

+ All X.Org X11 library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1" +

+ All X.Org xtrans library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1" +

+ All xterm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/xterm-215" +

+ All users of the X11R6 libraries for emulation of 32bit x86 on amd64 + should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2" +

+ Please note that the fixed packages have been available for most + architectures since June 30th but the GLSA release was held up waiting + for the remaining architectures. +

+ + + X.Org security advisory + CVE-2006-4447 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-26.xml new file mode 100644 index 0000000000..2aa95f855a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-26.xml @@ -0,0 +1,75 @@ + + + + + Wireshark: Multiple vulnerabilities + + Wireshark is vulnerable to several security issues that may lead to a + Denial of Service and/or the execution of arbitrary code. + + wireshark + August 29, 2006 + August 29, 2006: 01 + 144946 + remote + + + 0.99.3 + 0.99.3 + + + +

+ Wireshark is a feature-rich network protocol analyzer. +

+ + +

+ The following vulnerabilities have been discovered in Wireshark. + Firstly, if the IPsec ESP parser is used it is susceptible to + off-by-one errors, this parser is disabled by default; secondly, the + SCSI dissector is vulnerable to an unspecified crash; and finally, the + Q.2931 dissector of the SSCOP payload may use all the available memory + if a port range is configured. By default, no port ranges are + configured. +

+ + +

+ An attacker might be able to exploit these vulnerabilities, resulting + in a crash or the execution of arbitrary code with the permissions of + the user running Wireshark, possibly the root user. +

+ + +

+ Disable the SCSI and Q.2931 dissectors with the "Analyse" and "Enabled + protocols" menus. Make sure the ESP decryption is disabled, with the + "Edit -> Preferences -> Protocols -> ESP" menu. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.3" + + + CVE-2006-4330 + CVE-2006-4331 + CVE-2006-4332 + CVE-2006-4333 + Wireshark official advisory + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-27.xml new file mode 100644 index 0000000000..b726542b51 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-27.xml @@ -0,0 +1,74 @@ + + + + + Motor: Execution of arbitrary code + + Motor uses a vulnerable ktools library, which could lead to the execution + of arbitrary code. + + motor + August 29, 2006 + August 29, 2006: 01 + 135020 + remote + + + 3.3.0-r1 + 3.4.0-r1 + 3.4.0-r1 + + + +

+ Motor is a text mode based programming environment for Linux, with a + syntax highlighting feature, project manager, makefile generator, gcc + and gdb front-end, and CVS integration. +

+ + +

+ In November 2005, Zone-H Research reported a boundary error in the + ktools library in the VGETSTRING() macro of kkstrtext.h, which may + cause a buffer overflow via an overly long input string. +

+ + +

+ A remote attacker could entice a user to use a malicious file or input, + which could lead to the crash of Motor and possibly the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Motor 3.3.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/motor-3.3.0-r1" +

+ All motor 3.4.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/motor-3.4.0-r1" + + + CVE-2005-3863 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-28.xml new file mode 100644 index 0000000000..feaa26fa53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200608-28.xml @@ -0,0 +1,78 @@ + + + + + PHP: Arbitary code execution + + PHP contains a function that, when used, could allow a remote attacker to + execute arbitrary code. + + php + August 29, 2006 + March 29, 2008: 05 + 143126 + remote + + + 4.4.3-r1 + 4.4.4-r4 + 4.4.6 + 4.4.7 + 4.4.8_pre20070816 + 5.1.4-r6 + 5.1.4-r6 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ The sscanf() PHP function contains an array boundary error that can be + exploited to dereference a null pointer. This can possibly allow the + bypass of the safe mode protection by executing arbitrary code. +

+ + +

+ A remote attacker might be able to exploit this vulnerability in PHP + applications making use of the sscanf() function, potentially resulting + in the execution of arbitrary code or the execution of scripted + contents in the context of the affected site. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP 4.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.3-r1" +

+ All PHP 5.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.4-r6" + + + CVE-2006-4020 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-01.xml new file mode 100644 index 0000000000..a1f391be0e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-01.xml @@ -0,0 +1,67 @@ + + + + + Streamripper: Multiple remote buffer overflows + + Streamripper is vulnerable to multiple remote buffer overflows, leading to + the execution of arbitrary code. + + streamripper + September 06, 2006 + September 06, 2006: 01 + 144861 + remote + + + 1.61.26 + 1.61.26 + + + +

+ Streamripper extracts and records individual MP3 file tracks from + SHOUTcast streams. +

+ + +

+ Ulf Harnhammar, from the Debian Security Audit Project, has found that + Streamripper is vulnerable to multiple stack based buffer overflows + caused by improper bounds checking when processing malformed HTTP + headers. +

+ + +

+ By enticing a user to connect to a malicious server, an attacker could + execute arbitrary code with the permissions of the user running + Streamripper +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Streamripper users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.61.26" + + + CVE-2006-3124 + + + jaervosz + + + daxomatic + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-02.xml new file mode 100644 index 0000000000..7056fa0f74 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-02.xml @@ -0,0 +1,63 @@ + + + + + GTetrinet: Remote code execution + + GTetrinet is vulnerable to a remote buffer overflow, potentially leading to + arbitrary code execution. + + GTetrinet + September 06, 2006 + September 07, 2006: 02 + 144867 + remote + + + 0.7.10 + 0.7.10 + + + +

+ GTetrinet is a networked Tetris clone for GNOME 2. +

+ + +

+ Michael Gehring has found that GTetrinet fails to properly handle array + indexes. +

+ + +

+ An attacker can potentially execute arbitrary code by sending a + negative number of players to the server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GTetrinet users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-puzzle/gtetrinet-0.7.10" + + + CVE-2006-3125 + + + jaervosz + + + daxomatic + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-03.xml new file mode 100644 index 0000000000..0ee6aa614c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-03.xml @@ -0,0 +1,63 @@ + + + + + OpenTTD: Remote Denial of Service + + The OpenTTD server is vulnerable to a remote Denial of Service. + + openttd + September 06, 2006 + September 06, 2006: 01 + 131010 + remote + + + 0.4.8 + 0.4.8 + + + +

+ OpenTTD is a clone of Transport Tycoon Deluxe. +

+ + +

+ OpenTTD is vulnerable to a Denial of Service attack due to a flaw in + the manner the game server handles errors in command packets. +

+ + +

+ An authenticated attacker can cause a Denial of Service by sending an + invalid error number to a vulnerable OpenTTD server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenTTD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.8" + + + CVE-2006-1998 + CVE-2006-1999 + + + jaervosz + + + daxomatic + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-04.xml new file mode 100644 index 0000000000..cae9937b73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-04.xml @@ -0,0 +1,63 @@ + + + + + LibXfont: Multiple integer overflows + + A buffer overflow was discovered in the PCF font parser, potentially + resulting in the execution of arbitrary code. + + LibXfont + September 06, 2006 + September 06, 2006: 01 + 144092 + local + + + 1.2.0-r1 + 1.2.0-r1 + + + +

+ libXfont is the X.Org Xfont library, some parts are based on the + FreeType code base. +

+ + +

+ Several integer overflows have been found in the PCF font parser. +

+ + +

+ A local attacker could possibly execute arbitrary code or crash the + Xserver by enticing a user to load a specially crafted PCF font file. +

+ + +

+ Do not use untrusted PCF Font files. +

+ + +

+ All libXfont users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.0-r1" + + + CVE-2006-3467 + + + falco + + + daxomatic + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-05.xml new file mode 100644 index 0000000000..e67dcc6cfc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-05.xml @@ -0,0 +1,77 @@ + + + + + OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery + + OpenSSL fails to properly validate PKCS #1 v1.5 signatures. + + openssl + September 07, 2006 + September 08, 2006: 02 + 146375 + 146438 + remote + + + 0.9.7k + 0.9.7k + + + 2.5.2 + 2.5.2 + + + +

+ OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. + The x86 emulation base libraries for AMD64 contain a vulnerable version + of OpenSSL. +

+ + +

+ Daniel Bleichenbacher discovered that it might be possible to forge + signatures signed by RSA keys with the exponent of 3. +

+ + +

+ Since several CAs are using an exponent of 3 it might be possible for + an attacker to create a key with a false CA signature. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k" +

+ All AMD64 x86 emulation base libraries users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.2" + + + CVE-2006-4339 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-06.xml new file mode 100644 index 0000000000..a7ef860294 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-06.xml @@ -0,0 +1,65 @@ + + + + + AdPlug: Multiple vulnerabilities + + Multiple heap and buffer overflows exist in AdPlug. + + adplug + September 12, 2006 + September 12, 2006: 01 + 139593 + local + + + 2.0.1 + 2.0.1 + + + +

+ AdPlug is a free, cross-platform, and hardware-independent AdLib sound + player library. +

+ + +

+ AdPlug is vulnerable to buffer and heap overflows when processing the + following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. +

+ + +

+ By enticing a user to load a specially crafted file, an attacker could + execute arbitrary code with the privileges of the user running AdPlug. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All AdPlug users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/adplug-2.0.1" + + + BugTraq Announcement + CVE-2006-3581 + CVE-2006-3582 + + + jaervosz + + + hlieberman + + + hlieberman + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-07.xml new file mode 100644 index 0000000000..a20b7ac280 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-07.xml @@ -0,0 +1,75 @@ + + + + + LibXfont, monolithic X.org: Multiple integer overflows + + Some buffer overflows were discovered in the CID font parser, potentially + resulting in the execution of arbitrary code with elevated privileges. + + libxfont + September 13, 2006 + September 13, 2006: 01 + 145513 + local and remote + + + 1.2.1 + 1.2.1 + + + 7.0 + 7.0 + + + +

+ libXfont is the X.Org Xfont library, some parts are based on the + FreeType code base. +

+ + +

+ Several integer overflows have been found in the CID font parser. +

+ + +

+ A remote attacker could exploit this vulnerability by enticing a user + to load a malicious font file resulting in the execution of arbitrary + code with the permissions of the user running the X server which + typically is the root user. A local user could exploit this + vulnerability to gain elevated privileges. +

+ + +

+ Disable CID-encoded Type 1 fonts by removing the "type1" module and + replacing it with the "freetype" module in xorg.conf. +

+ + +

+ All libXfont users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.1" +

+ All monolithic X.org users are advised to migrate to modular X.org. +

+ + + CVE-2006-3739 + CVE-2006-3740 + + + frilled + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-08.xml new file mode 100644 index 0000000000..d7894a5bee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-08.xml @@ -0,0 +1,69 @@ + + + + + xine-lib: Buffer overflows + + xine-lib is vulnerable to multiple buffer overflows that could be exploited + to execute arbitrary code. + + xine-lib + September 13, 2006 + September 13, 2006: 01 + 133520 + remote + + + 1.1.2-r2 + 1.1.2-r2 + + + +

+ xine is a high performance, portable and reusable multimedia playback + engine. xine-lib is xine's core engine. +

+ + +

+ xine-lib contains buffer overflows in the processing of AVI. + Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP + plugin (xineplug_inp_http.so) via a long reply from an HTTP server. +

+ + +

+ An attacker could trigger the buffer overflow vulnerabilities by + enticing a user to load a specially crafted AVI file in xine. This + might result in the execution of arbitrary code with the rights of the + user running xine. Additionally, a remote HTTP server serving a xine + client a specially crafted reply could crash xine and possibly execute + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r2" + + + CVE-2006-2802 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-09.xml new file mode 100644 index 0000000000..39e07c3db5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-09.xml @@ -0,0 +1,62 @@ + + + + + FFmpeg: Buffer overflows + + FFmpeg is vulnerable to multiple buffer overflows that might be exploited + to execute arbitrary code. + + ffmpeg + September 13, 2006 + December 13, 2006: 02 + 133520 + remote + + + 0.4.9_p20060530 + 0.4.9_p20060530 + + + +

+ FFmpeg is a very fast video and audio converter. +

+ + +

+ FFmpeg contains buffer overflows in the AVI processing code. +

+ + +

+ An attacker could trigger the buffer overflows by enticing a user to + load a specially crafted AVI file in an application using the FFmpeg + library. This might result in the execution of arbitrary code in the + context of the running application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FFmpeg users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20060530" + + + CVE-2006-4799 + CVE-2006-4800 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-10.xml new file mode 100644 index 0000000000..cba756ef08 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-10.xml @@ -0,0 +1,69 @@ + + + + + DokuWiki: Arbitrary command execution + + Vulnerabilities in some accessory scripts of DokuWiki allow remote code + execution. + + dokuwiki + September 14, 2006 + September 14, 2006: 01 + 146800 + remote + + + 20060309d + 20060309d + + + +

+ DokuWiki is a wiki targeted at developer teams, workgroups and small + companies. It does not use a database backend. +

+ + +

+ "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR + HTTP header, allowing the injection of arbitrary contents - such as PHP + commands - into a file. Additionally, the accessory scripts installed + in the "bin" DokuWiki directory are vulnerable to directory traversal + attacks, allowing to copy and execute the previously injected code. +

+ + +

+ A remote attacker may execute arbitrary PHP (and thus probably system) + commands with the permissions of the user running the process serving + DokuWiki pages. +

+ + +

+ Disable remote access to the "bin" subdirectory of the DokuWiki + installation. Remove the directory if you don't use the scripts in + there. +

+ + +

+ All DokuWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309d" + + + CVE-2006-4674 + CVE-2006-4675 + CVE-2006-4679 + + + frilled + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-11.xml new file mode 100644 index 0000000000..b74cb4d18a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-11.xml @@ -0,0 +1,79 @@ + + + + + BIND: Denial of Service + + ISC BIND contains two vulnerabilities allowing a Denial of Service under + certain conditions. + + bind + September 15, 2006 + September 15, 2006: 01 + 146486 + remote + + + 9.3.2-r4 + 9.2.6-r4 + 9.3.2-r4 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ Queries for SIG records will cause an assertion error if more than one + SIG RRset is returned. Additionally, an INSIST failure can be triggered + by sending multiple recursive queries if the response to the query + arrives after all the clients looking for the response have left the + recursion queue. +

+ + +

+ An attacker having access to a recursive server can crash the server by + querying the SIG records where there are multiple SIG RRsets, or by + sending many recursive queries in a short time. The exposure can be + lowered by restricting the clients that can ask for recursion. An + attacker can also crash an authoritative server serving a DNSSEC zone + in which there are multiple SIG RRsets. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All BIND 9.3 users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.3.2-r4" +

+ All BIND 9.2 users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.2.6-r4" + + + CVE-2006-4095 + CVE-2006-4096 + + + falco + + + falco + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-12.xml new file mode 100644 index 0000000000..096a063bf6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-12.xml @@ -0,0 +1,68 @@ + + + + + Mailman: Multiple vulnerabilities + + Mailman has multiple vulnerable that can result in Denial of Service, log + file injection and XSS. + + mailman + September 19, 2006 + September 19, 2006: 01 + 139976 + remote + + + 2.1.9_rc1 + 2.1.9_rc1 + + + +

+ Mailman is a Python based mailing list server with an extensive web + interface. +

+ + +

+ Mailman fails to properly handle standards-breaking RFC 2231 formatted + headers. Furthermore, Moritz Naumann discovered several XSS + vulnerabilities and a log file injection. +

+ + +

+ An attacker could exploit these vulnerabilities to cause Mailman to + stop processing mails, to inject content into the log file or to + execute arbitrary scripts running in the context of the administrator + or mailing list user's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mailman users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.9_rc1" + + + CVE-2006-2941 + CVE-2006-3636 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-13.xml new file mode 100644 index 0000000000..7f9fcb8a94 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-13.xml @@ -0,0 +1,77 @@ + + + + + gzip: Multiple vulnerabilities + + gzip is affected by multiple vulnerabilities, including buffer overflows + and infinite loops, possibly allowing the execution of arbitrary code. + + gzip + September 23, 2006 + September 23, 2006: 01 + 145511 + remote + + + 1.3.5-r9 + 1.3.5-r9 + + + +

+ gzip, the GNU zip compression utility, is a free and patent + unencumbered replacement for the standard compress utility. +

+ + +

+ Tavis Ormandy of the Google Security Team has reported multiple + vulnerabilities in gzip. A stack buffer modification vulnerability was + discovered in the LZH decompression code, where a pathological data + stream may result in the modification of stack data such as frame + pointer, return address or saved registers. A static buffer underflow + was discovered in the pack decompression support, allowing a specially + crafted pack archive to underflow a .bss buffer. A static buffer + overflow was uncovered in the LZH decompression code, allowing a data + stream consisting of pathological huffman codes to overflow a .bss + buffer. Multiple infinite loops were also uncovered in the LZH + decompression code. +

+ + +

+ A remote attacker may create a specially crafted gzip archive, which + when decompressed by a user or automated system exectues arbitrary code + with the privileges of the user id invoking gzip. The infinite loops + may be abused by an attacker to disrupt any automated systems invoking + gzip to handle data decompression. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gzip users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r9" + + + CVE-2006-4334 + CVE-2006-4335 + CVE-2006-4336 + CVE-2006-4337 + CVE-2006-4338 + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-14.xml new file mode 100644 index 0000000000..5903252a5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-14.xml @@ -0,0 +1,70 @@ + + + + + ImageMagick: Multiple Vulnerabilities + + Multiple buffer overflows have been discovered in ImageMagick, which could + potentially result in the execution of arbitrary code. + + Imagemagick + September 26, 2006 + September 26, 2006: 01 + 144091 + 143533 + remote + + + 6.2.9.5 + 6.2.9.5 + + + +

+ ImageMagick is a free software suite to manipulate, convert, and create + many image formats. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered a stack and heap + buffer overflow in the GIMP XCF Image decoder and multiple heap and + integer overflows in the SUN bitmap decoder. Damian Put discovered a + heap overflow in the SGI image decoder. +

+ + +

+ An attacker may be able to create a specially crafted image that, when + processed with ImageMagick, executes arbitrary code with the privileges + of the executing user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.9.5" + + + CVE-2006-3743 + CVE-2006-3744 + CVE-2006-4144 + + + jaervosz + + + taviso + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-15.xml new file mode 100644 index 0000000000..3616bb7ba5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-15.xml @@ -0,0 +1,65 @@ + + + + + GnuTLS: RSA Signature Forgery + + GnuTLS fails to handle excess data which could allow an attacker to forge a + PKCS #1 v1.5 signature. + + gnutls + September 26, 2006 + September 26, 2006: 01 + 147682 + remote + + + 1.4.4 + 1.4.4 + + + +

+ GnuTLS is an implementation of SSL 3.0 and TLS 1.0. +

+ + +

+ verify.c fails to properly handle excess data in + digestAlgorithm.parameters field while generating a hash when using an + RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. +

+ + +

+ Remote attackers could forge PKCS #1 v1.5 signatures that are signed + with an RSA key, preventing GnuTLS from correctly verifying X.509 and + other certificates that use PKCS. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuTLS users should update both packages: +

+ + # emerge --sync + # emerge --update --ask --verbose ">=net-libs/gnutls-1.4.4" + + + CVE-2006-4790 + + + jaervosz + + + hlieberman + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-16.xml new file mode 100644 index 0000000000..a52abcdf20 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-16.xml @@ -0,0 +1,69 @@ + + + + + Tikiwiki: Arbitrary command execution + + Tikiwiki contains a cross-site scripting (XSS) vulnerability as well as a + second vulnerability which may allow remote execution of arbitrary code. + + tikiwiki + September 26, 2006 + September 26, 2006: 01 + 145714 + remote + + + 1.9.5 + 1.9.5 + + + +

+ Tikiwiki is a web-based groupware and content management system, + developed with PHP, ADOdb and Smarty. +

+ + +

+ A vulnerability in jhot.php allows for an unrestricted file upload to + the img/wiki/ directory. Additionally, an XSS exists in the highlight + parameter of tiki-searchindex.php. +

+ + +

+ An attacker could execute arbitrary code with the rights of the user + running the web server by uploading a file and executing it via a + filepath parameter. The XSS could be exploited to inject and execute + malicious script code or to steal cookie-based authentication + credentials, potentially compromising the victim's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tikiwiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --oneshot --verbose --ask ">=www-apps/tikiwiki-1.9.5" + + + CVE-2006-4299 + CVE-2006-4602 + + + jaervosz + + + hlieberman + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-17.xml new file mode 100644 index 0000000000..4c48ecd826 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-17.xml @@ -0,0 +1,64 @@ + + + + + OpenSSH: Denial of Service + + A flaw in the OpenSSH daemon allows remote unauthenticated attackers to + cause a Denial of Service. + + openssh + September 27, 2006 + September 27, 2006: 02 + 148228 + remote + + + 4.3_p2-r5 + 4.3_p2-r5 + + + +

+ OpenSSH is a free suite of applications for the SSH protocol, developed + and maintained by the OpenBSD project. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered a Denial of + Service vulnerability in the SSH protocol version 1 CRC compensation + attack detector. +

+ + +

+ A remote unauthenticated attacker may be able to trigger excessive CPU + usage by sending a pathological SSH message, denying service to other + legitimate users or processes. +

+ + +

+ The system administrator may disable SSH protocol version 1 in + /etc/ssh/sshd_config. +

+ + +

+ All OpenSSH users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.3_p2-r5" + + + CVE-2006-4924 + + + taviso + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-18.xml new file mode 100644 index 0000000000..e983a81d0d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-18.xml @@ -0,0 +1,65 @@ + + + + + Opera: RSA signature forgery + + Opera fails to correctly verify certain signatures. + + opera + September 28, 2006 + September 28, 2006: 02 + 147838 + remote + + + 9.02 + 9.02 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 + v1.5 RSA signatures signed by a key with exponent 3. Some CAs in + Opera's list of trusted signers are using root certificates with + exponent 3. +

+ + +

+ An attacker could forge certificates which will appear valid and signed + by a trusted CA. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.02" + + + Opera Advisory + GLSA 200609-05 + + + jaervosz + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-19.xml new file mode 100644 index 0000000000..cd49eae4ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-19.xml @@ -0,0 +1,79 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + The Mozilla Foundation has reported numerous vulnerabilities in Mozilla + Firefox, including one that may allow execution of arbitrary code. + + Firefox + September 28, 2006 + September 28, 2006: 01 + 147652 + remote + + + 1.5.0.7 + 1.5.0.7 + + + 1.5.0.7 + 1.5.0.7 + + + +

+ Mozilla Firefox is a redesign of the Mozilla Navigator component. The + goal is to produce a cross-platform, stand-alone browser application. +

+ + +

+ A number of vulnerabilities were found and fixed in Mozilla Firefox. + For details please consult the references below. +

+ + +

+ The most severe vulnerability involves enticing a user to visit a + malicious website, crashing the browser and executing arbitrary code + with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.7" +

+ Users of the binary package should upgrade as well: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.7" + + + CVE-2006-4253 + CVE-2006-4340 + CVE-2006-4565 + CVE-2006-4566 + CVE-2006-4567 + CVE-2006-4568 + CVE-2006-4569 + CVE-2006-4571 + + + frilled + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-20.xml new file mode 100644 index 0000000000..d8e8b41470 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200609-20.xml @@ -0,0 +1,67 @@ + + + + + DokuWiki: Shell command injection and Denial of Service + + DokuWiki is vulnerable to shell command injection and Denial of Service + attacks when using ImageMagick. + + dokuwiki + September 28, 2006 + December 13, 2006: 02 + 149266 + remote + + + 20060309e + 20060309e + + + +

+ DokuWiki is a wiki targeted at developer teams, workgroups and small + companies. It does not use a database backend. +

+ + +

+ Input validation flaws have been discovered in the image handling of + fetch.php if ImageMagick is used, which is not the default method. +

+ + +

+ A remote attacker could exploit the flaws to execute arbitrary shell + commands with the rights of the web server daemon or cause a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All DokuWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309e" + + + DokuWiki Announcement + CVE-2006-5098 + CVE-2006-5099 + + + vorlon078 + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-01.xml new file mode 100644 index 0000000000..58dee86a55 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-01.xml @@ -0,0 +1,83 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + The Mozilla Foundation has reported multiple security vulnerabilities + related to Mozilla Thunderbird. + + thunderbird + October 04, 2006 + October 04, 2006: 01 + 147653 + remote + + + 1.5.0.7 + 1.5.0.7 + + + 1.5.0.7 + 1.5.0.7 + + + +

+ The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail + component. +

+ + +

+ A number of vulnerabilities have been found and fixed in Mozilla + Thunderbird. For details please consult the references below. +

+ + +

+ The most severe vulnerabilities might lead to the execution of + arbitrary code with the rights of the user running the application. + Other vulnerabilities include program crashes and the acceptance of + forged certificates. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.7" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.7" + + + CVE-2006-4253 + CVE-2006-4340 + CVE-2006-4565 + CVE-2006-4566 + CVE-2006-4567 + CVE-2006-4570 + CVE-2006-4571 + + + vorlon078 + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-02.xml new file mode 100644 index 0000000000..eff012faba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-02.xml @@ -0,0 +1,67 @@ + + + + + Adobe Flash Player: Arbitrary code execution + + Multiple input validation errors have been identified that allow arbitrary + code execution on a user's system via the handling of malicious Flash + files. + + Flash + October 04, 2006 + May 28, 2009: 02 + 147421 + remote + + + 7.0.68 + 7.0.68 + + + +

+ The Adobe Flash Player is a renderer for Flash files - commonly used to + provide interactive websites, digital experiences and mobile content. +

+ + +

+ The Adobe Flash Player contains multiple unspecified vulnerabilities. +

+ + +

+ An attacker could entice a user to view a malicious Flash file and + execute arbitrary code with the rights of the user running the player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-7.0.68" + + + Adobe Security Bulletin + CVE-2006-3311 + CVE-2006-3587 + CVE-2006-3588 + + + vorlon078 + + + plasmaroo + + + plasmaroo + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-03.xml new file mode 100644 index 0000000000..f64cdbb19d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-03.xml @@ -0,0 +1,66 @@ + + + + + ncompress: Buffer Underflow + + A buffer underflow vulnerability has been reported in ncompress allowing + for the execution of arbitrary code. + + ncompress + October 06, 2006 + October 06, 2006: 01 + 141728 + remote + + + 4.2.4.1 + 4.2.4.1 + + + +

+ ncompress is a suite of utilities to create and extract + Lempel-Ziff-Welch (LZW) compressed archives. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered a static buffer + underflow in ncompress. +

+ + +

+ An attacker could create a specially crafted LZW archive, that when + decompressed by a user or automated system would result in the + execution of arbitrary code with the permissions of the user invoking + the utility. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ncompress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.1" + + + CVE-2006-1168 + + + vorlon078 + + + taviso + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-04.xml new file mode 100644 index 0000000000..39a1fc550f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-04.xml @@ -0,0 +1,68 @@ + + + + + Seamonkey: Multiple vulnerabilities + + The Seamonkey project has reported multiple security vulnerabilities in the + application. + + seamonkey + October 16, 2006 + October 16, 2006: 01 + 147651 + remote + + + 1.0.5 + 1.0.5 + + + +

+ The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as 'Mozilla Application Suite'. +

+ + +

+ A number of vulnerabilities have been found and fixed in Seamonkey. For + details please consult the references below. +

+ + +

+ The most severe vulnerability involves enticing a user to visit a + malicious website, crashing the application and executing arbitrary + code with the rights of the user running Seamonkey. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Seamonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.5" + + + CVE-2006-4253 + CVE-2006-4565 + CVE-2006-4566 + CVE-2006-4568 + CVE-2006-4570 + CVE-2006-4571 + + + frilled + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-05.xml new file mode 100644 index 0000000000..157a999540 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-05.xml @@ -0,0 +1,64 @@ + + + + + CAPI4Hylafax fax receiver: Execution of arbitrary code + + CAPI4Hylafax allows remote attackers to execute arbitrary commands. + + capi4hylafax + October 17, 2006 + October 17, 2006: 01 + 145982 + remote + + + 01.03.00.99.300.3-r1 + 01.03.00.99.300.3-r1 + + + +

+ CAPI4Hylafax makes it possible to send and receive faxes via CAPI and + AVM Fritz!Cards. +

+ + +

+ Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't + properly sanitize TSI strings when handling incoming calls. +

+ + +

+ A remote attacker can send null (\0) and shell metacharacters in the + TSI string from an anonymous fax number, leading to the execution of + arbitrary code with the rights of the user running c2faxrecv. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CAPI4Hylafax users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/capi4hylafax-01.03.00.99.300.3-r1" + + + CVE-2006-3126 + + + vorlon078 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-06.xml new file mode 100644 index 0000000000..fdaf5eee6f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-06.xml @@ -0,0 +1,73 @@ + + + + + Mozilla Network Security Service (NSS): RSA signature forgery + + NSS fails to properly validate PKCS #1 v1.5 signatures. + + nss + October 17, 2006 + October 17, 2006: 01 + 148283 + remote + + + 3.11.3 + 3.11.3 + + + +

+ The Mozilla Network Security Service is a library implementing security + features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, + S/MIME and X.509 certificates. +

+ + +

+ Daniel Bleichenbacher discovered that it might be possible to forge + signatures signed by RSA keys with the exponent of 3. This affects a + number of RSA signature implementations, including Mozilla's NSS. +

+ + +

+ Since several Certificate Authorities (CAs) are using an exponent of 3 + it might be possible for an attacker to create a key with a false CA + signature. This impacts any software using the NSS library, like the + Mozilla products Firefox, Thunderbird and Seamonkey. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NSS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3" +

+ Note: As usual after updating a library, you should run + 'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure + that all applications linked to it are properly rebuilt. +

+ + + CVE-2006-4339 + CVE-2006-4340 + + + frilled + + + vorlon078 + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-07.xml new file mode 100644 index 0000000000..287ef0980f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-07.xml @@ -0,0 +1,68 @@ + + + + + Python: Buffer Overflow + + A buffer overflow in Python's "repr()" function can be exploited to cause a + Denial of Service and potentially allows the execution of arbitrary code. + + python + October 17, 2006 + February 26, 2007: 03 + 149065 + remote + + + 2.4.3-r4 + 2.3.5-r3 + 2.3.6 + 2.4.3-r4 + + + +

+ Python is an interpreted, interactive, object-oriented, cross-platform + programming language. +

+ + +

+ Benjamin C. Wiley Sittler discovered a buffer overflow in Python's + "repr()" function when handling UTF-32/UCS-4 encoded strings. +

+ + +

+ If a Python application processes attacker-supplied data with the + "repr()" function, this could potentially lead to the execution of + arbitrary code with the privileges of the affected application or a + Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Python users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.3-r4" + + + CVE-2006-4980 + + + jaervosz + + + DerCorny + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-08.xml new file mode 100644 index 0000000000..7b0ac149aa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-08.xml @@ -0,0 +1,61 @@ + + + + + Cscope: Multiple buffer overflows + + Cscope is vulnerable to multiple buffer overflows that could lead to the + execution of arbitrary code. + + cscope + October 20, 2006 + October 20, 2006: 01 + 144869 + remote + + + 15.5.20060927 + 15.5.20060927 + + + +

+ Cscope is a developer's tool for browsing source code. +

+ + +

+ Unchecked use of strcpy() and *scanf() leads to several buffer + overflows. +

+ + +

+ A user could be enticed to open a carefully crafted file which would + allow the attacker to execute arbitrary code with the permissions of + the user running Cscope. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cscope users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5.20060927" + + + CVE-2006-4262 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-09.xml new file mode 100644 index 0000000000..1bc29ae135 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-09.xml @@ -0,0 +1,67 @@ + + + + + libmusicbrainz: Multiple buffer overflows + + Multiple buffer overflows have been found in libmusicbrainz, which could + lead to a Denial of Service or possibly the execution of arbitrary code. + + libmusicbrainz + October 22, 2006 + October 22, 2006: 01 + 144089 + remote + + + 2.1.4 + 2.1.4 + + + +

+ libmusicbrainz is a client library used to access MusicBrainz music + meta data. +

+ + +

+ Luigi Auriemma reported a possible buffer overflow in the + MBHttp::Download function of lib/http.cpp as well as several possible + buffer overflows in lib/rdfparse.c. +

+ + +

+ A remote attacker could be able to execute arbitrary code or cause + Denial of Service by making use of an overly long "Location" header in + an HTTP redirect message from a malicious server or a long URL in + malicious RDF feeds. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libmusicbrainz users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/musicbrainz-2.1.4" + + + CVE-2006-4197 + + + falco + + + vorlon078 + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-10.xml new file mode 100644 index 0000000000..681ac8df6e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-10.xml @@ -0,0 +1,65 @@ + + + + + ClamAV: Multiple Vulnerabilities + + ClamAV is vulnerable to a heap-based buffer overflow potentially allowing + remote execution of arbitrary code and a Denial of Service. + + clamav + October 24, 2006 + October 24, 2006: 01 + 151561 + remote + + + 0.88.5 + 0.88.5 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ Damian Put and an anonymous researcher reported a potential heap-based + buffer overflow vulnerability in rebuildpe.c responsible for the + rebuilding of an unpacked PE file, and a possible crash in chmunpack.c + in the CHM unpacker. +

+ + +

+ By sending a malicious attachment to a mail server running ClamAV, or + providing a malicious file to ClamAV through any other method, a remote + attacker could cause a Denial of Service and potentially the execution + of arbitrary code with the permissions of the user running ClamAV. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.5" + + + Original commit log + CVE-2006-4182 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-11.xml new file mode 100644 index 0000000000..47a01d5dca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-11.xml @@ -0,0 +1,84 @@ + + + + + OpenSSL: Multiple vulnerabilities + + OpenSSL contains multiple vulnerabilities including the possible remote + execution of arbitrary code. + + openssl + October 24, 2006 + October 24, 2006: 01 + 145510 + remote + + + 0.9.8d + 0.9.7l + 0.9.8d + + + +

+ OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. +

+ + +

+ Tavis Ormandy and Will Drewry, both of the Google Security Team, + discovered that the SSL_get_shared_ciphers() function contains a buffer + overflow vulnerability, and that the SSLv2 client code contains a flaw + leading to a crash. Additionally Dr. Stephen N. Henson found that the + ASN.1 handler contains two Denial of Service vulnerabilities: while + parsing an invalid ASN.1 structure and while handling certain types of + public key. +

+ + +

+ An attacker could trigger the buffer overflow vulnerability by sending + a malicious suite of ciphers to an application using the vulnerable + function, and thus execute arbitrary code with the rights of the user + running the application. An attacker could also consume CPU and/or + memory by exploiting the Denial of Service vulnerabilities. Finally a + malicious server could crash a SSLv2 client through the SSLv2 + vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL 0.9.8 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d" +

+ All OpenSSL 0.9.7 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l" + + + CVE-2006-2937 + CVE-2006-2940 + CVE-2006-3738 + CVE-2006-4343 + + + vorlon078 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-12.xml new file mode 100644 index 0000000000..621d4711f3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-12.xml @@ -0,0 +1,64 @@ + + + + + Apache mod_tcl: Format string vulnerability + + A format string vulnerabilty has been found in Apache mod_tcl, which could + lead to the remote execution of arbitrary code. + + mod_tcl + October 24, 2006 + October 24, 2006: 01 + 151359 + remote + + + 1.0.1 + 1.0.1 + + + +

+ Apache mod_tcl is a TCL interpreting module for the Apache 2.x web + server. +

+ + +

+ Sparfell discovered format string errors in calls to the set_var + function in tcl_cmds.c and tcl_core.c. +

+ + +

+ A remote attacker could exploit the vulnerability to execute arbitrary + code with the rights of the user running the Apache server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mod_tcl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_tcl-1.0.1" + + + CVE-2006-4154 + + + falco + + + falco + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-13.xml new file mode 100644 index 0000000000..c20b187c33 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-13.xml @@ -0,0 +1,67 @@ + + + + + Cheese Tracker: Buffer Overflow + + Cheese Tracker contains a buffer overflow allowing the remote execution of + arbitrary code. + + cheesetracker + October 26, 2006 + October 26, 2006: 01 + 142391 + remote + + + 0.9.9-r1 + 0.9.9-r1 + + + +

+ Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music + tracker for the CT, IT, XM and S3M file formats. +

+ + +

+ Luigi Auriemma reported that the XM loader of Cheese Tracker contains a + buffer overflow vulnerability in the + loader_XM::load_intrument_internal() function from + loaders/loader_xm.cpp. +

+ + +

+ An attacker could execute arbitrary code with the rights of the user + running Cheese Tracker by enticing a user to load a crafted file with + large amount of extra data. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cheese Tracker users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/cheesetracker-0.9.9-r1" + + + CVE-2006-3814 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-14.xml new file mode 100644 index 0000000000..44f4bea016 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-14.xml @@ -0,0 +1,75 @@ + + + + + PHP: Integer overflow + + PHP is vulnerable to an integer overflow potentially allowing the remote + execution of arbitrary code. + + php + October 30, 2006 + March 29, 2008: 04 + 150261 + remote + + + 4.4.4-r6 + 4.4.6 + 4.4.7 + 4.4.8_pre20070816 + 5.1.6-r6 + 5.1.6-r6 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ A flaw in the PHP memory handling routines allows an unserialize() call + to be executed on non-allocated memory due to a previous integer + overflow. +

+ + +

+ An attacker could execute arbitrary code with the rights of the web + server user or the user running a vulnerable PHP script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP 5.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.6-r6" +

+ All PHP 4.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.4-r6" + + + CVE-2006-4812 + + + falco + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-15.xml new file mode 100644 index 0000000000..d4d39ae277 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200610-15.xml @@ -0,0 +1,79 @@ + + + + + Asterisk: Multiple vulnerabilities + + Asterisk is vulnerable to the remote execution of arbitrary code or a + Denial of Service. + + asterisk + October 30, 2006 + January 30, 2007: 02 + 144941 + 151881 + remote + + + 1.2.13 + 1.0.12 + 1.2.13 + 1.0.12 + + + +

+ Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +

+ + +

+ Asterisk contains buffer overflows in channels/chan_mgcp.c from the + MGCP driver and in channels/chan_skinny.c from the Skinny channel + driver for Cisco SCCP phones. It also dangerously handles + client-controlled variables to determine filenames in the Record() + function. Finally, the SIP channel driver in channels/chan_sip.c could + use more resources than necessary under unspecified circumstances. +

+ + +

+ A remote attacker could execute arbitrary code by sending a crafted + audit endpoint (AUEP) response, by sending an overly large Skinny + packet even before authentication, or by making use of format strings + specifiers through the client-controlled variables. An attacker could + also cause a Denial of Service by resource consumption through the SIP + channel driver. +

+ + +

+ There is no known workaround for the format strings vulnerability at + this time. You can comment the lines in /etc/asterisk/mgcp.conf, + /etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the + three vulnerable channel drivers. Please note that the MGCP channel + driver is disabled by default. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.13" + + + CVE-2006-4345 + CVE-2006-4346 + CVE-2006-5444 + CVE-2006-5445 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-01.xml new file mode 100644 index 0000000000..27f721e4b1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-01.xml @@ -0,0 +1,65 @@ + + + + + Screen: UTF-8 character handling vulnerability + + Screen contains an error in its UTF-8 character handling code that would + allow a remote Denial of Service or possibly the remote execution of + arbitrary code. + + screen + November 03, 2006 + November 03, 2006: 01 + 152770 + remote + + + 4.0.3 + 4.0.3 + + + +

+ Screen is a full-screen window manager that multiplexes a physical + terminal between several processes, typically interactive shells. +

+ + +

+ cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining + character handling. +

+ + +

+ The vulnerability can be exploited by writing a special string of + characters to a Screen window. A remote attacker could cause a Denial + of Service or possibly execute arbitrary code with the privileges of + the user running Screen through a program being run inside a Screen + session, such as an IRC client or a mail client. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Screen users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/screen-4.0.3" + + + CVE-2006-4573 + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-02.xml new file mode 100644 index 0000000000..202a582705 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-02.xml @@ -0,0 +1,73 @@ + + + + + Qt: Integer overflow + + An integer overflow flaw in the Qt pixmap handling could possibly lead to a + Denial of Service or the remote execution of arbitrary code. + + qt + November 06, 2006 + January 09, 2009: 03 + 151838 + remote + + + 4.1.4-r2 + 3.3.6-r4 + 3.3.8 + 3.3.8b + 4.1.4-r2 + + + +

+ Qt is a cross-platform GUI toolkit, which is used e.g. by KDE. +

+ + +

+ An integer overflow flaw has been found in the pixmap handling of Qt. +

+ + +

+ By enticing a user to open a specially crafted pixmap image in an + application using Qt, e.g. Konqueror, a remote attacker could be able + to cause an application crash or the execution of arbitrary code with + the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Qt 3.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.6-r4" +

+ All Qt 4.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/qt-4.1.4-r2" + + + CVE-2006-4811 + + + vorlon078 + + + vorlon078 + + + vorlon078 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-03.xml new file mode 100644 index 0000000000..7a35f9c940 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-03.xml @@ -0,0 +1,74 @@ + + + + + NVIDIA binary graphics driver: Privilege escalation vulnerability + + The NVIDIA binary graphics driver is vulnerable to a local privilege + escalation through an X session. + + nvidia-drivers + November 07, 2006 + November 10, 2006: 02 + 151635 + remote, local + + + 1.0.8776 + 1.0.8762 + 1.0.8776 + + + +

+ The NVIDIA binary graphics driver from NVIDIA Corporation provides the + kernel module and the GL modules for graphic acceleration on the NVIDIA + based graphic cards. +

+ + +

+ Rapid7 reported a boundary error in the NVIDIA binary graphics driver + that leads to a buffer overflow in the accelerated rendering + functionality. +

+ + +

+ An X client could trigger the buffer overflow with a maliciously + crafted series of glyphs. A remote attacker could also entice a user to + open a specially crafted web page, document or X client that will + trigger the buffer overflow. This could result in the execution of + arbitrary code with root privileges or at least in the crash of the X + server. +

+ + +

+ Disable the accelerated rendering functionality in the Device section + of xorg.conf : +

+ Option "RenderAccel" "false" + + +

+ NVIDIA binary graphics driver users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-1.0.8776" + + + CVE-2006-5379 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-04.xml new file mode 100644 index 0000000000..5774591c6d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-04.xml @@ -0,0 +1,88 @@ + + + + + Bugzilla: Multiple Vulnerabilities + + Bugzilla is vulnerable to cross-site scripting, script injection, and + request forgery. + + bugzilla + November 09, 2006 + November 09, 2006: 01 + 151563 + remote + + + 2.18.6 + 2.18.6 + + + +

+ Bugzilla is a bug tracking system used to allow developers to more + easily track outstanding bugs in products. +

+ + +

+ The vulnerabilities identified in Bugzilla are as follows: +

+
    +
  • Frederic Buclin and Gervase Markham discovered that input passed to + various fields throughout Bugzilla were not properly sanitized before + being sent back to users (CVE-2006-5453).
    • +
  • Frederic Buclin and Josh "timeless" Soref discovered a bug when + viewing attachments in diff mode that allows users not of the + "insidergroup" to read attachment descriptions. Additionally, it was + discovered that the "deadline" field is visible to users who do not + belong to the "timetrackinggroup" when bugs are exported to XML + (CVE-2006-5454).
    • +
  • Gavin Shelley reported that Bugzilla allows certain operations to + be performed via HTTP GET and HTTP POST requests without verifying + those requests properly (CVE-2006-5455).
    • +
  • Max Kanat-Alexander discovered that input passed to + showdependencygraph.cgi is not properly sanitized before being returned + to users (CVE-2006-5453).
    • +
+ + +

+ An attacker could inject scripts into the content loaded by a user's + browser in order to have those scripts executed in a user's browser in + the context of the site currently being viewed. This could include + gaining access to privileged session information for the site being + viewed. Additionally, a user could forge an HTTP request in order to + create, modify, or delete bugs within a Bugzilla instance. Lastly, an + unauthorized user could view sensitive information about bugs or bug + attachments. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Bugzilla users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.6" + + + CVE-2006-5453 + CVE-2006-5454 + CVE-2006-5455 + + + vorlon078 + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-05.xml new file mode 100644 index 0000000000..310889471d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-05.xml @@ -0,0 +1,67 @@ + + + + + Netkit FTP Server: Privilege escalation + + An incorrect seteuid() call could allow an FTP user to access some files or + directories that would normally be inaccessible. + + ftpd + November 10, 2006 + December 30, 2007: 02 + 150292 + remote + + + 0.17-r4 + 0.17-r4 + + + +

+ net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. +

+ + +

+ Paul Szabo reported that an incorrect seteuid() call after the chdir() + function can allow an attacker to access a normally forbidden + directory, in some very particular circumstances, for example when the + NFS-hosted targetted directory is not reachable by the client-side root + user. Additionally, some potentially exploitable unchecked setuid() + calls were also fixed. +

+ + +

+ A local attacker might craft his home directory to gain access through + ftpd to normally forbidden directories like /root, possibly with + writing permissions if seteuid() fails and if the ftpd configuration + allows that. The unchecked setuid() calls could also lead to a root FTP + login, depending on the FTP server configuration. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Netkit FTP Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r4" + + + CVE-2006-5778 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-06.xml new file mode 100644 index 0000000000..32720e8efc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-06.xml @@ -0,0 +1,71 @@ + + + + + OpenSSH: Multiple Denial of Service vulnerabilities + + Several Denial of Service vulnerabilities have been identified in OpenSSH. + + openssh + November 13, 2006 + November 13, 2006: 01 + 149502 + remote + + + 4.4_p1-r5 + 4.4_p1-r5 + + + +

+ OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 + implementation and includes sftp client and server support. +

+ + +

+ Tavis Ormandy of the Google Security Team has discovered a + pre-authentication vulnerability, causing sshd to spin until the login + grace time has been expired. Mark Dowd found an unsafe signal handler + that was vulnerable to a race condition. It has also been discovered + that when GSSAPI authentication is enabled, GSSAPI will in certain + cases incorrectly abort. +

+ + +

+ The pre-authentication and signal handler vulnerabilities can cause a + Denial of Service in OpenSSH. The vulnerability in the GSSAPI + authentication abort could be used to determine the validity of + usernames on some platforms. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSH users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.4_p1-r5" + + + CVE-2006-5051 + CVE-2006-5052 + OpenSSH Security Advisory + + + vorlon078 + + + vorlon078 + + + daxomatic + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-07.xml new file mode 100644 index 0000000000..888c49fc42 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-07.xml @@ -0,0 +1,68 @@ + + + + + GraphicsMagick: PALM and DCM buffer overflows + + GraphicsMagick improperly handles PALM and DCM images, potentially + resulting in the execution of arbitrary code. + + graphicsmagick + November 13, 2006 + November 13, 2006: 01 + 152668 + remote + + + 1.1.7-r3 + 1.1.7-r3 + + + +

+ GraphicsMagick is a collection of tools and libraries which support + reading, writing, and manipulating images in many major formats. +

+ + +

+ M. Joonas Pihlaja has reported that a boundary error exists within the + ReadDCMImage() function of coders/dcm.c, causing the improper handling + of DCM images. Pihlaja also reported that there are several boundary + errors in the ReadPALMImage() function of coders/palm.c, similarly + causing the improper handling of PALM images. +

+ + +

+ An attacker could entice a user to open a specially crafted DCM or PALM + image with GraphicsMagick, and possibly execute arbitrary code with the + privileges of the user running GraphicsMagick. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GraphicsMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.7-r3" + + + CVE-2006-5456 + + + vorlon078 + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-08.xml new file mode 100644 index 0000000000..7d214d2e0c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-08.xml @@ -0,0 +1,67 @@ + + + + + RPM: Buffer overflow + + RPM is vulnerable to a buffer overflow and possibly the execution of + arbitrary code when opening specially crafted packages. + + rpm + November 13, 2006 + November 13, 2006: 01 + 154218 + remote + + + 4.4.6-r3 + 4.4.6-r3 + + + +

+ The Red Hat Package Manager (RPM) is a command line driven package + management system capable of installing, uninstalling, verifying, + querying, and updating computer software packages. +

+ + +

+ Vladimir Mosgalin has reported that when processing certain packages, + RPM incorrectly allocates memory for the packages, possibly causing a + heap-based buffer overflow. +

+ + +

+ An attacker could entice a user to open a specially crafted RPM package + and execute code with the privileges of that user if certain locales + are set. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RPM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.4.6-r3" + + + CVE-2006-5466 + + + falco + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-09.xml new file mode 100644 index 0000000000..8b8c315452 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-09.xml @@ -0,0 +1,63 @@ + + + + + libpng: Denial of Service + + A vulnerability in libpng may allow a remote attacker to crash applications + that handle untrusted images. + + libpng + November 17, 2006 + November 17, 2006: 01 + 154380 + remote + + + 1.2.13 + 1.2.13 + + + +

+ libpng is a free ANSI C library used to process and manipulate PNG + images. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a + vulnerability exists in the sPLT chunk handling code of libpng, a large + sPLT chunk may cause an application to attempt to read out of bounds. +

+ + +

+ A remote attacker could craft an image that when processed or viewed by + an application using libpng causes the application to terminate + abnormally. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.13" + + + CVE-2006-5793 + + + taviso + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-10.xml new file mode 100644 index 0000000000..785cf00163 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-10.xml @@ -0,0 +1,69 @@ + + + + + WordPress: Multiple vulnerabilities + + Flaws in WordPress allow a Denial of Service, the disclosure of user + metadata and the overwriting of restricted files. + + wordpress + November 17, 2006 + November 17, 2006: 01 + 153303 + remote + + + 2.0.5 + 2.0.5 + + + +

+ WordPress is a PHP and MySQL based multiuser blogging system. +

+ + +

+ "random" discovered that users can enter serialized objects as strings + in their profiles that will be harmful when unserialized. "adapter" + found out that user-edit.php fails to effectively deny non-permitted + users access to other user's metadata. Additionally, a directory + traversal vulnerability in the wp-db-backup module was discovered. +

+ + +

+ By entering specially crafted strings in his profile, an attacker can + crash PHP or even the web server running WordPress. Additionally, by + crafting a simple URL, an attacker can read metadata of any other user, + regardless of their own permissions. A user with the permission to use + the database backup plugin can possibly overwrite files he otherwise + has no access to. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All WordPress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.5" + + + CVE-2006-5705 + WordPress Ticket 3142 + WordPress Ticket 2591 + + + frilled + + + frilled + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-11.xml new file mode 100644 index 0000000000..9cd741f888 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-11.xml @@ -0,0 +1,70 @@ + + + + + TikiWiki: Multiple vulnerabilities + + TikiWiki allows for the disclosure of MySQL database authentication + credentials and for cross-site scripting attacks. + + tikiwiki + November 20, 2006 + November 20, 2006: 01 + 153820 + remote + + + 1.9.6 + 1.9.6 + + + +

+ TikiWiki is an open source content management system written in PHP. +

+ + +

+ In numerous files TikiWiki provides an empty sort_mode parameter, + causing TikiWiki to display additional information, including database + authentication credentials, in certain error messages. TikiWiki also + improperly sanitizes the "url" request variable sent to + tiki-featured_link.php. +

+ + +

+ An attacker could cause a database error in various pages of a TikiWiki + instance by providing an empty sort_mode request variable, and gain + unauthorized access to credentials of the MySQL databases used by + TikiWiki. An attacker could also entice a user to browse to a specially + crafted URL that could run scripts in the scope of the user's browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.6" + + + CVE-2006-5702 + CVE-2006-5703 + + + jaervosz + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-12.xml new file mode 100644 index 0000000000..a8d53e22c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-12.xml @@ -0,0 +1,64 @@ + + + + + Ruby: Denial of Service vulnerability + + The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack. + + ruby + November 20, 2006 + June 11, 2009: 02 + 153497 + remote + + + 1.8.5-r3 + 1.8.5-r3 + + + +

+ Ruby is a dynamic, open source programming language with a focus on + simplicity and productivity. +

+ + +

+ Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported + that the CGI library shipped with Ruby is vulnerable to a remote Denial + of Service by an unauthenticated user. +

+ + +

+ The vulnerability can be exploited by sending the cgi.rb library an + HTTP request with multipart MIME encoding that contains a malformed + MIME boundary specifier beginning with "-" instead of "--". Successful + exploitation of the vulnerability causes the library to go into an + infinite loop waiting for additional nonexistent input. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.5-r3" + + + CVE-2006-5467 + + + aetius + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-13.xml new file mode 100644 index 0000000000..29b6b175fd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-13.xml @@ -0,0 +1,65 @@ + + + + + Avahi: "netlink" message vulnerability + + Avahi fails to verify the origin of netlink messages, which could allow + local users to spoof network changes. + + avahi + November 20, 2006 + November 20, 2006: 01 + 154322 + local + + + 0.6.15 + 0.6.15 + + + +

+ Avahi is a system that facilitates service discovery on a local + network. +

+ + +

+ Avahi does not check that the netlink messages come from the kernel + instead of a user-space process. +

+ + +

+ A local attacker could exploit this vulnerability by crafting malicious + netlink messages and trick Avahi to react to fake network changes. This + could lead users to connect to untrusted services without knowing. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Avahi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.15" + + + CVE-2006-5461 + + + vorlon + + + vorlon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-14.xml new file mode 100644 index 0000000000..f0271113f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-14.xml @@ -0,0 +1,68 @@ + + + + + TORQUE: Insecure temporary file creation + + TORQUE creates temporary files in an insecure manner which could lead to + the execution of arbitrary code with elevated privileges. + + torque + November 20, 2006 + November 24, 2006: 03 + 152104 + local + + + 2.1.6 + 2.1.6 + + + +

+ TORQUE is a resource manager providing control over batch jobs and + distributed compute nodes. +

+ + +

+ TORQUE creates temporary files with predictable names. Please note that + the TORQUE package shipped in Gentoo Portage is not vulnerable in the + default configuration. Only systems with more permissive access rights + to the spool directory are vulnerable. +

+ + +

+ A local attacker could create links in the temporary file directory, + pointing to a valid file somewhere on the filesystem. This could lead + to the execution of arbitrary code with elevated privileges. +

+ + +

+ Ensure that untrusted users don't have write access to the spool + directory. +

+ + +

+ All TORQUE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/torque-2.1.6" + + + CVE-2006-5677 + + + vorlon + + + vorlon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-15.xml new file mode 100644 index 0000000000..4d1325a2c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-15.xml @@ -0,0 +1,66 @@ + + + + + qmailAdmin: Buffer overflow + + qmailAdmin is vulnerable to a buffer overflow that could lead to the remote + execution of arbitrary code. + + qmailadmin + November 21, 2006 + November 21, 2006: 01 + 153896 + remote + + + 1.2.10 + 1.2.10 + + + +

+ qmailAdmin is a free software package that provides a web interface for + managing a qmail system with virtual domains. +

+ + +

+ qmailAdmin fails to properly handle the "PATH_INFO" variable in + qmailadmin.c. The PATH_INFO is a standard CGI environment variable + filled with user supplied data. +

+ + +

+ A remote attacker could exploit this vulnerability by sending + qmailAdmin a maliciously crafted URL that could lead to the execution + of arbitrary code with the permissions of the user running qmailAdmin. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All qmailAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/qmailadmin-1.2.10" + + + CVE-2006-1141 + + + vorlon + + + vorlon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-16.xml new file mode 100644 index 0000000000..bb1874a3c9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-16.xml @@ -0,0 +1,65 @@ + + + + + Texinfo: Buffer overflow + + Texinfo is vulnerable to a buffer overflow that could lead to the execution + of arbitrary code. + + texinfo + November 21, 2006 + November 21, 2006: 01 + 154316 + remote + + + 4.8-r5 + 4.8-r5 + + + +

+ Texinfo is the official documentation system of the GNU project. +

+ + +

+ Miloslav Trmac from Red Hat discovered a buffer overflow in the + "readline()" function of texindex.c. The "readline()" function is + called by the texi2dvi and texindex commands. +

+ + +

+ By enticing a user to open a specially crafted Texinfo file, an + attacker could execute arbitrary code with the rights of the user + running Texinfo. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Texinfo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/texinfo-4.8-r5" + + + CVE-2006-4810 + + + vorlon + + + vorlon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-17.xml new file mode 100644 index 0000000000..c00a28ec7b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-17.xml @@ -0,0 +1,68 @@ + + + + + fvwm: fvwm-menu-directory fvwm command injection + + A flaw in fvwm-menu-directory may permit a local attacker to execute + arbitrary commands with the privileges of another user. + + fvwm + November 23, 2006 + November 23, 2006: 01 + 155078 + local + + + 2.5.18-r1 + 2.5.18-r1 + + + +

+ fvwm is a highly configurable virtual window manager for X11 desktops. + fvwm-menu-directory allows fvwm users to browse directories from within + fvwm. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + fvwm-menu-directory does not sufficiently sanitise directory names + prior to generating menus. +

+ + +

+ A local attacker who can convince an fvwm-menu-directory user to browse + a directory they control could cause fvwm commands to be executed with + the privileges of the fvwm user. Fvwm commands can be used to execute + arbitrary shell commands. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All fvwm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-wm/fvwm-2.5.18-r1" + + + CVE-2006-5969 + + + jaervosz + + + jaervosz + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-18.xml new file mode 100644 index 0000000000..56f2215039 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-18.xml @@ -0,0 +1,67 @@ + + + + + TIN: Multiple buffer overflows + + Multiple buffer overflows have been reported in TIN, possibly leading to + the execution of arbitrary code. + + tin + November 24, 2006 + November 24, 2006: 01 + 150229 + remote + + + 1.8.2 + 1.8.2 + + + +

+ TIN is a threaded NNTP and spool based UseNet newsreader for a variety + of platforms. +

+ + +

+ Urs Janssen and Aleksey Salow have reported multiple buffer overflows + in TIN. Additionally, the OpenPKG project has reported an allocation + off-by-one flaw which can lead to a buffer overflow. +

+ + +

+ An attacker could entice a TIN user to read a specially crafted news + article, and execute arbitrary code with the rights of the user running + TIN. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TIN users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nntp/tin-1.8.2" + + + OpenPKG Advisory + CVE-2006-0804 + + + jaervosz + + + jaervosz + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-19.xml new file mode 100644 index 0000000000..c95db6da8b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-19.xml @@ -0,0 +1,69 @@ + + + + + ImageMagick: PALM and DCM buffer overflows + + ImageMagick improperly handles PALM and DCM images, potentially resulting + in the execution of arbitrary code. + + imagemagick + November 24, 2006 + November 24, 2006: 01 + 152672 + remote + + + 6.3.0.5 + 6.3.0.5 + + + +

+ ImageMagick is a software suite to create, edit, and compose bitmap + images, that can also read, write, and convert images in many other + formats. +

+ + +

+ M. Joonas Pihlaja has reported that a boundary error exists within the + ReadDCMImage() function of coders/dcm.c, causing the improper handling + of DCM images. Pihlaja also reported that there are several boundary + errors in the ReadPALMImage() function of coders/palm.c, similarly + causing the improper handling of PALM images. +

+ + +

+ An attacker could entice a user to open a specially crafted DCM or PALM + image with ImageMagick, and possibly execute arbitrary code with the + privileges of the user running ImageMagick. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.0.5" + + + CVE-2006-5456 + + + jaervosz + + + shellsage + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-20.xml new file mode 100644 index 0000000000..4187a07a47 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-20.xml @@ -0,0 +1,64 @@ + + + + + GNU gv: Stack overflow + + GNU gv improperly handles user-supplied data possibly allowing for the + execution of arbitrary code. + + gv + November 24, 2006 + November 24, 2006: 01 + 154573 + remote + + + 3.6.2-r1 + 3.6.2-r1 + + + +

+ GNU gv is a viewer for PostScript and PDF documents. +

+ + +

+ GNU gv does not properly boundary check user-supplied data before + copying it into process buffers. +

+ + +

+ An attacker could entice a user to open a specially crafted document + with GNU gv and execute arbitrary code with the rights of the user on + the system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gv users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gv-3.6.2-r1" + + + CVE-2006-5864 + + + jaervosz + + + shellsage + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-21.xml new file mode 100644 index 0000000000..a00511d038 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-21.xml @@ -0,0 +1,59 @@ + + + + + Kile: Incorrect backup file permission + + Kile uses default permissions for backup files, potentially leading to + information disclosure. + + kile + November 27, 2006 + November 27, 2006: 01 + 155613 + local + + + 1.9.2-r1 + 1.9.2-r1 + + + +

+ Kile is a TeX/LaTeX editor for KDE. +

+ + +

+ Kile fails to set the same permissions on backup files as on the + original file. This is similar to CVE-2005-1920. +

+ + +

+ A kile user may inadvertently grant access to sensitive information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Kile users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/kile-1.9.2-r1" + + + CVE-2005-1920 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-22.xml new file mode 100644 index 0000000000..295933cb4b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-22.xml @@ -0,0 +1,64 @@ + + + + + Ingo H3: Folder name shell command injection + + Ingo H3 is vulnerable to arbitrary shell command execution when handling + procmail rules. + + horde-ingo + November 27, 2006 + November 27, 2006: 01 + 153927 + remote + + + 1.1.2 + 1.1.2 + + + +

+ Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and + IMAP filter rules. +

+ + +

+ Ingo H3 fails to properly escape shell metacharacters in procmail + rules. +

+ + +

+ A remote authenticated attacker could craft a malicious rule which + could lead to the execution of arbitrary shell commands on the server. +

+ + +

+ Don't use procmail with Ingo H3. +

+ + +

+ All Ingo H3 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-ingo-1.1.2" + + + CVE-2006-5449 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-23.xml new file mode 100644 index 0000000000..e896c99fad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-23.xml @@ -0,0 +1,67 @@ + + + + + Mono: Insecure temporary file creation + + Mono is vulnerable to linking attacks, potentially allowing a local user to + overwrite arbitrary files. + + mono + November 28, 2006 + November 28, 2006: 01 + 150264 + local + + + 1.1.13.8.1 + 1.1.13.8.1 + + + +

+ Mono provides the necessary software to develop and run .NET client and + server applications. +

+ + +

+ Sebastian Krahmer of the SuSE Security Team discovered that the + System.CodeDom.Compiler classes of Mono create temporary files with + insecure permissions. +

+ + +

+ A local attacker could create links in the temporary file directory, + pointing to a valid file somewhere on the filesystem. When an affected + class is called, this could result in the file being overwritten with + the rights of the user running the script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mono users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/mono-1.1.13.8.1" + + + CVE-2006-5072 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-24.xml new file mode 100644 index 0000000000..5d92272850 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-24.xml @@ -0,0 +1,72 @@ + + + + + LHa: Multiple vulnerabilities + + LHa is affected by several vulnerabilities including the remote execution + of arbitrary code. + + lha + November 28, 2006 + November 28, 2006: 01 + 151252 + remote + + + 114i-r6 + 114i-r6 + + + +

+ LHa is a console-based program for packing and unpacking LHarc + archives. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered several + vulnerabilities in the LZH decompression component used by LHa. The + make_table function of unlzh.c contains an array index error and a + buffer overflow vulnerability. The build_tree function of unpack.c + contains a buffer underflow vulnerability. Additionally, unlzh.c + contains a code that could run in an infinite loop. +

+ + +

+ By enticing a user to uncompress a specially crafted archive, a remote + attacker could cause a Denial of Service by CPU consumption or execute + arbitrary code with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LHa users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/lha-114i-r6" + + + CVE-2006-4335 + CVE-2006-4336 + CVE-2006-4337 + CVE-2006-4338 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-25.xml new file mode 100644 index 0000000000..b827faffa5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-25.xml @@ -0,0 +1,67 @@ + + + + + OpenLDAP: Denial of Service vulnerability + + A flaw in OpenLDAP allows remote unauthenticated attackers to cause a + Denial of Service. + + openldap + November 28, 2006 + November 28, 2006: 01 + 154349 + remote + + + 2.3.27-r3 + 2.2.28-r5 + 2.1.30-r8 + 2.3.27-r3 + + + +

+ OpenLDAP is a suite of LDAP-related applications and development tools. +

+ + +

+ Evgeny Legerov has discovered that the truncation of an incoming + authcid longer than 255 characters and ending with a space as the 255th + character will lead to an improperly computed name length. This will + trigger an assert in the libldap code. +

+ + +

+ By sending a BIND request with a specially crafted authcid parameter to + an OpenLDAP service, a remote attacker can cause the service to crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenLDAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "net-nds/openldap" + + + CVE-2006-5779 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-26.xml new file mode 100644 index 0000000000..d9c9659730 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200611-26.xml @@ -0,0 +1,76 @@ + + + + + ProFTPD: Remote execution of arbitrary code + + ProFTPD is affected by mutiple vulnerabilities allowing for the remote + execution of arbitrary code. + + proftpd + November 30, 2006 + November 30, 2006: 01 + 154650 + remote + + + 1.3.0a + 1.3.0a + + + +

+ ProFTPD is a highly-configurable FTP server. +

+ + +

+ Evgeny Legerov discovered a stack-based buffer overflow in the + s_replace() function in support.c, as well as a buffer overflow in in + the mod_tls module. Additionally, an off-by-two error related to the + CommandBufferSize configuration directive was reported. +

+ + +

+ An authenticated attacker could exploit the s_replace() vulnerability + by uploading a crafted .message file or sending specially crafted + commands to the server, possibly resulting in the execution of + arbitrary code with the rights of the user running ProFTPD. An + unauthenticated attacker could send specially crafted data to the + server with mod_tls enabled which could result in the execution of + arbitrary code with the rights of the user running ProFTPD. Finally, + the off-by-two error related to the CommandBufferSize configuration + directive was fixed - exploitability of this error is disputed. Note + that the default configuration on Gentoo is to run ProFTPD as an + unprivileged user, and has mod_tls disabled. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ProFTPD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.0a" + + + CVE-2006-5815 + CVE-2006-6170 + CVE-2006-6171 (disputed) + + + falco + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-01.xml new file mode 100644 index 0000000000..23e95184a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-01.xml @@ -0,0 +1,61 @@ + + + + + wv library: Multiple integer overflows + + The wv library is vulnerable to multiple integer overflows which could lead + to the execution of arbitrary code. + + wv library + December 07, 2006 + December 07, 2006: 01 + 153800 + remote + + + 1.2.3-r1 + 1.2.3-r1 + + + +

+ wv is a library for conversion of MS Word DOC and RTF files. +

+ + +

+ The wv library fails to do proper arithmetic checks in multiple places, + possibly leading to integer overflows. +

+ + +

+ An attacker could craft a malicious file that, when handled with the wv + library, could lead to the execution of arbitrary code with the + permissions of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All wv library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/wv-1.2.3-r1" + + + CVE-2006-4513 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-02.xml new file mode 100644 index 0000000000..e2fb96321b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-02.xml @@ -0,0 +1,67 @@ + + + + + xine-lib: Buffer overflow + + xine-lib is vulnerable to a buffer overflow in the Real Media input plugin, + which could lead to the execution of arbitrary code. + + xine-lib + December 09, 2006 + December 09, 2006: 01 + 156645 + remote + + + 1.1.2-r3 + 1.1.2-r3 + + + +

+ xine is a portable and reusable multimedia playback engine. xine-lib is + xine's core engine. +

+ + +

+ A possible buffer overflow has been reported in the Real Media input + plugin. +

+ + +

+ An attacker could exploit this vulnerability by enticing a user into + loading a specially crafted stream with xine or an application using + xine-lib. This can lead to a Denial of Service and possibly the + execution of arbitrary code with the rights of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r3" + + + CVE-2006-6172 + + + DerCorny + + + vorlon + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-03.xml new file mode 100644 index 0000000000..bf5721604f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-03.xml @@ -0,0 +1,76 @@ + + + + + GnuPG: Multiple vulnerabilities + + GnuPG is vulnerable to a buffer overflow and an erroneous function pointer + dereference that can result in the execution of arbitrary code. + + gnupg + December 10, 2006 + December 10, 2006: 02 + 156476 + 156947 + remote + + + 1.4.6 + 1.4.6 + + + +

+ The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite + of cryptographic software. +

+ + +

+ Hugh Warrington has reported a boundary error in GnuPG, in the + "ask_outfile_name()" function from openfile.c: the + make_printable_string() function could return a string longer than + expected. Additionally, Tavis Ormandy of the Gentoo Security Team + reported a design error in which a function pointer can be incorrectly + dereferenced. +

+ + +

+ A remote attacker could entice a user to interactively use GnuPG on a + crafted file and trigger the boundary error, which will result in a + buffer overflow. They could also entice a user to process a signed or + encrypted file with gpg or gpgv, possibly called through another + application like a mail client, to trigger the dereference error. Both + of these vulnerabilities would result in the execution of arbitrary + code with the permissions of the user running GnuPG. gpg-agent, gpgsm + and other tools are not affected. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuPG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*" + + + CVE-2006-6169 + CVE-2006-6235 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-04.xml new file mode 100644 index 0000000000..7ce79080ba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-04.xml @@ -0,0 +1,66 @@ + + + + + ModPlug: Multiple buffer overflows + + ModPlug contains several boundary errors that could lead to buffer + overflows resulting in the possible execution of arbitrary code. + + libmodplug + December 10, 2006 + December 10, 2006: 01 + 143404 + remote + + + 0.8-r1 + 0.8-r1 + + + +

+ ModPlug is a library for playing MOD-like music. +

+ + +

+ Luigi Auriemma has reported various boundary errors in load_it.cpp and + a boundary error in the "CSoundFile::ReadSample()" function in + sndfile.cpp. +

+ + +

+ A remote attacker can entice a user to read crafted modules or ITP + files, which may trigger a buffer overflow resulting in the execution + of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ModPlug users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8-r1" + + + CVE-2006-4192 + + + vorlon + + + vorlon + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-05.xml new file mode 100644 index 0000000000..c4ed171994 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-05.xml @@ -0,0 +1,68 @@ + + + + + KOffice shared libraries: Heap corruption + + An integer overflow in koffice-libs allows for a Denial of Service and + possibly the execution of arbitrary code when viewing malicious PowerPoint + files. + + koffice-libs + December 10, 2006 + December 10, 2006: 01 + 155914 + remote + + + 1.5.0 + 1.5.0 + + + +

+ KOffice is an integrated office suite for KDE. koffice-libs is a + package containing shared librares used by KOffice programs. +

+ + +

+ Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot()' in + klaola.cc fills 'num_of_bbd_blocks' while reading a .ppt (PowerPoint) + file without proper sanitizing, resulting in an integer overflow + subsequently overwriting the heap with parts of the file being read. +

+ + +

+ By enticing a user to open a specially crafted PowerPoint file, an + attacker could crash the application and possibly execute arbitrary + code with the rights of the user running KOffice. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All koffice-libs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/koffice-libs-1.5.0" + + + CVE-2006-6120 + + + DerCorny + + + frilled + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-06.xml new file mode 100644 index 0000000000..3102c1f9e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-06.xml @@ -0,0 +1,100 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Multiple vulnerabilities have been identified in Mozilla Thunderbird. + + mozilla-thunderbird + December 10, 2006 + December 10, 2006: 01 + 154448 + remote + + + 1.5.0.8 + 1.5.0.8 + + + 1.5.0.8 + 1.5.0.8 + + + +

+ Mozilla Thunderbird is a popular open-source email client from the + Mozilla Project. +

+ + +

+ It has been identified that Mozilla Thunderbird improperly handles + Script objects while they are being executed, allowing them to be + modified during execution. JavaScript is disabled in Mozilla + Thunderbird by default. Mozilla Thunderbird has also been found to be + vulnerable to various potential buffer overflows. Lastly, the binary + release of Mozilla Thunderbird is vulnerable to a low exponent RSA + signature forgery issue because it is bundled with a vulnerable version + of NSS. +

+ + +

+ An attacker could entice a user to view a specially crafted email that + causes a buffer overflow and again executes arbitrary code or causes a + Denial of Service. An attacker could also entice a user to view an + email containing specially crafted JavaScript and execute arbitrary + code with the rights of the user running Mozilla Thunderbird. It is + important to note that JavaScript is off by default in Mozilla + Thunderbird, and enabling it is strongly discouraged. It is also + possible for an attacker to create SSL/TLS or email certificates that + would not be detected as invalid by the binary release of Mozilla + Thunderbird, raising the possibility for Man-in-the-Middle attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Users upgrading to the following releases of Mozilla Thunderbird should + note that this version of Mozilla Thunderbird has been found to not + display certain messages in some cases. +

+

+

+

All Mozilla Thunderbird users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.8" +

+ All Mozilla Thunderbird binary release users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.8" + + + CVE-2006-5462 + CVE-2006-5463 + CVE-2006-5464 + CVE-2006-5747 + CVE-2006-5748 + Mozilla Thunderbird Email Loss Bug + + + jaervosz + + + jaervosz + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-07.xml new file mode 100644 index 0000000000..0440aba05d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-07.xml @@ -0,0 +1,87 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Firefox. + + mozilla-firefox + December 10, 2006 + December 10, 2006: 01 + 154434 + remote + + + 1.5.0.8 + 1.5.0.8 + + + 1.5.0.8 + 1.5.0.8 + + + +

+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+ + +

+ Mozilla Firefox improperly handles Script objects while they are being + executed. Mozilla Firefox has also been found to be vulnerable to + various possible buffer overflows. Lastly, the binary release of + Mozilla Firefox is vulnerable to a low exponent RSA signature forgery + issue because it is bundled with a vulnerable version of NSS. +

+ + +

+ An attacker could entice a user to view specially crafted JavaScript + and execute arbitrary code with the rights of the user running Mozilla + Firefox. An attacker could also entice a user to view a specially + crafted web page that causes a buffer overflow and again executes + arbitrary code. It is also possible for an attacker to make up SSL/TLS + certificates that would not be detected as invalid by the binary + release of Mozilla Firefox, raising the possibility for + Man-in-the-Middle attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.8" +

+ All Mozilla Firefox binary release users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.8" + + + CVE-2006-5462 + CVE-2006-5463 + CVE-2006-5464 + CVE-2006-5747 + CVE-2006-5748 + + + jaervosz + + + jaervosz + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-08.xml new file mode 100644 index 0000000000..bd859b4648 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-08.xml @@ -0,0 +1,71 @@ + + + + + SeaMonkey: Multiple vulnerabilities + + Multiple vulnerabilities have been identified in the SeaMonkey project. + + seamonkey + December 10, 2006 + December 10, 2006: 01 + 154449 + remote + + + 1.0.6 + 1.0.6 + + + +

+ The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as 'Mozilla Application Suite'. +

+ + +

+ The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode + execution and arbitrary code execution. +

+ + +

+ An attacker could entice a user to load malicious JavaScript or a + malicious web page with a SeaMonkey application and execute arbitrary + code with the rights of the user running those products. It is + important to note that in the SeaMonkey email client, JavaScript is + disabled by default. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.6" + + + CVE-2006-5462 + CVE-2006-5463 + CVE-2006-5464 + CVE-2006-5747 + CVE-2006-5748 + + + jaervosz + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-09.xml new file mode 100644 index 0000000000..5991953c33 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-09.xml @@ -0,0 +1,67 @@ + + + + + MadWifi: Kernel driver buffer overflow + + MadWifi is vulnerable to a buffer overflow that could potentially lead to + the remote execution of arbitrary code with root privileges. + + madwifi-ng + December 10, 2006 + December 10, 2006: 01 + 157449 + remote + + + 0.9.2.1 + 0.9.2.1 + + + +

+ MadWifi (Multiband Atheros Driver for Wireless Fidelity) provides a + Linux kernel device driver for Atheros-based Wireless LAN devices. +

+ + +

+ Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer + overflow in the encode_ie() and the giwscan_cb() functions from + ieee80211_wireless.c. +

+ + +

+ A remote attacker could send specially crafted wireless WPA packets + containing malicious RSN Information Headers (IE) that could + potentially lead to the remote execution of arbitrary code as the root + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MadWifi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.2.1" + + + CVE-2006-6332 + + + jaervosz + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-10.xml new file mode 100644 index 0000000000..dc3ea0b0f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-10.xml @@ -0,0 +1,67 @@ + + + + + Tar: Directory traversal vulnerability + + Tar is vulnerable to directory traversal possibly allowing for the + overwriting of arbitrary files. + + tar + December 11, 2006 + December 11, 2006: 01 + 155901 + remote + + + 1.16-r2 + 1.16-r2 + + + +

+ The Tar program provides the ability to create and manipulate tar + archives. +

+ + +

+ Tar does not properly extract archive elements using the GNUTYPE_NAMES + record name, allowing files to be created at arbitrary locations using + symlinks. Once a symlink is extracted, files after the symlink in the + archive will be extracted to the destination of the symlink. +

+ + +

+ An attacker could entice a user to extract a specially crafted tar + archive, possibly allowing for the overwriting of arbitrary files on + the system extracting the archive. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tar users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/tar-1.16-r2" + + + CVE-2006-6097 + + + vorlon + + + vorlon + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-11.xml new file mode 100644 index 0000000000..b0d80e7f3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-11.xml @@ -0,0 +1,76 @@ + + + + + AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities + + OpenSSL contains multiple vulnerabilities including the possible execution + of remote arbitrary code. + + emul-linux-x86-baselibs + December 11, 2006 + December 11, 2006: 01 + 152640 + remote + + + 2.5.5 + 2.5.5 + + + +

+ OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport + Layer Security protocols and a general-purpose cryptography library. + The x86 emulation base libraries for AMD64 contain a vulnerable version + of OpenSSL. +

+ + +

+ Tavis Ormandy and Will Drewry, both of the Google Security Team, + discovered that the SSL_get_shared_ciphers() function contains a buffer + overflow vulnerability, and that the SSLv2 client code contains a flaw + leading to a crash. Additionally, Dr. Stephen N. Henson found that the + ASN.1 handler contains two Denial of Service vulnerabilities: while + parsing an invalid ASN.1 structure and while handling certain types of + public key. +

+ + +

+ An attacker could trigger the buffer overflow by sending a malicious + suite of ciphers to an application using the vulnerable function, and + thus execute arbitrary code with the rights of the user running the + application. An attacker could also consume CPU and/or memory by + exploiting the Denial of Service vulnerabilities. Finally, a malicious + server could crash a SSLv2 client through the SSLv2 vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AMD64 x86 emulation base libraries users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.5" + + + CVE-2006-2937 + CVE-2006-2940 + CVE-2006-3738 + CVE-2006-4343 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-12.xml new file mode 100644 index 0000000000..0a8548979c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-12.xml @@ -0,0 +1,68 @@ + + + + + F-PROT Antivirus: Multiple vulnerabilities + + F-Prot Antivirus contains a buffer overflow and other unspecified + vulnerabilities, possibly allowing the remote execution of arbitrary code. + + f-prot + December 12, 2006 + December 12, 2006: 01 + 157612 + remote + + + 4.6.7 + 4.6.7 + + + +

+ F-Prot Antivirus is a FRISK Software antivirus program that can used + with procmail. +

+ + +

+ F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an + infinite loop, and other unspecified vulnerabilities. +

+ + +

+ Among other weaker impacts, a remote attacker could send an e-mail + containing a malicious file that would trigger the buffer overflow + vulnerability and execute arbitrary code with the privileges of the + user running F-Prot, which may be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All F-Prot users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/f-prot-4.6.7" + + + CVE-2006-6293 + CVE-2006-6294 + CVE-2006-6352 + + + jaervosz + + + jaervosz + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-13.xml new file mode 100644 index 0000000000..968a6e1c38 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-13.xml @@ -0,0 +1,67 @@ + + + + + libgsf: Buffer overflow + + libgsf improperly allocates memory allowing for a heap overflow and + possibly the execution of arbitrary code. + + libgsf + December 12, 2006 + December 12, 2006: 01 + 156693 + remote + + + 1.14.2 + 1.14.2 + + + +

+ The GNOME Structured File Library is an I/O library that can read and + write common file types and handle structured formats that provide + file-system-in-a-file semantics. +

+ + +

+ "infamous41md" has discovered that the "ole_init_info" function may + allocate too little memory for storing the contents of an OLE document, + resulting in a heap buffer overflow. +

+ + +

+ An attacker could entice a user to open a specially crafted OLE + document, and possibly execute arbitrary code with the rights of the + user opening the document. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libgsf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-extra/libgsf-1.14.2" + + + CVE-2006-4514 + + + jaervosz + + + vorlon + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-14.xml new file mode 100644 index 0000000000..5fa3ea238f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-14.xml @@ -0,0 +1,66 @@ + + + + + Trac: Cross-site request forgery + + Trac allows remote attackers to execute unauthorized actions as other + users. + + trac + December 12, 2006 + December 12, 2006: 01 + 154574 + remote + + + 0.10.1 + 0.10.1 + + + +

+ Trac is a wiki and issue tracking system for software development + projects. +

+ + +

+ Trac allows users to perform certain tasks via HTTP requests without + performing correct validation on those requests. +

+ + +

+ An attacker could entice an authenticated user to browse to a specially + crafted URL, allowing the attacker to execute actions in the Trac + instance as if they were the user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Trac users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/trac-0.10.1" + + + CVE-2006-5848 + CVE-2006-5878 + + + jaervosz + + + vorlon + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-15.xml new file mode 100644 index 0000000000..be70a54e36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-15.xml @@ -0,0 +1,68 @@ + + + + + McAfee VirusScan: Insecure DT_RPATH + + McAfee VirusScan for Linux is distributed with an insecure DT_RPATH, + potentially allowing a remote attacker to execute arbitrary code. + + vlnx + December 14, 2006 + December 14, 2006: 01 + 156989 + remote + + + 4510e + + + +

+ McAfee VirusScan for Linux is a commercial antivirus solution for + Linux. +

+ + +

+ Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was + distributed with an insecure DT_RPATH which included the current + working directory, rather than $ORIGIN which was probably intended. +

+ + +

+ An attacker could entice a VirusScan user to scan an arbitrary file and + execute arbitrary code with the privileges of the VirusScan user by + tricking the dynamic loader into loading an untrusted ELF DSO. An + automated system, such as a mail scanner, may be subverted to execute + arbitrary code with the privileges of the process invoking VirusScan. +

+ + +

+ Do not scan files or execute VirusScan from an untrusted working + directory. +

+ + +

+ As VirusScan verifies that it has not been modified before executing, + it is not possible to correct the DT_RPATH. Furthermore, this would + violate the license that VirusScan is distributed under. For this + reason, the package has been masked in Portage pending the resolution + of this issue. +

+ + # emerge --ask --verbose --unmerge "app-antivirus/vlnx" + + + CVE-2006-6474 + + + taviso + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-16.xml new file mode 100644 index 0000000000..3942b68a44 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-16.xml @@ -0,0 +1,67 @@ + + + + + Links: Arbitrary Samba command execution + + Links does not properly validate "smb://" URLs, making it vulnerable to the + execution of arbitrary Samba commands. + + links + December 14, 2006 + December 14, 2006: 01 + 157028 + remote + + + 2.1_pre26 + 2.1_pre26 + + + +

+ Links is a web browser running in both graphics and text modes. +

+ + +

+ Teemu Salmela discovered that Links does not properly validate "smb://" + URLs when it runs smbclient commands. +

+ + +

+ A remote attacker could entice a user to browse to a specially crafted + "smb://" URL and execute arbitrary Samba commands, which would allow + the overwriting of arbitrary local files or the upload or the download + of arbitrary files. This vulnerability can be exploited only if + "smbclient" is installed on the victim's computer, which is provided by + the "samba" Gentoo package. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Links users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/links-2.1_pre26" + + + CVE-2006-5925 + + + vorlon + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-17.xml new file mode 100644 index 0000000000..324f147eb4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-17.xml @@ -0,0 +1,69 @@ + + + + + GNU Radius: Format string vulnerability + + A format string vulnerabilty has been found in GNU Radius, which could lead + to the remote execution of arbitrary code. + + gnuradius + December 14, 2006 + December 14, 2006: 01 + 156376 + remote + + + 1.4 + 1.4 + + + +

+ GNU Radius is a GNU version of Radius, a server for remote user + authentication and accounting. +

+ + +

+ A format string vulnerability was found in the sqllog function from the + SQL accounting code for radiusd. That function is only used if one or + more of the "postgresql", "mysql" or "odbc" USE flags are enabled, + which is not the default, except for the "server" 2006.1 and 2007.0 + profiles which enable the "mysql" USE flag. +

+ + +

+ An unauthenticated remote attacker could execute arbitrary code with + the privileges of the user running radiusd, which may be the root user. + It is important to note that there is no default GNU Radius user for + Gentoo systems because no init script is provided with the package. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU Radius users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/gnuradius-1.4" + + + CVE-2006-4181 + + + jaervosz + + + jaervosz + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-18.xml new file mode 100644 index 0000000000..25c7c37853 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-18.xml @@ -0,0 +1,59 @@ + + + + + ClamAV: Denial of Service + + ClamAV is vulnerable to Denial of Service. + + clamav + December 18, 2006 + December 18, 2006: 01 + 157698 + remote + + + 0.88.7 + 0.88.7 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ Hendrik Weimer discovered that ClamAV fails to properly handle deeply + nested MIME multipart/mixed content. +

+ + +

+ By sending a specially crafted email with deeply nested MIME + multipart/mixed content an attacker could cause ClamAV to crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.7" + + + CVE-2006-6481 + + + jaervosz + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-19.xml new file mode 100644 index 0000000000..7410ac1f40 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-19.xml @@ -0,0 +1,64 @@ + + + + + pam_ldap: Authentication bypass vulnerability + + pam_ldap contains a vulnerability that may allow a remote user with a + locked account to gain unauthorized system access. + + pam_ldap + December 20, 2006 + December 20, 2006: 01 + 153916 + remote + + + 183 + 183 + + + +

+ pam_ldap is a Pluggable Authentication Module which allows + authentication against LDAP directories. +

+ + +

+ Steve Rigler discovered that pam_ldap does not correctly handle + "PasswordPolicyResponse" control responses from an LDAP directory. This + causes the pam_authenticate() function to always succeed, even if the + previous authentication failed. +

+ + +

+ A locked user may exploit this vulnerability to bypass the LDAP + authentication mechanism, possibly gaining unauthorized access to the + system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pam_ldap users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-183" + + + CVE-2006-5170 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-20.xml new file mode 100644 index 0000000000..2e50b6890b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-20.xml @@ -0,0 +1,72 @@ + + + + + imlib2: Multiple vulnerabilities + + imlib2 contains several vulnerabilities that could lead to the remote + execution of arbitrary code or a Denial of Service. + + imlib2 + December 20, 2006 + December 20, 2006: 01 + 154216 + remote + + + 1.3.0 + 1.3.0 + + + +

+ imlib2 is an advanced replacement for image manipulation libraries such + as libXpm. It is utilized by numerous programs, including gkrellm and + several window managers, to display images. +

+ + +

+ M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c, + loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c, + loader_pnm.c and an out-of-bounds memory read access in loader_tga.c. +

+ + +

+ An attacker can entice a user to process a specially crafted JPG, ARGB, + PNG, LBM, PNM, TIFF, or TGA image with an "imlib2*" binary or another + application using the imlib2 libraries. Successful exploitation of the + buffer overflows causes the execution of arbitrary code with the + permissions of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All imlib2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.3.0" + + + CVE-2006-4806 + CVE-2006-4807 + CVE-2006-4808 + CVE-2006-4809 + + + jaervosz + + + vorlon + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-21.xml new file mode 100644 index 0000000000..04fc6dafac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200612-21.xml @@ -0,0 +1,63 @@ + + + + + Ruby: Denial of Service vulnerability + + The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack. + + ruby + December 20, 2006 + December 20, 2006: 01 + 157048 + remote + + + 1.8.5_p2 + 1.8.5_p2 + + + +

+ Ruby is a dynamic, open source programming language with a focus on + simplicity and productivity. +

+ + +

+ The read_multipart function of the CGI library shipped with Ruby + (cgi.rb) does not properly check boundaries in MIME multipart content. + This is a different issue than GLSA 200611-12. +

+ + +

+ The vulnerability can be exploited by sending the cgi.rb library a + crafted HTTP request with multipart MIME encoding that contains a + malformed MIME boundary specifier. Successful exploitation of the + vulnerability causes the library to go into an infinite loop. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.5_p2" + + + CVE-2006-6303 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-01.xml new file mode 100644 index 0000000000..53a8444fae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-01.xml @@ -0,0 +1,64 @@ + + + + + DenyHosts: Denial of Service + + DenyHosts does not correctly parse log entries, potentially causing a + remote Denial of Service. + + denyhosts + January 03, 2007 + January 03, 2007: 01 + 157163 + remote + + + 2.6 + 2.6 + + + +

+ DenyHosts is designed to monitor SSH servers for repeated failed login + attempts. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that + DenyHosts used an incomplete regular expression to parse failed login + attempts. +

+ + +

+ A remote unauthenticated attacker can add arbitrary hosts to the + blacklist by attempting to login with a specially crafted username. An + attacker may use this to prevent legitimate users from accessing a host + remotely. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All DenyHosts users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6" + + + CVE-2006-6301 + + + taviso + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-02.xml new file mode 100644 index 0000000000..7787acb7a3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-02.xml @@ -0,0 +1,88 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Firefox, some of + which may allow the remote execution of arbitrary code. + + mozilla-firefox + January 04, 2007 + January 04, 2007: 01 + 156023 + remote + + + 1.5.0.9 + 1.5.0.9 + + + 1.5.0.9 + 1.5.0.9 + + + +

+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+ + +

+ An anonymous researcher found evidence of memory corruption in the way + Mozilla Firefox handles certain types of SVG comment DOM nodes. + Additionally, Frederik Reiss discovered a heap-based buffer overflow in + the conversion of a CSS cursor. Other issues with memory corruption + were also fixed. Mozilla Firefox also contains less severe + vulnerabilities involving JavaScript and Java. +

+ + +

+ An attacker could entice a user to view a specially crafted web page + that will trigger one of the vulnerabilities, possibly leading to the + execution of arbitrary code. It is also possible for an attacker to + perform cross-site scripting attacks, leading to the exposure of + sensitive information, like user credentials. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.9" +

+ All Mozilla Firefox binary release users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.9" + + + CVE-2006-6497 + CVE-2006-6498 + CVE-2006-6499 + CVE-2006-6500 + CVE-2006-6501 + CVE-2006-6502 + CVE-2006-6503 + CVE-2006-6504 + CVE-2006-6506 + CVE-2006-6507 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-03.xml new file mode 100644 index 0000000000..24c6bbdd89 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-03.xml @@ -0,0 +1,86 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of + which may allow the remote execution of arbitrary code. + + mozilla-thunderbird + January 04, 2007 + January 04, 2007: 01 + 158571 + remote + + + 1.5.0.9 + 1.5.0.9 + + + 1.5.0.9 + 1.5.0.9 + + + +

+ Mozilla Thunderbird is a popular open-source email client from the + Mozilla Project. +

+ + +

+ Georgi Guninski and David Bienvenu discovered buffer overflows in the + processing of long "Content-Type:" and long non-ASCII MIME headers. + Additionally, Frederik Reiss discovered a heap-based buffer overflow in + the conversion of a CSS cursor. Different vulnerabilities involving + memory corruption in the browser engine were also fixed. Mozilla + Thunderbird also contains less severe vulnerabilities involving + JavaScript and Java. +

+ + +

+ An attacker could entice a user to view a specially crafted email that + will trigger one of these vulnerabilities, possibly leading to the + execution of arbitrary code. An attacker could also perform cross-site + scripting attacks, leading to the exposure of sensitive information, + like user credentials. Note that the execution of JavaScript or Java + applets is disabled by default and enabling it is strongly discouraged. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.9" +

+ All Mozilla Thunderbird binary release users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.9" + + + CVE-2006-6497 + CVE-2006-6500 + CVE-2006-6501 + CVE-2006-6502 + CVE-2006-6503 + CVE-2006-6505 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-04.xml new file mode 100644 index 0000000000..e19cfacb34 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-04.xml @@ -0,0 +1,82 @@ + + + + + SeaMonkey: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in the SeaMonkey project, some + of which may allow the remote execution of arbitrary code. + + seamonkey + January 10, 2007 + January 10, 2007: 01 + 158576 + remote + + + 1.0.7 + 1.0.7 + + + +

+ The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as the 'Mozilla Application Suite'. +

+ + +

+ An anonymous researcher found evidence of memory corruption in the way + SeaMonkey handles certain types of SVG comment DOM nodes. Georgi + Guninski and David Bienvenu discovered buffer overflows in the + processing of long "Content-Type:" and long non-ASCII MIME email + headers. Additionally, Frederik Reiss discovered a heap-based buffer + overflow in the conversion of a CSS cursor. Several other issues with + memory corruption were also fixed. SeaMonkey also contains less severe + vulnerabilities involving JavaScript and Java. +

+ + +

+ An attacker could entice a user to load malicious JavaScript or a + malicious web page with a SeaMonkey application, possibly leading to + the execution of arbitrary code with the rights of the user running + those products. An attacker could also perform cross-site scripting + attacks, leading to the exposure of sensitive information, like user + credentials. Note that the execution of JavaScript or Java applets is + disabled by default in the SeaMonkey email client, and enabling it is + strongly discouraged. +

+ + +

+ There are no known workarounds for all the issues at this time. +

+ + +

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.7" + + + CVE-2006-6497 + CVE-2006-6498 + CVE-2006-6499 + CVE-2006-6500 + CVE-2006-6501 + CVE-2006-6502 + CVE-2006-6503 + CVE-2006-6504 + CVE-2006-6505 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-05.xml new file mode 100644 index 0000000000..a80aabc9dc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-05.xml @@ -0,0 +1,66 @@ + + + + + KDE kfile JPEG info plugin: Denial of Service + + The KDE kfile JPEG info plugin of kdegraphics could enter an endless loop + leading to a Denial of Service. + + kdegraphics-kfile-plugins + January 12, 2007 + January 12, 2007: 01 + 155949 + remote + + + 3.5.5-r1 + 3.5.5-r1 + + + +

+ The KDE kfile-info JPEG plugin provides meta-information about JPEG + files. +

+ + +

+ Marcus Meissner of the SUSE security team discovered a stack overflow + vulnerability in the code processing EXIF information in the kfile JPEG + info plugin. +

+ + +

+ A remote attacker could entice a user to view a specially crafted JPEG + image with a KDE application like Konqueror or digiKam, leading to a + Denial of Service by an infinite recursion. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KDE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-kfile-plugins-3.5.5-r1" + + + CVE-2006-6297 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-06.xml new file mode 100644 index 0000000000..bc4e8bd85d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-06.xml @@ -0,0 +1,62 @@ + + + + + w3m: Format string vulnerability + + w3m does not correctly handle format string specifiers in SSL certificates. + + w3m + January 12, 2007 + January 12, 2007: 01 + 159145 + remote + + + 0.5.1-r4 + 0.5.1-r4 + + + +

+ w3m is a multi-platform text-based web browser. +

+ + +

+ w3m in -dump or -backend mode does not correctly handle printf() format + string specifiers in the Common Name (CN) field of an X.509 SSL + certificate. +

+ + +

+ An attacker could entice a user to visit a malicious website that would + load a specially crafted X.509 SSL certificate containing "%n" or other + format string specifiers, possibly resulting in the execution of + arbitrary code with the rights of the user running w3m. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All w3m users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/w3m-0.5.1-r4" + + + CVE-2006-6772 + + + aetius + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-07.xml new file mode 100644 index 0000000000..595afc7bea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-07.xml @@ -0,0 +1,79 @@ + + + + + OpenOffice.org: EMF/WMF file handling vulnerabilities + + A truncation error and integer overflows in the EMF/WMF file handling of + OpenOffice.org could be exploited to execute arbitrary code. + + openoffice + January 12, 2007 + January 12, 2007: 01 + 159951 + remote + + + 2.1.0 + 2.1.0 + + + 2.0.4 + 2.0.4 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ John Heasman of NGSSoftware has discovered integer overflows in the + EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within + the handling of META_ESCAPE records. +

+ + +

+ An attacker could exploit these vulnerabilities to cause heap overflows + and potentially execute arbitrary code with the privileges of the user + running OpenOffice.org by enticing the user to open a document + containing a malicious WMF/EMF file. +

+ + +

+ There is no known workaround known at this time. +

+ + +

+ All OpenOffice.org binary users should update to version 2.1.0 or + later: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.1.0" +

+ All OpenOffice.org users should update to version 2.0.4 or later: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.4" + + + CVE-2006-5870 + + + DerCorny + + + DerCorny + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-08.xml new file mode 100644 index 0000000000..d2d7fa3512 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-08.xml @@ -0,0 +1,71 @@ + + + + + Opera: Two remote code execution vulnerabilities + + Two vulnerabilities may allow the execution of arbitrary code. + + opera + January 12, 2007 + January 12, 2007: 01 + 160369 + remote + + + 9.10 + 9.10 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ Christoph Deal discovered that JPEG files with a specially crafted DHT + marker can be exploited to cause a heap overflow. Furthermore, an + anonymous person discovered that Opera does not correctly handle + objects passed to the "createSVGTransformFromMatrix()" function. +

+ + +

+ An attacker could potentially exploit the vulnerabilities to execute + arbitrary code with the privileges of the user running Opera by + enticing a victim to open a specially crafted JPEG file or a website + containing malicious JavaScript code. +

+ + +

+ The vendor recommends disabling JavaScript to avoid the + "createSVGTransformFromMatrix" vulnerability. There is no known + workaround for the other vulnerability. +

+ + +

+ All Opera users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.10" + + + Opera Advisory (createSVGTransformFromMatrix) + Opera Advisory (JPEG) + CVE-2007-0126 + CVE-2007-0127 + + + DerCorny + + + DerCorny + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-09.xml new file mode 100644 index 0000000000..c3b12c6960 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-09.xml @@ -0,0 +1,59 @@ + + + + + oftpd: Denial of Service + + An assertion in oftpd could lead to a denial of service vulnerability. + + oftpd + January 15, 2007 + January 15, 2007: 01 + 159178 + remote + + + 0.3.7-r3 + 0.3.7-r3 + + + +

+ oftpd is a small, anonymous only ftp daemon. +

+ + +

+ By specifying an unsupported address family in the arguments to a LPRT + or LPASV command, an assertion in oftpd will cause the daemon to abort. +

+ + +

+ Remote, unauthenticated attackers may be able to terminate any oftpd + process, denying service to legitimate users. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All oftpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/oftpd-0.3.7-r3" + + + CVE-2006-6767 + + + taviso + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-10.xml new file mode 100644 index 0000000000..e9bec5ebcc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-10.xml @@ -0,0 +1,76 @@ + + + + + WordPress: Multiple vulnerabilities + + WordPress is vulnerable to SQL injection, information disclosure, and + cross-site scripting attacks. + + wordpress + January 15, 2007 + January 15, 2007: 01 + 159229 + remote + + + 2.0.6 + 2.0.6 + + + +

+ WordPress is a popular personal publishing platform with a web + interface. +

+ + +

+ When decoding trackbacks with alternate character sets, WordPress does + not correctly sanitize the entries before further modifying a SQL + query. WordPress also displays different error messages in wp-login.php + based upon whether or not a user exists. David Kierznowski has + discovered that WordPress fails to properly sanitize recent file + information in /wp-admin/templates.php before sending that information + to a browser. +

+ + +

+ An attacker could inject arbitrary SQL into WordPress database queries. + An attacker could also determine if a WordPress user existed by trying + to login as that user, better facilitating brute force attacks. Lastly, + an attacker authenticated to view the administrative section of a + WordPress instance could try to edit a file with a malicious filename; + this may cause arbitrary HTML or JavaScript to be executed in users' + browsers viewing /wp-admin/templates.php. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All WordPress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.6" + + + CVE-2006-6808 + CVE-2007-0107 + CVE-2007-0109 + + + vorlon + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-11.xml new file mode 100644 index 0000000000..7ac66a40e6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-11.xml @@ -0,0 +1,67 @@ + + + + + Kronolith: Local file inclusion + + Kronolith contains a flaw that could allow the execution of arbitrary + files. + + horde-kronolith + January 16, 2007 + January 16, 2007: 01 + 156627 + remote + + + 2.1.4 + 2.1.4 + + + +

+ Kronolith is a web-based calendar which relies on the Horde Framework + for integration with other applications. +

+ + +

+ Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered + string is used instead of a sanitized string to view local files. +

+ + +

+ An authenticated attacker could craft an HTTP GET request that uses + directory traversal techniques to execute any file on the web server as + PHP code, which could allow information disclosure or arbitrary code + execution with the rights of the user running the PHP application + (usually the webserver user). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All horde-kronolith users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-2.1.4" + + + CVE-2006-6175 + + + falco + + + falco + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-12.xml new file mode 100644 index 0000000000..2d884fa7d1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-12.xml @@ -0,0 +1,68 @@ + + + + + Mono: Information disclosure + + Mono does not properly sanitize pathnames allowing unauthorized information + disclosure. + + mono + January 16, 2007 + January 17, 2007: 02 + 159886 + remote + + + 1.2.2.1 + 1.2.2.1 + + + +

+ Mono provides the necessary software to develop and run .NET client and + server applications on various platforms. +

+ + +

+ Jose Ramon Palanco has discovered that the System.Web class in the XSP + for the ASP.NET server 1.1 through 2.0 in Mono does not properly + validate or sanitize local pathnames which could allow server-side file + content disclosure. +

+ + +

+ An attacker could append a space character to a URI and obtain + unauthorized access to the source code of server-side files. An + attacker could also read credentials by requesting Web.Config%20 from a + Mono server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mono users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/mono-1.2.2.1" + + + CVE-2006-6104 + + + jaervosz + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-13.xml new file mode 100644 index 0000000000..cefa876c4b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-13.xml @@ -0,0 +1,71 @@ + + + + + Fetchmail: Denial of Service and password disclosure + + Fetchmail has been found to have numerous vulnerabilities allowing for + Denial of Service and password disclosure. + + fetchmail + January 22, 2007 + January 22, 2007: 01 + 160463 + remote + + + 6.3.6 + 6.3.6 + + + +

+ Fetchmail is a remote mail retrieval and forwarding utility. +

+ + +

+ Neil Hoggarth has discovered that when delivering messages to a message + delivery agent by means of the "mda" option, Fetchmail passes a NULL + pointer to the ferror() and fflush() functions when refusing a message. + Isaac Wilcox has discovered numerous means of plain-text password + disclosure due to errors in secure connection establishment. +

+ + +

+ An attacker could deliver a message via Fetchmail to a message delivery + agent configured to refuse the message, and crash the Fetchmail + process. SMTP and LMTP delivery modes are not affected by this + vulnerability. An attacker could also perform a Man-in-the-Middle + attack, and obtain plain-text authentication credentials of users + connecting to a Fetchmail process. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All fetchmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.3.6" + + + CVE-2006-5867 + CVE-2006-5974 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-14.xml new file mode 100644 index 0000000000..b16067e17f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-14.xml @@ -0,0 +1,66 @@ + + + + + Mod_auth_kerb: Denial of Service + + Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial + of Service. + + mod_auth_kerb + January 22, 2007 + December 30, 2007: 02 + 155782 + remote + + + 5.0_rc7-r1 + 5.0_rc7-r1 + + + +

+ Mod_auth_kerb is an Apache authentication module using Kerberos. +

+ + +

+ Mod_auth_kerb improperly handles component byte encoding in the + der_get_oid() function, allowing for a buffer overflow to occur if + there are no components which require more than one byte for encoding. +

+ + +

+ An attacker could try to access a Kerberos protected resource on an + Apache server with an incorrectly configured service principal and + crash the server process. It is important to note that this buffer + overflow is not known to allow for the execution of code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mod_auth_kerb users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_auth_kerb-5.0_rc7-r1" + + + CVE-2006-5989 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-15.xml new file mode 100644 index 0000000000..79cda4f9f1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-15.xml @@ -0,0 +1,97 @@ + + + + + Sun JDK/JRE: Multiple vulnerabilities + + Multiple unspecified vulnerabilities have been identified in Sun Java + Development Kit (JDK) and Java Runtime Environment (JRE). + + java + January 22, 2007 + July 16, 2008: 04 + 158659 + remote + + + 1.5.0.09 + 1.4.2.18 + 1.4.2.17 + 1.4.2.15 + 1.4.2.14 + 1.4.2.13 + 1.5.0.09 + + + 1.5.0.09 + 1.4.2.18 + 1.4.2.17 + 1.4.2.15 + 1.4.2.14 + 1.4.2.13 + 1.5.0.09 + + + +

+ The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +

+ + +

+ Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun + JRE possibly related to various AWT or font layout functions. Tom + Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun + JRE relating to unintended applet data access. He has also discovered + multiple other unspecified vulnerabilities in Sun JDK and Sun JRE + allowing unintended Java applet or application resource acquisition. +

+ + +

+ An attacker could entice a user to run a specially crafted Java applet + or application that could read, write, or execute local files with the + privileges of the user running the JVM; access data maintained in other + Java applets; or escalate the privileges of the currently running Java + applet or application allowing for unauthorized access to system + resources. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sun Java Development Kit users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-java/sun-jdk" +

+ All Sun Java Runtime Environment users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin" + + + CVE-2006-6731 + CVE-2006-6736 + CVE-2006-6737 + CVE-2006-6745 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-16.xml new file mode 100644 index 0000000000..176c062035 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-16.xml @@ -0,0 +1,84 @@ + + + + + Adobe Acrobat Reader: Multiple vulnerabilities + + Adobe Acrobat Reader is vulnerable to remote code execution, Denial of + Service, and cross-site scripting attacks. + + acroread + January 22, 2007 + January 22, 2007: 01 + 159874 + remote + + + 7.0.9 + 7.0.9 + + + +

+ Adobe Acrobat Reader is a PDF reader released by Adobe. +

+ + +

+ Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code + execution via heap corruption when loading a specially crafted PDF + file. +

+

+ The browser plugin released with Adobe Acrobat Reader (nppdf.so) does + not properly handle URLs, and crashes if given a URL that is too long. + The plugin does not correctly handle JavaScript, and executes + JavaScript that is given as a GET variable to the URL of a PDF file. + Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX + request parameters following the # character in a URL, allowing for + multiple cross-site scripting vulnerabilities. +

+ + +

+ An attacker could entice a user to open a specially crafted PDF file + and execute arbitrary code with the rights of the user running Adobe + Acrobat Reader. An attacker could also entice a user to browse to a + specially crafted URL and either crash the Adobe Acrobat Reader browser + plugin, execute arbitrary JavaScript in the context of the user's + browser, or inject arbitrary HTML or JavaScript into the document being + viewed by the user. Note that users who have emerged Adobe Acrobat + Reader with the "nsplugin" USE flag disabled are not vulnerable to + issues with the Adobe Acrobat Reader browser plugin. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Acrobat Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-7.0.9" + + + CVE-2006-5857 + CVE-2007-0044 + CVE-2007-0045 + CVE-2007-0046 + CVE-2007-0048 + + + falco + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-17.xml new file mode 100644 index 0000000000..fde634f0ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-17.xml @@ -0,0 +1,69 @@ + + + + + libgtop: Privilege escalation + + libgtop improperly handles filenames, possibly allowing for the execution + of arbitrary code. + + libgtop + January 23, 2007 + January 23, 2007: 01 + 162169 + local + + + 2.14.6 + 2.14.6 + + + +

+ libgtop facilitates the libgtop_daemon, which is used by GNOME to + obtain information about remote systems. +

+ + +

+ Liu Qishuai discovered that glibtop_get_proc_map_s() in + sysdeps/linux/procmap.c does not properly allocate memory for storing a + filename, allowing certain filenames to cause the buffer to overflow on + the stack. +

+ + +

+ By tricking a victim into executing an application that uses the + libgtop library (e.g. libgtop_daemon or gnome-system-monitor), a local + attacker could specify a specially crafted filename to be used by + libgtop causing a buffer overflow and possibly execute arbitrary code + with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libgtop users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-base/libgtop-2.14.6" + + + CVE-2007-0235 + + + falco + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-18.xml new file mode 100644 index 0000000000..6ae5af2aab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-18.xml @@ -0,0 +1,66 @@ + + + + + xine-ui: Format string vulnerabilities + + xine-ui improperly handles format strings, possibly allowing for the + execution of arbitrary code. + + xine-ui + January 23, 2007 + January 23, 2007: 01 + 161558 + remote + + + 0.99.5_pre20060716 + 0.99.5_pre20060716 + + + +

+ xine-ui is a skin-based user interface for xine. xine is a free + multimedia player. It plays CDs, DVDs, and VCDs, and can also decode + other common multimedia formats. +

+ + +

+ Due to the improper handling and use of format strings, the + errors_create_window() function in errors.c does not safely write data + to memory. +

+ + +

+ An attacker could entice a user to open a specially crafted media file + with xine-ui, and possibly execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-ui users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.5_pre20060716" + + + CVE-2007-0254 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-19.xml new file mode 100644 index 0000000000..2bb074f43f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-19.xml @@ -0,0 +1,71 @@ + + + + + OpenLDAP: Insecure usage of /tmp during installation + + A shell script commonly released with OpenLDAP makes insecure usage of + files in /tmp during the emerge process. + + openldap + January 23, 2007 + March 11, 2007: 02 + 159508 + local + + + 2.1.30-r10 + 2.2.28-r7 + 2.3.30-r2 + 2.1.30-r10 + 2.2.28-r7 + 2.3.30-r2 + + + +

+ OpenLDAP Software is an open source implementation of the Lightweight + Directory Access Protocol. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Team has discovered that the + file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does + not exit upon the existence of a directory in /tmp during installation + allowing for directory traversal. +

+ + +

+ A local attacker could create a symbolic link in /tmp and potentially + overwrite arbitrary system files upon a privileged user emerging + OpenLDAP. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenLDAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "net-nds/openldap" + + + CVE-2007-0476 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-20.xml new file mode 100644 index 0000000000..a5200daa5b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-20.xml @@ -0,0 +1,66 @@ + + + + + Centericq: Remote buffer overflow in LiveJournal handling + + Centericq does not properly handle communications with the LiveJournal + service, allowing for the remote execution of arbitrary code. + + centericq + January 24, 2007 + January 24, 2007: 01 + 160793 + remote + + + 4.21.0-r2 + + + +

+ Centericq is a text mode menu-driven and window-driven instant + messaging interface. +

+ + +

+ When interfacing with the LiveJournal service, Centericq does not + appropriately allocate memory for incoming data, in some cases creating + a buffer overflow. +

+ + +

+ An attacker could entice a user to connect to an unofficial LiveJournal + server causing Centericq to read specially crafted data from the + server, which could lead to the execution of arbitrary code with the + rights of the user running Centericq. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Currently, Centericq is unmaintained. As such, Centericq has been + masked in Portage until it is again maintained. +

+ + # emerge --ask --verbose --unmerge "net-im/centericq" + + + CVE-2007-0160 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-21.xml new file mode 100644 index 0000000000..90290f4f50 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-21.xml @@ -0,0 +1,67 @@ + + + + + MIT Kerberos 5: Arbitrary Remote Code Execution + + Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the + execution of arbitrary code. + + mit-krb5 + January 24, 2007 + January 24, 2007: 01 + 158810 + remote + + + 1.5.2 + 1.5.2 + + + +

+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +

+ + +

+ The Kerberos administration daemon, and possibly other applications + using the GSS-API or RPC libraries, could potentially call a function + pointer in a freed heap buffer, or attempt to free an uninitialized + pointer. +

+ + +

+ A remote attacker may be able to crash an affected application, or + potentially execute arbitrary code with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.2" + + + CVE-2006-6143 + CVE-2006-6144 + + + falco + + + taviso + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-22.xml new file mode 100644 index 0000000000..e4a019edfc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-22.xml @@ -0,0 +1,66 @@ + + + + + Squid: Multiple Denial of Service vulnerabilities + + Two vulnerabilities have been found in Squid which make it susceptible to + Denial of Service attacks. + + squid + January 25, 2007 + January 25, 2007: 01 + 162364 + remote + + + 2.6.7 + 2.6.7 + + + +

+ Squid is a multi-protocol proxy server. +

+ + +

+ Squid fails to correctly handle ftp:// URI's. There is also an error in + the external_acl queue which can cause an infinite looping condition. +

+ + +

+ An attacker could attempt to retrieve a specially crafted URI via a + Squid server causing the service to crash. If an attacker could + generate a sufficiently high load on the Squid services, they could + cause a Denial of Service by forcing Squid into an infinite loop. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.7" + + + CVE-2007-0247 + CVE-2007-0248 + + + vorlon + + + hyakuhei + + + hyakuhei + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-23.xml new file mode 100644 index 0000000000..d072621040 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-23.xml @@ -0,0 +1,69 @@ + + + + + Cacti: Command execution and SQL injection + + Cacti has three vulnerabilities that could allow shell command execution or + SQL injection. + + cacti + January 26, 2007 + January 26, 2007: 01 + 159278 + remote + + + 0.8.6i-r1 + 0.8.6i-r1 + + + +

+ Cacti is a web-based network graphing and reporting tool. +

+ + +

+ rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts + do not properly control access to the command shell, and are remotely + accessible by unauthenticated users. This allows SQL injection via + cmd.php and copy_cacti_user.php URLs. Further, the results from the + injected SQL query are not properly sanitized before being passed to a + command shell. The vulnerabilities require that the + "register_argc_argv" option is enabled, which is the Gentoo default. + Also, a number of similar problems in other scripts were reported. +

+ + +

+ These vulnerabilties can result in the execution of arbitrary shell + commands or information disclosure via crafted SQL queries. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cacti users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6i-r1" + + + CVE-2006-6799 + + + falco + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-24.xml new file mode 100644 index 0000000000..40e1290149 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-24.xml @@ -0,0 +1,66 @@ + + + + + VLC media player: Format string vulnerability + + VLC media player improperly handles format strings, allowing for the + execution of arbitrary code. + + vlc + January 26, 2007 + January 26, 2007: 01 + 159845 + remote + + + 0.8.6-r1 + 0.8.6-r1 + + + +

+ VLC media player is a multimedia player for various audio and video + formats. +

+ + +

+ Kevin Finisterre has discovered that when handling media locations, + various functions throughout VLC media player make improper use of + format strings. +

+ + +

+ An attacker could entice a user to open a specially crafted media + location or M3U file with VLC media player, and execute arbitrary code + on the system with the rights of the user running VLC media player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC media player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6-r1" + + + CVE-2007-0017 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-25.xml new file mode 100644 index 0000000000..ea11b69f36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-25.xml @@ -0,0 +1,69 @@ + + + + + X.Org X server: Multiple vulnerabilities + + Sean Larsson from iDefense Labs has found multiple vulnerabilities in the + DBE and Render extensions. + + X.Org + January 27, 2007 + February 26, 2007: 02 + 157421 + local + + + 1.1.1-r4 + 1.1.1-r4 + + + +

+ The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

+ Multiple memory corruption vulnerabilities have been found in the + ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE + extension, and ProcRenderAddGlyphs() in the Render extension. +

+ + +

+ A local attacker could execute arbitrary code with the privileges of + the user running the X server, typically root. +

+ + +

+ Disable the DBE extension by removing the "Load dbe" directive in the + Module section of xorg.conf, and explicitly disable the Render + extension with ' Option "RENDER" "disable" ' in the Extensions section. +

+

+ Note: This could affect the functionality of some applications. +

+ + +

+ All X.Org X server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.1-r4" + + + CVE-2006-6101 + CVE-2006-6102 + CVE-2006-6103 + + + daxomatic + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-26.xml new file mode 100644 index 0000000000..9065e78d01 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-26.xml @@ -0,0 +1,63 @@ + + + + + KSirc: Denial of Service vulnerability + + KSirc is vulnerable to a Denial of Service attack. + + ksirc + January 29, 2007 + January 30, 2007: 01 + 159658 + remote + + + 3.5.5-r1 + 3.5.5-r1 + + + +

+ KSirc is the default KDE IRC client. +

+ + +

+ KSirc fails to check the size of an incoming PRIVMSG string sent from + an IRC server during the connection process. +

+ + +

+ A malicious IRC server could send a long PRIVMSG string to the KSirc + client causing an assertion failure and the dereferencing of a null + pointer, resulting in a crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KSirc users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/ksirc-3.5.5-r1" + + + CVE-2006-6811 + + + vorlon + + + vorlon + + + hyakuhei + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-27.xml new file mode 100644 index 0000000000..952ae298c5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-27.xml @@ -0,0 +1,65 @@ + + + + + ELinks: Arbitrary Samba command execution + + ELinks does not properly validate "smb://" URLs, making it vulnerable to + the execution of arbitrary Samba commands. + + elinks + January 30, 2007 + January 30, 2007: 01 + 155358 + remote + + + 0.11.2 + 0.11.2 + + + +

+ ELinks is a text mode web browser. +

+ + +

+ Teemu Salmela discovered an error in the validation code of "smb://" + URLs used by ELinks, the same issue as reported in GLSA 200612-16 + concerning Links. +

+ + +

+ A remote attacker could entice a user to browse to a specially crafted + "smb://" URL and execute arbitrary Samba commands, which would allow + the overwriting of arbitrary local files or the upload or download of + arbitrary files. This vulnerability can be exploited only if + "smbclient" is installed on the victim's computer, which is provided by + the "samba" Gentoo package. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ELinks users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/elinks-0.11.2" + + + CVE-2006-5925 + + + hyakuhei + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-28.xml new file mode 100644 index 0000000000..76ed830ee1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200701-28.xml @@ -0,0 +1,73 @@ + + + + + thttpd: Unauthenticated remote file access + + The default configuration of the Gentoo thttpd package potentially allows + unauthenticated access to system files when used with newer versions of + baselayout. + + thttpd + January 31, 2007 + March 11, 2007: 02 + 142047 + remote + + + 2.25b-r6 + 2.25b-r6 + + + +

+ thttpd is a webserver designed to be simple, small, and fast. +

+ + +

+ thttpd is vulnerable to an underlying change made to the + start-stop-daemon command in the current stable Gentoo baselayout + package (version 1.12.6). In the new version, the start-stop-daemon + command performs a "chdir /" command just before starting the thttpd + process. In the Gentoo default configuration, this causes thttpd to + start with the document root set to "/", the sytem root directory. +

+ + +

+ When thttpd starts with the document root set to the system root + directory, all files on the system that are readable by the thttpd + process can be remotely accessed by unauthenticated users. +

+ + +

+ Alter the THTTPD_OPTS variable in /etc/conf.d/thttpd to include the + "-d" option to specify the document root. Alternatively, modify the + THTTPD_OPTS variable in /etc/conf.d/thttpd to specify a thttpd.conf + file using the "-C" option, and then configure the "dir=" directive in + that thttpd.conf file. +

+ + +

+ All thttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/thttpd-2.25b-r5" + + + CVE-2007-0664 + + + shellsage + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-01.xml new file mode 100644 index 0000000000..10c116ac1a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-01.xml @@ -0,0 +1,68 @@ + + + + + Samba: Multiple vulnerabilities + + Multiple flaws exist in the Samba suite of programs, the most serious of + which could result in the execution of arbitrary code. + + samba + February 13, 2007 + February 13, 2007: 01 + 165549 + remote + + + 3.0.24 + 3.0.24 + + + +

+ Samba is a suite of SMB and CIFS client/server programs for UNIX. +

+ + +

+ A format string vulnerability exists in the VFS module when handling + AFS file systems and an infinite loop has been discovered when handling + file rename operations. +

+ + +

+ A user with permission to write to a shared AFS file system may be able + to compromise the smbd process and execute arbitrary code with the + permissions of the daemon. The infinite loop could be abused to consume + excessive resources on the smbd host, denying service to legitimate + users. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.24" + + + CVE-2007-0452 + CVE-2007-0454 + + + falco + + + falco + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-02.xml new file mode 100644 index 0000000000..7761eb2df4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-02.xml @@ -0,0 +1,64 @@ + + + + + ProFTPD: Local privilege escalation + + A flaw in ProFTPD may allow a local attacker to obtain root privileges. + + proftpd + February 13, 2007 + February 13, 2007: 01 + 158122 + local + + + 1.3.1_rc1 + 1.3.1_rc1 + + + +

+ ProFTPD is a powerful, configurable, and free FTP daemon. +

+ + +

+ A flaw exists in the mod_ctrls module of ProFTPD, normally used to + allow FTP server administrators to configure the daemon at runtime. +

+ + +

+ An FTP server administrator permitted to interact with mod_ctrls could + potentially compromise the ProFTPD process and execute arbitrary code + with the privileges of the FTP Daemon, which is normally the root user. +

+ + +

+ Disable mod_ctrls, or ensure only trusted users can access this + feature. +

+ + +

+ All ProFTPD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.1_rc1" + + + CVE-2006-6563 + + + falco + + + falco + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-03.xml new file mode 100644 index 0000000000..40d0c6b0bc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-03.xml @@ -0,0 +1,65 @@ + + + + + Snort: Denial of Service + + Snort contains a vulnerability in the rule matching algorithm that could + result in a Denial of Service. + + snort + February 13, 2007 + February 13, 2007: 01 + 161632 + remote + + + 2.6.1.2 + 2.6.1.2 + + + +

+ Snort is a widely deployed intrusion detection program. +

+ + +

+ Randy Smith, Christian Estan and Somesh Jha discovered that the rule + matching algorithm of Snort can be exploited in a way known as a + "backtracking attack" to perform numerous time-consuming operations. +

+ + +

+ A remote attacker could send specially crafted network packets, which + would result in the cessation of the detections and the consumption of + the CPU resources. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Snort users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.2" + + + CVE-2006-6931 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-04.xml new file mode 100644 index 0000000000..c72da64f0f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-04.xml @@ -0,0 +1,76 @@ + + + + + RAR, UnRAR: Buffer overflow + + RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary + code. + + rar, unrar + February 13, 2007 + February 14, 2007: 02 + 166440 + remote + + + 3.7.0_beta1 + 3.7.0_beta1 + + + 3.7.3 + 3.7.3 + + + +

+ RAR and UnRAR provide command line interfaces for compressing and + decompressing RAR files. +

+ + +

+ RAR and UnRAR contain a boundary error when processing + password-protected archives that could result in a stack-based buffer + overflow. +

+ + +

+ A remote attacker could entice a user to process a specially crafted + password-protected archive and execute arbitrary code with the rights + of the user uncompressing the archive. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All UnRAR users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3" +

+ All RAR users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1" + + + CVE-2007-0855 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-05.xml new file mode 100644 index 0000000000..e290a86cfa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-05.xml @@ -0,0 +1,65 @@ + + + + + Fail2ban: Denial of Service + + A flaw in Fail2ban may allow remote attackers to deny access to arbitrary + hosts. + + fail2ban + February 16, 2007 + February 16, 2007: 01 + 157166 + remote + + + 0.6.2 + 0.6.2 + + + +

+ Fail2ban monitors log files for failed authentication attempts and can + block hosts responsible for repeated attacks. +

+ + +

+ A flaw in the method used to parse log entries allows remote, + unauthenticated attackers to forge authentication attempts from other + hosts. +

+ + +

+ A remote attacker can add arbitrary hosts to the block list, denying + legitimate users access to a resource. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Fail2ban users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.6.2" + + + CVE-2006-6302 + + + falco + + + falco + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-06.xml new file mode 100644 index 0000000000..e553c88538 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-06.xml @@ -0,0 +1,78 @@ + + + + + BIND: Denial of Service + + ISC BIND contains two vulnerabilities allowing a Denial of Service under + certain conditions. + + bind + February 17, 2007 + February 17, 2007: 01 + 163692 + remote + + + 9.3.4 + 9.2.8 + 9.3.4 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ An unspecified improper usage of an already freed context has been + reported. Additionally, an assertion error could be triggered in the + DNSSEC validation of some responses to type ANY queries with multiple + RRsets. +

+ + +

+ A remote attacker could crash the server through unspecified vectors + or, if DNSSEC validation is enabled, by sending certain crafted ANY + queries. +

+ + +

+ There is no known workaround at this time for the first issue. The + DNSSEC validation Denial of Service can be prevented by disabling + DNSSEC validation until the upgrade to a fixed version. Note that + DNSSEC validation is disabled on a default configuration. +

+ + +

+ All ISC BIND 9.3 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.3.4" +

+ All ISC BIND 9.2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.2.8" + + + CVE-2007-0493 + CVE-2007-0494 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-07.xml new file mode 100644 index 0000000000..650f83bfdd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-07.xml @@ -0,0 +1,106 @@ + + + + + Sun JDK/JRE: Execution of arbitrary code + + Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) contain a + memory corruption flaw that allows the applets to gain elevated privileges + potentially leading to the execute of arbitrary code. + + java + February 17, 2007 + July 16, 2008: 05 + 162511 + remote + + + 1.5.0.10 + 1.4.2.18 + 1.4.2.17 + 1.4.2.15 + 1.4.2.14 + 1.4.2.13 + 1.5.0.10 + 1.4.2.13 + + + 1.5.0.10 + 1.4.2.18 + 1.4.2.17 + 1.4.2.15 + 1.4.2.14 + 1.4.2.13 + 1.5.0.10 + 1.4.2.13 + + + +

+ The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +

+ + +

+ A anonymous researcher discovered that an error in the handling of a + GIF image with a zero width field block leads to a memory corruption + flaw. +

+ + +

+ An attacker could entice a user to run a specially crafted Java applet + or application that would load a crafted GIF image, which could result + in escalation of privileges and unauthorized access to system + resources. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sun Java Development Kit 1.5 users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.5.0.10" +

+ All Sun Java Development Kit 1.4 users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=dev-java/sun-jdk-1.4.2*" +

+ All Sun Java Runtime Environment 1.5 users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.5.0.10" +

+ All Sun Java Runtime Environment 1.4 users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=dev-java/sun-jre-bin-1.4.2*" + + + CVE-2007-0243 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-08.xml new file mode 100644 index 0000000000..ae70db05a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-08.xml @@ -0,0 +1,81 @@ + + + + + AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities + + Multiple unspecified vulnerabilities have been identified in Sun Java + Development Kit (JDK) and Sun Java Runtime Environment (JRE). + + java + February 17, 2007 + May 28, 2009: 02 + 159547 + remote + + + 1.5.0.10 + 1.4.2.19 + 1.5.0.10 + + + +

+ The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. The x86 emulation Sun's J2SE + Development Kit for AMD64 contains a vulnerable version of Sun's JDK. +

+ + +

+ Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun + JRE possibly related to various AWT or font layout functions. Tom + Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun + JRE relating to unintended applet data access. He has also discovered + multiple other unspecified vulnerabilities in Sun JDK and Sun JRE + allowing unintended Java applet or application resource acquisition. + Additionally, a memory corruption error has been found in the handling + of GIF images with zero width field blocks. +

+ + +

+ An attacker could entice a user to run a specially crafted Java applet + or application that could read, write, or execute local files with the + privileges of the user running the JVM, access data maintained in other + Java applets, or escalate the privileges of the currently running Java + applet or application allowing for unauthorized access to system + resources. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AMD64 x86 emulation Sun's J2SE Development Kit users should upgrade + to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.10" + + + CVE-2006-6731 + CVE-2006-6736 + CVE-2006-6737 + CVE-2006-6745 + CVE-2007-0243 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-09.xml new file mode 100644 index 0000000000..85d8ceae8a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-09.xml @@ -0,0 +1,70 @@ + + + + + Nexuiz: Multiple vulnerabilities + + Two separate vulnerabilities have been found in Nexuiz allowing the remote + execution of arbitrary code and a Denial of Service. + + nexuiz + February 25, 2007 + February 25, 2007: 01 + 166044 + remote + + + 2.2.1 + 2.2.1 + + + +

+ Nexuiz is a multi-player FPS game which uses a modified version of the + Quake 1 engine. +

+ + +

+ Nexuiz fails to correctly validate input within "clientcommands". There + is also a failure to correctly handle connection attempts from remote + hosts. +

+ + +

+ Using a specially crafted "clientcommand" a remote attacker can cause a + buffer overflow in Nexuiz which could result in the execution of + arbitrary code. Additionally, there is a Denial of Service + vulnerability in Nexuiz allowing an attacker to cause Nexuiz to crash + or to run out of resources by overloading it with specially crafted + connection requests. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Nexuiz users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-fps/nexuiz-2.2.1" + + + CVE-2006-6609 + CVE-2006-6610 + + + falco + + + falco + + + hyakuhei + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-10.xml new file mode 100644 index 0000000000..24088f4fa7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-10.xml @@ -0,0 +1,77 @@ + + + + + UFO2000: Multiple vulnerabilities + + Multiple vulnerabilities have been found in the network components of + UFO2000 that could result in the remote execution of arbitrary code. + + ufo2000 + February 25, 2007 + February 25, 2007: 01 + 142392 + remote + + + 0.7.1062 + 0.7.1062 + + + +

+ UFO2000 is a multi-player, turn-based tactical simulation. +

+ + +

+ Five vulnerabilities were found: a buffer overflow in recv_add_unit(); + a problem with improperly trusting user-supplied string information in + decode_stringmap(); several issues with array manipulation via various + commands during play; an SQL injection in server_protocol.cpp; and + finally, a second buffer overflow in recv_map_data(). +

+ + +

+ An attacker could send crafted network traffic as part of a + multi-player game that could result in remote code execution on the + remote opponent or the server. A remote attacker could also run + arbitrary SQL queries against the server account database, and perform + a Denial of Service on a remote opponent by causing the game to crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ UFO2000 currently depends on the dumb-0.9.2 library, which has been + removed from portage due to security problems (GLSA 200608-14) . + Because of this, UFO2000 has been masked, and we recommend unmerging + the package until the next beta release can remove the dependency on + dumb. +

+ + # emerge --ask --verbose --unmerge ufo2000 + + + CVE-2006-3788 + CVE-2006-3789 + CVE-2006-3790 + CVE-2006-3791 + CVE-2006-3792 + GLSA 200608-14 + + + falco + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-11.xml new file mode 100644 index 0000000000..8a507823e0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-11.xml @@ -0,0 +1,66 @@ + + + + + MPlayer: Buffer overflow + + A buffer overflow was found in MPlayer's RTSP plugin that could lead to a + Denial of Service or arbitrary code execution. + + MPlayer + February 27, 2007 + February 27, 2007: 01 + 159727 + remote + + + 1.0_rc1-r2 + 1.0_rc1-r2 + + + +

+ MPlayer is a media player capable of playing multiple media formats. +

+ + +

+ When checking for matching asm rules in the asmrp.c code, the results + are stored in a fixed-size array without boundary checks which may + allow a buffer overflow. +

+ + +

+ An attacker can entice a user to connect to a manipulated RTSP server + resulting in a Denial of Service and possibly execution of arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc1-r2" + + + Original Advisory + CVE-2006-6172 + + + falco + + + daxomatic + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-12.xml new file mode 100644 index 0000000000..eb0cf915c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200702-12.xml @@ -0,0 +1,68 @@ + + + + + CHMlib: User-assisted remote execution of arbitrary code + + A memory corruption vulnerability in CHMlib could lead to the remote + execution of arbitrary code. + + CHMlib + February 27, 2007 + May 20, 2008: 02 + 163989 + remote + + + 0.39 + 0.39 + + + +

+ CHMlib is a library for the MS CHM (Compressed HTML) file format plus + extracting and HTTP server utils. +

+ + +

+ When certain CHM files that contain tables and objects stored in pages + are parsed by CHMlib, an unsanitized value is passed to the alloca() + function resulting in a shift of the stack pointer to arbitrary memory + locations. +

+ + +

+ An attacker could entice a user to open a specially crafted CHM file, + resulting in the execution of arbitrary code with the permissions of + the user viewing the file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CHMlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/chmlib-0.39" + + + Original Advisory + CVE-2007-0619 + + + falco + + + falco + + + daxomatic + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-01.xml new file mode 100644 index 0000000000..259fa6a3b2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-01.xml @@ -0,0 +1,64 @@ + + + + + Snort: Remote execution of arbitrary code + + The Snort DCE/RPC preprocessor contains a buffer overflow that could result + in the remote execution of arbitrary code. + + snort + February 23, 2007 + March 02, 2007: 02 + 167730 + remote + + + 2.6.1.3 + 2.6.1.3 + + + +

+ Snort is a widely deployed intrusion detection program. +

+ + +

+ The Snort DCE/RPC preprocessor does not properly reassemble certain + types of fragmented SMB and DCE/RPC packets. +

+ + +

+ A remote attacker could send specially crafted fragmented SMB or + DCE/RPC packets, without the need to finish the TCP handshake, that + would trigger a stack-based buffer overflow while being reassembled. + This could lead to the execution of arbitrary code with the permissions + of the user running the Snort preprocessor. +

+ + +

+ Disable the DCE/RPC processor by commenting the 'preprocessor dcerpc' + section in /etc/snort/snort.conf . +

+ + +

+ All Snort users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" + + + CVE-2006-5276 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-02.xml new file mode 100644 index 0000000000..e16ab46c00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-02.xml @@ -0,0 +1,63 @@ + + + + + SpamAssassin: Long URI Denial of Service + + SpamAssassin is vulnerable to a Denial of Service attack. + + spamassassin + March 02, 2007 + March 02, 2007: 01 + 166969 + remote + + + 3.1.8 + 3.1.8 + + + +

+ SpamAssassin is an extensible email filter used to identify junk email. +

+ + +

+ SpamAssassin does not correctly handle very long URIs when scanning + emails. +

+ + +

+ An attacker could cause SpamAssassin to consume large amounts of CPU + and memory resources by sending one or more emails containing very long + URIs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SpamAssassin users should upgrade to the latest version. +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.8" + + + CVE-2007-0451 + + + vorlon + + + vorlon + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-03.xml new file mode 100644 index 0000000000..6a0931c2c3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-03.xml @@ -0,0 +1,70 @@ + + + + + ClamAV: Denial of Service + + ClamAV contains two vulnerabilities allowing a Denial of Service. + + clamav + March 02, 2007 + March 02, 2007: 01 + 167201 + remote + + + 0.90 + 0.90 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ An anonymous researcher discovered a file descriptor leak error in the + processing of CAB archives and a lack of validation of the "id" + parameter string used to create local files when parsing MIME headers. +

+ + +

+ A remote attacker can send several crafted CAB archives with a + zero-length record header that will fill the available file descriptors + until no other is available, which will prevent ClamAV from scanning + most archives. An attacker can also send an email with specially + crafted MIME headers to overwrite local files with the permissions of + the user running ClamAV, such as the virus database file, which could + prevent ClamAV from detecting any virus. +

+ + +

+ The first vulnerability can be prevented by refusing any file of type + CAB, but there is no known workaround for the second issue. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90" + + + CVE-2007-0897 + CVE-2007-0898 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-04.xml new file mode 100644 index 0000000000..5648cd1994 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-04.xml @@ -0,0 +1,118 @@ + + + + + Mozilla Firefox: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Firefox, some of + which may allow user-assisted arbitrary remote code execution. + + mozilla-firefox + March 02, 2007 + March 02, 2007: 01 + 165555 + remote + + + 1.5.0.10 + 2.0.0.2 + 2.0.0.2 + + + 1.5.0.10 + 2.0.0.2 + 2.0.0.2 + + + +

+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+ + +

+ Tom Ferris reported a heap-based buffer overflow involving wide SVG + stroke widths that affects Mozilla Firefox 2 only. Various researchers + reported some errors in the JavaScript engine potentially leading to + memory corruption. Mozilla Firefox also contains minor vulnerabilities + involving cache collision and unsafe pop-up restrictions, filtering or + CSS rendering under certain conditions. +

+ + +

+ An attacker could entice a user to view a specially crafted web page + that will trigger one of the vulnerabilities, possibly leading to the + execution of arbitrary code. It is also possible for an attacker to + spoof the address bar, steal information through cache collision, + bypass the local files protection mechanism with pop-ups, or perform + cross-site scripting attacks, leading to the exposure of sensitive + information, like user credentials. +

+ + +

+ There is no known workaround at this time for all of these issues, but + most of them can be avoided by disabling JavaScript. +

+ + +

+ Users upgrading to the following releases of Mozilla Firefox should + note that this upgrade has been found to lose the saved passwords file + in some cases. The saved passwords are encrypted and stored in the + 'signons.txt' file of ~/.mozilla/ and we advise our users to save that + file before performing the upgrade. +

+

+ All Mozilla Firefox 1.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.10" +

+ All Mozilla Firefox 1.5 binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.10" +

+ All Mozilla Firefox 2.0 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.2" +

+ All Mozilla Firefox 2.0 binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.2" + + + CVE-2006-6077 + CVE-2007-0775 + CVE-2007-0776 + CVE-2007-0777 + CVE-2007-0778 + CVE-2007-0779 + CVE-2007-0780 + CVE-2007-0800 + CVE-2007-0801 + CVE-2007-0981 + CVE-2007-0995 + Mozilla password loss bug + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-05.xml new file mode 100644 index 0000000000..893ee2a452 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-05.xml @@ -0,0 +1,77 @@ + + + + + Mozilla Suite: Multiple vulnerabilities + + Several vulnerabilities exist in the Mozilla Suite, which is no longer + supported by the Mozilla project. + + mozilla + March 03, 2007 + March 03, 2007: 01 + 135257 + remote + + + 1.7.13 + + + 1.7.13 + + + +

+ The Mozilla Suite is a popular all-in-one web browser that includes a + mail and news reader. +

+ + +

+ Several vulnerabilities ranging from code execution with elevated + privileges to information leaks affect the Mozilla Suite. +

+ + +

+ A remote attacker could entice a user to browse to a specially crafted + website or open a specially crafted mail that could trigger some of the + vulnerabilities, potentially allowing execution of arbitrary code, + denials of service, information leaks, or cross-site scripting attacks + leading to the robbery of cookies of authentication credentials. +

+ + +

+ Most of the issues, but not all of them, can be prevented by disabling + the HTML rendering in the mail client and JavaScript on every + application. +

+ + +

+ The Mozilla Suite is no longer supported and has been masked after some + necessary changes on all the other ebuilds which used to depend on it. + Mozilla Suite users should unmerge www-client/mozilla or + www-client/mozilla-bin, and switch to a supported product, like + SeaMonkey, Thunderbird or Firefox. +

+ + + # emerge --unmerge "www-client/mozilla" + + # emerge --unmerge "www-client/mozilla-bin" + + + Official Advisory + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-06.xml new file mode 100644 index 0000000000..acc9602105 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-06.xml @@ -0,0 +1,69 @@ + + + + + AMD64 x86 emulation Qt library: Integer overflow + + The AMD64 x86 emulation Qt library makes use of an insecure version of the + Qt library, potentially allowing for the remote execution of arbitrary + code. + + emul-linux-x86-qtlibs + March 04, 2007 + March 04, 2007: 01 + 153704 + remote + + + 10.0 + 10.0 + + + +

+ The AMD64 x86 emulation Qt library for AMD64 emulates the x86 (32-bit) + Qt library on the AMD64 (64-bit) architecture. +

+ + +

+ An integer overflow flaw has been found in the pixmap handling of Qt, + making the AMD64 x86 emulation Qt library vulnerable as well. +

+ + +

+ By enticing a user to open a specially crafted pixmap image in an + application using the AMD64 x86 emulation Qt library, a remote attacker + could cause an application crash or the remote execution of arbitrary + code with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AMD64 x86 emulation Qt library users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-qtlibs-10.0" + + + GLSA 200611-02 + CVE-2006-4811 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-07.xml new file mode 100644 index 0000000000..8c4865b81f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-07.xml @@ -0,0 +1,65 @@ + + + + + STLport: Possible remote execution of arbitrary code + + Two buffer overflows have been discovered in STLport possibly leading to + the remote execution of arbitrary code. + + STLport + March 06, 2007 + March 06, 2007: 01 + 165837 + remote + + + 5.0.3 + 5.0.3 + + + +

+ STLport is a multi-platform C++ Standard Library implementation. +

+ + +

+ Two buffer overflows have been discovered, one in "print floats" and + one in the rope constructor. +

+ + +

+ Both of the buffer overflows could result in the remote execution of + arbitrary code. Please note that the exploitability of the + vulnerabilities depends on how the library is used by other software + programs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All STLport users should upgrade to the latest version. +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/STLport-5.0.3" + + + CVE-2007-0803 + + + falco + + + falco + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-08.xml new file mode 100644 index 0000000000..31246a8f75 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-08.xml @@ -0,0 +1,104 @@ + + + + + SeaMonkey: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in SeaMonkey, some of which may + allow user-assisted arbitrary remote code execution. + + seamonkey + March 09, 2007 + March 09, 2007: 01 + 165555 + remote + + + 1.1.1 + 1.1.1 + + + 1.1.1 + 1.1.1 + + + +

+ The SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as the 'Mozilla Application Suite'. +

+ + +

+ Tom Ferris reported a heap-based buffer overflow involving wide SVG + stroke widths that affects SeaMonkey. Various researchers reported some + errors in the JavaScript engine potentially leading to memory + corruption. SeaMonkey also contains minor vulnerabilities involving + cache collision and unsafe pop-up restrictions, filtering or CSS + rendering under certain conditions. All those vulnerabilities are the + same as in GLSA 200703-04 affecting Mozilla Firefox. +

+ + +

+ An attacker could entice a user to view a specially crafted web page or + to read a specially crafted email that will trigger one of the + vulnerabilities, possibly leading to the execution of arbitrary code. + It is also possible for an attacker to spoof the address bar, steal + information through cache collision, bypass the local file protection + mechanism with pop-ups, or perform cross-site scripting attacks, + leading to the exposure of sensitive information, such as user + credentials. +

+ + +

+ There is no known workaround at this time for all of these issues, but + most of them can be avoided by disabling JavaScript. Note that the + execution of JavaScript is disabled by default in the SeaMonkey email + client, and enabling it is strongly discouraged. +

+ + +

+ Users upgrading to the following release of SeaMonkey should note that + the corresponding Mozilla Firefox upgrade has been found to lose the + saved passwords file in some cases. The saved passwords are encrypted + and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our + users to save that file before performing the upgrade. +

+

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.1" +

+ All SeaMonkey binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.1" + + + CVE-2006-6077 + CVE-2007-0775 + CVE-2007-0776 + CVE-2007-0777 + CVE-2007-0778 + CVE-2007-0779 + CVE-2007-0780 + CVE-2007-0800 + CVE-2007-0801 + CVE-2007-0981 + CVE-2007-0995 + Mozilla Password Loss Bug + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-09.xml new file mode 100644 index 0000000000..8fcb7547d0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-09.xml @@ -0,0 +1,82 @@ + + + + + Smb4K: Multiple vulnerabilities + + Multiple vulnerabilities have been identified in Smb4K. + + smb4k + March 09, 2007 + March 09, 2007: 01 + 156152 + local + + + 0.6.10a + 0.6.10a + + + +

+ Smb4K is a SMB/CIFS (Windows) share browser for KDE. +

+ + +

+ Kees Cook of the Ubuntu Security Team has identified multiple + vulnerabilities in Smb4K. +

+
  • The writeFile() function of + smb4k/core/smb4kfileio.cpp makes insecure usage of temporary + files.
    • +
  • The writeFile() function also stores the contents of + the sudoers file with incorrect permissions, allowing for the file's + contents to be world-readable.
    • +
  • The createLockFile() and + removeLockFile() functions improperly handle lock files, possibly + allowing for a race condition in file handling.
    • +
  • The smb4k_kill + utility distributed with Smb4K allows any user in the sudoers group to + kill any process on the system.
    • +
  • Lastly, there is the potential + for multiple stack overflows when any Smb4K utility is used with the + sudo command.
    • +
+ + +

+ A local attacker could gain unauthorized access to arbitrary files via + numerous attack vectors. In some cases to obtain this unauthorized + access, an attacker would have to be a member of the sudoers list. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Smb4K users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.10a" + + + CVE-2007-0472 + CVE-2007-0473 + CVE-2007-0474 + CVE-2007-0475 + + + falco + + + falco + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-10.xml new file mode 100644 index 0000000000..8dbeedea8a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-10.xml @@ -0,0 +1,66 @@ + + + + + KHTML: Cross-site scripting (XSS) vulnerability + + The KHTML component shipped with the KDE libraries is prone to a cross-site + scripting (XSS) vulnerability. + + kdelibs + March 10, 2007 + March 10, 2007: 01 + 165606 + remote + + + 3.5.5-r8 + 3.5.5-r8 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like Operating Systems. KHTML is the HTML interpreter used in + Konqueror and other parts of KDE. +

+ + +

+ The KHTML code allows for the execution of JavaScript code located + inside the "Title" HTML element, a related issue to the Safari error + found by Jose Avila. +

+ + +

+ When viewing a HTML page that renders unsanitized attacker-supplied + input in the page title, Konqueror and other parts of KDE will execute + arbitrary JavaScript code contained in the page title, allowing for the + theft of browser session data or cookies. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KDElibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8" + + + CVE-2007-0537 + CVE-2007-0478 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-11.xml new file mode 100644 index 0000000000..3d44e40c78 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-11.xml @@ -0,0 +1,64 @@ + + + + + Amarok: User-assisted remote execution of arbitrary code + + The Magnatune component shipped with Amarok is vulnerable to the injection + of arbitrary shell code from a malicious Magnatune server. + + amarok + March 13, 2007 + March 13, 2007: 01 + 166901 + remote + + + 1.4.5-r1 + 1.4.5-r1 + + + +

+ Amarok is an advanced music player. +

+ + +

+ The Magnatune downloader doesn't quote the "m_currentAlbumFileName" + parameter while calling the "unzip" shell command. +

+ + +

+ A compromised or malicious Magnatune server can remotely execute + arbitrary shell code with the rights of the user running Amarok on a + client that have previously registered for buying music. +

+ + +

+ Do not use the Magnatune component of Amarok. +

+ + +

+ All Amarok users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.5-r1" + + + SA24159 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-12.xml new file mode 100644 index 0000000000..570e7bd02a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-12.xml @@ -0,0 +1,62 @@ + + + + + SILC Server: Denial of Service + + SILC Server is affected by a Denial of Service vulnerability. + + silc-server + March 14, 2007 + March 14, 2007: 01 + 169599 + remote + + + 1.0.2-r1 + 1.0.2-r1 + + + +

+ SILC Server is a server for the Secure Internet Live Conferencing + (SILC) protocol. +

+ + +

+ Frank Benkstein discovered a possible NULL pointer dereference in + apps/silcd/command.c if a new channel is created without specifying a + valid hmac or cipher algorithm name. +

+ + +

+ A remote attacker could cause the server to crash, resulting in a + Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SILC Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/silc-server-1.0.2-r1" + + + + DerCorny + + + vorlon + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-13.xml new file mode 100644 index 0000000000..3258a26307 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-13.xml @@ -0,0 +1,69 @@ + + + + + SSH Communications Security's Secure Shell Server: SFTP privilege escalation + + The SSH Secure Shell Server SFTP function is vulnerable to privilege + escalation. + + net-misc/ssh + March 14, 2007 + March 14, 2007: 01 + 168584 + remote + + + 4.3.7 + + + +

+ The SSH Secure Shell Server from SSH Communications Security + (www.ssh.com) is a commercial SSH implementation available free for + non-commercial use. +

+ + +

+ The SSH Secure Shell Server contains a format string vulnerability in + the SFTP code that handles file transfers (scp2 and sftp2). In some + situations, this code passes the accessed filename to the system log. + During this operation, an unspecified error could allow uncontrolled + stack access. +

+ + +

+ An authenticated system user may be able to exploit this vulnerability + to bypass command restrictions, or run commands as another user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ This package is currently masked, there is no upgrade path for the + 3.2.x version, and a license must be purchased in order to update to a + non-vulnerable version. Because of this, we recommend unmerging this + package: +

+ + # emerge --ask --verbose --unmerge net-misc/ssh + + + CVE-2006-0705 + + + vorlon + + + vorlon + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-14.xml new file mode 100644 index 0000000000..6a97a515a3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-14.xml @@ -0,0 +1,67 @@ + + + + + Asterisk: SIP Denial of Service + + Asterisk is vulnerable to Denial of Service in the SIP channel. + + asterisk + March 16, 2007 + March 16, 2007: 01 + 169616 + remote + + + 1.2.14-r1 + 1.0.12-r1 + 1.2.14-r1 + + + +

+ Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +

+ + +

+ The MU Security Research Team discovered that Asterisk contains a + NULL-pointer dereferencing error in the SIP channel when handling + request messages. +

+ + +

+ A remote attacker could cause an Asterisk server listening for SIP + messages to crash by sending a specially crafted SIP request message. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-misc/asterisk +

+ Note: Asterisk 1.0.x is no longer supported upstream so users should + consider upgrading to Asterisk 1.2.x. +

+ + + CVE-2007-1306 + MU-200703-01 + + + jaervosz + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-15.xml new file mode 100644 index 0000000000..cdd51706ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-15.xml @@ -0,0 +1,73 @@ + + + + + PostgreSQL: Multiple vulnerabilities + + PostgreSQL contains two vulnerabilities that could result in a Denial of + Service or unauthorized access to certain information. + + postgresql + March 16, 2007 + May 28, 2009: 04 + 165482 + remote + + + 8.0.11 + 7.4.17 + 7.4.16 + 7.3.19 + 7.3.13 + 7.3.21 + 7.4.19 + 8.0.11 + + + +

+ PostgreSQL is an open source object-relational database management + system. +

+ + +

+ PostgreSQL does not correctly check the data types of the SQL function + arguments under unspecified circumstances nor the format of the + provided tables in the query planner. +

+ + +

+ A remote authenticated attacker could send specially crafted queries to + the server that could result in a server crash and possibly the + unauthorized reading of some database content or arbitrary memory. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PostgreSQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-db/postgresql" + + + CVE-2007-0555 + CVE-2007-0556 + + + falco + + + vorlon + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-16.xml new file mode 100644 index 0000000000..7a49706bf5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-16.xml @@ -0,0 +1,68 @@ + + + + + Apache JK Tomcat Connector: Remote execution of arbitrary code + + The Apache Tomcat Connector (mod_jk) contains a buffer overflow + vulnerability that could result in the remote execution of arbitrary code. + + mod_jk + March 16, 2007 + March 16, 2007: 01 + 169433 + remote + + + 1.2.21-r1 + 1.2.21-r1 + + + +

+ The Apache HTTP server is a very widely used web server. mod_jk + provides the JK module for connecting Tomcat and Apache using the ajp13 + protocol. +

+ + +

+ ZDI reported an unsafe memory copy in mod_jk that was discovered by an + anonymous researcher in the map_uri_to_worker function of + native/common/jk_uri_worker_map.c . +

+ + +

+ A remote attacker can send a long URL request to an Apache server using + Tomcat. That can trigger the vulnerability and lead to a stack-based + buffer overflow, which could result in the execution of arbitrary code + with the permissions of the Apache user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache Tomcat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.21-r1" + + + CVE-2007-0774 + + + DerCorny + + + falco + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-17.xml new file mode 100644 index 0000000000..0b8725c8c3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-17.xml @@ -0,0 +1,65 @@ + + + + + ulogd: Remote execution of arbitrary code + + ulogd contains a possible buffer overflow potentially allowing for the + remote execution of arbitrary code. + + ulogd + March 18, 2007 + March 18, 2007: 01 + 161882 + remote + + + 1.23-r1 + 1.23-r1 + + + +

+ ulogd is a userspace daemon for netfilter related logging. +

+ + +

+ SUSE reported unspecified buffer overflows in ulogd involving the + calculation of string lengths. +

+ + +

+ A remote attacker could trigger a possible buffer overflow through + unspecified vectors, potentially leading to the remote execution of + arbitrary code with the rights of the user running the ulogd daemon, or + more probably leading to the crash of the daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ulogd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/ulogd-1.23-r1" + + + CVE-2007-0460 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-18.xml new file mode 100644 index 0000000000..b3019faaae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-18.xml @@ -0,0 +1,86 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of + which may allow user-assisted arbitrary remote code execution. + + mozilla-thunderbird + March 18, 2007 + March 18, 2007: 01 + 165555 + remote + + + 1.5.0.10 + 1.5.0.10 + + + 1.5.0.10 + 1.5.0.10 + + + +

+ Mozilla Thunderbird is a popular open-source email client from the + Mozilla Project. +

+ + +

+ Georgi Guninski reported a possible integer overflow in the code + handling text/enhanced or text/richtext MIME emails. Additionally, + various researchers reported errors in the JavaScript engine + potentially leading to memory corruption. Additionally, the binary + version of Mozilla Thunderbird includes a vulnerable NSS library which + contains two possible buffer overflows involving the SSLv2 protocol. +

+ + +

+ An attacker could entice a user to read a specially crafted email that + could trigger one of the vulnerabilities, some of them being related to + Mozilla Thunderbird's handling of JavaScript, possibly leading to the + execution of arbitrary code. +

+ + +

+ There is no known workaround at this time for all of these issues, but + some of them can be avoided by disabling JavaScript. Note that the + execution of JavaScript is disabled by default and enabling it is + strongly discouraged. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.10" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.10" + + + CVE-2007-0008 + CVE-2007-0009 + CVE-2007-0775 + CVE-2007-0776 + CVE-2007-0777 + CVE-2007-1282 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-19.xml new file mode 100644 index 0000000000..9a20d039b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-19.xml @@ -0,0 +1,68 @@ + + + + + LTSP: Authentication bypass in included LibVNCServer code + + LTSP includes a version of libVNCServer that is vulnerable to an + authentication bypass. + + ltsp + March 18, 2007 + March 18, 2007: 01 + 142661 + remote + + + 4.2-r1 + 4.2-r1 + + + +

+ The Linux Terminal Server Project adds thin-client support to Linux + servers. +

+ + +

+ The LTSP server includes vulnerable LibVNCServer code, which fails to + properly validate protocol types effectively letting users decide what + protocol to use, such as "Type 1 - None" (GLSA-200608-05). The LTSP VNC + server will accept this security type, even if it is not offered by the + server. +

+ + +

+ An attacker could exploit this vulnerability to gain unauthorized + access with the privileges of the user running the VNC server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LTSP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/ltsp-4.2-r1" + + + CVE-2006-2450 + GLSA 200608-05 + + + falco + + + falco + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-20.xml new file mode 100644 index 0000000000..9687dba3be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-20.xml @@ -0,0 +1,68 @@ + + + + + LSAT: Insecure temporary file creation + + LSAT insecurely creates temporary files which can lead to symlink attacks + allowing a local user to overwrite arbitrary files. + + lsat + March 18, 2007 + May 11, 2007: 02 + 159542 + local + + + 0.9.5 + 0.9.5 + + + +

+ The Linux Security Auditing Tool (LSAT) is a post install security + auditor which checks many system configurations and local network + settings on the system for common security or configuration errors and + for packages that are not needed. +

+ + +

+ LSAT insecurely writes in /tmp with a predictable filename. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + the LSAT script is executed, this would result in the file being + overwritten with the rights of the user running the software, which + could be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All lsat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/lsat-0.9.5" + + + CVE-2007-1500 + + + falco + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-21.xml new file mode 100644 index 0000000000..3c705e5998 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-21.xml @@ -0,0 +1,91 @@ + + + + + PHP: Multiple vulnerabilities + + PHP contains several vulnerabilities including a heap buffer overflow, + potentially leading to the remote execution of arbitrary code under certain + conditions. + + php + March 20, 2007 + March 29, 2008: 03 + 153911 + remote + + + 5.2.1-r3 + 5.1.6-r11 + 4.4.6 + 4.4.7 + 4.4.8_pre20070816 + 5.2.1-r3 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ Several vulnerabilities were found in PHP by the Hardened-PHP Project + and other researchers. These vulnerabilities include a heap-based + buffer overflow in htmlentities() and htmlspecialchars() if called with + UTF-8 parameters, and an off-by-one error in str_ireplace(). Other + vulnerabilities were also found in the PHP4 branch, including possible + overflows, stack corruptions and a format string vulnerability in the + *print() functions on 64 bit systems. +

+ + +

+ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-lang/php" + + + CVE-2006-5465 + CVE-2007-0906 + CVE-2007-0907 + CVE-2007-0908 + CVE-2007-0909 + CVE-2007-0910 + CVE-2007-0911 + CVE-2007-0988 + CVE-2007-1286 + CVE-2007-1375 + CVE-2007-1376 + CVE-2007-1380 + CVE-2007-1383 + PHP 4.4.5 Release Announcement + PHP 5.2.1 Release Announcement + + + falco + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-22.xml new file mode 100644 index 0000000000..c3f02afe4d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-22.xml @@ -0,0 +1,69 @@ + + + + + Mozilla Network Security Service: Remote execution of arbitrary code + + The Mozilla Network Security Services libraries are vulnerable to two + buffer overflows that could result in the remote execution of arbitrary + code. + + nss + March 20, 2007 + March 20, 2007: 01 + 165555 + remote + + + 3.11.5 + 3.11.5 + + + +

+ The Mozilla Network Security Service is a library implementing security + features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, + S/MIME and X.509 certificates. +

+ + +

+ iDefense has reported two potential buffer overflow vulnerabilities + found by researcher "regenrecht" in the code implementing the SSLv2 + protocol. +

+ + +

+ A remote attacker could send a specially crafted SSL master key to a + server using NSS for the SSLv2 protocol, or entice a user to connect to + a malicious server with a client-side application using NSS like one of + the Mozilla products. This could trigger the vulnerabilities and result + in the possible execution of arbitrary code with the rights of the + vulnerable application. +

+ + +

+ Disable the SSLv2 protocol in the applications using NSS. +

+ + +

+ All NSS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.5" + + + CVE-2007-0008 + CVE-2007-0009 + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-23.xml new file mode 100644 index 0000000000..a2c87f487b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-23.xml @@ -0,0 +1,90 @@ + + + + + WordPress: Multiple vulnerabilities + + Wordpress contains several cross-site scripting, cross-site request forgery + and information leak vulnerabilities. + + wordpress + March 20, 2007 + March 20, 2007: 01 + 168529 + remote + + + 2.1.2 + + + +

+ WordPress is a popular personal publishing platform with a web + interface. +

+ + +

+ WordPress contains cross-site scripting or cross-site scripting forgery + vulnerabilities reported by: +

+
  • g30rg3_x in the "year" + parameter of the wp_title() function
    • +
  • Alexander Concha in the + "demo" parameter of wp-admin/admin.php
    • +
  • Samenspender and Stefan + Friedli in the "post" parameter of wp-admin/post.php and + wp-admin/page.php, in the "cat_ID" parameter of wp-admin/categories.php + and in the "c" parameter of wp-admin/comment.php
    • +
  • PsychoGun in + the "file" parameter of wp-admin/templates.php
    • +

+

+

+ Additionally, WordPress prints the full PHP script paths in some error + messages. +

+ + +

+ The cross-site scripting vulnerabilities can be triggered to steal + browser session data or cookies. A remote attacker can entice a user to + browse to a specially crafted web page that can trigger the cross-site + request forgery vulnerability and perform arbitrary WordPress actions + with the permissions of the user. Additionally, the path disclosure + vulnerability could help an attacker to perform other attacks. +

+ + +

+ There is no known workaround at this time for all these + vulnerabilities. +

+ + +

+ Due to the numerous recently discovered vulnerabilities in WordPress, + this package has been masked in the portage tree. All WordPress users + are advised to unmerge it. +

+ + + # emerge --unmerge "www-apps/wordpress" + + + CVE-2007-1049 + CVE-2007-1230 + CVE-2007-1244 + CVE-2007-1409 + SA 24430 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-24.xml new file mode 100644 index 0000000000..45be71876e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-24.xml @@ -0,0 +1,67 @@ + + + + + mgv: Stack overflow in included gv code + + mgv improperly handles user-supplied data possibly allowing for the + execution of arbitrary code. + + mgv + March 26, 2007 + March 26, 2007: 01 + 154645 + remote + + + 3.1.5 + + + +

+ mgv is a Postscript viewer with a Motif interface, based on Ghostview + and GNU gv. +

+ + +

+ mgv includes code from gv that does not properly boundary check + user-supplied data before copying it into process buffers. +

+ + +

+ An attacker could entice a user to open a specially crafted Postscript + document with mgv and possibly execute arbitrary code with the rights + of the user running mgv. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ mgv is currently unmaintained, and the mgv website no longer exists. As + such, the mgv package has been masked in Portage. We recommend that + users select an alternate Postscript viewer such as ghostview or + GSview, and unmerge mgv: +

+ + # emerge --unmerge "app-text/mgv" + + + CVE-2006-5864 + GLSA 200611-20 + + + jaervosz + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-25.xml new file mode 100644 index 0000000000..c11ec4f421 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-25.xml @@ -0,0 +1,64 @@ + + + + + Ekiga: Format string vulnerability + + A format string vulnerability in Ekiga may allow the remote execution of + arbitrary code. + + ekiga + March 29, 2007 + May 28, 2009: 02 + 167643 + remote + + + 2.0.7 + 2.0.7 + + + +

+ Ekiga is an open source VoIP and video conferencing application. +

+ + +

+ Mu Security has discovered that Ekiga fails to implement formatted + printing correctly. +

+ + +

+ An attacker could exploit this vulnerability to crash Ekiga and + potentially execute arbitrary code by sending a specially crafted Q.931 + SETUP packet to a victim. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ekiga users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7" + + + CVE-2007-1006 + + + DerCorny + + + DerCorny + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-26.xml new file mode 100644 index 0000000000..7802a51d6a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-26.xml @@ -0,0 +1,68 @@ + + + + + file: Integer underflow + + A buffer underflow vulnerability has been reported in file allowing for the + user-assisted execution of arbitrary code. + + file + March 30, 2007 + March 30, 2007: 01 + 171452 + remote + + + 4.20 + 4.20 + + + +

+ file is a utility that guesses a file format by scanning binary data + for patterns. +

+ + +

+ Jean-Sebastien Guay-Leroux reported an integer underflow in + file_printf function. +

+ + +

+ A remote attacker could entice a user to run the "file" program on a + specially crafted file that would trigger a heap-based buffer overflow + possibly leading to the execution of arbitrary code with the rights of + the user running "file". Note that this vulnerability could be also + triggered through an automatic file scanner like amavisd-new. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Since file is a system package, all Gentoo users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-4.20" + + + CVE-2007-1536 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-27.xml new file mode 100644 index 0000000000..8094a4d453 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-27.xml @@ -0,0 +1,63 @@ + + + + + Squid: Denial of Service + + Squid is affected by a Denial of Service vulnerability. + + squid + March 31, 2007 + March 31, 2007: 01 + 171681 + remote + + + 2.6.12 + 2.6.12 + + + +

+ Squid is a multi-protocol proxy server. +

+ + +

+ Squid incorrectly handles TRACE requests that contain a "Max-Forwards" + header field with value "0" in the clientProcessRequest() function. +

+ + +

+ A remote attacker can send specially crafted TRACE HTTP requests that + will terminate the child process. A quickly repeated attack will lead + to a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.12" + + + CVE-2007-1560 + + + aetius + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-28.xml new file mode 100644 index 0000000000..81ad4ccbb7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200703-28.xml @@ -0,0 +1,67 @@ + + + + + CUPS: Denial of Service + + CUPS incorrectly handles partially-negotiated SSL connections allowing for + a Denial of Service. + + cups + March 31, 2007 + March 31, 2007: 01 + 170881 + remote + + + 1.2.9 + 1.2.9 + + + +

+ CUPS provides a portable printing layer for UNIX-based operating + systems. +

+ + +

+ CUPS does not properly handle partially-negotiated SSL connections. + Upon receiving a partially-negotiated SSL connection, CUPS no longer + accepts further incoming connections, as the initial connection never + times out. +

+ + +

+ An attacker could partially negotiate an SSL connection with a CUPS + server, and cause future connections to that server to fail, resulting + in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.9" + + + CVE-2007-0720 + + + jaervosz + + + shellsage + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-01.xml new file mode 100644 index 0000000000..3ed1c2e995 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-01.xml @@ -0,0 +1,70 @@ + + + + + Asterisk: Two SIP Denial of Service vulnerabilities + + Asterisk is vulnerable to two Denial of Service issues in the SIP channel. + + asterisk + April 02, 2007 + April 02, 2007: 01 + 171467 + remote + + + 1.2.14-r2 + 1.0.12-r2 + 1.2.14-r2 + + + +

+ Asterisk is an open source implementation of a telephone private branch + exchange (PBX). +

+ + +

+ The Madynes research team at INRIA has discovered that Asterisk + contains a null pointer dereferencing error in the SIP channel when + handling INVITE messages. Furthermore qwerty1979 discovered that + Asterisk 1.2.x fails to properly handle SIP responses with return code + 0. +

+ + +

+ A remote attacker could cause an Asterisk server listening for SIP + messages to crash by sending a specially crafted SIP message or + answering with a 0 return code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose net-misc/asterisk +

+ Note: Asterisk 1.0.x is no longer supported upstream so users should + consider upgrading to Asterisk 1.2.x. +

+ + + CVE-2007-1561 + CVE-2007-1594 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-02.xml new file mode 100644 index 0000000000..7d69bad39d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-02.xml @@ -0,0 +1,70 @@ + + + + + MIT Kerberos 5: Arbitrary remote code execution + + Multiple vulnerabilities in MIT Kerberos 5 could potentially result in + unauthenticated remote root code execution. + + mit-krb5 + April 03, 2007 + April 03, 2007: 01 + 171889 + remote + + + 1.5.2-r1 + 1.5.2-r1 + + + +

+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +

+ + +

+ The Kerberos telnet daemon fails to properly handle usernames allowing + unauthorized access to any account (CVE-2007-0956). The Kerberos + administration daemon, the KDC and possibly other applications using + the MIT Kerberos libraries are vulnerable to the following issues. The + krb5_klog_syslog function from the kadm5 library fails to properly + validate input leading to a stack overflow (CVE-2007-0957). The GSS-API + library is vulnerable to a double-free attack (CVE-2007-1216). +

+ + +

+ By exploiting the telnet vulnerability a remote attacker may obtain + access with root privileges. The remaining vulnerabilities may allow an + authenticated remote attacker to execute arbitrary code with root + privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.2-r1" + + + CVE-2007-0956 + CVE-2007-0957 + CVE-2007-1216 + + + jaervosz + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-03.xml new file mode 100644 index 0000000000..e99a64faee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-03.xml @@ -0,0 +1,69 @@ + + + + + OpenAFS: Privilege escalation + + OpenAFS is subject to a design flaw that could allow privilege escalation + on the client. + + openafs + April 03, 2007 + April 03, 2007: 01 + 171662 + remote + + + 1.4.4 + 1.4.4 + + + +

+ OpenAFS is a distributed network filesystem. +

+ + +

+ Benjamin Bennett discovered that the OpenAFS client contains a design + flaw where cache managers do not use authenticated server connections + when performing actions not requested by a user. +

+ + +

+ If setuid is enabled on the client cells, an attacker can supply a fake + FetchStatus reply that sets setuid and root ownership of a file being + executed. This could provide root access on the client. Remote attacks + may be possible if an attacker can entice a user to execute a known + file. Note that setuid is enabled by default in versions of OpenAFS + prior to 1.4.4. +

+ + +

+ Disable the setuid functionality on all client cells. This is now the + default configuration in OpenAFS. +

+ + +

+ All OpenAFS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.4" + + + CVE-2007-1507 + + + jaervosz + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-04.xml new file mode 100644 index 0000000000..e11a4743ff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-04.xml @@ -0,0 +1,67 @@ + + + + + OpenPBS: Multiple vulnerabilities + + OpenPBS contains unspecified vulnerabilities which may allow for the remote + execution of arbitrary code or a Denial of Service. + + openpbs + April 03, 2007 + April 03, 2007: 01 + 153495 + remote, local + + + 2.3.16-r4 + + + +

+ OpenPBS is the original version of the Portable Batch System. It is a + flexible batch queueing system developed for NASA in the early to + mid-1990s. +

+ + +

+ SUSE reported vulnerabilities due to unspecified errors in OpenPBS. +

+ + +

+ By unspecified attack vectors an attacker might be able execute + arbitrary code with the privileges of the user running openpbs, which + might be the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ OpenPBS has been masked in the Portage tree for replacement by Torque. + All OpenPBS users should unmerge OpenPBS and switch to Torque. +

+ + + # emerge --ask --unmerge sys-cluster/openpbs + # emerge --sync + # emerge --ask --verbose sys-cluster/torque + + + CVE-2006-5616 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-05.xml new file mode 100644 index 0000000000..b9a5b6398b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-05.xml @@ -0,0 +1,65 @@ + + + + + zziplib: Buffer Overflow + + The zziplib library contains a buffer overflow vulnerability that could + lead to user-assisted remote execution of arbitrary code. + + zziplib + April 03, 2007 + April 03, 2007: 01 + 171441 + remote + + + 0.13.49 + 0.13.49 + + + +

+ The zziplib library is a lightweight library for extracting data from + files archived in a single zip file. +

+ + +

+ dmcox dmcox discovered a boundary error in the zzip_open_shared_io() + function from zzip/file.c . +

+ + +

+ A remote attacker could entice a user to run a zziplib function with an + overly long string as an argument which would trigger the buffer + overflow and may lead to the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All zziplib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/zziplib-0.13.49" + + + CVE-2007-1614 + + + aetius + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-06.xml new file mode 100644 index 0000000000..7cd4c11b51 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-06.xml @@ -0,0 +1,66 @@ + + + + + Evince: Stack overflow in included gv code + + Evince improperly handles user-supplied data possibly allowing for the + execution of arbitrary code. + + evince + April 06, 2007 + April 06, 2007: 01 + 156573 + remote + + + 0.6.1-r3 + 0.6.1-r3 + + + +

+ Evince is a document viewer for multiple document formats, including + PostScript. +

+ + +

+ Evince includes code from GNU gv that does not properly boundary check + user-supplied data before copying it into process buffers. +

+ + +

+ An attacker could entice a user to open a specially crafted PostScript + document with Evince and possibly execute arbitrary code with the + rights of the user running Evince. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Evince users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/evince-0.6.1-r3" + + + CVE-2006-5864 + GLSA-200611-20 + + + jaervosz + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-07.xml new file mode 100644 index 0000000000..d56d7cc547 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-07.xml @@ -0,0 +1,66 @@ + + + + + libwpd: Multiple vulnerabilities + + libwpd is vulnerable to several heap overflows and an integer overflow. + + libwpd + April 06, 2007 + April 06, 2007: 01 + 169675 + remote + + + 0.8.9 + 0.8.9 + + + +

+ libwpd is a library used to convert Wordperfect documents into other + formats. +

+ + +

+ libwpd contains heap-based overflows in two functions that convert + WordPerfect document tables. In addition, it contains an integer + overflow in a text-conversion function. +

+ + +

+ An attacker could entice a user to convert a specially crafted + WordPerfect file, resulting in a crash or possibly the execution of + arbitrary code with the rights of the user running libwpd. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libwpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/libwpd-0.8.9" + + + CVE-2007-0002 + CVE-2007-1466 + + + falco + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-08.xml new file mode 100644 index 0000000000..b1529e8d3a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-08.xml @@ -0,0 +1,70 @@ + + + + + DokuWiki: Cross-site scripting vulnerability + + DokuWiki is vulnerable to a cross-site scripting attack. + + dokuwiki + April 12, 2007 + April 12, 2007: 01 + 163781 + remote + + + 20061106 + 20061106 + + + +

+ DokuWiki is a simple to use wiki aimed at creating documentation. +

+ + +

+ DokuWiki does not sanitize user input to the GET variable 'media' in + the fetch.php file. +

+ + +

+ An attacker could entice a user to click a specially crafted link and + inject CRLF characters into the variable. This would allow the creation + of new lines or fields in the returned HTTP Response header, which + would permit the attacker to execute arbitrary scripts in the context + of the user's browser. +

+ + +

+ Replace the following line in lib/exe/fetch.php: +

+ $MEDIA = getID('media',false); // no cleaning - maybe external +

+ with +

+ $MEDIA = preg_replace('/[\x00-\x1F]+/s','',getID('media',false)); + + +

+ All DokuWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20061106" + + + CVE-2006-6965 + + + falco + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-09.xml new file mode 100644 index 0000000000..7b20bb4485 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-09.xml @@ -0,0 +1,66 @@ + + + + + xine-lib: Heap-based buffer overflow + + xine-lib is vulnerable to a heap-based buffer overflow. + + xine-lib + April 14, 2007 + April 14, 2007: 01 + 170208 + remote + + + 1.1.4-r2 + 1.1.4-r2 + + + +

+ xine-lib is the core library package for the xine media player. +

+ + +

+ xine-lib does not check boundaries on data being read into buffers from + DMO video files in code that is shared with MPlayer + (DMO_VideoDecoder.c). +

+ + +

+ An attacker could entice a user to play a specially crafted DMO video + file with a player using xine-lib, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users on the x86 platform should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.4-r2" + + + CVE-2007-1246 + + + jaervosz + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-10.xml new file mode 100644 index 0000000000..ba29b29854 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-10.xml @@ -0,0 +1,65 @@ + + + + + Inkscape: Two format string vulnerabilities + + Two format string vulnerabilities have been discovered in Inkscape, + allowing for user-assisted execution of arbitrary code. + + Inkscape + April 16, 2007 + April 16, 2007: 01 + 171799 + remote + + + 0.45.1 + 0.45.1 + + + +

+ Inkscape is a vector graphics editor, using Scalable Vector Graphics + (SVG) Format. +

+ + +

+ Kees Cook has discovered two vulnerabilities in Inkscape. The + application does not properly handle format string specifiers in some + dialog boxes. Inkscape is also vulnerable to another format string + error in its Jabber whiteboard protocol. +

+ + +

+ A remote attacker could entice a user to open a specially crafted URI, + possibly leading to execution of arbitrary code with the privileges of + the user running Inkscape. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Inkscape users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/inkscape-0.45.1" + + + CVE-2007-1463 + CVE-2007-1464 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-11.xml new file mode 100644 index 0000000000..65fc90ec54 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-11.xml @@ -0,0 +1,68 @@ + + + + + Vixie Cron: Denial of Service + + The Gentoo implementation of Vixie Cron is vulnerable to a local Denial of + Service. + + vixie-cron + April 16, 2007 + April 16, 2007: 01 + 164466 + local + + + 4.1-r10 + 4.1-r10 + + + +

+ Vixie Cron is a command scheduler with extended syntax over cron. +

+ + +

+ During an internal audit, Raphael Marichez of the Gentoo Linux Security + Team found that Vixie Cron has weak permissions set on Gentoo, allowing + for a local user to create hard links to system and users cron files, + while a st_nlink check in database.c will generate a superfluous error. +

+ + +

+ Depending on the partitioning scheme and the "cron" group membership, a + malicious local user can create hard links to system or users cron + files that will trigger the st_link safety check and prevent the + targeted cron file from being run from the next restart or database + reload. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Vixie Cron users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r10" + + + CVE-2007-1856 + + + jaervosz + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-12.xml new file mode 100644 index 0000000000..0648355ad9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-12.xml @@ -0,0 +1,82 @@ + + + + + OpenOffice.org: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in OpenOffice.org, allowing + for remote execution of arbitrary code. + + OpenOffice.org + April 16, 2007 + April 16, 2007: 01 + 170828 + remote + + + 2.1.0-r1 + 2.1.0-r1 + + + 2.2.0 + 2.2.0 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ John Heasman of NGSSoftware has discovered a stack-based buffer + overflow in the StarCalc parser and an input validation error when + processing metacharacters in a link. Also OpenOffice.Org includes code + from libwpd making it vulnerable to heap-based overflows when + converting WordPerfect document tables (GLSA 200704-07). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly leading to execution of arbitrary code with the + rights of the user running OpenOffice.org. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.1.0-r1" +

+ All OpenOffice.org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.0" + + + CVE-2007-0002 + CVE-2007-0238 + CVE-2007-0239 + GLSA-200704-07 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-13.xml new file mode 100644 index 0000000000..22e6e3dcaf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-13.xml @@ -0,0 +1,66 @@ + + + + + File: Denial of Service + + A vulnerability has been discovered in file allowing for a denial of + service. + + file + April 17, 2007 + September 17, 2007: 02 + 174217 + remote + + + 4.21-r1 + 4.21 + + + +

+ file is a utility that identifies a file format by scanning binary data + for patterns. +

+ + +

+ Conor Edberg discovered an error in the way file processes a specific + regular expression. +

+ + +

+ A remote attacker could entice a user to open a specially crafted file, + using excessive CPU ressources and possibly leading to a Denial of + Service. Note that this vulnerability could be also triggered through + an automatic file scanner like amavisd-new. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All file users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-4.20-r1" + + + CVE-2007-2026 + + + aetius + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-14.xml new file mode 100644 index 0000000000..065e771a52 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-14.xml @@ -0,0 +1,66 @@ + + + + + FreeRADIUS: Denial of Service + + A memory leak has been discovered in FreeRADIUS, possibly allowing for a + Denial of Service. + + FreeRADIUS + April 17, 2007 + April 17, 2007: 01 + 174292 + remote + + + 1.1.6 + 1.1.6 + + + +

+ FreeRADIUS is an open source RADIUS authentication server + implementation. +

+ + +

+ The Coverity Scan project has discovered a memory leak within the + handling of certain malformed Diameter format values inside an EAP-TTLS + tunnel. +

+ + +

+ A remote attacker could send a large amount of specially crafted + packets to a FreeRADIUS server using EAP-TTLS authentication and + exhaust all memory, possibly resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeRADIUS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.6" + + + CVE-2007-2028 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-15.xml new file mode 100644 index 0000000000..5e278eb325 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-15.xml @@ -0,0 +1,70 @@ + + + + + MadWifi: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in the MadWifi driver, + possibly leading to a Denial of Service and information disclosure. + + Madwifi-ng + April 17, 2007 + April 21, 2007: 02 + 173434 + remote + + + 0.9.3 + 0.9.3 + + + +

+ The MadWifi driver provides support for Atheros based IEEE 802.11 + Wireless Lan cards. +

+ + +

+ The driver does not properly process Channel Switch Announcement + Information Elements, allowing for an abnormal channel change. The + ieee80211_input() function does not properly handle AUTH frames and the + driver sends unencrypted packets before WPA authentication succeeds. +

+ + +

+ A remote attacker could send specially crafted AUTH frames to the + vulnerable host, resulting in a Denial of Service by crashing the + kernel. A remote attacker could gain access to sensitive information + about network architecture by sniffing unencrypted packets. A remote + attacker could also send a Channel Switch Count less than or equal to + one to trigger a channel change, resulting in a communication loss and + a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MadWifi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3" + + + CVE-2006-7178 + CVE-2006-7179 + CVE-2006-7180 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-16.xml new file mode 100644 index 0000000000..1362a8fbc8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-16.xml @@ -0,0 +1,68 @@ + + + + + Aircrack-ng: Remote execution of arbitrary code + + Aircrack-ng contains a buffer overflow that could lead to the remote + execution of arbitrary code with root privileges. + + aircrack-ng + April 22, 2007 + April 22, 2007: 01 + 174340 + remote + + + 0.7-r2 + 0.7-r2 + + + +

+ Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can + recover keys once enough data packets have been captured. +

+ + +

+ Jonathan So reported that the airodump-ng module does not correctly + check the size of 802.11 authentication packets before copying them + into a buffer. +

+ + +

+ A remote attacker could trigger a stack-based buffer overflow by + sending a specially crafted 802.11 authentication packet to a user + running airodump-ng with the -w (--write) option. This could lead to + the remote execution of arbitrary code with the permissions of the user + running airodump-ng, which is typically the root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Aircrack-ng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/aircrack-ng-0.7-r2" + + + CVE-2007-2057 + + + shellsage + + + shellsage + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-17.xml new file mode 100644 index 0000000000..633590d8d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-17.xml @@ -0,0 +1,65 @@ + + + + + 3proxy: Buffer overflow + + A vulnerability has been discovered in 3proxy allowing for the remote + execution of arbitrary code. + + 3proxy + April 22, 2007 + April 22, 2007: 01 + 174429 + remote + + + 0.5.3h + 0.5.3h + + + +

+ 3proxy is a multi-protocol proxy, including HTTP/HTTPS/FTP and SOCKS + support. +

+ + +

+ The 3proxy development team reported a buffer overflow in the logurl() + function when processing overly long requests. +

+ + +

+ A remote attacker could send a specially crafted transparent request to + the proxy, resulting in the execution of arbitrary code with privileges + of the user running 3proxy. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All 3proxy users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/3proxy-0.5.3h" + + + CVE-2007-2031 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-18.xml new file mode 100644 index 0000000000..b4c4752892 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-18.xml @@ -0,0 +1,64 @@ + + + + + Courier-IMAP: Remote execution of arbitrary code + + A vulnerability has been discovered in Courier-IMAP allowing for remote + code execution with root privileges. + + courier-imap + April 22, 2007 + April 23, 2007: 02 + 168196 + remote + + + 4.0.6-r2 + 4.0.0 + 4.0.6-r2 + + + +

+ Courier-IMAP is an IMAP server which is part of the Courier mail + system. It provides access only to maildirs. +

+ + +

+ CJ Kucera has discovered that some Courier-IMAP scripts don't properly + handle the XMAILDIR variable, allowing for shell command injection. +

+ + +

+ A remote attacker could send specially crafted login credentials to a + Courier-IMAP server instance, possibly leading to remote code execution + with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Courier-IMAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/courier-imap-4.0.6-r2" + + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-19.xml new file mode 100644 index 0000000000..b3d2176e54 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-19.xml @@ -0,0 +1,64 @@ + + + + + Blender: User-assisted remote execution of arbitrary code + + A vulnerability has been discovered in Blender allowing for user-assisted + arbitrary code execution. + + Blender + April 23, 2007 + April 23, 2007: 01 + 168907 + remote + + + 2.43 + 2.43 + + + +

+ Blender is a 3D creation, animation and publishing program. +

+ + +

+ Stefan Cornelius of Secunia Research discovered an insecure use of the + "eval()" function in kmz_ImportWithMesh.py. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + Blender file (.kmz or .kml), resulting in the execution of arbitrary + Python code with the privileges of the user running Blender. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Blender users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.43" + + + CVE-2007-1253 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-20.xml new file mode 100644 index 0000000000..8f2a03f887 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-20.xml @@ -0,0 +1,72 @@ + + + + + NAS: Multiple vulnerabilities + + The Network Audio System is vulnerable to a buffer overflow that could + result in the execution of arbitrary code with root privileges. + + NAS + April 23, 2007 + April 23, 2007: 01 + 171428 + remote + + + 1.8b + 1.8b + + + +

+ NAS is a network transparent, client/server audio transport system. +

+ + +

+ Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of + which include a buffer overflow in the function accept_att_local(), an + integer overflow in the function ProcAuWriteElement(), and a null + pointer error in the function ReadRequestFromClient(). +

+ + +

+ An attacker having access to the NAS daemon could send an overly long + slave name to the server, leading to the execution of arbitrary code + with root privileges. A remote attacker could also send a specially + crafted packet containing an invalid client ID, which would crash the + server and result in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NAS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/nas-1.8b" + + + CVE-2007-1543 + CVE-2007-1544 + CVE-2007-1545 + CVE-2007-1546 + CVE-2007-1547 + + + p-y + + + p-y + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-21.xml new file mode 100644 index 0000000000..afaf34227f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-21.xml @@ -0,0 +1,67 @@ + + + + + ClamAV: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in ClamAV allowing for the + remote execution of arbitrary code. + + ClamAV + April 24, 2007 + April 24, 2007: 01 + 174375 + remote + + + 0.90.2 + 0.90.2 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ iDefense Labs have reported a stack-based buffer overflow in the + cab_unstore() function when processing negative values in .cab files. + Multiple file descriptor leaks have also been reported in chmunpack.c, + pdf.c and dblock.c when processing .chm files. +

+ + +

+ A remote attacker could send a specially crafted CHM file to the + scanner, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running ClamAV. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90.2" + + + CVE-2007-1745 + CVE-2007-1997 + + + falco + + + p-y + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-22.xml new file mode 100644 index 0000000000..582453011d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-22.xml @@ -0,0 +1,69 @@ + + + + + BEAST: Denial of Service + + A vulnerability has been discovered in BEAST allowing for a Denial of + Service. + + BEAST + April 27, 2007 + April 27, 2007: 01 + 163146 + local + + + 0.7.1 + 0.7.1 + + + +

+ BEdevilled Audio SysTem is an audio compositor, supporting a wide range + of audio formats. +

+ + +

+ BEAST, which is installed as setuid root, fails to properly check + whether it can drop privileges accordingly if seteuid() fails due to a + user exceeding assigned resource limits. +

+ + +

+ A local user could exceed his resource limit in order to prevent the + seteuid() call from succeeding. This may lead BEAST to keep running + with root privileges. Then, the local user could use the "save as" + dialog box to overwrite any file on the vulnerable system, potentially + leading to a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BEAST users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/beast-0.7.1" + + + CVE-2006-2916 + CVE-2006-4447 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-23.xml new file mode 100644 index 0000000000..028faebf85 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200704-23.xml @@ -0,0 +1,63 @@ + + + + + capi4k-utils: Buffer overflow + + capi4k-utils is vulnerable to a buffer overflow in the bufprint() function. + + capi4k-utils + April 27, 2007 + April 27, 2007: 01 + 170870 + local + + + 20050718-r3 + 20050718-r3 + + + +

+ capi4k-utils is a set of utilities for accessing COMMON-ISDN-API + software interfaces for ISDN devices. +

+ + +

+ The bufprint() function in capi4k-utils fails to properly check + boundaries of data coming from CAPI packets. +

+ + +

+ A local attacker could possibly escalate privileges or cause a Denial + of Service by sending a crafted CAPI packet. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All capi4k-utils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/capi4k-utils-20050718-r3" + + + CVE-2007-1217 + + + jaervosz + + + aetius + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-01.xml new file mode 100644 index 0000000000..505a74f250 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-01.xml @@ -0,0 +1,67 @@ + + + + + Ktorrent: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Ktorrent allowing for the + remote execution of arbitrary code and a Denial of Service. + + ktorrent + May 01, 2007 + May 01, 2007: 01 + 170303 + remote + + + 2.1.3 + 2.1.3 + + + +

+ Ktorrent is a Bittorrent client for KDE. +

+ + +

+ Bryan Burns of Juniper Networks discovered a vulnerability in + chunkcounter.cpp when processing large or negative idx values, and a + directory traversal vulnerability in torrent.cpp. +

+ + +

+ A remote attacker could entice a user to download a specially crafted + torrent file, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running Ktorrent. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ktorrent users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/ktorrent-2.1.3" + + + CVE-2007-1384 + CVE-2007-1385 + CVE-2007-1799 + + + aetius + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-02.xml new file mode 100644 index 0000000000..26e18a7282 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-02.xml @@ -0,0 +1,65 @@ + + + + + FreeType: User-assisted execution of arbitrary code + + A vulnerability has been discovered in FreeType allowing for user-assisted + remote execution of arbitrary code. + + freetype + May 01, 2007 + May 27, 2007: 02 + 172577 + remote + + + 2.1.10-r3 + 2.0 + 2.1.10-r3 + + + +

+ FreeType is a True Type Font rendering library. +

+ + +

+ Greg MacManus of iDefense Labs has discovered an integer overflow in + the function bdfReadCharacters() when parsing BDF fonts. +

+ + +

+ A remote attacker could entice a user to use a specially crafted BDF + font, possibly resulting in a heap-based buffer overflow and the remote + execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeType users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r3" + + + CVE-2007-1351 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-03.xml new file mode 100644 index 0000000000..ecfa4d488f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-03.xml @@ -0,0 +1,67 @@ + + + + + Tomcat: Information disclosure + + A vulnerability has been discovered in Tomcat that allows for the + disclosure of sensitive information. + + tomcat + May 01, 2007 + May 01, 2007: 01 + 173122 + remote + + + 5.5.22 + 5.5.22 + + + +

+ Tomcat is the Apache Jakarta Project's official implementation of Java + Servlets and Java Server Pages. +

+ + +

+ Tomcat allows special characters like slash, backslash or URL-encoded + backslash as a separator, while Apache does not. +

+ + +

+ A remote attacker could send a specially crafted URL to the vulnerable + Tomcat server, possibly resulting in a directory traversal and read + access to arbitrary files with the privileges of the user running + Tomcat. Note that this vulnerability can only be exploited when using + apache proxy modules like mod_proxy, mod_rewrite or mod_jk. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tomcat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.22" + + + CVE-2007-0450 + + + aetius + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-04.xml new file mode 100644 index 0000000000..87719c907a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-04.xml @@ -0,0 +1,72 @@ + + + + + Apache mod_perl: Denial of Service + + The mod_perl Apache module is vulnerable to a Denial of Service when + processing regular expressions. + + mod_perl + May 02, 2007 + May 02, 2007: 02 + 172676 + remote + + + 2.0.3-r1 + 1.30 + 2.0.3-r1 + + + +

+ Mod_perl is an Apache module that embeds the Perl interpreter within + the server, allowing Perl-based web-applications to be created. +

+ + +

+ Alex Solvey discovered that the "path_info" variable used in file + RegistryCooker.pm (mod_perl 2.x) or file PerlRun.pm (mod_perl 1.x), is + not properly escaped before being processed. +

+ + +

+ A remote attacker could send a specially crafted URL to the vulnerable + server, possibly resulting in a massive resource consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mod_perl 1.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_perl-1.30" +

+ All mod_perl 2.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_perl-2.0.3-r1" + + + CVE-2007-1349 + + + falco + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-05.xml new file mode 100644 index 0000000000..2cc1029b64 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-05.xml @@ -0,0 +1,65 @@ + + + + + Quagga: Denial of Service + + A vulnerability has been discovered in Quagga allowing for a Denial of + Service. + + quagga + May 02, 2007 + May 02, 2007: 01 + 174206 + remote + + + 0.98.6-r2 + 0.98.6-r2 + + + +

+ Quagga is a free routing daemon, supporting RIP, OSPF and BGP + protocols. +

+ + +

+ The Quagga development team reported a vulnerability in the BGP routing + deamon when processing NLRI attributes inside UPDATE messages. +

+ + +

+ A malicious peer inside a BGP area could send a specially crafted + packet to a Quagga instance, possibly resulting in a crash of the + Quagga daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Quagga users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r2" + + + CVE-2007-1995 + + + falco + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-06.xml new file mode 100644 index 0000000000..9e8c17cfec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-06.xml @@ -0,0 +1,65 @@ + + + + + X.Org X11 library: Multiple integer overflows + + The X.Org X11 library contains multiple integer overflows, which could lead + to the execution of arbitrary code. + + libx11 + May 05, 2007 + May 05, 2007: 01 + 172752 + remote + + + 1.0.3-r2 + 1.0.3-r2 + + + +

+ X.Org is an implementation of the X Window System. The X.Org X11 + library provides the X11 protocol library files. +

+ + +

+ Multiple integer overflows have been reported in the XGetPixel() + function of the X.Org X11 library. +

+ + +

+ By enticing a user to open a specially crafted image, an attacker could + cause a Denial of Service or an integer overflow, potentially resulting + in the execution of arbitrary code with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X.Org X11 library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.0.3-r2" + + + CVE-2007-1667 + + + jaervosz + + + dizzutch + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-07.xml new file mode 100644 index 0000000000..19cc0eac88 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-07.xml @@ -0,0 +1,68 @@ + + + + + Lighttpd: Two Denials of Service + + Two vulnerabilities have been discovered in Lighttpd, each allowing for a + Denial of Service. + + lighttpd + May 07, 2007 + May 07, 2007: 01 + 174043 + remote + + + 1.4.14 + 1.4.14 + + + +

+ Lighttpd is a lightweight HTTP web server. +

+ + +

+ Robert Jakabosky discovered an infinite loop triggered by a connection + abort when Lighttpd processes carriage return and line feed sequences. + Marcus Rueckert discovered a NULL pointer dereference when a server + running Lighttpd tries to access a file with a mtime of 0. +

+ + +

+ A remote attacker could upload a specially crafted file to the server + or send a specially crafted request and then abort the connection, + possibly resulting in a crash or a Denial of Service by CPU + consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.14" + + + CVE-2007-1869 + CVE-2007-1870 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-08.xml new file mode 100644 index 0000000000..88ca280604 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-08.xml @@ -0,0 +1,61 @@ + + + + + GIMP: Buffer overflow + + GIMP is vulnerable to a buffer overflow which may lead to the execution of + arbitrary code. + + gimp + May 07, 2007 + May 07, 2007: 01 + 176226 + remote + + + 2.2.14 + 2.2.14 + + + +

+ GIMP is the GNU Image Manipulation Program. +

+ + +

+ Marsu discovered that the "set_color_table()" function in the SUNRAS + plugin is vulnerable to a stack-based buffer overflow. +

+ + +

+ An attacker could entice a user to open a specially crafted .RAS file, + possibly leading to the execution of arbitrary code with the privileges + of the user running GIMP. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GIMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.2.14" + + + CVE-2007-2356 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-09.xml new file mode 100644 index 0000000000..9b1b25afe6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-09.xml @@ -0,0 +1,67 @@ + + + + + IPsec-Tools: Denial of Service + + IPsec-Tools contains a vulnerability that allows a remote attacker to crash + the IPsec tunnel. + + ipsec-tools + May 08, 2007 + May 08, 2007: 01 + 173219 + remote + + + 0.6.7 + 0.6.7 + + + +

+ IPsec-Tools is a port of KAME's implementation of the IPsec utilities. + It contains a collection of network monitoring tools, including racoon, + ping, and ping6. +

+ + +

+ The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not + always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) + packets are encrypted. +

+ + +

+ A remote attacker could send a specially crafted IPsec message to one + of the two peers during the beginning of phase 1, resulting in the + termination of the IPsec exchange. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IPsec-Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.6.7" + + + CVE-2007-1841 + + + jaervosz + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-10.xml new file mode 100644 index 0000000000..a118298eed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-10.xml @@ -0,0 +1,78 @@ + + + + + LibXfont, TightVNC: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in libXfont and TightVNC, + allowing for the execution of arbitrary code with root privileges. + + tightvnc, libxfont + May 08, 2007 + May 08, 2007: 01 + 172575 + 174200 + local + + + 1.2.9-r4 + 1.2.9-r4 + + + 1.2.7-r1 + 1.2.7-r1 + + + +

+ LibXfont is the X.Org font library. TightVNC is a VNC client/server for + X displays. +

+ + +

+ The libXfont code is prone to several integer overflows, in functions + ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). + TightVNC contains a local copy of this code and is also affected. +

+ + +

+ A local attacker could use a specially crafted BDF Font to gain root + privileges on the vulnerable host. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libXfont users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.7-r1" +

+ All TightVNC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tightvnc-1.2.9-r4" + + + CVE-2007-1003 + CVE-2007-1351 + CVE-2007-1352 + + + jaervosz + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-11.xml new file mode 100644 index 0000000000..f91e303190 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-11.xml @@ -0,0 +1,68 @@ + + + + + MySQL: Two Denial of Service vulnerabilities + + Two Denial of Service vulnerabilities have been discovered in MySQL. + + MySQL + May 08, 2007 + May 08, 2007: 01 + 170126 + 171934 + remote + + + 5.0.38 + 5.0 + 5.0.38 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL server. +

+ + +

+ mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when + processing certain types of SQL requests. Sec Consult also discovered + another NULL pointer dereference when sorting certain types of queries + on the database metadata. +

+ + +

+ In both cases, a remote attacker could send a specially crafted SQL + request to the server, possibly resulting in a server crash. Note that + the attacker needs the ability to execute SELECT queries. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.38" + + + Original Report + CVE-2007-1420 + + + aetius + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-12.xml new file mode 100644 index 0000000000..9b52fb263c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-12.xml @@ -0,0 +1,75 @@ + + + + + PostgreSQL: Privilege escalation + + PostgreSQL contains a vulnerability that could result in SQL privilege + escalation. + + postgresql + May 10, 2007 + May 28, 2009: 02 + 175791 + remote + + + 8.0.13 + 7.4.17 + 7.3.19 + 7.3.21 + 7.4.19 + 8.0.13 + + + +

+ PostgreSQL is an open source object-relational database management + system. +

+ + +

+ An error involving insecure search_path settings in the SECURITY + DEFINER functions has been reported in PostgreSQL. +

+ + +

+ If allowed to call a SECURITY DEFINER function, an attacker could gain + the SQL privileges of the owner of the called function. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PostgreSQL users should upgrade to the latest version and fix their + SECURITY DEFINER functions: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-db/postgresql" +

+ In order to fix the SECURITY DEFINER functions, PostgreSQL users are + advised to refer to the PostgreSQL documentation: http://www.postgresql + .org/docs/techdocs.77 +

+ + + CVE-2007-2138 + + + aetius + + + falco + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-13.xml new file mode 100644 index 0000000000..4e1e32ecea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-13.xml @@ -0,0 +1,71 @@ + + + + + ImageMagick: Multiple buffer overflows + + Multiple integer overflows have been discovered in ImageMagick allowing for + the execution of arbitrary code. + + imagemagick + May 10, 2007 + June 07, 2007: 02 + 152672 + 159567 + 173186 + remote + + + 6.3.3 + 6.3.3 + + + +

+ ImageMagick is a collection of tools allowing various manipulations on + image files. +

+ + +

+ iDefense Labs has discovered multiple integer overflows in ImageMagick + in the functions ReadDCMImage() and ReadXWDImage(), that are used to + process DCM and XWD files. +

+ + +

+ An attacker could entice a user to open specially crafted XWD or DCM + file, resulting in heap-based buffer overflows and possibly the + execution of arbitrary code with the privileges of the user running + ImageMagick. Note that this user may be httpd or any other account used + by applications relying on the ImageMagick tools to automatically + process images. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.3" + + + CVE-2007-1797 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-14.xml new file mode 100644 index 0000000000..0362ccb775 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-14.xml @@ -0,0 +1,65 @@ + + + + + XScreenSaver: Privilege escalation + + XScreenSaver allows local users to bypass authentication under certain + configurations. + + xscreensaver + May 13, 2007 + May 13, 2007: 01 + 176584 + local + + + 5.02 + 5.02 + + + +

+ XScreenSaver is a widely used screen saver collection shipped on + systems running the X11 Window System. +

+ + +

+ XScreenSaver incorrectly handles the results of the getpwuid() function + in drivers/lock.c when using directory servers during a network outage. +

+ + +

+ A local user can crash XScreenSaver by preventing network connectivity + if the system uses a remote directory service for credentials such as + NIS or LDAP, which will unlock the screen. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All XScreenSaver users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/xscreensaver-5.02" + + + CVE-2007-1859 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-15.xml new file mode 100644 index 0000000000..aaf4900c2b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-15.xml @@ -0,0 +1,65 @@ + + + + + Samba: Multiple vulnerabilities + + Samba contains multiple vulnerabilities potentially resulting in the + execution of arbitrary code with root privileges. + + samba + May 15, 2007 + May 15, 2007: 01 + 177029 + remote + + + 3.0.24-r2 + 3.0.24-r2 + + + +

+ Samba is a suite of SMB and CIFS client/server programs for UNIX. +

+ + +

+ Samba contains a logical error in the smbd daemon when translating + local SID to user names (CVE-2007-2444). Furthermore, Samba contains + several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446). + Lastly, Samba fails to properly sanitize remote procedure input + provided via Microsoft Remote Procedure Calls (CVE-2007-2447). +

+ + +

+ A remote attacker could exploit these vulnerabilities to gain root + privileges via various vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.24-r2" + + + CVE-2007-2444 + CVE-2007-2446 + CVE-2007-2447 + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-16.xml new file mode 100644 index 0000000000..31baecc392 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-16.xml @@ -0,0 +1,65 @@ + + + + + PhpWiki: Remote execution of arbitrary code + + A vulnerability has been discovered in PhpWiki allowing for the remote + execution of arbitrary code. + + phpwiki + May 17, 2007 + May 17, 2007: 01 + 174451 + remote + + + 1.3.10-r3 + 1.3.10-r3 + + + +

+ PhpWiki is an open source content management system written in PHP. +

+ + +

+ Harold Hallikainen has reported that the Upload page fails to properly + check the extension of a file. +

+ + +

+ A remote attacker could upload a specially crafted PHP file to the + vulnerable server, resulting in the execution of arbitrary PHP code + with the privileges of the user running PhpWiki. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PhpWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r3" + + + CVE-2007-2024 + CVE-2007-2025 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-17.xml new file mode 100644 index 0000000000..70ead57a21 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-17.xml @@ -0,0 +1,68 @@ + + + + + Apache mod_security: Rule bypass + + A vulnerability has been discovered in mod_security, allowing a remote + attacker to bypass rules. + + mod_security + May 17, 2007 + December 30, 2007: 02 + 169778 + remote + + + 2.1.1 + 2.1.1 + + + +

+ mod_security is an Apache module designed for enhancing the security of + the Apache web server. +

+ + +

+ Stefan Esser discovered that mod_security processes NULL characters as + terminators in POST requests using the + application/x-www-form-urlencoded encoding type, while other parsers + used in web applications do not. +

+ + +

+ A remote attacker could send a specially crafted POST request, possibly + bypassing the module ruleset and leading to the execution of arbitrary + code in the scope of the web server with the rights of the user running + the web server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mod_security users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.1.1" + + + CVE-2007-1359 + + + shellsage + + + shellsage + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-18.xml new file mode 100644 index 0000000000..93d2918fde --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-18.xml @@ -0,0 +1,63 @@ + + + + + PPTPD: Denial of Service attack + + A vulnerability has been reported in PPTPD which could lead to a Denial of + Service. + + pptpd + May 20, 2007 + May 20, 2007: 01 + 176936 + remote + + + 1.3.4 + 1.3.4 + + + +

+ PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. +

+ + +

+ James Cameron from HP has reported a vulnerability in PPTPD caused by + malformed GRE packets. +

+ + +

+ A remote attacker could exploit this vulnerability to cause a Denial of + Service on the PPTPD connection. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PPTPD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/pptpd-1.3.4" + + + CVE-2007-0244 + + + jaervosz + + + jaervosz + + + dizzutch + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-19.xml new file mode 100644 index 0000000000..78004619b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-19.xml @@ -0,0 +1,102 @@ + + + + + PHP: Multiple vulnerabilities + + PHP contains several vulnerabilities including buffer and integer overflows + which could under certain conditions lead to the remote execution of + arbitrary code. + + php + May 26, 2007 + March 29, 2008: 02 + 169372 + remote + + + 4.4.7 + 4.4.8_pre20070816 + 5.2.2 + 5.2.2 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ Several vulnerabilities were found in PHP, most of them during the + Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these + vulnerabilities are integer overflows in wbmp.c from the GD library + (CVE-2007-1001) and in the substr_compare() PHP 5 function + (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in + the make_http_soap_request() and in the user_filter_factory_create() + functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev + discovered another buffer overflow in the bundled XMLRPC library + (CVE-2007-1864). Additionally, the session_regenerate_id() and the + array_user_key_compare() functions contain a double-free vulnerability + (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation + errors in the Zend engine, in the mb_parse_str(), the unserialize() and + the mail() functions and other elements. +

+ + +

+ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.2" +

+ All PHP 4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.7" + + + CVE-2007-1001 + CVE-2007-1285 + CVE-2007-1286 + CVE-2007-1484 + CVE-2007-1521 + CVE-2007-1583 + CVE-2007-1700 + CVE-2007-1701 + CVE-2007-1711 + CVE-2007-1717 + CVE-2007-1718 + CVE-2007-1864 + CVE-2007-1900 + CVE-2007-2509 + CVE-2007-2510 + CVE-2007-2511 + + + jaervosz + + + jaervosz + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-20.xml new file mode 100644 index 0000000000..f110feef7f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-20.xml @@ -0,0 +1,88 @@ + + + + + Blackdown Java: Applet privilege escalation + + The Blackdown JDK and the Blackdown JRE suffer from the multiple + unspecified vulnerabilities that already affected the Sun JDK and JRE. + + blackdown-jdk,blackdown-jre + May 26, 2007 + May 26, 2007: 01 + 161835 + remote + + + 1.4.2.03-r14 + 1.4.2.03-r14 + + + 1.4.2.03-r14 + 1.4.2.03-r14 + + + +

+ Blackdown provides implementations of the Java Development Kit (JDK) + and the Java Runtime Environment (JRE). +

+ + +

+ Chris Evans has discovered multiple buffer overflows in the Sun JDK and + the Sun JRE possibly related to various AWT and font layout functions. + Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK + and the Sun JRE relating to unintended applet data access. He has also + discovered multiple other unspecified vulnerabilities in the Sun JDK + and the Sun JRE allowing unintended Java applet or application resource + acquisition. Additionally, a memory corruption error has been found in + the handling of GIF images with zero width field blocks. +

+ + +

+ An attacker could entice a user to run a specially crafted Java applet + or application that could read, write, or execute local files with the + privileges of the user running the JVM, access data maintained in other + Java applets, or escalate the privileges of the currently running Java + applet or application allowing for unauthorized access to system + resources. +

+ + +

+ Disable the "nsplugin" USE flag in order to prevent web applets from + being run. +

+ + +

+ Since there is no fixed update from Blackdown and since the flaw only + occurs in the applets, the "nsplugin" USE flag has been masked in the + portage tree. Emerge the ebuild again in order to fix the + vulnerability. Another solution is to switch to another Java + implementation such as the Sun implementation (dev-java/sun-jdk and + dev-java/sun-jre-bin). +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-java/blackdown-jdk" + # emerge --ask --oneshot --verbose "dev-java/blackdown-jre" + + + CVE-2006-6731 + CVE-2006-6736 + CVE-2006-6737 + CVE-2006-6745 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-21.xml new file mode 100644 index 0000000000..8e0e469740 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-21.xml @@ -0,0 +1,70 @@ + + + + + MPlayer: Two buffer overflows + + Two vulnerabilities have been discovered in MPlayer, each one could lead to + the execution of arbitrary code. + + mplayer + May 30, 2007 + October 12, 2007: 02 + 168917 + remote + + + 1.0.20070321 + 1.0 + 1.0.20070321 + + + +

+ MPlayer is a media player incuding support for a wide range of audio + and video formats. +

+ + +

+ A buffer overflow has been reported in the DMO_VideoDecoder_Open() + function in file loader/dmo/DMO_VideoDecoder.c. Another buffer overflow + has been reported in the DS_VideoDecoder_Open() function in file + loader/dshow/DS_VideoDecoder.c. +

+ + +

+ A remote attacker could entice a user to open a specially crafted video + file, potentially resulting in the execution of arbitrary code with the + privileges of the user running MPlayer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20070321" + + + CVE-2007-1246 + CVE-2007-1387 + GLSA 200704-09 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-22.xml new file mode 100644 index 0000000000..c8c4379119 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-22.xml @@ -0,0 +1,66 @@ + + + + + FreeType: Buffer overflow + + A vulnerability has been discovered in FreeType allowing for the execution + of arbitrary code. + + freetype + May 30, 2007 + May 30, 2007: 01 + 179161 + remote + + + 2.3.4-r2 + 2.0 + 2.3.4-r2 + + + +

+ FreeType is a True Type Font rendering library. +

+ + +

+ Victor Stinner discovered a heap-based buffer overflow in the function + Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with + a negative n_points attribute. +

+ + +

+ A remote attacker could entice a user to open a specially crafted TTF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running FreeType. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeType users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.4-r2" + + + CVE-2007-2754 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-23.xml new file mode 100644 index 0000000000..5c9b2489fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-23.xml @@ -0,0 +1,100 @@ + + + + + Sun JDK/JRE: Multiple vulnerabilities + + Multiple vulnerabilities have been identified in Sun Java Development Kit + (JDK) and Java Runtime Environment (JRE). + + sun-jdk,sun-jre-bin + May 31, 2007 + May 28, 2009: 05 + 176675 + 178851 + remote + + + 1.5.0.11 + 1.4.2.14 + 1.4.2.15 + 1.4.2.19 + 1.5.0.11 + + + 1.6.0.01 + 1.5.0.16 + 1.5.0.15 + 1.5.0.12 + 1.5.0.11 + 1.4.2.18 + 1.4.2.17 + 1.4.2.15 + 1.4.2.14 + 1.4.2.19 + 1.5.0.17 + 1.5.0.18 + 1.6.0.01 + + + +

+ The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +

+ + +

+ An unspecified vulnerability involving an "incorrect use of system + classes" was reported by the Fujitsu security team. Additionally, Chris + Evans from the Google Security Team reported an integer overflow + resulting in a buffer overflow in the ICC parser used with JPG or BMP + files, and an incorrect open() call to /dev/tty when processing certain + BMP files. +

+ + +

+ A remote attacker could entice a user to run a specially crafted Java + class or applet that will trigger one of the vulnerabilities. This + could lead to the execution of arbitrary code outside of the Java + sandbox and of the Java security restrictions, or crash the Java + application or the browser. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sun Java Development Kit users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-java/sun-jdk" +

+ All Sun Java Runtime Environment users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin" + + + CVE-2007-2435 + CVE-2007-2788 + CVE-2007-2789 + + + jaervosz + + + falco + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-24.xml new file mode 100644 index 0000000000..31923a1854 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-24.xml @@ -0,0 +1,68 @@ + + + + + libpng: Denial of Service + + A vulnerability in libpng may allow a remote attacker to crash applications + that handle untrusted images. + + libpng + May 31, 2007 + May 31, 2007: 01 + 178004 + remote + + + 1.2.17 + 1.2.17 + + + +

+ libpng is a free ANSI C library used to process and manipulate PNG + images. +

+ + +

+ Mats Palmgren fixed an error in file pngrutil.c in which the trans[] + array might be not allocated because of images with a bad tRNS chunk + CRC value. +

+ + +

+ A remote attacker could craft an image that when processed or viewed by + an application using libpng causes the application to terminate + abnormally. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Please note that due to separate bugs in libpng 1.2.17, Gentoo does not + provide libpng-1.2.17 but libpng-1.2.18. All libpng users should + upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.18" + + + CVE-2007-2445 + + + jaervosz + + + falco + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-25.xml new file mode 100644 index 0000000000..242c4fd926 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200705-25.xml @@ -0,0 +1,64 @@ + + + + + file: Integer overflow + + An integer overflow vulnerability has been reported in file allowing for + the user-assisted execution of arbitrary code. + + file + May 31, 2007 + June 01, 2007: 02 + 179583 + remote + + + 4.21 + 4.21 + + + +

+ file is a utility that guesses a file format by scanning binary data + for patterns. +

+ + +

+ Colin Percival from FreeBSD reported that the previous fix for the + file_printf() buffer overflow introduced a new integer overflow. +

+ + +

+ A remote attacker could entice a user to run the file program on an + overly large file (more than 1Gb) that would trigger an integer + overflow on 32-bit systems, possibly leading to the execution of + arbitrary code with the rights of the user running file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Since file is a system package, all Gentoo users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-4.21" + + + CVE-2007-2799 + + + falco + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-01.xml new file mode 100644 index 0000000000..2c6e6ba53e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-01.xml @@ -0,0 +1,66 @@ + + + + + libexif: Integer overflow vulnerability + + libexif fails to handle Exif (EXchangeable Image File) data inputs, making + it vulnerable to an integer overflow. + + libexif + June 05, 2007 + June 05, 2007: 01 + 178081 + remote + + + 0.6.15 + 0.6.15 + + + +

+ libexif is a library for parsing, editing and saving Exif data. +

+ + +

+ Victor Stinner reported an integer overflow in the + exif_data_load_data_entry() function from file exif-data.c while + handling Exif data. +

+ + +

+ An attacker could entice a user to process a file with specially + crafted Exif extensions with an application making use of libexif, + which will trigger the integer overflow and potentially execute + arbitrary code or crash the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libexif users should upgrade to the latest version. Please note + that users upgrading from "<=media-libs/libexif-0.6.13" should also run + revdep-rebuild after their upgrade. +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.15" + # revdep-rebuild --library=/usr/lib/libexif.so + + + CVE-2007-2645 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-02.xml new file mode 100644 index 0000000000..ef7931865b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-02.xml @@ -0,0 +1,65 @@ + + + + + Evolution: User-assisted execution of arbitrary code + + A vulnerability has been discovered in Evolution allowing for the execution + of arbitrary code. + + evolution + June 06, 2007 + June 06, 2007: 01 + 170879 + remote + + + 2.8.3-r2 + 2.8.3-r2 + + + +

+ Evolution is the mail client of the GNOME desktop environment. +

+ + +

+ Ulf Harnhammar from Secunia Research has discovered a format string + error in the write_html() function in the file + calendar/gui/e-cal-component-memo-preview.c. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + shared memo, possibly resulting in the execution of arbitrary code with + the privileges of the user running Evolution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Evolution users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.8.3-r2" + + + CVE-2007-1002 + + + jaervosz + + + p-y + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-03.xml new file mode 100644 index 0000000000..64f182ce4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-03.xml @@ -0,0 +1,66 @@ + + + + + ELinks: User-assisted execution of arbitrary code + + A vulnerability has been discovered in ELinks allowing for the + user-assisted execution of arbitrary code. + + elinks + June 06, 2007 + June 06, 2007: 01 + 177512 + local + + + 0.11.2-r1 + 0.11.2-r1 + + + +

+ ELinks is a text-mode web browser. +

+ + +

+ Arnaud Giersch discovered that the "add_filename_to_string()" function + in file intl/gettext/loadmsgcat.c uses an untrusted relative path, + allowing for a format string attack with a malicious .po file. +

+ + +

+ A local attacker could entice a user to run ELinks in a specially + crafted directory environment containing a malicious ".po" file, + possibly resulting in the execution of arbitrary code with the + privileges of the user running ELinks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ELinks users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/elinks-0.11.2-r1" + + + CVE-2007-2027 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-04.xml new file mode 100644 index 0000000000..1194d4fc86 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-04.xml @@ -0,0 +1,72 @@ + + + + + MadWifi: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in MadWifi, possibly allowing + for the execution of arbitrary code or a Denial of Service. + + madwifi-ng + June 11, 2007 + June 11, 2007: 01 + 179532 + remote + + + 0.9.3.1 + 0.9.3.1 + + + +

+ The MadWifi driver provides support for Atheros based IEEE 802.11 + Wireless Lan cards. +

+ + +

+ Md Sohail Ahmad from AirTight Networks has discovered a divison by zero + in the ath_beacon_config() function (CVE-2007-2830). The vendor has + corrected an input validation error in the + ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() + functions(CVE-207-2831), and an input sanitization error when parsing + nested 802.3 Ethernet frame lengths (CVE-2007-2829). +

+ + +

+ An attacker could send specially crafted packets to a vulnerable host + to exploit one of these vulnerabilities, possibly resulting in the + execution of arbitrary code with root privileges, or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MadWifi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3.1" + + + CVE-2007-2829 + CVE-2007-2830 + CVE-2007-2831 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-05.xml new file mode 100644 index 0000000000..a993d464d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-05.xml @@ -0,0 +1,83 @@ + + + + + ClamAV: Multiple Denials of Service + + ClamAV contains several vulnerabilities leading to a Denial of Service. + + clamav + June 15, 2007 + June 15, 2007: 01 + 178082 + remote, local + + + 0.90.3 + 0.90.3 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ Several vulnerabilities were discovered in ClamAV by various + researchers: +

+
  • Victor Stinner (INL) discovered that the OLE2 + parser may enter in an infinite loop (CVE-2007-2650).
    • +
  • A + boundary error was also reported by an anonymous researcher in the file + unsp.c, which might lead to a buffer overflow (CVE-2007-3023).
    • +
  • The file unrar.c contains a heap-based buffer overflow via a + modified vm_codesize value from a RAR file (CVE-2007-3123).
    • +
  • The RAR parsing engine can be bypassed via a RAR file with a header + flag value of 10 (CVE-2007-3122).
    • +
  • The cli_gentempstream() + function from clamdscan creates temporary files with insecure + permissions (CVE-2007-3024).
    • +
+ + +

+ A remote attacker could send a specially crafted file to the scanner, + possibly triggering one of the vulnerabilities. The two buffer + overflows are reported to only cause Denial of Service. This would lead + to a Denial of Service by CPU consumption or a crash of the scanner. + The insecure temporary file creation vulnerability could be used by a + local user to access sensitive data. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90.3" + + + CVE-2007-2650 + CVE-2007-3023 + CVE-2007-3024 + CVE-2007-3122 + CVE-2007-3123 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-06.xml new file mode 100644 index 0000000000..4856d5cf72 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-06.xml @@ -0,0 +1,147 @@ + + + + + Mozilla products: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Firefox, + Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted + arbitrary remote code execution. + + mozilla-firefox,mozilla-thunderbird,mozilla-firefox-bin,mozilla-thunderbird-bin,seamonkey,seamonkey-bin,xulrunner + June 19, 2007 + June 19, 2007: 01 + 180436 + remote + + + 2.0.0.4 + 2.0.0.4 + + + 2.0.0.4 + 2.0.0.4 + + + 2.0.0.4 + 1.5.0.12 + 2.0.0.4 + + + 2.0.0.4 + 1.5.0.12 + 2.0.0.4 + + + 1.1.2 + 1.1.2 + + + 1.1.2 + 1.1.2 + + + 1.8.1.4 + 1.8.1.4 + + + +

+ Mozilla Firefox is an open-source web browser from the Mozilla Project, + and Mozilla Thunderbird an email client. The SeaMonkey project is a + community effort to deliver production-quality releases of code derived + from the application formerly known as the 'Mozilla Application Suite'. + XULRunner is a Mozilla runtime package that can be used to bootstrap + XUL+XPCOM applications like Firefox and Thunderbird. +

+ + +

+ Mozilla developers fixed several bugs involving memory corruption + through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, + several errors leading to crash, memory exhaustion or CPU consumption + were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to + the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and + spoofing prevention (CVE-2007-2871) were fixed. +

+ + +

+ A remote attacker could entice a user to view a specially crafted web + page that will trigger one of the vulnerabilities, possibly leading to + the execution of arbitrary code or a Denial of Service. It is also + possible for an attacker to spoof the address bar or other browser + elements, obtain sensitive APOP information, or perform cross-site + scripting attacks, leading to the exposure of sensitive information, + like user credentials. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.4" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.4" +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.4" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.4" +

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.2" +

+ All SeaMonkey binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.2" +

+ All XULRunner users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.4" + + + CVE-2007-1362 + CVE-2007-1558 + CVE-2007-2867 + CVE-2007-2868 + CVE-2007-2869 + CVE-2007-2870 + CVE-2007-2871 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-07.xml new file mode 100644 index 0000000000..ddd3169885 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-07.xml @@ -0,0 +1,73 @@ + + + + + PHProjekt: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in PHProjekt, allowing for + the execution of arbitrary PHP and SQL code, and cross-site scripting + attacks. + + phprojekt + June 19, 2007 + June 19, 2007: 01 + 170905 + remote + + + 5.2.1 + 5.2.1 + + + +

+ PHProjekt is a project management and coordination tool written in PHP. +

+ + +

+ Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in + PHProjekt, including the execution of arbitrary SQL commands using + unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code + using an unrestricted file upload (CVE-2007-1639), cross-site request + forgeries using different modules (CVE-2007-1638), and a cross-site + scripting attack using unkown vectors (CVE-2007-1576). +

+ + +

+ An authenticated user could elevate their privileges by exploiting the + vulnerabilities described above. Note that the magic_quotes_gpc PHP + configuration setting must be set to "off" to exploit these + vulnerabilities. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHProjekt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phprojekt-5.2.1" + + + CVE-2007-1575 + CVE-2007-1576 + CVE-2007-1638 + CVE-2007-1639 + + + falco + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-08.xml new file mode 100644 index 0000000000..36c79d8190 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-08.xml @@ -0,0 +1,76 @@ + + + + + emul-linux-x86-java: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in emul-linux-x86-java, + possibly resulting in the execution of arbitrary code or a Denial of + Service. + + emul-linux-x86-java + June 26, 2007 + May 28, 2009: 03 + 178962 + remote + + + 1.5.0.11 + 1.4.2.16 + 1.4.2.17 + 1.4.2.19 + 1.5.0.11 + + + +

+ emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development + Kit. +

+ + +

+ Chris Evans of the Google Security Team has discovered an integer + overflow in the ICC parser, and another vulnerability in the BMP + parser. An unspecified vulnerability involving an "incorrect use of + system classes" was reported by the Fujitsu security team. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the execution of arbitrary code with the + privileges of the user running Emul-linux-x86-java. They also could + entice a user to open a specially crafted BMP image, resulting in a + Denial of Service. Note that these vulnerabilities may also be + triggered by a tool processing image files automatically. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Emul-linux-x86-java users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.11" + + + CVE-2007-2435 + CVE-2007-2788 + CVE-2007-2789 + + + falco + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-09.xml new file mode 100644 index 0000000000..a0d8edab5e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200706-09.xml @@ -0,0 +1,68 @@ + + + + + libexif: Buffer overflow + + libexif does not properly handle image EXIF information, possibly allowing + for the execution of arbitrary code. + + libexif + June 26, 2007 + June 26, 2007: 01 + 181922 + remote + + + 0.6.16 + 0.6.16 + + + +

+ libexif is a library for parsing, editing and saving EXIF metadata from + images. +

+ + +

+ iDefense Labs have discovered that the exif_data_load_data_entry() + function in libexif/exif-data.c improperly handles integer data while + working with an image with many EXIF components, allowing an integer + overflow possibly leading to a heap-based buffer overflow. +

+ + +

+ An attacker could entice a user of an application making use of a + vulnerable version of libexif to load a specially crafted image file, + possibly resulting in a crash of the application or the execution of + arbitrary code with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libexif users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.16" + + + CVE-2006-4168 + + + jaervosz + + + jaervosz + + + shellsage + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-01.xml new file mode 100644 index 0000000000..6a51b00a34 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-01.xml @@ -0,0 +1,63 @@ + + + + + Firebird: Buffer overflow + + A vulnerability has been discovered in Firebird, allowing for the execution + of arbitrary code. + + firebird + July 01, 2007 + July 01, 2007: 01 + 181811 + remote + + + 2.0.1 + 2.0.1 + + + +

+ Firebird is an open source relational database that runs on Linux, + Windows, and various UNIX systems. +

+ + +

+ Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow + when processing "connect" requests with an overly large "p_cnct_count" + value. +

+ + +

+ An unauthenticated remote attacker could send a specially crafted + request to a vulnerable server, possibly resulting in the execution of + arbitrary code with the privileges of the user running Firebird. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Firebird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.1" + + + CVE-2007-3181 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-02.xml new file mode 100644 index 0000000000..72c2891bf2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-02.xml @@ -0,0 +1,80 @@ + + + + + OpenOffice.org: Two buffer overflows + + Multiple vulnerabilities have been discovered in OpenOffice.org, allowing + for the remote execution of arbitrary code. + + openoffice + July 02, 2007 + July 02, 2007: 01 + 181773 + remote + + + 2.2.1 + 2.2.1 + + + 2.2.1 + 2.2.1 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ John Heasman of NGSSoftware has discovered a heap-based buffer overflow + when parsing the "prdata" tag in RTF files where the first token is + smaller than the second one (CVE-2007-0245). Additionally, the + OpenOffice binary program is shipped with a version of FreeType that + contains an integer signedness error in the n_points variable in file + truetype/ttgload.c, which was covered by GLSA 200705-22 + (CVE-2007-2754). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly leading to execution of arbitrary code with the + rights of the user running OpenOffice.org. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.2.1" +

+ All OpenOffice.org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.1" + + + CVE-2007-0245 + CVE-2007-2754 + GLSA 200705-22 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-03.xml new file mode 100644 index 0000000000..25b77dbc95 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-03.xml @@ -0,0 +1,68 @@ + + + + + Evolution: User-assisted remote execution of arbitrary code + + The IMAP client of Evolution contains a vulnerability potentially leading + to the execution of arbitrary code. + + evolution-data-server + July 02, 2007 + July 02, 2007: 01 + 182011 + remote + + + 1.8.3-r5 + 1.6.2-r1 + 1.8.3-r5 + + + +

+ Evolution is the mail client of the GNOME desktop environment. Camel is + the Evolution Data Server module that handles mail functions. +

+ + +

+ The imap_rescan() function of the file camel-imap-folder.c does not + properly sanitize the "SEQUENCE" response sent by an IMAP server before + being used to index arrays. +

+ + +

+ A malicious or compromised IMAP server could trigger the vulnerability + and execute arbitrary code with the permissions of the user running + Evolution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Evolution users should upgrade evolution-data-server to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "gnome-extra/evolution-data-server" + + + CVE-2007-3257 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-04.xml new file mode 100644 index 0000000000..0c76351cd4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-04.xml @@ -0,0 +1,69 @@ + + + + + GNU C Library: Integer overflow + + An integer overflow in the dynamic loader, ld.so, could result in the + execution of arbitrary code with escalated privileges. + + glibc + July 03, 2007 + July 03, 2007: 01 + 183844 + local + + + 2.5-r4 + 2.5-r4 + + + +

+ The GNU C library is the standard C library used by Gentoo Linux + systems. It provides programs with basic facilities and interfaces to + system calls. ld.so is the dynamic linker which prepares dynamically + linked programs for execution by resolving runtime dependencies and + related functions. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in + the handling of the hardware capabilities mask by the dynamic loader. + If a mask is specified with a high population count, an integer + overflow could occur when allocating memory. +

+ + +

+ As the hardware capabilities mask is honored by the dynamic loader + during the execution of suid and sgid programs, in theory this + vulnerability could result in the execution of arbitrary code with root + privileges. This update is provided as a precaution against currently + unknown attack vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.5-r4" + + + CVE-2007-3508 + + + taviso + + + taviso + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-05.xml new file mode 100644 index 0000000000..a2e6f8c5e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-05.xml @@ -0,0 +1,75 @@ + + + + + Webmin, Usermin: Cross-site scripting vulnerabilities + + Webmin and Usermin are vulnerable to cross-site scripting vulnerabilities + (XSS). + + webmin/usermin + July 05, 2007 + July 05, 2007: 01 + 181385 + remote + + + 1.350 + 1.350 + + + 1.280 + 1.280 + + + +

+ Webmin is a web-based administrative interface for Unix-like systems. + Usermin is a simplified version of Webmin designed for use by normal + users rather than system administrators. +

+ + +

+ The pam_login.cgi file does not properly sanitize user input before + sending it back as output to the user. +

+ + +

+ An unauthenticated attacker could entice a user to browse a specially + crafted URL, allowing for the execution of script code in the context + of the user's browser and for the theft of browser credentials. This + may permit the attacker to login to Webmin or Usermin with the user's + permissions. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Webmin users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --verbose --oneshot ">=app-admin/webmin-1.350" +

+ All Usermin users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --verbose --oneshot ">=app-admin/usermin-1.280" + + + CVE-2007-3156 + + + falco + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-06.xml new file mode 100644 index 0000000000..fbdae35e58 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-06.xml @@ -0,0 +1,67 @@ + + + + + XnView: Stack-based buffer overflow + + XnView is vulnerable to a stack-based buffer overflow and possible remote + code execution when handling XPM image files. + + xnview + July 11, 2007 + July 11, 2007: 01 + 175670 + remote + + + 1.70 + + + +

+ XnView is software to view and convert graphics files. XPixMap (XPM) is + a simple ascii-based graphics format. +

+ + +

+ XnView is vulnerable to a stack-based buffer overflow while processing + an XPM file with an overly long section string (greater than 1024 + bytes). +

+ + +

+ An attacker could entice a user to view a specially crafted XPM file + with XnView that could trigger the vulnerability and possibly execute + arbitrary code with the rights of the user running XnView. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ No update appears to be forthcoming from the XnView developer and + XnView is proprietary, so the XnView package has been masked in + Portage. We recommend that users select an alternate graphics viewer + and conversion utility, and unmerge XnView: +

+ + # emerge --unmerge xnview + + + CVE-2007-2194 + + + jaervosz + + + aetius + + + DerCorny + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-07.xml new file mode 100644 index 0000000000..73bd64821e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-07.xml @@ -0,0 +1,68 @@ + + + + + MPlayer: Multiple buffer overflows + + Multiple vulnerabilities have been discovered in MPlayer, possibly allowing + for the remote execution of arbitrary code. + + mplayer + July 24, 2007 + October 12, 2007: 03 + 181097 + remote + + + 1.0.20070622 + 1.0 + 1.0.20070622 + + + +

+ MPlayer is a media player incuding support for a wide range of audio + and video formats. +

+ + +

+ Stefan Cornelius and Reimar Doffinger of Secunia Research discovered + several boundary errors in the functions cddb_query_parse(), + cddb_parse_matches_list() and cddb_read_parse(), each allowing for a + stack-based buffer overflow. +

+ + +

+ A remote attacker could entice a user to open a specially crafted file + with malicious CDDB entries, possibly resulting in the execution of + arbitrary code with the privileges of the user running MPlayer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20070622" + + + CVE-2007-2948 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-08.xml new file mode 100644 index 0000000000..5919862047 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-08.xml @@ -0,0 +1,65 @@ + + + + + NVClock: Insecure file usage + + A vulnerability has been discovered in NVClock, allowing for the execution + of arbitrary code. + + nvclock + July 24, 2007 + July 24, 2007: 01 + 184071 + local + + + 0.7-r2 + 0.7-r2 + + + +

+ NVClock is an utility for changing NVidia graphic chipsets internal + frequency. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock + makes usage of an insecure temporary file in the /tmp directory. +

+ + +

+ A local attacker could create a specially crafted temporary file in + /tmp to execute arbitrary code with the privileges of the user running + NVCLock. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NVClock users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/nvclock-0.7-r2" + + + CVE-2007-3531 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-09.xml new file mode 100644 index 0000000000..9cba5cae06 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-09.xml @@ -0,0 +1,68 @@ + + + + + GIMP: Multiple integer overflows + + Multiple vulnerabilities have been discovered in GIMP, allowing for the + remote execution of arbitrary code. + + gimp + July 25, 2007 + July 25, 2007: 01 + 182047 + remote + + + 2.2.16 + 2.2.16 + + + +

+ GIMP is the GNU Image Manipulation Program. +

+ + +

+ Sean Larsson from iDefense Labs discovered multiple integer overflows + in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia + Research discovered an integer overflow in the + seek_to_and_unpack_pixeldata() function when processing PSD files + (CVE-2007-2949). +

+ + +

+ A remote attacker could entice a user to open a specially crafted image + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running GIMP. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GIMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.2.16" + + + CVE-2006-4519 + CVE-2007-2949 + + + DerCorny + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-10.xml new file mode 100644 index 0000000000..c9cfb54254 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-10.xml @@ -0,0 +1,60 @@ + + + + + Festival: Privilege elevation + + A vulnerability has been discovered in Festival, allowing for a local + privilege escalation. + + festival + July 25, 2007 + July 25, 2007: 01 + 170477 + local + + + 1.95_beta-r4 + 1.95_beta-r4 + + + +

+ Festival is a text-to-speech accessibility program. +

+ + +

+ Konstantine Shirow reported a vulnerability in default Gentoo + configurations of Festival. The daemon is configured to run with root + privileges and to listen on localhost, without requiring a password. +

+ + +

+ A local attacker could gain root privileges by connecting to the daemon + and execute arbitrary commands. +

+ + +

+ Set a password in the configuration file /etc/festival/server.scm by + adding the line: (set! server_passwd password) +

+ + +

+ All Festival users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-accessibility/festival-1.95_beta-r4" + + + + p-y + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-11.xml new file mode 100644 index 0000000000..58f053283c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-11.xml @@ -0,0 +1,69 @@ + + + + + MIT Kerberos 5: Arbitrary remote code execution + + Multiple vulnerabilities in MIT Kerberos 5 could potentially result in + remote code execution with root privileges by unauthenticated users. + + mit-krb5 + July 25, 2007 + July 25, 2007: 01 + 183338 + remote + + + 1.5.2-r3 + 1.5.2-r3 + + + +

+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +

+ + +

+ kadmind is affected by multiple vulnerabilities in the RPC library + shipped with MIT Kerberos 5. It fails to properly handle zero-length + RPC credentials (CVE-2007-2442) and the RPC library can write past the + end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to + do proper bounds checking (CVE-2007-2798). +

+ + +

+ A remote unauthenticated attacker could exploit these vulnerabilities + to execute arbitrary code with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.2-r3" + + + CVE-2007-2442 + CVE-2007-2443 + CVE-2007-2798 + + + jaervosz + + + jaervosz + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-12.xml new file mode 100644 index 0000000000..06a6468f46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-12.xml @@ -0,0 +1,66 @@ + + + + + VLC media player: Format string vulnerabilities + + A vulnerability has been discovered in VLC media player, allowing for the + remote execution of arbitrary code. + + vlc + July 28, 2007 + July 28, 2007: 01 + 182389 + remote + + + 0.8.6c + 0.8.6c + + + +

+ VLC media player is a multimedia player for various audio and video + formats. +

+ + +

+ David Thiel from iSEC Partners Inc. discovered format string errors in + various plugins when parsing data. The affected plugins include Vorbis, + Theora, CDDA and SAP. +

+ + +

+ A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running VLC media player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC media player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6c" + + + CVE-2007-3316 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-13.xml new file mode 100644 index 0000000000..2d631659c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-13.xml @@ -0,0 +1,64 @@ + + + + + Fail2ban: Denial of Service + + Fail2ban is vulnerable to a Denial of Service attack. + + fail2ban + July 28, 2007 + January 09, 2008: 02 + 181214 + remote + + + 0.8.0-r1 + 0.8.0-r1 + + + +

+ Fail2ban is a tool for parsing log files and banning IP addresses which + make too many password failures. +

+ + +

+ A vulnerability has been discovered in Fail2ban when parsing log files. +

+ + +

+ A remote attacker could send specially crafted SSH login banners to the + vulnerable host, which would prevent any ssh connection to the host and + result in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Fail2ban users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.8.0-r1" + + + CVE-2007-4321 + Original advisory + + + aetius + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-14.xml new file mode 100644 index 0000000000..6532648376 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200707-14.xml @@ -0,0 +1,66 @@ + + + + + tcpdump: Integer overflow + + A vulnerability has been discovered in tcpdump, allowing for the execution + of arbitrary code, possibly with root privileges. + + tcpdump + July 28, 2007 + July 28, 2007: 01 + 184815 + remote + + + 3.9.5-r3 + 3.9.5-r3 + + + +

+ tcpdump is a tool for capturing and inspecting network traffic. +

+ + +

+ mu-b from Digital Labs discovered that the return value of a snprintf() + call is not properly checked before being used. This could lead to an + integer overflow. +

+ + +

+ A remote attacker could send specially crafted BGP packets on a network + being monitored with tcpdump, possibly resulting in the execution of + arbitrary code with the privileges of the user running tcpdump, which + is usually root. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All tcpdump users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.9.5-r3" + + + CVE-2007-3798 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-01.xml new file mode 100644 index 0000000000..940b1fc621 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-01.xml @@ -0,0 +1,72 @@ + + + + + Macromedia Flash Player: Remote arbitrary code execution + + Multiple vulnerabilities have been discovered in Macromedia Flash Player, + allowing for the remote execution of arbitrary code. + + adobe-flash + August 08, 2007 + May 28, 2009: 02 + 185141 + remote + + + 9.0.48.0 + 9.0.48.0 + + + +

+ The Macromedia Flash Player is a renderer for the popular SWF file type + which is commonly used to provide interactive websites, digital + experiences and mobile content. +

+ + +

+ Mark Hills discovered some errors when interacting with a browser for + keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon + from Minded Security discovered a boundary error when processing FLV + files (CVE-2007-3456). An input validation error when processing HTTP + referrers has also been reported (CVE-2007-3457). +

+ + +

+ A remote attacker could entice a user to open a specially crafted file, + possibly leading to the execution of arbitrary code with the privileges + of the user running the Macromedia Flash Player, or sensitive data + access. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Macromedia Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-9.0.48.0" + + + CVE-2007-2022 + CVE-2007-3456 + CVE-2007-3457 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-02.xml new file mode 100644 index 0000000000..6ee5a85673 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-02.xml @@ -0,0 +1,66 @@ + + + + + Xvid: Array indexing vulnerabilities + + Several array indexing vulnerabilities were discovered in Xvid, possibly + allowing for the remote execution of arbitrary code. + + xvid + August 08, 2007 + August 08, 2007: 01 + 183145 + remote + + + 1.1.3 + 1.1.3 + + + +

+ Xvid is a popular open source video codec licensed under the GPL. +

+ + +

+ Trixter Jack discovered an array indexing error in the + get_intra_block() function in the file src/bitstream/mbcoding.c. The + get_inter_block_h263() and get_inter_block_mpeg() functions in the same + file were also reported as vulnerable. +

+ + +

+ An attacker could exploit these vulnerabilities to execute arbitrary + code by tricking a user or automated system into processing a malicious + video file with an application that makes use of the Xvid library. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xvid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xvid-1.1.3" + + + CVE-2007-3329 + + + p-y + + + DerCorny + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-03.xml new file mode 100644 index 0000000000..9ba6d63108 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-03.xml @@ -0,0 +1,72 @@ + + + + + libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities + + Multiple vulnerabilities were found in libarchive (formerly named as + app-archive/bsdtar), possibly allowing for the execution of arbitrary code + or a Denial of Service. + + libarchive + August 08, 2007 + August 08, 2007: 02 + 184984 + remote + + + 2.2.4 + 2.2.4 + + + +

+ libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +

+ + +

+ CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer + overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL + pointer dereference (CVE-2007-3645) within the processing of archives + having corrupted PaX extension headers. +

+ + +

+ An attacker can trick a user or automated system to process an archive + with malformed PaX extension headers into execute arbitrary code, crash + an application using the library, or cause a high CPU load. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libarchive or bsdtar users should upgrade to the latest libarchive + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/libarchive-2.2.4" + + + CVE-2007-3641 + CVE-2007-3644 + CVE-2007-3645 + + + jaervosz + + + DerCorny + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-04.xml new file mode 100644 index 0000000000..ba0f3aeb17 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-04.xml @@ -0,0 +1,63 @@ + + + + + ClamAV: Denial of Service + + A vulnerability has been discovered in ClamAV, allowing for a Denial of + Service. + + clamav + August 09, 2007 + August 09, 2007: 01 + 185013 + remote + + + 0.91 + 0.91 + + + +

+ ClamAV is a GPL virus scanner. +

+ + +

+ Metaeye Security Group reported a NULL pointer dereference in ClamAV + when processing RAR archives. +

+ + +

+ A remote attacker could send a specially crafted RAR archive to the + clamd daemon, resulting in a crash and a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91" + + + CVE-2007-3725 + + + falco + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-05.xml new file mode 100644 index 0000000000..d8372757f1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-05.xml @@ -0,0 +1,82 @@ + + + + + GD: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in GD, allowing for the + execution of arbitrary code. + + gd + August 09, 2007 + August 09, 2007: 01 + 179154 + remote + + + 2.0.35 + 2.0.35 + + + +

+ GD is a graphic library for fast image creation. +

+ + +

+ Xavier Roche discovered an infinite loop in the gdPngReadData() + function when processing a truncated PNG file (CVE-2007-2756). An + integer overflow has been discovered in the gdImageCreateTrueColor() + function (CVE-2007-3472). An error has been discovered in the function + gdImageCreateXbm() function (CVE-2007-3473). Unspecified + vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). + An error has been discovered when processing a GIF image that has no + global color map (CVE-2007-3475). An array index error has been + discovered in the file gd_gif_in.c when processing images with an + invalid color index (CVE-2007-3476). An error has been discovered in + the imagearc() and imagefilledarc() functions when processing overly + large angle values (CVE-2007-3477). A race condition has been + discovered in the gdImageStringFTEx() function (CVE-2007-3478). +

+ + +

+ A remote attacker could exploit one of these vulnerabilities to cause a + Denial of Service or possibly execute arbitrary code with the + privileges of the user running GD. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gd-2.0.35" + + + CVE-2007-2756 + CVE-2007-3472 + CVE-2007-3473 + CVE-2007-3474 + CVE-2007-3475 + CVE-2007-3476 + CVE-2007-3477 + CVE-2007-3478 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-06.xml new file mode 100644 index 0000000000..5b5d6a0152 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-06.xml @@ -0,0 +1,66 @@ + + + + + Net::DNS: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in the Net::DNS Perl module, + allowing for a Denial of Service and a cache poisoning attack. + + net-dns + August 11, 2007 + August 11, 2007: 01 + 184029 + remote + + + 0.60 + 0.60 + + + +

+ Net::DNS is a Perl implementation of a DNS resolver. +

+ + +

+ hjp discovered an error when handling DNS query IDs which make them + partially predictable. Steffen Ullrich discovered an error in the + dn_expand() function which could lead to an endless loop. +

+ + +

+ A remote attacker could send a specially crafted DNS request to the + server which could result in a Denial of Service with an infinite + recursion, or perform a cache poisoning attack. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Net::DNS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/Net-DNS-0.60" + + + CVE-2007-3377 + CVE-2007-3409 + + + aetius + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-07.xml new file mode 100644 index 0000000000..5c8d5176dc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-07.xml @@ -0,0 +1,66 @@ + + + + + Xfce Terminal: Remote arbitrary code execution + + A vulnerability has been discovered in the Xfce Terminal program, allowing + for the remote execution of arbitrary code. + + terminal + August 11, 2007 + July 12, 2008: 02 + 184886 + remote + + + 0.2.6_p25931 + 0.2.6_p25931 + + + +

+ Xfce Terminal is a console tool for the Xfce desktop environment. +

+ + +

+ Lasse Karkkainen discovered that the function terminal_helper_execute() + in file terminal-helper.c does not properly escape the URIs before + processing. +

+ + +

+ A remote attacker could entice a user to open a specially crafted link, + possibly leading to the remote execution of arbitrary code with the + privileges of the user running Xfce Terminal. Note that the exploit + code depends on the browser used to open the crafted link. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xfce Terminal users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/terminal-0.2.6_p25931" + + + CVE-2007-3770 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-08.xml new file mode 100644 index 0000000000..510d608242 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-08.xml @@ -0,0 +1,73 @@ + + + + + SquirrelMail G/PGP plugin: Arbitrary code execution + + Multiple vulnerabilities have been discovered in SquirrelMail, allowing for + the remote execution of arbitrary code. + + squirrelmail + August 11, 2007 + August 11, 2007: 01 + 185010 + remote + + + 1.4.10a-r2 + 1.4.10a-r2 + + + +

+ SquirrelMail is a webmail package written in PHP. It supports IMAP and + SMTP protocols. +

+ + +

+ The functions deletekey(), gpg_check_sign_pgp_mime() and gpg_recv_key() + used in the SquirrelMail G/PGP encryption plugin do not properly escape + user-supplied data. +

+ + +

+ An authenticated user could use the plugin to execute arbitrary code on + the server, or a remote attacker could send a specially crafted e-mail + to a SquirrelMail user, possibly leading to the execution of arbitrary + code with the privileges of the user running the underlying web server. + Note that the G/PGP plugin is disabled by default. +

+ + +

+ Enter the SquirrelMail configuration directory + (/usr/share/webapps/squirrelmail/version/htdocs/config), then execute + the conf.pl script. Select the plugins menu, then select the gpg plugin + item number in the "Installed Plugins" list to disable it. Press S to + save your changes, then Q to quit. +

+ + +

+ All SquirrelMail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.10a-r2" + + + CVE-2005-1924 + CVE-2006-4169 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-09.xml new file mode 100644 index 0000000000..34b4ff8876 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-09.xml @@ -0,0 +1,151 @@ + + + + + Mozilla products: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Firefox, + Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted + arbitrary remote code execution. + + mozilla-firefox,mozilla-firefox-bin,seamonkey,seamonkey-bin,mozilla-thunderbird,mozilla-thunderbird-bin,xulrunner + August 14, 2007 + August 14, 2007: 01 + 185737 + 187205 + remote + + + 2.0.0.6 + 2.0.0.6 + + + 2.0.0.6 + 2.0.0.6 + + + 2.0.0.6 + 2.0.0.6 + + + 2.0.0.6 + 2.0.0.6 + + + 1.1.4 + 1.1.4 + + + 1.1.4 + 1.1.4 + + + 1.8.1.6 + 1.8.1.6 + + + +

+ Mozilla Firefox is an open-source web browser from the Mozilla Project, + and Mozilla Thunderbird an email client. The SeaMonkey project is a + community effort to deliver production-quality releases of code derived + from the application formerly known as the 'Mozilla Application Suite'. + XULRunner is a Mozilla runtime package that can be used to bootstrap + XUL+XPCOM applications like Firefox and Thunderbird. +

+ + +

+ Mozilla developers fixed several bugs, including an issue with + modifying XPCNativeWrappers (CVE-2007-3738), a problem with event + handlers executing elements outside of the document (CVE-2007-3737), + and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They + also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and + an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 + redirects (CVE-2007-3656). Denials of Service involving corrupted + memory were fixed in the browser engine (CVE-2007-3734) and the + JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability + caused by a regression in the CVE-2007-3089 patch was fixed + (CVE-2007-3844). +

+ + +

+ A remote attacker could entice a user to view a specially crafted web + page that will trigger one of the vulnerabilities, possibly leading to + the execution of arbitrary code or a Denial of Service. It is also + possible for an attacker to perform cross-site scripting attacks, which + could result in the exposure of sensitive information such as login + credentials. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.6" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.6" +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.6" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.6" +

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.4" +

+ All SeaMonkey binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.4" +

+ All XULRunner users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.6" + + + CVE-2007-3089 + CVE-2007-3656 + CVE-2007-3734 + CVE-2007-3735 + CVE-2007-3736 + CVE-2007-3737 + CVE-2007-3738 + CVE-2007-3844 + + + aetius + + + aetius + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-10.xml new file mode 100644 index 0000000000..568dbdc1ff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-10.xml @@ -0,0 +1,68 @@ + + + + + MySQL: Denial of Service and information leakage + + A Denial of Service vulnerability and a table structure information leakage + vulnerability were found in MySQL. + + mysql + August 16, 2007 + August 16, 2007: 01 + 185333 + remote + + + 5.0.44 + 5.0.44 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL server. +

+ + +

+ Dormando reported a vulnerability within the handling of password + packets in the connection protocol (CVE-2007-3780). Andrei Elkin also + found that the "CREATE TABLE LIKE" command didn't require SELECT + privileges on the source table (CVE-2007-3781). +

+ + +

+ A remote unauthenticated attacker could use the first vulnerability to + make the server crash. The second vulnerability can be used by + authenticated users to obtain information on tables they are not + normally able to access. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.44" + + + CVE-2007-3780 + CVE-2007-3781 + + + falco + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-11.xml new file mode 100644 index 0000000000..13fab843a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-11.xml @@ -0,0 +1,72 @@ + + + + + Lighttpd: Multiple vulnerabilities + + Several vulnerabilities were reported in Lighttpd, most of them allowing a + Denial of Service and potentially the remote execution of arbitrary code. + + lighttpd + August 16, 2007 + August 16, 2007: 01 + 185442 + remote + + + 1.4.16 + 1.4.16 + + + +

+ Lighttpd is a lightweight HTTP web server. +

+ + +

+ Stefan Esser discovered errors with evidence of memory corruption in + the code parsing the headers. Several independent researchers also + reported errors involving the handling of HTTP headers, the mod_auth + and mod_scgi modules, and the limitation of active connections. +

+ + +

+ A remote attacker can trigger any of these vulnerabilities by sending + malicious data to the server, which may lead to a crash or memory + exhaustion, and potentially the execution of arbitrary code. + Additionally, access-deny settings can be evaded by appending a final / + to a URL. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.16" + + + CVE-2007-3946 + CVE-2007-3947 + CVE-2007-3948 + CVE-2007-3949 + CVE-2007-3950 + + + jaervosz + + + falco + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-12.xml new file mode 100644 index 0000000000..8a64e4ef53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-12.xml @@ -0,0 +1,74 @@ + + + + + Wireshark: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Wireshark, allowing for + the remote execution of arbitrary code and a Denial of Service. + + wireshark + August 16, 2007 + August 16, 2007: 01 + 183520 + remote + + + 0.99.6 + 0.99.6 + + + +

+ Wireshark is a network protocol analyzer with a graphical front-end. +

+ + +

+ Wireshark doesn't properly handle chunked encoding in HTTP responses + (CVE-2007-3389), iSeries capture files (CVE-2007-3390), certain types + of DCP ETSI packets (CVE-2007-3391), and SSL or MMS packets + (CVE-2007-3392). An off-by-one error has been discovered in the + DHCP/BOOTP dissector when handling DHCP-over-DOCSIS packets + (CVE-2007-3393). +

+ + +

+ A remote attacker could send specially crafted packets on a network + being monitored with Wireshark, possibly resulting in the execution of + arbitrary code with the privileges of the user running Wireshark which + might be the root user, or a Denial of Service. +

+ + +

+ In order to prevent root compromise, take network captures with tcpdump + and analyze them running Wireshark as a least privileged user. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.6" + + + CVE-2007-3389 + CVE-2007-3390 + CVE-2007-3391 + CVE-2007-3392 + CVE-2007-3393 + + + aetius + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-13.xml new file mode 100644 index 0000000000..5913cd8805 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-13.xml @@ -0,0 +1,79 @@ + + + + + BIND: Weak random number generation + + The ISC BIND random number generator uses a weak algorithm, making it + easier to guess the next query ID and perform a DNS cache poisoning attack. + + bind + August 18, 2007 + August 18, 2007: 01 + 186556 + remote + + + 9.4.1_p1 + 9.4.1_p1 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ Amit Klein from Trusteer reported that the random number generator of + ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs + in the resolver routine or in zone transfer queries (CVE-2007-2926). + Additionally, the default configuration file has been strengthen with + respect to the allow-recursion{} and the allow-query{} options + (CVE-2007-2925). +

+ + +

+ A remote attacker can use this weakness by sending queries for a domain + he handles to a resolver (directly to a recursive server, or through + another process like an email processing) and then observing the + resulting IDs of the iterative queries. The attacker will half the time + be able to guess the next query ID, then perform cache poisoning by + answering with those guessed IDs, while spoofing the UDP source address + of the reply. Furthermore, with empty allow-recursion{} and + allow-query{} options, the default configuration allowed anybody to + make recursive queries and query the cache. +

+ + +

+ There is no known workaround at this time for the random generator + weakness. The allow-recursion{} and allow-query{} options should be set + to trusted hosts only in /etc/bind/named.conf, thus preventing several + security risks. +

+ + +

+ All ISC BIND users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.1_p1" + + + CVE-2007-2925 + CVE-2007-2926 + + + aetius + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-14.xml new file mode 100644 index 0000000000..7ebda5a115 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-14.xml @@ -0,0 +1,66 @@ + + + + + NVIDIA drivers: Denial of Service + + A vulnerability has been discovered in the NVIDIA graphic drivers, allowing + for a Denial of Service. + + nvidia-drivers + August 19, 2007 + October 11, 2007: 03 + 183567 + local + + + 71.86.01 + 1.0.7185 + 1.0.9639 + 100.14.06 + + + +

+ The NVIDIA drivers provide support for NVIDIA graphic boards. +

+ + +

+ Gregory Shikhman discovered that the default Gentoo setup of NVIDIA + drivers creates the /dev/nvidia* with insecure file permissions. +

+ + +

+ A local attacker could send arbitrary values into the devices, possibly + resulting in hardware damage on the graphic board or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NVIDIA drivers users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers" + + + CVE-2007-3532 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-15.xml new file mode 100644 index 0000000000..9a1c34b007 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-15.xml @@ -0,0 +1,62 @@ + + + + + Apache mod_jk: Directory traversal + + A directory traversal vulnerability has been discovered in Apache mod_jk. + + mod_jk + August 19, 2007 + August 19, 2007: 01 + 186218 + remote + + + 1.2.23 + 1.2.23 + + + +

+ Apache mod_jk is a connector for the Tomcat web server. +

+ + +

+ Apache mod_jk decodes the URL within Apache before passing them to + Tomcat, which decodes them a second time. +

+ + +

+ A remote attacker could browse a specially crafted URL on an Apache + server running mod_jk, possibly gaining access to restricted resources. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache mod_jk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.23" + + + CVE-2007-1860 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-16.xml new file mode 100644 index 0000000000..9034265a48 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-16.xml @@ -0,0 +1,66 @@ + + + + + Qt: Multiple format string vulnerabilities + + Format string vulnerabilities in Qt 3 may lead to the remote execution of + arbitrary code in some Qt applications. + + qt + August 22, 2007 + August 22, 2007: 01 + 185446 + remote, local + + + 3.3.8-r3 + 3.3.8-r3 + + + +

+ Qt is a cross-platform GUI framework, which is used e.g. by KDE. +

+ + +

+ Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE + reported multiple format string errors in qWarning() calls in files + qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, + qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp. +

+ + +

+ An attacker could trigger one of the vulnerabilities by causing a Qt + application to parse specially crafted text, which may lead to the + execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Qt 3 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=x11-libs/qt-3*" + + + CVE-2007-3388 + + + jaervosz + + + jaervosz + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-17.xml new file mode 100644 index 0000000000..ae88c4c043 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200708-17.xml @@ -0,0 +1,80 @@ + + + + + Opera: Multiple vulnerabilities + + Opera contain several vulnerabilities, some of which may allow the + execution of arbitrary code. + + opera + August 22, 2007 + August 22, 2007: 01 + 185497 + 188987 + remote + + + 9.23 + 9.23 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ An error known as "a virtual function call on an invalid pointer" has + been discovered in the JavaScript engine (CVE-2007-4367). Furthermore, + iDefense Labs reported that an already-freed pointer may be still used + under unspecified circumstances in the BitTorrent support + (CVE-2007-3929). At last, minor other errors have been discovered, + relative to memory read protection (Opera Advisory 861) and URI + displays (CVE-2007-3142, CVE-2007-3819). +

+ + +

+ A remote attacker could trigger the BitTorrent vulnerability by + enticing a user into starting a malicious BitTorrent download, and + execute arbitrary code through unspecified vectors. Additionally, a + specially crafted JavaScript may trigger the "virtual function" + vulnerability. The JavaScript engine can also access previously freed + but uncleaned memory. Finally, a user can be fooled with a too long + HTTP server name that does not fit the dialog box, or a URI containing + whitespaces. +

+ + +

+ There is no known workaround at this time for all these + vulnerabilities. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.23" + + + CVE-2007-3142 + CVE-2007-3819 + CVE-2007-3929 + CVE-2007-4367 + Opera Advisory 861 + + + jaervosz + + + jaervosz + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-01.xml new file mode 100644 index 0000000000..3508fc0085 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-01.xml @@ -0,0 +1,72 @@ + + + + + MIT Kerberos 5: Multiple vulnerabilities + + Two vulnerabilities have been found in MIT Kerberos 5, which could allow a + remote unauthenticated user to execute arbitrary code with root privileges. + + mit-krb5 + September 11, 2007 + September 11, 2007: 01 + 191301 + remote + + + 1.5.3-r1 + 1.5.3-r1 + + + +

+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. kadmind is the MIT Kerberos 5 administration daemon. +

+ + +

+ A stack buffer overflow (CVE-2007-3999) has been reported in + svcauth_gss_validate() of the RPC library of kadmind. Another + vulnerability (CVE-2007-4000) has been found in + kadm5_modify_policy_internal(), which does not check the return values + of krb5_db_get_policy() correctly. +

+ + +

+ The RPC related vulnerability can be exploited by a remote + unauthenticated attacker to execute arbitrary code with root privileges + on the host running kadmind. The second vulnerability requires the + remote attacker to be authenticated and to have "modify policy" + privileges. It could then also allow for the remote execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.5.3-r1" + + + CVE-2007-3999 + CVE-2007-4000 + + + p-y + + + jaervosz + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-02.xml new file mode 100644 index 0000000000..9225bf7286 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-02.xml @@ -0,0 +1,68 @@ + + + + + KVIrc: Remote arbitrary code execution + + A vulnerability has been discovered in KVIrc, allowing for the remote + execution of arbitrary code. + + kvirc + September 13, 2007 + September 13, 2007: 01 + 183174 + remote + + + 3.2.6_pre20070714 + 3.2.6_pre20070714 + + + +

+ KVIrc is a free portable IRC client based on Qt. +

+ + +

+ Stefan Cornelius from Secunia Research discovered that the + "parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does + not properly sanitise parts of the URI when building the command for + KVIrc's internal script system. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + irc:// URI, possibly leading to the remote execution of arbitrary code + with the privileges of the user running KVIrc. Successful exploitation + requires that KVIrc is registered as the default handler for irc:// or + similar URIs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KVIrc users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/kvirc-3.2.6_pre20070714" + + + CVE-2007-2951 + + + p-y + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-03.xml new file mode 100644 index 0000000000..4cc73a9988 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-03.xml @@ -0,0 +1,65 @@ + + + + + Streamripper: Buffer overflow + + A buffer overflow vulnerability has been discovered in Streamripper, + allowing for user-assisted execution of arbitrary code. + + streamripper + September 13, 2007 + September 13, 2007: 01 + 188698 + remote + + + 1.62.2 + 1.62.2 + + + +

+ Streamripper is a tool for extracting and recording mp3 files from a + Shoutcast stream. +

+ + +

+ Chris Rohlf discovered several boundary errors in the + httplib_parse_sc_header() function when processing HTTP headers. +

+ + +

+ A remote attacker could entice a user to connect to a malicious + streaming server, resulting in the execution of arbitrary code with the + privileges of the user running Streamripper. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Streamripper users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.62.2" + + + CVE-2007-4337 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-04.xml new file mode 100644 index 0000000000..788b657edb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-04.xml @@ -0,0 +1,63 @@ + + + + + po4a: Insecure temporary file creation + + A vulnerability has been discovered in po4a, allowing for a symlink attack. + + po4a + September 13, 2007 + September 13, 2007: 01 + 189440 + local + + + 0.32-r1 + 0.32-r1 + + + +

+ po4a is a set of tools for helping with the translation of + documentation. +

+ + +

+ The po4a development team reported a race condition in the gettextize() + function when creating the file "/tmp/gettextization.failed.po". +

+ + +

+ A local attacker could perform a symlink attack, possibly overwriting + files with the permissions of the user running po4a. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All po4a users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/po4a-0.32-r1" + + + CVE-2007-4462 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-05.xml new file mode 100644 index 0000000000..606a7fa71c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-05.xml @@ -0,0 +1,67 @@ + + + + + RealPlayer: Buffer overflow + + RealPlayer is vulnerable to a buffer overflow allowing for execution of + arbitrary code. + + realplayer + September 14, 2007 + September 14, 2007: 01 + 183421 + remote + + + 10.0.9 + 10.0.9 + + + +

+ RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +

+ + +

+ A stack-based buffer overflow vulnerability has been reported in the + SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when + handling HH:mm:ss.f type time formats. +

+ + +

+ By enticing a user to open a specially crafted SMIL (Synchronized + Multimedia Integration Language) file, an attacker could be able to + execute arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RealPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/realplayer-10.0.9" + + + CVE-2007-3410 + + + p-y + + + p-y + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-06.xml new file mode 100644 index 0000000000..b7aa98b62f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-06.xml @@ -0,0 +1,64 @@ + + + + + flac123: Buffer overflow + + flac123 is affected by a buffer overflow vulnerability, which could allow + for the execution of arbitrary code. + + flac123 + September 14, 2007 + September 14, 2007: 01 + 186220 + remote + + + 0.0.11 + 0.0.11 + + + +

+ flac123 is a command-line application for playing FLAC audio files. +

+ + +

+ A possible buffer overflow vulnerability has been reported in the + local__vcentry_parse_value() function in vorbiscomment.c. +

+ + +

+ An attacker could entice a user to play a specially crafted audio file, + which could lead to the execution of arbitrary code with the privileges + of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All flac123 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/flac123-0.0.11" + + + CVE-2007-3507 + + + p-y + + + p-y + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-07.xml new file mode 100644 index 0000000000..253ff53139 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-07.xml @@ -0,0 +1,64 @@ + + + + + Eggdrop: Buffer overflow + + A remote stack-based buffer overflow has been discovered in Eggdrop. + + eggdrop + September 15, 2007 + September 26, 2007: 02 + 179354 + remote + + + 1.6.18-r3 + 1.6.18-r3 + + + +

+ Eggdrop is an IRC bot extensible with C or Tcl. +

+ + +

+ Bow Sineath discovered a boundary error in the file + mod/server.mod/servrmsg.c when processing overly long private messages + sent by an IRC server. +

+ + +

+ A remote attacker could entice an Eggdrop user to connect the bot to a + malicious server, possibly resulting in the execution of arbitrary code + on the host running Eggdrop. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Eggdrop users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3" + + + CVE-2007-2807 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-08.xml new file mode 100644 index 0000000000..430cacc1ac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-08.xml @@ -0,0 +1,61 @@ + + + + + id3lib: Insecure temporary file creation + + A vulnerability has been discovered in id3lib allowing local users to + overwrite arbitrary files via a symlink attack. + + id3lib + September 15, 2007 + September 15, 2007: 01 + 189610 + local + + + 3.8.3-r6 + 3.8.3-r6 + + + +

+ id3lib is an open-source, cross-platform software development library + for reading, writing, and manipulating ID3v1 and ID3v2 tags. +

+ + +

+ Nikolaus Schulz discovered that the function RenderV2ToFile() in file + src/tag_file.cpp creates temporary files in an insecure manner. +

+ + +

+ A local attacker could exploit this vulnerability via a symlink attack + to overwrite arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All id3lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/id3lib-3.8.3-r6" + + + CVE-2007-4460 + + + mfleming + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-09.xml new file mode 100644 index 0000000000..9f89f86f2a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-09.xml @@ -0,0 +1,61 @@ + + + + + GNU Tar: Directory traversal vulnerability + + A directory traversal vulnerability has been discovered in GNU Tar. + + tar + September 15, 2007 + September 15, 2007: 01 + 189682 + remote + + + 1.18-r2 + 1.18-r2 + + + +

+ The GNU Tar program provides the ability to create tar archives, as + well as various other kinds of manipulation. +

+ + +

+ Dmitry V. Levin discovered a directory traversal vulnerability in the + contains_dot_dot() function in file src/names.c. +

+ + +

+ By enticing a user to extract a specially crafted tar archive, a remote + attacker could extract files to arbitrary locations outside of the + specified directory with the permissions of the user running GNU Tar. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU Tar users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/tar-1.18-r2" + + + CVE-2007-4131 + + + mfleming + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-10.xml new file mode 100644 index 0000000000..aa63a1052e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-10.xml @@ -0,0 +1,66 @@ + + + + + PhpWiki: Authentication bypass + + A vulnerability has been discovered in PhpWiki authentication mechanism. + + phpwiki + September 18, 2007 + September 18, 2007: 01 + 181692 + remote + + + 1.3.14 + 1.3.14 + + + +

+ PhpWiki is an application that creates a web site where anyone can edit + the pages through HTML forms. +

+ + +

+ The PhpWiki development team reported an authentication error within + the file lib/WikiUser/LDAP.php when binding to an LDAP server with an + empty password. +

+ + +

+ A remote attacker could provide an empty password when authenticating. + Depending on the LDAP implementation used, this could bypass the + PhpWiki authentication mechanism and grant the attacker access to the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PhpWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.14" + + + CVE-2007-3193 + + + aetius + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-11.xml new file mode 100644 index 0000000000..ac74f0b155 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-11.xml @@ -0,0 +1,67 @@ + + + + + GDM: Local Denial of Service + + GDM can be crashed by a local user, preventing it from managing future + displays. + + gdm + September 18, 2007 + September 18, 2007: 01 + 187919 + local + + + 2.18.4 + 2.16.7 + 2.18.4 + + + +

+ GDM is the GNOME display manager. +

+ + +

+ The result of a g_strsplit() call is incorrectly parsed in the files + daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and + gui/gdmflexiserver.c, allowing for a null pointer dereference. +

+ + +

+ A local user could send a crafted message to /tmp/.gdm_socket that + would trigger the null pointer dereference and crash GDM, thus + preventing it from managing future displays. +

+ + +

+ Restrict the write permissions on /tmp/.gdm_socket to trusted users + only after each GDM restart. +

+ + +

+ All GDM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "gnome-base/gdm" + + + CVE-2007-3381 + + + jaervosz + + + jaervosz + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-12.xml new file mode 100644 index 0000000000..0bd9deb5b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-12.xml @@ -0,0 +1,70 @@ + + + + + Poppler: Two buffer overflow vulnerabilities + + Poppler is vulnerable to an integer overflow and a stack overflow. + + poppler + September 19, 2007 + September 19, 2007: 01 + 188863 + remote + + + 0.5.4-r2 + 0.5.4-r2 + + + +

+ Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +

+ + +

+ Poppler and Xpdf are vulnerable to an integer overflow in the + StreamPredictor::StreamPredictor function, and a stack overflow in the + StreamPredictor::getNextLine function. The original vulnerability was + discovered by Maurycy Prodeus. Note: Gentoo's version of Xpdf is + patched to use the Poppler library, so the update to Poppler will also + fix Xpdf. +

+ + +

+ By enticing a user to view a specially crafted program with a + Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, a + remote attacker could cause an overflow, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Poppler users should upgrade to the latest version of Poppler: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.5.4-r2" + + + CVE-2007-3387 + + + p-y + + + p-y + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-13.xml new file mode 100644 index 0000000000..c7a6f18277 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-13.xml @@ -0,0 +1,66 @@ + + + + + rsync: Two buffer overflows + + Two user-assisted buffer overflow vulnerabilities have been discovered in + rsync. + + rsync + September 20, 2007 + September 20, 2007: 01 + 189132 + remote + + + 2.6.9-r3 + 2.6.9-r3 + + + +

+ rsync is a file transfer program to keep remote directories + synchronized. +

+ + +

+ Sebastian Krahmer from the SUSE Security Team discovered two off-by-one + errors in the function "f_name()" in file sender.c when processing + overly long directory names. +

+ + +

+ A remote attacker could entice a user to synchronize a repository + containing specially crafted directories, leading to the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All rsync users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.9-r3" + + + CVE-2007-4091 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-14.xml new file mode 100644 index 0000000000..1b15c0e8ba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-14.xml @@ -0,0 +1,73 @@ + + + + + ClamAV: Multiple vulnerabilities + + Vulnerabilities have been discovered in ClamAV allowing remote execution of + arbitrary code and Denial of Service attacks. + + clamav + September 20, 2007 + September 20, 2007: 01 + 189912 + remote + + + 0.91.2 + 0.91.2 + + + +

+ Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +

+ + +

+ Nikolaos Rangos discovered a vulnerability in ClamAV which exists + because the recipient address extracted from email messages is not + properly sanitized before being used in a call to "popen()" when + executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference + errors exist within the "cli_scanrtf()" function in libclamav/rtf.c and + Stefanos Stamatis discovered a NULL-pointer dereference vulnerability + within the "cli_html_normalise()" function in libclamav/htmlnorm.c + (CVE-2007-4510). +

+ + +

+ The unsanitized recipient address can be exploited to execute arbitrary + code with the privileges of the clamav-milter process by sending an + email with a specially crafted recipient address to the affected + system. Also, the NULL-pointer dereference errors can be exploited to + crash ClamAV. Successful exploitation of the latter vulnerability + requires that clamav-milter is started with the "black hole" mode + activated, which is not enabled by default. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91.2" + + + CVE-2007-4510 + CVE-2007-4560 + + + mfleming + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-15.xml new file mode 100644 index 0000000000..b05d860d0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-15.xml @@ -0,0 +1,80 @@ + + + + + BEA JRockit: Multiple vulnerabilities + + BEA JRockit contains several vulnerabilities, some of which may allow the + execution of arbitrary code. + + jrockit-jdk-bin + September 23, 2007 + September 23, 2007: 01 + 190686 + remote + + + 1.5.0.11_p1 + 1.5.0.11_p1 + + + +

+ BEA JRockit provides tools, utilities, and a complete runtime + environment for developing and running applications using the Java + programming language. +

+ + +

+ An integer overflow vulnerability exists in the embedded ICC profile + image parser (CVE-2007-2788), an unspecified vulnerability exists in + the font parsing implementation (CVE-2007-4381), and an error exists + when processing XSLT stylesheets contained in XSLT Transforms in XML + signatures (CVE-2007-3716), among other vulnerabilities. +

+ + +

+ A remote attacker could trigger the integer overflow to execute + arbitrary code or crash the JVM through a specially crafted file. Also, + an attacker could perform unauthorized actions via an applet that + grants certain privileges to itself because of the font parsing + vulnerability. The error when processing XSLT stylesheets can be + exploited to execute arbitrary code. Other vulnerabilities could lead + to establishing restricted network connections to certain services, + Cross Site Scripting and Denial of Service attacks. +

+ + +

+ There is no known workaround at this time for all these + vulnerabilities. +

+ + +

+ All BEA JRockit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/jrockit-jdk-bin-1.5.0.11_p1" + + + CVE-2007-2788 + CVE-2007-2789 + CVE-2007-3004 + CVE-2007-3005 + CVE-2007-3503 + CVE-2007-3698 + CVE-2007-3716 + CVE-2007-3922 + CVE-2007-4381 + + + mfleming + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-16.xml new file mode 100644 index 0000000000..34ceeeff5e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-16.xml @@ -0,0 +1,66 @@ + + + + + Lighttpd: Buffer overflow + + Lighttpd is vulnerable to the remote execution of arbitrary code. + + lighttpd + September 27, 2007 + September 27, 2007: 01 + 191912 + remote + + + 1.4.18 + 1.4.18 + + + +

+ Lighttpd is a lightweight HTTP web server. +

+ + +

+ Mattias Bengtsson and Philip Olausson have discovered a buffer overflow + vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c + when processing overly long HTTP headers. +

+ + +

+ A remote attacker could send a specially crafted request to the + vulnerable Lighttpd server, resulting in the remote execution of + arbitrary code with privileges of the user running the web server. Note + that mod_fastcgi is disabled in Gentoo's default configuration. +

+ + +

+ Edit the file /etc/lighttpd/lighttpd.conf and comment the following + line: "include mod_fastcgi.conf" +

+ + +

+ All Lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.18" + + + CVE-2007-4727 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-17.xml new file mode 100644 index 0000000000..a6f48818d4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-17.xml @@ -0,0 +1,72 @@ + + + + + teTeX: Multiple buffer overflows + + Multiple vulnerabilities have been discovered in teTeX, allowing for + user-assisted execution of arbitrary code. + + tetex + September 27, 2007 + September 27, 2007: 01 + 170861 + 182055 + 188172 + remote + + + 3.0_p1-r4 + 3.0_p1-r4 + + + +

+ teTeX is a complete TeX distribution for editing documents. +

+ + +

+ Mark Richters discovered a buffer overflow in the open_sty() function + in file mkind.c. Other vulnerabilities have also been discovered in the + same file but might not be exploitable (CVE-2007-0650). Tetex also + includes vulnerable code from GD library (GLSA 200708-05), and from + Xpdf (CVE-2007-3387). +

+ + +

+ A remote attacker could entice a user to process a specially crafted + PNG, GIF or PDF file, or to execute "makeindex" on an overly long + filename. In both cases, this could lead to the remote execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All teTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/tetex-3.0_p1-r4" + + + CVE-2007-0650 + CVE-2007-3387 + GLSA-200708-05 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-18.xml new file mode 100644 index 0000000000..d37eb46a8e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200709-18.xml @@ -0,0 +1,83 @@ + + + + + Bugzilla: Multiple vulnerabilities + + Bugzilla contains several vulnerabilities, some of them possibly leading to + the remote execution of arbitrary code. + + bugzilla + September 30, 2007 + May 28, 2009: 03 + 190112 + remote + + + 2.20.5 + 2.22.3 + 3.0.1 + 2.22.5 + 2.20.6 + 3.0.1 + + + +

+ Bugzilla is a web application designed to help with managing software + development. +

+ + +

+ Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not + properly sanitize the content of the "buildid" parameter when filing + bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla + 2.23.3 or later, hence the stable Gentoo Portage tree does not contain + these two vulnerabilities: Loic Minier reported that the + "Email::Send::Sendmail()" function does not properly sanitise "from" + email information before sending it to the "-f" parameter of + /usr/sbin/sendmail (CVE-2007-4538), and Frederic Buclin discovered that + the XML-RPC interface does not correctly check permissions in the + time-tracking fields (CVE-2007-4539). +

+ + +

+ A remote attacker could trigger the "buildid" vulnerability by sending + a specially crafted form to Bugzilla, leading to a persistent XSS, thus + allowing for theft of credentials. With Bugzilla 2.23.3 or later, an + attacker could also execute arbitrary code with the permissions of the + web server by injecting a specially crafted "from" email address and + gain access to normally restricted time-tracking information through + the XML-RPC service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Bugzilla users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose www-apps/bugzilla + + + CVE-2007-4538 + CVE-2007-4539 + CVE-2007-4543 + + + p-y + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-01.xml new file mode 100644 index 0000000000..4c65f822fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-01.xml @@ -0,0 +1,67 @@ + + + + + RPCSEC_GSS library: Buffer overflow + + A buffer overflow vulnerability has been discovered in librpcsecgss. + + librcpsecgss + October 04, 2007 + October 04, 2007: 01 + 191479 + remote + + + 0.16 + 0.16 + + + +

+ librpcsecgss is an implementation of RPCSEC_GSS for secure RPC + communications. +

+ + +

+ A stack based buffer overflow has been discovered in the + svcauth_gss_validate() function in file lib/rpc/svc_auth_gss.c when + processing an overly long string in a RPC message. +

+ + +

+ A remote attacker could send a specially crafted RPC request to an + application relying on this library, e.g NFSv4 or Kerberos + (GLSA-200709-01), resulting in the execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All librpcsecgss users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/librpcsecgss-0.16" + + + CVE-2007-3999 + GLSA-200709-01 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-02.xml new file mode 100644 index 0000000000..d434b93e2a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-02.xml @@ -0,0 +1,152 @@ + + + + + PHP: Multiple vulnerabilities + + PHP contains several vulnerabilities including buffer and integer overflows + which could lead to the remote execution of arbitrary code. + + php + October 07, 2007 + October 07, 2007: 01 + 179158 + 180556 + 191034 + remote + + + 5.2.4_p20070914-r2 + 5.2.4_p20070914-r2 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip + Olausson reported integer overflows in the gdImageCreate() and + gdImageCreateTrueColor() functions of the GD library which can cause + heap-based buffer overflows (CVE-2007-3996). Gerhard Wagner discovered + an integer overflow in the chunk_split() function that can lead to a + heap-based buffer overflow (CVE-2007-2872). Its incomplete fix caused + incorrect buffer size calculation due to precision loss, also resulting + in a possible heap-based buffer overflow (CVE-2007-4661 and + CVE-2007-4660). A buffer overflow in the sqlite_decode_binary() of the + SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 + was not fixed correctly (CVE-2007-1887). +

+

+ Stefan Esser discovered an error in the zend_alter_ini_entry() function + handling a memory_limit violation (CVE-2007-4659). Stefan Esser also + discovered a flaw when handling interruptions with userspace error + handlers that can be exploited to read arbitrary heap memory + (CVE-2007-1883). Disclosure of sensitive memory can also be triggered + due to insufficient boundary checks in the strspn() and strcspn() + functions, an issue discovered by Mattias Bengtsson and Philip Olausson + (CVE-2007-4657) +

+

+ Stefan Esser reported incorrect validation in the FILTER_VALIDATE_EMAIL + filter of the Filter extension allowing arbitrary email header + injection (CVE-2007-1900). NOTE: This CVE was referenced, but not fixed + in GLSA 200705-19. +

+

+ Stanislav Malyshev found an error with unknown impact in the + money_format() function when processing "%i" and "%n" tokens + (CVE-2007-4658). zatanzlatan reported a buffer overflow in the + php_openssl_make_REQ() function with unknown impact when providing a + manipulated SSL configuration file (CVE-2007-4662). Possible memory + corruption when trying to read EXIF data in exif_read_data() and + exif_thumbnail() occurred with unknown impact. +

+

+ Several vulnerabilities that allow bypassing of open_basedir and other + restrictions were reported, including the glob() function + (CVE-2007-4663), the session_save_path(), ini_set(), and error_log() + functions which can allow local command execution (CVE-2007-3378), + involving the readfile() function (CVE-2007-3007), via the Session + extension (CVE-2007-4652), via the MySQL extension (CVE-2007-3997) and + in the dl() function which allows loading extensions outside of the + specified directory (CVE-2007-4825). +

+

+ Multiple Denial of Service vulnerabilities were discovered, including a + long "library" parameter in the dl() function (CVE-2007-4887), in + several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783), + in the setlocale() function (CVE-2007-4784), in the glob() and + fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point + exception in the wordwrap() function (CVE-2007-3998), a stack + exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop + caused by a specially crafted PNG image in the png_read_info() function + of libpng (CVE-2007-2756) and several issues related to array + conversion. +

+ + +

+ Remote attackers might be able to exploit these issues in PHP + applications making use of the affected functions, potentially + resulting in the execution of arbitrary code, Denial of Service, + execution of scripted contents in the context of the affected site, + security bypass or information leak. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.4_p20070914-r2" + + + CVE-2007-1883 + CVE-2007-1887 + CVE-2007-1900 + CVE-2007-2756 + CVE-2007-2872 + CVE-2007-3007 + CVE-2007-3378 + CVE-2007-3806 + CVE-2007-3996 + CVE-2007-3997 + CVE-2007-3998 + CVE-2007-4652 + CVE-2007-4657 + CVE-2007-4658 + CVE-2007-4659 + CVE-2007-4660 + CVE-2007-4661 + CVE-2007-4662 + CVE-2007-4663 + CVE-2007-4670 + CVE-2007-4727 + CVE-2007-4782 + CVE-2007-4783 + CVE-2007-4784 + CVE-2007-4825 + CVE-2007-4840 + CVE-2007-4887 + GLSA 200705-19 + + + jaervosz + + + jaervosz + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-03.xml new file mode 100644 index 0000000000..c19c7d3ad7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-03.xml @@ -0,0 +1,75 @@ + + + + + libvorbis: Multiple vulnerabilities + + A buffer overflow vulnerability and several memory corruptions have been + discovered in libvorbis. + + libvorbis + October 07, 2007 + October 07, 2007: 01 + 186716 + remote + + + 1.2.0 + 1.2.0 + + + +

+ libvorbis is the reference implementation of the Xiph.org Ogg Vorbis + audio file format. It is used by many applications for playback of Ogg + Vorbis files. +

+ + +

+ David Thiel of iSEC Partners discovered a heap-based buffer overflow in + the _01inverse() function in res0.c and a boundary checking error in + the vorbis_info_clear() function in info.c (CVE-2007-3106 and + CVE-2007-4029). libvorbis is also prone to several Denial of Service + vulnerabilities in form of infinite loops and invalid memory access + with unknown impact (CVE-2007-4065 and CVE-2007-4066). +

+ + +

+ A remote attacker could exploit these vulnerabilities by enticing a + user to open a specially crafted Ogg Vorbis file or network stream with + an application using libvorbis. This might lead to the execution of + arbitrary code with privileges of the user playing the file or a Denial + of Service by a crash or CPU consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libvorbis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.0" + + + CVE-2007-3106 + CVE-2007-4029 + CVE-2007-4065 + CVE-2007-4066 + + + aetius + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-04.xml new file mode 100644 index 0000000000..003dd4d914 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-04.xml @@ -0,0 +1,67 @@ + + + + + libsndfile: Buffer overflow + + A buffer overflow vulnerability has been discovered in libsndfile. + + libsndfile + October 07, 2007 + October 07, 2007: 01 + 192834 + remote + + + 1.0.17-r1 + 1.0.17-r1 + + + +

+ libsndfile is a library for reading and writing various formats of + audio files including WAV and FLAC. +

+ + +

+ Robert Buchholz of the Gentoo Security team discovered that the + flac_buffer_copy() function does not correctly handle FLAC streams with + variable block sizes which leads to a heap-based buffer overflow + (CVE-2007-4974). +

+ + +

+ A remote attacker could exploit this vulnerability by enticing a user + to open a specially crafted FLAC file or network stream with an + application using libsndfile. This might lead to the execution of + arbitrary code with privileges of the user playing the file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libsndfile users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.17-r1" + + + CVE-2007-4974 + + + p-y + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-05.xml new file mode 100644 index 0000000000..6b41b0b309 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-05.xml @@ -0,0 +1,66 @@ + + + + + QGit: Insecure temporary file creation + + A vulnerability has been discovered in QGit allowing local users to + overwrite arbitrary files and execute arbitrary code with another user's + rights. + + qgit + October 07, 2007 + October 07, 2007: 01 + 190697 + local + + + 1.5.7 + 1.5.7 + + + +

+ QGit is a graphical interface to git repositories that allows you to + browse revisions history, view patch content and changed files. +

+ + +

+ Raphael Marichez discovered that the DataLoader::doStart() method + creates temporary files in an insecure manner and executes them. +

+ + +

+ A local attacker could perform a symlink attack, possibly overwriting + files or executing arbitrary code with the rights of the user running + QGit. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All QGit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/qgit-1.5.7" + + + CVE-2007-4631 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-06.xml new file mode 100644 index 0000000000..c2b9a089eb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-06.xml @@ -0,0 +1,72 @@ + + + + + OpenSSL: Multiple vulnerabilities + + A buffer underflow vulnerability and an information disclosure + vulnerability have been discovered in OpenSSL. + + openssl + October 07, 2007 + October 07, 2007: 01 + 188799 + 194039 + local, remote + + + 0.9.8e-r3 + 0.9.8e-r3 + + + +

+ OpenSSL is an implementation of the Secure Socket Layer and Transport + Layer Security protocols. +

+ + +

+ Moritz Jodeit reported an off-by-one error in the + SSL_get_shared_ciphers() function, resulting from an incomplete fix of + CVE-2006-3738. A flaw has also been reported in the + BN_from_montgomery() function in crypto/bn/bn_mont.c when performing + Montgomery multiplication. +

+ + +

+ A remote attacker sending a specially crafted packet to an application + relying on OpenSSL could possibly execute arbitrary code with the + privileges of the user running the application. A local attacker could + perform a side channel attack to retrieve the RSA private keys. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8e-r3" + + + CVE-2006-3738 + CVE-2007-3108 + CVE-2007-5135 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-07.xml new file mode 100644 index 0000000000..dbbab17b53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-07.xml @@ -0,0 +1,64 @@ + + + + + Tk: Buffer overflow + + A buffer overflow vulnerability has been discovered in Tk. + + tk + October 07, 2007 + October 07, 2007: 01 + 192539 + remote + + + 8.4.15-r1 + 8.4.15-r1 + + + +

+ Tk is a toolkit for creating graphical user interfaces. +

+ + +

+ Reinhard Max discovered a boundary error in Tk when processing an + interlaced GIF with two frames where the second is smaller than the + first one. +

+ + +

+ A remote attacker could entice a user to open a specially crafted GIF + image with a Tk-based software, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.15-r1" + + + CVE-2007-4851 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-08.xml new file mode 100644 index 0000000000..068cb65f10 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-08.xml @@ -0,0 +1,98 @@ + + + + + KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow + + KPDF includes code from xpdf that is vulnerable to a stack-based buffer + overflow. + + koffice, kword, kdegraphics, kpdf + October 09, 2007 + October 09, 2007: 01 + 187139 + remote + + + 1.6.3-r1 + 1.6.3-r1 + + + 1.6.3-r1 + 1.6.3-r1 + + + 3.5.7-r1 + 3.5.7-r1 + + + 3.5.7-r1 + 3.5.7-r1 + + + +

+ KOffice is an integrated office suite for KDE. KWord is the KOffice + word processor. KPDF is a KDE-based PDF viewer included in the + kdegraphics package. +

+ + +

+ KPDF includes code from xpdf that is vulnerable to an integer overflow + in the StreamPredictor::StreamPredictor() function. +

+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + file in KWord or KPDF that would exploit the integer overflow to cause + a stack-based buffer overflow in the StreamPredictor::getNextLine() + function, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KOffice users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/koffice-1.6.3-r1" +

+ All KWord users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/kword-1.6.3-r1" +

+ All KDE Graphics Libraries users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.5.7-r1" +

+ All KPDF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.5.7-r1" + + + CVE-2007-3387 + + + p-y + + + p-y + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-09.xml new file mode 100644 index 0000000000..2b8fa94252 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-09.xml @@ -0,0 +1,80 @@ + + + + + NX 2.1: User-assisted execution of arbitrary code + + NX in the 2.1 series uses XFree86 4.3 code which is prone to an integer + overflow vulnerability. + + nx, nxnode + October 09, 2007 + October 09, 2007: 01 + 192712 + remote + + + 3.0.0 + 3.0.0 + + + 3.0.0-r3 + 3.0.0-r3 + + + +

+ NoMachine's NX establishes remote connections to X11 desktops over + small bandwidth links. NX and NX Node are the compression core + libraries, whereas NX is used by FreeNX and NX Node by the binary-only + NX servers. +

+ + +

+ Chris Evans reported an integer overflow within the FreeType PCF font + file parser (CVE-2006-1861). NX and NX Node are vulnerable to this due + to shipping XFree86 4.3.0, which includes the vulnerable FreeType code. +

+ + +

+ A remote attacker could exploit these integer overflows by enticing a + user to load a specially crafted PCF font file which might lead to the + execution of arbitrary code with the privileges of the user on the + machine running the NX server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nx-3.0.0" +

+ All NX Node users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.0.0-r3" + + + CVE-2006-1861 + GLSA 200607-02 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-10.xml new file mode 100644 index 0000000000..a2786c2858 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-10.xml @@ -0,0 +1,65 @@ + + + + + SKK Tools: Insecure temporary file creation + + SKK insecurely creates temporary files. + + skktools + October 12, 2007 + October 12, 2007: 01 + 193121 + local + + + 1.2-r1 + 1.2-r1 + + + +

+ SKK is a Japanese input method for Emacs. +

+ + +

+ skkdic-expr.c insecurely writes temporary files to a location in the + form $TMPDIR/skkdic$PID.{pag,dir,db}, where $PID is the process ID. +

+ + +

+ A local attacker could create symbolic links in the directory where the + temporary files are written, pointing to a valid file somewhere on the + filesystem that is writable by the user running the SKK software. When + SKK writes the temporary file, the target valid file would then be + overwritten with the contents of the SKK temporary file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SKK Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-i18n/skktools-1.2-r1" + + + CVE-2007-3916 + + + p-y + + + p-y + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-11.xml new file mode 100644 index 0000000000..59aad364bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-11.xml @@ -0,0 +1,77 @@ + + + + + X Font Server: Multiple Vulnerabilities + + Three vulnerabilities have been discovered in the X Font Server possibly + allowing local attackers to gain elevated privileges. + + xfs + October 12, 2007 + October 12, 2007: 01 + 185660 + 194606 + local + + + 1.0.5 + 1.0.5 + + + +

+ The X.Org X11 X Font Server provides a standard mechanism for an X + server to communicate with a font renderer. +

+ + +

+ iDefense reported that the xfs init script does not correctly handle a + race condition when setting permissions of a temporary file + (CVE-2007-3103). Sean Larsson discovered an integer overflow + vulnerability in the build_range() function possibly leading to a + heap-based buffer overflow when handling "QueryXBitmaps" and + "QueryXExtents" protocol requests (CVE-2007-4568). Sean Larsson also + discovered an error in the swap_char2b() function possibly leading to a + heap corruption when handling the same protocol requests + (CVE-2007-4990). +

+ + +

+ The first issue would allow a local attacker to change permissions of + arbitrary files to be world-writable by performing a symlink attack. + The second and third issues would allow a local attacker to execute + arbitrary code with privileges of the user running the X Font Server, + usually xfs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All X Font Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xfs-1.0.5" + + + CVE-2007-3103 + CVE-2007-4568 + CVE-2007-4990 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-12.xml new file mode 100644 index 0000000000..e20176743b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-12.xml @@ -0,0 +1,66 @@ + + + + + T1Lib: Buffer overflow + + T1Lib is vulnerable to a buffer overflow allowing for the user-assisted + execution of arbitrary code. + + t1lib + October 12, 2007 + October 12, 2007: 01 + 193437 + remote + + + 5.0.2-r1 + 5.0.2-r1 + + + +

+ T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts. +

+ + +

+ Hamid Ebadi discovered a boundary error in the + intT1_EnvGetCompletePath() function which can lead to a buffer overflow + when processing an overly long filename. +

+ + +

+ A remote attacker could entice a user to open a font file with a + specially crafted filename, possibly leading to the execution of + arbitrary code with the privileges of the user running the application + using T1Lib. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All T1Lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/t1lib-5.0.2-r1" + + + CVE-2007-4033 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-13.xml new file mode 100644 index 0000000000..85faa280aa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-13.xml @@ -0,0 +1,68 @@ + + + + + Ampache: Multiple vulnerabilities + + An SQL injection vulnerability and a possible identity theft have been + discovered in Ampache. + + ampache + October 13, 2007 + October 13, 2007: 01 + 189607 + remote + + + 3.3.3.5 + 3.3.3.5 + + + +

+ Ampache is a PHP-based tool for managing, updating and playing audio + files via a web interface. +

+ + +

+ LT discovered that the "match" parameter in albums.php is not properly + sanitized before being processed. The Ampache development team also + reported an error when handling user sessions. +

+ + +

+ A remote attacker could provide malicious input to the application, + possibly resulting in the execution of arbitrary SQL code. He could + also entice a user to open a specially crafted link to steal the user's + session. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ampache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/ampache-3.3.3.5" + + + CVE-2007-4437 + CVE-2007-4438 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-14.xml new file mode 100644 index 0000000000..4061335005 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-14.xml @@ -0,0 +1,68 @@ + + + + + DenyHosts: Denial of Service + + DenyHosts does not correctly parse log entries, potentially causing a + remote Denial of Service. + + denyhosts + October 13, 2007 + October 13, 2007: 01 + 181213 + remote + + + 2.6-r1 + 2.6-r1 + + + +

+ DenyHosts is designed to monitor SSH servers for repeated failed login + attempts. +

+ + +

+ Daniel B. Cid discovered that DenyHosts used an incomplete regular + expression to parse failed login attempts, a different issue than GLSA + 200701-01. +

+ + +

+ A remote unauthenticated attacker can add arbitrary hosts into the + blacklist, including the "all" keyword, by submitting specially crafted + version identification strings to the SSH server banner. An attacker + may use this to prevent legitimate users from accessing a host + remotely. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All DenyHosts users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6-r1" + + + CVE-2007-4323 + + + p-y + + + p-y + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-15.xml new file mode 100644 index 0000000000..cb190168c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-15.xml @@ -0,0 +1,76 @@ + + + + + KDM: Local privilege escalation + + KDM allows logins without password under certain circumstances allowing a + local user to gain elevated privileges. + + KDM + October 14, 2007 + October 14, 2007: 01 + 192373 + local + + + 3.5.7-r2 + 3.5.7-r2 + + + 3.5.7-r4 + 3.5.7-r4 + + + +

+ KDM is the Display Manager for the graphical desktop environment KDE. + It is part of the kdebase package. +

+ + +

+ Kees Huijgen discovered an error when checking the credentials which + can lead to a login without specifying a password. This only occurs + when auto login is configured for at least one user and a password is + required to shut down the machine. +

+ + +

+ A local attacker could gain root privileges and execute arbitrary + commands by logging in as root without specifying root's password. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All KDM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdm-3.5.7-r2" +

+ All kdebase users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdebase-3.5.7-r4" + + + CVE-2007-4569 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-16.xml new file mode 100644 index 0000000000..7cfd9b1fea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-16.xml @@ -0,0 +1,69 @@ + + + + + X.Org X server: Composite local privilege escalation + + A vulnerability has been discovered in the Composite extension of the X.Org + X server, allowing for a local privilege escalation. + + X.Org + October 14, 2007 + October 14, 2007: 01 + 191964 + local + + + 1.3.0.0-r1 + 1.3.0.0-r1 + + + +

+ The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

+ Aaron Plattner discovered a buffer overflow in the compNewPixmap() + function when copying data from a large pixel depth pixmap into a + smaller pixel depth pixmap. +

+ + +

+ A local attacker could execute arbitrary code with the privileges of + the user running the X server, typically root. +

+ + +

+ Disable the Composite extension by setting ' Option "Composite" + "disable" ' in the Extensions section of xorg.conf. +

+

+ Note: This could affect the functionality of some applications. +

+ + +

+ All X.Org X server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r1" + + + CVE-2007-4730 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-17.xml new file mode 100644 index 0000000000..30300ea6c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-17.xml @@ -0,0 +1,65 @@ + + + + + Balsa: Buffer overflow + + Balsa is vulnerable to a buffer overflow allowing for the user-assisted + execution of arbitrary code. + + balsa + October 16, 2007 + October 16, 2007: 01 + 193179 + remote + + + 2.3.20 + 2.3.20 + + + +

+ Balsa is a highly configurable email client for GNOME. +

+ + +

+ Evil Ninja Squirrel discovered a stack-based buffer overflow in the + ir_fetch_seq() function when receiving a long response to a FETCH + command (CVE-2007-5007). +

+ + +

+ A remote attacker could entice a user to connect to a malicious or + compromised IMAP server, possibly leading to the execution of arbitrary + code with the rights of the user running Balsa. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Balsa users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/balsa-2.3.20" + + + CVE-2007-5007 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-18.xml new file mode 100644 index 0000000000..c7c13af63f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-18.xml @@ -0,0 +1,67 @@ + + + + + util-linux: Local privilege escalation + + The mount and umount programs might allow local attackers to gain root + privileges. + + util-linux + October 18, 2007 + October 18, 2007: 01 + 195390 + local + + + 2.12r-r8 + 2.12r-r8 + + + +

+ util-linux is a suite of Linux programs including mount and umount, + programs used to mount and unmount filesystems. +

+ + +

+ Ludwig Nussel discovered that the check_special_mountprog() and + check_special_umountprog() functions call setuid() and setgid() in the + wrong order and do not check the return values, which can lead to + privileges being dropped improperly. +

+ + +

+ A local attacker may be able to exploit this vulnerability by using + mount helpers such as the mount.nfs program to gain root privileges and + run arbitrary commands. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All util-linux users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.12r-r8" + + + CVE-2007-5191 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-19.xml new file mode 100644 index 0000000000..e8a01d92d4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-19.xml @@ -0,0 +1,73 @@ + + + + + The Sleuth Kit: Integer underflow + + An integer underflow vulnerability has been reported in The Sleuth Kit + allowing for the user-assisted execution of arbitrary code. + + sleuthkit + October 18, 2007 + October 18, 2007: 01 + 181977 + remote + + + 2.0.9 + 2.0.9 + + + +

+ The Sleuth Kit is a collection of file system and media management + forensic analysis tools. +

+ + +

+ Jean-Sebastien Guay-Leroux reported an integer underflow in the + file_printf() function of the "file" utility which is bundled with The + Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not + affected by the improper fix for this vulnerability (identified as + CVE-2007-2799, see GLSA 200705-25) since version 4.20 of "file" was + never shipped with The Sleuth Kit ebuilds. +

+ + +

+ A remote attacker could entice a user to run The Sleuth Kit on a file + system containing a specially crafted file that would trigger a + heap-based buffer overflow possibly leading to the execution of + arbitrary code with the rights of the user running The Sleuth Kit. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All The Sleuth Kit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-forensics/sleuthkit-2.0.9" + + + CVE-2007-1536 + CVE-2007-2799 + GLSA 200703-26 + GLSA 200705-25 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-20.xml new file mode 100644 index 0000000000..4f0d565e46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-20.xml @@ -0,0 +1,78 @@ + + + + + PDFKit, ImageKits: Buffer overflow + + PDFKit and ImageKits are vulnerable to an integer overflow and a stack + overflow allowing for the user-assisted execution of arbitrary code. + + pdfkit imagekits + October 18, 2007 + October 18, 2007: 01 + 188185 + remote + + + 0.9_pre062906 + + + 0.6 + + + +

+ PDFKit is a framework for rendering of PDF content in GNUstep + applications. ImageKits is a collection of frameworks to support + imaging in GNUstep applications. +

+ + +

+ Maurycy Prodeus discovered an integer overflow vulnerability possibly + leading to a stack-based buffer overflow in the XPDF code which PDFKit + is based on. ImageKits also contains a copy of PDFKit. +

+ + +

+ By enticing a user to view a specially crafted PDF file with a viewer + based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote + attacker could cause an overflow, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ PDFKit and ImageKits are not maintained upstream, so the packages were + masked in Portage. We recommend that users unmerge PDFKit and + ImageKits: +

+ + # emerge --unmerge gnustep-libs/pdfkit + # emerge --unmerge gnustep-libs/imagekits +

+ As an alternative, users should upgrade their systems to use PopplerKit + instead of PDFKit and Vindaloo instead of ViewPDF. +

+ + + CVE-2007-3387 + GLSA 200709-12 + + + falco + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-21.xml new file mode 100644 index 0000000000..f287bb4934 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-21.xml @@ -0,0 +1,65 @@ + + + + + TikiWiki: Arbitrary command execution + + Tikiwiki contains a command injection vulnerability which may allow remote + execution of arbitrary code. + + tikiwiki + October 20, 2007 + October 20, 2007: 01 + 195503 + remote + + + 1.9.8.1 + 1.9.8.1 + + + +

+ TikiWiki is an open source content management system written in PHP. +

+ + +

+ ShAnKaR reported that input passed to the "f" array parameter in + tiki-graph_formula.php is not properly verified before being used to + execute PHP functions. +

+ + +

+ An attacker could execute arbitrary code with the rights of the user + running the web server by passing a specially crafted parameter string + to the tiki-graph_formula.php file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.8.1" + + + CVE-2007-5423 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-22.xml new file mode 100644 index 0000000000..e0939e113a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-22.xml @@ -0,0 +1,67 @@ + + + + + TRAMP: Insecure temporary file creation + + The TRAMP package for GNU Emacs insecurely creates temporary files. + + tramp + October 20, 2007 + December 30, 2007: 02 + 194713 + local + + + 2.1.10-r2 + 2.1 + 2.1.10-r2 + + + +

+ TRAMP is a remote file editing package for GNU Emacs, a highly + extensible and customizable text editor. +

+ + +

+ Stefan Monnier discovered that the tramp-make-tramp-temp-file() + function creates temporary files in an insecure manner. +

+ + +

+ A local attacker could create symbolic links in the directory where the + temporary files are written, pointing to a valid file somewhere on the + filesystem that is writable by the user running TRAMP. When TRAMP + writes the temporary file, the target valid file would then be + overwritten with the contents of the TRAMP temporary file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TRAMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emacs/tramp-2.1.10-r2" + + + CVE-2007-5377 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-23.xml new file mode 100644 index 0000000000..7632b869e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-23.xml @@ -0,0 +1,66 @@ + + + + + Star: Directory traversal vulnerability + + A directory traversal vulnerability has been discovered in Star. + + star + October 22, 2007 + October 22, 2007: 01 + 189690 + remote + + + 1.5_alpha84 + 1.5_alpha84 + + + +

+ The Star program provides the ability to create and extract tar + archives. +

+ + +

+ Robert Buchholz of the Gentoo Security team discovered a directory + traversal vulnerability in the has_dotdot() function which does not + identify //.. (slash slash dot dot) sequences in file names inside tar + files. +

+ + +

+ By enticing a user to extract a specially crafted tar archive, a remote + attacker could extract files to arbitrary locations outside of the + specified directory with the permissions of the user running Star. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Star users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/star-1.5_alpha84" + + + CVE-2007-4134 + + + aetius + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-24.xml new file mode 100644 index 0000000000..4ff60d52a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-24.xml @@ -0,0 +1,77 @@ + + + + + OpenOffice.org: Heap-based buffer overflow + + A heap-based buffer overflow vulnerability has been discovered in + OpenOffice.org, allowing for the remote execution of arbitrary code. + + openoffice + October 23, 2007 + October 23, 2007: 01 + 192818 + remote + + + 2.3.0 + 2.3.0 + + + 2.3.0 + 2.3.0 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ iDefense Labs reported that the TIFF parsing code uses untrusted values + to calculate buffer sizes, which can lead to an integer overflow + resulting in heap-based buffer overflow. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly leading to execution of arbitrary code with the + privileges of the user running OpenOffice.org. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.3.0" +

+ All OpenOffice.org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.3.0" + + + CVE-2007-2834 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-25.xml new file mode 100644 index 0000000000..30c88b350f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-25.xml @@ -0,0 +1,73 @@ + + + + + MLDonkey: Privilege escalation + + The Gentoo MLDonkey ebuild adds a user to the system with a valid login + shell and no password. + + mldonkey + October 24, 2007 + November 07, 2007: 02 + 189412 + remote + + + 2.9.0-r3 + 2.9.0-r3 + + + +

+ MLDonkey is a peer-to-peer filesharing client that connects to several + different peer-to-peer networks, including Overnet and BitTorrent. +

+ + +

+ The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so + that the MLDonkey service can run under a user with low privileges. + With older Portage versions this user is created with a valid login + shell and no password. +

+ + +

+ A remote attacker could log into a vulnerable system as the p2p user. + This would require an installed login service that permitted empty + passwords, such as SSH configured with the "PermitEmptyPasswords yes" + option, a local login console, or a telnet server. +

+ + +

+ See Resolution. +

+ + +

+ Change the p2p user's shell to disallow login. For example, as root run + the following command: +

+ + # usermod -s /bin/false p2p +

+ NOTE: updating to the current MLDonkey ebuild will not remove this + vulnerability, it must be fixed manually. The updated ebuild is to + prevent this problem from occurring in the future. +

+ + + CVE-2007-5714 + + + jaervosz + + + aetius + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-26.xml new file mode 100644 index 0000000000..272f09a787 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-26.xml @@ -0,0 +1,69 @@ + + + + + HPLIP: Privilege escalation + + The hpssd daemon might allow local attackers to execute arbitrary commands + with root privileges. + + hplip + October 24, 2007 + October 24, 2007: 01 + 195565 + local + + + 1.7.4a-r2 + 2.7.9-r1 + 2.7.9-r1 + + + +

+ The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides + drivers for HP's inkjet and laser printers, scanners and fax machines. + It integrates with the Common UNIX Printing System (CUPS) and Scanner + Access Now Easy (SANE). +

+ + +

+ Kees Cook from the Ubuntu Security team discovered that the hpssd + daemon does not correctly validate user supplied data before passing it + to a "popen3()" call. +

+ + +

+ A local attacker may be able to exploit this vulnerability by sending a + specially crafted request to the hpssd daemon to execute arbitrary + commands with the privileges of the user running hpssd, usually root. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All HPLIP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "net-print/hplip" + + + CVE-2007-5208 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-27.xml new file mode 100644 index 0000000000..a515c2f5f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-27.xml @@ -0,0 +1,72 @@ + + + + + ImageMagick: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in ImageMagick, possibly + resulting in arbitrary code execution or a Denial of Service. + + imagemagick + October 24, 2007 + October 24, 2007: 01 + 186030 + remote + + + 6.3.5.10 + 6.3.5.10 + + + +

+ ImageMagick is a collection of tools and libraries for manipulating + various image formats. +

+ + +

+ regenrecht reported multiple infinite loops in functions ReadDCMImage() + and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when + handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an + off-by-one error in the ReadBlobString() function (CVE-2007-4987). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or an + excessive CPU consumption. Note that applications relying on + ImageMagick to process images can also trigger the vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.5.10" + + + CVE-2007-4985 + CVE-2007-4986 + CVE-2007-4987 + CVE-2007-4988 + + + rbu + + + p-y + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-28.xml new file mode 100644 index 0000000000..9cc0ac4d47 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-28.xml @@ -0,0 +1,66 @@ + + + + + Qt: Buffer overflow + + An off-by-one vulnerability has been discovered in Qt, possibly resulting + in the execution of arbitrary code. + + qt + October 25, 2007 + October 25, 2007: 01 + 192472 + remote + + + 3.3.8-r4 + 3.3.8-r4 + + + +

+ Qt is a cross-platform GUI framework, which is used e.g. by KDE. +

+ + +

+ Dirk Mueller from the KDE development team discovered a boundary error + in file qutfcodec.cpp when processing Unicode strings. +

+ + +

+ A remote attacker could send a specially crafted Unicode string to a + vulnerable Qt application, possibly resulting in the remote execution + of arbitrary code with the privileges of the user running the + application. Note that the boundary error is present but reported to be + not exploitable in 4.x series. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Qt 3.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.8-r4" + + + CVE-2007-4137 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-29.xml new file mode 100644 index 0000000000..89604d68b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-29.xml @@ -0,0 +1,75 @@ + + + + + Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code + + A format string error has been discovered in Sylpheed and Claws Mail, + potentially leading to the remote execution of arbitrary code. + + sylpheed claws-mail + October 25, 2007 + October 25, 2007: 01 + 190104 + remote + + + 2.4.5 + 2.4.5 + + + 3.0.0 + 3.0.0 + + + +

+ Sylpheed and Claws Mail are two GTK based e-mail clients. +

+ + +

+ Ulf Harnhammar from Secunia Research discovered a format string error + in the inc_put_error() function in file src/inc.c. +

+ + +

+ A remote attacker could entice a user to connect to a malicious POP + server sending specially crafted replies, possibly resulting in the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sylpheed users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-2.4.5" +

+ All Claws Mail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.0.0" + + + CVE-2007-2958 + + + rbu + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-30.xml new file mode 100644 index 0000000000..cdd5b3289e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-30.xml @@ -0,0 +1,67 @@ + + + + + OpenSSL: Remote execution of arbitrary code + + OpenSSL contains a vulnerability allowing execution of arbitrary code or a + Denial of Service. + + openssl + October 27, 2007 + October 30, 2007: 03 + 195634 + remote + + + 0.9.8f + 0.9.8f + + + +

+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

+ Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is + caused due to an unspecified off-by-one error within the DTLS + implementation. +

+ + +

+ A remote attacker could exploit this issue to execute arbitrary code or + cause a Denial of Service. Only clients and servers explicitly using + DTLS are affected, systems using SSL and TLS are not. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8f" + + + CVE-2007-4995 + + + rbu + + + rbu + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-31.xml new file mode 100644 index 0000000000..274b6086a0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200710-31.xml @@ -0,0 +1,69 @@ + + + + + Opera: Multiple vulnerabilities + + Opera contains multiple vulnerabilities, which may allow the execution of + arbitrary code. + + opera + October 30, 2007 + October 30, 2007: 01 + 196164 + remote + + + 9.24 + 9.24 + + + +

+ Opera is a multi-platform web browser. +

+ + +

+ Michael A. Puls II discovered an unspecified flaw when launching + external email or newsgroup clients (CVE-2007-5541). David Bloom + discovered that when displaying frames from different websites, the + same-origin policy is not correctly enforced (CVE-2007-5540). +

+ + +

+ An attacker could potentially exploit the first vulnerability to + execute arbitrary code with the privileges of the user running Opera by + enticing a user to visit a specially crafted URL. Note that this + vulnerability requires an external e-mail or newsgroup client + configured in Opera to be exploitable. The second vulnerability allows + an attacker to execute arbitrary script code in a user's browser + session in context of other sites or the theft of browser credentials. +

+ + +

+ There is no known workaround at this time for all these + vulnerabilities. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.24" + + + CVE-2007-5540 + CVE-2007-5541 + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-01.xml new file mode 100644 index 0000000000..f3bb9f393a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-01.xml @@ -0,0 +1,66 @@ + + + + + gFTP: Multiple vulnerabilities + + Two buffer overflow vulnerabilities have been discovered in fsplib code + used in gFTP. + + gftp + November 01, 2007 + November 01, 2007: 01 + 188252 + remote + + + 2.0.18-r6 + 2.0.18-r6 + + + +

+ gFTP is an FTP client for the GNOME desktop environment. +

+ + +

+ Kalle Olavi Niemitalo discovered two boundary errors in fsplib code + included in gFTP when processing overly long directory or file names. +

+ + +

+ A remote attacker could trigger these vulnerabilities by enticing a + user to download a file with a specially crafted directory or file + name, possibly resulting in the execution of arbitrary code + (CVE-2007-3962) or a Denial of Service (CVE-2007-3961). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gFTP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/gftp-2.0.18-r6" + + + CVE-2007-3961 + CVE-2007-3962 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-02.xml new file mode 100644 index 0000000000..448eeee551 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-02.xml @@ -0,0 +1,64 @@ + + + + + OpenSSH: Security bypass + + A flaw has been discovered in OpenSSH which could allow a local attacker to + bypass security restrictions. + + openssh + November 01, 2007 + November 01, 2007: 01 + 191321 + remote + + + 4.7 + 4.7 + + + +

+ OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +

+ + +

+ Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it + cannot create an untrusted one. +

+ + +

+ An attacker could bypass the SSH client security policy and gain + privileges by causing an X client to be treated as trusted. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSH users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.7" + + + CVE-2007-4752 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-03.xml new file mode 100644 index 0000000000..d77a53fd50 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-03.xml @@ -0,0 +1,65 @@ + + + + + Gallery: Multiple vulnerabilities + + The WebDAV and Reupload modules of Gallery contain multiple unspecified + vulnerabilities. + + gallery + November 01, 2007 + November 11, 2007: 02 + 191587 + remote + + + 2.2.3 + 2.0 + 2.2.3 + + + +

+ Gallery is a PHP based photo album manager. +

+ + +

+ Merrick Manalastas and Nicklous Roberts have discovered multiple + vulnerabilities in the WebDAV and Reupload modules. +

+ + +

+ A remote attacker could exploit these vulnerabilities to bypass + security restrictions and rename, replace and change properties of + items, or edit item data using WebDAV. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gallery users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.3" + + + CVE-2007-4650 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-04.xml new file mode 100644 index 0000000000..82135bc39f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-04.xml @@ -0,0 +1,71 @@ + + + + + Evolution: User-assisted remote execution of arbitrary code + + The IMAP client of Evolution contains a vulnerability potentially leading + to the execution of arbitrary code. + + evolution-data-server + November 06, 2007 + November 06, 2007: 01 + 190861 + remote + + + 1.10.3.1 + 1.10.3.1 + + + +

+ Evolution is the mail client of the GNOME desktop environment. Camel is + the Evolution Data Server module that handles mail functions. +

+ + +

+ The imap_rescan() function of the file camel-imap-folder.c does not + properly sanitize the "SEQUENCE" response sent by an IMAP server before + being used to index arrays. +

+ + +

+ A malicious or compromised IMAP server could trigger the vulnerability + and execute arbitrary code with the permissions of the user running + Evolution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Note that this GLSA addresses the same issue as GLSA 200707-03, but for + the 1.10 branch of Evolution Data Server. +

+

+ All Evolution users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-extra/evolution-data-server-1.10.3.1" + + + GLSA 200707-03 + CVE-2007-3257 + + + p-y + + + p-y + + + aetius + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-05.xml new file mode 100644 index 0000000000..90a79c2721 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-05.xml @@ -0,0 +1,78 @@ + + + + + SiteBar: Multiple issues + + Multiple issues have been identified in SiteBar that might allow execution + of arbitrary code and arbitrary file disclosure. + + sitebar + November 06, 2007 + November 06, 2007: 01 + 195810 + remote + + + 3.3.9 + 3.3.9 + + + +

+ SiteBar is a PHP application that allows users to store their bookmarks + on a web server. +

+ + +

+ Tim Brown discovered these multiple issues: the translation module does + not properly sanitize the value to the "dir" parameter (CVE-2007-5491, + CVE-2007-5694); the translation module also does not sanitize the + values of the "edit" and "value" parameters which it passes to eval() + and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does + not validate the URL to redirect users to after logging in + (CVE-2007-5695); SiteBar also contains several cross-site scripting + vulnerabilities (CVE-2007-5692). +

+ + +

+ An authenticated attacker in the "Translators" or "Admins" group could + execute arbitrary code, read arbitrary files and possibly change their + permissions with the privileges of the user running the web server by + passing a specially crafted parameter string to the "translator.php" + file. An unauthenticated attacker could entice a user to browse a + specially crafted URL, allowing for the execution of script code in the + context of the user's browser, for the theft of browser credentials or + for a redirection to an arbitrary web site after login. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SiteBar users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/sitebar-3.3.9" + + + CVE-2007-5491 + CVE-2007-5492 + CVE-2007-5692 + CVE-2007-5693 + CVE-2007-5694 + CVE-2007-5695 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-06.xml new file mode 100644 index 0000000000..e934ddb3c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-06.xml @@ -0,0 +1,77 @@ + + + + + Apache: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Apache, possibly resulting + in a Denial of Service or the disclosure of sensitive information. + + apache + November 07, 2007 + November 07, 2007: 01 + 186219 + remote + + + 2.0.59-r5 + 2.2.6 + 2.2.6 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + Internet. +

+ + +

+ Multiple cross-site scripting vulnerabilities have been discovered in + mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error + has been discovered in the recall_headers() function in mod_mem_cache + (CVE-2007-1862). The mod_cache module does not properly sanitize + requests before processing them (CVE-2007-1863). The Prefork module + does not properly check PID values before sending signals + (CVE-2007-3304). The mod_proxy module does not correctly check headers + before processing them (CVE-2007-3847). +

+ + +

+ A remote attacker could exploit one of these vulnerabilities to inject + arbitrary script or HTML content, obtain sensitive information or cause + a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5" + + + CVE-2006-5752 + CVE-2007-1862 + CVE-2007-1863 + CVE-2007-3304 + CVE-2007-3847 + CVE-2007-4465 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-07.xml new file mode 100644 index 0000000000..f50183aea1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-07.xml @@ -0,0 +1,77 @@ + + + + + Python: User-assisted execution of arbitrary code + + Multiple integer overflow vulnerabilities have been discovered in Python, + possibly resulting in the execution of arbitrary code or a Denial of + Service. + + python + November 07, 2007 + November 07, 2007: 01 + 192876 + remote + + + 2.3.6-r3 + 2.4.4-r6 + 2.4.4-r6 + + + +

+ Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

+ Slythers Bro discovered multiple integer overflows in the imageop + module, one of them in the tovideo() method, in various locations in + files imageop.c, rbgimgmodule.c, and also in other files. +

+ + +

+ A remote attacker could entice a user to process specially crafted + images with an application using the Python imageop module, resulting + in the execution of arbitrary code with the privileges of the user + running the application, or a Denial of Service. Note that this + vulnerability may or may not be exploitable, depending on the + application using the module. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Python 2.3.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r3" +

+ All Python 2.4.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r6" + + + CVE-2007-4965 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-08.xml new file mode 100644 index 0000000000..1f4738b9ae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-08.xml @@ -0,0 +1,71 @@ + + + + + libpng: Multiple Denials of Service + + Several vulnerabilities in libpng may allow a remote attacker to crash + applications that handle untrusted images. + + libpng + November 07, 2007 + November 07, 2007: 01 + 195261 + remote + + + 1.2.21-r3 + 1.2.21-r3 + + + +

+ libpng is a free ANSI C library used to process and manipulate PNG + images. +

+ + +

+ An off-by-one error when handling ICC profile chunks in the + png_set_iCCP() function was discovered (CVE-2007-5266). George Cook and + Jeff Phillips reported several errors in pngrtran.c, the use of logical + instead of a bitwise functions and incorrect comparisons + (CVE-2007-5268). Tavis Ormandy reported out-of-bounds read errors in + several PNG chunk handling functions (CVE-2007-5269). +

+ + +

+ A remote attacker could craft an image that when processed or viewed by + an application using libpng would cause the application to terminate + abnormally. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.21-r3" + + + CVE-2007-5266 + CVE-2007-5268 + CVE-2007-5269 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-09.xml new file mode 100644 index 0000000000..b229a58a3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-09.xml @@ -0,0 +1,66 @@ + + + + + MadWifi: Denial of Service + + MadWifi does not correctly process beacon frames which can lead to a + remotely triggered Denial of Service. + + madwifi-ng + November 07, 2007 + November 07, 2007: 01 + 195705 + remote + + + 0.9.3.3 + 0.9.3.3 + + + +

+ The MadWifi driver provides support for Atheros based IEEE 802.11 + Wireless Lan cards. +

+ + +

+ Clemens Kolbitsch and Sylvester Keil reported an error when processing + beacon frames with an overly large "length" value in the "xrates" + element. +

+ + +

+ A remote attacker could act as an access point and send a specially + crafted packet to an Atheros based wireless client, possibly resulting + in a Denial of Service (kernel panic). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MadWifi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3.3" + + + CVE-2007-5448 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-10.xml new file mode 100644 index 0000000000..cdfb4ff169 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-10.xml @@ -0,0 +1,65 @@ + + + + + Mono: Buffer overflow + + Mono's BigInteger implementation contains a buffer overflow vulnerability + that might lead to the execution of arbitrary code. + + mono + November 07, 2007 + November 07, 2007: 01 + 197067 + remote + + + 1.2.5.1-r1 + 1.2.5.1-r1 + + + +

+ Mono provides the necessary software to develop and run .NET client and + server applications on various platforms. +

+ + +

+ IOActive discovered an error in the Mono.Math.BigInteger class, in the + reduction step of the Montgomery-based Pow methods, that could lead to + a buffer overflow. +

+ + +

+ A remote attacker could exploit this vulnerability by sending specially + crafted data to Mono applications using the BigInteger class, which + might lead to the execution of arbitrary code with the privileges of + the user running the application (possibly root) or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mono users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/mono-1.2.5.1-r1" + + + CVE-2007-5197 + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-11.xml new file mode 100644 index 0000000000..c8c6c9dd37 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-11.xml @@ -0,0 +1,75 @@ + + + + + Nagios Plugins: Two buffer overflows + + Two buffer overflow vulnerabilities in the Nagios Plugins might allow for + remote execution of arbitrary code. + + nagios-plugins + November 08, 2007 + November 08, 2007: 01 + 196308 + 194178 + remote + + + 1.4.10-r1 + 1.4.10-r1 + + + +

+ The Nagios Plugins are an official set of plugins for Nagios, an open + source host, service and network monitoring program. +

+ + +

+ fabiodds reported a boundary checking error in the "check_snmp" plugin + when processing SNMP "GET" replies that could lead to a stack-based + buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary + checking error in the redir() function of the "check_http" plugin when + processing HTTP "Location:" header information which might lead to a + buffer overflow (CVE-2007-5198). +

+ + +

+ A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the privileges of the user running Nagios or cause + a Denial of Service by (1) sending a specially crafted SNMP "GET" reply + to the Nagios daemon or (2) sending an overly long string in the + "Location:" header of an HTTP reply. Note that to exploit (2), the + malicious or compromised web server has to be configured in Nagios and + the "-f" (follow) option has to be enabled. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users of the Nagios Plugins should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-plugins-1.4.10-r1" + + + CVE-2007-5198 + CVE-2007-5623 + + + rbu + + + rbu + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-12.xml new file mode 100644 index 0000000000..3b46e4fa29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-12.xml @@ -0,0 +1,67 @@ + + + + + Tomboy: User-assisted execution of arbitrary code + + Tomboy doesn't properly handle environment variables, potentially allowing + a local attacker to execute arbitrary code. + + tomboy + November 08, 2007 + November 08, 2007: 01 + 189249 + local + + + 0.8.1-r1 + 0.8.1-r1 + + + +

+ Tomboy is a GTK-based desktop note-taking application written in C# and + the Mono C#. +

+ + +

+ Jan Oravec reported that the "/usr/bin/tomboy" script sets the + "LD_LIBRARY_PATH" environment variable incorrectly, which might result + in the current working directory (.) to be included when searching for + dynamically linked libraries of the Mono Runtime application. +

+ + +

+ A local attacker could entice a user into running Tomboy in a directory + containing a specially crafted library file to execute arbitrary code + with the privileges of the user running Tomboy. +

+ + +

+ Do not run Tomboy from an untrusted working directory. +

+ + +

+ All Tomboy users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/tomboy-0.8.1-r1" + + + CVE-2005-4790 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-13.xml new file mode 100644 index 0000000000..4f09a9c540 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-13.xml @@ -0,0 +1,66 @@ + + + + + 3proxy: Denial of Service + + A vulnerability has been discovered in 3proxy, possibly resulting in a + Denial of Service. + + 3proxy + November 08, 2007 + November 08, 2007: 01 + 196772 + remote + + + 0.5.3j + 0.5.3j + + + +

+ 3proxy is a really tiny cross-platform proxy servers set, including + HTTP, HTTPS, FTP, SOCKS and POP3 support. +

+ + +

+ 3proxy contains a double free vulnerability in the ftpprchild() + function, which frees param->hostname and calls the parsehostname() + function, which in turn attempts to free param->hostname again. +

+ + +

+ A remote attacker could send a specially crafted request to the proxy, + possibly resulting in a Denial of Service. Under typical configuration, + the scope of this vulnerability is limited to the local network. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All 3proxy users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/3proxy-0.5.3j" + + + CVE-2007-5622 + + + p-y + + + keytoaster + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-14.xml new file mode 100644 index 0000000000..af18f6bf94 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-14.xml @@ -0,0 +1,125 @@ + + + + + Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey + and XULRunner, potentially allowing to compromise a user's system. + + firefox seamonkey xulrunner + November 12, 2007 + November 12, 2007: 01 + 196480 + remote + + + 2.0.0.9 + 2.0.0.9 + + + 2.0.0.9 + 2.0.0.9 + + + 1.1.6 + 1.1.6 + + + 1.1.6 + 1.1.6 + + + 1.8.1.9 + 1.8.1.9 + + + +

+ Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey + is a free, cross-platform Internet suite. +

+ + +

+ Multiple vulnerabilities have been reported in Mozilla Firefox and + SeaMonkey. Various errors in the browser engine and the Javascript + engine can be exploited to cause a memory corruption (CVE-2007-5339 and + CVE-2007-5340). Before being used in a request, input passed to the + user ID when making an HTTP request with digest authentication is not + properly sanitised (CVE-2007-2292). The titlebar can be hidden by a XUL + markup language document (CVE-2007-5334). Additionally, an error exists + in the handling of "smb:" and "sftp:" URI schemes on systems with + gnome-vfs support (CVE-2007-5337). An unspecified error in the handling + of "XPCNativeWrappers" and not properly implementing JavaScript + onUnload() handlers may allow the execution of arbitrary Javascript + code (CVE-2007-5338 and CVE-2007-1095). Another error is triggered by + using the addMicrosummaryGenerator sidebar method to access file: URIs + (CVE-2007-5335). +

+ + +

+ A remote attacker could exploit these issues to execute arbitrary code, + gain the privileges of the user running the application, disclose + sensitive information, conduct phishing attacks, and read and + manipulate certain data. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.9" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.9" +

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.6" +

+ All SeaMonkey binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.6" +

+ All XULRunner users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.9" + + + CVE-2007-1095 + CVE-2007-2292 + CVE-2007-5334 + CVE-2007-5335 + CVE-2007-5337 + CVE-2007-5338 + CVE-2007-5339 + CVE-2007-5340 + + + rbu + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-15.xml new file mode 100644 index 0000000000..493bdcf19a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-15.xml @@ -0,0 +1,74 @@ + + + + + FLAC: Buffer overflow + + Multiple integer overflow vulnerabilities were found in FLAC possibly + allowing for the execution of arbitrary code. + + flac + November 12, 2007 + November 12, 2007: 01 + 195700 + remote + + + 1.2.1-r1 + 1.2.1-r1 + + + +

+ The Xiph.org Free Lossless Audio Codec (FLAC) library is the reference + implementation of the FLAC audio file format. It contains encoders and + decoders in library and executable form. +

+ + +

+ Sean de Regge reported multiple integer overflows when processing FLAC + media files that could lead to improper memory allocations resulting in + heap-based buffer overflows. +

+ + +

+ A remote attacker could entice a user to open a specially crafted FLAC + file or network stream with an application using FLAC. This might lead + to the execution of arbitrary code with privileges of the user playing + the file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FLAC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/flac-1.2.1-r1" +

+ You should also run revdep-rebuild to rebuild any packages that depend + on older versions of FLAC: +

+ + # revdep-rebuild --library=libFLAC.* + + + CVE-2007-4619 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-16.xml new file mode 100644 index 0000000000..cad29aee52 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-16.xml @@ -0,0 +1,69 @@ + + + + + CUPS: Memory corruption + + CUPS contains a boundary checking error that might lead to the execution of + arbitrary code. + + cups + November 12, 2007 + November 12, 2007: 01 + 196736 + remote + + + 1.2.12-r2 + 1.2.12-r2 + + + +

+ CUPS provides a portable printing layer for UNIX-based operating + systems. +

+ + +

+ Alin Rad Pop (Secunia Research) discovered an off-by-one error in the + ippReadIO() function when handling Internet Printing Protocol (IPP) + tags that might allow to overwrite one byte on the stack. +

+ + +

+ A local attacker could send a specially crafted IPP request containing + "textWithLanguage" or "nameWithLanguage" tags, leading to a Denial of + Service or the execution of arbitrary code with the privileges of the + "lp" user. If CUPS is configured to allow network printing, this + vulnerability might be remotely exploitable. +

+ + +

+ To avoid remote exploitation, network access to CUPS servers on port + 631/udp should be restricted. In order to do this, update the "Listen" + setting in cupsd.conf to "Listen localhost:631" or add a rule to + the system's firewall. However, this will not avoid local users from + exploiting this vulnerability. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r2" + + + CVE-2007-4351 + + + rbu + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-17.xml new file mode 100644 index 0000000000..b312cfb143 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-17.xml @@ -0,0 +1,75 @@ + + + + + Ruby on Rails: Multiple vulnerabilities + + Several vulnerabilities were found in Ruby on Rails allowing for file + disclosure and theft of user credentials. + + rails + November 14, 2007 + November 14, 2007: 01 + 195315 + 182223 + remote + + + 1.2.5 + 1.2.5 + + + +

+ Ruby on Rails is a free web framework used to develop database-driven + web applications. +

+ + +

+ candlerb found that ActiveResource, when processing responses using the + Hash.from_xml() function, does not properly sanitize filenames + (CVE-2007-5380). The session management functionality allowed the + "session_id" to be set in the URL (CVE-2007-5380). BCC discovered that + the to_json() function does not properly sanitize input before + returning it to the user (CVE-2007-3227). +

+ + +

+ Unauthenticated remote attackers could exploit these vulnerabilities to + determine the existence of files or to read the contents of arbitrary + XML files; conduct session fixation attacks and gain unauthorized + access; and to execute arbitrary HTML and script code in a user's + browser session in context of an affected site by enticing a user to + browse a specially crafted URL. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby on Rails users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rails-1.2.5" + + + CVE-2007-3227 + CVE-2007-5379 + CVE-2007-5380 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-18.xml new file mode 100644 index 0000000000..8caa907597 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-18.xml @@ -0,0 +1,65 @@ + + + + + Cpio: Buffer overflow + + GNU cpio contains a buffer overflow vulnerability, possibly resulting in a + Denial of Service. + + cpio + November 14, 2007 + November 14, 2007: 01 + 196978 + remote + + + 2.9-r1 + 2.9-r1 + + + +

+ GNU cpio copies files into or out of a cpio or tar archive. +

+ + +

+ A buffer overflow vulnerability in the safer_name_suffix() function in + GNU cpio has been discovered. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + archive file resulting in a stack-based buffer overflow, possibly + crashing the application. It is disputed whether the execution of + arbitrary code is possible. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU cpio users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.9-r1" + + + CVE-2007-4476 + + + p-y + + + p-y + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-19.xml new file mode 100644 index 0000000000..2bc7e0089b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-19.xml @@ -0,0 +1,67 @@ + + + + + TikiWiki: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in TikiWiki, possibly + resulting in the remote execution of arbitrary code. + + tikiwiki + November 14, 2007 + November 14, 2007: 01 + 195503 + remote + + + 1.9.8.3 + 1.9.8.3 + + + +

+ TikiWiki is an open source content management system written in PHP. +

+ + +

+ Stefan Esser reported that a previous vulnerability (CVE-2007-5423, + GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 + (CVE-2007-5682). The TikiWiki development team also added several + checks to avoid file inclusion. +

+ + +

+ A remote attacker could exploit these vulnerabilities to inject + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.8.3" + + + GLSA 200710-21 + CVE-2007-5423 + CVE-2007-5682 + + + rbu + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-20.xml new file mode 100644 index 0000000000..d1f00e3a06 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-20.xml @@ -0,0 +1,67 @@ + + + + + Pioneers: Multiple Denials of Service + + Two Denial of Service vulnerabilities were discovered in Pioneers. + + pioneers + November 14, 2007 + November 29, 2007: 04 + 198807 + remote + + + 0.11.3-r1 + 0.11.3-r1 + + + +

+ Pioneers (formerly gnocatan) is a clone of the popular board game "The + Settlers of Catan". +

+ + +

+ Roland Clobus discovered that the Pioneers server may free sessions + objects while they are still in use, resulting in access to invalid + memory zones (CVE-2007-5933). Bas Wijnen discovered an error when + closing connections which can lead to a failed assertion + (CVE-2007-6010). +

+ + +

+ A remote attacker could send specially crafted data to the vulnerable + server, resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pioneers users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-board/pioneers-0.11.3-r1" + + + CVE-2007-5933 + CVE-2007-6010 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-21.xml new file mode 100644 index 0000000000..feeca8ab0f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-21.xml @@ -0,0 +1,67 @@ + + + + + Bochs: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Bochs, possibly allowing + for the execution of arbitrary code or a Denial of Service. + + bochs + November 17, 2007 + November 17, 2007: 01 + 188148 + local + + + 2.3 + 2.3 + + + +

+ Bochs is a IA-32 (x86) PC emulator written in C++. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered a heap-based + overflow vulnerability in the NE2000 driver (CVE-2007-2893). He also + discovered a divide-by-zero error in the emulated floppy disk + controller (CVE-2007-2894). +

+ + +

+ A local attacker in the guest operating system could exploit these + issues to execute code outside of the virtual machine, or cause Bochs + to crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Bochs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/bochs-2.3" + + + CVE-2007-2893 + CVE-2007-2894 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-22.xml new file mode 100644 index 0000000000..c186fa325a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-22.xml @@ -0,0 +1,118 @@ + + + + + Poppler, KDE: User-assisted execution of arbitrary code + + Poppler and various KDE components are vulnerable to multiple memory + management issues possibly resulting in the execution of arbitrary code. + + poppler koffice kword kdegraphics kpdf + November 18, 2007 + November 18, 2007: 01 + 196735 + 198409 + remote + + + 0.6.1-r1 + 0.6.1-r1 + + + 3.5.7-r3 + 3.5.8-r1 + 3.5.8-r1 + + + 3.5.7-r3 + 3.5.8-r1 + 3.5.8-r1 + + + 1.6.3-r2 + 1.6.3-r2 + + + 1.6.3-r2 + 1.6.3-r2 + + + +

+ Poppler is a cross-platform PDF rendering library originally based on + Xpdf. KOffice is an integrated office suite for KDE. KWord is the + KOffice word processor. KPDF is a KDE-based PDF viewer included in the + kdegraphics package. +

+ + +

+ Alin Rad Pop (Secunia Research) discovered several vulnerabilities in + the "Stream.cc" file of Xpdf: An integer overflow in the + DCTStream::reset() method and a boundary error in the + CCITTFaxStream::lookChar() method, both leading to heap-based buffer + overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary + checking error in the DCTStream::readProgressiveDataUnit() method + causing memory corruption (CVE-2007-4352). Note: Gentoo's version of + Xpdf is patched to use the Poppler library, so the update to Poppler + will also fix Xpdf. +

+ + +

+ By enticing a user to view or process a specially crafted PDF file with + KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, + ePDFView, and Evince or the CUPS printing system, a remote attacker + could cause an overflow, potentially resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Poppler users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.1-r1" +

+ All KPDF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.5.7-r3" +

+ All KDE Graphics Libraries users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.5.7-r3" +

+ All KWord users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/kword-1.6.3-r2" +

+ All KOffice users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/koffice-1.6.3-r2" + + + CVE-2007-4352 + CVE-2007-5392 + CVE-2007-5393 + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-23.xml new file mode 100644 index 0000000000..63fcb9c2e6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-23.xml @@ -0,0 +1,110 @@ + + + + + VMware Workstation and Player: Multiple vulnerabilities + + VMware guest operating systems might be able to execute arbitrary code with + elevated privileges on the host operating system through multiple flaws. + + vmware-workstation vmware-player + November 18, 2007 + April 16, 2008: 03 + 193196 + remote + + + 5.5.5.56455 + 5.5.5.56455 + 6.0.0.45731 + + + 1.0.5.56455 + 1.0.5.56455 + 2.0.0.45731 + + + +

+ VMware Workstation is a virtual machine for developers and system + administrators. VMware Player is a freeware virtualization software + that can run guests produced by other VMware products. +

+ + +

+ Multiple vulnerabilities have been discovered in several VMware + products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that + the DHCP server contains an integer overflow vulnerability + (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and + another error when handling malformed packets (CVE-2007-0061), leading + to stack-based buffer overflows or stack corruption. Rafal Wojtczvk + (McAfee) discovered two unspecified errors that allow authenticated + users with administrative or login privileges on a guest operating + system to corrupt memory or cause a Denial of Service (CVE-2007-4496, + CVE-2007-4497). Another unspecified vulnerability related to untrusted + virtual machine images was discovered (CVE-2007-5617). +

+

+ VMware products also shipped code copies of software with several + vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT + Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow + (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813, + CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146). +

+ + +

+ Remote attackers within a guest system could possibly exploit these + vulnerabilities to execute code on the host system with elevated + privileges or to cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VMware Workstation users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/vmware-workstation-5.5.5.56455" +

+ All VMware Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/vmware-player-1.0.5.56455" + + + CVE-2004-0813 + CVE-2006-3619 + CVE-2006-4146 + CVE-2006-4600 + CVE-2007-0061 + CVE-2007-0062 + CVE-2007-0063 + CVE-2007-1716 + CVE-2007-4496 + CVE-2007-4497 + CVE-2007-5617 + GLSA-200606-02 + GLSA-200702-06 + GLSA-200704-11 + GLSA-200705-15 + GLSA-200707-11 + VMSA-2007-0006 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-24.xml new file mode 100644 index 0000000000..ee209ec369 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-24.xml @@ -0,0 +1,80 @@ + + + + + Mozilla Thunderbird: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Thunderbird, which + may allow user-assisted arbitrary remote code execution. + + mozilla-thunderbird mozilla-thunderbird-bin + November 18, 2007 + November 18, 2007: 01 + 196481 + remote + + + 2.0.0.9 + 2.0.0.9 + + + 2.0.0.9 + 2.0.0.9 + + + +

+ Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +

+ + +

+ Multiple vulnerabilities have been reported in Mozilla Thunderbird's + HTML browser engine (CVE-2007-5339) and JavaScript engine + (CVE-2007-5340) that can be exploited to cause a memory corruption. +

+ + +

+ A remote attacker could entice a user to read a specially crafted email + that could trigger one of the vulnerabilities, possibly leading to the + execution of arbitrary code. +

+ + +

+ There is no known workaround at this time for all of these issues, but + some of them can be avoided by disabling JavaScript. +

+ + +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.9" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.9" + + + CVE-2007-5339 + CVE-2007-5340 + GLSA 200711-14 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-25.xml new file mode 100644 index 0000000000..e0a570c385 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-25.xml @@ -0,0 +1,65 @@ + + + + + MySQL: Denial of Service + + A Denial of Service vulnerability was found in MySQL. + + mysql + November 18, 2007 + November 18, 2007: 01 + 198988 + remote + + + 5.0.44-r2 + 5.0.44-r2 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL server. +

+ + +

+ Joe Gallo and Artem Russakovskii reported an error in the + convert_search_mode_to_innobase() function in ha_innodb.cc in the + InnoDB engine that is leading to a failed assertion when handling + CONTAINS operations. +

+ + +

+ A remote authenticated attacker with ALTER privileges could send a + specially crafted request to a vulnerable database server possibly + leading to a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.44-r2" + + + CVE-2007-5925 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-26.xml new file mode 100644 index 0000000000..675d71ad7a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-26.xml @@ -0,0 +1,75 @@ + + + + + teTeX: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in teTeX, possibly allowing + to execute arbitrary code or overwrite arbitrary files. + + tetex + November 18, 2007 + November 18, 2007: 01 + 198238 + remote + + + 3.0_p1-r6 + 3.0_p1-r6 + + + +

+ teTeX is a complete TeX distribution for editing documents. +

+ + +

+ Joachim Schrod discovered several buffer overflow vulnerabilities and + an insecure temporary file creation in the "dvilj" application that is + used by dvips to convert DVI files to printer formats (CVE-2007-5937, + CVE-2007-5936). Bastien Roucaries reported that the "dvips" application + is vulnerable to two stack-based buffer overflows when processing DVI + documents with long \href{} URIs (CVE-2007-5935). teTeX also includes + code from Xpdf that is vulnerable to a memory corruption and two + heap-based buffer overflows (GLSA 200711-22); and it contains code from + T1Lib that is vulnerable to a buffer overflow when processing an overly + long font filename (GLSA 200710-12). +

+ + +

+ A remote attacker could entice a user to process a specially crafted + DVI or PDF file which could lead to the execution of arbitrary code + with the privileges of the user running the application. A local + attacker could exploit the "dvilj" vulnerability to conduct a symlink + attack to overwrite arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All teTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/tetex-3.0_p1-r6" + + + CVE-2007-5935 + CVE-2007-5936 + CVE-2007-5937 + GLSA 200710-12 + GLSA 200711-22 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-27.xml new file mode 100644 index 0000000000..d33d290782 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-27.xml @@ -0,0 +1,67 @@ + + + + + Link Grammar: User-assisted execution of arbitrary code + + A buffer overflow vulnerability has been discovered in Link Grammar. + + link-grammar + November 18, 2007 + November 18, 2007: 01 + 196803 + remote + + + 4.2.4-r1 + 4.2.4-r1 + + + +

+ The Link Grammar parser is a syntactic parser of English, based on link + grammar, an original theory of English syntax. +

+ + +

+ Alin Rad Pop from Secunia Research discovered a boundary error in the + function separate_sentence() in file tokenize.c when processing an + overly long word which might lead to a stack-based buffer overflow. +

+ + +

+ A remote attacker could entice a user to parse a specially crafted + sentence, resulting in the remote execution of arbitrary code with the + privileges of the user running the application. Note that this + vulnerability may be triggered by an application using Link Grammar to + parse sentences (e.g. AbiWord). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Link Grammar users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/link-grammar-4.2.4-r1" + + + CVE-2007-5395 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-28.xml new file mode 100644 index 0000000000..1a5db8b717 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-28.xml @@ -0,0 +1,69 @@ + + + + + Perl: Buffer overflow + + A buffer overflow in the Regular Expression engine in Perl possibly allows + for the execution of arbitrary code. + + perl + November 19, 2007 + November 19, 2007: 01 + 198196 + remote + + + 5.8.8-r4 + 5.8.8-r4 + + + +

+ Perl is a stable, cross-platform programming language created by Larry + Wall. +

+ + +

+ Tavis Ormandy and Will Drewry (Google Security Team) discovered a + heap-based buffer overflow in the Regular Expression engine (regcomp.c) + that occurs when switching from byte to Unicode (UTF-8) characters in a + regular expression. +

+ + +

+ A remote attacker could either entice a user to compile a specially + crafted regular expression or actively compile it in case the script + accepts remote input of regular expressions, possibly leading to the + execution of arbitrary code with the privileges of the user running + Perl. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Perl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r4" + + + CVE-2007-5116 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-29.xml new file mode 100644 index 0000000000..7c0b86eee6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-29.xml @@ -0,0 +1,78 @@ + + + + + Samba: Execution of arbitrary code + + Samba contains two buffer overflow vulnerabilities potentially resulting in + the execution of arbitrary code. + + samba + November 20, 2007 + December 05, 2007: 03 + 197519 + remote + + + 3.0.27a + 3.0.27a + + + +

+ Samba is a suite of SMB and CIFS client/server programs for UNIX. +

+ + +

+ Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia + Research) discovered a boundary checking error in the + reply_netbios_packet() function which could lead to a stack-based + buffer overflow (CVE-2007-5398). The Samba developers discovered a + boundary error when processing GETDC logon requests also leading to a + buffer overflow (CVE-2007-4572). +

+ + +

+ To exploit the first vulnerability, a remote unauthenticated attacker + could send specially crafted WINS "Name Registration" requests followed + by a WINS "Name Query" request. This might lead to execution of + arbitrary code with elevated privileges. Note that this vulnerability + is exploitable only when WINS server support is enabled in Samba. The + second vulnerability could be exploited by sending specially crafted + "GETDC" mailslot requests, but requires Samba to be configured as a + Primary or Backup Domain Controller. It is not believed the be + exploitable to execute arbitrary code. +

+ + +

+ To work around the first vulnerability, disable WINS support in Samba + by setting "wins support = no" in the "global" section of your + smb.conf and restart Samba. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.27a" +

+ The first vulnerability (CVE-2007-5398) was already fixed in Samba + 3.0.26a-r2. +

+ + + CVE-2007-4572 + CVE-2007-5398 + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-30.xml new file mode 100644 index 0000000000..9d2ba08289 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-30.xml @@ -0,0 +1,100 @@ + + + + + PCRE: Multiple vulnerabilities + + PCRE is vulnerable to multiple buffer overflow and memory corruption + vulnerabilities, possibly leading to the execution of arbitrary code. + + libpcre + November 20, 2007 + November 20, 2007: 01 + 198198 + remote + + + 7.3-r1 + 7.3-r1 + + + +

+ PCRE is a library providing functions for Perl-compatible regular + expressions. +

+ + +

+ Tavis Ormandy (Google Security) discovered multiple vulnerabilities in + PCRE. He reported an error when processing "\Q\E" sequences with + unmatched "\E" codes that can lead to the compiled bytecode being + corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for + unspecified "multiple forms of character class", which triggers a + buffer overflow (CVE-2007-1660). Further improper calculations of + memory boundaries were reported when matching certain input bytes + against regex patterns in non UTF-8 mode (CVE-2007-1661) and when + searching for unmatched brackets or parentheses (CVE-2007-1662). + Multiple integer overflows when processing escape sequences may lead to + invalid memory read operations or potentially cause heap-based buffer + overflows (CVE-2007-4766). PCRE does not properly handle "\P" and + "\P{x}" sequences which can lead to heap-based buffer overflows or + trigger the execution of infinite loops (CVE-2007-4767), PCRE is also + prone to an error when optimizing character classes containing a + singleton UTF-8 sequence which might lead to a heap-based buffer + overflow (CVE-2007-4768). +

+

+ Chris Evans also reported multiple integer overflow vulnerabilities in + PCRE when processing a large number of named subpatterns ("name_count") + or long subpattern names ("max_name_size") (CVE-2006-7227), and via + large "min", "max", or "duplength" values (CVE-2006-7228) both possibly + leading to buffer overflows. Another vulnerability was reported when + compiling patterns where the "-x" or "-i" UTF-8 options change within + the pattern, which might lead to improper memory calculations + (CVE-2006-7230). +

+ + +

+ An attacker could exploit these vulnerabilities by sending specially + crafted regular expressions to applications making use of the PCRE + library, which could possibly lead to the execution of arbitrary code, + a Denial of Service or the disclosure of sensitive information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PCRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.3-r1" + + + CVE-2006-7227 + CVE-2006-7228 + CVE-2006-7230 + CVE-2007-1659 + CVE-2007-1660 + CVE-2007-1661 + CVE-2007-1662 + CVE-2007-4766 + CVE-2007-4767 + CVE-2007-4768 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-31.xml new file mode 100644 index 0000000000..415f98ff86 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-31.xml @@ -0,0 +1,65 @@ + + + + + Net-SNMP: Denial of Service + + A Denial of Service vulnerability has been discovered in Net-SNMP when + processing GETBULK requests. + + net-snmp + November 20, 2007 + November 20, 2007: 01 + 198346 + remote + + + 5.4.1-r1 + 5.4.1-r1 + + + +

+ Net-SNMP is a collection of tools for generating and retrieving SNMP + data. +

+ + +

+ The SNMP agent (snmpd) does not properly handle GETBULK requests with + an overly large "max-repetitions" field. +

+ + +

+ A remote unauthenticated attacker could send a specially crafted SNMP + request to the vulnerable application, possibly resulting in a high CPU + and memory consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Net-SNMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.1-r1" + + + CVE-2007-5846 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-32.xml new file mode 100644 index 0000000000..cf680c8389 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-32.xml @@ -0,0 +1,68 @@ + + + + + Feynmf: Insecure temporary file creation + + A vulnerability has been discovered in Feynmf allowing local users to + overwrite arbitrary files via a symlink attack. + + feynmf + November 20, 2007 + November 20, 2007: 01 + 198231 + local + + + 1.08-r2 + 1.08-r2 + + + +

+ Feynmf is a combined LaTeX and Metafont package for easy drawing of + professional quality Feynman (and maybe other) diagrams. +

+ + +

+ Kevin B. McCarty discovered that the feynmf.pl script creates a + temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl", + where $PID is the process ID. +

+ + +

+ A local attacker could create symbolic links in the directory where the + temporary files are written, pointing to a valid file somewhere on the + filesystem that is writable by the user running Feynmf. When Feynmf + writes the temporary file, the target valid file would then be + overwritten with the contents of the Feynmf temporary file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Feynmf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-tex/feynmf-1.08-r2" + + + CVE-2007-5940 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-33.xml new file mode 100644 index 0000000000..a3d5aa28ee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-33.xml @@ -0,0 +1,68 @@ + + + + + nss_ldap: Information disclosure + + A race condition might lead to theft of user credentials or information + disclosure in services using nss_ldap. + + nss_ldap + November 25, 2007 + November 25, 2007: 01 + 198390 + remote + + + 258 + 258 + + + +

+ nss_ldap is a Name Service Switch module which allows 'passwd', 'group' + and 'host' database information to be pulled from LDAP. +

+ + +

+ Josh Burley reported that nss_ldap does not properly handle the LDAP + connections due to a race condition that can be triggered by + multi-threaded applications using nss_ldap, which might lead to + requested data being returned to a wrong process. +

+ + +

+ Remote attackers could exploit this race condition by sending queries + to a vulnerable server using nss_ldap, possibly leading to theft of + user credentials or information disclosure (e.g. Dovecot returning + wrong mailbox contents). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All nss_ldap users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/nss_ldap-258" + + + CVE-2007-5794 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-34.xml new file mode 100644 index 0000000000..6703b4611f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200711-34.xml @@ -0,0 +1,72 @@ + + + + + CSTeX: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in CSTeX, possibly allowing to + execute arbitrary code or overwrite arbitrary files. + + cstetex + November 25, 2007 + November 25, 2007: 01 + 196673 + remote + + + 2.0.2-r2 + + + +

+ CSTeX is a TeX distribution with Czech and Slovak support. It is used + for creating and manipulating LaTeX documents. +

+ + +

+ Multiple issues were found in the teTeX 2 codebase that CSTeX builds + upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable + code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, + GLSA 200711-22) and from T1Lib (GLSA 200710-12). +

+ + +

+ Remote attackers could possibly execute arbitrary code and local + attackers could possibly overwrite arbitrary files with the privileges + of the user running CSTeX via multiple vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ CSTeX is not maintained upstream, so the package was masked in Portage. + We recommend that users unmerge CSTeX: +

+ + # emerge --unmerge app-text/cstetex +

+ As an alternative, users should upgrade their systems to use teTeX or + TeX Live with its Babel packages. +

+ + + GLSA 200708-05 + GLSA 200709-12 + GLSA 200709-17 + GLSA 200710-12 + GLSA 200711-22 + GLSA 200711-26 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-01.xml new file mode 100644 index 0000000000..db52f0f786 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-01.xml @@ -0,0 +1,62 @@ + + + + + Hugin: Insecure temporary file creation + + A vulnerability has been discovered in Hugin, potentially allowing for a + Denial of Service. + + hugin + December 05, 2007 + December 05, 2007: 01 + 195996 + local + + + 0.6.1-r1 + 0.7_beta4-r1 + 0.7_beta4-r1 + + + +

+ Hugin is a GUI for creating and processing panoramic images. +

+ + +

+ Suse Linux reported that Hugin creates the + "hugin_debug_optim_results.txt" temporary file in an insecure manner. +

+ + +

+ A local attacker could exploit this vulnerability with a symlink + attack, potentially overwriting an arbitrary file with the privileges + of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Hugin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/hugin-0.6.1-r1" + + + CVE-2007-5200 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-02.xml new file mode 100644 index 0000000000..c9d53ae859 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-02.xml @@ -0,0 +1,65 @@ + + + + + Cacti: SQL injection + + An SQL injection vulnerability has been discovered in Cacti. + + cacti + December 05, 2007 + December 05, 2007: 02 + 199509 + remote + + + 0.8.6j-r7 + 0.8.7a + 0.8.7a + + + +

+ Cacti is a complete web-based frontend to rrdtool. +

+ + +

+ It has been reported that the "local_graph_id" variable used in the + file graph.php is not properly sanitized before being processed in an + SQL statement. +

+ + +

+ A remote attacker could send a specially crafted request to the + vulnerable host, possibly resulting in the execution of arbitrary SQL + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cacti users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6j-r7" + + + CVE-2007-6035 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-03.xml new file mode 100644 index 0000000000..d0b0835b34 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-03.xml @@ -0,0 +1,77 @@ + + + + + GNU Emacs: Multiple vulnerabilities + + Two vulnerabilities were found in GNU Emacs possibly leading to the + execution of arbitrary code. + + emacs + December 09, 2007 + December 09, 2007: 01 + 197958 + 200297 + remote + + + 22.1-r3 + 21.4-r14 + 19 + 22.1-r3 + + + +

+ GNU Emacs is a highly extensible and customizable text editor. +

+ + +

+ Drake Wilson reported that the hack-local-variables() function in GNU + Emacs 22 does not properly match assignments of local variables in a + file against a list of unsafe or risky variables, allowing to override + them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based + buffer overflow in the format function when handling values with high + precision (CVE-2007-6109). +

+ + +

+ Remote attackers could entice a user to open a specially crafted file + in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp + code (via CVE-2007-5795) or arbitrary code (via CVE-2007-6109) with the + privileges of the user running GNU Emacs. +

+ + +

+ The first vulnerability can be worked around by setting the + "enable-local-variables" option to "nil", disabling the processing of + local variable lists. GNU Emacs prior to version 22 is not affected by + this vulnerability. There is no known workaround for the second + vulnerability at this time. +

+ + +

+ All GNU Emacs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-22.1-r3" + + + CVE-2007-5795 + CVE-2007-6109 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-04.xml new file mode 100644 index 0000000000..ada35c085f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-04.xml @@ -0,0 +1,67 @@ + + + + + Cairo: User-assisted execution of arbitrary code + + Multiple integer overflows were discovered in Cairo, possibly leading to + the execution of arbitrary code. + + cairo + December 09, 2007 + December 09, 2007: 01 + 200350 + remote + + + 1.4.12 + 1.4.12 + + + +

+ Cairo is a 2D vector graphics library with cross-device output support. +

+ + +

+ Multiple integer overflows were reported, one of which Peter Valchev + (Google Security) found to be leading to a heap-based buffer overflow + in the cairo_image_surface_create_from_png() function that processes + PNG images. +

+ + +

+ A remote attacker could entice a user to view or process a specially + crafted PNG image file in an application linked against Cairo, possibly + leading to the execution of arbitrary code with the privileges of the + user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cairo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.4.12" + + + CVE-2007-5503 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-05.xml new file mode 100644 index 0000000000..b5c582d5a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-05.xml @@ -0,0 +1,68 @@ + + + + + PEAR::MDB2: Information disclosure + + A vulnerability when handling database input in PEAR::MDB2 allows remote + attackers to obtain sensitive information. + + PEAR-MDB2 + December 09, 2007 + December 09, 2007: 01 + 198446 + remote + + + 2.5.0_alpha1 + 2.5.0_alpha1 + + + +

+ PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a + common API for all supported relational database management systems. A + LOB ("large object") is a database field holding binary data. +

+ + +

+ priyadi discovered that the request to store a URL string as a LOB is + treated as a request to retrieve and store the contents of the URL. +

+ + +

+ If an application using PEAR::MDB2 allows input of LOB values via a web + form, remote attackers could use the application as an indirect proxy + or obtain sensitive information, including "file://" URLs local to the + web server. +

+ + +

+ As a workaround, manually filter input before storing it as a LOB in + PEAR::MDB2. +

+ + +

+ All PEAR::MDB2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-MDB2-2.5.0_alpha1" + + + CVE-2007-5934 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-06.xml new file mode 100644 index 0000000000..b33f311ba3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-06.xml @@ -0,0 +1,66 @@ + + + + + Firebird: Multiple buffer overflows + + Multiple stack-based buffer overflows were discovered in Firebird. + + firebird + December 09, 2007 + December 09, 2007: 01 + 195569 + remote + + + 2.0.3.12981.0-r2 + 2.0.3.12981.0-r2 + + + +

+ Firebird is a multi-platfrom, open source relational database. +

+ + +

+ Adriano Lima and Ramon de Carvalho Valle reported that functions + isc_attach_database() and isc_create_database() do not perform proper + boundary checking when processing their input. +

+ + +

+ A remote attacker could send specially crafted requests to the Firebird + server on TCP port 3050, possibly resulting in the execution of + arbitrary code with the privileges of the user running Firebird + (usually firebird). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Firebird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.3.12981.0-r2" + + + CVE-2007-4992 + CVE-2007-5246 + + + rbu + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-07.xml new file mode 100644 index 0000000000..2aa7dee42c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-07.xml @@ -0,0 +1,63 @@ + + + + + Lookup: Insecure temporary file creation + + Lookup uses temporary files in an insecure manner, allowing for a symlink + attack. + + lookup + December 09, 2007 + December 09, 2007: 01 + 197306 + local + + + 1.4.1 + 1.4.1 + + + +

+ Lookup is a search interface to books and dictionnaries for Emacs. +

+ + +

+ Tatsuya Kinoshita reported that the ndeb-binary function does not + handle temporay files correctly. +

+ + +

+ A local attacker could use a symlink attack to overwrite files with the + privileges of the user running Lookup. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Lookup users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emacs/lookup-1.4.1" + + + CVE-2007-0237 + + + p-y + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-08.xml new file mode 100644 index 0000000000..6206cd3f05 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-08.xml @@ -0,0 +1,69 @@ + + + + + AMD64 x86 emulation Qt library: Multiple vulnerabilities + + Multiple vulnerabilities in the AMD64 x86 emulation Qt library may lead to + the remote execution of arbitrary code in Qt applications. + + emul-linux-x86-qtlibs + December 09, 2007 + December 09, 2007: 01 + 189536 + remote + + + 20071114-r2 + 20071114-r2 + + + +

+ Qt is a cross-platform GUI framework, which is used e.g. by KDE. The + AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86 + emulation on AMD64. +

+ + +

+ The Qt versions used by the AMD64 x86 emulation Qt libraries were + vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28) +

+ + +

+ An attacker could trigger one of the vulnerabilities by causing a Qt + application to parse specially crafted text or Unicode strings, which + may lead to the execution of arbitrary code with the privileges of the + user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AMD64 x86 emulation Qt library users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-qtlibs-20071114-r2" + + + GLSA 200708-16 + GLSA 200710-28 + + + rbu + + + welp + + + welp + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-09.xml new file mode 100644 index 0000000000..4d28d095c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-09.xml @@ -0,0 +1,67 @@ + + + + + Ruby-GNOME2: Format string error + + A format string error has been discovered in Ruby-GNOME2, possibly leading + to the execution of arbitrary code. + + ruby-gtk2 + December 09, 2007 + December 09, 2007: 01 + 200623 + remote + + + 0.16.0-r2 + 0.16.0-r2 + + + +

+ Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby + programming language. +

+ + +

+ Chris Rohlf discovered that the "Gtk::MessageDialog.new()" method in + the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the + "message" parameter before passing it to the gtk_message_dialog_new() + function. +

+ + +

+ A remote attacker could send a specially crafted string to an + application using Ruby-GNOME2, possibly leading to the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby-GNOME2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/ruby-gtk2-0.16.0-r2" + + + CVE-2007-6183 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-10.xml new file mode 100644 index 0000000000..3143629af0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-10.xml @@ -0,0 +1,65 @@ + + + + + Samba: Execution of arbitrary code + + Samba contains a buffer overflow vulnerability potentially resulting in the + execution of arbitrary code. + + samba + December 10, 2007 + December 10, 2007: 01 + 200773 + remote + + + 3.0.28 + 3.0.28 + + + +

+ Samba is a suite of SMB and CIFS client/server programs for UNIX. +

+ + +

+ Alin Rad Pop (Secunia Research) discovered a boundary checking error in + the send_mailslot() function which could lead to a stack-based buffer + overflow. +

+ + +

+ A remote attacker could send a specially crafted "SAMLOGON" domain + logon packet, possibly leading to the execution of arbitrary code with + elevated privileges. Note that this vulnerability is exploitable only + when domain logon support is enabled in Samba, which is not the case in + Gentoo's default configuration. +

+ + +

+ Disable domain logon in Samba by setting "domain logons = no" in + the "global" section of your smb.conf and restart Samba. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.28" + + + CVE-2007-6015 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-11.xml new file mode 100644 index 0000000000..0406eca4ba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-11.xml @@ -0,0 +1,64 @@ + + + + + Portage: Information disclosure + + Portage may disclose sensitive information when updating configuration + files. + + portage + December 13, 2007 + December 13, 2007: 01 + 193589 + local + + + 2.1.3.11 + 2.1.3.11 + + + +

+ Portage is the default Gentoo package management system. +

+ + +

+ Mike Frysinger reported that the "etc-update" utility uses temporary + files with the standard umask, which results in the files being + world-readable when merging configuration files in a default setup. +

+ + +

+ A local attacker could access sensitive information when configuration + files are being merged. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Portage users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.3.11" + + + CVE-2007-6249 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-12.xml new file mode 100644 index 0000000000..6bef732829 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-12.xml @@ -0,0 +1,63 @@ + + + + + IRC Services: Denial of Service + + A Denial of Service vulnerability has been reported in IRC Services. + + ircservices + December 13, 2007 + December 13, 2007: 01 + 199897 + remote + + + 5.0.63 + 5.0.63 + + + +

+ IRC Services is a system of services to be used with Internet Relay + Chat networks. +

+ + +

+ loverboy reported that the "default_encrypt()" function in file + encrypt.c does not properly handle overly long passwords. +

+ + +

+ A remote attacker could provide an overly long password to the + vulnerable server, resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IRC Services users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/ircservices-5.0.63" + + + CVE-2007-6122 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-13.xml new file mode 100644 index 0000000000..b442aaf2ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-13.xml @@ -0,0 +1,69 @@ + + + + + E2fsprogs: Multiple buffer overflows + + Multiple heap-based buffer overflows in E2fsprogs could result in the + execution of arbitrary code. + + e2fsprogs + December 18, 2007 + December 18, 2007: 01 + 201546 + remote + + + 1.40.3 + 1.40.3 + + + +

+ E2fsprogs provides utilities for use with the ext2 and ext3 file + systems including the libext2fs library that allows user-level programs + to manipulate an ext2 or ext3 file system. +

+ + +

+ Rafal Wojtczuk (McAfee AVERT Research) discovered multiple integer + overflows in libext2fs, that are triggered when processing information + from within the file system, resulting in heap-based buffer overflows. +

+ + +

+ An attacker could entice a user to process a specially-crafted ext2 or + ext3 file system image (with tools linking against libext2fs, e.g. + fsck, forensic tools or Xen's pygrub), possibly resulting in the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All E2fsprogs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/e2fsprogs-1.40.3" + + + CVE-2007-5497 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-14.xml new file mode 100644 index 0000000000..6003adeff5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-14.xml @@ -0,0 +1,90 @@ + + + + + CUPS: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in CUPS, allowing for the + remote execution of arbitrary code and a Denial of Service. + + cups + December 18, 2007 + December 18, 2007: 01 + 199195 + 201042 + 201570 + remote + + + 1.2.12-r4 + 1.3.5 + 1.3.5 + + + +

+ CUPS provides a portable printing layer for UNIX-based operating + systems. The alternate pdftops filter is a CUPS filter used to convert + PDF files to the Postscript format via Poppler; the filter is installed + by default in Gentoo Linux. +

+ + +

+ Wei Wang (McAfee AVERT Research) discovered an integer underflow in the + asn1_get_string() function of the SNMP backend, leading to a + stack-based buffer overflow when handling SNMP responses + (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate + pdftops filter creates temporary files with predictable file names when + reading from standard input (CVE-2007-6358). Furthermore, the + resolution of a Denial of Service vulnerability covered in GLSA + 200703-28 introduced another Denial of Service vulnerability within SSL + handling (CVE-2007-4045). +

+ + +

+ A remote attacker on the local network could exploit the first + vulnerability to execute arbitrary code with elevated privileges by + sending specially crafted SNMP messages as a response to an SNMP + broadcast request. A local attacker could exploit the second + vulnerability to overwrite arbitrary files with the privileges of the + user running the CUPS spooler (usually lp) by using symlink attacks. A + remote attacker could cause a Denial of Service condition via the third + vulnerability when SSL is enabled in CUPS. +

+ + +

+ To disable SNMP support in CUPS, you have have to manually delete the + file "/usr/libexec/cups/backend/snmp". Please note that the file is + reinstalled if you merge CUPS again later. To disable the pdftops + filter, delete all lines referencing "pdftops" in CUPS' "mime.convs" + configuration file. To work around the third vulnerability, disable SSL + support via the corresponding USE flag. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4" + + + CVE-2007-4045 + CVE-2007-5849 + CVE-2007-6358 + GLSA 200703-28 + + + p-y + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-15.xml new file mode 100644 index 0000000000..027ab8fdb2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-15.xml @@ -0,0 +1,70 @@ + + + + + libexif: Multiple vulnerabilities + + Two vulnerabilities in libexif possibly allow for the execution of + arbitrary code or a Denial of Service. + + libexif + December 29, 2007 + December 29, 2007: 01 + 202350 + remote + + + 0.6.16-r1 + 0.6.16-r1 + + + +

+ libexif is a library for parsing, editing and saving Exif metadata from + images. Exif, the Exchangeable image file format, specifies the + addition of metadata tags to JPEG, TIFF and RIFF files. +

+ + +

+ Meder Kydyraliev (Google Security) discovered an integer overflow + vulnerability in the exif_data_load_data_thumbnail() function leading + to a memory corruption (CVE-2007-6352) and an infinite recursion in the + exif_loader_write() function (CVE-2007-6351). +

+ + +

+ An attacker could entice the user of an application making use of + libexif to load an image file with specially crafted Exif tags, + possibly resulting in the execution of arbitrary code with the + privileges of the user running the application or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libexif users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.16-r1" + + + CVE-2007-6351 + CVE-2007-6352 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-16.xml new file mode 100644 index 0000000000..fc1f54564b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-16.xml @@ -0,0 +1,69 @@ + + + + + Exiv2: Integer overflow + + An integer overflow vulnerability in Exiv2 possibly allows for the + execution of arbitrary code. + + exiv2 + December 29, 2007 + December 29, 2007: 01 + 202351 + remote + + + 0.13-r1 + 0.13-r1 + + + +

+ Exiv2 is a C++ library and set of tools for parsing, editing and saving + Exif and IPTC metadata from images. Exif, the Exchangeable image file + format, specifies the addition of metadata tags to JPEG, TIFF and RIFF + files. +

+ + +

+ Meder Kydyraliev (Google Security) discovered an integer overflow + vulnerability in the JpegThumbnail::setDataArea() method leading to a + heap-based buffer overflow. +

+ + +

+ An attacker could entice the user of an application making use of Exiv2 + or an application included in Exiv2 to load an image file with + specially crafted Exif tags, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Exiv2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.13-r1" + + + CVE-2007-6353 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-17.xml new file mode 100644 index 0000000000..a9bd3aebda --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-17.xml @@ -0,0 +1,74 @@ + + + + + exiftags: Multiple vulnerabilities + + Multiple vulnerabilities in exiftags possibly allow for the execution of + arbitrary code or a Denial of Service. + + exiftags + December 29, 2007 + December 29, 2007: 01 + 202354 + remote + + + 1.01 + 1.01 + + + +

+ exiftags is a library and set of tools for parsing, editing and saving + Exif metadata from images. Exif, the Exchangeable image file format, + specifies the addition of metadata tags to JPEG, TIFF and RIFF files. +

+ + +

+ Meder Kydyraliev (Google Security) discovered that Exif metadata is not + properly sanitized before being processed, resulting in illegal memory + access in the postprop() and other functions (CVE-2007-6354). He also + discovered integer overflow vulnerabilities in the parsetag() and other + functions (CVE-2007-6355) and an infinite recursion in the readifds() + function caused by recursive IFD references (CVE-2007-6356). +

+ + +

+ An attacker could entice the user of an application making use of + exiftags or an application included in exiftags to load an image file + with specially crafted Exif tags, possibly resulting in the execution + of arbitrary code with the privileges of the user running the + application or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All exiftags users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/exiftags-1.01" + + + CVE-2007-6354 + CVE-2007-6355 + CVE-2007-6356 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-18.xml new file mode 100644 index 0000000000..846e16c9bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-18.xml @@ -0,0 +1,74 @@ + + + + + Multi-Threaded DAAP Daemon: Multiple vulnerabilities + + Multiple vulnerabilities in the web server in the Multi-Threaded DAAP + Daemon may lead to the remote execution of arbitrary code. + + mt-daapd + December 29, 2007 + December 29, 2007: 01 + 200110 + remote + + + 0.2.4.1 + 0.2.4.1 + + + +

+ Multi-Threaded DAAP Daemon (mt-daapd), also known as the Firefly Media + Server, is a software to serve digital music to the Roku Soundbridge + and Apple's iTunes. +

+ + +

+ nnp discovered multiple vulnerabilities in the XML-RPC handler in the + file webserver.c. The ws_addarg() function contains a format string + vulnerability, as it does not properly sanitize username and password + data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). + The ws_decodepassword() and ws_getheaders() functions do not correctly + handle empty Authorization header lines, or header lines without a ':' + character, leading to NULL pointer dereferences (CVE-2007-5824). +

+ + +

+ A remote attacker could send specially crafted HTTP requests to the web + server in the Multi-Threaded DAAP Daemon, possibly leading to the + execution of arbitrary code with the privileges of the user running the + web server or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Multi-Threaded DAAP Daemon users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mt-daapd-0.2.4.1" + + + CVE-2007-5824 + CVE-2007-5825 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-19.xml new file mode 100644 index 0000000000..aa22f6b5f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-19.xml @@ -0,0 +1,63 @@ + + + + + Syslog-ng: Denial of Service + + A Denial of Service vulnerability has been discovered in Syslog-ng. + + syslog-ng + December 29, 2007 + December 29, 2007: 01 + 202718 + remote + + + 2.0.6 + 2.0.6 + + + +

+ Syslog-ng is a flexible and scalable system logger. +

+ + +

+ Oriol Carreras reported a NULL pointer dereference in the + log_msg_parse() function when processing timestamps without a + terminating whitespace character. +

+ + +

+ A remote attacker could send a specially crafted event to a vulnerable + Syslog-ng server, resulting in a crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Syslog-ng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-2.0.6" + + + CVE-2007-6437 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-20.xml new file mode 100644 index 0000000000..7b5a9cfc11 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-20.xml @@ -0,0 +1,70 @@ + + + + + ClamAV: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in ClamAV allowing remote + execution of arbitrary code and Denial of Service attacks. + + clamav + December 29, 2007 + December 29, 2007: 01 + 202762 + remote + + + 0.91.2-r1 + 0.91.2-r1 + + + +

+ Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +

+ + +

+ iDefense reported an integer overflow vulnerability in the cli_scanpe() + function when parsing Portable Executable (PE) files packed in the MEW + format, that could be exploited to cause a heap-based buffer overflow + (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when + decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An + unspecified vulnerability related to the bzip2 decompression algorithm + has also been discovered (CVE-2007-6337). +

+ + +

+ A remote attacker could entice a user or automated system to scan a + specially crafted file, possibly leading to the execution of arbitrary + code with the privileges of the user running ClamAV (either a system + user or the "clamav" user if clamd is compromised). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91.2-r1" + + + CVE-2007-6335 + CVE-2007-6336 + CVE-2007-6337 + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-21.xml new file mode 100644 index 0000000000..a7155b16c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-21.xml @@ -0,0 +1,102 @@ + + + + + Mozilla Firefox, SeaMonkey: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Mozilla Firefox and + Mozilla Seamonkey. + + firefox seamonkey + December 29, 2007 + December 29, 2007: 01 + 198965 + 200909 + remote + + + 2.0.0.11 + 2.0.0.11 + + + 2.0.0.11 + 2.0.0.11 + + + 1.1.7 + 1.1.7 + + + 1.1.7 + 1.1.7 + + + +

+ Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey + is a free, cross-platform Internet suite. +

+ + +

+ Jesse Ruderman and Petko D. Petkov reported that the jar protocol + handler in Mozilla Firefox and Seamonkey does not properly check MIME + types (CVE-2007-5947). Gregory Fleischer reported that the + window.location property can be used to generate a fake HTTP Referer + (CVE-2007-5960). Multiple memory errors have also been reported + (CVE-2007-5959). +

+ + +

+ A remote attacker could possibly exploit these vulnerabilities to + execute arbitrary code in the context of the browser and conduct + Cross-Site-Scripting or Cross-Site Request Forgery attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.11" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.11" +

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.7" +

+ All SeaMonkey binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.7" + + + CVE-2007-5947 + CVE-2007-5959 + CVE-2007-5960 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-22.xml new file mode 100644 index 0000000000..b16c748713 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-22.xml @@ -0,0 +1,69 @@ + + + + + Opera: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in Opera, allowing for the + execution of arbitrary code and cross domain scripting. + + opera + December 30, 2007 + December 30, 2007: 01 + 202770 + remote + + + 9.25 + 9.25 + + + +

+ Opera is a fast Web browser that is available free of charge. +

+ + +

+ David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) + and Rich text editing (CVE-2007-6522) could be used to allow cross + domain scripting. Alexander Klink (Cynops GmbH) discovered an issue + with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that + bitmaps might reveal random data from memory (CVE-2007-6524). +

+ + +

+ A remote attacker could exploit these vulnerabilities, possibly leading + to the execution of arbitrary code and cross domain scripting. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.25" + + + CVE-2007-6520 + CVE-2007-6521 + CVE-2007-6522 + CVE-2007-6524 + + + keytoaster + + + keytoaster + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-23.xml new file mode 100644 index 0000000000..5f4507f80c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-23.xml @@ -0,0 +1,90 @@ + + + + + Wireshark: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Wireshark, allowing for + the remote execution of arbitrary code and a Denial of Service. + + wireshark + December 30, 2007 + December 30, 2007: 01 + 199958 + remote + + + 0.99.7 + 0.99.7 + + + +

+ Wireshark is a network protocol analyzer with a graphical front-end. +

+ + +

+ Multiple buffer overflows and infinite loops were discovered in + multiple dissector and parser components, including those for MP3 and + NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and + iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP + (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP + (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), + Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB + (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), + RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were + discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, + Steve and ainsley. +

+ + +

+ A remote attacker could send specially crafted packets on a network + being monitored with Wireshark or entice a user to open a specially + crafted file, possibly resulting in the execution of arbitrary code + with the privileges of the user running Wireshark (which might be the + root user), or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.7" + + + CVE-2007-6111 + CVE-2007-6112 + CVE-2007-6113 + CVE-2007-6114 + CVE-2007-6115 + CVE-2007-6116 + CVE-2007-6117 + CVE-2007-6118 + CVE-2007-6119 + CVE-2007-6120 + CVE-2007-6121 + CVE-2007-6438 + CVE-2007-6439 + CVE-2007-6441 + CVE-2007-6450 + CVE-2007-6451 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-24.xml new file mode 100644 index 0000000000..c6cc13e4a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-24.xml @@ -0,0 +1,69 @@ + + + + + AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code + + Multiple integer overflow vulnerabilities in the AMD64 x86 emulation GTK+ + libraries may result in the execution of arbitrary code in applications + using Cairo. + + emul-linux-x86-gtklibs + December 30, 2007 + December 30, 2007: 01 + 201860 + remote + + + 20071214 + 20071214 + + + +

+ Cairo is a 2D vector graphics library with cross-device output support. + The AMD64 x86 emulation GTK+ library packages Cairo libraries for 32bit + x86 emulation on AMD64. +

+ + +

+ The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were + vulnerable to integer overflow vulnerabilities (GLSA 200712-04). +

+ + +

+ A remote attacker could entice a user to view or process a specially + crafted PNG image file in an application linked against Cairo, possibly + leading to the execution of arbitrary code with the privileges of the + user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All AMD64 x86 emulation GTK+ library users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-gtklibs-20071214" + + + GLSA 200712-04 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-25.xml new file mode 100644 index 0000000000..c2bfd4b948 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200712-25.xml @@ -0,0 +1,87 @@ + + + + + OpenOffice.org: User-assisted arbitrary code execution + + An unspecified vulnerability has been reported in OpenOffice.org, possibly + allowing for the execution of arbitrary code. + + openoffice openoffice-bin hsqldb + December 30, 2007 + December 30, 2007: 01 + 200771 + 201799 + remote + + + 2.3.1 + 2.3.1 + + + 2.3.1 + 2.3.1 + + + 1.8.0.9 + 1.8.0.9 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ The HSQLDB engine, as used in Openoffice.org, does not properly enforce + restrictions to SQL statements. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary Java + code with the privileges of the user running OpenOffice.org. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.3.1" +

+ All OpenOffice.org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.3.1" +

+ All HSQLDB users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/hsqldb-1.8.0.9" + + + CVE-2007-4575 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-01.xml new file mode 100644 index 0000000000..5823d0ea37 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-01.xml @@ -0,0 +1,64 @@ + + + + + unp: Arbitrary command execution + + unp allows execution of arbitrary code via malicious file names. + + remote + January 09, 2008 + January 09, 2008: 01 + 203106 + remote + + + 1.0.14 + 1.0.14 + + + +

+ unp is a script for unpacking various file formats. +

+ + +

+ Erich Schubert from Debian discovered that unp does not escape file + names properly before passing them to calls of the shell. +

+ + +

+ A remote attacker could entice a user or automated system to unpack a + compressed archive with a specially crafted file name, leading to the + execution of shell commands from within the filename. That code will be + executed with the privileges of the user running unp. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All unp users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unp-1.0.14" + + + CVE-2007-6610 + + + rbu + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-02.xml new file mode 100644 index 0000000000..a3004f0b4c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-02.xml @@ -0,0 +1,67 @@ + + + + + R: Multiple vulnerabilities + + Multiple vulnerabilities in R could result in the execution of arbitrary + code. + + R + January 09, 2008 + January 09, 2008: 02 + 198976 + remote + + + 2.2.1-r1 + 2.2.1-r1 + + + +

+ R is a GPL licensed implementation of S, a language and environment for + statistical computing and graphics. PCRE is a library providing + functions for Perl-compatible regular expressions. +

+ + +

+ R includes a copy of PCRE which is vulnerable to multiple buffer + overflows and memory corruptions vulnerabilities (GLSA 200711-30). +

+ + +

+ An attacker could entice a user to process specially crafted regular + expressions with R, which could possibly lead to the execution of + arbitrary code, a Denial of Service or the disclosure of sensitive + information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All R users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/R-2.2.1-r1" + + + GLSA 200711-30 + + + rbu + + + rbu + + + py2 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-03.xml new file mode 100644 index 0000000000..591c70a417 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-03.xml @@ -0,0 +1,65 @@ + + + + + Claws Mail: Insecure temporary file creation + + Claws Mail uses temporary files in an insecure manner, allowing for a + symlink attack. + + claws-mail + January 09, 2008 + January 09, 2008: 01 + 201244 + local + + + 3.0.2-r1 + 3.0.2-r1 + + + +

+ Claws Mail is a GTK based e-mail client. +

+ + +

+ Nico Golde from Debian reported that the sylprint.pl script that is + part of the Claws Mail tools creates temporary files in an insecure + manner. +

+ + +

+ A local attacker could exploit this vulnerability to conduct symlink + attacks to overwrite files with the privileges of the user running + Claws Mail. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Claws Mail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.0.2-r1" + + + CVE-2007-6208 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-04.xml new file mode 100644 index 0000000000..e92999a74c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-04.xml @@ -0,0 +1,63 @@ + + + + + OpenAFS: Denial of Service + + A Denial of Service vulnerability has been discovered in OpenAFS. + + openafs + January 09, 2008 + January 09, 2008: 01 + 203573 + remote + + + 1.4.6 + 1.4.6 + + + +

+ OpenAFS is a distributed network filesystem. +

+ + +

+ Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a + race condition due to an improper handling of the clients callbacks + lists. +

+ + +

+ A remote attacker could construct cases which trigger the race + condition, resulting in a server crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenAFS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.6" + + + CVE-2007-6599 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-05.xml new file mode 100644 index 0000000000..57cb207420 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-05.xml @@ -0,0 +1,62 @@ + + + + + Squid: Denial of Service + + A Denial of Service vulnerability has been reported in Squid. + + squid + January 09, 2008 + January 09, 2008: 01 + 201209 + remote + + + 2.6.17 + 2.6.17 + + + +

+ Squid is a multi-protocol proxy server. +

+ + +

+ The Wikimedia Foundation reported a memory leak vulnerability when + performing cache updates. +

+ + +

+ A remote attacker could perform numerous specially crafted requests to + the vulnerable server, resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.17" + + + CVE-2007-6239 + + + p-y + + + p-y + + + py2 + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-06.xml new file mode 100644 index 0000000000..140156b289 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-06.xml @@ -0,0 +1,82 @@ + + + + + Xfce: Multiple vulnerabilities + + Multiple vulnerabilities in Xfce might allow user-assisted attackers to + execute arbitrary code. + + xfce4-panel libxfcegui4 + January 09, 2008 + January 10, 2008: 03 + 201292 + 201293 + remote + + + 4.4.2 + 4.4.2 + + + 4.4.2 + 4.4.2 + + + +

+ Xfce is a GTK+ 2 based desktop environment that allows to run a modern + desktop environment on modest hardware. +

+ + +

+ Gregory Andersen reported that the Xfce4 panel does not correctly + calculate memory boundaries, leading to a stack-based buffer overflow + in the launcher_update_panel_entry() function (CVE-2007-6531). Daichi + Kawahata reported libxfcegui4 did not copy provided values when + creating "SessionClient" structs, possibly leading to access of freed + memory areas (CVE-2007-6532). +

+ + +

+ A remote attacker could entice a user to install a specially crafted + "rc" file to execute arbitrary code via long strings in the "Name" and + "Comment" fields or via unspecified vectors involving the second + vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xfce4 panel users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=xfce-base/xfce4-panel-4.4.2" +

+ All libxfcegui4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=xfce-base/libxfcegui4-4.4.2" + + + CVE-2007-6531 + CVE-2007-6532 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-07.xml new file mode 100644 index 0000000000..fdf22396be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-07.xml @@ -0,0 +1,100 @@ + + + + + Adobe Flash Player: Multiple vulnerabilities + + Multiple vulnerabilities have been identified, the worst of which allow + arbitrary code execution on a user's system via a malicious Flash file. + + adobe-flash + January 20, 2008 + May 28, 2009: 03 + 193519 + remote + + + 9.0.115.0 + 9.0.115.0 + + + +

+ The Adobe Flash Player is a renderer for the popular SWF file format, + which is commonly used to provide interactive websites, digital + experiences and mobile content. +

+ + +
    +
  • Flash contains a copy of PCRE which is vulnerable to a heap-based + buffer overflow (GLSA 200711-30, CVE-2007-4768).
    • +
  • Aaron Portnoy reported an unspecified vulnerability related to + input validation (CVE-2007-6242).
    • +
  • Jesse Michael and Thomas Biege reported that Flash does not + correctly set memory permissions (CVE-2007-6246).
    • +
  • Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong + Shao reported that Flash does not pin DNS hostnames to a single IP + addresses, allowing for DNS rebinding attacks (CVE-2007-5275).
    • +
  • David Neu reported an error withing the implementation of the + Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).
    • +
  • Toshiharu Sugiyama reported that Flash does not sufficiently + restrict the interpretation and usage of cross-domain policy files, + allowing for easier cross-site scripting attacks (CVE-2007-6243).
    • +
  • Rich Cannings reported a cross-site scripting vulnerability in the + way the "asfunction:" protocol was handled (CVE-2007-6244).
    • +
  • Toshiharu Sugiyama discovered that Flash allows remote attackers to + modify HTTP headers for client requests and conduct HTTP Request + Splitting attacks (CVE-2007-6245).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted file + (usually in a web browser), possibly leading to the execution of + arbitrary code with the privileges of the user running the Adobe Flash + Player. The attacker could also cause a user's machine to establish TCP + sessions with arbitrary hosts, bypass the Security Sandbox Model, + obtain sensitive information, port scan arbitrary hosts, or conduct + cross-site-scripting attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-9.0.115.0" +

+ Please be advised that unaffected packages of the Adobe Flash Player + have known problems when used from within the Konqueror and Opera + browsers. +

+ + + CVE-2007-4324 + CVE-2007-4768 + CVE-2007-5275 + CVE-2007-6242 + CVE-2007-6243 + CVE-2007-6244 + CVE-2007-6245 + CVE-2007-6246 + GLSA 200711-30 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-08.xml new file mode 100644 index 0000000000..d495abe5c3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-08.xml @@ -0,0 +1,66 @@ + + + + + libcdio: User-assisted execution of arbitrary code + + A buffer overflow vulnerability has been discovered in libcdio. + + libcdio + January 20, 2008 + January 20, 2008: 01 + 203777 + remote + + + 0.78.2-r4 + 0.78.2-r4 + + + +

+ libcdio is a library for accessing CD-ROM and CD images. +

+ + +

+ Devon Miller reported a boundary error in the "print_iso9660_recurse()" + function in files cd-info.c and iso-info.c when processing long + filenames within Joliet images. +

+ + +

+ A remote attacker could entice a user to open a specially crafted ISO + image in the cd-info and iso-info applications, resulting in the + execution of arbitrary code with the privileges of the user running the + application. Applications linking against shared libraries of libcdio + are not affected. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libcdio users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libcdio-0.78.2-r4" + + + CVE-2007-6613 + + + rbu + + + p-y + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-09.xml new file mode 100644 index 0000000000..607731b3a9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-09.xml @@ -0,0 +1,104 @@ + + + + + X.Org X server and Xfont library: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in the X.Org X server and + Xfont library, allowing for a local privilege escalation and arbitrary code + execution. + + xorg-server libXfont + January 20, 2008 + March 05, 2008: 03 + 204362 + 208343 + remote, local + + + 1.3.0.0-r5 + 1.3.0.0-r5 + + + 1.3.1-r1 + 1.3.1-r1 + + + +

+ The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

+ regenrecht reported multiple vulnerabilities in various X server + extension via iDefense: +

+
    +
  • The XFree86-Misc extension does not properly sanitize a parameter + within a PassMessage request, allowing the modification of a function + pointer (CVE-2007-5760).
    • +
  • Multiple functions in the XInput extension do not properly sanitize + client requests for swapping bytes, leading to corruption of heap + memory (CVE-2007-6427).
    • +
  • Integer overflow vulnerabilities in the EVI extension and in the + MIT-SHM extension can lead to buffer overflows (CVE-2007-6429).
    • +
  • The TOG-CUP extension does not sanitize an index value in the + ProcGetReservedColormapEntries() function, leading to arbitrary memory + access (CVE-2007-6428).
    • +
  • A buffer overflow was discovered in the Xfont library when + processing PCF font files (CVE-2008-0006).
    • +
  • The X server does not enforce restrictions when a user specifies a + security policy file and attempts to open it (CVE-2007-5958).
    • +
+ + +

+ Remote attackers could exploit the vulnerability in the Xfont library + by enticing a user to load a specially crafted PCF font file resulting + in the execution of arbitrary code with the privileges of the user + running the X server, typically root. Local attackers could exploit + this and the vulnerabilities in the X.org extensions to gain elevated + privileges. If the X server allows connections from the network, these + vulnerabilities could be exploited remotely. A local attacker could + determine the existence of arbitrary files by exploiting the last + vulnerability or possibly cause a Denial of Service. +

+ + +

+ Workarounds for some of the vulnerabilities can be found in the X.Org + security advisory as listed under References. +

+ + +

+ All X.Org X server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r5" +

+ All X.Org Xfont library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.3.1-r1" + + + CVE-2007-5760 + CVE-2007-5958 + CVE-2007-6427 + CVE-2007-6428 + CVE-2007-6429 + CVE-2008-0006 + X.Org security advisory + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-10.xml new file mode 100644 index 0000000000..36dfca6a3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-10.xml @@ -0,0 +1,79 @@ + + + + + TikiWiki: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in TikiWiki, some of them + having unknown impact. + + tikiwiki + January 23, 2008 + January 23, 2008: 01 + 203265 + remote + + + 1.9.9 + 1.9.9 + + + +

+ TikiWiki is an open source content management system written in PHP. +

+ + +
  • Jesus Olmos Gonzalez from isecauditors reported insufficient + sanitization of the "movies" parameter in file tiki-listmovies.php + (CVE-2007-6528).
    • +
  • Mesut Timur from H-Labs discovered that the + input passed to the "area_name" parameter in file + tiki-special_chars.php is not properly sanitised before being returned + to the user (CVE-2007-6526).
    • +
  • redflo reported multiple + unspecified vulnerabilities in files tiki-edit_css.php, + tiki-list_games.php, and tiki-g-admin_shared_source.php + (CVE-2007-6529).
    • +
+ + +

+ A remote attacker can craft the "movies" parameter to run a directory + traversal attack through a ".." sequence and read the first 1000 bytes + of any arbitrary file, or conduct a cross-site scripting (XSS) attack + through the "area_name" parameter. This attack can be exploited to + execute arbitrary HTML and script code in a user's browser session, + allowing for the theft of browser session data or cookies in the + context of the affected web site. The impacts of the unspecified + vulnerabilities are still unknown. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TikiWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.9" + + + CVE-2007-6526 + CVE-2007-6528 + CVE-2007-6529 + + + jaervosz + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-11.xml new file mode 100644 index 0000000000..bafa715a6d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-11.xml @@ -0,0 +1,74 @@ + + + + + CherryPy: Directory traversal vulnerability + + CherryPy is vulnerable to a directory traversal that could allow attackers + to read and write arbitrary files. + + cherrypy + January 27, 2008 + January 27, 2008: 01 + 204829 + remote + + + 2.2.1-r2 + 3.0.2-r1 + 3.0.2-r1 + + + +

+ CherryPy is a Python-based, object-oriented web development framework. +

+ + +

+ CherryPy does not sanitize the session id, provided as a cookie value, + in the FileSession._get_file_path() function before using it as part of + the file name. +

+ + +

+ A remote attacker could exploit this vulnerability to read and possibly + write arbitrary files on the web server, or to hijack valid sessions, + by providing a specially crafted session id. This only affects + applications using file-based sessions. +

+ + +

+ Disable the "FileSession" functionality by using "PostgresqlSession" or + "RamSession" session management in your CherryPy application. +

+ + +

+ All CherryPy 2.2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-2.2.1-r2" +

+ All CherryPy 3.0 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-3.0.2-r1" + + + CVE-2008-0252 + + + rbu + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-12.xml new file mode 100644 index 0000000000..2dc7876689 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-12.xml @@ -0,0 +1,67 @@ + + + + + xine-lib: User-assisted execution of arbitrary code + + xine-lib is vulnerable to multiple heap-based buffer overflows when + processing RTSP streams. + + xine-lib + January 27, 2008 + January 27, 2008: 01 + 205197 + remote + + + 1.1.9.1 + 1.1.9.1 + + + +

+ xine-lib is the core library package for the xine media player. +

+ + +

+ Luigi Auriemma reported that xine-lib does not properly check + boundaries when processing SDP attributes of RTSP streams, leading to + heap-based buffer overflows. +

+ + +

+ An attacker could entice a user to play specially crafted RTSP video + streams with a player using xine-lib, potentially resulting in the + execution of arbitrary code with the privileges of the user running the + player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.9.1" + + + CVE-2008-0225 + CVE-2008-0238 + + + jaervosz + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-13.xml new file mode 100644 index 0000000000..31a95b20e1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-13.xml @@ -0,0 +1,64 @@ + + + + + ngIRCd: Denial of Service + + ngIRCd does not properly sanitize commands sent by users, allowing for a + Denial of Service. + + ngircd + January 27, 2008 + January 27, 2008: 02 + 204834 + remote + + + 0.10.4 + 0.10.4 + + + +

+ ngIRCd is a free open source daemon for Internet Relay Chat (IRC). +

+ + +

+ The IRC_PART() function in the file irc-channel.c does not properly + check the number of parameters, referencing an invalid pointer if no + channel is supplied. +

+ + +

+ A remote attacker can exploit this vulnerability to crash the ngIRCd + daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ngIRCd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/ngircd-0.10.4" + + + CVE-2008-0285 + + + jaervosz + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-14.xml new file mode 100644 index 0000000000..4a12d03edd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-14.xml @@ -0,0 +1,64 @@ + + + + + Blam: User-assisted execution of arbitrary code + + Blam doesn't properly handle environment variables, potentially allowing a + local attacker to execute arbitrary code. + + blam + January 27, 2008 + January 27, 2008: 01 + 199841 + local + + + 1.8.4 + 1.8.4 + + + +

+ Blam is an RSS and Atom feed reader for GNOME written in C#. +

+ + +

+ The "/usr/bin/blam" script sets the "LD_LIBRARY_PATH" environment + variable incorrectly, which might result in the current working + directory (.) being included when searching for dynamically linked + libraries of the Mono Runtime application. +

+ + +

+ A local attacker could entice a user to run Blam in a directory + containing a specially crafted library file which could result in the + execution of arbitrary code with the privileges of the user running + Blam. +

+ + +

+ Do not run Blam from an untrusted working directory. +

+ + +

+ All Blam users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-news/blam-1.8.4" + + + CVE-2005-4790 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-15.xml new file mode 100644 index 0000000000..bc2c31abba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-15.xml @@ -0,0 +1,82 @@ + + + + + PostgreSQL: Multiple vulnerabilities + + PostgreSQL contains multiple vulnerabilities that could result in privilege + escalation or a Denial of Service. + + postgresql + January 29, 2008 + January 29, 2008: 01 + 204760 + remote + + + 8.0.15 + 7.4.19 + 7.3.21 + 8.0.15 + + + +

+ PostgreSQL is an open source object-relational database management + system. +

+ + +

+ If using the "expression indexes" feature, PostgreSQL executes index + functions as the superuser during VACUUM and ANALYZE instead of the + table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the + index functions (CVE-2007-6600). Additionally, several errors involving + regular expressions were found (CVE-2007-4769, CVE-2007-4772, + CVE-2007-6067). Eventually, a privilege escalation vulnerability via + unspecified vectors in the DBLink module was reported (CVE-2007-6601). + This vulnerability is exploitable when local trust or ident + authentication is used, and is due to an incomplete fix of + CVE-2007-3278. +

+ + +

+ A remote authenticated attacker could send specially crafted queries + containing complex regular expressions to the server that could result + in a Denial of Service by a server crash (CVE-2007-4769), an infinite + loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two + other vulnerabilities can be exploited to gain additional privileges. +

+ + +

+ There is no known workaround for all these issues at this time. +

+ + +

+ All PostgreSQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "dev-db/postgresql" + + + CVE-2007-3278 + CVE-2007-4769 + CVE-2007-4772 + CVE-2007-6067 + CVE-2007-6600 + CVE-2007-6601 + + + rbu + + + rbu + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-16.xml new file mode 100644 index 0000000000..75f2cd232a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-16.xml @@ -0,0 +1,65 @@ + + + + + MaraDNS: CNAME Denial of Service + + MaraDNS is prone to a Denial of Service vulnerability impacting CNAME + resolution. + + maradns + January 29, 2008 + January 29, 2008: 01 + 204351 + remote + + + 1.2.12.08 + 1.2.12.08 + + + +

+ MaraDNS is a package that implements the Domain Name Service (DNS) with + resolver and caching ability. +

+ + +

+ Michael Krieger reported that a specially crafted DNS could prevent an + authoritative canonical name (CNAME) record from being resolved because + of an "improper rotation of resource records". +

+ + +

+ A remote attacker could send specially crafted DNS packets to a + vulnerable server, making it unable to resolve CNAME records. +

+ + +

+ Add "max_ar_chain = 2" to the "marac" configuration file. +

+ + +

+ All MaraDNS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/maradns-1.2.12.09" + + + CVE-2008-0061 + + + rbu + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-17.xml new file mode 100644 index 0000000000..b32c4a3d63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-17.xml @@ -0,0 +1,64 @@ + + + + + Netkit FTP Server: Denial of Service + + Netkit FTP Server contains a Denial of Service vulnerability. + + netkit-ftpd + January 29, 2008 + January 29, 2008: 01 + 199206 + remote + + + 0.17-r7 + 0.17-r7 + + + +

+ net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL + support. +

+ + +

+ Venustech AD-LAB discovered that an FTP client connected to a + vulnerable server with passive mode and SSL support can trigger an + fclose() function call on an uninitialized stream in ftpd.c. +

+ + +

+ A remote attacker can send specially crafted FTP data to a server with + passive mode and SSL support, causing the ftpd daemon to crash. +

+ + +

+ Disable passive mode or SSL. +

+ + +

+ All Netkit FTP Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r7" + + + CVE-2007-6263 + + + rbu + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-18.xml new file mode 100644 index 0000000000..cb08d8d00e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-18.xml @@ -0,0 +1,66 @@ + + + + + Kazehakase: Multiple vulnerabilities + + Multiple vulnerabilities in Kazehakase could result in the execution of + arbitrary code. + + kazehakase + January 30, 2008 + January 30, 2008: 01 + 198983 + remote + + + 0.5.0 + 0.5.0 + + + +

+ Kazehakase is a web browser based on the Gecko engine. +

+ + +

+ Kazehakase includes a copy of PCRE which is vulnerable to multiple + buffer overflows and memory corruptions vulnerabilities (GLSA + 200711-30). +

+ + +

+ A remote attacker could entice a user to open specially crafted input + (e.g bookmarks) with Kazehakase, which could possibly lead to the + execution of arbitrary code, a Denial of Service or the disclosure of + sensitive information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Kazehakase users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/kazehakase-0.5.0" + + + GLSA-200711-30 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-19.xml new file mode 100644 index 0000000000..077ea6d462 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-19.xml @@ -0,0 +1,72 @@ + + + + + GOffice: Multiple vulnerabilities + + Multiple vulnerabilities in GOffice could result in the execution of + arbitrary code. + + goffice + January 30, 2008 + January 30, 2008: 01 + 198385 + remote + + + 0.6.1 + 0.4.3 + 0.6.1 + + + +

+ GOffice is a library of document-centric objects and utilities based on + GTK. +

+ + +

+ GOffice includes a copy of PCRE which is vulnerable to multiple buffer + overflows and memory corruptions vulnerabilities (GLSA 200711-30). +

+ + +

+ An attacker could entice a user to open specially crafted documents + with GOffice, which could possibly lead to the execution of arbitrary + code, a Denial of Service or the disclosure of sensitive information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GOffice 0.4.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/goffice-0.4.3" +

+ All GOffice 0.6.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/goffice-0.6.1" + + + GLSA-200711-30 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-20.xml new file mode 100644 index 0000000000..2c8fd240cd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-20.xml @@ -0,0 +1,66 @@ + + + + + libxml2: Denial of Service + + A Denial of Service vulnerability has been reported in libxml2. + + libxml2 + January 30, 2008 + January 30, 2008: 01 + 202628 + remote + + + 2.6.30-r1 + 2.6.30-r1 + + + +

+ libxml2 is the XML (eXtended Markup Language) C parser and toolkit + initially developed for the Gnome project. +

+ + +

+ Brad Fitzpatrick reported that the xmlCurrentChar() function does not + properly handle some UTF-8 multibyte encodings. +

+ + +

+ A remote attacker could entice a user to open a specially crafted XML + document with an application using libxml2, possibly resulting in a + high CPU consumption. Note that this vulnerability could also be + triggered without user interaction by an automated system processing + XML content. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libxml2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.6.30-r1" + + + CVE-2007-6284 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-21.xml new file mode 100644 index 0000000000..1325319f7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-21.xml @@ -0,0 +1,66 @@ + + + + + Xdg-Utils: Arbitrary command execution + + A vulnerability has been discovered in Xdg-Utils, allowing for the remote + execution of arbitrary commands. + + xdg-utils + January 30, 2008 + January 30, 2008: 01 + 207331 + remote + + + 1.0.2-r1 + 1.0.2-r1 + + + +

+ Xdg-Utils is a set of tools allowing all applications to easily + integrate with the Free Desktop configuration. +

+ + +

+ Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell + scripts do not properly sanitize their input before processing it. +

+ + +

+ A remote attacker could entice a user to open a specially crafted link + with a vulnerable application using Xdg-Utils (e.g. an email client), + resulting in the execution of arbitrary code with the privileges of the + user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xdg-Utils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/xdg-utils-1.0.2-r1" + + + CVE-2008-0386 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-22.xml new file mode 100644 index 0000000000..948fb6b10e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200801-22.xml @@ -0,0 +1,64 @@ + + + + + PeerCast: Buffer overflow + + A buffer overflow vulnerability has been discovered in PeerCast. + + peercast + January 30, 2008 + January 30, 2008: 02 + 202747 + remote + + + 0.1218 + 0.1218 + + + +

+ PeerCast is a client and server for P2P-radio network +

+ + +

+ Luigi Auriemma reported a heap-based buffer overflow within the + "handshakeHTTP()" function when processing HTTP requests. +

+ + +

+ A remote attacker could send a specially crafted request to the + vulnerable server, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the PeerCast + server, usually "nobody". +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PeerCast users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1218" + + + CVE-2007-6454 + + + p-y + + + p-y + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-01.xml new file mode 100644 index 0000000000..c66baec258 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-01.xml @@ -0,0 +1,70 @@ + + + + + SDL_image: Two buffer overflow vulnerabilities + + Two boundary errors have been identified in SDL_image allowing for the + remote execution of arbitrary code or the crash of the application using + the library. + + sdl-image + February 06, 2008 + February 06, 2008: 01 + 207933 + remote + + + 1.2.6-r1 + 1.2.6-r1 + + + +

+ SDL_image is an image file library that loads images as SDL surfaces, + and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, + TGA, TIFF, XCF, XPM, and XV. +

+ + +

+ The LWZReadByte() function in file IMG_gif.c and the IMG_LoadLBM_RW() + function in file IMG_lbm.c each contain a boundary error that can be + triggered to cause a static buffer overflow and a heap-based buffer + overflow. The first boundary error comes from some old vulnerable GD + PHP code (CVE-2006-4484). +

+ + +

+ A remote attacker can make an application using the SDL_image library + to process a specially crafted GIF file or IFF ILBM file that will + trigger a buffer overflow, resulting in the execution of arbitrary code + with the permissions of the application or the application crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SDL_image users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/sdl-image-1.2.6-r1" + + + SA28640 + CVE-2007-6697 + CVE-2008-0544 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-02.xml new file mode 100644 index 0000000000..c309b3c62d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-02.xml @@ -0,0 +1,75 @@ + + + + + Doomsday: Multiple vulnerabilities + + Multiple vulnerabilities in Doomsday might allow remote execution of + arbitrary code or a Denial of Service. + + doomsday + February 06, 2008 + February 10, 2008: 02 + 190835 + remote + + + 1.9.0_beta52 + + + +

+ The Doomsday Engine (deng) is a modern gaming engine for popular ID + games like Doom, Heretic and Hexen. +

+ + +

+ Luigi Auriemma discovered multiple buffer overflows in the + D_NetPlayerEvent() function, the Msg_Write() function and the + NetSv_ReadCommands() function. He also discovered errors when handling + chat messages that are not NULL-terminated (CVE-2007-4642) or contain a + short data length, triggering an integer underflow (CVE-2007-4643). + Furthermore a format string vulnerability was discovered in the + Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages + (CVE-2007-4644). +

+ + +

+ A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the rights of the user running the Doomsday server + or cause a Denial of Service by sending specially crafted messages to + the server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ While some of these issues could be resolved in + "games-fps/doomsday-1.9.0-beta5.2", the format string vulnerability + (CVE-2007-4644) remains unfixed. We recommend that users unmerge + Doomsday: +

+ + # emerge --unmerge games-fps/doomsday + + + CVE-2007-4642 + CVE-2007-4643 + CVE-2007-4644 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-03.xml new file mode 100644 index 0000000000..da27243e02 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-03.xml @@ -0,0 +1,62 @@ + + + + + Horde IMP: Security bypass + + Insufficient checks in Horde may allow a remote attacker to bypass security + restrictions. + + horde-imp + February 11, 2008 + February 11, 2008: 01 + 205377 + remote + + + 4.1.6 + 4.1.6 + + + +

+ Horde IMP provides a web-based access to IMAP and POP3 mailboxes. +

+ + +

+ Ulf Harnhammar, Secunia Research discovered that the "frame" and + "frameset" HTML tags are not properly filtered out. He also reported + that certain HTTP requests are executed without being checked. +

+ + +

+ A remote attacker could entice a user to open a specially crafted HTML + e-mail, possibly resulting in the deletion of arbitrary e-mail + messages. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Horde IMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-4.1.6" + + + CVE-2007-6018 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-04.xml new file mode 100644 index 0000000000..ce679800f9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-04.xml @@ -0,0 +1,75 @@ + + + + + Gallery: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in Gallery. + + gallery + February 11, 2008 + February 11, 2008: 01 + 203217 + remote + + + 2.2.4 + 2.0 + 2.2.4 + + + +

+ Gallery is a web-based application for creating and viewing photo + albums. +

+ + +

+ The Gallery developement team reported and fixed critical + vulnerabilities during an internal audit (CVE-2007-6685, CVE-2007-6686, + CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690, + CVE-2007-6691, CVE-2007-6692, CVE-2007-6693). +

+ + +

+ A remote attacker could exploit these vulnerabilities to execute + arbitrary code, conduct Cross-Site Scripting and Cross-Site Request + Forgery attacks, or disclose sensitive informations. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gallery users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.4" + + + CVE-2007-6685 + CVE-2007-6686 + CVE-2007-6687 + CVE-2007-6688 + CVE-2007-6689 + CVE-2007-6690 + CVE-2007-6691 + CVE-2007-6692 + CVE-2007-6693 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-05.xml new file mode 100644 index 0000000000..fb22a1dc25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-05.xml @@ -0,0 +1,66 @@ + + + + + Gnumeric: User-assisted execution of arbitrary code + + Several integer overflow vulnerabilities have been reported in Gnumeric, + possibly resulting in user-assisted execution of arbitrary code. + + gnumeric + February 12, 2008 + February 12, 2008: 01 + 208356 + remote + + + 1.8.1 + 1.8.1 + + + +

+ The Gnumeric spreadsheet is a versatile application developed as part + of the GNOME Office project. +

+ + +

+ Multiple integer overflow and signedness errors have been reported in + the excel_read_HLINK() function in file plugins/excel/ms-excel-read.c + when processing XLS HLINK opcodes. +

+ + +

+ A remote attacker could entice a user to open a specially crafted XLS + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gnumeric users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.8.1" + + + CVE-2008-0668 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-06.xml new file mode 100644 index 0000000000..e6001dbcd3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-06.xml @@ -0,0 +1,73 @@ + + + + + scponly: Multiple vulnerabilities + + Multiple vulnerabilities in scponly allow authenticated users to bypass + security restrictions. + + scponly + February 12, 2008 + February 13, 2008: 02 + 201726 + 203099 + local + + + 4.8 + 4.8 + + + +

+ scponly is a shell for restricting user access to file transfer only + using sftp and scp. +

+ + +

+ Joachim Breitner reported that Subversion and rsync support invokes + subcommands in an insecure manner (CVE-2007-6350). It has also been + discovered that scponly does not filter the -o and -F options to the + scp executable (CVE-2007-6415). +

+ + +

+ A local attacker could exploit these vulnerabilities to elevate + privileges and execute arbitrary commands on the vulnerable host. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All scponly users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/scponly-4.8" +

+ Due to the design of scponly's Subversion support, security + restrictions can still be circumvented. Please read carefully the + SECURITY file included in the package. +

+ + + CVE-2007-6350 + CVE-2007-6415 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-07.xml new file mode 100644 index 0000000000..a26a244bd1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-07.xml @@ -0,0 +1,65 @@ + + + + + Pulseaudio: Privilege escalation + + A vulnerability in pulseaudio may allow a local user to execute actions + with escalated privileges. + + pulseaudio + February 13, 2008 + February 13, 2008: 01 + 207214 + local + + + 0.9.9 + 0.9.9 + + + +

+ Pulseaudio is a networked sound server with an advanced plugin system. +

+ + +

+ Marcus Meissner from SUSE reported that the pa_drop_root() function + does not properly check the return value of the system calls setuid(), + seteuid(), setresuid() and setreuid() when dropping its privileges. +

+ + +

+ A local attacker could cause a resource exhaustion to make the system + calls fail, which would cause Pulseaudio to run as root. The attacker + could then perform actions with root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pulseaudio users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9" + + + CVE-2008-0008 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-08.xml new file mode 100644 index 0000000000..fa0766cb21 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-08.xml @@ -0,0 +1,68 @@ + + + + + Boost: Denial of Service + + Two vulnerabilities have been reported in Boost, each one possibly + resulting in a Denial of Service. + + boost + February 14, 2008 + February 14, 2008: 01 + 205955 + remote + + + 1.34.1-r2 + 1.34.1-r2 + + + +

+ Boost is a set of C++ libraries, including the Boost.Regex library to + process regular expressions. +

+ + +

+ Tavis Ormandy and Will Drewry from the Google Security Team reported a + failed assertion in file regex/v4/perl_matcher_non_recursive.hpp + (CVE-2008-0171) and a NULL pointer dereference in function + get_repeat_type() file basic_regex_creator.hpp (CVE-2008-0172) when + processing regular expressions. +

+ + +

+ A remote attacker could provide specially crafted regular expressions + to an application using Boost, resulting in a crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Boost users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/boost-1.34.1-r2" + + + CVE-2008-0171 + CVE-2008-0172 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-09.xml new file mode 100644 index 0000000000..51ea7f651a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-09.xml @@ -0,0 +1,68 @@ + + + + + ClamAV: Multiple vulnerabilities + + Multiple vulnerabilities in ClamAV may result in the remote execution of + arbitrary code. + + clamav + February 21, 2008 + February 21, 2008: 01 + 209915 + remote + + + 0.92.1 + 0.92.1 + + + +

+ Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +

+ + +

+ An integer overflow has been reported in the "cli_scanpe()" function in + file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability + has been reported in file libclamav/mew.c (CVE-2008-0728). +

+ + +

+ A remote attacker could entice a user or automated system to scan a + specially crafted file, possibly leading to the execution of arbitrary + code with the privileges of the user running ClamAV (either a system + user or the "clamav" user if clamd is compromised). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.92.1" + + + CVE-2008-0318 + CVE-2008-0728 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-10.xml new file mode 100644 index 0000000000..c1739da284 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-10.xml @@ -0,0 +1,67 @@ + + + + + Python: PCRE Integer overflow + + A vulnerability within Python's copy of PCRE might lead to the execution of + arbitrary code. + + python + February 23, 2008 + February 23, 2008: 01 + 198373 + remote + + + 2.3.6-r4 + 2.3.6-r4 + + + +

+ Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

+ Python 2.3 includes a copy of PCRE which is vulnerable to an integer + overflow vulnerability, leading to a buffer overflow. +

+ + +

+ An attacker could exploit the vulnerability by tricking a vulnerable + Python application to compile a regular expressions, which could + possibly lead to the execution of arbitrary code, a Denial of Service + or the disclosure of sensitive information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Python 2.3 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r4" + + + CVE-2006-7228 + GLSA 200711-30 + + + rbu + + + jaervosz + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-11.xml new file mode 100644 index 0000000000..905d66fd35 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-11.xml @@ -0,0 +1,85 @@ + + + + + Asterisk: Multiple vulnerabilities + + Multiple vulnerabilities have been found in Asterisk. + + asterisk + February 26, 2008 + February 26, 2008: 01 + 185713 + remote + + + 1.2.17-r1 + 1.2.21.1-r1 + 1.2.21.1-r1 + + + +

+ Asterisk is an open source telephony engine and tool kit. +

+ + +

+ Multiple vulnerabilities have been found in Asterisk: +

+
    +
  • Russel Bryant reported a stack buffer overflow in the IAX2 channel + driver (chan_iax2) when bridging calls between chan_iax2 and any + channel driver that uses RTP for media (CVE-2007-3762).
    • +
  • Chris + Clark and Zane Lackey (iSEC Partners) reported a NULL pointer + dereference in the IAX2 channel driver (chan_iax2) + (CVE-2007-3763).
    • +
  • Will Drewry (Google Security) reported a + vulnerability in the Skinny channel driver (chan_skinny), resulting in + an overly large memcpy (CVE-2007-3764).
    • +
  • Will Drewry (Google + Security) reported a vulnerability in the IAX2 channel driver + (chan_iax2), that does not correctly handle unauthenticated + transactions using a 3-way handshake (CVE-2007-4103).
    • +
+ + +

+ By sending a long voice or video RTP frame, a remote attacker could + possibly execute arbitrary code on the target machine. Sending + specially crafted LAGRQ or LAGRP frames containing information elements + of IAX frames, or a certain data length value in a crafted packet, or + performing a flood of calls not completing a 3-way handshake, could + result in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.17-r1" + + + CVE-2007-3762 + CVE-2007-3763 + CVE-2007-3764 + CVE-2007-4103 + + + jaervosz + + + keytoaster + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-12.xml new file mode 100644 index 0000000000..382733708e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200802-12.xml @@ -0,0 +1,71 @@ + + + + + xine-lib: User-assisted execution of arbitrary code + + xine-lib is vulnerable to multiple buffer overflows when processing FLAC + and ASF streams. + + xine-lib + February 26, 2008 + March 03, 2008: 02 + 209106 + 208100 + remote + + + 1.1.10.1 + 1.1.10.1 + + + +

+ xine-lib is the core library package for the xine media player. +

+ + +

+ Damian Frizza and Alfredo Ortega (Core Security Technologies) + discovered a stack-based buffer overflow within the open_flac_file() + function in the file demux_flac.c when parsing tags within a FLAC file + (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is + similar to CVE-2006-1664, has also been discovered (CVE-2008-1110). +

+ + +

+ A remote attacker could entice a user to play specially crafted FLAC or + ASF video streams with a player using xine-lib, potentially resulting + in the execution of arbitrary code with the privileges of the user + running the player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.10.1" + + + CVE-2006-1664 + CVE-2008-0486 + CVE-2008-1110 + + + jaervosz + + + jaervosz + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-01.xml new file mode 100644 index 0000000000..c5e2ffa6e0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-01.xml @@ -0,0 +1,87 @@ + + + + + Adobe Acrobat Reader: Multiple vulnerabilities + + Adobe Acrobat Reader is vulnerable to remote code execution, Denial of + Service, and cross-site request forgery attacks. + + acroread + March 02, 2008 + March 05, 2008: 05 + 170177 + remote + + + 8.1.2 + 8.1.2 + + + +

+ Adobe Acrobat Reader is a PDF reader released by Adobe. +

+ + +

+ Multiple vulnerabilities have been discovered in Adobe Acrobat Reader, + including: +

+
  • A file disclosure when using file:// in PDF documents + (CVE-2007-1199)
    • +
  • Multiple buffer overflows in unspecified Javascript methods + (CVE-2007-5659)
    • +
  • An unspecified vulnerability in the Escript.api plugin + (CVE-2007-5663)
    • +
  • An untrusted search path (CVE-2007-5666)
    • +
  • Incorrect handling of printers (CVE-2008-0667)
    • +
  • An integer overflow when passing incorrect arguments to + "printSepsWithParams" (CVE-2008-0726)
    • +
+

+ Other unspecified vulnerabilities have also been reported + (CVE-2008-0655). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. A remote + attacker could also perform cross-site request forgery attacks, or + cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Acrobat Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.2" + + + CVE-2007-1199 + CVE-2007-5659 + CVE-2007-5663 + CVE-2007-5666 + CVE-2008-0655 + CVE-2008-0667 + CVE-2008-0726 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-02.xml new file mode 100644 index 0000000000..c40bee1bd1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-02.xml @@ -0,0 +1,68 @@ + + + + + Firebird: Multiple vulnerabilities + + Multiple vulnerabilities in Firebird may allow the remote execution of + arbitrary code. + + firebird + March 02, 2008 + March 02, 2008: 01 + 208034 + remote + + + 2.0.3.12981.0-r5 + 2.0.3.12981.0-r5 + + + +

+ Firebird is a multi-platform, open source relational database. +

+ + +

+ Firebird does not properly handle certain types of XDR requests, + resulting in an integer overflow (CVE-2008-0387). Furthermore, it is + vulnerable to a buffer overflow when processing usernames + (CVE-2008-0467). +

+ + +

+ A remote attacker could send specially crafted XDR requests or an + overly long username to the vulnerable server, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Firebird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.3.12981.0-r5" + + + CVE-2008-0387 + CVE-2008-0467 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-03.xml new file mode 100644 index 0000000000..0887865d5a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-03.xml @@ -0,0 +1,64 @@ + + + + + Audacity: Insecure temporary file creation + + Audacity uses temporary files in an insecure manner, allowing for a symlink + attack. + + audacity + March 02, 2008 + March 02, 2008: 01 + 199751 + local + + + 1.3.4-r1 + 1.3.4-r1 + + + +

+ Audacity is a free cross-platform audio editor. +

+ + +

+ Viktor Griph reported that the "AudacityApp::OnInit()" method in file + src/AudacityApp.cpp does not handle temporary files properly. +

+ + +

+ A local attacker could exploit this vulnerability to conduct symlink + attacks to delete arbitrary files and directories with the privileges + of the user running Audacity. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Audacity users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/audacity-1.3.4-r1" + + + CVE-2007-6061 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-04.xml new file mode 100644 index 0000000000..54af5d2c32 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-04.xml @@ -0,0 +1,65 @@ + + + + + Mantis: Cross-Site Scripting + + A persistent Cross-Site Scripting vulnerability has been discovered in + Mantis. + + mantis + March 03, 2008 + March 03, 2008: 01 + 203791 + remote + + + 1.0.8-r1 + 1.0.8-r1 + + + +

+ Mantis is a web-based bug tracking system. +

+ + +

+ seiji reported that the filename for the uploaded file in + bug_report.php is not properly sanitised before being stored. +

+ + +

+ A remote attacker could upload a file with a specially crafted to a bug + report, resulting in the execution of arbitrary HTML and script code + within the context of the users's browser. Note that this vulnerability + is only exploitable by authenticated users. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mantis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.0.8-r1" + + + CVE-2007-6611 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-05.xml new file mode 100644 index 0000000000..e43f12605a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-05.xml @@ -0,0 +1,63 @@ + + + + + SplitVT: Privilege escalation + + A vulnerability in SplitVT may allow local users to gain escalated + privileges. + + splitvt + March 03, 2008 + March 03, 2008: 01 + 211240 + local + + + 1.6.6-r1 + 1.6.6-r1 + + + +

+ SplitVT is a program for splitting terminals into two shells. +

+ + +

+ Mike Ashton reported that SplitVT does not drop group privileges before + executing the xprop utility. +

+ + +

+ A local attacker could exploit this vulnerability to gain the "utmp" + group privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SplitVT users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/splitvt-1.6.6-r1" + + + CVE-2008-0162 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-06.xml new file mode 100644 index 0000000000..35c4c73057 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-06.xml @@ -0,0 +1,65 @@ + + + + + SWORD: Shell command injection + + Insufficient input checking in SWORD may allow shell command injection. + + sword + March 03, 2008 + March 03, 2008: 01 + 210754 + remote + + + 1.5.8-r2 + 1.5.8-r2 + + + +

+ SWORD is a library for Bible study software. +

+ + +

+ Dan Dennison reported that the diatheke.pl script used in SWORD does + not properly sanitize shell meta-characters in the "range" parameter + before processing it. +

+ + +

+ A remote attacker could provide specially crafted input to a vulnerable + application, possibly resulting in the remote execution of arbitrary + shell commands with the privileges of the user running SWORD (generally + the web server account). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SWORD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/sword-1.5.8-r2" + + + CVE-2008-0932 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-07.xml new file mode 100644 index 0000000000..bcb1ffd911 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-07.xml @@ -0,0 +1,64 @@ + + + + + Paramiko: Information disclosure + + Unsafe randomness usage in Paramiko may allow access to sensitive + information. + + paramiko + March 03, 2008 + March 03, 2008: 01 + 205777 + remote + + + 1.7.2 + 1.7.2 + + + +

+ Paramiko is a Secure Shell Server implementation written in Python. +

+ + +

+ Dwayne C. Litzenberger reported that the file "common.py" does not + properly use RandomPool when using threads or forked processes. +

+ + +

+ A remote attacker could predict the values generated by applications + using Paramiko for encryption purposes, potentially gaining access to + sensitive information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Paramiko users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/paramiko-1.7.2" + + + CVE-2008-0299 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-08.xml new file mode 100644 index 0000000000..cc8a870cb9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-08.xml @@ -0,0 +1,78 @@ + + + + + Win32 binary codecs: Multiple vulnerabilities + + Multiple vulnerabilities in the Win32 codecs for Linux may result in the + remote execution of arbitrary code. + + win32codecs + March 04, 2008 + March 04, 2008: 01 + 150288 + remote + + + 20071007-r2 + 20071007-r2 + + + +

+ Win32 binary codecs provide support for video and audio playback. +

+ + +

+ Multiple buffer overflow, heap overflow, and integer overflow + vulnerabilities were discovered in the Quicktime plugin when processing + MOV, FLC, SGI, H.264 and FPX files. +

+ + +

+ A remote attacker could entice a user to open a specially crafted video + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Win32 binary codecs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" +

+ Note: Since no updated binary versions have been released, the + Quicktime libraries have been removed from the package. Please use the + free alternative Quicktime implementations within VLC, MPlayer or Xine + for playback. +

+ + + CVE-2006-4382 + CVE-2006-4384 + CVE-2006-4385 + CVE-2006-4386 + CVE-2006-4388 + CVE-2006-4389 + CVE-2007-4674 + CVE-2007-6166 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-09.xml new file mode 100644 index 0000000000..d599f3141a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-09.xml @@ -0,0 +1,72 @@ + + + + + Opera: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Opera, allowing for file + disclosure, privilege escalation and Cross-Site scripting. + + opera + March 04, 2008 + March 04, 2008: 01 + 210260 + remote + + + 9.26 + 9.26 + + + +

+ Opera is a fast web browser that is available free of charge. +

+ + +

+ Mozilla discovered that Opera does not handle input to file form fields + properly, allowing scripts to manipulate the file path (CVE-2008-1080). + Max Leonov found out that image comments might be treated as scripts, + and run within the wrong security context (CVE-2008-1081). Arnaud + reported that a wrong representation of DOM attribute values of + imported XML documents allows them to bypass sanitization filters + (CVE-2008-1082). +

+ + +

+ A remote attacker could entice a user to upload a file with a known + path by entering text into a specially crafted form, to execute scripts + outside intended security boundaries and conduct Cross-Site Scripting + attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.26" + + + CVE-2008-1080 + CVE-2008-1081 + CVE-2008-1082 + + + jaervosz + + + jaervosz + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-10.xml new file mode 100644 index 0000000000..53d0508858 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-10.xml @@ -0,0 +1,66 @@ + + + + + lighttpd: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in lighttpd. + + lighttpd + March 05, 2008 + March 05, 2008: 01 + 211230 + 211956 + remote + + + 1.4.18-r2 + 1.4.18-r2 + + + +

+ lighttpd is a lightweight high-performance web server. +

+ + +

+ lighttpd contains a calculation error when allocating the global file + descriptor array (CVE-2008-0983). Furthermore, it sends the source of a + CGI script instead of returning a 500 error (Internal Server Error) + when the fork() system call fails (CVE-2008-1111). +

+ + +

+ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service or gain the source of a CGI script. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.18-r2" + + + CVE-2008-0983 + CVE-2008-1111 + + + rbu + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-11.xml new file mode 100644 index 0000000000..604e619a04 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-11.xml @@ -0,0 +1,65 @@ + + + + + Vobcopy: Insecure temporary file creation + + Vobcopy uses temporary files in an insecure manner, allowing for a symlink + attack. + + vobcopy + March 05, 2008 + March 05, 2008: 01 + 197578 + local + + + 1.1.0 + 1.1.0 + + + +

+ Vobcopy is a tool for decrypting and copying DVD .vob files to a hard + disk. +

+ + +

+ Joey Hess reported that vobcopy appends data to the file + "/tmp/vobcopy.bla" in an insecure manner. +

+ + +

+ A local attacker could exploit this vulnerability to conduct symlink + attacks and append data to arbitrary files with the privileges of the + user running Vobcopy. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Vobcopy users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vobcopy-1.1.0" + + + CVE-2007-5718 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-12.xml new file mode 100644 index 0000000000..b69d90902f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-12.xml @@ -0,0 +1,66 @@ + + + + + Evolution: Format string vulnerability + + A format string error has been discovered in Evolution, possibly resulting + in the execution of arbitrary code. + + evolution + March 05, 2008 + March 05, 2008: 01 + 212272 + remote + + + 2.12.3-r1 + 2.12.3-r1 + + + +

+ Evolution is a GNOME groupware application. +

+ + +

+ Ulf Harnhammar from Secunia Research discovered a format string error + in the emf_multipart_encrypted() function in the file mail/em-format.c + when reading certain data (e.g. the "Version:" field) from an encrypted + e-mail. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + encrypted e-mail, potentially resulting in the execution of arbitrary + code with the privileges of the user running Evolution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Evolution users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.12.3-r1" + + + CVE-2008-0072 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-13.xml new file mode 100644 index 0000000000..b56be22664 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-13.xml @@ -0,0 +1,98 @@ + + + + + VLC: Multiple vulnerabilities + + Multiple vulnerabilities were found in VLC, allowing for the execution of + arbitrary code and Denial of Service. + + vlc + March 07, 2008 + March 07, 2008: 01 + 203345 + 211575 + 205299 + remote + + + 0.8.6e + 0.8.6e + + + +

+ VLC is a cross-platform media player and streaming server. +

+ + +

+ Multiple vulnerabilities were found in VLC: +

+
    +
  • Michal Luczaj + and Luigi Auriemma reported that VLC contains boundary errors when + handling subtitles in the ParseMicroDvd(), ParseSSA(), and + ParseVplayer() functions in the modules/demux/subtitle.c file, allowing + for a stack-based buffer overflow (CVE-2007-6681).
    • +
  • The web + interface listening on port 8080/tcp contains a format string error in + the httpd_FileCallBack() function in the network/httpd.c file + (CVE-2007-6682).
    • +
  • The browser plugin possibly contains an + argument injection vulnerability (CVE-2007-6683).
    • +
  • The RSTP + module triggers a NULL pointer dereference when processing a request + without a "Transport" parameter (CVE-2007-6684).
    • +
  • Luigi + Auriemma and Remi Denis-Courmont found a boundary error in the + modules/access/rtsp/real_sdpplin.c file when processing SDP data for + RTSP sessions (CVE-2008-0295) and a vulnerability in the + libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a + heap-based buffer overflow.
    • +
  • Felipe Manzano and Anibal Sacco + (Core Security Technologies) discovered an arbitrary memory overwrite + vulnerability in VLC's MPEG-4 file format parser (CVE-2008-0984).
    • +
+ + +

+ A remote attacker could send a long subtitle in a file that a user is + enticed to open, a specially crafted MP4 input file, long SDP data, or + a specially crafted HTTP request with a "Connection" header value + containing format specifiers, possibly resulting in the remote + execution of arbitrary code. Also, a Denial of Service could be caused + and arbitrary files could be overwritten via the "demuxdump-file" + option in a filename in a playlist or via an EXTVLCOPT statement in an + MP3 file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6e" + + + CVE-2007-6681 + CVE-2007-6682 + CVE-2007-6683 + CVE-2007-6684 + CVE-2008-0295 + CVE-2008-0296 + CVE-2008-0984 + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-14.xml new file mode 100644 index 0000000000..d4d298076e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-14.xml @@ -0,0 +1,87 @@ + + + + + Ghostscript: Buffer overflow + + A stack-based buffer overflow has been discovered in Ghostscript, allowing + arbitrary code execution. + + ghostscript + March 08, 2008 + March 08, 2008: 01 + 208999 + remote + + + 8.15.4-r1 + 8.15.4-r1 + + + 8.61-r3 + 8.61-r3 + + + 8.60.0-r2 + 8.60.0-r2 + + + +

+ Ghostscript is a suite of software based on an interpreter for + PostScript and PDF. +

+ + +

+ Chris Evans (Google Security) discovered a stack-based buffer overflow + within the zseticcspace() function in the file zicc.c when processing a + PostScript file containing a long "Range" array in a .seticcscpate + operator. +

+ + +

+ A remote attacker could exploit this vulnerability by enticing a user + to open a specially crafted PostScript file, which could possibly lead + to the execution of arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ghostscript ESP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-esp-8.15.4-r1" +

+ All Ghostscript GPL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.61-r3" +

+ All Ghostscript GNU users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gnu-8.60.0-r2" + + + CVE-2008-0411 + + + jaervosz + + + jaervosz + + + psychoschlumpf + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-15.xml new file mode 100644 index 0000000000..03da9bc585 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-15.xml @@ -0,0 +1,64 @@ + + + + + phpMyAdmin: SQL injection vulnerability + + A SQL injection vulnerability has been discovered in phpMyAdmin. + + phpmyadmin + March 09, 2008 + March 09, 2008: 01 + 212000 + local + + + 2.11.5 + 2.11.5 + + + +

+ phpMyAdmin is a free web-based database administration tool. +

+ + +

+ Richard Cunningham reported that phpMyAdmin uses the $_REQUEST variable + of $_GET and $_POST as a source for its parameters. +

+ + +

+ An attacker could entice a user to visit a malicious web application + that sets an "sql_query" cookie and is hosted on the same domain as + phpMyAdmin, and thereby conduct SQL injection attacks with the + privileges of the user authenticating in phpMyAdmin afterwards. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.5" + + + CVE-2008-1149 + + + rbu + + + psychoschlumpf + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-16.xml new file mode 100644 index 0000000000..c047d78046 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-16.xml @@ -0,0 +1,81 @@ + + + + + MPlayer: Multiple buffer overflows + + Multiple vulnerabilities have been discovered in MPlayer, possibly allowing + for the remote execution of arbitrary code. + + mplayer + March 10, 2008 + March 10, 2008: 01 + 208566 + remote + + + 1.0_rc2_p25993 + 1.0_rc2_p25993 + + + +

+ MPlayer is a media player incuding support for a wide range of audio + and video formats. +

+ + +

+ The following errors have been discovered in MPlayer: +

+
    +
  • Felipe Manzano and Anibal Sacco (Core Security Technologies) + reported an array indexing error in the file libmpdemux/demux_mov.c + when parsing MOV file headers (CVE-2008-0485).
    • +
  • Damian Frizza + and Alfredo Ortega (Core Security Technologies) reported a boundary + error in the file libmpdemux/demux_audio.c when parsing FLAC comments + (CVE-2008-0486).
    • +
  • Adam Bozanich (Mu Security) reported boundary + errors in the cddb_parse_matches_list() and cddb_query_parse() + functions in the file stream_cddb.c when parsing CDDB album titles + (CVE-2008-0629) and in the url_scape_string() function in the file + stream/url.c when parsing URLS (CVE-2008-0630).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the execution of arbitrary code with the + privileges of the user running MPlayer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p25993" + + + CVE-2008-0485 + CVE-2008-0486 + CVE-2008-0629 + CVE-2008-0630 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-17.xml new file mode 100644 index 0000000000..f4a421d7a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-17.xml @@ -0,0 +1,63 @@ + + + + + PDFlib: Multiple buffer overflows + + Multiple stack-based buffer overflows have been reported in PDFlib. + + pdflib + March 10, 2008 + March 10, 2008: 01 + 203287 + remote + + + 7.0.2_p8 + 7.0.2_p8 + + + +

+ PDFlib is a library for generating PDF on the fly. +

+ + +

+ poplix reported multiple boundary errors in the pdc_fsearch_fopen() + function when processing overly long filenames. +

+ + +

+ A remote attacker could send specially crafted content to a vulnerable + application using PDFlib, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PDFlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/pdflib-7.0.2_p8" + + + CVE-2007-6561 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-18.xml new file mode 100644 index 0000000000..e9a08c9bcb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-18.xml @@ -0,0 +1,79 @@ + + + + + Cacti: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in Cacti. + + cacti + March 10, 2008 + May 28, 2009: 02 + 209918 + remote + + + 0.8.7b + 0.8.6j-r8 + 0.8.7b + + + +

+ Cacti is a web-based network graphing and reporting tool. +

+ + +

+ The following inputs are not properly sanitized before being processed: +

+
  • "view_type" parameter in the file graph.php, "filter" parameter + in the file graph_view.php, "action" and "login_username" parameters in + the file index.php (CVE-2008-0783).
    • +
  • "local_graph_id" parameter in the file graph.php + (CVE-2008-0784).
    • +
  • "graph_list" parameter in the file graph_view.php, "leaf_id" and + "id" parameters in the file tree.php, "local_graph_id" in the file + graph_xport.php (CVE-2008-0785).
    • +
+

+ Furthermore, CRLF injection attack are possible via unspecified vectors + (CVE-2008-0786). +

+ + +

+ A remote attacker could exploit these vulnerabilities, leading to path + disclosure, Cross-Site Scripting attacks, SQL injection, and HTTP + response splitting. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cacti users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.7b" + + + CVE-2008-0783 + CVE-2008-0784 + CVE-2008-0785 + CVE-2008-0786 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-19.xml new file mode 100644 index 0000000000..5abd6290a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-19.xml @@ -0,0 +1,78 @@ + + + + + Apache: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Apache. + + apache + March 11, 2008 + March 12, 2008: 02 + 201163 + 204410 + 205195 + 209899 + remote + + + 2.2.8 + 2.2.8 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + Internet. +

+ + +

+ Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method + specifier header is not properly sanitized when the HTTP return code is + "413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer + module does not properly check the balancer name before using it + (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its + answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported + that filenames are not properly sanitized within the mod_negotiation + module (CVE-2008-0455, CVE-2008-0456). +

+ + +

+ A remote attacker could entice a user to visit a malicious URL or send + specially crafted HTTP requests (i.e using Adobe Flash) to perform + Cross-Site Scripting and HTTP response splitting attacks, or conduct a + Denial of Service attack on the vulnerable web server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.8" + + + CVE-2007-6203 + CVE-2007-6422 + CVE-2008-0005 + CVE-2008-0455 + CVE-2008-0456 + + + jaervosz + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-20.xml new file mode 100644 index 0000000000..fa47995ef7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-20.xml @@ -0,0 +1,74 @@ + + + + + International Components for Unicode: Multiple vulnerabilities + + Two vulnerabilities have been discovered in the International Components + for Unicode, possibly resulting in the remote execution of arbitrary code + or a Denial of Service. + + icu + March 11, 2008 + May 28, 2009: 03 + 208001 + remote + + + 3.8.1-r1 + 3.6-r2 + 3.8.1-r1 + + + +

+ International Components for Unicode is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +

+ + +

+ Will Drewry (Google Security) reported a vulnerability in the regular + expression engine when using back references to capture \0 characters + (CVE-2007-4770). He also found that the backtracking stack size is not + limited, possibly allowing for a heap-based buffer overflow + (CVE-2007-4771). +

+ + +

+ A remote attacker could submit specially crafted regular expressions to + an application using the library, possibly resulting in the remote + execution of arbitrary code with the privileges of the user running the + application or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All International Components for Unicode users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/icu-3.8.1-r1" + + + CVE-2007-4770 + CVE-2007-4771 + + + jaervosz + + + jaervosz + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-21.xml new file mode 100644 index 0000000000..22f48c76e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-21.xml @@ -0,0 +1,70 @@ + + + + + Sarg: Remote execution of arbitrary code + + Sarg is vulnerable to the execution of arbitrary code when processed with + untrusted input files. + + sarg + March 12, 2008 + March 12, 2008: 01 + 212208 + 212731 + remote + + + 2.2.5 + 2.2.5 + + + +

+ Sarg (Squid Analysis Report Generator) is a tool that provides many + informations about the Squid web proxy server users activities: time, + sites, traffic, etc. +

+ + +

+ Sarg doesn't properly check its input for abnormal content when + processing Squid log files. +

+ + +

+ A remote attacker using a vulnerable Squid as a proxy server or a + reverse-proxy server can inject arbitrary content into the "User-Agent" + HTTP client header, that will be processed by sarg, which will lead to + the execution of arbitrary code, or JavaScript injection, allowing + Cross-Site Scripting attacks and the theft of credentials. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All sarg users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5" + + + CVE-2008-1167 + CVE-2008-1168 + + + rbu + + + falco + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-22.xml new file mode 100644 index 0000000000..39fc2a7671 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-22.xml @@ -0,0 +1,67 @@ + + + + + LIVE555 Media Server: Denial of Service + + A Denial of Service vulnerability has been reported in LIVE555 Media + Server. + + live + March 13, 2008 + March 13, 2008: 01 + 204065 + remote + + + 2008.02.08 + 2008.02.08 + + + +

+ LIVE555 Media Server is a set of libraries for multimedia streaming. +

+ + +

+ Luigi Auriemma reported a signedness error in the + parseRTSPRequestString() function when processing short RTSP queries. +

+ + +

+ A remote attacker could send a specially crafted RTSP query to the + vulnerable server, resulting in a crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LIVE555 Media Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-plugins/live-2008.02.08" +

+ Note: Due to ABI changes, applications built against LIVE555 Media + Server such as VLC or MPlayer should also be rebuilt. +

+ + + CVE-2007-6036 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-23.xml new file mode 100644 index 0000000000..8cd9f4dcb2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-23.xml @@ -0,0 +1,67 @@ + + + + + Website META Language: Insecure temporary file usage + + Multiple insecure temporary file vulnerabilities have been discovered in + the Website META Language. + + wml + March 15, 2008 + March 15, 2008: 01 + 209927 + local + + + 2.0.11-r3 + 2.0.11-r3 + + + +

+ Website META Language is a free and extensible Webdesigner's off-line + HTML generation toolkit for Unix. +

+ + +

+ Temporary files are handled insecurely in the files + wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and + wml_backend/p3_eperl/eperl_sys.c, allowing users to overwrite or delete + arbitrary files with the privileges of the user running the program. +

+ + +

+ Local users can exploit the insecure temporary file vulnerabilities via + symlink attacks to perform certain actions with escalated privileges. +

+ + +

+ Restrict access to the temporary directory to trusted users only. +

+ + +

+ All Website META Language users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/wml-2.0.11-r3" + + + CVE-2008-0665 + CVE-2008-0666 + + + p-y + + + p-y + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-24.xml new file mode 100644 index 0000000000..8758b5aac1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-24.xml @@ -0,0 +1,79 @@ + + + + + PCRE: Buffer overflow + + A buffer overflow vulnerability has been discovered in PCRE, allowing for + the execution of arbitrary code and Denial of Service. + + libpcre glib + March 17, 2008 + March 17, 2008: 02 + 209067 + 209293 + remote + + + 7.6-r1 + 7.6-r1 + + + 2.14.6 + 2.14.0 + 2.14.6 + + + +

+ PCRE is a Perl-compatible regular expression library. GLib includes a + copy of PCRE. +

+ + +

+ PCRE contains a buffer overflow vulnerability when processing a + character class containing a very large number of characters with + codepoints greater than 255. +

+ + +

+ A remote attacker could exploit this vulnerability by sending a + specially crafted regular expression to an application making use of + the PCRE library, which could possibly lead to the execution of + arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PCRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.6-r1" +

+ All GLib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.14.6" + + + CVE-2008-0674 + + + jaervosz + + + jaervosz + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-25.xml new file mode 100644 index 0000000000..c659206592 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-25.xml @@ -0,0 +1,82 @@ + + + + + Dovecot: Multiple vulnerabilities + + Two vulnerabilities in Dovecot allow for information disclosure and + argument injection. + + dovecot + March 18, 2008 + March 18, 2008: 01 + 212336 + 213030 + remote + + + 1.0.13-r1 + 1.0.13-r1 + + + +

+ Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail + server. +

+ + +

+ Dovecot uses the group configured via the "mail_extra_groups" setting, + which should be used to create lockfiles in the /var/mail directory, + when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape + TAB characters in passwords when saving them, which might allow for + argument injection in blocking passdbs such as MySQL, PAM or shadow + (CVE-2008-1218). +

+ + +

+ Remote attackers can exploit the first vulnerability to disclose + sensitive data, such as the mail of other users, or modify files or + directories that are writable by group via a symlink attack. Please + note that the "mail_extra_groups" setting is set to the "mail" group by + default when the "mbox" USE flag is enabled. +

+

+ The second vulnerability can be abused to inject arguments for internal + fields. No exploitation vectors are known for this vulnerability that + affect previously stable versions of Dovecot in Gentoo. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dovecot users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.0.13-r1" +

+ This version removes the "mail_extra_groups" option and introduces a + "mail_privileged_group" setting which is handled safely. +

+ + + CVE-2008-1199 + CVE-2008-1218 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-26.xml new file mode 100644 index 0000000000..0b6dcc3bbb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-26.xml @@ -0,0 +1,64 @@ + + + + + Adobe Acrobat Reader: Insecure temporary file creation + + An insecure temporary file creation vulnerability has been discovered in + Adobe Acrobat Reader. + + acroread + March 18, 2008 + March 18, 2008: 01 + 212367 + local + + + 8.1.2-r1 + 8.1.2-r1 + + + +

+ Acrobat Reader is a PDF reader released by Adobe. +

+ + +

+ SUSE reported that the "acroread" wrapper script does not create + temporary files in a secure manner when handling SSL certificates + (CVE-2008-0883). +

+ + +

+ A local attacker could exploit this vulnerability to overwrite + arbitrary files via a symlink attack on temporary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Acrobat Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.2-r1" + + + CVE-2008-0883 + + + mfleming + + + mfleming + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-27.xml new file mode 100644 index 0000000000..bea788162d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-27.xml @@ -0,0 +1,88 @@ + + + + + MoinMoin: Multiple vulnerabilities + + Several vulnerabilities have been reported in MoinMoin Wiki Engine. + + moinmoin + March 18, 2008 + March 18, 2008: 01 + 209133 + remote + + + 1.6.1 + 1.6.1 + + + +

+ MoinMoin is an advanced, easy to use and extensible Wiki Engine. +

+ + +

+ Multiple vulnerabilities have been discovered: +

+
    +
  • + A vulnerability exists in the file wikimacro.py because the + _macro_Getval function does not properly enforce ACLs + (CVE-2008-1099).
    • +
  • + A directory traversal vulnerability exists in the userform action + (CVE-2008-0782).
    • +
  • + A Cross-Site Scripting vulnerability exists in the login action + (CVE-2008-0780).
    • +
  • + Multiple Cross-Site Scripting vulnerabilities exist in the file + action/AttachFile.py when using the message, pagename, and target + filenames (CVE-2008-0781).
    • +
  • + Multiple Cross-Site Scripting vulnerabilities exist in + formatter/text_gedit.py (aka the gui editor formatter) which can be + exploited via a page name or destination page name, which trigger an + injection in the file PageEditor.py (CVE-2008-1098). +
    • +
+ + +

+ These vulnerabilities can be exploited to allow remote attackers to + inject arbitrary web script or HTML, overwrite arbitrary files, or read + protected pages. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MoinMoin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.1" + + + CVE-2008-0780 + CVE-2008-0781 + CVE-2008-0782 + CVE-2008-1098 + CVE-2008-1099 + + + p-y + + + p-y + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-28.xml new file mode 100644 index 0000000000..3b8a80b158 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-28.xml @@ -0,0 +1,77 @@ + + + + + OpenLDAP: Denial of Service vulnerabilities + + Multiple Denial of Service vulnerabilities have been reported in OpenLDAP. + + openldap + March 19, 2008 + March 19, 2008: 01 + 197446 + 209677 + remote + + + 2.3.41 + 2.3.41 + + + +

+ OpenLDAP Software is an open source implementation of the Lightweight + Directory Access Protocol. +

+ + +

+ The following errors have been discovered in OpenLDAP: +

+
    +
  • + Tony Blake discovered an error which exists within the normalisation of + "objectClasses" (CVE-2007-5707).
    • +
  • + Thomas Sesselmann reported that, when running as a proxy-caching server + the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c + does not correctly NULL terminate "new_attrs" (CVE-2007-5708).
    • +
  • + A double-free bug exists in attrs_free() in the file + servers/slapd/back-bdb/modrdn.c, which was discovered by Jonathan + Clarke (CVE-2008-0658).
    • +
+ + +

+ A remote attacker can cause a Denial of Serivce by sending a malformed + "objectClasses" attribute, and via unknown vectors that prevent the + "new_attrs" array from being NULL terminated, and via a modrdn + operation with a NOOP (LDAP_X_NO_OPERATION) control. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenLDAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.41" + + + CVE-2007-5707 + CVE-2007-5708 + CVE-2008-0658 + + + mfleming + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-29.xml new file mode 100644 index 0000000000..e133e33f79 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-29.xml @@ -0,0 +1,68 @@ + + + + + ViewVC: Multiple vulnerabilities + + Multiple security issues have been reported in ViewVC, which can be + exploited by malicious people to bypass certain security restrictions. + + viewvc + March 19, 2008 + April 01, 2009: 02 + 212288 + remote + + + 1.0.5 + 1.0.5 + + + +

+ ViewVC is a browser interface for CVS and Subversion version control + repositories. +

+ + +

+ Multiple unspecified errors were reportedly fixed by the ViewVC + development team. +

+ + +

+ A remote attacker could send a specially crafted URL to the server to + list CVS or SVN commits on "all-forbidden" files, access hidden CVSROOT + folders, and view restricted content via the revision view, the log + history, or the diff view. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ViewVC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/viewvc-1.0.5" + + + CVE-2008-1290 + CVE-2008-1291 + CVE-2008-1292 + + + p-y + + + p-y + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-30.xml new file mode 100644 index 0000000000..f1802c8fc2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-30.xml @@ -0,0 +1,168 @@ + + + + + ssl-cert eclass: Certificate disclosure + + An error in the usage of the ssl-cert eclass within multiple ebuilds might + allow for disclosure of generated SSL private keys. + + ssl-cert.eclass + March 20, 2008 + March 20, 2008: 01 + 174759 + remote + + + 8.1.16 + 8.1.16 + + + 2.4.6-r2 + 2.3.8-r1 + 2.2.11-r1 + 2.4.6-r2 + + + 0.17-r7 + 0.17-r7 + + + 1.1.3 + 1.1.3 + + + 3.2.7-r2 + 3.2.7-r2 + + + 2.3.9-r1 + 2.3.9-r1 + + + 1.0.10 + 1.0.10 + + + 4.21-r1 + 4.0 + 4.21-r1 + + + 2.4.3-r1 + 2.4.3-r1 + + + +

+ The ssl-cert eclass is a code module used by Gentoo ebuilds to generate + SSL certificates. +

+ + +

+ Robin Johnson reported that the docert() function provided by + ssl-cert.eclass can be called by source building stages of an ebuild, + such as src_compile() or src_install(), which will result in the + generated SSL keys being included inside binary packages (binpkgs). +

+ + +

+ A local attacker could recover the SSL keys from publicly readable + binary packages when "emerge" is called with the "--buildpkg + (-b)" or "--buildpkgonly (-B)" option. Remote attackers can + recover these keys if the packages are served to a network. Binary + packages built using "quickpkg" are not affected. +

+ + +

+ Do not use pre-generated SSL keys, but use keys that were generated + using a different Certificate Authority. +

+ + +

+ Upgrading to newer versions of the above packages will neither remove + possibly compromised SSL certificates, nor old binary packages. Please + remove the certificates installed by Portage, and then emerge an + upgrade to the package. +

+

+ All Conserver users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/conserver-8.1.16" +

+ All Postfix 2.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.4.6-r2" +

+ All Postfix 2.3 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.3.8-r1" +

+ All Postfix 2.2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.2.11-r1" +

+ All Netkit FTP Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r7" +

+ All ejabberd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/ejabberd-1.1.3" +

+ All UnrealIRCd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/unrealircd-3.2.7-r2" +

+ All Cyrus IMAP Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.3.9-r1" +

+ All Dovecot users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.0.10" +

+ All stunnel 4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.21" +

+ All InterNetNews users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.4.3-r1" + + + CVE-2008-1383 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-31.xml new file mode 100644 index 0000000000..5f50a1490d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-31.xml @@ -0,0 +1,100 @@ + + + + + MIT Kerberos 5: Multiple vulnerabilities + + Multiple vulnerabilities have been found in MIT Kerberos 5, which could + allow a remote unauthenticated user to execute arbitrary code with root + privileges. + + mit-krb5 + March 24, 2008 + March 24, 2008: 01 + 199205 + 212363 + remote + + + 1.6.3-r1 + 1.6.3-r1 + + + +

+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. kadmind is the MIT Kerberos 5 administration daemon, + KDC is the Key Distribution Center. +

+ + +
  • Two vulnerabilities were found in the Kerberos 4 support in + KDC: A global variable is not set for some incoming message types, + leading to a NULL pointer dereference or a double free() + (CVE-2008-0062) and unused portions of a buffer are not properly + cleared when generating an error message, which results in stack + content being contained in a reply (CVE-2008-0063).
    • +
  • Jeff + Altman (Secure Endpoints) discovered a buffer overflow in the RPC + library server code, used in the kadmin server, caused when too many + file descriptors are opened (CVE-2008-0947).
    • +
  • Venustech AD-LAB + discovered multiple vulnerabilities in the GSSAPI library: usage of a + freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and + a double free() vulnerability in the gss_krb5int_make_seal_token_v3() + function (CVE-2007-5971).
    • +
+ + +

+ The first two vulnerabilities can be exploited by a remote + unauthenticated attacker to execute arbitrary code on the host running + krb5kdc, compromise the Kerberos key database or cause a Denial of + Service. These bugs can only be triggered when Kerberos 4 support is + enabled. +

+

+ The RPC related vulnerability can be exploited by a remote + unauthenticated attacker to crash kadmind, and theoretically execute + arbitrary code with root privileges or cause database corruption. This + bug can only be triggered in configurations that allow large numbers of + open file descriptors in a process. +

+

+ The GSSAPI vulnerabilities could be exploited by a remote attacker to + cause Denial of Service conditions or possibly execute arbitrary code. +

+ + +

+ Kerberos 4 support can be disabled via disabling the "krb4" USE flag + and recompiling the ebuild, or setting "v4_mode=none" in the + [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around + the KDC related vulnerabilities. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1" + + + CVE-2007-5901 + CVE-2007-5971 + CVE-2008-0062 + CVE-2008-0063 + CVE-2008-0947 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-32.xml new file mode 100644 index 0000000000..4c2e28e137 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200803-32.xml @@ -0,0 +1,65 @@ + + + + + Wireshark: Denial of Service + + Multiple Denial of Service vulnerabilities have been discovered in + Wireshark. + + wireshark + March 24, 2008 + March 24, 2008: 01 + 212149 + remote + + + 0.99.8 + 0.99.8 + + + +

+ Wireshark is a network protocol analyzer with a graphical front-end. +

+ + +

+ Multiple unspecified errors exist in the SCTP, SNMP, and TFTP + dissectors. +

+ + +

+ A remote attacker could cause a Denial of Service by sending a + malformed packet. +

+ + +

+ Disable the SCTP, SNMP, and TFTP dissectors. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.8" + + + CVE-2008-1070 + CVE-2008-1071 + CVE-2008-1072 + + + rbu + + + mfleming + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-01.xml new file mode 100644 index 0000000000..1a6f838048 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-01.xml @@ -0,0 +1,87 @@ + + + + + CUPS: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in CUPS, allowing for the + remote execution of arbitrary code and a Denial of Service. + + cups + April 01, 2008 + April 01, 2008: 01 + 211449 + 212364 + 214068 + remote + + + 1.2.12-r7 + 1.2.12-r7 + + + +

+ CUPS provides a portable printing layer for UNIX-based operating + systems. +

+ + +

+ Multiple vulnerabilities have been reported in CUPS: +

+
    +
  • regenrecht (VeriSign iDefense) discovered that the + cgiCompileSearch() function used in several CGI scripts in CUPS' + administration interface does not correctly calculate boundaries when + processing a user-provided regular expression, leading to a heap-based + buffer overflow (CVE-2008-0047).
    • +
  • Helge Blischke reported a + double free() vulnerability in the process_browse_data() function when + adding or removing remote shared printers (CVE-2008-0882).
    • +
  • Tomas Hoger (Red Hat) reported that the gif_read_lzw() function + uses the code_size value from GIF images without properly checking it, + leading to a buffer overflow (CVE-2008-1373).
    • +
  • An unspecified + input validation error was discovered in the HP-GL/2 filter + (CVE-2008-0053).
    • +
+ + +

+ A local attacker could send specially crafted network packets or print + jobs and possibly execute arbitrary code with the privileges of the + user running CUPS (usually lp), or cause a Denial of Service. The + vulnerabilities are exploitable via the network when CUPS is sharing + printers remotely. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7" + + + CVE-2008-0047 + CVE-2008-0053 + CVE-2008-0882 + CVE-2008-1373 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-02.xml new file mode 100644 index 0000000000..571559b148 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-02.xml @@ -0,0 +1,64 @@ + + + + + bzip2: Denial of Service + + A buffer overread vulnerability has been discovered in Bzip2. + + bzip2 + April 02, 2008 + April 02, 2008: 01 + 213820 + remote + + + 1.0.5 + 1.0.5 + + + +

+ bzip2 is a free and open source lossless data compression program. +

+ + +

+ The Oulu University discovered that bzip2 does not properly check + offsets provided by the bzip2 file, leading to a buffer overread. +

+ + +

+ Remote attackers can entice a user or automated system to open a + specially crafted file that triggers a buffer overread, causing a + Denial of Service. libbz2 and programs linking against it are also + affected. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All bzip2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/bzip2-1.0.5" + + + CVE-2008-1372 + + + rbu + + + mfleming + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-03.xml new file mode 100644 index 0000000000..d8f3291cbc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-03.xml @@ -0,0 +1,79 @@ + + + + + OpenSSH: Privilege escalation + + Two flaws have been discovered in OpenSSH which could allow local attackers + to escalate their privileges. + + openssh + April 05, 2008 + April 05, 2008: 01 + 214985 + 215702 + local + + + 4.7_p1-r6 + 4.7_p1-r6 + + + +

+ OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +

+ + +

+ Two issues have been discovered in OpenSSH: +

+
    +
  • Timo Juhani + Lindfors discovered that OpenSSH sets the DISPLAY variable in SSH + sessions using X11 forwarding even when it cannot bind the X11 server + to a local port in all address families (CVE-2008-1483).
    • +
  • OpenSSH will execute the contents of the ".ssh/rc" file even when + the "ForceCommand" directive is enabled in the global sshd_config + (CVE-2008-1657).
    • +
+ + +

+ A local attacker could exploit the first vulnerability to hijack + forwarded X11 sessions of other users and possibly execute code with + their privileges, disclose sensitive data or cause a Denial of Service, + by binding a local X11 server to a port using only one address family. + The second vulnerability might allow local attackers to bypass intended + security restrictions and execute commands other than those specified + by "ForceCommand" if they are able to write to their home directory. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSH users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.7_p1-r6" + + + CVE-2008-1483 + CVE-2008-1657 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-04.xml new file mode 100644 index 0000000000..a59853638e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-04.xml @@ -0,0 +1,79 @@ + + + + + MySQL: Multiple vulnerabilities + + Multiple vulnerabilities in MySQL might lead to privilege escalation and + Denial of Service. + + mysql + April 06, 2008 + April 06, 2008: 01 + 201669 + remote + + + 5.0.54 + 5.0.54 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL server. +

+ + +

+ Multiple vulnerabilities have been reported in MySQL: +

+
    +
  • Mattias Jonsson reported that a "RENAME TABLE" command against a + table with explicit "DATA DIRECTORY" and "INDEX DIRECTORY" options + would overwrite the file to which the symlink points + (CVE-2007-5969).
    • +
  • Martin Friebe discovered that MySQL does not + update the DEFINER value of a view when the view is altered + (CVE-2007-6303).
    • +
  • Philip Stoev discovered that the federated + engine expects the response of a remote MySQL server to contain a + minimum number of columns in query replies (CVE-2007-6304).
    • +
+ + +

+ An authenticated remote attacker could exploit the first vulnerability + to overwrite MySQL system tables and escalate privileges, or use the + second vulnerability to gain privileges via an "ALTER VIEW" statement. + Remote federated MySQL servers could cause a Denial of Service in the + local MySQL server by exploiting the third vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.54" + + + CVE-2007-5969 + CVE-2007-6303 + CVE-2007-6304 + + + jaervosz + + + jaervosz + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-05.xml new file mode 100644 index 0000000000..75157ab55d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-05.xml @@ -0,0 +1,78 @@ + + + + + NX: User-assisted execution of arbitrary code + + NX uses code from the X.org X11 server which is prone to multiple + vulnerabilities. + + nx, nxnode + April 06, 2008 + April 06, 2008: 02 + 210317 + remote + + + 3.1.0-r2 + 3.1.0-r2 + + + 3.1.0-r1 + 3.1.0-r1 + + + +

+ NoMachine's NX establishes remote connections to X11 desktops over + small bandwidth links. NX and NX Node are the compression core + libraries, whereas NX is used by FreeNX and NX Node by the binary-only + NX servers. +

+ + +

+ Multiple integer overflow and buffer overflow vulnerabilities have been + discovered in the X.Org X server as shipped by NX and NX Node + (vulnerabilities 1-4 in GLSA 200801-09). +

+ + +

+ A remote attacker could exploit these vulnerabilities via unspecified + vectors, leading to the execution of arbitrary code with the privileges + of the user on the machine running the NX server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NX Node users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.1.0-r2" +

+ All NX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nx-3.1.0-r1" + + + GLSA 200801-09 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-06.xml new file mode 100644 index 0000000000..213731be2e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-06.xml @@ -0,0 +1,66 @@ + + + + + UnZip: User-assisted execution of arbitrary code + + A double free vulnerability discovered in UnZip might lead to the execution + of arbitrary code. + + unzip + April 06, 2008 + April 06, 2008: 01 + 213761 + remote + + + 5.52-r2 + 5.52-r2 + + + +

+ Info-ZIP's UnZip is a tool to list and extract files inside PKZIP + compressed files. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered that the NEEDBITS + macro in the inflate_dynamic() function in the file inflate.c can be + invoked using invalid buffers, which can lead to a double free. +

+ + +

+ Remote attackers could entice a user or automated system to open a + specially crafted ZIP file that might lead to the execution of + arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All UnZip users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unzip-5.52-r2" + + + CVE-2008-0888 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-07.xml new file mode 100644 index 0000000000..0df9ad4c36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-07.xml @@ -0,0 +1,66 @@ + + + + + PECL APC: Buffer Overflow + + A buffer overflow vulnerability in PECL APC might allow for the remote + execution of arbitrary code. + + pecl-apc + April 09, 2008 + April 09, 2008: 01 + 214576 + remote + + + 3.0.16-r1 + 3.0.16-r1 + + + +

+ PECL Alternative PHP Cache (PECL APC) is a free, open, and robust + framework for caching and optimizing PHP intermediate code. +

+ + +

+ Daniel Papasian discovered a stack-based buffer overflow in the + apc_search_paths() function in the file apc.c when processing long + filenames. +

+ + +

+ A remote attacker could exploit this vulnerability to execute arbitrary + code in PHP applications that pass user-controlled input to the + include() function. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PECL APC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php5/pecl-apc-3.0.16-r1" + + + CVE-2008-1488 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-08.xml new file mode 100644 index 0000000000..4253efbe0c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-08.xml @@ -0,0 +1,72 @@ + + + + + lighttpd: Multiple vulnerabilities + + Multiple vulnerabilities in lighttpd may lead to information disclosure or + a Denial of Service. + + lighttpd + April 10, 2008 + April 10, 2008: 01 + 212930 + 214892 + remote + + + 1.4.19-r2 + 1.4.19-r2 + + + +

+ lighttpd is a lightweight high-performance web server. +

+ + +

+ Julien Cayzax discovered that an insecure default setting exists in + mod_userdir in lighttpd. When userdir.path is not set the default value + used is $HOME. It should be noted that the "nobody" user's $HOME is "/" + (CVE-2008-1270). An error also exists in the SSL connection code which + can be triggered when a user prematurely terminates his connection + (CVE-2008-1531). +

+ + +

+ A remote attacker could exploit the first vulnerability to read + arbitrary files. The second vulnerability can be exploited by a remote + attacker to cause a Denial of Service by terminating a victim's SSL + connection. +

+ + +

+ As a workaround for CVE-2008-1270 you can set userdir.path to a + sensible value, e.g. "public_html". +

+ + +

+ All lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.19-r2" + + + CVE-2008-1270 + CVE-2008-1531 + + + keytoaster + + + rbu + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-09.xml new file mode 100644 index 0000000000..1a50d844a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-09.xml @@ -0,0 +1,64 @@ + + + + + am-utils: Insecure temporary file creation + + am-utils creates temporary files insecurely allowing local users to + overwrite arbitrary files via a symlink attack. + + am-utils + April 10, 2008 + April 10, 2008: 01 + 210158 + local + + + 6.1.5 + 6.1.5 + + + +

+ am-utils is a collection of utilities for use with the Berkeley + Automounter. +

+ + +

+ Tavis Ormandy discovered that, when creating temporary files, the + 'expn' utility does not check whether the file already exists. +

+ + +

+ A local attacker could exploit the vulnerability via a symlink attack + to overwrite arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All am-utils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/am-utils-6.1.5" + + + CVE-2008-1078 + + + p-y + + + mfleming + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-10.xml new file mode 100644 index 0000000000..38d1378b7f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-10.xml @@ -0,0 +1,108 @@ + + + + + Tomcat: Multiple vulnerabilities + + Multiple vulnerabilities in Tomcat may lead to local file overwriting, + session hijacking or information disclosure. + + tomcat + April 10, 2008 + May 28, 2009: 02 + 196066 + 203169 + local, remote + + + 5.5.26 + 6.0.16 + 5.5.27 + 6.0.16 + + + +

+ Tomcat is the Apache Jakarta Project's official implementation of Java + Servlets and Java Server Pages. +

+ + +

+ The following vulnerabilities were reported: +

+
    +
  • Delian Krustev discovered that the JULI logging component does not + properly enforce access restrictions, allowing web application to add + or overwrite files (CVE-2007-5342).
    • +
  • + When the native APR connector is used, Tomcat does not properly handle + an empty request to the SSL port, which allows remote attackers to + trigger handling of a duplicate copy of one of the recent requests + (CVE-2007-6286).
    • +
  • + If the processing or parameters is interrupted, i.e. by an exception, + then it is possible for the parameters to be processed as part of later + request (CVE-2008-0002).
    • +
  • + An absolute path traversal vulnerability exists due to the way that + WebDAV write requests are handled (CVE-2007-5461).
    • +
  • + Tomcat does not properly handle double quote (") characters or %5C + (encoded backslash) sequences in a cookie value, which might cause + sensitive information such as session IDs to be leaked to remote + attackers and enable session hijacking attacks + (CVE-2007-5333).
    • +
+ + +

+ These vulnerabilities can be exploited by: +

+
    +
  • + a malicious web application to add or overwrite files with the + permissions of the user running Tomcat. +
    • +
  • + a remote attacker to conduct session hijacking or disclose sensitive + data. +
    • +
+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tomcat 5.5.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.26" +

+ All Tomcat 6.0.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.16" + + + CVE-2007-5333 + CVE-2007-5342 + CVE-2007-5461 + CVE-2007-6286 + CVE-2008-0002 + + + rbu + + + mfleming + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-11.xml new file mode 100644 index 0000000000..b7d4db3817 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-11.xml @@ -0,0 +1,71 @@ + + + + + policyd-weight: Insecure temporary file creation + + policyd-weight uses temporary files in an insecure manner, allowing for a + symlink attack. + + policyd-weight + April 11, 2008 + April 11, 2008: 01 + 214403 + local + + + 0.1.14.17 + 0.1.14.17 + + + +

+ policyd-weight is a Perl policy daemon for the Postfix MTA intended to + eliminate forged envelope senders and HELOs. +

+ + +

+ Chris Howells reported that policyd-weight creates and uses the + "/tmp/.policyd-weight/" directory in an insecure manner. +

+ + +

+ A local attacker could exploit this vulnerability to delete arbitrary + files or change the ownership to the "polw" user via symlink attacks. +

+ + +

+ Set "$LOCKPATH = '/var/run/policyd-weight/'" manually in + "/etc/policyd-weight.conf". +

+ + +

+ All policyd-weight users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/policyd-weight-0.1.14.17" +

+ This version changes the default path for sockets to + "/var/run/policyd-weight", which is only writable by a privileged user. + Users need to restart policyd-weight immediately after the upgrade due + to this change. +

+ + + CVE-2008-1569 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-12.xml new file mode 100644 index 0000000000..22f036edf5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-12.xml @@ -0,0 +1,64 @@ + + + + + gnome-screensaver: Privilege escalation + + gnome-screensaver allows local users to bypass authentication under certain + configurations. + + gnome-screensaver + April 11, 2008 + April 11, 2008: 01 + 213940 + local + + + 2.20.0-r3 + 2.20.0-r3 + + + +

+ gnome-screensaver is a screensaver, designed to integrate with the + Gnome desktop, that can replace xscreensaver. +

+ + +

+ gnome-screensaver incorrectly handles the results of the getpwuid() + function in the file src/setuid.c when using directory servers (like + NIS) during a network outage, a similar issue to GLSA 200705-14. +

+ + +

+ A local user can crash gnome-xscreensaver by preventing network + connectivity if the system uses a remote directory service for + credentials such as NIS or LDAP, which will unlock the screen. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gnome-screensaver users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-extra/gnome-screensaver-2.20.0-r3" + + + CVE-2008-0887 + GLSA 200705-14 + + + falco + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-13.xml new file mode 100644 index 0000000000..721ebba5e2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-13.xml @@ -0,0 +1,81 @@ + + + + + Asterisk: Multiple vulnerabilities + + Multiple vulnerabilities have been found in Asterisk allowing for SQL + injection, session hijacking and unauthorized usage. + + asterisk + April 14, 2008 + April 14, 2008: 01 + 200792 + 202733 + 213883 + remote + + + 1.2.27 + 1.2.27 + + + +

+ Asterisk is an open source telephony engine and tool kit. +

+ + +

+ Asterisk upstream developers reported multiple vulnerabilities: +

+
    +
  • The Call Detail Record Postgres logging engine (cdr_pgsql) + does not correctly escape the ANI and DNIS arguments before using them + in SQL statements (CVE-2007-6170).
    • +
  • When using database-based + registrations ("realtime") and host-based authentication, Asterisk does + not check the IP address when the username is correct and there is no + password provided (CVE-2007-6430).
    • +
  • The SIP channel driver does + not correctly determine if authentication is required + (CVE-2008-1332).
    • +
+ + +

+ Remote authenticated attackers could send specially crafted data to + Asterisk to execute arbitrary SQL commands and compromise the + administrative database. Remote unauthenticated attackers could bypass + authentication using a valid username to hijack other user's sessions, + and establish sessions on the SIP channel without authentication. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.27" + + + CVE-2007-6170 + CVE-2007-6430 + CVE-2008-1332 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-14.xml new file mode 100644 index 0000000000..80491b0e5d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-14.xml @@ -0,0 +1,66 @@ + + + + + Opera: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Opera, allowing for + execution of arbitrary code. + + opera + April 14, 2008 + April 14, 2008: 01 + 216022 + remote + + + 9.27 + 9.27 + + + +

+ Opera is a fast web browser that is available free of charge. +

+ + +

+ Michal Zalewski reported two vulnerabilities, memory corruption when + adding news feed sources from a website (CVE-2008-1761) as well as when + processing HTML CANVAS elements to use scaled images (CVE-2008-1762). + Additionally, an unspecified weakness related to keyboard handling of + password inputs has been reported (CVE-2008-1764). +

+ + +

+ A remote attacker could entice a user to visit a specially crafted web + site or news feed and possibly execute arbitrary code with the + privileges of the user running Opera. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.27" + + + CVE-2008-1761 + CVE-2008-1762 + CVE-2008-1764 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-15.xml new file mode 100644 index 0000000000..e845d01dba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-15.xml @@ -0,0 +1,70 @@ + + + + + libpng: Execution of arbitrary code + + A vulnerability in libpng may allow for execution of arbitrary code in + certain applications that handle untrusted images. + + libpng + April 15, 2008 + April 15, 2008: 01 + 217047 + remote + + + 1.2.26-r1 + 1.2.26-r1 + + + +

+ libpng is a free ANSI C library used to process and manipulate PNG + images. +

+ + +

+ Tavis Ormandy of the Google Security Team discovered that libpng does + not handle zero-length unknown chunks in PNG files correctly, which + might lead to memory corruption in applications that call + png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks(). +

+ + +

+ A remote attacker could entice a user or automated system to process a + specially crafted PNG image in an application using libpng and possibly + execute arbitrary code with the privileges of the user running the + application. Note that processing of unknown chunks is disabled by + default in most PNG applications, but some such as ImageMagick are + affected. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.26-r1" + + + CVE-2008-1382 + + + rbu + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-16.xml new file mode 100644 index 0000000000..e71f3231bb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-16.xml @@ -0,0 +1,76 @@ + + + + + rsync: Execution of arbitrary code + + A buffer overflow in rsync might lead to the remote execution of arbitrary + code when extended attributes are being used. + + rsync + April 17, 2008 + April 17, 2008: 01 + 216887 + remote + + + 2.6.9-r6 + 2.6.9-r6 + + + +

+ rsync is a file transfer program to keep remote directories + synchronized. +

+ + +

+ Sebastian Krahmer of SUSE reported an integer overflow in the + expand_item_list() function in the file util.c which might lead to a + heap-based buffer overflow when extended attribute (xattr) support is + enabled. +

+ + +

+ A remote attacker could send a file containing specially crafted + extended attributes to an rsync deamon, or entice a user to sync from + an rsync server containing specially crafted files, possibly leading to + the execution of arbitrary code. +

+

+ Please note that extended attributes are only enabled when USE="acl" is + enabled, which is the default setting. +

+ + +

+ Disable extended attributes in the rsync daemon by setting "refuse + options = xattrs" in the file "/etc/rsyncd.conf" (or append + "xattrs" to an existing "refuse" statement). When synchronizing to a + server, do not provide the "-X" parameter to rsync. You can also + disable the "acl" USE flag for rsync and recompile the package. +

+ + +

+ All rsync users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.9-r6" + + + CVE-2008-1720 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-17.xml new file mode 100644 index 0000000000..f456bdbd21 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-17.xml @@ -0,0 +1,70 @@ + + + + + Speex: User-assisted execution of arbitrary code + + Improper input validation in Speex might lead to array indexing + vulnerabilities in multiple player applications. + + speex + April 17, 2008 + April 17, 2008: 01 + 217715 + remote + + + 1.2_beta3_p2 + 1.2_beta3_p2 + + + +

+ Speex is an audio compression format designed for speech that is free + of patent restrictions. +

+ + +

+ oCERT reported that the Speex library does not properly validate the + "mode" value it derives from Speex streams, allowing for array indexing + vulnerabilities inside multiple player applications. Within Gentoo, + xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins, + vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found + to be vulnerable. +

+ + +

+ A remote attacker could entice a user to open a specially crafted Speex + file or network stream with an application listed above. This might + lead to the execution of arbitrary code with privileges of the user + playing the file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Speex users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/speex-1.2_beta3_p2" + + + CVE-2008-1686 + + + vorlon + + + vorlon + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-18.xml new file mode 100644 index 0000000000..07c5e7ee53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-18.xml @@ -0,0 +1,65 @@ + + + + + Poppler: User-assisted execution of arbitrary code + + Poppler does not handle fonts inside PDF files safely, allowing for + execution of arbitrary code. + + poppler + April 17, 2008 + April 17, 2008: 02 + 216850 + remote + + + 0.6.3 + 0.6.3 + + + +

+ Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +

+ + +

+ Kees Cook from the Ubuntu Security Team reported that the + CairoFont::create() function in the file CairoFontEngine.cc does not + verify the type of an embedded font object inside a PDF file before + dereferencing a function pointer from it. +

+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, + or Evince, potentially resulting in the execution of arbitrary code + with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Poppler users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.3" + + + CVE-2008-1693 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-19.xml new file mode 100644 index 0000000000..77addfb124 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-19.xml @@ -0,0 +1,70 @@ + + + + + PHP Toolkit: Data disclosure and Denial of Service + + PHP Toolkit does not quote parameters, allowing for PHP source code + disclosure on Apache, and a Denial of Service. + + php-toolkit + April 17, 2008 + April 17, 2008: 01 + 209535 + local + + + 1.0.1 + 1.0.1 + + + +

+ PHP Toolkit is a utility to manage parallel installations of PHP within + Gentoo. It is executed by the PHP ebuilds at setup. +

+ + +

+ Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph + reported that php-select does not quote parameters passed to the "tr" + command, which could convert the "-D PHP5" argument in the + "APACHE2_OPTS" setting in the file /etc/conf.d/apache2 to lower case. +

+ + +

+ An attacker could entice a system administrator to run "emerge + php" or call "php-select -t apache2 php5" directly in a + directory containing a lower case single-character named file, which + would prevent Apache from loading mod_php and thereby disclose PHP + source code and cause a Denial of Service. +

+ + +

+ Do not run "emerge" or "php-select" from a working directory which + contains a lower case single-character named file. +

+ + +

+ All PHP Toolkit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/php-toolkit-1.0.1" + + + CVE-2008-1734 + + + rbu + + + vorlon + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-20.xml new file mode 100644 index 0000000000..43b8a0e301 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-20.xml @@ -0,0 +1,232 @@ + + + + + Sun JDK/JRE: Multiple vulnerabilities + + Multiple vulnerabilities have been identified in Sun Java Development Kit + (JDK) and Java Runtime Environment (JRE). + + sun-jdk, sun-jre-bin, emul-linux-x86-java + April 17, 2008 + March 05, 2010: 06 + 178851 + 178962 + 183580 + 185256 + 194711 + 212425 + remote + + + 1.6.0.05 + 1.5.0.21 + 1.5.0.20 + 1.5.0.19 + 1.5.0.18 + 1.5.0.17 + 1.5.0.16 + 1.5.0.15 + 1.4.2.17 + 1.5.0.22 + 1.6.0.05 + + + 1.6.0.05 + 1.5.0.21 + 1.5.0.20 + 1.5.0.19 + 1.5.0.18 + 1.5.0.17 + 1.5.0.16 + 1.5.0.15 + 1.4.2.17 + 1.5.0.22 + 1.6.0.05 + + + 1.6.0.05 + 1.5.0.21 + 1.5.0.20 + 1.5.0.19 + 1.5.0.18 + 1.5.0.17 + 1.5.0.16 + 1.5.0.15 + 1.4.2.17 + 1.5.0.22 + 1.6.0.05 + + + +

+ The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +

+ + +

+ Multiple vulnerabilities have been discovered in Sun Java: +

+
    +
  • Daniel Soeder discovered that a long codebase attribute string in a + JNLP file will overflow a stack variable when launched by Java WebStart + (CVE-2007-3655).
    • +
  • Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, + CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA + 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the + initial revision of said GLSAs.
    • +
  • The Zero Day Initiative, TippingPoint and John Heasman reported + multiple buffer overflows and unspecified vulnerabilities in Java Web + Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, + CVE-2008-1191).
    • +
  • Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue + when performing XSLT transformations (CVE-2008-1187).
    • +
  • CERT/CC reported a Stack-based buffer overflow in Java Web Start + when using JNLP files (CVE-2008-1196).
    • +
  • Azul Systems reported an unspecified vulnerability that allows + applets to escalate their privileges (CVE-2007-5689).
    • +
  • Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, + Weidong Shao, and David Byrne discovered multiple instances where Java + applets or JavaScript programs run within browsers do not pin DNS + hostnames to a single IP address, allowing for DNS rebinding attacks + (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274).
    • +
  • Peter Csepely reported that Java Web Start does not properly + enforce access restrictions for untrusted applications (CVE-2007-5237, + CVE-2007-5238).
    • +
  • Java Web Start does not properly enforce access restrictions for + untrusted Java applications and applets, when handling drag-and-drop + operations (CVE-2007-5239).
    • +
  • Giorgio Maone discovered that warnings for untrusted code can be + hidden under applications' windows (CVE-2007-5240).
    • +
  • Fujitsu reported two security issues where security restrictions of + web applets and applications were not properly enforced (CVE-2008-1185, + CVE-2008-1186).
    • +
  • John Heasman of NGSSoftware discovered that the Java Plug-in does + not properly enforce the same origin policy (CVE-2008-1192).
    • +
  • Chris Evans of the Google Security Team discovered multiple + unspecified vulnerabilities within the Java Runtime Environment Image + Parsing Library (CVE-2008-1193, CVE-2008-1194).
    • +
  • Gregory Fleischer reported that web content fetched via the "jar:" + protocol was not subject to network access restrictions + (CVE-2008-1195).
    • +
  • Chris Evans and Johannes Henkel of the Google Security Team + reported that the XML parsing code retrieves external entities even + when that feature is disabled (CVE-2008-0628).
    • +
  • Multiple unspecified vulnerabilities might allow for escalation of + privileges (CVE-2008-0657).
    • +
+ + +

+ A remote attacker could entice a user to run a specially crafted applet + on a website or start an application in Java Web Start to execute + arbitrary code outside of the Java sandbox and of the Java security + restrictions with the privileges of the user running Java. The attacker + could also obtain sensitive information, create, modify, rename and + read local files, execute local applications, establish connections in + the local network, bypass the same origin policy, and cause a Denial of + Service via multiple vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sun JRE 1.6 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.05" +

+ All Sun JRE 1.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.5.0.15" +

+ All Sun JRE 1.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.17" +

+ All Sun JDK 1.6 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.05" +

+ All Sun JDK 1.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.5.0.15" +

+ All Sun JDK 1.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.17" +

+ All emul-linux-x86-java 1.6 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.05" +

+ All emul-linux-x86-java 1.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.15" +

+ All emul-linux-x86-java 1.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.4.2.17" + + + CVE-2007-2435 + CVE-2007-2788 + CVE-2007-2789 + CVE-2007-3655 + CVE-2007-5232 + CVE-2007-5237 + CVE-2007-5238 + CVE-2007-5239 + CVE-2007-5240 + CVE-2007-5273 + CVE-2007-5274 + CVE-2007-5689 + CVE-2008-0628 + CVE-2008-0657 + CVE-2008-1185 + CVE-2008-1186 + CVE-2008-1187 + CVE-2008-1188 + CVE-2008-1189 + CVE-2008-1190 + CVE-2008-1191 + CVE-2008-1192 + CVE-2008-1193 + CVE-2008-1194 + CVE-2008-1195 + CVE-2008-1196 + GLSA 200705-23 + GLSA 200706-08 + + + jaervosz + + + jaervosz + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-21.xml new file mode 100644 index 0000000000..ed0ba6eb9c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-21.xml @@ -0,0 +1,104 @@ + + + + + Adobe Flash Player: Multiple vulnerabilities + + Multiple vulnerabilities have been identified, the worst of which allow + arbitrary code execution on a user's system via a malicious Flash file. + + adobe-flash + April 18, 2008 + May 28, 2009: 02 + 204344 + remote + + + 9.0.124.0 + 9.0.124.0 + + + +

+ The Adobe Flash Player is a renderer for the popular SWF file format, + which is commonly used to provide interactive websites, digital + experiences and mobile content. +

+ + +

+ Multiple vulnerabilities have been discovered in Adobe Flash: +

+
    +
  • + Secunia Research and Zero Day Initiative reported a boundary error + related to DeclareFunction2 Actionscript tags in SWF files + (CVE-2007-6019). +
    • +
  • + The ISS X-Force and the Zero Day Initiative reported an unspecified + input validation error that might lead to a buffer overflow + (CVE-2007-0071). +
    • +
  • + Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy + files are not checked before sending HTTP headers to another domain + (CVE-2008-1654) and that it does not sufficiently restrict the + interpretation and usage of cross-domain policy files (CVE-2007-6243). +
    • +
  • + The Stanford University and Ernst and Young's Advanced Security Center + reported that Flash does not pin DNS hostnames to a single IP + addresses, allowing for DNS rebinding attacks (CVE-2007-5275, + CVE-2008-1655). +
    • +
  • + The Google Security Team and Minded Security Multiple reported multiple + cross-site scripting vulnerabilities when passing input to Flash + functions (CVE-2007-6637). +
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted file + (usually in a web browser), possibly leading to the execution of + arbitrary code with the privileges of the user running the Adobe Flash + Player. The attacker could also cause a user's machine to send HTTP + requests to other hosts, establish TCP sessions with arbitrary hosts, + bypass the security sandbox model, or conduct Cross-Site Scripting and + Cross-Site Request Forgery attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-9.0.124.0" + + + CVE-2007-0071 + CVE-2007-5275 + CVE-2007-6019 + CVE-2007-6243 + CVE-2007-6637 + CVE-2008-1654 + CVE-2008-1655 + + + vorlon + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-22.xml new file mode 100644 index 0000000000..800269af57 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-22.xml @@ -0,0 +1,70 @@ + + + + + PowerDNS Recursor: DNS Cache Poisoning + + Use of insufficient randomness in PowerDNS Recursor might lead to DNS cache + poisoning. + + pdns-recursor + April 18, 2008 + August 21, 2008: 03 + 215567 + 231335 + remote + + + 3.1.6 + 3.1.6 + + + +

+ The PowerDNS Recursor is an advanced recursing nameserver. +

+ + +

+ Amit Klein of Trusteer reported that insufficient randomness is used to + calculate the TRXID values and the UDP source port numbers + (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to + resolve this issue was incomplete, as it did not always enable the + stronger random number generator for source port selection + (CVE-2008-3217). +

+ + +

+ A remote attacker could send malicious answers to insert arbitrary DNS + data into the cache. These attacks would in turn help an attacker to + perform man-in-the-middle and site impersonation attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PowerDNS Recursor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.1.6" + + + CVE-2008-1637 + CVE-2008-3217 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-23.xml new file mode 100644 index 0000000000..2e0da0520c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-23.xml @@ -0,0 +1,67 @@ + + + + + CUPS: Integer overflow vulnerability + + A vulnerability in CUPS might allow for the execution of arbitrary code or + a Denial of Service. + + cups + April 18, 2008 + April 18, 2008: 01 + 217232 + remote, local + + + 1.2.12-r8 + 1.2.12-r8 + + + +

+ CUPS provides a portable printing layer for UNIX-based operating + systems. +

+ + +

+ Thomas Pollet reported a possible integer overflow vulnerability in the + PNG image handling in the file filter/image-png.c. +

+ + +

+ A malicious user might be able to execute arbitrary code with the + privileges of the user running CUPS (usually lp), or cause a Denial of + Service by sending a specially crafted PNG image to the print server. + The vulnerability is exploitable via the network if CUPS is sharing + printers remotely. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r8" + + + CVE-2008-1722 + + + vorlon + + + vorlon + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-24.xml new file mode 100644 index 0000000000..a2e31366f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-24.xml @@ -0,0 +1,69 @@ + + + + + DBmail: Data disclosure + + A vulnerability in DBMail could allow for passwordless login to any account + under certain configurations. + + dbmail + April 18, 2008 + April 18, 2008: 01 + 218154 + remote + + + 2.2.9 + 2.2.9 + + + +

+ DBMail is a mail storage and retrieval daemon that uses SQL databases + as its data store. IMAP and POP3 can be used to retrieve mails from the + database. +

+ + +

+ A vulnerability in DBMail's authldap module when used in conjunction + with an Active Directory server has been reported by vugluskr. When + passing a zero length password to the module, it tries to bind + anonymously to the LDAP server. If the LDAP server allows anonymous + binds, this bind succeeds and results in a successful authentication to + DBMail. +

+ + +

+ By passing an empty password string to the server, an attacker could be + able to log in to any account. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All DBMail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dbmail-2.2.9" + + + CVE-2007-6714 + + + vorlon + + + vorlon + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-25.xml new file mode 100644 index 0000000000..bc8f268b25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-25.xml @@ -0,0 +1,93 @@ + + + + + VLC: User-assisted execution of arbitrary code + + Multiple vulnerabilities were found in VLC, allowing for the execution of + arbitrary code. + + vlc + April 23, 2008 + April 23, 2008: 01 + 214277 + 214627 + remote + + + 0.8.6f + 0.8.6f + + + +

+ VLC is a cross-platform media player and streaming server. +

+ + +

+ Multiple vulnerabilities were found in VLC: +

+
    +
  • + Luigi Auriemma discovered that the stack-based buffer overflow when + reading subtitles, which has been reported as CVE-2007-6681 in GLSA + 200803-13, was not properly fixed (CVE-2008-1881). +
    • +
  • + Alin Rad Pop of Secunia reported an array indexing vulnerability in the + sdpplin_parse() function when processing streams from RTSP servers in + Xine code, which is also used in VLC (CVE-2008-0073). +
    • +
  • + Drew Yao and Nico Golde reported an integer overflow in the + MP4_ReadBox_rdrf() function in the file libmp4.c leading to a + heap-based buffer overflow when reading MP4 files (CVE-2008-1489). +
    • +
  • Drew Yao also reported integer overflows in the MP4 demuxer, + the Real demuxer and in the Cinepak codec, which might lead to buffer + overflows (CVE-2008-1768).
    • +
  • Drew Yao finally discovered and a + boundary error in Cinepak, which might lead to memory corruption + (CVE-2008-1769).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted media + file or stream, possibly resulting in the remote execution of arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6f" + + + CVE-2007-6681 + CVE-2008-0073 + CVE-2008-1489 + CVE-2008-1768 + CVE-2008-1769 + CVE-2008-1881 + GLSA 200803-13 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-26.xml new file mode 100644 index 0000000000..5f74dd9a36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-26.xml @@ -0,0 +1,64 @@ + + + + + Openfire: Denial of Service + + A design error in Openfire might lead to a Denial of Service. + + openfire + April 23, 2008 + April 23, 2008: 01 + 217234 + remote + + + 3.5.0 + 3.5.0 + + + +

+ Openfire (formerly Wildfire) is a Java implementation of a complete + Jabber server. +

+ + +

+ Openfire's connection manager in the file ConnectionManagerImpl.java + cannot handle clients that fail to read messages, and has no limit on + their session's send buffer. +

+ + +

+ Remote authenticated attackers could trigger large outgoing queues + without reading messages, causing a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Openfire users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/openfire-3.5.0" + + + CVE-2008-1728 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-27.xml new file mode 100644 index 0000000000..812d39c3bc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-27.xml @@ -0,0 +1,102 @@ + + + + + SILC: Multiple vulnerabilities + + Multiple vulnerabilities were found in SILC Client, Server, and Toolkit, + allowing for Denial of Service and execution of arbitrary code. + + silc-toolkit silc-client silc-server + April 24, 2008 + April 24, 2008: 01 + 212362 + 214116 + 214812 + remote + + + 1.1.7 + 1.1.7 + + + 1.1.4 + 1.1.4 + + + 1.1.2 + 1.1.2 + + + +

+ SILC (Secure Internet Live Conferencing protocol) Toolkit is a software + development kit for use in clients, SILC Server is a communication + server, and SILC Client is an IRSSI-based text client. +

+ + +
    +
  • Nathan G. Grennan reported a boundary error in SILC Toolkit + within the silc_fingerprint() function in the file + lib/silcutil/silcutil.c when passing overly long data, resulting in a + stack-based buffer overflow (CVE-2008-1227).
    • +
  • A vulnerability + has been reported in SILC Server which is caused due to an error in the + handling of "NEW_CLIENT" packets that do not contain a nickname + (CVE-2008-1429).
    • +
  • Ariel Waissbein, Pedro Varangot, Martin + Mizrahi, Oren Isacson, Carlos Garcia, and Ivan Arce of Core Security + Technologies reported that SILC Client, Server, and Toolkit contain a + vulnerability in the silc_pkcs1_decode() function in the silccrypt + library (silcpkcs1.c), resulting in an integer underflow, signedness + error, and a buffer overflow (CVE-2008-1552).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service or execute arbitrary code with the privileges of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SILC Toolkit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.7" +

+ All SILC Client users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/silc-client-1.1.4" +

+ All SILC Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/silc-server-1.1.2" + + + CVE-2008-1227 + CVE-2008-1429 + CVE-2008-1552 + + + rbu + + + rbu + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-28.xml new file mode 100644 index 0000000000..777fd55baf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-28.xml @@ -0,0 +1,75 @@ + + + + + JRockit: Multiple vulnerabilities + + Multiple vulnerabilities have been identified in BEA JRockit. + + jrockit-jdk-bin + April 24, 2008 + April 24, 2008: 01 + 218226 + remote + + + 1.4.2.16 + 1.5.0.14 + 1.5.0.14 + + + +

+ JRockit is BEA WebLogic's J2SE Development Kit. +

+ + +

+ Because of sharing the same codebase, JRockit is affected by the + vulnerabilities mentioned in GLSA 200804-20. +

+ + +

+ A remote attacker could entice a user to run a specially crafted applet + on a website or start an application in Java Web Start to execute + arbitrary code outside of the Java sandbox and of the Java security + restrictions with the privileges of the user running Java. The attacker + could also obtain sensitive information, create, modify, rename and + read local files, execute local applications, establish connections in + the local network, bypass the same origin policy, and cause a Denial of + Service via multiple vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All JRockit 1.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/jrockit-jdk-bin-1.4.2.16" +

+ All JRockit 1.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/jrockit-jdk-bin-1.5.0.14" + + + GLSA 200804-20 + + + rbu + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-29.xml new file mode 100644 index 0000000000..1c4df7d97d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-29.xml @@ -0,0 +1,70 @@ + + + + + Comix: Multiple vulnerabilities + + Multiple vulnerabilities in Comix may lead to execution of arbitrary + commands and a Denial of Service. + + comix + April 25, 2008 + April 25, 2008: 01 + 215694 + local, remote + + + 3.6.4-r1 + 3.6.4-r1 + + + +

+ Comix is a GTK comic book viewer. +

+ + +

+ Comix does not properly sanitize filenames containing shell + metacharacters when they are passed to the rar, unrar, or jpegtran + programs (CVE-2008-1568). Comix also creates directories with + predictable names (CVE-2008-1796). +

+ + +

+ A remote attacker could exploit the first vulnerability by enticing a + user to use Comix to open a file with a specially crafted filename, + resulting in the execution of arbitrary commands. The second + vulnerability could be exploited by a local attacker to cause a Denial + of Service by creating a file or directory with the same filename as + the predictable filename used by Comix. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Comix users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/comix-3.6.4-r1" + + + CVE-2008-1568 + CVE-2008-1796 + + + keytoaster + + + mfleming + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-30.xml new file mode 100644 index 0000000000..5cde3bb17b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200804-30.xml @@ -0,0 +1,66 @@ + + + + + KDE start_kdeinit: Multiple vulnerabilities + + Multiple vulnerabilities in start_kdeinit could possibly allow a local + attacker to execute arbitrary code with root privileges. + + kdelibs + April 29, 2008 + April 08, 2009: 02 + 218933 + local + + + 3.5.8-r4 + 3.5.9-r3 + 4.0 + 3.5.5 + 3.5.10-r2 + 4.0 + + + +

+ KDE is a feature-rich graphical desktop environment for Linux and + Unix-like operating systems. start_kdeinit is a wrapper for kdeinit. +

+ + +

+ Vulnerabilities have been reported in the processing of user-controlled + data by start_kdeinit, which is setuid root by default. +

+ + +

+ A local attacker could possibly execute arbitrary code with root + privileges, cause a Denial of Service or send Unix signals to other + processes, when start_kdeinit is setuid root. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All kdelibs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.8-r4" + + + CVE-2008-1671 + + + vorlon + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-01.xml new file mode 100644 index 0000000000..3c482acfee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-01.xml @@ -0,0 +1,129 @@ + + + + + Horde Application Framework: Multiple vulnerabilities + + Multiple vulnerabilities in the Horde Application Framework may lead to the + execution of arbitrary files, information disclosure, and allow a remote + attacker to bypass security restrictions. + + horde + May 05, 2008 + May 05, 2008: 01 + 212635 + 213493 + remote + + + 3.1.7 + 3.1.7 + + + 1.0.5 + 1.0.5 + + + 2.1.7 + 2.1.7 + + + 2.1.2 + 2.1.2 + + + 2.1.4 + 2.1.4 + + + 1.0.6 + 1.0.6 + + + +

+ The Horde Application Framework is a general-purpose web application + framework written in PHP, providing classes for handling preferences, + compression, browser detection, connection tracking, MIME and more. +

+ + +

+ Multiple vulnerabilities have been reported in the Horde Application + Framework: +

+
    +
  • David Collins, Patrick Pelanne and the + HostGator.com LLC support team discovered that the theme preference + page does not sanitize POST variables for several options, allowing the + insertion of NULL bytes and ".." sequences (CVE-2008-1284).
    • +
  • An + error exists in the Horde API allowing users to bypass security + restrictions.
    • +
+ + +

+ The first vulnerability can be exploited by a remote attacker to read + arbitrary files and by remote authenticated attackers to execute + arbitrary files. The second vulnerability can be exploited by + authenticated remote attackers to perform restricted operations. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Horde Application Framework users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.7" +

+ All horde-groupware users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-groupware-1.0.5" +

+ All horde-kronolith users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-2.1.7" +

+ All horde-mnemo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-2.1.2" +

+ All horde-nag users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-nag-2.1.4" +

+ All horde-webmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-webmail-1.0.6" + + + CVE-2008-1284 + + + keytoaster + + + rbu + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-02.xml new file mode 100644 index 0000000000..1cba8f54a3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-02.xml @@ -0,0 +1,64 @@ + + + + + phpMyAdmin: Information disclosure + + A vulnerability in phpMyAdmin may lead to information disclosure. + + phpmyadmin + May 05, 2008 + May 05, 2008: 01 + 219005 + remote + + + 2.11.5.2 + 2.11.5.2 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. +

+ + +

+ Cezary Tomczak reported that an undefined UploadDir variable exposes an + information disclosure vulnerability when running on shared hosts. +

+ + +

+ A remote attacker with CREATE TABLE permissions can exploit this + vulnerability via a specially crafted HTTP POST request in order to + read arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.5.2" + + + CVE-2008-1924 + + + vorlon + + + vorlon + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-03.xml new file mode 100644 index 0000000000..a441b82bca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-03.xml @@ -0,0 +1,134 @@ + + + + + Multiple X11 terminals: Local privilege escalation + + A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT, + rxvt-unicode, and wterm, allowing for local privilege escalation. + + aterm eterm rxvt mrxvt multi-aterm wterm rxvt-unicode + May 07, 2008 + May 10, 2008: 02 + 216833 + 217819 + 219746 + 219750 + 219754 + 219760 + 219762 + local + + + 1.0.1-r1 + 1.0.1-r1 + + + 0.9.4-r1 + 0.9.4-r1 + + + 0.5.3-r2 + 0.5.3-r2 + + + 0.2.1-r1 + 0.2.1-r1 + + + 2.7.10-r4 + 2.7.10-r4 + + + 9.02-r1 + 9.02-r1 + + + 6.2.9-r3 + 6.2.9-r3 + + + +

+ Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 + terminal emulators. +

+ + +

+ Bernhard R. Link discovered that RXVT opens a terminal on :0 if the + "-display" option is not specified and the DISPLAY environment variable + is not set. Further research by the Gentoo Security Team has shown that + aterm, Eterm, Mrxvt, multi-aterm, rxvt-unicode, and wterm are also + affected. +

+ + +

+ A local attacker could exploit this vulnerability to hijack X11 + terminals of other users. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All aterm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1" +

+ All Eterm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/eterm-0.9.4-r1" +

+ All Mrxvt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/mrxvt-0.5.3-r2" +

+ All multi-aterm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/multi-aterm-0.2.1-r1" +

+ All RXVT users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-2.7.10-r4" +

+ All rxvt-unicode users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.02-r1" +

+ All wterm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/wterm-6.2.9-r3" + + + CVE-2008-1142 + CVE-2008-1692 + + + keytoaster + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-04.xml new file mode 100644 index 0000000000..d6fe062b78 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-04.xml @@ -0,0 +1,75 @@ + + + + + eGroupWare: Multiple vulnerabilities + + Multiple vulnerabilities in eGroupWare may lead to execution of arbitrary + PHP code, the ability to upload malicious files and cross-site scripting + attacks. + + egroupware + May 07, 2008 + May 07, 2008: 01 + 214212 + 218625 + remote + + + 1.4.004 + 1.4.004 + + + +

+ eGroupWare is a suite of web-based group applications including + calendar, address book, messenger and email. +

+ + +

+ A vulnerability has been reported in FCKEditor due to the way that file + uploads are handled in the file + editor/filemanager/upload/php/upload.php when a filename has multiple + file extensions (CVE-2008-2041). Another vulnerability exists in the + _bad_protocol_once() function in the file + phpgwapi/inc/class.kses.inc.php, which allows remote attackers to + bypass HTML filtering (CVE-2008-1502). +

+ + +

+ The first vulnerability can be exploited to upload malicious files and + execute arbitrary PHP code provided that a directory is writable by the + webserver. The second vulnerability can be exploited by remote + attackers via a specially crafted URL in order to conduct cross-site + scripting attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All eGroupWare users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.4.004" + + + CVE-2008-1502 + CVE-2008-2041 + + + keytoaster + + + mfleming + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-05.xml new file mode 100644 index 0000000000..c0ac395094 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-05.xml @@ -0,0 +1,77 @@ + + + + + Wireshark: Denial of Service + + Multiple Denial of Service vulnerabilities have been discovered in + Wireshark. + + wireshark + May 07, 2008 + May 07, 2008: 01 + 215276 + remote + + + 1.0.0 + 1.0.0 + + + +

+ Wireshark is a network protocol analyzer with a graphical front-end. +

+ + +

+ Errors exist in: +

+
    +
  • + the X.509sat dissector because of an uninitialized variable and the + Roofnet dissector because a NULL pointer may be passed to the + g_vsnprintf() function (CVE-2008-1561).
    • +
  • + the LDAP dissector because a NULL pointer may be passed to the + ep_strdup_printf() function (CVE-2008-1562).
    • +
  • + the SCCP dissector because it does not reset a pointer once the packet + has been processed (CVE-2008-1563).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by sending a + malformed packet or enticing a user to read a malformed packet trace + file, causing a Denial of Service. +

+ + +

+ Disable the X.509sat, Roofnet, LDAP, and SCCP dissectors. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.0" + + + CVE-2008-1561 + CVE-2008-1562 + CVE-2008-1563 + + + vorlon + + + vorlon + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-06.xml new file mode 100644 index 0000000000..cd76dbd605 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-06.xml @@ -0,0 +1,68 @@ + + + + + Firebird: Data disclosure + + Firebird allows remote connections to the administrative account without + verifying credentials. + + firebird + May 09, 2008 + May 09, 2008: 01 + 216158 + remote + + + 2.0.3.12981.0-r6 + 2.0.3.12981.0-r6 + + + +

+ Firebird is a multi-platform, open source relational database. +

+ + +

+ Viesturs reported that the default configuration for Gentoo's init + script ("/etc/conf.d/firebird") sets the "ISC_PASSWORD" environment + variable when starting Firebird. It will be used when no password is + supplied by a client connecting as the "SYSDBA" user. +

+ + +

+ A remote attacker can authenticate as the "SYSDBA" user without + providing the credentials, resulting in complete disclosure of all + databases except for the user and password database (security2.fdb). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Firebird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.3.12981.0-r6" +

+ Note: /etc/conf.d is protected by Portage as a configuration directory. + Do not forget to use "etc-update" or "dispatch-conf" to + overwrite the "firebird" configuration file, and then restart Firebird. +

+ + + CVE-2008-1880 + + + rbu + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-07.xml new file mode 100644 index 0000000000..4618e4777e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-07.xml @@ -0,0 +1,86 @@ + + + + + Linux Terminal Server Project: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in components shipped with + LTSP which allow remote attackers to compromise terminal clients. + + ltsp + May 09, 2008 + May 09, 2008: 01 + 215699 + remote + + + 5.0 + + + +

+ The Linux Terminal Server Project adds thin-client support to Linux + servers. +

+ + +

+ LTSP version 4.2, ships prebuilt copies of programs such as the Linux + Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA + 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA + 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) + which were subject to multiple security vulnerabilities since 2006. + Please note that the given list of vulnerabilities might not be + exhaustive. +

+ + +

+ A remote attacker could possibly exploit vulnerabilities in the + aforementioned programs and execute arbitrary code, disclose sensitive + data or cause a Denial of Service within LTSP 4.2 clients. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ LTSP 4.2 is not maintained upstream in favor of version 5. Since + version 5 is not yet available in Gentoo, the package has been masked. + We recommend that users unmerge LTSP: +

+ + # emerge --unmerge net-misc/ltsp +

+ If you have a requirement for Linux Terminal Servers, please either set + up a terminal server by hand or use one of the distributions that + already migrated to LTSP 5. If you want to contribute to the + integration of LTSP 5 in Gentoo, or want to follow its development, + find details in bug 177580. +

+ + + GLSA 200705-02 + GLSA 200705-06 + GLSA 200705-22 + GLSA 200705-24 + GLSA 200710-06 + GLSA 200710-16 + GLSA 200710-30 + GLSA 200711-08 + GLSA 200801-09 + Gentoo bug 177580: Port LTSP 5 to Gentoo + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-08.xml new file mode 100644 index 0000000000..8ec2763b06 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-08.xml @@ -0,0 +1,63 @@ + + + + + InspIRCd: Denial of Service + + A buffer overflow in InspIRCd allows remote attackers to cause a Denial of + Service. + + inspircd + May 09, 2008 + May 09, 2008: 01 + 215704 + remote + + + 1.1.19 + 1.1.19 + + + +

+ InspIRCd (Inspire IRCd) is a modular C++ IRC daemon. +

+ + +

+ The "namesx" and "uhnames" modules do not properly validate network + input, leading to a buffer overflow. +

+ + +

+ A remote attacker can send specially crafted IRC commands to the + server, causing a Denial of Service. +

+ + +

+ Unload the "uhnames" module in the InspIRCd configuration. +

+ + +

+ All InspIRCd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/inspircd-1.1.19" + + + CVE-2008-1925 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-09.xml new file mode 100644 index 0000000000..ed7ccc0404 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-09.xml @@ -0,0 +1,64 @@ + + + + + MoinMoin: Privilege escalation + + A vulnerability in MoinMoin may allow a remote attacker to elevate his + privileges. + + moinmoin + May 11, 2008 + May 11, 2008: 01 + 218752 + remote + + + 1.6.3 + 1.6.3 + + + +

+ MoinMoin is an advanced and extensible Wiki Engine. +

+ + +

+ It has been reported that the user form processing in the file + userform.py does not properly manage users when using Access Control + Lists or a non-empty superusers list. +

+ + +

+ A remote attacker could exploit this vulnerability to gain superuser + privileges on the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MoinMoin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.3" + + + CVE-2008-1937 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-10.xml new file mode 100644 index 0000000000..9be35dc1f4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-10.xml @@ -0,0 +1,67 @@ + + + + + Pngcrush: User-assisted execution of arbitrary code + + A vulnerability in Pngcrush might result in user-assisted execution of + arbitrary code. + + pngcrush + May 11, 2008 + May 11, 2008: 01 + 219033 + remote + + + 1.6.4-r1 + 1.6.4-r1 + + + +

+ Pngcrush is a multi platform optimizer for PNG (Portable Network + Graphics) files. +

+ + +

+ It has been reported that Pngcrush includes a copy of libpng that is + vulnerable to a memory corruption (GLSA 200804-15). +

+ + +

+ A remote attacker could entice a user to process a specially crafted + PNG image, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pngcrush users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/pngcrush-1.6.4-r1" + + + CVE-2008-1382 + GLSA 200804-15 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-11.xml new file mode 100644 index 0000000000..f572178f25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-11.xml @@ -0,0 +1,65 @@ + + + + + Chicken: Multiple vulnerabilities + + Multiple vulnerabilities in Chicken could result in the execution of + arbitrary code. + + chicken + May 12, 2008 + May 12, 2008: 01 + 198979 + remote + + + 3.1.0 + 3.1.0 + + + +

+ Chicken is a Scheme interpreter and native Scheme to C compiler. +

+ + +

+ Chicken includes a copy of PCRE which is vulnerable to multiple buffer + overflows and memory corruption vulnerabilities (GLSA 200711-30). +

+ + +

+ An attacker could entice a user to process specially crafted regular + expressions with Chicken, which could possibly lead to the execution of + arbitrary code, a Denial of Service or the disclosure of sensitive + information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Chicken users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-scheme/chicken-3.1.0" + + + GLSA 200711-30 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-12.xml new file mode 100644 index 0000000000..10389ad552 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-12.xml @@ -0,0 +1,68 @@ + + + + + Blender: Multiple vulnerabilities + + Multiple vulnerabilities in Blender might result in the remote execution of + arbitrary code. + + blender + May 12, 2008 + May 12, 2008: 01 + 219008 + remote + + + 2.43-r2 + 2.43-r2 + + + +

+ Blender is a 3D creation, animation and publishing program. +

+ + +

+ Stefan Cornelius (Secunia Research) reported a boundary error within + the imb_loadhdr() function in in the file + source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images + (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of + temporary files have also been reported (CVE-2008-1103). +

+ + +

+ A remote attacker could entice a user to open a specially crafted file + (.hdr or .blend), possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Blender users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.43-r2" + + + CVE-2008-1102 + CVE-2008-1103 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-13.xml new file mode 100644 index 0000000000..8f954deff8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-13.xml @@ -0,0 +1,73 @@ + + + + + PTeX: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in PTeX, possibly allowing the + execution of arbitrary code or overwriting arbitrary files. + + ptex + May 12, 2008 + May 12, 2008: 01 + 196673 + remote + + + 3.1.10_p20071203 + 3.1.10_p20071203 + + + +

+ PTeX is a TeX distribution with Japanese support. It is used for + creating and manipulating LaTeX documents. +

+ + +

+ Multiple issues were found in the teTeX 2 codebase that PTeX builds + upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable + code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, + GLSA 200711-22) and from T1Lib (GLSA 200710-12). +

+ + +

+ Remote attackers could possibly execute arbitrary code and local + attackers could possibly overwrite arbitrary files with the privileges + of the user running PTeX via multiple vectors, e.g. enticing users to + open specially crafted files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.10_p20071203" + + + GLSA 200708-05 + GLSA 200709-12 + GLSA 200709-17 + GLSA 200710-12 + GLSA 200711-22 + GLSA 200711-26 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-14.xml new file mode 100644 index 0000000000..2a6c5d7526 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-14.xml @@ -0,0 +1,68 @@ + + + + + Common Data Format library: User-assisted execution of arbitrary code + + A buffer overflow vulnerability has been discovered in the Common Data + Format library. + + cdf + May 13, 2008 + May 13, 2008: 01 + 220391 + remote + + + 3.2.1 + 3.2.1 + + + +

+ The Common Data Format library is a scientific data management package + which allows programmers and application developers to manage and + manipulate scalar, vector, and multi-dimensional data arrays in a + platform independent fashion. +

+ + +

+ Alfredo Ortega (Core Security Technologies) reported a boundary error + within the Read32s_64() function when processing CDF files. +

+ + +

+ A remote attacker could entice a user to open a specially crafted CDF + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Common Data Format library users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-libs/cdf-3.2.1" + + + CVE-2008-2080 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-15.xml new file mode 100644 index 0000000000..022befa527 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-15.xml @@ -0,0 +1,62 @@ + + + + + libid3tag: Denial of Service + + A Denial of Service vulnerability was found in libid3tag. + + libid3tag + May 14, 2008 + May 14, 2008: 01 + 210564 + remote + + + 0.15.1b-r2 + 0.15.1b-r2 + + + +

+ libid3tag is an ID3 tag manipulation library. +

+ + +

+ Kentaro Oda reported an infinite loop in the file field.c when parsing + an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. +

+ + +

+ A remote attacker could entice a user to open a specially crafted MP3 + file, possibly resulting in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libid3tag users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libid3tag-0.15.1b-r2" + + + CVE-2008-2109 + + + p-y + + + p-y + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-16.xml new file mode 100644 index 0000000000..f9ef6db7ed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-16.xml @@ -0,0 +1,108 @@ + + + + + OpenOffice.org: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in OpenOffice.org, possibly + allowing for user-assisted execution of arbitrary code. + + openoffice openoffice-bin + May 14, 2008 + May 14, 2008: 02 + 218080 + remote + + + 2.4.0 + 2.4.0 + + + 2.4.0 + 2.4.0 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ iDefense Labs reported multiple vulnerabilities in OpenOffice.org: +

+
    +
  • + multiple heap-based buffer overflows when parsing the "Attribute" and + "Font" Description records of Quattro Pro (QPRO) files + (CVE-2007-5745), +
    • +
  • + an integer overflow when parsing the EMR_STRETCHBLT record of an EMF + file, resulting in a heap-based buffer overflow (CVE-2007-5746), +
    • +
  • + an integer underflow when parsing Quattro Pro (QPRO) files, resulting + in an excessive loop and a stack-based buffer overflow + (CVE-2007-5747), +
    • +
  • + and a heap-based buffer overflow when parsing the + "DocumentSummaryInformation" stream in an OLE file (CVE-2008-0320). +
    • +
+

+ Furthermore, Will Drewry (Google Security) reported vulnerabilities in + the memory management of the International Components for Unicode + (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20. + However, the binary version of OpenOffice.org uses an internal copy of + said library. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running OpenOffice.org. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.0" +

+ All OpenOffice.org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.0" + + + CVE-2007-4770 + CVE-2007-4771 + CVE-2007-5745 + CVE-2007-5746 + CVE-2007-5747 + CVE-2008-0320 + GLSA 200803-20 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-17.xml new file mode 100644 index 0000000000..1565ba3711 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-17.xml @@ -0,0 +1,74 @@ + + + + + Perl: Execution of arbitrary code + + A double free vulnerability was discovered in Perl, possibly resulting in + the execution of arbitrary code and a Denial of Service. + + perl libperl + May 20, 2008 + May 20, 2008: 01 + 219203 + remote + + + 5.8.8-r5 + 5.8.8-r5 + + + 5.8.8-r2 + 5.8.8-r2 + + + +

+ Perl is a stable, cross platform programming language. +

+ + +

+ Tavis Ormandy and Will Drewry of the Google Security Team have reported + a double free vulnerability when processing a crafted regular + expression containing UTF-8 characters. +

+ + +

+ A remote attacker could possibly exploit this vulnerability to execute + arbitrary code or cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Perl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r5" +

+ All libperl users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/libperl-5.8.8-r2" + + + CVE-2008-1927 + + + p-y + + + p-y + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-18.xml new file mode 100644 index 0000000000..a6f62b3195 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-18.xml @@ -0,0 +1,280 @@ + + + + + Mozilla products: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Firefox, + Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted + execution of arbitrary code. + + mozilla-firefox mozilla-firefox-bin seamonkey seamonkey-bin mozilla-thunderbird mozilla-thunderbird-bin xulrunner + May 20, 2008 + May 20, 2008: 01 + 208128 + 214816 + 218065 + remote + + + 2.0.0.14 + 2.0.0.14 + + + 2.0.0.14 + 2.0.0.14 + + + 2.0.0.14 + 2.0.0.14 + + + 2.0.0.14 + 2.0.0.14 + + + 1.1.9-r1 + 1.1.9-r1 + + + 1.1.9 + 1.1.9 + + + 1.8.1.14 + 1.8.1.14 + + + +

+ Mozilla Firefox is an open-source web browser and Mozilla Thunderbird + an open-source email client, both from the Mozilla Project. The + SeaMonkey project is a community effort to deliver production-quality + releases of code derived from the application formerly known as the + 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package + that can be used to bootstrap XUL+XPCOM applications like Firefox and + Thunderbird. +

+ + +

+ The following vulnerabilities were reported in all mentioned Mozilla + products: +

+
    +
  • + Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul + Nickerson reported browser crashes related to JavaScript methods, + possibly triggering memory corruption (CVE-2008-0412). +
    • +
  • + Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, + Philip Taylor, and tgirmann reported crashes in the JavaScript engine, + possibly triggering memory corruption (CVE-2008-0413). +
    • +
  • + David Bloom discovered a vulnerability in the way images are treated by + the browser when a user leaves a page, possibly triggering memory + corruption (CVE-2008-0419). +
    • +
  • + moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of + privilege escalation vulnerabilities related to JavaScript + (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). +
    • +
  • + Mozilla developers identified browser crashes caused by the layout and + JavaScript engines, possibly triggering memory corruption + (CVE-2008-1236, CVE-2008-1237). +
    • +
  • + moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from + its sandboxed context and run with chrome privileges, and inject script + content into another site, violating the browser's same origin policy + (CVE-2008-0415). +
    • +
  • + Gerry Eisenhaur discovered a directory traversal vulnerability when + using "flat" addons (CVE-2008-0418). +
    • +
  • + Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported + multiple character handling flaws related to the backspace character, + the "0x80" character, involving zero-length non-ASCII sequences in + multiple character sets, that could facilitate Cross-Site Scripting + attacks (CVE-2008-0416). +
    • +

+ The following vulnerability was reported in Thunderbird and SeaMonkey: +

+
    +
  • + regenrecht (via iDefense) reported a heap-based buffer overflow when + rendering an email message with an external MIME body (CVE-2008-0304). +
    • +

+ The following vulnerabilities were reported in Firefox, SeaMonkey and + XULRunner: +

+
    +
  • The fix for CVE-2008-1237 in Firefox 2.0.0.13 + and SeaMonkey 1.1.9 introduced a new crash vulnerability + (CVE-2008-1380).
    • +
  • hong and Gregory Fleischer each reported a + variant on earlier reported bugs regarding focus shifting in file input + controls (CVE-2008-0414). +
    • +
  • + Gynvael Coldwind (Vexillium) discovered that BMP images could be used + to reveal uninitialized memory, and that this data could be extracted + using a "canvas" feature (CVE-2008-0420). +
    • +
  • + Chris Thomas reported that background tabs could create a borderless + XUL pop-up in front of pages in other tabs (CVE-2008-1241). +
    • +
  • + oo.rio.oo discovered that a plain text file with a + "Content-Disposition: attachment" prevents Firefox from rendering + future plain text files within the browser (CVE-2008-0592). +
    • +
  • + Martin Straka reported that the ".href" property of stylesheet DOM + nodes is modified to the final URI of a 302 redirect, bypassing the + same origin policy (CVE-2008-0593). +
    • +
  • + Gregory Fleischer discovered that under certain circumstances, leading + characters from the hostname part of the "Referer:" HTTP header are + removed (CVE-2008-1238). +
    • +
  • + Peter Brodersen and Alexander Klink reported that the browser + automatically selected and sent a client certificate when SSL Client + Authentication is requested by a server (CVE-2007-4879). +
    • +
  • + Gregory Fleischer reported that web content fetched via the "jar:" + protocol was not subject to network access restrictions + (CVE-2008-1240). +
    • +

+ The following vulnerabilities were reported in Firefox: +

+
    +
  • + Justin Dolske discovered a CRLF injection vulnerability when storing + passwords (CVE-2008-0417). +
    • +
  • + Michal Zalewski discovered that Firefox does not properly manage a + delay timer used in confirmation dialogs (CVE-2008-0591). +
    • +
  • + Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery + warning dialog is not displayed if the entire contents of a web page + are in a DIV tag that uses absolute positioning (CVE-2008-0594). +
    • +
+ + +

+ A remote attacker could entice a user to view a specially crafted web + page or email that will trigger one of the vulnerabilities, possibly + leading to the execution of arbitrary code or a Denial of Service. It + is also possible for an attacker to trick a user to upload arbitrary + files when submitting a form, to corrupt saved passwords for other + sites, to steal login credentials, or to conduct Cross-Site Scripting + and Cross-Site Request Forgery attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.14" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.14" +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.14" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.14" +

+ All SeaMonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.9-r1" +

+ All SeaMonkey binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.9" +

+ All XULRunner users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.14" +

+ NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in + the SeaMonkey binary ebuild, as no precompiled packages have been + released. Until an update is available, we recommend all SeaMonkey + users to disable JavaScript, use Firefox for JavaScript-enabled + browsing, or switch to the SeaMonkey source ebuild. +

+ + + CVE-2007-4879 + CVE-2008-0304 + CVE-2008-0412 + CVE-2008-0413 + CVE-2008-0414 + CVE-2008-0415 + CVE-2008-0416 + CVE-2008-0417 + CVE-2008-0418 + CVE-2008-0419 + CVE-2008-0420 + CVE-2008-0591 + CVE-2008-0592 + CVE-2008-0593 + CVE-2008-0594 + CVE-2008-1233 + CVE-2008-1234 + CVE-2008-1235 + CVE-2008-1236 + CVE-2008-1237 + CVE-2008-1238 + CVE-2008-1240 + CVE-2008-1241 + CVE-2008-1380 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-19.xml new file mode 100644 index 0000000000..601f657578 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-19.xml @@ -0,0 +1,100 @@ + + + + + ClamAV: Multiple vulnerabilities + + Multiple vulnerabilities in ClamAV may result in the remote execution of + arbitrary code. + + clamav + May 20, 2008 + May 20, 2008: 01 + 213762 + remote + + + 0.93 + 0.93 + + + +

+ Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +

+ + +

+ Multiple vulnerabilities have been reported: +

+
    +
  • + Damian Put reported a heap-based buffer overflow when processing PeSpin + packed PE binaries (CVE-2008-0314). +
    • +
  • + Alin Rad Pop of Secunia Research reported a buffer overflow in the + cli_scanpe() function when processing Upack PE binaries + (CVE-2008-1100). +
    • +
  • + Hanno Boeck reported an infinite loop when processing ARJ archives + (CVE-2008-1387). +
    • +
  • + Damian Put and Thomas Pollet reported a heap-based buffer overflow when + processing WWPack compressed PE binaries (CVE-2008-1833). +
    • +
  • + A buffer over-read was discovered in the rfc2231() function when + producing a string that is not NULL terminated (CVE-2008-1836). +
    • +
  • + An unspecified vulnerability leading to "memory problems" when scanning + RAR files was reported (CVE-2008-1837). +
    • +
  • + Thierry Zoller reported that scanning of RAR files could be + circumvented (CVE-2008-1835). +
    • +
+ + +

+ A remote attacker could entice a user or automated system to scan a + specially crafted file, possibly leading to the execution of arbitrary + code with the privileges of the user running ClamAV (either a system + user or the "clamav" user if clamd is compromised), or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.93" + + + CVE-2008-0314 + CVE-2008-1100 + CVE-2008-1387 + CVE-2008-1833 + CVE-2008-1835 + CVE-2008-1836 + CVE-2008-1837 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-20.xml new file mode 100644 index 0000000000..d7647ce28f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-20.xml @@ -0,0 +1,80 @@ + + + + + GnuTLS: Execution of arbitrary code + + Multiple vulnerabilities might allow for the execution of arbitrary code in + daemons using GnuTLS. + + gnutls + May 21, 2008 + May 21, 2008: 01 + 222823 + remote + + + 2.2.5 + 2.2.5 + + + +

+ GnuTLS is an implementation of Secure Sockets Layer (SSL) 3.0 and + Transport Layer Security (TLS) 1.0, 1.1 and 1.2. +

+ + +

+ Ossi Herrala and Jukka Taimisto of Codenomicon reported three + vulnerabilities in libgnutls of GnuTLS: +

+
    +
  • + "Client Hello" messages containing an invalid server name can lead to a + buffer overflow when evaluating "Security Parameters" (CVE-2008-1948). +
    • +
  • + Multiple "Client Hello" messages can lead to a NULL pointer dereference + (CVE-2008-1949). +
    • +
  • + A TLS handshake including an encrypted "Client Hello" message and an + invalid record length could lead to a buffer overread (CVE-2008-1950). +
    • +
+ + +

+ Unauthenticated remote attackers could exploit these vulnerabilities to + cause Denial of Service conditions in daemons using GnuTLS. The first + vulnerability (CVE-2008-1948) might allow for the execution of + arbitrary code with the privileges of the daemon handling incoming TLS + connections. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuTLS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.2.5" + + + CVE-2008-1948 + CVE-2008-1949 + CVE-2008-1950 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-21.xml new file mode 100644 index 0000000000..0f3123beff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-21.xml @@ -0,0 +1,69 @@ + + + + + Roundup: Permission bypass + + A vulnerability in Roundup allows for bypassing permission restrictions. + + roundup + May 27, 2008 + May 27, 2008: 01 + 212488 + 214666 + remote + + + 1.4.4-r1 + 1.4.4-r1 + + + +

+ Roundup is an issue-tracking system with command-line, web and e-mail + interfaces. +

+ + +

+ Philipp Gortan reported that the xml-rpc server in Roundup does not + check property permissions (CVE-2008-1475). Furthermore, Roland Meister + discovered multiple vulnerabilities caused by unspecified errors, some + of which may be related to cross-site scripting (CVE-2008-1474). +

+ + +

+ A remote attacker could possibly exploit the first vulnerability to + edit or view restricted properties via the list(), display(), and set() + methods. The impact and attack vectors of the second vulnerability are + unknown. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Roundup users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/roundup-1.4.4-r1" + + + CVE-2008-1474 + CVE-2008-1475 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-22.xml new file mode 100644 index 0000000000..ecabb22694 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-22.xml @@ -0,0 +1,67 @@ + + + + + MPlayer: User-assisted execution of arbitrary code + + An integer overflow vulnerability in MPlayer may allow for the execution of + arbitrary code. + + mplayer + May 29, 2008 + May 29, 2008: 01 + 215006 + remote + + + 1.0_rc2_p26753 + 1.0_rc2_p26753 + + + +

+ MPlayer is a media player including support for a wide range of audio + and video formats. +

+ + +

+ k`sOSe reported an integer overflow vulnerability in the + sdpplin_parse() function in the file stream/realrtsp/sdpplin.c, which + can be exploited to overwrite arbitrary memory regions via an overly + large "StreamCount" SDP parameter. +

+ + +

+ A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running MPlayer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p26753" + + + CVE-2008-1558 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-23.xml new file mode 100644 index 0000000000..599cddbb7c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200805-23.xml @@ -0,0 +1,67 @@ + + + + + Samba: Heap-based buffer overflow + + A heap-based buffer overflow vulnerability was found in Samba, allowing for + the execution of arbitrary code. + + samba + May 29, 2008 + May 29, 2008: 01 + 222299 + remote + + + 3.0.28a-r1 + 3.0.28a-r1 + + + +

+ Samba is a suite of SMB and CIFS client/server programs. +

+ + +

+ Alin Rad Pop (Secunia Research) reported a vulnerability in Samba + within the receive_smb_raw() function in the file lib/util_sock.c when + parsing SMB packets, possibly leading to a heap-based buffer overflow + via an overly large SMB packet. +

+ + +

+ A remote attacker could possibly exploit this vulnerability by enticing + a user to connect to a malicious server or by sending specially crafted + packets to an nmbd server configured as a local or domain master + browser, resulting in the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.28a-r1" + + + CVE-2008-1105 + + + vorlon + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-01.xml new file mode 100644 index 0000000000..f2b4b6eda0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-01.xml @@ -0,0 +1,67 @@ + + + + + mtr: Stack-based buffer overflow + + A stack-based buffer overflow was found in mtr, possibly resulting in the + execution of arbitrary code. + + mtr + June 03, 2008 + June 03, 2008: 01 + 223017 + remote + + + 0.73-r1 + 0.73-r1 + + + +

+ mtr combines the functionality of the 'traceroute' and 'ping' programs + in a single network diagnostic tool. +

+ + +

+ Adam Zabrocki reported a boundary error within the split_redraw() + function in the file split.c, possibly leading to a stack-based buffer + overflow. +

+ + +

+ A remote attacker could use a specially crafted resolved hostname to + execute arbitrary code with root privileges. However, it is required + that the attacker controls the DNS server used by the victim, and that + the "-p" (or "--split") command line option is used. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mtr users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/mtr-0.73-r1" + + + CVE-2008-2357 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-02.xml new file mode 100644 index 0000000000..29f0e7ffaa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-02.xml @@ -0,0 +1,66 @@ + + + + + libxslt: Execution of arbitrary code + + A vulnerability was found in libxslt, possibly resulting in the execution + of arbitrary code and Denial of Service. + + libxslt + June 03, 2008 + June 03, 2008: 01 + 222499 + remote + + + 1.1.24 + 1.1.24 + + + +

+ Libxslt is the XSLT C library developed for the GNOME project. XSLT + itself is an XML language to define transformations for XML. +

+ + +

+ Anthony de Almeida Lopes reported a vulnerability in libxslt when + handling XSL style-sheet files, which could be exploited to trigger the + use of uninitialized memory, e.g. in a call to "free()". +

+ + +

+ A remote attacker could entice a user or automated system to process an + XML file using a specially crafted XSL transformation file, possibly + resulting in the execution of arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libxslt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.24" + + + CVE-2008-1767 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-03.xml new file mode 100644 index 0000000000..6c45037094 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-03.xml @@ -0,0 +1,72 @@ + + + + + Imlib 2: User-assisted execution of arbitrary code + + Two vulnerabilities in Imlib 2 may allow for the execution of arbitrary + code. + + imlib2 + June 08, 2008 + June 08, 2008: 01 + 223965 + remote + + + 1.4.0-r1 + 1.4.0-r1 + + + +

+ Imlib 2 is an advanced replacement library for libraries like libXpm. +

+ + +

+ Stefan Cornelius (Secunia Research) reported two boundary errors in + Imlib2: +

+
    +
  • One of them within the load() function in the + file src/modules/loaders/loader_pnm.c when processing the header of a + PNM image file, possibly leading to a stack-based buffer overflow.
    • +
  • The second one within the load() function in the file + src/modules/loader_xpm.c when processing an XPM image file, possibly + leading to a stack-based buffer overflow.
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted PNM + or XPM image, possibly resulting in the execution of arbitrary code + with the rights of the user running the application using Imlib 2. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Imlib 2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.4.0-r1" + + + CVE-2008-2426 + + + rbu + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-04.xml new file mode 100644 index 0000000000..b1427f2e0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-04.xml @@ -0,0 +1,80 @@ + + + + + rdesktop: Multiple vulnerabilities + + Multiple vulnerabilities in rdesktop may lead to the execution of arbitrary + code or a Denial of Service. + + rdesktop + June 14, 2008 + June 14, 2008: 01 + 220911 + remote + + + 1.6.0 + 1.6.0 + + + +

+ rdesktop is an open source Remote Desktop Protocol (RDP) client. +

+ + +

+ An anonymous researcher reported multiple vulnerabilities in rdesktop + via iDefense Labs: +

+
    +
  • An integer underflow error exists in + the function iso_recv_msg() in the file iso.c which can be triggered + via a specially crafted RDP request, causing a heap-based buffer + overflow (CVE-2008-1801).
    • +
  • An input validation error exists in + the function process_redirect_pdu() in the file rdp.c which can be + triggered via a specially crafted RDP redirect request, causing a + BSS-based buffer overflow (CVE-2008-1802).
    • +
  • + An integer signedness error exists in the function xrealloc() in the + file rdesktop.c which can be be exploited to cause a heap-based buffer + overflow (CVE-2008-1803).
    • +
+ + +

+ An attacker could exploit these vulnerabilities by enticing a user to + connect to a malicious RDP server thereby allowing the attacker to + execute arbitrary code or cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All rdesktop users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.6.0" + + + CVE-2008-1801 + CVE-2008-1802 + CVE-2008-1803 + + + keytoaster + + + vorlon + + + mfleming + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-05.xml new file mode 100644 index 0000000000..002d2f2e40 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-05.xml @@ -0,0 +1,65 @@ + + + + + cbrPager: User-assisted execution of arbitrary code + + Insecure filename usage in cbrPager may allow for the remote execution of + arbitrary code. + + cbrpager + June 16, 2008 + June 16, 2008: 01 + 223657 + remote + + + 0.9.17 + 0.9.17 + + + +

+ cbrPager is a comic book pager. +

+ + +

+ Mamoru Tasaka discovered that filenames of the image archives are not + properly sanitized before being passed to decompression utilities like + unrar and unzip, which use the system() libc library call. +

+ + +

+ A remote attacker could entice a user to open an archive with a + specially crafted filename, resulting in arbitrary code execution with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All cbrPager users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/cbrpager-0.9.17" + + + CVE-2008-2575 + + + keytoaster + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-06.xml new file mode 100644 index 0000000000..9bb574cb59 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-06.xml @@ -0,0 +1,75 @@ + + + + + Evolution: User-assisted execution of arbitrary code + + Multiple vulnerabilities in Evolution may allow for user-assisted execution + of arbitrary code. + + evolution + June 16, 2008 + June 16, 2008: 01 + 223963 + remote + + + 2.12.3-r2 + 2.12.3-r2 + + + +

+ Evolution is the mail client of the GNOME desktop environment. +

+ + +

+ Alin Rad Pop (Secunia Research) reported two vulnerabilities in + Evolution: +

+
  • + A boundary error exists when parsing overly long timezone strings + contained within iCalendar attachments and when the ITip formatter is + disabled (CVE-2008-1108).
    • +
  • + A boundary error exists when replying to an iCalendar request with an + overly long "DESCRIPTION" property while in calendar view + (CVE-2008-1109). +
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted + iCalendar attachment, resulting in the execution of arbitrary code with + the privileges of the user running Evolution. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Evolution users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.12.3-r2" + + + CVE-2008-1108 + CVE-2008-1109 + + + vorlon + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-07.xml new file mode 100644 index 0000000000..3bb7ff825a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-07.xml @@ -0,0 +1,97 @@ + + + + + X.Org X server: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in the X.Org X server, + possibly allowing for the remote execution of arbitrary code with root + privileges. + + xorg-server + June 19, 2008 + June 19, 2008: 01 + 225419 + remote, local + + + 1.3.0.0-r6 + 1.3.0.0-r6 + + + +

+ The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

+ Regenrecht reported multiple vulnerabilities in various X server + extensions via iDefense: +

+
    +
  • The + SProcSecurityGenerateAuthorization() and SProcRecordCreateContext() + functions of the RECORD and Security extensions are lacking proper + parameter validation (CVE-2008-1377).
    • +
  • An integer overflow is + possible in the function ShmPutImage() of the MIT-SHM extension + (CVE-2008-1379).
    • +
  • The RENDER extension contains several + possible integer overflows in the AllocateGlyph() function + (CVE-2008-2360) which could possibly lead to a heap-based buffer + overflow. Further possible integer overflows have been found in the + ProcRenderCreateCursor() function (CVE-2008-2361) as well as in the + SProcRenderCreateLinearGradient(), SProcRenderCreateRadialGradient() + and SProcRenderCreateConicalGradient() functions (CVE-2008-2362).
    • +
+ + +

+ Exploitation of these vulnerabilities could possibly lead to the remote + execution of arbitrary code with root privileges, if the server is + running as root, which is the default. It is also possible to crash the + server by making use of these vulnerabilities. +

+ + +

+ It is possible to avoid these vulnerabilities by disabling the affected + server extensions. Therefore edit the configuration file + (/etc/X11/xorg.conf) to contain the following in the appropriate + places: +

+ + Section "Extensions" + Option "MIT-SHM" "disable" + Option "RENDER" "disable" + Option "SECURITY" "disable" + EndSection + + Section "Module" + Disable "record" + EndSection + + +

+ All X.org X Server users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r6" + + + CVE-2008-1377 + CVE-2008-1379 + CVE-2008-2360 + CVE-2008-2361 + CVE-2008-2362 + + + vorlon + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-08.xml new file mode 100644 index 0000000000..ef630c7f59 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-08.xml @@ -0,0 +1,77 @@ + + + + + OpenSSL: Denial of Service + + Two vulnerabilities might allow for a Denial of Service of daemons using + OpenSSL. + + openssl + June 23, 2008 + June 23, 2008: 01 + 223429 + remote + + + 0.9.8g-r2 + 0.9.8f + 0.9.8g-r2 + + + +

+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

+ Ossi Herrala and Jukka Taimisto of Codenomicon discovered two + vulnerabilities: +

+
    +
  • + A double free() call in the TLS server name extension (CVE-2008-0891). +
    • +
  • + The OpenSSL client code does not properly handle servers that omit the + Server Key Exchange message in the TLS handshake (CVE-2008-1672). +
    • +
+ + +

+ A remote attacker could connect to a vulnerable server, or entice a + daemon to connect to a malicious server, causing a Denial of Service of + the daemon in both cases. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8g-r2" + + + CVE-2008-0891 + CVE-2008-1672 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-09.xml new file mode 100644 index 0000000000..fbb4cfdcfe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-09.xml @@ -0,0 +1,86 @@ + + + + + libvorbis: Multiple vulnerabilities + + Multiple vulnerabilities in libvorbis might lead to the execution of + arbitrary code. + + libvorbis + June 23, 2008 + June 23, 2008: 02 + 222085 + remote + + + 1.2.1_rc1 + 1.2.1_rc1 + + + +

+ libvorbis is the reference implementation of the Xiph.org Ogg Vorbis + audio file format. It is used by many applications for playback of Ogg + Vorbis files. +

+ + +

+ Will Drewry of the Google Security Team reported multiple + vulnerabilities in libvorbis: +

+
    +
  • + A zero value for "codebook.dim" is not properly handled, leading to a + crash, infinite loop or triggering an integer overflow + (CVE-2008-1419). +
    • +
  • + An integer overflow in "residue partition value" evaluation might lead + to a heap-based buffer overflow (CVE-2008-1420). +
    • +
  • + An integer overflow in a certain "quantvals" and "quantlist" + calculation might lead to a heap-based buffer overflow + (CVE-2008-1423). +
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by enticing a + user to open a specially crafted Ogg Vorbis file or network stream with + an application using libvorbis. This might lead to the execution of + arbitrary code with the privileges of the user playing the file or a + Denial of Service by a crash or CPU consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libvorbis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.1_rc1" + + + CVE-2008-1419 + CVE-2008-1420 + CVE-2008-1423 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-10.xml new file mode 100644 index 0000000000..0028bb0ce2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-10.xml @@ -0,0 +1,83 @@ + + + + + FreeType: User-assisted execution of arbitrary code + + Font parsing vulnerabilities in FreeType might lead to user-assisted + execution of arbitrary code. + + freetype + June 23, 2008 + May 28, 2009: 03 + 225851 + remote + + + 2.3.6 + 1.4_pre20080316-r1 + 2.3.6 + + + +

+ FreeType is a font rendering library for TrueType Font (TTF) and + Printer Font Binary (PFB). +

+ + +

+ Regenrecht reported multiple vulnerabilities in FreeType via iDefense: +

+
    +
  • + An integer overflow when parsing values in the Private dictionary table + in a PFB file, leading to a heap-based buffer overflow + (CVE-2008-1806). +
    • +
  • + An invalid free() call related to parsing an invalid "number of axes" + field in a PFB file (CVE-2008-1807). +
    • +
  • + Multiple off-by-one errors when parsing PBF and TTF files, leading to + heap-based buffer overflows (CVE-2008-1808). +
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted TTF + or PBF file, possibly resulting in the execution of arbitrary code with + the privileges of the user running an application linked against + FreeType (such as the X.org X server, running as root). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeType users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.6" + + + CVE-2008-1806 + CVE-2008-1807 + CVE-2008-1808 + + + vorlon + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-11.xml new file mode 100644 index 0000000000..d91929319a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200806-11.xml @@ -0,0 +1,97 @@ + + + + + IBM JDK/JRE: Multiple vulnerabilities + + Multiple vulnerabilities have been found in IBM Java Development Kit (JDK) + and Java Runtime Environment (JRE), resulting in the execution of arbitrary + code. + + ibm-jdk-bin ibm-jre-bin + June 25, 2008 + June 25, 2008: 01 + 186277 + 198644 + 216112 + remote + + + 1.5.0.7 + 1.4.2.11 + 1.5.0.7 + + + 1.5.0.7 + 1.4.2.11 + 1.5.0.7 + + + +

+ The IBM Java Development Kit (JDK) and the IBM Java Runtime Environment + (JRE) provide the IBM Java platform. +

+ + +

+ Because of sharing the same codebase, IBM JDK and JRE are affected by + the vulnerabilities mentioned in GLSA 200804-20. +

+ + +

+ A remote attacker could entice a user to run a specially crafted applet + on a website or start an application in Java Web Start to execute + arbitrary code outside of the Java sandbox and of the Java security + restrictions with the privileges of the user running Java. The attacker + could also obtain sensitive information, create, modify, rename and + read local files, execute local applications, establish connections in + the local network, bypass the same origin policy, and cause a Denial of + Service via multiple vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IBM JDK 1.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/ibm-jdk-bin-1.5.0.7" +

+ All IBM JDK 1.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/ibm-jdk-bin-1.4.2.11" +

+ All IBM JRE 1.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/ibm-jre-bin-1.5.0.7" +

+ All IBM JRE 1.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/ibm-jre-bin-1.4.2.11" + + + GLSA 200804-20 + + + rbu + + + keytoaster + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-01.xml new file mode 100644 index 0000000000..02d4da4d79 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-01.xml @@ -0,0 +1,87 @@ + + + + + Python: Multiple integer overflows + + Multiple integer overflows may allow for Denial of Service. + + python + July 01, 2008 + July 01, 2008: 01 + 216673 + 217221 + remote + + + 2.3.6-r6 + 2.4.4-r13 + 2.4.4-r13 + + + +

+ Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

+ Multiple vulnerabilities were discovered in Python: +

+
    +
  • David + Remahl reported multiple integer overflows in the file imageop.c, + leading to a heap-based buffer overflow (CVE-2008-1679). This issue is + due to an incomplete fix for CVE-2007-4965.
    • +
  • Justin Ferguson + discovered that an integer signedness error in the zlib extension + module might trigger insufficient memory allocation and a buffer + overflow via a negative signed integer (CVE-2008-1721).
    • +
  • Justin + Ferguson discovered that insufficient input validation in the + PyString_FromStringAndSize() function might lead to a buffer overflow + (CVE-2008-1887).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service or possibly the remote execution of arbitrary code with the + privileges of the user running Python. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ The imageop module is no longer built in the unaffected versions. +

+

+ All Python 2.3 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r6" +

+ All Python 2.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13" + + + CVE-2008-1679 + CVE-2008-1721 + CVE-2008-1887 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-02.xml new file mode 100644 index 0000000000..58d97db5cc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-02.xml @@ -0,0 +1,70 @@ + + + + + Motion: Execution of arbitrary code + + Multiple vulnerabilities in Motion might result in the execution of + arbitrary code. + + motion + July 01, 2008 + July 01, 2008: 01 + 227053 + remote + + + 3.2.10.1 + 3.2.10.1 + + + +

+ Motion is a program that monitors the video signal from one or more + cameras and is able to detect motions. +

+ + +

+ Nico Golde reported an off-by-one error within the read_client() + function in the webhttpd.c file, leading to a stack-based buffer + overflow. Stefan Cornelius (Secunia Research) reported a boundary error + within the same function, also leading to a stack-based buffer + overflow. Both vulnerabilities require that the HTTP Control interface + is enabled. +

+ + +

+ A remote attacker could exploit these vulnerabilities by sending an + overly long or specially crafted request to a vulnerable Motion HTTP + control interface, possibly resulting in the execution of arbitrary + code with the privileges of the motion user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Motion users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/motion-3.2.10.1" + + + CVE-2008-2654 + + + rbu + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-03.xml new file mode 100644 index 0000000000..6e490c0926 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-03.xml @@ -0,0 +1,76 @@ + + + + + PCRE: Buffer overflow + + A buffer overflow vulnerability has been discovered in PCRE, allowing for + the execution of arbitrary code and a Denial of Service. + + libpcre glib + July 07, 2008 + July 07, 2008: 01 + 228091 + 230039 + remote + + + 7.7-r1 + 7.7-r1 + + + 2.16.3-r1 + 2.14.0 + 2.16.3-r1 + + + +

+ PCRE is a Perl-compatible regular expression library. GLib includes a + copy of PCRE. +

+ + +

+ Tavis Ormandy of the Google Security team reported a heap-based buffer + overflow when compiling regular expression patterns containing + "Internal Option Settings" such as "(?i)". +

+ + +

+ A remote attacker could exploit this vulnerability by sending a + specially crafted regular expression to an application making use of + the PCRE library, which could possibly lead to the execution of + arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PCRE users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.7-r1" +

+ All GLib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.16.3-r1" + + + CVE-2008-2371 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-04.xml new file mode 100644 index 0000000000..b6701e0569 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-04.xml @@ -0,0 +1,63 @@ + + + + + Poppler: User-assisted execution of arbitrary code + + Poppler is affected by a memory management issue, which could lead to the + execution of arbitrary code. + + poppler + July 08, 2008 + July 08, 2008: 01 + 229931 + remote + + + 0.6.3-r1 + 0.6.3-r1 + + + +

+ Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +

+ + +

+ Felipe Andres Manzano reported a memory management issue in the Page + class constructor/destructor. +

+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, + or Evince, potentially resulting in the execution of arbitrary code + with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All poppler users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.3-r1" + + + CVE-2008-2950 + + + vorlon + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-05.xml new file mode 100644 index 0000000000..80459b53ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-05.xml @@ -0,0 +1,76 @@ + + + + + OpenOffice.org: User-assisted execution of arbitrary code + + An integer overflow vulnerability has been reported in OpenOffice.org. + + openoffice openoffice-bin + July 09, 2008 + July 09, 2008: 01 + 225723 + remote + + + 2.4.1 + 2.4.1 + + + 2.4.1 + 2.4.1 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ Sean Larsson (iDefense Labs) reported an integer overflow in the + function rtl_allocateMemory() in the file + sal/rtl/source/alloc_global.c. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.1" +

+ All OpenOffice.org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.1" + + + CVE-2008-2152 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-06.xml new file mode 100644 index 0000000000..245f79bdb1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-06.xml @@ -0,0 +1,84 @@ + + + + + Apache: Denial of Service + + Multiple vulnerabilities in Apache might lead to a Denial of Service. + + apache + July 09, 2008 + July 09, 2008: 01 + 222643 + 227111 + remote + + + 2.2.9 + 2.2.9 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + Internet. +

+ + +

+ Multiple vulnerabilities have been discovered in Apache: +

+
    +
  • + Dustin Kirkland reported that the mod_ssl module can leak memory when + the client reports support for a compression algorithm (CVE-2008-1678). +
    • +
  • + Ryujiro Shibuya reported that the ap_proxy_http_process_response() + function in the mod_proxy module does not limit the number of forwarded + interim responses (CVE-2008-2364). +
    • +
  • + sp3x of SecurityReason reported a Cross-Site Request Forgery + vulnerability in the balancer-manager in the mod_proxy_balancer module + (CVE-2007-6420). +
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by connecting to + an Apache httpd, by causing an Apache proxy server to connect to a + malicious server, or by enticing a balancer administrator to connect to + a specially-crafted URL, resulting in a Denial of Service of the Apache + daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.9" + + + CVE-2007-6420 + CVE-2008-1678 + CVE-2008-2364 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-07.xml new file mode 100644 index 0000000000..eb132e99ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-07.xml @@ -0,0 +1,75 @@ + + + + + NX: User-assisted execution of arbitrary code + + NX uses code from the X.org X11 server which is prone to multiple + vulnerabilities. + + nx, nxnode + July 09, 2008 + July 09, 2008: 01 + 230147 + remote + + + 3.2.0-r3 + 3.2.0-r3 + + + 3.2.0-r2 + 3.2.0-r2 + + + +

+ NoMachine's NX establishes remote connections to X11 desktops over + small bandwidth links. NX and NX Node are the compression core + libraries, whereas NX is used by FreeNX and NX Node by the binary-only + NX servers. +

+ + +

+ Multiple integer overflow and buffer overflow vulnerabilities have been + discovered in the X.Org X server as shipped by NX and NX Node (GLSA + 200806-07). +

+ + +

+ A remote attacker could exploit these vulnerabilities via unspecified + vectors, leading to the execution of arbitrary code with the privileges + of the user on the machine running the NX server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NX Node users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.2.0-r3" +

+ All NX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nx-3.2.0-r2" + + + GLSA 200806-07 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-08.xml new file mode 100644 index 0000000000..bb76d7c59f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-08.xml @@ -0,0 +1,73 @@ + + + + + BIND: Cache poisoning + + A weakness in the DNS protocol has been reported, which could lead to cache + poisoning on recursive resolvers. + + bind + July 11, 2008 + July 11, 2008: 01 + 231201 + remote + + + 9.4.2_p1 + 9.4.2_p1 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ Dan Kaminsky of IOActive has reported a weakness in the DNS protocol + related to insufficient randomness of DNS transaction IDs and query + source ports. +

+ + +

+ An attacker could exploit this weakness to poison the cache of a + recursive resolver and thus spoof DNS traffic, which could e.g. lead to + the redirection of web or mail traffic to malicious sites. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BIND users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.2_p1" +

+ Note: In order to utilize the query port randomization to mitigate the + weakness, you need to make sure that your network setup allows the DNS + server to use random source ports for query and that you have not set a + fixed query port via the "query-source port" directive in the BIND + configuration. +

+ + + CVE-2008-1447 + + + vorlon + + + vorlon + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-09.xml new file mode 100644 index 0000000000..c5e720cbb6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-09.xml @@ -0,0 +1,64 @@ + + + + + Mercurial: Directory traversal + + A directory traversal vulnerability in Mercurial allows for the renaming of + arbitrary files. + + mercurial + July 15, 2008 + July 15, 2008: 01 + 230193 + remote + + + 1.0.1-r2 + 1.0.1-r2 + + + +

+ Mercurial is a distributed Source Control Management system. +

+ + +

+ Jakub Wilk discovered a directory traversal vulnerabilty in the + applydiff() function in the mercurial/patch.py file. +

+ + +

+ A remote attacker could entice a user to import a specially crafted + patch, possibly resulting in the renaming of arbitrary files, even + outside the repository. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mercurial users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/mercurial-1.0.1-r2" + + + CVE-2008-2942 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-10.xml new file mode 100644 index 0000000000..e1b7c96786 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-10.xml @@ -0,0 +1,66 @@ + + + + + Bacula: Information disclosure + + A vulnerability in Bacula may allow local attackers to obtain sensitive + information. + + bacula + July 21, 2008 + July 21, 2008: 01 + 196834 + local + + + 2.4.1 + 2.4.1 + + + +

+ Bacula is a network based backup suite. +

+ + +

+ Matthijs Kooijman reported that the "make_catalog_backup" script uses + the MySQL password as a command line argument when invoking other + programs. +

+ + +

+ A local attacker could list the processes on the local machine when the + script is running to obtain the MySQL password. Note: The password + could also be disclosed via network sniffing attacks when the script + fails, in which case it would be sent via cleartext e-mail. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ A warning about this issue has been added in version 2.4.1, but the + issue is still unfixed. We advise not to use the make_catalog_backup + script, but to put all MySQL parameters into a dedicated file readable + only by the user running Bacula. +

+ + + CVE-2007-5626 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-11.xml new file mode 100644 index 0000000000..59ec71b456 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-11.xml @@ -0,0 +1,65 @@ + + + + + PeerCast: Buffer overflow + + A buffer overflow vulnerability in PeerCast may allow for the remote + execution of arbitrary code. + + peercast + July 21, 2008 + July 21, 2008: 01 + 220281 + remote + + + 0.1218-r1 + 0.1218-r1 + + + +

+ PeerCast is a client and server for P2P-radio networks. +

+ + +

+ Nico Golde reported a boundary error in the HTTP::getAuthUserPass() + function when processing overly long HTTP Basic authentication + requests. +

+ + +

+ A remote attacker could send a specially crafted HTTP request to the + vulnerable server, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PeerCast users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1218-r1" + + + CVE-2008-2040 + + + rbu + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-12.xml new file mode 100644 index 0000000000..3e152a5f7b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-12.xml @@ -0,0 +1,67 @@ + + + + + BitchX: Multiple vulnerabilities + + Multiple vulnerabilities in BitchX may allow for the remote execution of + arbitrary code or symlink attacks. + + bitchx + July 21, 2008 + July 21, 2008: 01 + 190667 + remote + + + 1.1-r4 + + + +

+ BitchX is an IRC client. +

+ + +

+ bannedit reported a boundary error when handling overly long IRC MODE + messages (CVE-2007-4584). Nico Golde reported an insecure creation of a + temporary file within the e_hostname() function (CVE-2007-5839). +

+ + +

+ A remote attacker could entice a user to connect to a malicious IRC + server, resulting in the remote execution of arbitrary code with the + privileges of the user running the application. A local attacker could + perform symlink attacks to overwrite arbitrary files on the local + machine. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Since BitchX is no longer maintained, we recommend that users unmerge + the vulnerable package and switch to another IRC client: +

+ + # emerge --unmerge "net-irc/bitchx" + + + CVE-2007-4584 + CVE-2007-5839 + + + vorlon + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-13.xml new file mode 100644 index 0000000000..681d231ee3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-13.xml @@ -0,0 +1,70 @@ + + + + + VLC: Multiple vulnerabilities + + Multiple vulnerabilities in VLC may allow for the execution of arbitrary + code. + + vlc + July 31, 2008 + July 31, 2008: 01 + 221959 + 230692 + local, remote + + + 0.8.6i + 0.8.6i + + + +

+ VLC is a cross-platform media player and streaming server. +

+ + +
  • Remi Denis-Courmont reported that VLC loads plugins from the + current working directory in an unsafe manner (CVE-2008-2147).
    • +
  • Alin Rad Pop (Secunia Research) reported an integer overflow error + in the Open() function in the file modules/demux/wav.c + (CVE-2008-2430).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted .wav + file, and a local attacker could entice a user to run VLC from a + directory containing specially crafted modules, possibly resulting in + the execution of arbitrary code with the privileges of the user running + the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6i" + + + CVE-2008-2147 + CVE-2008-2430 + + + keytoaster + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-14.xml new file mode 100644 index 0000000000..b4500667a0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-14.xml @@ -0,0 +1,63 @@ + + + + + Linux Audit: Buffer overflow + + A buffer overflow vulnerability in Linux Audit may allow local attackers to + execute arbitrary code. + + audit + July 31, 2008 + July 31, 2008: 01 + 215705 + local + + + 1.7.3 + 1.7.3 + + + +

+ Linux Audit is a set of userspace utilities for storing and processing + auditing records. +

+ + +

+ A stack-based buffer overflow has been reported in the + audit_log_user_command() function in the file lib/audit_logging.c when + processing overly long arguments. +

+ + +

+ A local attacker could execute a specially crafted command on the host + running Linux Audit, possibly resulting in the execution of arbitrary + code with the privileges of the user running Linux Audit. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Linux Audit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-process/audit-1.7.3" + + + CVE-2008-1628 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-15.xml new file mode 100644 index 0000000000..204adbf181 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-15.xml @@ -0,0 +1,66 @@ + + + + + Pan: User-assisted execution of arbitrary code + + A buffer overflow vulnerability in Pan may allow remote attacker to execute + arbitrary code. + + pan + July 31, 2008 + July 31, 2008: 01 + 224051 + remote + + + 0.132-r3 + 0.14.2.91-r2 + 0.14.2 + 0.132-r3 + + + +

+ Pan is a newsreader for the GNOME desktop. +

+ + +

+ Pavel Polischouk reported a boundary error in the PartsBatch class when + processing .nzb files. +

+ + +

+ A remote attacker could entice a user to open a specially crafted .nzb + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pan users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nntp/pan-0.132-r3" + + + CVE-2008-2363 + + + rbu + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-16.xml new file mode 100644 index 0000000000..cb9cae48f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200807-16.xml @@ -0,0 +1,107 @@ + + + + + Python: Multiple vulnerabilities + + Multiple vulnerabilities in Python may allow for the execution of arbitrary + code. + + python + July 31, 2008 + July 19, 2009: 02 + 230640 + 232137 + remote + + + 2.4.4-r14 + 2.5.2-r6 + 2.4.6 + 2.5.2-r6 + + + +

+ Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

+ Multiple vulnerabilities were discovered in Python: +

+
    +
  • + David Remahl of Apple Product Security reported several integer + overflows in core modules such as stringobject, unicodeobject, + bufferobject, longobject, tupleobject, stropmodule, gcmodule, + mmapmodule (CVE-2008-2315). +
    • +
  • + David Remahl of Apple Product Security also reported an integer + overflow in the hashlib module, leading to unreliable cryptographic + digest results (CVE-2008-2316). +
    • +
  • + Justin Ferguson reported multiple buffer overflows in unicode string + processing that only affect 32bit systems (CVE-2008-3142). +
    • +
  • + The Google Security Team reported multiple integer overflows + (CVE-2008-3143). +
    • +
  • + Justin Ferguson reported multiple integer underflows and overflows in + the PyOS_vsnprintf() function, and an off-by-one error when passing + zero-length strings, leading to memory corruption (CVE-2008-3144). +
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities in Python + applications or daemons that pass user-controlled input to vulnerable + functions. Exploitation might lead to the execution of arbitrary code + or a Denial of Service. Vulnerabilities within the hashlib might lead + to weakened cryptographic protection of data integrity or authenticity. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Python 2.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14" +

+ All Python 2.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6" +

+ Please note that Python 2.3 is masked since June 24, and we will not be + releasing updates to it. It will be removed from the tree in the near + future. +

+ + + CVE-2008-2315 + CVE-2008-2316 + CVE-2008-3142 + CVE-2008-3143 + CVE-2008-3144 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-01.xml new file mode 100644 index 0000000000..4d8a4b0c4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-01.xml @@ -0,0 +1,87 @@ + + + + + xine-lib: User-assisted execution of arbitrary code + + xine-lib is vulnerable to multiple buffer overflows when processing media + streams. + + xine-lib + August 06, 2008 + August 06, 2008: 01 + 213039 + 214270 + 218059 + remote + + + 1.1.13 + 1.1.13 + + + +

+ xine-lib is the core library package for the xine media player, and + other players such as Amarok, Codeine/Dragon Player and Kaffeine. +

+ + +

+ Multiple vulnerabilities have been discovered in xine-lib: +

+
    +
  • + Alin Rad Pop of Secunia reported an array indexing vulnerability in the + sdpplin_parse() function in the file input/libreal/sdpplin.c when + processing streams from RTSP servers that contain a large "streamid" + SDP parameter (CVE-2008-0073). +
    • +
  • + Luigi Auriemma reported multiple integer overflows that result in + heap-based buffer overflows when processing ".FLV", ".MOV" ".RM", + ".MVE", ".MKV", and ".CAK" files (CVE-2008-1482). +
    • +
  • + Guido Landi reported a stack-based buffer overflow in the + demux_nsf_send_chunk() function when handling titles within NES Music + (.NSF) files (CVE-2008-1878). +
    • +
+ + +

+ A remote attacker could entice a user to play a specially crafted video + file or stream with a player using xine-lib, potentially resulting in + the execution of arbitrary code with the privileges of the user running + the player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.13" + + + CVE-2008-0073 + CVE-2008-1482 + CVE-2008-1878 + + + rbu + + + vorlon + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-02.xml new file mode 100644 index 0000000000..d136e8886f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-02.xml @@ -0,0 +1,74 @@ + + + + + Net-SNMP: Multiple vulnerabilities + + Multiple vulnerabilities in Net-SNMP allow for authentication bypass in + snmpd and execution of arbitrary code in Perl applications using Net-SMNP. + + net-snmp + August 06, 2008 + August 06, 2008: 01 + 222265 + 225105 + remote + + + 5.4.1.1 + 5.4.1.1 + + + +

+ Net-SNMP is a collection of tools for generating and retrieving SNMP + data. The SNMPv3 protocol uses a keyed-Hash Message Authentication Code + (HMAC) to verify data integrity and authenticity of SNMP messages. +

+ + +

+ Wes Hardaker reported that the SNMPv3 HMAC verification relies on the + client to specify the HMAC length (CVE-2008-0960). John Kortink + reported a buffer overflow in the Perl bindings of Net-SNMP when + processing the OCTETSTRING in an attribute value pair (AVP) received by + an SNMP agent (CVE-2008-2292). +

+ + +

+ An attacker could send SNMPv3 packets to an instance of snmpd providing + a valid user name and an HMAC length value of 1, and easily conduct + brute-force attacks to bypass SNMP authentication. An attacker could + further entice a user to connect to a malicious SNMP agent with an SNMP + client using the Perl bindings, possibly resulting in the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Net-SNMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.1.1" + + + CVE-2008-0960 + CVE-2008-2292 + + + keytoaster + + + vorlon + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-03.xml new file mode 100644 index 0000000000..a3e3f8822a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-03.xml @@ -0,0 +1,247 @@ + + + + + Mozilla products: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mozilla Firefox, + Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted + execution of arbitrary code. + + mozilla-firefox mozilla-firefox-bin mozilla-thunderbird mozilla-thunderbird-bin seamonkey seamonkey-bin xulrunner xulrunner-bin + August 06, 2008 + August 06, 2008: 01 + 204337 + 218065 + 230567 + 231975 + remote + + + 2.0.0.16 + 2.0.0.16 + + + 2.0.0.16 + 2.0.0.16 + + + 2.0.0.16 + 2.0.0.16 + + + 2.0.0.16 + 2.0.0.16 + + + 1.1.11 + 1.1.11 + + + 1.1.11 + 1.1.11 + + + 1.8.1.16 + 1.8.1.16 + + + 1.8.1.16 + 1.8.1.16 + + + +

+ Mozilla Firefox is an open-source web browser and Mozilla Thunderbird + an open-source email client, both from the Mozilla Project. The + SeaMonkey project is a community effort to deliver production-quality + releases of code derived from the application formerly known as the + 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package + that can be used to bootstrap XUL+XPCOM applications like Firefox and + Thunderbird. +

+ + +

+ The following vulnerabilities were reported in all mentioned Mozilla + products: +

+
    +
  • + TippingPoint's Zero Day Initiative reported that an incorrect integer + data type is used as a CSS object reference counter, leading to a + counter overflow and a free() of in-use memory (CVE-2008-2785). +
    • +
  • + Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the + JavaScript engine, possibly triggering memory corruption + (CVE-2008-2799). +
    • +
  • + Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes in + the layout engine, possibly triggering memory corruption + (CVE-2008-2798). +
    • +
  • + moz_bug_r_a4 reported that XUL documents that include a script from a + chrome: URI that points to a fastload file would be executed with the + privileges specified in the file (CVE-2008-2802). +
    • +
  • + moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript() + function only apply XPCNativeWrappers to scripts loaded from standard + "chrome:" URIs, which could be the case in third-party add-ons + (CVE-2008-2803). +
    • +
  • + Astabis reported a crash in the block reflow implementation related to + large images (CVE-2008-2811). +
    • +
  • + John G. Myers, Frank Benkstein and Nils Toedtmann reported a weakness + in the trust model used by Mozilla, that when a user accepts an SSL + server certificate on the basis of the CN domain name in the DN field, + the certificate is also regarded as accepted for all domain names in + subjectAltName:dNSName fields (CVE-2008-2809). +
    • +

+ The following vulnerabilities were reported in Firefox, SeaMonkey and + XULRunner: +

+
    +
  • + moz_bug_r_a4 reported that the Same Origin Policy is not properly + enforced on JavaScript (CVE-2008-2800). +
    • +
  • + Collin Jackson and Adam Barth reported that JAR signing is not properly + implemented, allowing injection of JavaScript into documents within a + JAR archive (CVE-2008-2801). +
    • +
  • + Opera Software reported an error allowing for arbitrary local file + upload (CVE-2008-2805). +
    • +
  • + Daniel Glazman reported that an invalid .properties file for an add-on + might lead to the usage of uninitialized memory (CVE-2008-2807). +
    • +
  • + Masahiro Yamada reported that HTML in "file://" URLs in directory + listings is not properly escaped (CVE-2008-2808). +
    • +
  • + Geoff reported that the context of Windows Internet shortcut files is + not correctly identified (CVE-2008-2810). +
    • +
  • + The crash vulnerability (CVE-2008-1380) that was previously announced + in GLSA 200805-18 is now also also resolved in Seamonkey binary + ebuilds. +
    • +

+ The following vulnerability was reported in Firefox only: +

+
    +
  • + Billy Rios reported that the Pipe character in a command-line URI is + identified as a request to open multiple tabs, allowing to open + "chrome" and "file" URIs (CVE-2008-2933). +
    • +
+ + +

+ A remote attacker could entice a user to view a specially crafted web + page or email that will trigger one of the vulnerabilities, possibly + leading to the execution of arbitrary code or a Denial of Service. It + is also possible for an attacker to trick a user to upload arbitrary + files or to accept an invalid certificate for a spoofed web site, to + read uninitialized memory, to violate Same Origin Policy, or to conduct + Cross-Site Scripting attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.16" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.16" +

+ All Mozilla Thunderbird users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.16" +

+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.16" +

+ All Seamonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11" +

+ All Seamonkey binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.11" +

+ All XULRunner users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16" +

+ All XULRunner binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-bin-1.8.1.16" + + + CVE-2008-1380 + CVE-2008-2785 + CVE-2008-2798 + CVE-2008-2799 + CVE-2008-2800 + CVE-2008-2801 + CVE-2008-2802 + CVE-2008-2803 + CVE-2008-2805 + CVE-2008-2807 + CVE-2008-2808 + CVE-2008-2809 + CVE-2008-2810 + CVE-2008-2811 + CVE-2008-2933 + GLSA 200805-18 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-04.xml new file mode 100644 index 0000000000..ebd0a7740c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-04.xml @@ -0,0 +1,74 @@ + + + + + Wireshark: Denial of Service + + Multiple Denial of Service vulnerabilities have been discovered in + Wireshark. + + wireshark + August 06, 2008 + August 06, 2008: 01 + 230411 + 231587 + remote + + + 1.0.2 + 1.0.2 + + + +

+ Wireshark is a network protocol analyzer with a graphical front-end. +

+ + +

+ Multiple vulnerabilities related to memory management were discovered + in the GSM SMS dissector (CVE-2008-3137), the PANA and KISMET + dissectors (CVE-2008-3138), the RTMPT dissector (CVE-2008-3139), the + syslog dissector (CVE-2008-3140) and the RMI dissector (CVE-2008-3141) + and when reassembling fragmented packets (CVE-2008-3145). +

+ + +

+ A remote attacker could exploit these vulnerabilities by sending a + specially crafted packet on a network being monitored by Wireshark or + enticing a user to read a malformed packet trace file, causing a Denial + of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.2" + + + CVE-2008-3137 + CVE-2008-3138 + CVE-2008-3139 + CVE-2008-3140 + CVE-2008-3141 + CVE-2008-3145 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-05.xml new file mode 100644 index 0000000000..3fb9416499 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-05.xml @@ -0,0 +1,64 @@ + + + + + ISC DHCP: Denial of Service + + A Denial of Service vulnerability was discovered in ISC DHCP. + + dhcp + August 06, 2008 + August 06, 2008: 01 + 227135 + remote + + + 3.1.1 + 3.1.1 + + + +

+ ISC DHCP is ISC's reference implementation of all aspects of the + Dynamic Host Configuration Protocol. +

+ + +

+ A buffer overflow error was found in ISC DHCP server, that can only be + exploited under unusual server configurations where the DHCP server is + configured to provide clients with a large set of DHCP options. +

+ + +

+ A remote attacker could exploit this vulnerability to cause a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ISC DHCP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.1" + + + CVE-2007-0062 + + + rbu + + + vorlon + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-06.xml new file mode 100644 index 0000000000..6c53293b7e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-06.xml @@ -0,0 +1,68 @@ + + + + + libxslt: Execution of arbitrary code + + libxslt is affected by a heap-based buffer overflow, possibly leading to + the execution of arbitrary code. + + libxslt + August 06, 2008 + August 06, 2008: 01 + 232172 + remote + + + 1.1.24-r1 + 1.1.8 + 1.1.24-r1 + + + +

+ libxslt is the XSLT C library developed for the GNOME project. XSLT is + an XML language to define transformations for XML. +

+ + +

+ Chris Evans (Google Security) reported that the libexslt library that + is part of libxslt is affected by a heap-based buffer overflow in the + RC4 encryption/decryption functions. +

+ + +

+ A remote attacker could entice a user to process an XML file using a + specially crafted XSLT stylesheet in an application linked against + libxslt, possibly leading to the execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libxslt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.24-r1" + + + CVE-2008-2935 + + + rbu + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-07.xml new file mode 100644 index 0000000000..d6bb0eb057 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-07.xml @@ -0,0 +1,72 @@ + + + + + ClamAV: Multiple Denials of Service + + Multiple vulnerabilities in ClamAV may result in a Denial of Service. + + clamav + August 08, 2008 + August 08, 2008: 01 + 204340 + 227351 + remote + + + 0.93.3 + 0.93.3 + + + +

+ Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +

+ + +

+ Damian Put has discovered an out-of-bounds memory access while + processing Petite files (CVE-2008-2713, CVE-2008-3215). Also, please + note that the 0.93 ClamAV branch fixes the first of the two attack + vectors of CVE-2007-6595 concerning an insecure creation of temporary + files vulnerability. The sigtool attack vector seems still unfixed. +

+ + +

+ A remote attacker could entice a user or automated system to scan a + specially crafted Petite file, possibly resulting in a Denial of + Service (daemon crash). Also, the insecure creation of temporary files + vulnerability can be triggered by a local user to perform a symlink + attack. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.93.3" + + + CVE-2007-6595 + CVE-2008-2713 + CVE-2008-3215 + + + rbu + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-08.xml new file mode 100644 index 0000000000..267e276674 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-08.xml @@ -0,0 +1,69 @@ + + + + + stunnel: Security bypass + + stunnel does not properly prevent the authentication of a revoked + certificate which would be published by OCSP. + + stunnel + August 08, 2008 + August 09, 2009: 02 + 222805 + remote + + + 4.24 + 4 + 4.24 + + + +

+ The stunnel program is designed to work as an SSL encryption wrapper + between a remote client and a local or remote server. OCSP (Online + Certificate Status Protocol), as described in RFC 2560, is an internet + protocol used for obtaining the revocation status of an X.509 digital + certificate. +

+ + +

+ An unspecified bug in the OCSP search functionality of stunnel has been + discovered. +

+ + +

+ A remote attacker can use a revoked certificate that would be + successfully authenticated by stunnel. This issue only concerns the + users who have enabled the OCSP validation in stunnel. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All stunnel users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.24" + + + CVE-2008-2420 + + + rbu + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-09.xml new file mode 100644 index 0000000000..5ca22245f8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-09.xml @@ -0,0 +1,63 @@ + + + + + OpenLDAP: Denial of Service vulnerability + + A flaw in OpenLDAP allows remote unauthenticated attackers to cause a + Denial of Service. + + openldap + August 08, 2008 + August 08, 2008: 01 + 230269 + remote + + + 2.3.43 + 2.3.43 + + + +

+ OpenLDAP Software is an open source implementation of the Lightweight + Directory Access Protocol. +

+ + +

+ Cameron Hotchkies discovered an error within the parsing of ASN.1 BER + encoded packets in the "ber_get_next()" function in + libraries/liblber/io.c. +

+ + +

+ A remote unauthenticated attacker can send a specially crafted ASN.1 + BER encoded packet which will trigger the error and cause an + "assert()", terminating the "slapd" daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenLDAP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.43" + + + CVE-2008-2952 + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-10.xml new file mode 100644 index 0000000000..dfc6049068 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-10.xml @@ -0,0 +1,62 @@ + + + + + Adobe Reader: User-assisted execution of arbitrary code + + Adobe Reader is vulnerable to execution of arbitrary code via a crafted + PDF. + + acroread + August 09, 2008 + August 09, 2008: 01 + 233383 + remote + + + 8.1.2-r3 + 8.1.2-r3 + + + +

+ Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +

+ + +

+ The Johns Hopkins University Applied Physics Laboratory reported that + input to an unspecified JavaScript method is not properly validated. +

+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + document, possibly resulting in the remote execution of arbitrary code + with the privileges of the user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.2-r3" + + + CVE-2008-2641 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-11.xml new file mode 100644 index 0000000000..05c441f4f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-11.xml @@ -0,0 +1,76 @@ + + + + + UUDeview: Insecure temporary file creation + + A vulnerability in UUDeview may allow local attackers to conduct symlink + attacks. + + nzbget uudeview + August 11, 2008 + August 11, 2008: 01 + 222275 + 224193 + local + + + 0.5.20-r1 + 0.5.20-r1 + + + 0.4.0 + 0.4.0 + + + +

+ UUdeview is encoder and decoder supporting various binary formats. + NZBGet is a command-line based binary newsgrabber supporting .nzb + files. +

+ + +

+ UUdeview makes insecure usage of the tempnam() function when creating + temporary files. NZBGet includes a copy of the vulnerable code. +

+ + +

+ A local attacker could exploit this vulnerability to overwrite + arbitrary files on the system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All UUDview users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/uudeview-0.5.20-r1" +

+ All NZBget users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=news-nntp/nzbget-0.4.0" + + + CVE-2008-2266 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-12.xml new file mode 100644 index 0000000000..d6214d7811 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200808-12.xml @@ -0,0 +1,124 @@ + + + + + Postfix: Local privilege escalation vulnerability + + Postfix incorrectly checks the ownership of a mailbox, allowing, in certain + circumstances, to append data to arbitrary files on a local system with + root privileges. + + postfix + August 14, 2008 + October 23, 2008: 02 + 232642 + local + + + 2.4.7-r1 + 2.5.3-r1 + 2.4.8 + 2.4.9 + 2.5.3-r1 + + + +

+ Postfix is Wietse Venema's mailer that attempts to be fast, easy to + administer, and secure, as an alternative to the widely-used Sendmail + program. +

+ + +

+ Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail + to root-owned symlinks in an insecure manner under certain conditions. + Normally, Postfix does not deliver mail to symlinks, except to + root-owned symlinks, for compatibility with the systems using symlinks + in /dev like Solaris. Furthermore, some systems like Linux allow to + hardlink a symlink, while the POSIX.1-2001 standard requires that the + symlink is followed. Depending on the write permissions and the + delivery agent being used, this can lead to an arbitrary local file + overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix + delivery agent does not properly verify the ownership of a mailbox + before delivering mail (CVE-2008-2937). +

+ + +

+ The combination of these features allows a local attacker to hardlink a + root-owned symlink such that the newly created symlink would be + root-owned and would point to a regular file (or another symlink) that + would be written by the Postfix built-in local(8) or virtual(8) + delivery agents, regardless the ownership of the final destination + regular file. Depending on the write permissions of the spool mail + directory, the delivery style, and the existence of a root mailbox, + this could allow a local attacker to append a mail to an arbitrary file + like /etc/passwd in order to gain root privileges. +

+

+ The default configuration of Gentoo Linux does not permit any kind of + user privilege escalation. +

+

+ The second vulnerability (CVE-2008-2937) allows a local attacker, + already having write permissions to the mail spool directory which is + not the case on Gentoo by default, to create a previously nonexistent + mailbox before Postfix creates it, allowing to read the mail of another + user on the system. +

+ + +

+ The following conditions should be met in order to be vulnerable to + local privilege escalation. +

+
    +
  • The mail delivery style is mailbox, with the Postfix built-in + local(8) or virtual(8) delivery agents.
    • +
  • The mail spool directory (/var/spool/mail) is user-writeable.
    • +
  • The user can create hardlinks pointing to root-owned symlinks + located in other directories.
    • +
+

+ Consequently, each one of the following workarounds is efficient. +

+
    +
  • Verify that your /var/spool/mail directory is not writeable by a + user. Normally on Gentoo, only the mail group has write access, and no + end-user should be granted the mail group ownership.
    • +
  • Prevent the local users from being able to create hardlinks + pointing outside of the /var/spool/mail directory, e.g. with a + dedicated partition.
    • +
  • Use a non-builtin Postfix delivery agent, like procmail or + maildrop.
    • +
  • Use the maildir delivery style of Postfix ("home_mailbox=Maildir/" + for example).
    • +
+

+ Concerning the second vulnerability, check the write permissions of + /var/spool/mail, or check that every Unix account already has a + mailbox, by using Wietse Venema's Perl script available in the official + advisory. +

+ + +

+ All Postfix users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.5.3-r1" + + + CVE-2008-2936 + CVE-2008-2937 + Official Advisory + + + falco + + + falco + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-01.xml new file mode 100644 index 0000000000..0ef8bf3e5d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-01.xml @@ -0,0 +1,71 @@ + + + + + yelp: User-assisted execution of arbitrary code + + A vulnerability in yelp can lead to the execution of arbitrary code when + opening a URI, for example through Firefox. + + yelp + September 04, 2008 + September 04, 2008: 01 + 234079 + remote + + + 2.22.1-r2 + 2.20.0-r1 + 2.22.1-r2 + + + +

+ yelp is the default help browser for GNOME. +

+ + +

+ Aaron Grattafiori reported a format string vulnerability in the + window_error() function in yelp-window.c. +

+ + +

+ A remote attacker can entice a user to open specially crafted "man:" or + "ghelp:" URIs in yelp, or an application using yelp such as Firefox or + Evolution, and execute arbitrary code with the privileges of that user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All yelp users running GNOME 2.22 should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.22.1-r2" +

+ All yelp users running GNOME 2.20 should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.20.0-r1" + + + CVE-2008-3533 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-02.xml new file mode 100644 index 0000000000..d38a3f16fe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-02.xml @@ -0,0 +1,77 @@ + + + + + dnsmasq: Denial of Service and DNS spoofing + + Two vulnerabilities in dnsmasq might allow for a Denial of Service or + spoofing of DNS replies. + + dnsmasq + September 04, 2008 + September 04, 2008: 01 + 231282 + 232523 + remote + + + 2.45 + 2.45 + + + +

+ Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP + server. +

+ + +
    +
  • + Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP + source ports when forwarding DNS queries to a recursing DNS server + (CVE-2008-1447). +
    • +
  • + Carlos Carvalho reported that dnsmasq in the 2.43 version does not + properly handle clients sending inform or renewal queries for unknown + DHCP leases, leading to a crash (CVE-2008-3350). +
    • +
+ + +

+ A remote attacker could send spoofed DNS response traffic to dnsmasq, + possibly involving generating queries via multiple vectors, and spoof + DNS replies, which could e.g. lead to the redirection of web or mail + traffic to malicious sites. Furthermore, an attacker could generate + invalid DHCP traffic and cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All dnsmasq users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.45" + + + CVE-2008-3350 + CVE-2008-1447 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-03.xml new file mode 100644 index 0000000000..ce9e8be495 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-03.xml @@ -0,0 +1,62 @@ + + + + + RealPlayer: Buffer overflow + + RealPlayer is vulnerable to a buffer overflow allowing for the execution of + arbitrary code. + + realplayer + September 04, 2008 + September 04, 2008: 01 + 232997 + remote + + + 11.0.0.4028-r1 + 11.0.0.4028-r1 + + + +

+ RealPlayer is a multimedia player capable of handling multiple + multimedia file formats. +

+ + +

+ Dyon Balding of Secunia Research reported an unspecified heap-based + buffer overflow in the Shockwave Flash (SWF) frame handling. +

+ + +

+ By enticing a user to open a specially crafted SWF (Shockwave Flash) + file, a remote attacker could be able to execute arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All RealPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/realplayer-11.0.0.4028-r1" + + + CVE-2007-5400 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-04.xml new file mode 100644 index 0000000000..8b12fefb1e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-04.xml @@ -0,0 +1,63 @@ + + + + + MySQL: Privilege bypass + + A vulnerability in MySQL might allow users to bypass privileges and gain + access to other databases. + + mysql + September 04, 2008 + September 04, 2008: 01 + 220399 + remote + + + 5.0.60-r1 + 5.0.60-r1 + + + +

+ MySQL is a popular multi-threaded, multi-user SQL server. +

+ + +

+ Sergei Golubchik reported that MySQL imposes no restrictions on the + specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE + TABLE" statements. +

+ + +

+ An authenticated remote attacker could create MyISAM tables, specifying + DATA or INDEX directories that contain future table files by other + database users, or existing table files in the MySQL data directory, + gaining access to those tables. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MySQL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.60-r1" + + + CVE-2008-2079 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-05.xml new file mode 100644 index 0000000000..c4e95694e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-05.xml @@ -0,0 +1,69 @@ + + + + + Courier Authentication Library: SQL injection vulnerability + + An SQL injection vulnerability has been discovered in the Courier + Authentication Library. + + courier-authlib + September 05, 2008 + September 05, 2008: 01 + 225407 + remote + + + 0.60.6 + 0.60.6 + + + +

+ The Courier Authentication Library is a generic authentication API that + encapsulates the process of validating account passwords. +

+ + +

+ It has been discovered that some input (e.g. the username) passed to + the library are not properly sanitised before being used in SQL + queries. +

+ + +

+ A remote attacker could provide specially crafted input to the library, + possibly resulting in the remote execution of arbitrary SQL commands. + NOTE: Exploitation of this vulnerability requires that a MySQL database + is used for authentication and that a Non-Latin character set is + selected. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Courier Authentication Library users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/courier-authlib-0.60.6" + + + CVE-2008-2667 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-06.xml new file mode 100644 index 0000000000..bd1813c398 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-06.xml @@ -0,0 +1,72 @@ + + + + + VLC: Multiple vulnerabilities + + Two vulnerabilities in VLC may lead to the remote execution of arbitrary + code. + + vlc + September 07, 2008 + September 07, 2008: 01 + 235238 + 235589 + remote + + + 0.8.6i-r2 + 0.8.6i-r2 + + + +

+ VLC is a cross-platform media player and streaming server. +

+ + +

+ g_ reported the following vulnerabilities: +

+
  • An integer + overflow leading to a heap-based buffer overflow in the Open() function + in modules/demux/tta.c (CVE-2008-3732).
    • +
  • A signedness error + leading to a stack-based buffer overflow in the mms_ReceiveCommand() + function in modules/access/mms/mmstu.c (CVE-2008-3794).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the remote execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6i-r2" + + + CVE-2008-3732 + CVE-2008-3794 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-07.xml new file mode 100644 index 0000000000..e3d499a094 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-07.xml @@ -0,0 +1,67 @@ + + + + + libTIFF: User-assisted execution of arbitrary code + + Multiple buffer underflow vulnerabilities in libTIFF may allow for the + remote execution of arbitrary code. + + tiff + September 08, 2008 + September 08, 2008: 01 + 234080 + remote + + + 3.8.2-r4 + 3.8.2-r4 + + + +

+ libTIFF provides support for reading and manipulating TIFF (Tagged + Image File Format) images. +

+ + +

+ Drew Yao (Apple Product Security) and Clay Wood reported multiple + buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in + tif_lzw.c when processing TIFF files. +

+ + +

+ A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libTIFF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r4" + + + CVE-2008-2327 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-08.xml new file mode 100644 index 0000000000..080a5db434 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-08.xml @@ -0,0 +1,66 @@ + + + + + Amarok: Insecure temporary file creation + + Amarok uses temporary files in an insecure manner, allowing for a symlink + attack. + + amarok + September 08, 2008 + September 08, 2008: 01 + 234689 + local + + + 1.4.10 + 1.4.10 + + + +

+ Amarok is an advanced music player. +

+ + +

+ Dwayne Litzenberger reported that the + MagnatuneBrowser::listDownloadComplete() function in + magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary + file in an insecure manner. +

+ + +

+ A local attacker could perform a symlink attack to overwrite arbitrary + files on the system with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Amarok users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10" + + + CVE-2008-3699 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-09.xml new file mode 100644 index 0000000000..3dc53098e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-09.xml @@ -0,0 +1,76 @@ + + + + + Postfix: Denial of Service + + A memory leak in Postfix might allow local users to cause a Denial of + Service. + + postfix + September 19, 2008 + September 19, 2008: 01 + 236453 + local + + + 2.4.9 + 2.5.5 + 2.4.9 + 2.5.5 + + + +

+ Postfix is Wietse Venema's mailer that attempts to be fast, easy to + administer, and secure, as an alternative to the widely-used Sendmail + program. +

+ + +

+ It has been discovered than Postfix leaks an epoll file descriptor when + executing external commands, e.g. user-controlled $HOME/.forward or + $HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix + instances running on Linux 2.6 kernels. +

+ + +

+ A local attacker could exploit this vulnerability to reduce the + performance of Postfix, and possibly trigger an assertion, resulting in + a Denial of Service. +

+ + +

+ Allow only trusted users to control delivery to non-Postfix commands. +

+ + +

+ All Postfix 2.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.4.9" +

+ All Postfix 2.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.5.5" + + + CVE-2008-3889 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-10.xml new file mode 100644 index 0000000000..9fab704e1e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-10.xml @@ -0,0 +1,72 @@ + + + + + Mantis: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Mantis. + + mantisbt + September 21, 2008 + November 26, 2008: 02 + 222649 + 233336 + remote + + + 1.1.2 + 1.1.2 + + + +

+ Mantis is a PHP/MySQL/Web based bugtracking system. +

+ + +

+ Antonio Parata and Francesco Ongaro reported a Cross-Site Request + Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a + Cross-Site Scripting vulnerability in return_dynamic_filters.php + (CVE-2008-3331), and an insufficient input validation in + adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability + in core/lang_api.php (CVE-2008-3333) has also been reported. +

+ + +

+ A remote attacker could exploit these vulnerabilities to execute + arbitrary HTML and script code, create arbitrary users with + administrative privileges, execute arbitrary PHP commands, and include + arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mantis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.2" + + + CVE-2008-2276 + CVE-2008-3331 + CVE-2008-3332 + CVE-2008-3333 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-11.xml new file mode 100644 index 0000000000..dfd4bb4086 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-11.xml @@ -0,0 +1,62 @@ + + + + + HAVP: Denial of Service + + A Denial of Service vulnerability has been reported in HAVP. + + havp + September 21, 2008 + September 21, 2008: 01 + 234715 + remote + + + 0.89 + 0.89 + + + +

+ HAVP is a HTTP AntiVirus Proxy. +

+ + +

+ Peter Warasin reported an infinite loop in sockethandler.cpp when + connecting to a non-responsive HTTP server. +

+ + +

+ A remote attacker could send requests to unavailable servers, resulting + in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All HAVP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/havp-0.89" + + + CVE-2008-3688 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-12.xml new file mode 100644 index 0000000000..1003920b0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-12.xml @@ -0,0 +1,65 @@ + + + + + Newsbeuter: User-assisted execution of arbitrary code + + Insufficient input validation in newsbeuter may allow remote attackers to + execute arbitrary shell commands. + + newsbeuter + September 22, 2008 + September 22, 2008: 01 + 236506 + remote + + + 1.2 + 1.2 + + + +

+ Newsbeuter is a RSS/Atom feed reader for the text console. +

+ + +

+ J.H.M. Dassen reported that the open-in-browser command does not + properly escape shell metacharacters in the URL before passing it to + system(). +

+ + +

+ A remote attacker could entice a user to open a feed with specially + crafted URLs, possibly resulting in the remote execution of arbitrary + shell commands with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Newsbeuter users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-news/newsbeuter-1.2" + + + CVE-2008-3907 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-13.xml new file mode 100644 index 0000000000..04852252d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-13.xml @@ -0,0 +1,65 @@ + + + + + R: Insecure temporary file creation + + R is vulnerable to symlink attacks due to an insecure usage of temporary + files. + + R + September 22, 2008 + September 22, 2008: 01 + 235822 + local + + + 2.7.1 + 2.7.1 + + + +

+ R is a GPL licensed implementation of S, a language and environment for + statistical computing and graphics. +

+ + +

+ Dmitry E. Oboukhov reported that the "javareconf" script uses temporary + files in an insecure manner. +

+ + +

+ A local attacker could exploit this vulnerability to overwrite + arbitrary files with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All R users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/R-2.7.1" + + + CVE-2008-3931 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-14.xml new file mode 100644 index 0000000000..0e1becfd05 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-14.xml @@ -0,0 +1,64 @@ + + + + + BitlBee: Security bypass + + Multiple vulnerabilities in Bitlbee may allow to bypass security + restrictions and hijack accounts. + + bitlbee + September 23, 2008 + September 23, 2008: 01 + 236160 + remote + + + 1.2.3 + 1.2.3 + + + +

+ BitlBee is an IRC to IM gateway that support multiple IM protocols. +

+ + +

+ Multiple unspecified vulnerabilities were reported, including a NULL + pointer dereference. +

+ + +

+ A remote attacker could exploit these vulnerabilities to overwrite + existing IM accounts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BitlBee users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/bitlbee-1.2.3" + + + CVE-2008-3920 + CVE-2008-3969 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-15.xml new file mode 100644 index 0000000000..5214bf2e44 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-15.xml @@ -0,0 +1,66 @@ + + + + + GNU ed: User-assisted execution of arbitrary code + + A buffer overflow vulnerability in ed may allow for the remote execution of + arbitrary code. + + ed + September 23, 2008 + September 23, 2008: 01 + 236521 + remote + + + 1.0 + 1.0 + + + +

+ GNU ed is a basic line editor. red is a restricted version of ed that + does not allow shell command execution. +

+ + +

+ Alfredo Ortega from Core Security Technologies reported a heap-based + buffer overflow in the strip_escapes() function when processing overly + long filenames. +

+ + +

+ A remote attacker could entice a user to process specially crafted + commands with ed or red, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU ed users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/ed-1.0" + + + CVE-2008-3916 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-16.xml new file mode 100644 index 0000000000..65a1dc0bbe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-16.xml @@ -0,0 +1,65 @@ + + + + + Git: User-assisted execution of arbitrary code + + Multiple buffer overflow vulnerabilities have been discovered in Git. + + git + September 25, 2008 + September 25, 2008: 01 + 234075 + remote + + + 1.5.6.4 + 1.5.6.4 + + + +

+ Git is a distributed version control system. +

+ + +

+ Multiple boundary errors in the functions diff_addremove() and + diff_change() when processing overly long repository path names were + reported. +

+ + +

+ A remote attacker could entice a user to run commands like "git-diff" + or "git-grep" on a specially crafted repository, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Git users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/git-1.5.6.4" + + + CVE-2008-3546 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-17.xml new file mode 100644 index 0000000000..bade36fba5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-17.xml @@ -0,0 +1,82 @@ + + + + + Wireshark: Multiple Denials of Service + + Multiple Denial of Service vulnerabilities have been discovered in + Wireshark. + + wireshark + September 25, 2008 + September 25, 2008: 01 + 236515 + remote + + + 1.0.3 + 1.0.3 + + + +

+ Wireshark is a network protocol analyzer with a graphical front-end. +

+ + +

+ The following vulnerabilities were reported: +

+
    +
  • + Multiple buffer overflows in the NCP dissector (CVE-2008-3146). +
    • +
  • + Infinite loop in the NCP dissector (CVE-2008-3932). +
    • +
  • + Invalid read in the tvb_uncompress() function when processing zlib + compressed data (CVE-2008-3933). +
    • +
  • + Unspecified error when processing Textronix .rf5 files + (CVE-2008-3934).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file, causing a + Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.3" + + + CVE-2008-3146 + CVE-2008-3932 + CVE-2008-3933 + CVE-2008-3934 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-18.xml new file mode 100644 index 0000000000..8b28de0299 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200809-18.xml @@ -0,0 +1,72 @@ + + + + + ClamAV: Multiple Denials of Service + + Multiple vulnerabilities in ClamAV may result in a Denial of Service. + + clamav + September 25, 2008 + September 25, 2008: 01 + 236665 + remote + + + 0.94 + 0.94 + + + +

+ Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +

+ + +

+ Hanno boeck reported an error in libclamav/chmunpack.c when processing + CHM files (CVE-2008-1389). Other unspecified vulnerabilities were also + reported, including a NULL pointer dereference in libclamav + (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), + and file descriptor leaks in libclamav/others.c and libclamav/sis.c + (CVE-2008-3914). +

+ + +

+ A remote attacker could entice a user or automated system to scan a + specially crafted CHM, possibly resulting in a Denial of Service + (daemon crash). The other attack vectors mentioned above could also + result in a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94" + + + CVE-2008-1389 + CVE-2008-3912 + CVE-2008-3913 + CVE-2008-3914 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-01.xml new file mode 100644 index 0000000000..c9fedd0b40 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-01.xml @@ -0,0 +1,92 @@ + + + + + WordNet: Execution of arbitrary code + + Multiple vulnerabilities were found in WordNet, possibly allowing for the + execution of arbitrary code. + + wordnet + October 07, 2008 + October 07, 2008: 01 + 211491 + local, remote + + + 3.0-r2 + 3.0-r2 + + + +

+ WordNet is a large lexical database of English. +

+ + +

+ Jukka Ruohonen initially reported a boundary error within the + searchwn() function in src/wn.c. A thorough investigation by the oCERT + team revealed several other vulnerabilities in WordNet: +

+
    +
  • Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary + errors within the searchwn() function in src/wn.c, the wngrep() + function in lib/search.c, the morphstr() and morphword() functions in + lib/morph.c, and the getindex() in lib/search.c, which lead to + stack-based buffer overflows.
    • +
  • Rob Holland (oCERT) reported two + boundary errors within the do_init() function in lib/morph.c, which + lead to stack-based buffer overflows via specially crafted + "WNSEARCHDIR" or "WNHOME" environment variables.
    • +
  • Rob Holland + (oCERT) reported multiple boundary errors in the bin_search() and + bin_search_key() functions in binsrch.c, which lead to stack-based + buffer overflows via specially crafted data files.
    • +
  • Rob Holland + (oCERT) reported a boundary error within the parse_index() function in + lib/search.c, which leads to a heap-based buffer overflow via specially + crafted data files.
    • +
+ + +
    +
  • In case the application is accessible e.g. via a web server, + a remote attacker could pass overly long strings as arguments to the + "wm" binary, possibly leading to the execution of arbitrary code.
    • +
  • A local attacker could exploit the second vulnerability via + specially crafted "WNSEARCHDIR" or "WNHOME" environment variables, + possibly leading to the execution of arbitrary code with escalated + privileges.
    • +
  • A local attacker could exploit the third and + fourth vulnerability by making the application use specially crafted + data files, possibly leading to the execution of arbitrary code.
    • +
+ + +

+ There is no known workaround at this time. +

+ + +

+ All WordNet users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-dicts/wordnet-3.0-r2" + + + CVE-2008-2149 + CVE-2008-3908 + + + p-y + + + p-y + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-02.xml new file mode 100644 index 0000000000..176027ca43 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-02.xml @@ -0,0 +1,73 @@ + + + + + Portage: Untrusted search path local root vulnerability + + A search path vulnerability in Portage allows local attackers to execute + commands with root privileges if emerge is called from untrusted + directories. + + portage + October 09, 2008 + October 09, 2008: 01 + 239560 + local + + + 2.1.4.5 + 2.1.4.5 + + + +

+ Portage is Gentoo's package manager which is responsible for + installing, compiling and updating all packages on the system through + the Gentoo rsync tree. +

+ + +

+ The Gentoo Security Team discovered that several ebuilds, such as + sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python + code using "python -c", which includes the current working directory in + Python's module search path. For several ebuild functions, Portage did + not change the working directory from emerge's working directory. +

+ + +

+ A local attacker could place a specially crafted Python module in a + directory (such as /tmp) and entice the root user to run commands such + as "emerge sys-apps/portage" from that directory, resulting in the + execution of arbitrary Python code with root privileges. +

+ + +

+ Do not run "emerge" from untrusted working directories. +

+ + +

+ All Portage users should upgrade to the latest version: +

+ + # cd /root + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.4.5" +

+ NOTE: To upgrade to Portage 2.1.4.5 using 2.1.4.4 or prior, you must + run emerge from a trusted working directory, such as "/root". +

+ + + CVE-2008-4394 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-03.xml new file mode 100644 index 0000000000..15bb6cebe6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200810-03.xml @@ -0,0 +1,69 @@ + + + + + libspf2: DNS response buffer overflow + + A memory management error in libspf2 might allow for remote execution of + arbitrary code. + + libspf2 + October 30, 2008 + October 30, 2008: 01 + 242254 + remote + + + 1.2.8 + 1.2.8 + + + +

+ libspf2 is a library that implements the Sender Policy Framework, + allowing mail transfer agents to make sure that an email is authorized + by the domain name that it is coming from. Currently, only the exim MTA + uses libspf2 in Gentoo. +

+ + +

+ libspf2 uses a fixed-length buffer to receive DNS responses and does + not properly check the length of TXT records, leading to buffer + overflows. +

+ + +

+ A remote attacker could store a specially crafted DNS entry and entice + a user or automated system using libspf2 to lookup that SPF entry (e.g. + by sending an email to the MTA), possibly allowing for the execution of + arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libspf2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.8" + + + CVE-2008-2469 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-01.xml new file mode 100644 index 0000000000..5c2ae1d0fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-01.xml @@ -0,0 +1,127 @@ + + + + + Opera: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Opera, allowing for the + execution of arbitrary code. + + opera + November 03, 2008 + November 03, 2008: 01 + 235298 + 240500 + 243060 + 244980 + remote + + + 9.62 + 9.62 + + + +

+ Opera is a fast web browser that is available free of charge. +

+ + +

+ Multiple vulnerabilities have been discovered in Opera: +

+
    +
  • Opera does not restrict the ability of a framed web page to change + the address associated with a different frame (CVE-2008-4195).
    • +
  • Chris Weber (Casaba Security) discovered a Cross-site scripting + vulnerability (CVE-2008-4196).
    • +
  • Michael A. Puls II discovered + that Opera can produce argument strings that contain uninitialized + memory, when processing custom shortcut and menu commands + (CVE-2008-4197).
    • +
  • Lars Kleinschmidt discovered that Opera, when + rendering an HTTP page that has loaded an HTTPS page into a frame, + displays a padlock icon and offers a security information dialog + reporting a secure connection (CVE-2008-4198).
    • +
  • Opera does not + prevent use of links from web pages to feed source files on the local + disk (CVE-2008-4199).
    • +
  • Opera does not ensure that the address + field of a news feed represents the feed's actual URL + (CVE-2008-4200).
    • +
  • Opera does not check the CRL override upon + encountering a certificate that lacks a CRL (CVE-2008-4292).
    • +
  • Chris (Matasano Security) reported that Opera may crash if it is + redirected by a malicious page to a specially crafted address + (CVE-2008-4694).
    • +
  • Nate McFeters reported that Opera runs Java + applets in the context of the local machine, if that applet has been + cached and a page can predict the cache path for that applet and load + it from the cache (CVE-2008-4695).
    • +
  • Roberto Suggi Liverani + (Security-Assessment.com) reported that Opera's History Search results + does not escape certain constructs correctly, allowing for the + injection of scripts into the page (CVE-2008-4696).
    • +
  • David + Bloom reported that Opera's Fast Forward feature incorrectly executes + scripts from a page held in a frame in the outermost page instead of + the page the JavaScript URL was located (CVE-2008-4697).
    • +
  • David + Bloom reported that Opera does not block some scripts when previewing a + news feed (CVE-2008-4698).
    • +
  • Opera does not correctly sanitize + content when certain parameters are passed to Opera's History Search, + allowing scripts to be injected into the History Search results page + (CVE-2008-4794).
    • +
  • Opera's links panel incorrectly causes + scripts from a page held in a frame to be executed in the outermost + page instead of the page where the URL was located + (CVE-2008-4795).
    • +
+ + +

+ These vulnerabilties allow remote attackers to execute arbitrary code, + to run scripts injected into Opera's History Search with elevated + privileges, to inject arbitrary web script or HTML into web pages, to + manipulate the address bar, to change Opera's preferences, to determine + the validity of local filenames, to read cache files, browsing history, + and subscribed feeds or to conduct other attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.62" + + + CVE-2008-4195 + CVE-2008-4196 + CVE-2008-4197 + CVE-2008-4198 + CVE-2008-4199 + CVE-2008-4200 + CVE-2008-4292 + CVE-2008-4694 + CVE-2008-4695 + CVE-2008-4696 + CVE-2008-4697 + CVE-2008-4698 + CVE-2008-4794 + CVE-2008-4795 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-02.xml new file mode 100644 index 0000000000..9a1ee4c285 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-02.xml @@ -0,0 +1,96 @@ + + + + + Gallery: Multiple vulnerabilities + + Multiple vulnerabilities in Gallery may lead to execution of arbitrary + code, disclosure of local files or theft of user's credentials. + + gallery + November 09, 2008 + May 28, 2009: 02 + 234137 + 238113 + remote + + + 2.2.6 + 1.5.9 + 1.5.10 + 2.2.6 + + + +

+ Gallery is an open source web based photo album organizer. +

+ + +

+ Multiple vulnerabilities have been discovered in Gallery 1 and 2: +

+
    +
  • + Digital Security Research Group reported a directory traversal + vulnerability in contrib/phpBB2/modules.php in Gallery 1, when + register_globals is enabled (CVE-2008-3600). +
    • +
  • + Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag + for the session cookie in an HTTPS session (CVE-2008-3662). +
    • +
  • + Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP + archives containing symbolic links (CVE-2008-4129). +
    • +
  • + The vendor reported a Cross-Site Scripting vulnerability in Gallery 2 + (CVE-2008-4130). +
    • +
+ + +

+ Remote attackers could send specially crafted requests to a server + running Gallery, allowing for the execution of arbitrary code when + register_globals is enabled, or read arbitrary files via directory + traversals otherwise. Attackers could also entice users to visit + crafted links allowing for theft of login credentials. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Gallery 2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6" +

+ All Gallery 1 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9" + + + CVE-2008-3600 + CVE-2008-3662 + CVE-2008-4129 + CVE-2008-4130 + + + keytoaster + + + keytoaster + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-03.xml new file mode 100644 index 0000000000..dd10f43210 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-03.xml @@ -0,0 +1,64 @@ + + + + + FAAD2: User-assisted execution of arbitrary code + + A buffer overflow in FAAD2 might lead to user-assisted execution of + arbitrary code via an MP4 file. + + faad2 + November 09, 2008 + November 09, 2008: 01 + 238445 + remote + + + 2.6.1-r2 + 2.6.1-r2 + + + +

+ FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. +

+ + +

+ The ICST-ERCIS (Peking University) reported a heap-based buffer + overflow in the decodeMP4file() function in frontend/main.c. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + MPEG-4 (MP4) file in an application using FAAD2, possibly leading to + the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FAAD2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.6.1-r2" + + + CVE-2008-4201 + + + keytoaster + + + keytoaster + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-04.xml new file mode 100644 index 0000000000..8e30847017 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-04.xml @@ -0,0 +1,65 @@ + + + + + Graphviz: User-assisted execution of arbitrary code + + A buffer overflow in Graphviz might lead to user-assisted execution of + arbitrary code via a DOT file. + + graphviz + November 09, 2008 + November 09, 2008: 01 + 240636 + remote + + + 2.20.3 + 2.20.3 + + + +

+ Graphviz is an open source graph visualization software. +

+ + +

+ Roee Hay reported a stack-based buffer overflow in the push_subg() + function in parser.y when processing a DOT file with a large number of + Agraph_t elements. +

+ + +

+ A remote attacker could entice a user or automated system to open a + specially crafted DOT file in an application using Graphviz, possibly + leading to the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Graphviz users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.20.3" + + + CVE-2008-4555 + + + keytoaster + + + keytoaster + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-05.xml new file mode 100644 index 0000000000..3da6532a71 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200811-05.xml @@ -0,0 +1,132 @@ + + + + + PHP: Multiple vulnerabilities + + PHP contains several vulnerabilities including buffer and integer overflows + which could lead to the remote execution of arbitrary code. + + php + November 16, 2008 + November 16, 2008: 01 + 209148 + 212211 + 215266 + 228369 + 230575 + 234102 + remote + + + 5.2.6-r6 + 5.2.6-r6 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ Several vulnerabilitites were found in PHP: +

+
    +
  • PHP ships a + vulnerable version of the PCRE library which allows for the + circumvention of security restrictions or even for remote code + execution in case of an application which accepts user-supplied regular + expressions (CVE-2008-0674).
    • +
  • Multiple crash issues in several + PHP functions have been discovered.
    • +
  • Ryan Permeh reported that + the init_request_info() function in sapi/cgi/cgi_main.c does not + properly consider operator precedence when calculating the length of + PATH_TRANSLATED (CVE-2008-0599).
    • +
  • An off-by-one error in the + metaphone() function may lead to memory corruption.
    • +
  • Maksymilian Arciemowicz of SecurityReason Research reported an + integer overflow, which is triggerable using printf() and related + functions (CVE-2008-1384).
    • +
  • Andrei Nigmatulin reported a + stack-based buffer overflow in the FastCGI SAPI, which has unknown + attack vectors (CVE-2008-2050).
    • +
  • Stefan Esser reported that PHP + does not correctly handle multibyte characters inside the + escapeshellcmd() function, which is used to sanitize user input before + its usage in shell commands (CVE-2008-2051).
    • +
  • Stefan Esser + reported that a short-coming in PHP's algorithm of seeding the random + number generator might allow for predictible random numbers + (CVE-2008-2107, CVE-2008-2108).
    • +
  • The IMAP extension in PHP uses + obsolete c-client API calls making it vulnerable to buffer overflows as + no bounds checking can be done (CVE-2008-2829).
    • +
  • Tavis Ormandy + reported a heap-based buffer overflow in pcre_compile.c in the PCRE + version shipped by PHP when processing user-supplied regular + expressions (CVE-2008-2371).
    • +
  • CzechSec reported that specially + crafted font files can lead to an overflow in the imageloadfont() + function in ext/gd/gd.c, which is part of the GD extension + (CVE-2008-3658).
    • +
  • Maksymilian Arciemowicz of SecurityReason + Research reported that a design error in PHP's stream wrappers allows + to circumvent safe_mode checks in several filesystem-related PHP + functions (CVE-2008-2665, CVE-2008-2666).
    • +
  • Laurent Gaffie + discovered a buffer overflow in the internal memnstr() function, which + is used by the PHP function explode() (CVE-2008-3659).
    • +
  • An + error in the FastCGI SAPI when processing a request with multiple dots + preceding the extension (CVE-2008-3660).
    • +
+ + +

+ These vulnerabilities might allow a remote attacker to execute + arbitrary code, to cause a Denial of Service, to circumvent security + restrictions, to disclose information, and to manipulate files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.6-r6" + + + CVE-2008-0599 + CVE-2008-0674 + CVE-2008-1384 + CVE-2008-2050 + CVE-2008-2051 + CVE-2008-2107 + CVE-2008-2108 + CVE-2008-2371 + CVE-2008-2665 + CVE-2008-2666 + CVE-2008-2829 + CVE-2008-3658 + CVE-2008-3659 + CVE-2008-3660 + + + rbu + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-01.xml new file mode 100644 index 0000000000..93b74573ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-01.xml @@ -0,0 +1,65 @@ + + + + + OptiPNG: User-assisted execution of arbitrary code + + A vulnerability in OptiPNG might result in user-assisted execution of + arbitrary code. + + optipng + December 02, 2008 + December 02, 2008: 01 + 246522 + remote + + + 0.6.2 + 0.6.2 + + + +

+ OptiPNG is a PNG optimizer that recompresses image files to a smaller + size, without losing any information. +

+ + +

+ A buffer overflow in the BMP reader in OptiPNG has been reported. +

+ + +

+ A remote attacker could entice a user to process a specially crafted + BMP image, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OptiPNG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2" + + + CVE-2008-5101 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-02.xml new file mode 100644 index 0000000000..eec9a31e76 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-02.xml @@ -0,0 +1,69 @@ + + + + + enscript: User-assisted execution of arbitrary code + + Two buffer overflows in enscript might lead to the execution of arbitrary + code. + + enscript + December 02, 2008 + December 02, 2008: 02 + 243228 + remote + + + 1.6.4-r4 + 1.6.4-r4 + + + +

+ enscript is a powerful ASCII to PostScript file converter. +

+ + +

+ Two stack-based buffer overflows in the read_special_escape() function + in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research + discovered a vulnerability related to the "setfilename" command + (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability + related to the "font" escape sequence (CVE-2008-4306). +

+ + +

+ An attacker could entice a user or automated system to process + specially crafted input with the special escapes processing enabled + using the "-e" option, possibly resulting in the execution of arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All enscript users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.4-r4" + + + CVE-2008-3863 + CVE-2008-4306 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-03.xml new file mode 100644 index 0000000000..0898f64b27 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-03.xml @@ -0,0 +1,76 @@ + + + + + IPsec-Tools: racoon Denial of Service + + IPsec-Tools' racoon is affected by a remote Denial of Service + vulnerability. + + ipsec-tools + December 02, 2008 + December 02, 2008: 01 + 232831 + remote + + + 0.7.1 + 0.7.1 + + + +

+ IPsec-Tools is a port of KAME's implementation of the IPsec utilities. + It contains a collection of network monitoring tools, including racoon, + ping, and ping6. +

+ + +

+ Two Denial of Service vulnerabilities have been reported in racoon: +

+
    +
  • + The vendor reported a memory leak in racoon/proposal.c that can be + triggered via invalid proposals (CVE-2008-3651). +
    • +
  • + Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not + remove an "orphaned ph1" (phase 1) handle when it has been initiated + remotely (CVE-2008-3652). +
    • +
+ + +

+ An attacker could exploit these vulnerabilities to cause a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IPsec-Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.1" + + + CVE-2008-3651 + CVE-2008-3652 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-04.xml new file mode 100644 index 0000000000..1faca26e46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-04.xml @@ -0,0 +1,80 @@ + + + + + lighttpd: Multiple vulnerabilities + + Multiple vulnerabilities in lighttpd may lead to information disclosure or + a Denial of Service. + + lighttpd + December 02, 2008 + December 02, 2008: 01 + 238180 + remote + + + 1.4.20 + 1.4.20 + + + +

+ lighttpd is a lightweight high-performance web server. +

+ + +

+ Multiple vulnerabilities have been reported in lighttpd: +

+
    +
  • + Qhy reported a memory leak in the http_request_parse() function in + request.c (CVE-2008-4298). +
    • +
  • + Gaetan Bisson reported that URIs are not decoded before applying + url.redirect and url.rewrite rules (CVE-2008-4359). +
    • +
  • + Anders1 reported that mod_userdir performs case-sensitive comparisons + on filename components in configuration options, which is insufficient + when case-insensitive filesystems are used (CVE-2008-4360). +
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service, to bypass intended access restrictions, to obtain sensitive + information, or to possibly modify data. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20" + + + CVE-2008-4298 + CVE-2008-4359 + CVE-2008-4360 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-05.xml new file mode 100644 index 0000000000..389a444a17 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-05.xml @@ -0,0 +1,65 @@ + + + + + libsamplerate: User-assisted execution of arbitrary code + + A buffer overflow vulnerability in libsamplerate might lead to the + execution of arbitrary code. + + libsamplerate + December 02, 2008 + December 02, 2008: 01 + 237037 + remote + + + 0.1.4 + 0.1.4 + + + +

+ Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for + audio. +

+ + +

+ Russell O'Connor reported a buffer overflow in src/src_sinc.c related + to low conversion ratios. +

+ + +

+ A remote attacker could entice a user or automated system to process a + specially crafted audio file possibly leading to the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libsamplerate users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsamplerate-0.1.4" + + + CVE-2008-5008 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-06.xml new file mode 100644 index 0000000000..07980f14cb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-06.xml @@ -0,0 +1,97 @@ + + + + + libxml2: Multiple vulnerabilities + + Multiple vulnerabilities in libxml2 might lead to execution of arbitrary + code or Denial of Service. + + libxml2 + December 02, 2008 + December 02, 2008: 01 + 234099 + 237806 + 239346 + 245960 + remote + + + 2.7.2-r1 + 2.7.2-r1 + + + +

+ libxml2 is the XML (eXtended Markup Language) C parser and toolkit + initially developed for the Gnome project. +

+ + +

+ Multiple vulnerabilities were reported in libxml2: +

+
    +
  • + Andreas Solberg reported that libxml2 does not properly detect + recursion during entity expansion in an attribute value + (CVE-2008-3281). +
    • +
  • + A heap-based buffer overflow has been reported in the + xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). +
    • +
  • + Christian Weiske reported that predefined entity definitions in + entities are not properly handled (CVE-2008-4409). +
    • +
  • + Drew Yao of Apple Product Security reported an integer overflow in the + xmlBufferResize() function that can lead to an infinite loop + (CVE-2008-4225). +
    • +
  • + Drew Yao of Apple Product Security reported an integer overflow in the + xmlSAX2Characters() function leading to a memory corruption + (CVE-2008-4226). +
    • +
+ + +

+ A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2, + possibly resulting in the exeution of arbitrary code or a high CPU and + memory consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libxml2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1" + + + CVE-2008-3281 + CVE-2008-3529 + CVE-2008-4409 + CVE-2008-4225 + CVE-2008-4226 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-07.xml new file mode 100644 index 0000000000..4025d79cc2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-07.xml @@ -0,0 +1,86 @@ + + + + + Mantis: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Mantis, the most severe of + which leading to the remote execution of arbitrary code. + + mantisbt + December 02, 2008 + December 02, 2008: 01 + 238570 + 241940 + 242722 + remote + + + 1.1.4-r1 + 1.1.4-r1 + + + +

+ Mantis is a PHP/MySQL/Web based bugtracking system. +

+ + +

+ Multiple issues have been reported in Mantis: +

+
    +
  • + EgiX reported that manage_proj_page.php does not correctly sanitize the + sort parameter before passing it to create_function() in + core/utility_api.php (CVE-2008-4687). +
    • +
  • + Privileges of viewers are not sufficiently checked before composing a + link with issue data in the source anchor (CVE-2008-4688). +
    • +
  • + Mantis does not unset the session cookie during logout (CVE-2008-4689). +
    • +
  • + Mantis does not set the secure flag for the session cookie in an HTTPS + session (CVE-2008-3102). +
    • +
+ + +

+ Remote unauthenticated attackers could exploit these vulnerabilities to + execute arbitrary PHP commands, disclose sensitive issue data, or + hijack a user's sessions. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mantis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1" + + + CVE-2008-3102 + CVE-2008-4687 + CVE-2008-4688 + CVE-2008-4689 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-08.xml new file mode 100644 index 0000000000..6c1bdf2ec8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-08.xml @@ -0,0 +1,64 @@ + + + + + Mgetty: Insecure temporary file usage + + Mgetty uses temporary files in an insecure manner, allowing for symlink + attacks. + + mgetty + December 06, 2008 + December 23, 2008: 02 + 235806 + local + + + 1.1.36-r3 + 1.1.36-r3 + + + +

+ Mgetty is a set of fax and voice modem programs. +

+ + +

+ Dmitry E. Oboukhov reported that the "spooldir" directory in + fax/faxspool.in is created in an insecure manner. +

+ + +

+ A local attacker could exploit this vulnerability to overwrite + arbitrary files with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Mgetty users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/mgetty-1.1.36-r3" + + + CVE-2008-4936 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-09.xml new file mode 100644 index 0000000000..ed0391baaa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-09.xml @@ -0,0 +1,69 @@ + + + + + OpenSC: Insufficient protection of smart card PIN + + Smart cards formatted using OpenSC do not sufficiently protect the PIN, + allowing attackers to reset it. + + opensc + December 10, 2008 + December 10, 2008: 01 + 233543 + local + + + 0.11.6 + 0.11.6 + + + +

+ OpenSC is a smart card application that allows reading and writing via + PKCS#11. +

+ + +

+ Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN + file control information of 00) for the 5015 directory on smart cards + and USB crypto tokens running Siemens CardOS M4. +

+ + +

+ A physically proximate attacker can exploit this vulnerability to + change the PIN on a smart card and use it for authentication, leading + to privilege escalation. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSC users should upgrade to the latest version, and then check + and update their smart cards: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.6" + # pkcs15-tool --test-update + # pkcs15-tool --test-update --update + + + CVE-2008-2235 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-10.xml new file mode 100644 index 0000000000..774d0ba801 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-10.xml @@ -0,0 +1,64 @@ + + + + + Archive::Tar: Directory traversal vulnerability + + A directory traversal vulnerability has been discovered in Archive::Tar. + + Archive-Tar + December 10, 2008 + December 10, 2008: 01 + 192989 + remote + + + 1.40 + 1.40 + + + +

+ Archive::Tar is a Perl module for creation and manipulation of tar + files. +

+ + +

+ Jonathan Smith of rPath reported that Archive::Tar does not check for + ".." in file names. +

+ + +

+ A remote attacker could entice a user or automated system to extract a + specially crafted tar archive, overwriting files at arbitrary locations + outside of the specified directory. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Archive::Tar users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=perl-core/Archive-Tar-1.40" + + + CVE-2007-4829 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-11.xml new file mode 100644 index 0000000000..4f6db6bb3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-11.xml @@ -0,0 +1,81 @@ + + + + + CUPS: Multiple vulnerabilities + + Several remotely exploitable bugs have been found in CUPS, which allow + remote execution of arbitrary code. + + cups + December 10, 2008 + December 10, 2008: 01 + 238976 + 249727 + remote + + + 1.3.9-r1 + 1.3.9-r1 + + + +

+ CUPS is the Common Unix Printing System. +

+ + +

+ Several buffer overflows were found in: +

+
    +
  • + The read_rle16 function in imagetops (CVE-2008-3639, found by + regenrecht, reported via ZDI) +
    • +
  • + The WriteProlog function in texttops (CVE-2008-3640, found by + regenrecht, reported via ZDI) +
    • +
  • + The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641, + found by regenrecht, reported via iDefense) +
    • +
  • + The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs) +
    • +
+ + +

+ A remote attacker could send specially crafted input to a vulnerable + server, resulting in the remote execution of arbitrary code with the + privileges of the user running the server. +

+ + +

+ None this time. +

+ + +

+ All CUPS users should upgrade to the latest version. +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1" + + + CVE-2008-3639 + CVE-2008-3640 + CVE-2008-3641 + CVE-2008-5286 + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-12.xml new file mode 100644 index 0000000000..33dd1b7d5c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-12.xml @@ -0,0 +1,63 @@ + + + + + Honeyd: Insecure temporary file creation + + An insecure temporary file usage has been reported in Honeyd, possibly + leading to symlink attacks. + + honeyd + December 12, 2008 + December 12, 2008: 01 + 237481 + local + + + 1.5c-r1 + 1.5c-r1 + + + +

+ Honeyd is a small daemon that creates virtual hosts on a network. +

+ + +

+ Dmitry E. Oboukhov reported an insecure temporary file usage within the + "test.sh" script. +

+ + +

+ A local attacker could perform symlink attacks and overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Honeyd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/honeyd-1.5c-r1" + + + CVE-2008-3928 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-13.xml new file mode 100644 index 0000000000..314bee38f2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-13.xml @@ -0,0 +1,83 @@ + + + + + OpenOffice.org: Multiple vulnerabilities + + Multiple vulnerabilities in OpenOffice.org might allow for user-assisted + execution of arbitrary code or symlink attacks. + + openoffice openoffice-bin + December 12, 2008 + December 12, 2008: 01 + 235824 + 244995 + local, remote + + + 3.0.0 + 3.0.0 + + + 3.0.0 + 3.0.0 + + + +

+ OpenOffice.org is an open source office productivity suite, including + word processing, spreadsheet, presentation, drawing, data charting, + formula editing, and file conversion facilities. +

+ + +

+ Two heap-based buffer overflows when processing WMF files + (CVE-2008-2237) and EMF files (CVE-2008-2238) were discovered. Dmitry + E. Oboukhov also reported an insecure temporary file usage within the + senddoc script (CVE-2008-4937). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + document, resulting in the remote execution of arbitrary code. A local + attacker could perform symlink attacks to overwrite arbitrary files on + the system. Both cases happen with the privileges of the user running + the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenOffice.org users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-3.0.0" +

+ All OpenOffice.org binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-3.0.0" + + + CVE-2008-2237 + CVE-2008-2238 + CVE-2008-4937 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-14.xml new file mode 100644 index 0000000000..69058ef87b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-14.xml @@ -0,0 +1,64 @@ + + + + + aview: Insecure temporary file usage + + An insecure temporary file usage has been reported in aview, leading to + symlink attacks. + + aview + December 14, 2008 + December 14, 2008: 01 + 235808 + local + + + 1.3.0_rc1-r1 + 1.3.0_rc1-r1 + + + +

+ aview is an ASCII image viewer and animation player. +

+ + +

+ Dmitry E. Oboukhov reported that aview uses the "/tmp/aview$$.pgm" file + in an insecure manner when processing files. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files on the system with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All aview users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/aview-1.3.0_rc1-r1" + + + CVE-2008-4935 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-15.xml new file mode 100644 index 0000000000..ff007ad1a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-15.xml @@ -0,0 +1,71 @@ + + + + + POV-Ray: User-assisted execution of arbitrary code + + POV-Ray includes a version of libpng that might allow for the execution of + arbitrary code when reading a specially crafted PNG file + + povray + December 14, 2008 + December 14, 2008: 01 + 153538 + local + + + 3.6.1-r4 + 3.6.1-r4 + + + +

+ POV-Ray is a well known open-source ray tracer. +

+ + +

+ POV-Ray uses a statically linked copy of libpng to view and output PNG + files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, + CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in + POV-Ray's build system caused it to load the old version when your + installed copy of libpng was >=media-libs/libpng-1.2.10. +

+ + +

+ An attacker could entice a user to load a specially crafted PNG file as + a texture, resulting in the execution of arbitrary code with the + permissions of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All POV-Ray users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/povray-3.6.1-r4" + + + CVE-2004-0768 + CVE-2006-0481 + CVE-2006-3334 + CVE-2008-1382 + CVE-2008-3964 + + + mabi + + + mabi + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-16.xml new file mode 100644 index 0000000000..9d34a4cc1d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-16.xml @@ -0,0 +1,81 @@ + + + + + Dovecot: Multiple vulnerabilities + + Multiple vulnerabilities were found in the Dovecot mailserver. + + dovecot + December 14, 2008 + December 14, 2008: 01 + 240409 + 244962 + 245316 + remote + + + 1.1.7-r1 + 1.1.7-r1 + + + +

+ Dovecot is an IMAP and POP3 server written with security primarily in + mind. +

+ + +

+ Several vulnerabilities were found in Dovecot: +

+
    +
  • The "k" + right in the acl_plugin does not work as expected (CVE-2008-4577, + CVE-2008-4578)
    • +
  • The dovecot.conf is world-readable, providing + improper protection for the ssl_key_password setting + (CVE-2008-4870)
    • +
  • A permanent Denial of Service with broken mail + headers is possible (CVE-2008-4907)
    • +
+ + +

+ These vulnerabilities might allow a remote attacker to cause a Denial + of Service, to circumvent security restrictions or allow local + attackers to disclose the passphrase of the SSL private key. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dovecot users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.1.7-r1" +

+ Users should be aware that dovecot.conf will still be world-readable + after the update. If employing ssl_key_password, it should not be used + in dovecot.conf but in a separate file which should be included with + "include_try". +

+ + + CVE-2008-4577 + CVE-2008-4578 + CVE-2008-4870 + CVE-2008-4907 + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-17.xml new file mode 100644 index 0000000000..9e0f116037 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-17.xml @@ -0,0 +1,120 @@ + + + + + Ruby: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Ruby that allow for + attacks including arbitrary code execution and Denial of Service. + + ruby + December 16, 2008 + December 16, 2008: 01 + 225465 + 236060 + remote + + + 1.8.6_p287-r1 + 1.8.6_p287-r1 + + + +

+ Ruby is an interpreted object-oriented programming language. The + elaborate standard library includes an HTTP server ("WEBRick") and a + class for XML parsing ("REXML"). +

+ + +

+ Multiple vulnerabilities have been discovered in the Ruby interpreter + and its standard libraries. Drew Yao of Apple Product Security + discovered the following flaws: +

+
    +
  • Arbitrary code execution + or Denial of Service (memory corruption) in the rb_str_buf_append() + function (CVE-2008-2662).
    • +
  • Arbitrary code execution or Denial + of Service (memory corruption) in the rb_ary_stor() function + (CVE-2008-2663).
    • +
  • Memory corruption via alloca in the + rb_str_format() function (CVE-2008-2664).
    • +
  • Memory corruption + ("REALLOC_N") in the rb_ary_splice() and rb_ary_replace() functions + (CVE-2008-2725).
    • +
  • Memory corruption ("beg + rlen") in the + rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726).
    • +

+ Furthermore, several other vulnerabilities have been reported: +

+
    +
  • Tanaka Akira reported an issue with resolv.rb that enables + attackers to spoof DNS responses (CVE-2008-1447).
    • +
  • Akira Tagoh + of RedHat discovered a Denial of Service (crash) issue in the + rb_ary_fill() function in array.c (CVE-2008-2376).
    • +
  • Several + safe level bypass vulnerabilities were discovered and reported by Keita + Yamaguchi (CVE-2008-3655).
    • +
  • Christian Neukirchen is credited + for discovering a Denial of Service (CPU consumption) attack in the + WEBRick HTTP server (CVE-2008-3656).
    • +
  • A fault in the dl module + allowed the circumvention of taintness checks which could possibly lead + to insecure code execution was reported by "sheepman" + (CVE-2008-3657).
    • +
  • Tanaka Akira again found a DNS spoofing + vulnerability caused by the resolv.rb implementation using poor + randomness (CVE-2008-3905).
    • +
  • Luka Treiber and Mitja Kolsek + (ACROS Security) disclosed a Denial of Service (CPU consumption) + vulnerability in the REXML module when dealing with recursive entity + expansion (CVE-2008-3790).
    • +
+ + +

+ These vulnerabilities allow remote attackers to execute arbitrary code, + spoof DNS responses, bypass Ruby's built-in security and taintness + checks, and cause a Denial of Service via crash or CPU exhaustion. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1" + + + CVE-2008-1447 + CVE-2008-2376 + CVE-2008-2662 + CVE-2008-2663 + CVE-2008-2664 + CVE-2008-2725 + CVE-2008-2726 + CVE-2008-3655 + CVE-2008-3656 + CVE-2008-3657 + CVE-2008-3790 + CVE-2008-3905 + + + keytoaster + + + hoffie + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-18.xml new file mode 100644 index 0000000000..f9546b25bb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-18.xml @@ -0,0 +1,78 @@ + + + + + JasPer: User-assisted execution of arbitrary code + + Multiple memory management errors in JasPer might lead to execution of + arbitrary code via jpeg2k files. + + jasper + December 16, 2008 + December 16, 2008: 01 + 222819 + remote + + + 1.900.1-r3 + 1.900.1-r3 + + + +

+ The JasPer Project is an open-source initiative to provide a free + software-based reference implementation of the codec specified in the + JPEG-2000 Part-1 (jpeg2k) standard. +

+ + +

+ Marc Espie and Christian Weisgerber have discovered multiple + vulnerabilities in JasPer: +

+
    +
  • + Multiple integer overflows might allow for insufficient memory + allocation, leading to heap-based buffer overflows (CVE-2008-3520). +
    • +
  • + The jas_stream_printf() function in libjasper/base/jas_stream.c uses + vsprintf() to write user-provided data to a static to a buffer, leading + to an overflow (CVE-2008-3522). +
    • +
+ + +

+ Remote attackers could entice a user or automated system to process + specially crafted jpeg2k files with an application using JasPer, + possibly leading to the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All JasPer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r3" + + + CVE-2008-3520 + CVE-2008-3522 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-19.xml new file mode 100644 index 0000000000..0ce0878bcb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-19.xml @@ -0,0 +1,73 @@ + + + + + PowerDNS: Multiple vulnerabilities + + Two vulnerabilities have been discovered in PowerDNS, possibly leading to a + Denial of Service and easing cache poisoning attacks. + + pdns + December 19, 2008 + December 19, 2008: 01 + 234032 + 247079 + remote + + + 2.9.21.2 + 2.9.21.2 + + + +

+ The PowerDNS Nameserver is an authoritative-only nameserver which uses + a flexible backend architecture. +

+ + +

+ Daniel Drown reported an error when receiving a HINFO CH query + (CVE-2008-5277). Brian J. Dowling of Simplicity Communications + discovered a previously unknown security implication of the PowerDNS + behavior to not respond to certain queries it considers malformed + (CVE-2008-3337). +

+ + +

+ A remote attacker could send specially crafted queries to cause a + Denial of Service. The second vulnerability in itself does not pose a + security risk to PowerDNS Nameserver. However, not answering a query + for an invalid DNS record within a valid domain allows for a larger + spoofing window on third-party nameservers for domains being hosted by + PowerDNS Nameserver itself. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PowerDNS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdns-2.9.21.2" + + + CVE-2008-3337 + CVE-2008-5277 + + + p-y + + + p-y + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-20.xml new file mode 100644 index 0000000000..0ab9eb1d48 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-20.xml @@ -0,0 +1,86 @@ + + + + + phpCollab: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in phpCollab allowing for + remote injection of shell commands, PHP code and SQL statements. + + phpcollab + December 21, 2008 + December 21, 2008: 01 + 235052 + remote + + + 2.5_rc3 + + + +

+ phpCollab is a web-enabled groupware and project management software + written in PHP. It uses SQL-based database backends. +

+ + +

+ Multiple vulnerabilities have been found in phpCollab: +

+
    +
  • rgod reported that data sent to general/sendpassword.php via the + loginForm parameter is not properly sanitized before being used in an + SQL statement (CVE-2006-1495).
    • +
  • Christian Hoffmann of Gentoo + Security discovered multiple vulnerabilities where input is + insufficiently sanitized before being used in an SQL statement, for + instance in general/login.php via the loginForm parameter. + (CVE-2008-4303).
    • +
  • Christian Hoffmann also found out that the + variable $SSL_CLIENT_CERT in general/login.php is not properly + sanitized before being used in a shell command. (CVE-2008-4304).
    • +
  • User-supplied data to installation/setup.php is not checked before + being written to include/settings.php which is executed later. This + issue was reported by Christian Hoffmann as well (CVE-2008-4305).
    • +
+ + +

+ These vulnerabilities enable remote attackers to execute arbitrary SQL + statements and PHP code. NOTE: Some of the SQL injection + vulnerabilities require the php.ini option "magic_quotes_gpc" to be + disabled. Furthermore, an attacker might be able to execute arbitrary + shell commands if "register_globals" is enabled, "magic_quotes_gpc" is + disabled, the PHP OpenSSL extension is not installed or loaded and the + file "installation/setup.php" has not been deleted after installation. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ phpCollab has been removed from the Portage tree. We recommend that + users unmerge phpCollab: +

+ + # emerge --unmerge "www-apps/phpcollab" + + + CVE-2006-1495 + CVE-2008-4303 + CVE-2008-4304 + CVE-2008-4305 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-21.xml new file mode 100644 index 0000000000..f0be87f7be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-21.xml @@ -0,0 +1,71 @@ + + + + + ClamAV: Multiple vulnerabilities + + Two vulnerabilities in ClamAV may allow for the remote execution of + arbitrary code or a Denial of Service. + + clamav + December 23, 2008 + December 23, 2008: 01 + 245450 + 249833 + remote + + + 0.94.2 + 0.94.2 + + + +

+ Clam AntiVirus is a free anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +

+ + +

+ Moritz Jodeit reported an off-by-one error within the + get_unicode_name() function in libclamav/vba_extract.c when processing + VBA project files (CVE-2008-5050). Ilja van Sprundel reported an + infinite recursion error within the cli_check_jpeg_exploit() function + in libclamav/special.c when processing JPEG files (CVE-2008-5314). +

+ + +

+ A remote attacker could send a specially crafted VBA or JPEG file to + the clamd daemon, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the application + or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ClamAV users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94.2" + + + CVE-2008-5050 + CVE-2008-5314 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-22.xml new file mode 100644 index 0000000000..f6e7dfbb00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-22.xml @@ -0,0 +1,64 @@ + + + + + Ampache: Insecure temporary file usage + + An insecure temporary file usage has been reported in Ampache, allowing for + symlink attacks. + + ampache + December 23, 2008 + December 23, 2008: 01 + 237483 + local + + + 3.4.3 + 3.4.3 + + + +

+ Ampache is a PHP based tool for managing, updating and playing audio + files via a web interface. +

+ + +

+ Dmitry E. Oboukhov reported an insecure temporary file usage within the + gather-messages.sh script. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ampache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/ampache-3.4.3" + + + CVE-2008-3929 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-23.xml new file mode 100644 index 0000000000..0c2e4be90b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-23.xml @@ -0,0 +1,65 @@ + + + + + Imlib2: User-assisted execution of arbitrary code + + A buffer overflow vulnerability has been discovered in Imlib2. + + imlib2 + December 23, 2008 + December 23, 2008: 01 + 248057 + remote + + + 1.4.2-r1 + 1.4.2-r1 + + + +

+ Imlib2 is replacement library from the Enlightenment project for + libraries like libXpm. +

+ + +

+ Julien Danjou reported a pointer arithmetic error and a heap-based + buffer overflow within the load() function of the XPM image loader. +

+ + +

+ A remote attacker could entice a user to process a specially crafted + XPM image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Imlib2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.4.2-r1" + + + CVE-2008-5187 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-24.xml new file mode 100644 index 0000000000..4e7c18dd3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200812-24.xml @@ -0,0 +1,80 @@ + + + + + VLC: Multiple vulnerabilities + + Multiple vulnerabilities in VLC may lead to the remote execution of + arbitrary code. + + vlc + December 24, 2008 + December 24, 2008: 01 + 245774 + 249391 + remote + + + 0.9.8a + 0.9.8a + + + +

+ VLC is a cross-platform media player and streaming server. +

+ + +

+ Tobias Klein reported the following vulnerabilities: +

+
    +
  • A + stack-based buffer overflow when processing CUE image files in + modules/access/vcd/cdrom.c (CVE-2008-5032).
    • +
  • A stack-based + buffer overflow when processing RealText (.rt) subtitle files in the + ParseRealText() function in modules/demux/subtitle.c + (CVE-2008-5036).
    • +
  • An integer overflow when processing RealMedia + (.rm) files in the ReadRealIndex() function in real.c in the Real + demuxer plugin, leading to a heap-based buffer overflow + (CVE-2008-5276).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted CUE + image file, RealMedia file or RealText subtitle file, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.9.8a" + + + CVE-2008-5032 + CVE-2008-5036 + CVE-2008-5276 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-01.xml new file mode 100644 index 0000000000..2486be14ff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-01.xml @@ -0,0 +1,65 @@ + + + + + NDISwrapper: Arbitrary remote code execution + + Multiple buffer overflows might lead to remote execution of arbitrary code + with root privileges. + + ndiswrapper + January 11, 2009 + January 11, 2009: 01 + 239371 + remote + + + 1.53-r1 + 1.53-r1 + + + +

+ NDISwrapper is a Linux kernel module that enables the use of Microsoft + Windows drivers for wireless network devices. +

+ + +

+ Anders Kaseorg reported multiple buffer overflows related to long + ESSIDs. +

+ + +

+ A physically proximate attacker could send packets over a wireless + network that might lead to the execution of arbitrary code with root + privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NDISwrapper users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/ndiswrapper-1.53-r1" + + + CVE-2008-4395 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-02.xml new file mode 100644 index 0000000000..afa96cfb3d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-02.xml @@ -0,0 +1,83 @@ + + + + + JHead: Multiple vulnerabilities + + Multiple vulnerabilities in JHead might lead to the execution of arbitrary + code or data loss. + + jhead + January 11, 2009 + January 11, 2009: 01 + 242702 + 243238 + remote + + + 2.84-r1 + 2.84-r1 + + + +

+ JHead is an exif jpeg header manipulation tool. +

+ + +

+ Marc Merlin and John Dong reported multiple vulnerabilities in JHead: +

+
    +
  • + A buffer overflow in the DoCommand() function when processing the cmd + argument and related to potential string overflows (CVE-2008-4575). +
    • +
  • + An insecure creation of a temporary file (CVE-2008-4639). +
    • +
  • + A error when unlinking a file (CVE-2008-4640). +
    • +
  • + Insufficient escaping of shell metacharacters (CVE-2008-4641). +
    • +
+ + +

+ A remote attacker could possibly execute arbitrary code by enticing a + user or automated system to open a file with a long filename or via + unspecified vectors. It is also possible to trick a user into deleting + or overwriting files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All JHead users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/jhead-2.84-r1" + + + CVE-2008-4575 + CVE-2008-4639 + CVE-2008-4640 + CVE-2008-4641 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-03.xml new file mode 100644 index 0000000000..f24b1c6ccc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-03.xml @@ -0,0 +1,79 @@ + + + + + pdnsd: Denial of Service and cache poisoning + + Two errors in pdnsd allow for Denial of Service and cache poisoning. + + pdnsd + January 11, 2009 + January 11, 2009: 01 + 231285 + remote + + + 1.2.7 + 1.2.7 + + + +

+ pdnsd is a proxy DNS server with permanent caching that is designed to + cope with unreachable DNS servers. +

+ + +

+ Two issues have been reported in pdnsd: +

+
    +
  • + The p_exec_query() function in src/dns_query.c does not properly handle + many entries in the answer section of a DNS reply, related to a + "dangling pointer bug" (CVE-2008-4194). +
    • +
  • + The default value for query_port_start was set to 0, disabling UDP + source port randomization for outgoing queries (CVE-2008-1447). +
    • +
+ + +

+ An attacker could exploit the second weakness to poison the cache of + pdnsd and thus spoof DNS traffic, which could e.g. lead to the + redirection of web or mail traffic to malicious sites. The first issue + can be exploited by enticing pdnsd to send a query to a malicious DNS + server, or using the port randomization weakness, and might lead to a + Denial of Service. +

+ + +

+ Port randomization can be enabled by setting the "query_port_start" + option to 1024 which would resolve the CVE-2008-1447 issue. +

+ + +

+ All pdnsd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdnsd-1.2.7" + + + CVE-2008-1447 + CVE-2008-4194 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-04.xml new file mode 100644 index 0000000000..1cc9f28d53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-04.xml @@ -0,0 +1,64 @@ + + + + + D-Bus: Denial of Service + + An error condition can cause D-Bus to crash. + + dbus + January 11, 2009 + January 11, 2009: 01 + 240308 + local + + + 1.2.3-r1 + 1.2.3-r1 + + + +

+ D-Bus is a daemon providing a framework for applications to communicate + with one another. +

+ + +

+ schelte reported that the dbus_signature_validate() function can + trigger a failed assertion when processing a message containing a + malformed signature. +

+ + +

+ A local user could send a specially crafted message to the D-Bus + daemon, leading to a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All D-Bus users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.2.3-r1" + + + CVE-2008-3834 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-05.xml new file mode 100644 index 0000000000..c9e0e6ef21 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-05.xml @@ -0,0 +1,67 @@ + + + + + Streamripper: Multiple vulnerabilities + + Multiple buffer overflows have been discovered in Streamripper, allowing + for user-assisted execution of arbitrary code. + + streamripper + January 11, 2009 + January 11, 2009: 01 + 249039 + remote + + + 1.64.0 + 1.64.0 + + + +

+ Streamripper is a tool for extracting and recording mp3 files from a + Shoutcast stream. +

+ + +

+ Stefan Cornelius from Secunia Research reported multiple buffer + overflows in the http_parse_sc_header(), http_get_pls() and + http_get_m3u() functions in lib/http.c when parsing overly long HTTP + headers, or pls and m3u playlists with overly long entries. +

+ + +

+ A remote attacker could entice a user to connect to a malicious server, + possibly resulting in the remote execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Streamripper users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.64.0" + + + CVE-2008-4829 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-06.xml new file mode 100644 index 0000000000..bb0d63f991 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-06.xml @@ -0,0 +1,71 @@ + + + + + Tremulous: User-assisted execution of arbitrary code + + A buffer overflow vulnerability has been discovered in Tremulous. + + tremulous tremulous-bin + January 11, 2009 + January 11, 2009: 01 + 222119 + remote + + + 1.1.0-r2 + 1.1.0-r2 + + + 1.1.0 + + + +

+ Tremulous is a team-based First Person Shooter game. +

+ + +

+ It has been reported that Tremulous includes a vulnerable version of + the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236). +

+ + +

+ A remote attacker could entice a user to connect to a malicious games + server, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Tremulous users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-fps/tremulous-1.1.0-r2" +

+ Note: The binary version of Tremulous has been removed from the Portage + tree. +

+ + + CVE-2006-2236 + GLSA 200605-12 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-07.xml new file mode 100644 index 0000000000..9f410d37c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-07.xml @@ -0,0 +1,83 @@ + + + + + MPlayer: Multiple vulnerabilities + + Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary + code or a Denial of Service. + + mplayer + January 12, 2009 + January 12, 2009: 01 + 231836 + 239130 + 251017 + remote + + + 1.0_rc2_p28058-r1 + 1.0_rc2_p28058-r1 + + + +

+ MPlayer is a media player including support for a wide range of audio + and video formats. +

+ + +

+ Multiple vulnerabilities have been reported in MPlayer: +

+
    +
  • A + stack-based buffer overflow was found in the str_read_packet() function + in libavformat/psxstr.c when processing crafted STR files that + interleave audio and video sectors (CVE-2008-3162).
    • +
  • Felipe + Andres Manzano reported multiple integer underflows in the + demux_real_fill_buffer() function in demux_real.c when processing + crafted Real Media files that cause the stream_read() function to read + or write arbitrary memory (CVE-2008-3827).
    • +
  • Tobias Klein + reported a stack-based buffer overflow in the demux_open_vqf() function + in libmpdemux/demux_vqf.c when processing malformed TwinVQ files + (CVE-2008-5616).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted STR, + Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPlayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p28058-r1 " + + + CVE-2008-3162 + CVE-2008-3827 + CVE-2008-5616 + + + rbu + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-08.xml new file mode 100644 index 0000000000..acd2e8ad5e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-08.xml @@ -0,0 +1,72 @@ + + + + + Online-Bookmarks: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Online-Bookmarks. + + online-bookmarks + January 12, 2009 + January 12, 2009: 01 + 235053 + remote + + + 0.6.28 + 0.6.28 + + + +

+ Online-Bookmarks is a web-based bookmark management system to store + your bookmarks, favorites and links. +

+ + +

+ The following vulnerabilities were reported: +

+
  • Authentication bypass when directly requesting certain pages + (CVE-2004-2155).
    • +
  • Insufficient input validation in the login + function in auth.inc (CVE-2006-6358).
    • +
  • Unspecified cross-site + scripting vulnerability (CVE-2006-6359).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities to bypass + authentication mechanisms, execute arbitrary SQL statements or inject + arbitrary web scripts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Online-Bookmarks users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/online-bookmarks-0.6.28" + + + CVE-2004-2155 + CVE-2006-6358 + CVE-2006-6359 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-09.xml new file mode 100644 index 0000000000..b52816217f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-09.xml @@ -0,0 +1,104 @@ + + + + + Adobe Reader: User-assisted execution of arbitrary code + + Adobe Reader is vulnerable to execution of arbitrary code. + + acroread + January 13, 2009 + January 13, 2009: 01 + 225483 + remote + + + 8.1.3 + 8.1.3 + + + +

+ Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +

+ + +
    +
  • + An unspecified vulnerability can be triggered by a malformed PDF + document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549). +
    • +
  • + Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg + MacManus reported a stack-based buffer overflow in the util.printf + JavaScript function that incorrectly handles the format string argument + (CVE-2008-2992). +
    • +
  • + Greg MacManus of iDefense Labs reported an array index error that can + be leveraged for an out-of-bounds write, related to parsing of Type 1 + fonts (CVE-2008-4812). +
    • +
  • + Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day Initiative, + reported multiple unspecified memory corruption vulnerabilities + (CVE-2008-4813). +
    • +
  • + Thomas Garnier of SkyRecon Systems reported an unspecified + vulnerability in a JavaScript method, related to an "input validation + issue" (CVE-2008-4814). +
    • +
  • + Josh Bressers of Red Hat reported an untrusted search path + vulnerability (CVE-2008-4815). +
    • +
  • + Peter Vreugdenhil reported through iDefense that the Download Manager + can trigger a heap corruption via calls to the AcroJS function + (CVE-2008-4817). +
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + document, and local attackers could entice a user to run acroread from + an untrusted working directory. Both might result in the execution of + arbitrary code with the privileges of the user running the application, + or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.3" + + + CVE-2008-2549 + CVE-2008-2992 + CVE-2008-4812 + CVE-2008-4813 + CVE-2008-4814 + CVE-2008-4815 + CVE-2008-4817 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-10.xml new file mode 100644 index 0000000000..8b0d519649 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-10.xml @@ -0,0 +1,64 @@ + + + + + GnuTLS: Certificate validation error + + A certificate validation error in GnuTLS might allow for spoofing attacks. + + gnutls + January 14, 2009 + January 14, 2009: 01 + 245850 + remote + + + 2.4.1-r2 + 2.4.1-r2 + + + +

+ GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0. +

+ + +

+ Martin von Gagern reported that the _gnutls_x509_verify_certificate() + function in lib/x509/verify.c trusts certificate chains in which the + last certificate is an arbitrary trusted, self-signed certificate. +

+ + +

+ A remote attacker could exploit this vulnerability and spoof arbitrary + names to conduct Man-In-The-Middle attacks and intercept sensitive + information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuTLS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.4.1-r2" + + + CVE-2008-4989 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-11.xml new file mode 100644 index 0000000000..0394dd30f3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-11.xml @@ -0,0 +1,65 @@ + + + + + Avahi: Denial of Service + + A Denial of Service vulnerability has been discovered in Avahi. + + avahi + January 14, 2009 + January 14, 2009: 01 + 250913 + remote + + + 0.6.24 + 0.6.24 + + + +

+ Avahi is a system that facilitates service discovery on a local + network. +

+ + +

+ Hugo Dias reported a failed assertion in the + originates_from_local_legacy_unicast_socket() function in + avahi-core/server.c when processing mDNS packets with a source port of + 0. +

+ + +

+ A remote attacker could send specially crafted packets to the daemon, + leading to its crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Avahi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.24" + + + CVE-2008-5081 + + + craig + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-12.xml new file mode 100644 index 0000000000..3b1dff3482 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-12.xml @@ -0,0 +1,65 @@ + + + + + noip-updater: Execution of arbitrary code + + A buffer overflow in noip-updater can lead to arbitrary code execution. + + noip-updater + January 18, 2009 + January 18, 2009: 01 + 248709 + remote + + + 2.1.9 + 2.1.9 + + + +

+ noip-updater is a tool used for updating IP addresses of dynamic DNS + records at no-ip.com. +

+ + +

+ xenomuta found out that the GetNextLine() function in noip2.c misses a + length check, leading to a stack-based buffer overflow. +

+ + +

+ A remote attacker could exploit this vulnerability to execute arbitrary + code by sending a specially crafted HTTP message to the client. NOTE: + Successful exploitation requires a man in the middle attack, a DNS + spoofing attack or a compromise of no-ip.com servers. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All noip-updater users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/noip-updater-2.1.9" + + + CVE-2008-5297 + + + keytoaster + + + a3li + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-13.xml new file mode 100644 index 0000000000..d26b5d91bb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-13.xml @@ -0,0 +1,93 @@ + + + + + Pidgin: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Pidgin, allowing for + remote arbitrary code execution, Denial of Service and service spoofing. + + pidgin + January 20, 2009 + January 20, 2009: 01 + 230045 + 234135 + remote + + + 2.5.1 + 2.5.1 + + + +

+ Pidgin (formerly Gaim) is an instant messaging client for a variety of + instant messaging protocols. It is based on the libpurple instant + messaging library. +

+ + +

+ Multiple vulnerabilities have been discovered in Pidgin and the + libpurple library: +

+
  • + A participant to the TippingPoint ZDI reported multiple integer + overflows in the msn_slplink_process_msg() function in the MSN protocol + implementation (CVE-2008-2927). +
    • +
  • + Juan Pablo Lopez Yacubian is credited for reporting a use-after-free + flaw in msn_slplink_process_msg() in the MSN protocol implementation + (CVE-2008-2955). +
    • +
  • + The included UPnP server does not limit the size of data to be + downloaded for UPnP service discovery, according to a report by Andrew + Hunt and Christian Grothoff (CVE-2008-2957). +
    • +
  • + Josh Triplett discovered that the NSS plugin for libpurple does not + properly verify SSL certificates (CVE-2008-3532). +
    • +
+ + +

+ A remote attacker could send specially crafted messages or files using + the MSN protocol which could result in the execution of arbitrary code + or crash Pidgin. NOTE: Successful exploitation might require the + victim's interaction. Furthermore, an attacker could conduct + man-in-the-middle attacks to obtain sensitive information using bad + certificates and cause memory and disk resources to exhaust. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pidgin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.1" + + + CVE-2008-2927 + CVE-2008-2955 + CVE-2008-2957 + CVE-2008-3532 + + + p-y + + + a3li + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-14.xml new file mode 100644 index 0000000000..34357cb377 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-14.xml @@ -0,0 +1,63 @@ + + + + + Scilab: Insecure temporary file usage + + An insecure temporary file usage has been reported in Scilab, allowing for + symlink attacks. + + scilab + January 21, 2009 + January 21, 2009: 01 + 245922 + local + + + 4.1.2-r1 + 4.1.2-r1 + + + +

+ Scilab is a scientific software package for numerical computations. +

+ + +

+ Dmitry E. Oboukhov reported an insecure temporary file usage within the + scilink, scidoc and scidem scripts. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Scilab users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-mathematics/scilab-4.1.2-r1" + + + CVE-2008-4983 + + + rbu + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-15.xml new file mode 100644 index 0000000000..f2ecdd7943 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200901-15.xml @@ -0,0 +1,65 @@ + + + + + Net-SNMP: Denial of Service + + A vulnerability in Net-SNMP could lead to a Denial of Service. + + net-snmp + January 21, 2009 + January 21, 2009: 01 + 245306 + remote + + + 5.4.2.1 + 5.4.2.1 + + + +

+ Net-SNMP is a collection of tools for generating and retrieving SNMP + data. +

+ + +

+ Oscar Mira-Sanchez reported an integer overflow in the + netsnmp_create_subtree_cache() function in agent/snmp_agent.c when + processing GETBULK requests. +

+ + +

+ A remote attacker could send a specially crafted request to crash the + SNMP server. NOTE: The attacker needs to know the community string to + exploit this vulnerability. +

+ + +

+ Restrict access to trusted entities only. +

+ + +

+ All Net-SNMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1" + + + CVE-2008-4309 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-01.xml new file mode 100644 index 0000000000..2e9717f76c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-01.xml @@ -0,0 +1,66 @@ + + + + + sudo: Privilege escalation + + A vulnerability in sudo may allow for privilege escalation. + + sudo + February 06, 2009 + February 06, 2009: 01 + 256633 + local + + + 1.7.0 + 1.7.0 + + + +

+ sudo allows a system administrator to give users the ability to run + commands as other users. +

+ + +

+ Harald Koenig discovered that sudo incorrectly handles group + specifications in Runas_Alias (and related) entries when a group is + specified in the list (using %group syntax, to allow a user to run + commands as any member of that group) and the user is already a member + of that group. +

+ + +

+ A local attacker could possibly run commands as an arbitrary system + user (including root). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All sudo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.0" + + + CVE-2009-0034 + + + keytoaster + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-02.xml new file mode 100644 index 0000000000..bd2017b050 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-02.xml @@ -0,0 +1,69 @@ + + + + + OpenSSL: Certificate validation error + + An error in the OpenSSL certificate chain validation might allow for + spoofing attacks. + + openssl + February 12, 2009 + February 12, 2009: 01 + 251346 + remote + + + 0.9.8j + 0.9.8j + + + +

+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

+ The Google Security Team reported that several functions incorrectly + check the result after calling the EVP_VerifyFinal() function, allowing + a malformed signature to be treated as a good signature rather than as + an error. This issue affects the signature checks on DSA and ECDSA keys + used with SSL/TLS. +

+ + +

+ A remote attacker could exploit this vulnerability and spoof arbitrary + names to conduct Man-In-The-Middle attacks and intercept sensitive + information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8j" + + + CVE-2008-5077 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-03.xml new file mode 100644 index 0000000000..c13df9a5bb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-03.xml @@ -0,0 +1,65 @@ + + + + + Valgrind: Untrusted search path + + An untrusted search path vulnerability in Valgrind might result in the + execution of arbitrary code. + + valgrind + February 12, 2009 + February 12, 2009: 01 + 245317 + local + + + 3.4.0 + 3.4.0 + + + +

+ Valgrind is an open-source memory debugger. +

+ + +

+ Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the + current working directory, executing commands specified there. +

+ + +

+ A local attacker could prepare a specially crafted .valgrindrc file and + entice a user to run Valgrind from the directory containing that file, + resulting in the execution of arbitrary code with the privileges of the + user running Valgrind. +

+ + +

+ Do not run "valgrind" from untrusted working directories. +

+ + +

+ All Valgrind users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/valgrind-3.4.0" + + + CVE-2008-4865 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-04.xml new file mode 100644 index 0000000000..a3c4e01b01 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-04.xml @@ -0,0 +1,65 @@ + + + + + xterm: User-assisted arbitrary commands execution + + An error in the processing of special sequences in xterm may lead to + arbitrary commands execution. + + xterm + February 12, 2009 + February 12, 2009: 01 + 253155 + remote + + + 239 + 239 + + + +

+ xterm is a terminal emulator for the X Window system. +

+ + +

+ Paul Szabo reported an insufficient input sanitization when processing + Device Control Request Status String (DECRQSS) sequences. +

+ + +

+ A remote attacker could entice a user to display a file containing + specially crafted DECRQSS sequences, possibly resulting in the remote + execution of arbitrary commands with the privileges of the user viewing + the file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xterm users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/xterm-239" + + + CVE-2008-2383 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-05.xml new file mode 100644 index 0000000000..21a36208bc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-05.xml @@ -0,0 +1,68 @@ + + + + + KTorrent: Multiple vulnerabilitites + + Two vulnerabilities in the web interface plugin in KTorrent allow for + remote execution of code and arbitrary torrent uploads. + + ktorrent + February 23, 2009 + February 23, 2009: 01 + 244741 + remote + + + 2.2.8 + 2.2.8 + + + +

+ KTorrent is a BitTorrent program for KDE. +

+ + +

+ The web interface plugin does not restrict access to the torrent upload + functionality (CVE-2008-5905) and does not sanitize request parameters + properly (CVE-2008-5906) . +

+ + +

+ A remote attacker could send specially crafted parameters to the web + interface that would allow for arbitrary torrent uploads and remote + code execution with the privileges of the KTorrent process. +

+ + +

+ Disabling the web interface plugin will prevent exploitation of both + issues. Click "Plugins" in the configuration menu and uncheck the + checkbox left of "WebInterface", then apply the changes. +

+ + +

+ All KTorrent users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/ktorrent-2.2.8" + + + CVE-2008-5905 + CVE-2008-5906 + + + keytoaster + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-06.xml new file mode 100644 index 0000000000..cf9b4807fe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200902-06.xml @@ -0,0 +1,91 @@ + + + + + GNU Emacs, XEmacs: Multiple vulnerabilities + + Two vulnerabilities were found in GNU Emacs, possibly leading to + user-assisted execution of arbitrary code. One also affects edit-utils in + XEmacs. + + emacs edit-utils + February 23, 2009 + February 23, 2009: 01 + 221197 + 236498 + remote + + + 22.2-r3 + 21.4-r17 + 19 + 22.2-r3 + + + 2.39 + 2.39 + + + +

+ GNU Emacs and XEmacs are highly extensible and customizable text + editors. edit-utils are miscellaneous extensions to XEmacs. +

+ + +

+ Morten Welinder reports about GNU Emacs and edit-utils in XEmacs: By + shipping a .flc accompanying a source file (.c for example) and setting + font-lock-support-mode to fast-lock-mode in the source file through + local variables, any Lisp code in the .flc file is executed without + warning (CVE-2008-2142). +

+

+ Romain Francoise reported a security risk in a feature of GNU Emacs + related to interacting with Python. The vulnerability arises because + Python, by default, prepends the current directory to the module search + path, allowing for arbitrary code execution when launched from a + specially crafted directory (CVE-2008-3949). +

+ + +

+ Remote attackers could entice a user to open a specially crafted file + in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp + code or arbitrary Python code with the privileges of the user running + GNU Emacs or XEmacs. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU Emacs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-22.2-r3" +

+ All edit-utils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-xemacs/edit-utils-2.39" + + + CVE-2008-2142 + CVE-2008-3949 + + + rbu + + + vorlon + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-01.xml new file mode 100644 index 0000000000..60d507513c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-01.xml @@ -0,0 +1,66 @@ + + + + + Vinagre: User-assisted execution of arbitrary code + + A format string error in Vinagre may allow for the execution of arbitrary + code. + + vinagre + March 06, 2009 + March 06, 2009: 01 + 250314 + remote + + + 0.5.2 + 0.5.2 + + + +

+ Vinagre is a VNC Client for the GNOME Desktop. +

+ + +

+ Alfredo Ortega (Core Security Technologies) reported a format string + error in the vinagre_utils_show_error() function in + src/vinagre-utils.c. +

+ + +

+ A remote attacker could entice a user into opening a specially crafted + .vnc file or connecting to a malicious server, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Vinagre users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/vinagre-0.5.2" + + + CVE-2008-5660 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-02.xml new file mode 100644 index 0000000000..0cc2f80f90 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-02.xml @@ -0,0 +1,63 @@ + + + + + ZNC: Privilege escalation + + A vulnerability in ZNC allows for privilege escalation. + + znc + March 06, 2009 + March 06, 2009: 01 + 260148 + remote + + + 0.066 + 0.066 + + + +

+ ZNC is an advanced IRC bouncer. +

+ + +

+ cnu discovered multiple CRLF injection vulnerabilities in ZNC's + webadmin module. +

+ + +

+ A remote authenticated attacker could modify the znc.conf configuration + file and gain privileges via newline characters in e.g. the QuitMessage + field, and possibly execute arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ZNC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/znc-0.066" + + + CVE-2009-0759 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-03.xml new file mode 100644 index 0000000000..5ceda06d81 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-03.xml @@ -0,0 +1,64 @@ + + + + + Audacity: User-assisted execution of arbitrary code + + A boundary error in Audacity allows for the execution of arbitrary code. + + audacity + March 06, 2009 + March 06, 2009: 01 + 253493 + remote + + + 1.3.6 + 1.3.6 + + + +

+ Audacity is a free cross-platform audio editor. +

+ + +

+ Houssamix discovered a boundary error in the + String_parse::get_nonspace_quoted() function in + lib-src/allegro/strparse.cpp. +

+ + +

+ A remote attacker could entice a user into importing a specially + crafted *.gro file, resulting in the execution of arbitrary code or a + Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Audacity users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/audacity-1.3.6" + + + CVE-2009-0490 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-04.xml new file mode 100644 index 0000000000..8e7c6f97fd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-04.xml @@ -0,0 +1,64 @@ + + + + + DevIL: User-assisted execution of arbitrary code + + Multiple boundary errors in DevIL may allow for the execution of arbitrary + code. + + devil + March 06, 2009 + March 06, 2009: 01 + 255217 + remote + + + 1.7.7 + 1.7.7 + + + +

+ Developer's Image Library (DevIL) is a cross-platform image library. +

+ + +

+ Stefan Cornelius (Secunia Research) discovered two boundary errors + within the iGetHdrHeader() function in src-IL/src/il_hdr.c. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + Radiance RGBE file, possibly resulting in the execution of arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All DevIL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/devil-1.7.7" + + + CVE-2008-5262 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-05.xml new file mode 100644 index 0000000000..b0725cb053 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-05.xml @@ -0,0 +1,75 @@ + + + + + PDFjam: Multiple vulnerabilities + + Multiple vulnerabilities in the PDFjam scripts allow for local privilege + escalation. + + pdfjam + March 07, 2009 + March 07, 2009: 01 + 252734 + local + + + 1.20-r1 + 1.20-r1 + + + +

+ PDFjam is a small collection of shell scripts to edit PDF documents, + including pdfnup, pdfjoin and pdf90. +

+ + +
    +
  • + Martin Vaeth reported multiple untrusted search path vulnerabilities + (CVE-2008-5843). +
    • +
  • Marcus Meissner of the SUSE Security Team reported that + temporary files are created with a predictable name (CVE-2008-5743). +
    • +

+

+ + +

+ A local attacker could place a specially crafted Python module in the + current working directory or the /var/tmp directory, and entice a user + to run the PDFjam scripts, leading to the execution of arbitrary code + with the privileges of the user running the application. A local + attacker could also leverage symlink attacks to overwrite arbitrary + files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PDFjam users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/pdfjam-1.20-r1" + + + CVE-2008-5843 + CVE-2008-5743 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-06.xml new file mode 100644 index 0000000000..f485b6d2ab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-06.xml @@ -0,0 +1,64 @@ + + + + + nfs-utils: Access restriction bypass + + An error in nfs-utils allows for bypass of the netgroups restriction. + + nfs-utils + March 07, 2009 + March 07, 2009: 01 + 242696 + remote + + + 1.1.3 + 1.1.3 + + + +

+ nfs-utils contains the client and daemon implementations for the NFS + protocol. +

+ + +

+ Michele Marcionelli reported that nfs-utils invokes the hosts_ctl() + function with the wrong order of arguments, which causes TCP Wrappers + to ignore netgroups. +

+ + +

+ A remote attacker could bypass intended access restrictions, i.e. NFS + netgroups, and gain access to restricted services. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All nfs-utils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.1.3" + + + CVE-2008-4552 + + + craig + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-07.xml new file mode 100644 index 0000000000..3f9fd779b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-07.xml @@ -0,0 +1,64 @@ + + + + + Samba: Data disclosure + + A missing boundary check in Samba might lead to the disclosure of memory + contents. + + samba + March 07, 2009 + March 07, 2009: 01 + 247620 + remote + + + 3.0.33 + 3.0.33 + + + +

+ Samba is a suite of SMB and CIFS client/server programs. +

+ + +

+ Samba does not properly check memory boundaries when handling trans, + rans2, and nttrans requests. +

+ + +

+ A remote attacker could send specially crafted requests to a Samba + daemon, leading to the disclosure of arbitrary memory or to a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Samba users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.33" + + + CVE-2008-4314 + + + craig + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-08.xml new file mode 100644 index 0000000000..124b78c23c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-08.xml @@ -0,0 +1,64 @@ + + + + + gEDA: Insecure temporary file creation + + An insecure temporary file usage has been reported in gEDA, allowing for + symlink attacks. + + geda + March 07, 2009 + March 07, 2009: 01 + 247538 + local + + + 1.4.0-r1 + 1.4.0-r1 + + + +

+ gEDA is an Electronic Design Automation tool used for electrical + circuit design. +

+ + +

+ Dmitry E. Oboukhov reported an insecure temporary file usage within the + sch2eaglepos.sh script. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gEDA users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-electronics/geda-1.4.0-r1" + + + CVE-2008-5148 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-09.xml new file mode 100644 index 0000000000..5db8c9301e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-09.xml @@ -0,0 +1,68 @@ + + + + + OpenTTD: Execution of arbitrary code + + Multiple buffer overflows in OpenTTD might allow for the execution of + arbitrary code in the server. + + openttd + March 07, 2009 + March 07, 2009: 01 + 233929 + remote + + + 0.6.3 + 0.6.3 + + + +

+ OpenTTD is a clone of Transport Tycoon Deluxe. +

+ + +

+ Multiple buffer overflows have been reported in OpenTTD, when storing + long for client names (CVE-2008-3547), in the TruncateString function + in src/gfx.cpp (CVE-2008-3576) and in src/openttd.cpp when processing a + large filename supplied to the "-g" parameter in the ttd_main function + (CVE-2008-3577). +

+ + +

+ An authenticated attacker could exploit these vulnerabilities to + execute arbitrary code with the privileges of the OpenTTD server. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenTTD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.6.3" + + + CVE-2008-3547 + CVE-2008-3576 + CVE-2008-3577 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-10.xml new file mode 100644 index 0000000000..289bd796bb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-10.xml @@ -0,0 +1,66 @@ + + + + + Irrlicht: User-assisted execution of arbitrary code + + A buffer overflow might lead to the execution of arbitrary code or a Denial + of Service. + + irrlicht + March 07, 2009 + March 07, 2009: 01 + 252203 + remote + + + 1.5 + 1.5 + + + +

+ The Irrlicht Engine is an open source cross-platform high performance + realtime 3D engine written in C++. +

+ + +

+ An unspecified component of the B3D loader is vulnerable to a buffer + overflow due to missing boundary checks. +

+ + +

+ A remote attacker could entice a user to open a specially crafted .irr + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service + (crash). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All irrlicht users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-games/irrlicht-1.5" + + + CVE-2008-5876 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-11.xml new file mode 100644 index 0000000000..8932857b97 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-11.xml @@ -0,0 +1,64 @@ + + + + + PyCrypto: Execution of arbitrary code + + A buffer overflow in PyCrypto might lead to the execution of arbitrary code + when decrypting using ARC2. + + pycrypto + March 09, 2009 + March 09, 2009: 01 + 258049 + remote + + + 2.0.1-r8 + 2.0.1-r8 + + + +

+ PyCrypto is the Python Cryptography Toolkit. +

+ + +

+ Mike Wiacek of the Google Security Team reported a buffer overflow in + the ARC2 module when processing a large ARC2 key length. +

+ + +

+ A remote attacker could entice a user or automated system to decrypt an + ARC2 stream in an application using PyCrypto, possibly resulting in the + execution of arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PyCrypto users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.0.1-r8" + + + CVE-2009-0544 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-12.xml new file mode 100644 index 0000000000..c07e073662 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-12.xml @@ -0,0 +1,67 @@ + + + + + OptiPNG: User-assisted execution of arbitrary code + + A vulnerability in OptiPNG might result in user-assisted execution of + arbitrary code. + + optipng + March 09, 2009 + March 09, 2009: 01 + 260265 + remote + + + 0.6.2-r1 + 0.6.2-r1 + + + +

+ OptiPNG is a PNG optimizer that recompresses image files to a smaller + size, without losing any information. +

+ + +

+ Roy Tam reported a use-after-free vulnerability in the + GIFReadNextExtension() function in lib/pngxtern/gif/gifread.c leading + to a memory corruption when reading a GIF image. +

+ + +

+ A remote attacker could entice a user to process a specially crafted + GIF image, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OptiPNG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2-r1" + + + CVE-2009-0749 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-13.xml new file mode 100644 index 0000000000..f71ebb2869 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-13.xml @@ -0,0 +1,63 @@ + + + + + MPFR: Denial of Service + + Multiple buffer overflows in MPFR might lead to a Denial of Service. + + mpfr + March 09, 2009 + March 09, 2009: 01 + 260968 + remote + + + 2.4.1 + 2.4.1 + + + +

+ MPFR is a library for multiple-precision floating-point computations + with exact rounding. +

+ + +

+ Multiple buffer overflows have been reported in the mpfr_snprintf() and + mpfr_vsnprintf() functions. +

+ + +

+ A remote user could exploit the vulnerability to cause a Denial of + Service in an application using MPFR via unknown vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MPRF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/mpfr-2.4.1" + + + CVE-2009-0757 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-14.xml new file mode 100644 index 0000000000..c305283b54 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-14.xml @@ -0,0 +1,67 @@ + + + + + BIND: Incorrect signature verification + + Incomplete verification of RSA and DSA certificates might lead to spoofed + records authenticated using DNSSEC. + + bind + March 09, 2009 + March 09, 2009: 01 + 254134 + 257949 + remote + + + 9.4.3_p1 + 9.4.3_p1 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ BIND does not properly check the return value from the OpenSSL + functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) + certificates. +

+ + +

+ A remote attacker could bypass validation of the certificate chain to + spoof DNSSEC-authenticated records. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BIND users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p1" + + + CVE-2009-0025 + CVE-2009-0265 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-15.xml new file mode 100644 index 0000000000..23bf413ee5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-15.xml @@ -0,0 +1,84 @@ + + + + + git: Multiple vulnerabilties + + Multiple vulnerabilities in gitweb allow for remote execution of arbitrary + commands. + + git + March 09, 2009 + March 09, 2009: 01 + 251343 + remote + + + 1.6.0.6 + 1.6.0.6 + + + +

+ GIT - the stupid content tracker, the revision control system used by + the Linux kernel team. +

+ + +

+ Multiple vulnerabilities have been reported in gitweb that is part of + the git package: +

+
    +
  • + Shell metacharacters related to git_search are not properly sanitized + (CVE-2008-5516). +
    • +
  • + Shell metacharacters related to git_snapshot and git_object are not + properly sanitized (CVE-2008-5517). +
    • +
  • + The diff.external configuration variable as set in a repository can be + executed by gitweb (CVE-2008-5916). +
    • +
+ + +

+ A remote unauthenticated attacker can execute arbitrary commands via + shell metacharacters in a query, remote attackers with write access to + a git repository configuration can execute arbitrary commands with the + privileges of the user running gitweb by modifying the diff.external + configuration variable in the repository and sending a crafted query to + gitweb. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All git users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/git-1.6.0.6" + + + CVE-2008-5516 + CVE-2008-5517 + CVE-2008-5916 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-16.xml new file mode 100644 index 0000000000..8130baece7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-16.xml @@ -0,0 +1,66 @@ + + + + + Epiphany: Untrusted search path + + An untrusted search path vulnerability in Epiphany might result in the + execution of arbitrary code. + + epiphany + March 09, 2009 + March 09, 2009: 01 + 257000 + local + + + 2.22.3-r2 + 2.22.3-r2 + + + +

+ Epiphany is a GNOME webbrowser based on the Mozilla rendering engine + Gecko. +

+ + +

+ James Vega reported an untrusted search path vulnerability in the + Python interface. +

+ + +

+ A local attacker could entice a user to run Epiphany from a directory + containing a specially crafted python module, resulting in the + execution of arbitrary code with the privileges of the user running + Epiphany. +

+ + +

+ Do not run "epiphany" from untrusted working directories. +

+ + +

+ All Epiphany users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/epiphany-2.22.3-r2" + + + CVE-2008-5985 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-17.xml new file mode 100644 index 0000000000..7ea4036033 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-17.xml @@ -0,0 +1,66 @@ + + + + + Real VNC: User-assisted execution of arbitrary code + + The Real VNC client is vulnerable to execution of arbitrary code when + connecting to a malicious server. + + vnc + March 09, 2009 + March 09, 2009: 01 + 255225 + remote + + + 4.1.3 + 4.1.3 + + + +

+ Real VNC is a remote desktop viewer display system. +

+ + +

+ An unspecified vulnerability has been discovered int the + CMsgReader::readRect() function in the VNC Viewer component, related to + the encoding type of RFB protocol data. +

+ + +

+ A remote attacker could entice a user to connect to a malicious VNC + server, or leverage Man-in-the-Middle attacks, to cause the execution + of arbitrary code with the privileges of the user running the VNC + viewer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Real VNC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/vnc-4.1.3" + + + CVE-2008-4770 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-18.xml new file mode 100644 index 0000000000..09b2f88c2c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-18.xml @@ -0,0 +1,65 @@ + + + + + Openswan: Insecure temporary file creation + + An insecure temporary file usage has been reported in Openswan, allowing + for symlink attacks. + + openswan + March 09, 2009 + March 09, 2009: 01 + 238574 + local + + + 2.4.13-r2 + 2.4.13-r2 + + + +

+ Openswan is an implementation of IPsec for Linux. +

+ + +

+ Dmitry E. Oboukhov reported that the IPSEC livetest tool does not + handle the ipseclive.conn and ipsec.olts.remote.log temporary files + securely. +

+ + +

+ A local attacker could perform symlink attacks to execute arbitrary + code and overwrite arbitrary files with the privileges of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Openswan users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.13-r2" + + + CVE-2008-4190 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-19.xml new file mode 100644 index 0000000000..c0960eebb4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-19.xml @@ -0,0 +1,67 @@ + + + + + Xerces-C++: Denial of Service + + An error in Xerces-C++ allows for a Denial of Service via malicious XML + schema files. + + xerces-c + March 09, 2009 + March 09, 2009: 01 + 240496 + remote + + + 3.0.0-r1 + 3.0.0-r1 + + + +

+ Xerces-C++ is a validating XML parser written in a portable subset of + C++. +

+ + +

+ Frank Rast reported that the XML parser in Xerces-C++ does not + correctly handle an XML schema definition with a large maxOccurs value, + which triggers excessive memory consumption during the validation of an + XML file. +

+ + +

+ A remote attacker could entice a user or automated system to validate + an XML file using a specially crafted XML schema file, leading to a + Denial of Service (stack consumption and crash). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Xerces-C++ users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/xerces-c-3.0.0-r1" + + + CVE-2008-4482 + + + falco + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-20.xml new file mode 100644 index 0000000000..6baa300c8c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-20.xml @@ -0,0 +1,77 @@ + + + + + WebSVN: Multiple vulnerabilities + + Multiple vulnerabilities in WebSVN allow for file overwrite and information + disclosure. + + websvn + March 09, 2009 + March 09, 2009: 01 + 243852 + remote + + + 2.1.0 + 2.1.0 + + + +

+ WebSVN is a web-based browsing tool for Subversion repositories written + in PHP. +

+ + +
    +
  • + James Bercegay of GulfTech Security reported a Cross-site scripting + (XSS) vulnerability in the getParameterisedSelfUrl() function in + index.php (CVE-2008-5918) and a directory traversal vulnerability in + rss.php when magic_quotes_gpc is disabled (CVE-2008-5919). +
    • +
  • + Bas van Schaik reported that listing.php does not properly enforce + access restrictions when using an SVN authz file to authenticate users + (CVE-2009-0240). +
    • +

+

+ + +

+ A remote attacker can exploit these vulnerabilities to overwrite + arbitrary files, to read changelogs or diffs for restricted projects + and to hijack a user's session. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All WebSVN users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/websvn-2.1.0" + + + CVE-2008-5918 + CVE-2008-5919 + CVE-2009-0240 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-21.xml new file mode 100644 index 0000000000..7fb985fdcb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-21.xml @@ -0,0 +1,66 @@ + + + + + cURL: Arbitrary file access + + A vulnerability in cURL may allow for arbitrary file access. + + curl + March 09, 2009 + March 09, 2009: 01 + 260361 + remote + + + 7.19.4 + 7.19.4 + + + +

+ cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +

+ + +

+ David Kierznowski reported that the redirect implementation accepts + arbitrary Location values when CURLOPT_FOLLOWLOCATION is enabled. +

+ + +

+ A remote attacker could possibly exploit this vulnerability to make + remote HTTP servers trigger arbitrary requests to intranet servers and + read or overwrite arbitrary files via a redirect to a file: URL, or, if + the libssh2 USE flag is enabled, execute arbitrary commands via a + redirect to an scp: URL. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All cURL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.19.4" + + + CVE-2009-0037 + + + keytoaster + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-22.xml new file mode 100644 index 0000000000..1ef5444965 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-22.xml @@ -0,0 +1,66 @@ + + + + + Ganglia: Execution of arbitrary code + + A buffer-overflow in Ganglia's gmetad might lead to the execution of + arbitrary code. + + ganglia + March 10, 2009 + March 10, 2009: 01 + 255366 + remote + + + 3.1.1-r2 + 3.1.1-r2 + + + +

+ Ganglia is a scalable distributed monitoring system for clusters and + grids. +

+ + +

+ Spike Spiegel reported a stack-based buffer overflow in the + process_path() function when processing overly long pathnames in + gmetad/server.c. +

+ + +

+ A remote attacker could send a specially crafted request to the gmetad + service leading to the execution of arbitrary code or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ganglia users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/ganglia-3.1.1-r2" + + + CVE-2009-0241 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-23.xml new file mode 100644 index 0000000000..eb1e3c1c88 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-23.xml @@ -0,0 +1,137 @@ + + + + + Adobe Flash Player: Multiple vulnerabilities + + Multiple vulnerabilities have been identified, the worst of which allow + arbitrary code execution on a user's system via a malicious Flash file. + + adobe-flash + March 10, 2009 + May 28, 2009: 04 + 239543 + 251496 + 260264 + remote + + + 10.0.22.87 + 10.0.22.87 + + + +

+ The Adobe Flash Player is a renderer for the popular SWF file format, + which is commonly used to provide interactive websites, digital + experiences and mobile content. +

+ + +

+ Multiple vulnerabilities have been discovered in Adobe Flash Player: +

+
    +
  • The access scope of SystemsetClipboard() allows ActionScript + programs to execute the method without user interaction + (CVE-2008-3873).
    • +
  • The access scope of FileReference.browse() and + FileReference.download() allows ActionScript programs to execute the + methods without user interaction (CVE-2008-4401).
    • +
  • The Settings Manager controls can be disguised as normal graphical + elements. This so-called "clickjacking" vulnerability was disclosed by + Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, + Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of + TopsecTianRongXin (CVE-2008-4503).
    • +
  • Adan Barth (UC Berkely) and Collin Jackson (Stanford University) + discovered a flaw occurring when interpreting HTTP response headers + (CVE-2008-4818).
    • +
  • Nathan McFeters and Rob Carter of Ernst and Young's Advanced + Security Center are credited for finding an unspecified vulnerability + facilitating DNS rebinding attacks (CVE-2008-4819).
    • +
  • When used in a Mozilla browser, Adobe Flash Player does not + properly interpret jar: URLs, according to a report by Gregory + Fleischer of pseudo-flaw.net (CVE-2008-4821).
    • +
  • Alex "kuza55" K. reported that Adobe Flash Player does not properly + interpret policy files (CVE-2008-4822).
    • +
  • The vendor credits Stefano Di Paola of Minded Security for + reporting that an ActionScript attribute is not interpreted properly + (CVE-2008-4823).
    • +
  • Riley Hassell and Josh Zelonis of iSEC Partners reported multiple + input validation errors (CVE-2008-4824).
    • +
  • The aforementioned researchers also reported that ActionScript 2 + does not verify a member element's size when performing several known + and other unspecified actions, that DefineConstantPool accepts an + untrusted input value for a "constant count" and that character + elements are not validated when retrieved from a data structure, + possibly resulting in a null-pointer dereference (CVE-2008-5361, + CVE-2008-5362, CVE-2008-5363).
    • +
  • The vendor reported an unspecified arbitrary code execution + vulnerability (CVE-2008-5499).
    • +
  • Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the + Settings Manager related to "clickjacking" (CVE-2009-0114).
    • +
  • The vendor credits Roee Hay from IBM Rational Application Security + for reporting an input validation error when processing SWF files + (CVE-2009-0519).
    • +
  • Javier Vicente Vallejo reported via the iDefense VCP that Adobe + Flash does not remove object references properly, leading to a freed + memory dereference (CVE-2009-0520).
    • +
  • Josh Bressers of Red Hat and Tavis Ormandy of the Google Security + Team reported an untrusted search path vulnerability + (CVE-2009-0521).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user or a Denial of Service (crash). Furthermore a + remote attacker could gain access to sensitive information, disclose + memory contents by enticing a user to open a specially crafted PDF file + inside a Flash application, modify the victim's clipboard or render it + temporarily unusable, persuade a user into uploading or downloading + files, bypass security restrictions with the assistance of the user to + gain access to camera and microphone, conduct Cross-Site Scripting and + HTTP Header Splitting attacks, bypass the "non-root domain policy" of + Flash, and gain escalated privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.22.87" + + + CVE-2008-3873 + CVE-2008-4401 + CVE-2008-4503 + CVE-2008-4818 + CVE-2008-4819 + CVE-2008-4821 + CVE-2008-4822 + CVE-2008-4823 + CVE-2008-4824 + CVE-2008-5361 + CVE-2008-5362 + CVE-2008-5363 + CVE-2008-5499 + CVE-2009-0114 + CVE-2009-0519 + CVE-2009-0520 + CVE-2009-0521 + + + a3li + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-24.xml new file mode 100644 index 0000000000..1d756bf69f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-24.xml @@ -0,0 +1,63 @@ + + + + + Shadow: Privilege escalation + + An insecure temporary file usage in Shadow may allow local users to gain + root privileges. + + shadow + March 10, 2009 + March 10, 2009: 01 + 251320 + local + + + 4.1.2.2 + 4.1.2.2 + + + +

+ Shadow is a set of tools to deal with user accounts. +

+ + +

+ Paul Szabo reported a race condition in the "login" executable when + setting up tty permissions. +

+ + +

+ A local attacker belonging to the "utmp" group could use symlink + attacks to overwrite arbitrary files and possibly gain root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Shadow users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.2.2" + + + CVE-2008-5394 + + + craig + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-25.xml new file mode 100644 index 0000000000..791fe8fcb7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-25.xml @@ -0,0 +1,67 @@ + + + + + Courier Authentication Library: SQL Injection vulnerability + + An SQL injection vulnerability has been discovered in the Courier + Authentication Library. + + courier-authlib + March 11, 2009 + March 11, 2009: 01 + 252576 + remote + + + 0.62.2 + 0.62.2 + + + +

+ The Courier Authentication Library is a generic authentication API that + encapsulates the process of validating account passwords. +

+ + +

+ It has been reported that some parameters used in SQL queries are not + properly sanitized before being processed when using a non-Latin locale + Postgres database. +

+ + +

+ A remote attacker could send specially crafted input to an application + using the library, possibly resulting in the execution of arbitrary SQL + commands. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Courier Authentication Library users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/courier-authlib-0.62.2" + + + CVE-2008-2380 + + + craig + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-26.xml new file mode 100644 index 0000000000..f6b463a416 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-26.xml @@ -0,0 +1,63 @@ + + + + + TMSNC: Execution of arbitrary code + + A buffer overflow in TMSNC might lead to the execution of arbitrary code + when processing an instant message. + + tmsnc + March 12, 2009 + March 12, 2009: 01 + 229157 + remote + + + 0.3.2-r1 + + + +

+ TMSNC is a Textbased client for the MSN instant messaging protocol. +

+ + +

+ Nico Golde reported a stack-based buffer overflow when processing a MSN + packet with a UBX command containing a large UBX payload length field. +

+ + +

+ A remote attacker could send a specially crafted message, possibly + resulting in the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Since TMSNC is no longer maintained, we recommend that users unmerge + the vulnerable package and switch to another console-based MSN client + such as CenterIM or Pebrot: +

+ + # emerge --unmerge "net-im/tmsnc" + + + CVE-2008-2828 + + + p-y + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-27.xml new file mode 100644 index 0000000000..ea9f08b2c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-27.xml @@ -0,0 +1,73 @@ + + + + + ProFTPD: Multiple vulnerabilities + + Two vulnerabilities in ProFTPD might allow for SQL injection attacks. + + proftpd + March 12, 2009 + March 12, 2009: 01 + 258450 + remote + + + 1.3.2 + 1.3.2 + + + +

+ ProFTPD is an advanced and very configurable FTP server. +

+ + +

+ The following vulnerabilities were reported: +

+
  • + Percent characters in the username are not properly handled, which + introduces a single quote character during variable substitution by + mod_sql (CVE-2009-0542). +
    • +
  • + Some invalid, encoded multibyte characters are not properly handled in + mod_sql_mysql and mod_sql_postgres when NLS support is enabled + (CVE-2009-0543). +
    • +
+ + +

+ A remote attacker could send specially crafted requests to the server, + possibly resulting in the execution of arbitrary SQL statements. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ProFTPD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.2" + + + CVE-2009-0542 + CVE-2009-0543 + + + craig + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-28.xml new file mode 100644 index 0000000000..186a14e94d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-28.xml @@ -0,0 +1,87 @@ + + + + + libpng: Multiple vulnerabilities + + Multiple vulnerabilities were found in libpng, which might result in the + execution of arbitrary code + + libpng + March 15, 2009 + March 15, 2009: 01 + 244808 + 255231 + 259578 + remote + + + 1.2.35 + 1.2.35 + + + +

+ libpng is the official PNG reference library used to read, write and + manipulate PNG images. +

+ + +

+ Multiple vulnerabilities were discovered in libpng: +

+
    +
  • A + memory leak bug was reported in png_handle_tEXt(), a function that is + used while reading PNG images (CVE-2008-6218).
    • +
  • A memory + overwrite bug was reported by Jon Foster in png_check_keyword(), caused + by writing overlong keywords to a PNG file (CVE-2008-5907).
    • +
  • A + memory corruption issue, caused by an incorrect handling of an out of + memory condition has been reported by Tavis Ormandy of the Google + Security Team. That vulnerability affects direct uses of + png_read_png(), pCAL chunk and 16-bit gamma table handling + (CVE-2009-0040).
    • +
+ + +

+ A remote attacker may execute arbitrary code with the privileges of the + user opening a specially crafted PNG file by exploiting the erroneous + out-of-memory handling. An attacker may also exploit the + png_check_keyword() error to set arbitrary memory locations to 0, if + the application allows overlong, user-controlled keywords when writing + PNG files. The png_handle_tEXT() vulnerability may be exploited by an + attacker to potentially consume all memory on a users system when a + specially crafted PNG file is opened. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.35" + + + CVE-2008-5907 + CVE-2008-6218 + CVE-2009-0040 + + + craig + + + mabi + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-29.xml new file mode 100644 index 0000000000..f1dcf896c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-29.xml @@ -0,0 +1,76 @@ + + + + + BlueZ: Arbitrary code execution + + Insufficient input validation in BlueZ may lead to arbitrary code execution + or a Denial of Service. + + bluez-utils bluez-libs + March 16, 2009 + March 16, 2009: 01 + 230591 + local, remote + + + 3.36 + 3.36 + + + 3.36 + 3.36 + + + +

+ BlueZ is a set of Bluetooth tools and system daemons for Linux. +

+ + +

+ It has been reported that the Bluetooth packet parser does not validate + string length fields in SDP packets. +

+ + +

+ A physically proximate attacker using a Bluetooth device with an + already established trust relationship could send specially crafted + requests, possibly leading to arbitrary code execution or a crash. + Exploitation may also be triggered by a local attacker registering a + service record via a UNIX socket or D-Bus interface. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All bluez-utils users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-3.36" +

+ All bluez-libs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/bluez-libs-3.36" + + + CVE-2008-2374 + + + p-y + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-30.xml new file mode 100644 index 0000000000..1375ec5666 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-30.xml @@ -0,0 +1,91 @@ + + + + + Opera: Multiple vulnerabilities + + Multiple vulnerabilities were found in Opera, the worst of which allow for + the execution of arbitrary code. + + opera + March 16, 2009 + March 17, 2009: 02 + 247229 + 261032 + remote + + + 9.64 + 9.64 + + + +

+ Opera is a fast web browser that is available free of charge. +

+ + +

+ Multiple vulnerabilities were discovered in Opera: +

+
    +
  • Vitaly McLain reported a heap-based buffer overflow when processing + host names in file:// URLs (CVE-2008-5178).
    • +
  • Alexios Fakos reported a vulnerability in the HTML parsing engine + when processing web pages that trigger an invalid pointer calculation + and heap corruption (CVE-2008-5679).
    • +
  • Red XIII reported that certain text-area contents can be + manipulated to cause a buffer overlow (CVE-2008-5680).
    • +
  • David Bloom discovered that unspecified "scripted URLs" are not + blocked during the feed preview (CVE-2008-5681).
    • +
  • Robert Swiecki of the Google Security Team reported a Cross-site + scripting vulnerability (CVE-2008-5682).
    • +
  • An unspecified vulnerability reveals random data + (CVE-2008-5683).
    • +
  • Tavis Ormandy of the Google Security Team reported a vulnerability + when processing JPEG images that may corrupt memory + (CVE-2009-0914).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted JPEG + image to cause a Denial of Service or execute arbitrary code, to + process an overly long file:// URL or to open a specially crafted web + page to execute arbitrary code. He could also read existing + subscriptions and force subscriptions to arbitrary feed URLs, as well + as inject arbitrary web script or HTML via built-in XSLT templates. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.64" + + + CVE-2008-5178 + CVE-2008-5679 + CVE-2008-5680 + CVE-2008-5681 + CVE-2008-5682 + CVE-2008-5683 + CVE-2009-0914 + + + a3li + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-31.xml new file mode 100644 index 0000000000..9bad652f6f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-31.xml @@ -0,0 +1,62 @@ + + + + + libcdaudio: User-assisted execution of arbitrary code + + A vulnerability in libcdaudio might allow for the remote execution of + arbitrary code. + + libcdaudio + March 17, 2009 + March 17, 2009: 01 + 245649 + remote + + + 0.99.12-r1 + 0.99.12-r1 + + + +

+ libcdaudio is a library of CD audio related routines. +

+ + +

+ A heap-based buffer overflow has been reported in the + cddb_read_disc_data() function in cddb.c when processing overly long + CDDB data. +

+ + +

+ A remote attacker could entice a user to connect to a malicious CDDB + server, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libcdaudio users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libcdaudio-0.99.12-r1" + + + CVE-2008-5030 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-32.xml new file mode 100644 index 0000000000..58e36f1136 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-32.xml @@ -0,0 +1,98 @@ + + + + + phpMyAdmin: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of + which may allow for remote code execution. + + phpmyadmin + March 18, 2009 + March 18, 2009: 01 + 237781 + 244914 + 246831 + 250752 + remote + + + 2.11.9.4 + 2.11.9.4 + + + +

+ phpMyAdmin is a web-based management tool for MySQL databases. +

+ + +

+ Multiple vulnerabilities have been reported in phpMyAdmin: +

+
    +
  • + libraries/database_interface.lib.php in phpMyAdmin allows remote + authenticated users to execute arbitrary code via a request to + server_databases.php with a sort_by parameter containing PHP sequences, + which are processed by create_function (CVE-2008-4096). +
    • +
  • + Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote + attackers to inject arbitrary web script or HTML via the db parameter, + a different vector than CVE-2006-6942 and CVE-2007-5977 + (CVE-2008-4775). +
    • +
  • + Cross-site request forgery (CSRF) vulnerability in phpMyAdmin allows + remote authenticated attackers to perform unauthorized actions as the + administrator via a link or IMG tag to tbl_structure.php with a + modified table parameter. NOTE: this can be leveraged to conduct SQL + injection attacks and execute arbitrary code (CVE-2008-5621). +
    • +
  • + Multiple cross-site request forgery (CSRF) vulnerabilities in + phpMyAdmin allow remote attackers to conduct SQL injection attacks via + unknown vectors related to the table parameter, a different vector than + CVE-2008-5621 (CVE-2008-5622). +
    • +
+ + +

+ A remote attacker may execute arbitrary code with the rights of the + webserver, inject and execute SQL with the rights of phpMyAdmin or + conduct XSS attacks against other users. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.4" + + + CVE-2006-6942 + CVE-2007-5977 + CVE-2008-4096 + CVE-2008-4775 + CVE-2008-5621 + CVE-2008-5622 + + + keytoaster + + + mabi + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-33.xml new file mode 100644 index 0000000000..58fb59fcc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-33.xml @@ -0,0 +1,110 @@ + + + + + FFmpeg: Multiple vulnerabilities + + Multiple vulnerabilities in FFmpeg may lead to the remote execution of + arbitrary code or a Denial of Service. + + ffmpeg gst-plugins-ffmpeg mplayer + March 19, 2009 + March 19, 2009: 01 + 231831 + 231834 + 245313 + 257217 + 257381 + remote + + + 0.4.9_p20090201 + 0.4.9_p20090201 + + + 0.10.5 + 0.10.5 + + + 1.0_rc2_p28450 + 1.0_rc2_p28450 + + + +

+ FFmpeg is a complete solution to record, convert and stream audio and + video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which + includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia + player which also includes a vulnerable copy of the code. +

+ + +

+ Multiple vulnerabilities were found in FFmpeg: +

+
  • astrange + reported a stack-based buffer overflow in the str_read_packet() in + libavformat/psxstr.c when processing .str files (CVE-2008-3162).
    • +
  • Multiple buffer overflows in libavformat/utils.c + (CVE-2008-4866).
    • +
  • A buffer overflow in libavcodec/dca.c + (CVE-2008-4867).
    • +
  • An unspecified vulnerability in the + avcodec_close() function in libavcodec/utils.c (CVE-2008-4868).
    • +
  • Unspecified memory leaks (CVE-2008-4869).
    • +
  • Tobias Klein + repoerted a NULL pointer dereference due to an integer signedness error + in the fourxm_read_header() function in libavformat/4xm.c + (CVE-2009-0385).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted media + file, possibly leading to the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FFmpeg users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20090201" +

+ All gst-plugins-ffmpeg users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-ffmpeg-0.10.5" +

+ All Mplayer users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p28450" + + + CVE-2008-3162 + CVE-2008-4866 + CVE-2008-4867 + CVE-2008-4868 + CVE-2008-4869 + CVE-2009-0385 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-34.xml new file mode 100644 index 0000000000..bcce88f6c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-34.xml @@ -0,0 +1,74 @@ + + + + + Amarok: User-assisted execution of arbitrary code + + Multiple vulnerabilities in Amarok might allow for user-assisted execution + of arbitrary code. + + amarok + March 20, 2009 + March 20, 2009: 01 + 254896 + remote + + + 1.4.10-r2 + 1.4.10-r2 + + + +

+ Amarok is an advanced music player. +

+ + +

+ Tobias Klein has discovered multiple vulnerabilities in Amarok: +

+
    +
  • Multiple integer overflows in the Audible::Tag::readTag() + function in metadata/audible/audibletag.cpp trigger heap-based buffer + overflows (CVE-2009-0135).
    • +
  • Multiple array index errors in the + Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can + lead to invalid pointer dereferences, or the writing of a 0x00 byte to + an arbitrary memory location after an allocation failure + (CVE-2009-0136).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted + Audible Audio (.aa) file with a large "nlen" or "vlen" tag value to + execute arbitrary code or cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Amarok users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10-r2" + + + CVE-2009-0135 + CVE-2009-0136 + + + a3li + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-35.xml new file mode 100644 index 0000000000..19676e8566 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-35.xml @@ -0,0 +1,63 @@ + + + + + Muttprint: Insecure temporary file usage + + An insecure temporary file usage in Muttprint allows for symlink attacks. + + muttprint + March 23, 2009 + March 23, 2009: 01 + 250554 + local + + + 0.72d-r1 + 0.72d-r1 + + + +

+ Muttprint formats the output of mail clients to a good-looking printing + using LaTeX. +

+ + +

+ Dmitry E. Oboukhov reported an insecure usage of the temporary file + "/tmp/muttprint.log" in the muttprint script. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Muttprint users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/muttprint-0.72d-r1" + + + CVE-2008-5368 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-36.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-36.xml new file mode 100644 index 0000000000..4d6b6ab163 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-36.xml @@ -0,0 +1,65 @@ + + + + + MLDonkey: Information disclosure + + A vulnerability in the MLDonkey web interface allows remote attackers to + disclose arbitrary files. + + mldonkey + March 23, 2009 + March 23, 2009: 01 + 260072 + remote + + + 3.0.0 + 3.0.0 + + + +

+ MLDonkey is a multi-network P2P application written in Ocaml, coming + with its own Gtk GUI, web and telnet interface. +

+ + +

+ Michael Peselnik reported that src/utils/lib/url.ml in the web + interface of MLDonkey does not handle file names with leading double + slashes properly. +

+ + +

+ A remote attacker could gain access to arbitrary files readable by the + user running the application. +

+ + +

+ Disable the web interface or restrict access to it. +

+ + +

+ All MLDonkey users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/mldonkey-3.0.0" + + + CVE-2009-0753 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-37.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-37.xml new file mode 100644 index 0000000000..3dc6e1f3b3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-37.xml @@ -0,0 +1,95 @@ + + + + + Ghostscript: User-assisted execution of arbitrary code + + Multiple integer overflows in the Ghostscript ICC library might allow for + user-assisted execution of arbitrary code. + + ghostscript-gpl ghostscript-esp ghostscript-gnu + March 23, 2009 + March 23, 2009: 01 + 261087 + remote + + + 8.64-r2 + 8.64-r2 + + + 8.62.0 + 8.62.0 + + + 8.15.4-r1 + + + +

+ Ghostscript is an interpreter for the PostScript language and the + Portable Document Format (PDF). +

+ + +

+ Jan Lieskovsky from the Red Hat Security Response Team discovered the + following vulnerabilities in Ghostscript's ICC Library: +

+
    +
  • Multiple integer overflows (CVE-2009-0583).
    • +
  • Multiple + insufficient bounds checks on certain variable sizes + (CVE-2009-0584).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted + PostScript file containing images and a malicious ICC profile, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GPL Ghostscript users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.64-r2" +

+ All GNU Ghostscript users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gnu-8.62.0" +

+ We recommend that users unmerge ESP Ghostscript and use GPL or GNU + Ghostscript instead: +

+ + # emerge --unmerge "app-text/ghostscript-esp" +

+ For installation instructions, see above. +

+ + + CVE-2009-0583 + CVE-2009-0584 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-38.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-38.xml new file mode 100644 index 0000000000..8e90dfae3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-38.xml @@ -0,0 +1,71 @@ + + + + + Squid: Multiple Denial of Service vulnerabilities + + Multiple vulnerabilities have been found in Squid which allow for remote + Denial of Service attacks. + + Squid + March 24, 2009 + March 24, 2009: 01 + 216319 + 257585 + remote + + + 2.7.6 + 2.7.6 + + + +

+ Squid is a full-featured web proxy cache. +

+ + +
    +
  • The arrayShrink function in lib/Array.c can cause an array to + shrink to 0 entries, which triggers an assert error. NOTE: this issue + is due to an incorrect fix for CVE-2007-6239 (CVE-2008-1612).
    • +
  • An invalid version number in a HTTP request may trigger an + assertion in HttpMsg.c and HttpStatusLine.c (CVE-2009-0478).
    • +
+ + +

+ The issues allows for Denial of Service attacks against the service via + an HTTP request with an invalid version number and other specially + crafted requests. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Squid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-2.7.6" + + + CVE-2007-6239 + CVE-2008-1612 + CVE-2009-0478 + GLSA-200801-05 + + + rbu + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-39.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-39.xml new file mode 100644 index 0000000000..77043c49b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-39.xml @@ -0,0 +1,72 @@ + + + + + pam_krb5: Privilege escalation + + Two vulnerabilities in pam_krb5 might allow local users to elevate their + privileges or overwrite arbitrary files. + + pam_krb5 + March 25, 2009 + March 25, 2009: 01 + 257075 + local + + + 3.12 + 3.12 + + + +

+ pam_krb5 is a a Kerberos v5 PAM module. +

+ + +

+ The following vulnerabilities were discovered: +

+
  • pam_krb5 + does not properly initialize the Kerberos libraries for setuid use + (CVE-2009-0360).
    • +
  • Derek Chan reported that calls to + pam_setcred() are not properly handled when running setuid + (CVE-2009-0361).
    • +
+ + +

+ A local attacker could set an environment variable to point to a + specially crafted Kerberos configuration file and launch a PAM-based + setuid application to elevate privileges, or change ownership and + overwrite arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All pam_krb5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-3.12" + + + CVE-2009-0360 + CVE-2009-0361 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-40.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-40.xml new file mode 100644 index 0000000000..795b98162a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-40.xml @@ -0,0 +1,68 @@ + + + + + Analog: Denial of Service + + A Denial of Service vulnerability was discovered in Analog. + + analog + March 29, 2009 + March 29, 2009: 01 + 249140 + local + + + 6.0-r2 + 6.0-r2 + + + +

+ Analog is a a webserver log analyzer. +

+ + +

+ Diego E. Petteno reported that the Analog package in Gentoo is built + with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA + 200804-02). +

+ + +

+ A local attacker could place specially crafted log files into a log + directory being analyzed by analog, e.g. /var/log/apache, resulting in + a crash when being processed by the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Analog users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/analog-6.0-r2" +

+ NOTE: Analog is now linked against the system bzip2 library. +

+ + + CVE-2008-1372 + GLSA 200804-02 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-41.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-41.xml new file mode 100644 index 0000000000..57982930e6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200903-41.xml @@ -0,0 +1,72 @@ + + + + + gedit: Untrusted search path + + A vulnerability in gedit might allow local attackers to execute arbitrary + code. + + gedit + March 30, 2009 + March 30, 2009: 01 + 257004 + local + + + 2.22.3-r1 + 2.24.3 + 2.24.3 + + + +

+ gedit is a text editor for the GNOME desktop. +

+ + +

+ James Vega reported that gedit uses the current working directory when + searching for python modules, a vulnerability related to CVE-2008-5983. +

+ + +

+ A local attacker could entice a user to open gedit from a specially + crafted environment, possibly resulting in the execution of arbitrary + code with the privileges of the user running the application. +

+ + +

+ Do not run gedit from untrusted working directories. +

+ + +

+ All gedit 2.22.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.22.3-r1" +

+ All gedit 2.24.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.24.3" + + + CVE-2008-5983 + CVE-2009-0314 + + + a3li + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-01.xml new file mode 100644 index 0000000000..7d63424cfa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-01.xml @@ -0,0 +1,96 @@ + + + + + Openfire: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in Openfire, the worst of which + may allow remote execution of arbitrary code. + + openfire + April 02, 2009 + April 02, 2009: 01 + 246008 + 254309 + remote + + + 3.6.3 + 3.6.3 + + + +

+ Ignite Realtime Openfire is a fast real-time collaboration server. +

+ + +

+ Two vulnerabilities have been reported by Federico Muttis, from CORE + IMPACT's Exploit Writing Team: +

+
    +
  • + Multiple missing or incomplete input validations in several .jsps + (CVE-2009-0496). +
    • +
  • + Incorrect input validation of the "log" parameter in log.jsp + (CVE-2009-0497). +
    • +

+ Multiple vulnerabilities have been reported by Andreas Kurtz: +

+
    +
  • + Erroneous built-in exceptions to input validation in login.jsp + (CVE-2008-6508). +
    • +
  • + Unsanitized user input to the "type" parameter in + sipark-log-summary.jsp used in SQL statement. (CVE-2008-6509) +
    • +
  • + A Cross-Site-Scripting vulnerability due to unsanitized input to the + "url" parameter. (CVE-2008-6510, CVE-2008-6511) +
    • +
+ + +

+ A remote attacker could execute arbitrary code on clients' systems by + uploading a specially crafted plugin, bypassing authentication. + Additionally, an attacker could read arbitrary files on the server or + execute arbitrary SQL statements. Depending on the server's + configuration the attacker might also execute code on the server via an + SQL injection. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Openfire users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/openfire-3.6.3" + + + CVE-2008-6508 + CVE-2008-6509 + CVE-2008-6510 + CVE-2008-6511 + CVE-2009-0496 + CVE-2009-0497 + + + mabi + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-02.xml new file mode 100644 index 0000000000..63cd31cf96 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-02.xml @@ -0,0 +1,73 @@ + + + + + GLib: Execution of arbitrary code + + Multiple integer overflows might allow for the execution of arbitrary code + when performing base64 conversion. + + glib + April 03, 2009 + April 05, 2009: 02 + 249214 + remote + + + 2.18.4-r1 + 2.16.6-r1 + 2 + 2.18.4-r1 + + + +

+ The GLib is a library of C routines that is used by a multitude of + programs. +

+ + +

+ Diego E. Petteno` reported multiple integer overflows in glib/gbase64.c + when converting a long string from or to a base64 representation. +

+ + +

+ A remote attacker could entice a user or automated system to perform a + base64 conversion via an application using GLib, possibly resulting in + the execution of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GLib 2.18 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.18.4-r1" +

+ All GLib 2.16 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.16.6-r1" + + + CVE-2008-4316 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-03.xml new file mode 100644 index 0000000000..167fd1f6c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-03.xml @@ -0,0 +1,63 @@ + + + + + Gnumeric: Untrusted search path + + An untrusted search path vulnerability in Gnumeric might result in the + execution of arbitrary code. + + gnumeric + April 03, 2009 + April 03, 2009: 01 + 257012 + local + + + 1.8.4-r1 + 1.8.4-r1 + + + +

+ The Gnumeric spreadsheet is a versatile application developed as part + of the GNOME Office project. +

+ + +

+ James Vega reported an untrusted search path vulnerability in the + GObject Python interpreter wrapper in Gnumeric. +

+ + +

+ A local attacker could entice a user to run Gnumeric from a directory + containing a specially crafted python module, resulting in the + execution of arbitrary code with the privileges of the user running + Gnumeric. +

+ + +

+ Do not run "gnumeric" from untrusted working directories. +

+ + +

+ All Gnumeric users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.8.4-r1" + + + CVE-2009-0318 + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-04.xml new file mode 100644 index 0000000000..2f5e18ba65 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-04.xml @@ -0,0 +1,63 @@ + + + + + WeeChat: Denial of Service + + A processing error in WeeChat might lead to a Denial of Service. + + weechat + April 04, 2009 + April 04, 2009: 01 + 262997 + remote + + + 0.2.6.1 + 0.2.6.1 + + + +

+ Wee Enhanced Environment for Chat (WeeChat) is a light and extensible + console IRC client. +

+ + +

+ Sebastien Helleu reported an array out-of-bounds error in the colored + message handling. +

+ + +

+ A remote attacker could send a specially crafted PRIVMSG command, + possibly leading to a Denial of Service (application crash). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All WeeChat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/weechat-0.2.6.1" + + + CVE-2009-0661 + + + a3li + + + a3li + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-05.xml new file mode 100644 index 0000000000..e9834b2d73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-05.xml @@ -0,0 +1,65 @@ + + + + + ntp: Certificate validation error + + An error in the OpenSSL certificate chain validation in ntp might allow for + spoofing attacks. + + ntp + April 05, 2009 + April 05, 2009: 01 + 254098 + remote + + + 4.2.4_p6 + 4.2.4_p6 + + + +

+ ntp contains the client and daemon implementations for the Network Time + Protocol. +

+ + +

+ It has been reported that ntp incorrectly checks the return value of + the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA + 200902-02). +

+ + +

+ A remote attacker could exploit this vulnerability to spoof arbitrary + names to conduct Man-In-The-Middle attacks and intercept sensitive + information. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ntp users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p6" + + + CVE-2008-5077 + CVE-2009-0021 + GLSA 200902-02 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-06.xml new file mode 100644 index 0000000000..2e5d7da104 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-06.xml @@ -0,0 +1,65 @@ + + + + + Eye of GNOME: Untrusted search path + + An untrusted search path vulnerability in the Eye of GNOME might result in + the execution of arbitrary code. + + eog + April 06, 2009 + April 06, 2009: 01 + 257002 + local + + + 2.22.3-r3 + 2.22.3-r3 + + + +

+ The Eye of GNOME is the official image viewer for the GNOME Desktop + environment. +

+ + +

+ James Vega reported an untrusted search path vulnerability in the + GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy + related to CVE-2008-5983. +

+ + +

+ A local attacker could entice a user to run the Eye of GNOME from a + directory containing a specially crafted python module, resulting in + the execution of arbitrary code with the privileges of the user running + the application. +

+ + +

+ Do not run "eog" from untrusted working directories. +

+ + +

+ All Eye of GNOME users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3" + + + CVE-2008-5983 + CVE-2008-5987 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-07.xml new file mode 100644 index 0000000000..c9fbbfd3a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-07.xml @@ -0,0 +1,67 @@ + + + + + Xpdf: Untrusted search path + + A vulnerability in Xpdf might allow local attackers to execute arbitrary + code. + + xpdf + April 07, 2009 + April 07, 2009: 01 + 242930 + local + + + 3.02-r2 + 3.02-r2 + + + +

+ Xpdf is a PDF file viewer that runs under the X Window System. +

+ + +

+ Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" + file from the current working directory if it cannot find a ".xpdfrc" + file in the user's home directory. This is caused by a missing + definition of the SYSTEM_XPDFRC macro when compiling a repackaged + version of Xpdf. +

+ + +

+ A local attacker could entice a user to run "xpdf" from a directory + containing a specially crafted "xpdfrc" file, resulting in the + execution of arbitrary code when attempting to, e.g., print a file. +

+ + +

+ Do not run Xpdf from untrusted working directories. +

+ + +

+ All Xpdf users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.02-r2" + + + CVE-2009-1144 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-08.xml new file mode 100644 index 0000000000..56ff61a11e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-08.xml @@ -0,0 +1,66 @@ + + + + + OpenSSL: Denial of Service + + An error in OpenSSL might allow for a Denial of Service when printing + certificate details. + + openssl + April 07, 2009 + April 07, 2009: 01 + 263751 + remote + + + 0.9.8k + 0.9.8k + + + +

+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

+ The ASN1_STRING_print_ex() function does not properly check the + provided length of a BMPString or UniversalString, leading to an + invalid memory access. +

+ + +

+ A remote attacker could entice a user or automated system to print a + specially crafted certificate, possibly leading to a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8k" + + + CVE-2009-0590 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-09.xml new file mode 100644 index 0000000000..acfe636687 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-09.xml @@ -0,0 +1,82 @@ + + + + + MIT Kerberos 5: Multiple vulnerabilities + + Multiple vulnerabilities in MIT Kerberos 5 might allow remote + unauthenticated users to execute arbitrary code with root privileges. + + mit-krb5 + April 08, 2009 + April 08, 2009: 01 + 262736 + 263398 + remote + + + 1.6.3-r6 + 1.6.3-r6 + + + +

+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. kadmind is the MIT Kerberos 5 administration daemon, + KDC is the Key Distribution Center. +

+ + +

+ Multiple vulnerabilities have been reported in MIT Kerberos 5: +

+
    +
  • A free() call on an uninitialized pointer in the ASN.1 decoder + when decoding an invalid encoding (CVE-2009-0846).
    • +
  • A buffer + overread in the SPNEGO GSS-API application, reported by Apple Product + Security (CVE-2009-0844).
    • +
  • A NULL pointer dereference in the + SPNEGO GSS-API application, reported by Richard Evans + (CVE-2009-0845).
    • +
  • An incorrect length check inside an ASN.1 + decoder leading to spurious malloc() failures (CVE-2009-0847).
    • +
+ + +

+ A remote unauthenticated attacker could exploit the first vulnerability + to cause a Denial of Service or, in unlikely circumstances, execute + arbitrary code on the host running krb5kdc or kadmind with root + privileges and compromise the Kerberos key database. Exploitation of + the other vulnerabilities might lead to a Denial of Service in kadmind, + krb5kdc, or other daemons performing authorization against Kerberos + that utilize GSS-API or an information disclosure. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT Kerberos 5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r6" + + + CVE-2009-0844 + CVE-2009-0845 + CVE-2009-0846 + CVE-2009-0847 + + + rbu + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-10.xml new file mode 100644 index 0000000000..1aff889e81 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-10.xml @@ -0,0 +1,68 @@ + + + + + Avahi: Denial of Service + + An error in Avahi might lead to a Denial of Service via network and CPU + consumption. + + avahi + April 08, 2009 + April 08, 2009: 01 + 260971 + remote + + + 0.6.24-r2 + 0.6.24-r2 + + + +

+ Avahi is a system that facilitates service discovery on a local + network. +

+ + +

+ Rob Leslie reported that the + originates_from_local_legacy_unicast_socket() function in + avahi-core/server.c does not account for the network byte order of a + port number when processing incoming multicast packets, leading to a + multicast packet storm. +

+ + +

+ A remote attacker could send specially crafted legacy unicast mDNS + query packets to the Avahi daemon, resulting in a Denial of Service due + to network bandwidth and CPU consumption. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Avahi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.24-r2" + + + CVE-2009-0758 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-11.xml new file mode 100644 index 0000000000..a16c7c5f76 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-11.xml @@ -0,0 +1,95 @@ + + + + + Tor: Multiple vulnerabilities + + Multiple vulnerabilities in Tor might allow for heap corruption, Denial of + Service, escalation of privileges and information disclosure. + + tor + April 08, 2009 + April 08, 2009: 01 + 250018 + 256078 + 258833 + remote + + + 0.2.0.34 + 0.2.0.34 + + + +

+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +
    +
  • + Theo de Raadt reported that the application does not properly drop + privileges to the primary groups of the user specified via the "User" + configuration option (CVE-2008-5397). +
    • +
  • + rovv reported that the "ClientDNSRejectInternalAddresses" configuration + option is not always enforced (CVE-2008-5398). +
    • +
  • + Ilja van Sprundel reported a heap-corruption vulnerability that might + be remotely triggerable on some platforms (CVE-2009-0414). +
    • +
  • + It has been reported that incomplete IPv4 addresses are treated as + valid, violating the specification (CVE-2009-0939). +
    • +
  • + Three unspecified vulnerabilities have also been reported + (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938). +
    • +
+ + +

+ A local attacker could escalate privileges by leveraging unintended + supplementary group memberships of the Tor process. A remote attacker + could exploit these vulnerabilities to cause a heap corruption with + unknown impact and attack vectors, to cause a Denial of Service via CPU + consuption or daemon crash, and to weaken anonymity provided by the + service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.0.34" + + + CVE-2008-5397 + CVE-2008-5398 + CVE-2009-0414 + CVE-2009-0936 + CVE-2009-0937 + CVE-2009-0938 + CVE-2009-0939 + + + craig + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-12.xml new file mode 100644 index 0000000000..6af7ae73aa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-12.xml @@ -0,0 +1,63 @@ + + + + + Wicd: Information disclosure + + A vulnerability in Wicd may allow for disclosure of sensitive information. + + wicd + April 10, 2009 + April 10, 2009: 01 + 258596 + local + + + 1.5.9 + 1.5.9 + + + +

+ Wicd is an open source wired and wireless network manager for Linux. +

+ + +

+ Tiziano Mueller of Gentoo discovered that the DBus configuration file + for Wicd allows arbitrary users to own the org.wicd.daemon object. +

+ + +

+ A local attacker could exploit this vulnerability to receive messages + that were intended for the Wicd daemon, possibly including credentials + e.g. for wireless networks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wicd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.5.9" + + + CVE-2009-0489 + + + rbu + + + keytoaster + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-13.xml new file mode 100644 index 0000000000..bf2c7dd86a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-13.xml @@ -0,0 +1,61 @@ + + + + + Ventrilo: Denial of Service + + A vulnerability has been discovered in Ventrilo, allowing for a Denial of + Service. + + ventrilo-server-bin + April 14, 2009 + April 14, 2009: 01 + 234819 + remote + + + 3.0.3 + 3.0.3 + + + +

+ Ventrilo is a Voice over IP group communication server. +

+ + +

+ Luigi Auriemma reported a NULL pointer dereference in Ventrilo when + processing packets with an invalid version number followed by another + packet. +

+ + +

+ A remote attacker could send specially crafted packets to the server, + resulting in a crash. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ventrilo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/ventrilo-server-bin-3.0.3" + + + CVE-2008-3680 + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-14.xml new file mode 100644 index 0000000000..224631909f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-14.xml @@ -0,0 +1,76 @@ + + + + + F-PROT Antivirus: Multiple Denial of Service vulnerabilities + + Multiple errors in F-PROT Antivirus may lead to a Denial of Service. + + f-prot + April 14, 2009 + April 17, 2009: 04 + 232665 + 253497 + remote + + + 6.0.2 + 6.0.2 + + + +

+ F-PROT Antivirus is a multi-platform virus scanner for workstations and + mail servers. +

+ + +

+ The following vulnerabilities were found: +

+
    +
  • Multiple errors when processing UPX, ASPack or Microsoft Office + files (CVE-2008-3243).
    • +
  • Infinite Sergio Alvarez of n.runs AG reported an invalid memory + access when processing a CHM file with a large nb_dir value + (CVE-2008-3244).
    • +
  • Jonathan Brossard from iViZ Techno Solutions reported that F-PROT + Antivirus does not correctly process ELF binaries with corrupted + headers (CVE-2008-5747). +
    • +
+ + +

+ A remote attacker could entice a user or automated system to scan a + specially crafted file, leading to a crash or infinite loop. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All F-PROT Antivirus users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/f-prot-6.0.2" + + + CVE-2008-3243 + CVE-2008-3244 + CVE-2008-5747 + + + craig + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-15.xml new file mode 100644 index 0000000000..e448c2928c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-15.xml @@ -0,0 +1,65 @@ + + + + + mpg123: User-assisted execution of arbitrary code + + An error in mpg123 might allow for the execution of arbitrary code. + + mpg123 + April 16, 2009 + April 16, 2009: 01 + 265342 + remote + + + 1.7.2 + 1.7.2 + + + +

+ mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and + 3. +

+ + +

+ The vendor reported a signedness error in the store_id3_text() function + in id3.c, allowing for out-of-bounds memory access. +

+ + +

+ A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 + (MP3) file containing a specially crafted ID3 tag, possibly resulting + in the execution of arbitrary code with the privileges of the user + running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg123 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg123-1.7.2" + + + CVE-2009-1301 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-16.xml new file mode 100644 index 0000000000..734f5c1f03 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-16.xml @@ -0,0 +1,66 @@ + + + + + libsndfile: User-assisted execution of arbitrary code + + A buffer overflow vulnerability in libsndfile might allow remote attackers + to execute arbitrary code. + + libsndfile + April 17, 2009 + April 17, 2009: 01 + 261173 + remote + + + 1.0.19 + 1.0.19 + + + +

+ libsndfile is a C library for reading and writing files containing + sampled sound. +

+ + +

+ Alin Rad Pop from Secunia Research reported an integer overflow when + processing CAF description chunks, leading to a heap-based buffer + overflow. +

+ + +

+ A remote attacker could entice a user to open a specially crafted CAF + file, resulting in the remote execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libsndfile users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.19" + + + CVE-2009-0186 + + + a3li + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-17.xml new file mode 100644 index 0000000000..8123c5b61a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-17.xml @@ -0,0 +1,100 @@ + + + + + Adobe Reader: User-assisted execution of arbitrary code + + Adobe Reader is vulnerable to execution of arbitrary code. + + acroread + April 18, 2009 + April 18, 2009: 01 + 259992 + remote + + + 8.1.4 + 8.1.4 + + + +

+ Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +

+ + +

+ Multiple vulnerabilities have been discovered in Adobe Reader: +

+
    +
  • + Alin Rad Pop of Secunia Research reported a heap-based buffer overflow + when processing PDF files containing a malformed JBIG2 symbol + dictionary segment (CVE-2009-0193). +
    • +
  • + A buffer overflow related to a non-JavaScript function call and + possibly an embedded JBIG2 image stream has been reported + (CVE-2009-0658). +
    • +
  • + Tenable Network Security reported a stack-based buffer overflow that + can be triggered via a crafted argument to the getIcon() method of a + Collab object (CVE-2009-0927). +
    • +
  • + Sean Larsson of iDefense Labs reported a heap-based buffer overflow + when processing a PDF file containing a JBIG2 stream with a size + inconsistency related to an unspecified table (CVE-2009-0928). +
    • +
  • + Jonathan Brossard of the iViZ Security Research Team reported an + unspecified vulnerability related to JBIG2 and input validation + (CVE-2009-1061). +
    • +
  • + Will Dormann of CERT/CC reported a vulnerability lading to memory + corruption related to JBIG2 (CVE-2009-1062). +
    • +

+

+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + document, possibly leading to the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.4" + + + CVE-2009-0193 + CVE-2009-0658 + CVE-2009-0927 + CVE-2009-0928 + CVE-2009-1061 + CVE-2009-1062 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-18.xml new file mode 100644 index 0000000000..c9352bf243 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-18.xml @@ -0,0 +1,69 @@ + + + + + udev: Multiple vulnerabilities + + Two errors in udev allow for a local root compromise and a Denial of + Service. + + udev + April 18, 2009 + April 18, 2009: 01 + 266290 + local + + + 124-r2 + 124-r2 + + + +

+ udev is the device manager used in the Linux 2.6 kernel series. +

+ + +

+ Sebastian Krahmer of SUSE discovered the following two vulnerabilities: +

+
    +
  • udev does not verify the origin of NETLINK messages + properly (CVE-2009-1185).
    • +
  • A buffer overflow exists in the + util_path_encode() function in lib/libudev-util.c (CVE-2009-1186).
    • +
+ + +

+ A local attacker could gain root privileges by sending specially + crafted NETLINK messages to udev or cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All udev users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/udev-124-r2" + + + CVE-2009-1185 + CVE-2009-1186 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-19.xml new file mode 100644 index 0000000000..9c75e803b6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-19.xml @@ -0,0 +1,84 @@ + + + + + LittleCMS: Multiple vulnerabilities + + Multiple errors in LittleCMS allow for attacks including the remote + execution of arbitrary code. + + littlecms + April 19, 2009 + April 19, 2009: 01 + 260269 + 264604 + remote + + + 1.18-r1 + 1.18-r1 + + + +

+ LittleCMS, or short lcms, is a color management system for working with + ICC profiles. It is used by many applications including GIMP and + Firefox. +

+ + +

+ RedHat reported a null-pointer dereference flaw while processing + monochrome ICC profiles (CVE-2009-0793). +

+

+ Chris Evans of Google discovered the following vulnerabilities: +

+
    +
  • LittleCMS contains severe memory leaks (CVE-2009-0581).
    • +
  • LittleCMS is prone to multiple integer overflows, leading to a + heap-based buffer overflow (CVE-2009-0723).
    • +
  • The + ReadSetOfCurves() function is vulnerable to stack-based buffer + overflows when called from code paths without a bounds check on channel + counts (CVE-2009-0733).
    • +
+ + +

+ A remote attacker could entice a user or automated system to open a + specially crafted file containing a malicious ICC profile, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application or memory exhaustion, leading to a Denial + of Service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All LittleCMS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/lcms-1.18-r1" + + + CVE-2009-0581 + CVE-2009-0723 + CVE-2009-0733 + CVE-2009-0793 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-20.xml new file mode 100644 index 0000000000..cc9a1fa48f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200904-20.xml @@ -0,0 +1,82 @@ + + + + + CUPS: Multiple vulnerabilities + + Multiple errors in CUPS might allow for the remote execution of arbitrary + code or DNS rebinding attacks. + + cups + April 23, 2009 + April 23, 2009: 01 + 263070 + remote + + + 1.3.10 + 1.3.10 + + + +

+ CUPS, the Common Unix Printing System, is a full-featured print server. +

+ + +

+ The following issues were reported in CUPS: +

+
    +
  • iDefense + reported an integer overflow in the _cupsImageReadTIFF() function in + the "imagetops" filter, leading to a heap-based buffer overflow + (CVE-2009-0163).
    • +
  • Aaron Siegel of Apple Product Security + reported that the CUPS web interface does not verify the content of the + "Host" HTTP header properly (CVE-2009-0164).
    • +
  • Braden Thomas and + Drew Yao of Apple Product Security reported that CUPS is vulnerable to + CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf + and poppler.
    • +
+ + +

+ A remote attacker might send or entice a user to send a specially + crafted print job to CUPS, possibly resulting in the execution of + arbitrary code with the privileges of the configured CUPS user -- by + default this is "lp", or a Denial of Service. Furthermore, the web + interface could be used to conduct DNS rebinding attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CUPS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10" + + + CVE-2009-0146 + CVE-2009-0147 + CVE-2009-0163 + CVE-2009-0164 + CVE-2009-0166 + + + a3li + + + a3li + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-01.xml new file mode 100644 index 0000000000..8352e3ef0f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-01.xml @@ -0,0 +1,85 @@ + + + + + Asterisk: Multiple vulnerabilities + + Multiple vulnerabilities have been found in Asterisk allowing for Denial of + Service and username disclosure. + + asterisk + May 02, 2009 + May 02, 2009: 01 + 218966 + 224835 + 232696 + 232698 + 237476 + 250748 + 254304 + remote + + + 1.2.32 + 1.2.32 + + + +

+ Asterisk is an open source telephony engine and toolkit. +

+ + +

+ Multiple vulnerabilities have been discovered in the IAX2 channel + driver when performing the 3-way handshake (CVE-2008-1897), when + handling a large number of POKE requests (CVE-2008-3263), when handling + authentication attempts (CVE-2008-5558) and when handling firmware + download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not + correctly handle SIP INVITE messages that lack a "From" header + (CVE-2008-2119), and responds differently to a failed login attempt + depending on whether the user account exists (CVE-2008-3903, + CVE-2009-0041). +

+ + +

+ Remote unauthenticated attackers could send specially crafted data to + Asterisk, possibly resulting in a Denial of Service via a daemon crash, + call-number exhaustion, CPU or traffic consumption. Remote + unauthenticated attackers could furthermore enumerate valid usernames + to facilitate brute force login attempts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.32" + + + CVE-2008-1897 + CVE-2008-2119 + CVE-2008-3263 + CVE-2008-3264 + CVE-2008-3903 + CVE-2008-5558 + CVE-2009-0041 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-02.xml new file mode 100644 index 0000000000..5e47c85efd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-02.xml @@ -0,0 +1,68 @@ + + + + + Cscope: User-assisted execution of arbitrary code + + Multiple vulnerabilities in Cscope might allow for the remote execution of + arbitrary code. + + cscope + May 24, 2009 + May 24, 2009: 01 + 263023 + remote + + + 15.7a + 15.7a + + + +

+ Cscope is a developer's tool for browsing source code. +

+ + +

+ James Peach of Apple discovered a stack-based buffer overflow in + cscope's handling of long file system paths (CVE-2009-0148). Multiple + stack-based buffer overflows were reported in the putstring function + when processing an overly long function name or symbol in a source code + file (CVE-2009-1577). +

+ + +

+ A remote attacker could entice a user to open a specially crafted + source file, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cscope users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.7a" + + + CVE-2009-0148 + CVE-2009-1577 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-03.xml new file mode 100644 index 0000000000..0048e249fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-03.xml @@ -0,0 +1,76 @@ + + + + + IPSec Tools: Denial of Service + + Multiple errors in the IPSec Tools racoon daemon might allow remote + attackers to cause a Denial of Service. + + ipsec-tools + May 24, 2009 + May 24, 2009: 01 + 267135 + remote + + + 0.7.2 + 0.7.2 + + + +

+ The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 + IPsec implementation. They include racoon, an Internet Key Exchange + daemon for automatically keying IPsec connections. +

+ + +

+ The following vulnerabilities have been found in the racoon daemon as + shipped with IPSec Tools: +

+
    +
  • Neil Kettle reported that + racoon/isakmp_frag.c is prone to a null-pointer dereference + (CVE-2009-1574).
    • +
  • Multiple memory leaks exist in (1) the + eay_check_x509sign() function in racoon/crypto_openssl.c and (2) + racoon/nattraversal.c (CVE-2009-1632).
    • +
+ + +

+ A remote attacker could send specially crafted fragmented ISAKMP + packets without a payload or exploit vectors related to X.509 + certificate authentication and NAT traversal, possibly resulting in a + crash of the racoon daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IPSec Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2" + + + CVE-2009-1574 + CVE-2009-1632 + + + craig + + + a3li + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-04.xml new file mode 100644 index 0000000000..330ac17acb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-04.xml @@ -0,0 +1,82 @@ + + + + + GnuTLS: Multiple vulnerabilities + + Multiple vulnerabilities in GnuTLS might result in a Denial of Service, + spoofing or the generation of invalid keys. + + gnutls + May 24, 2009 + May 24, 2009: 01 + 267774 + remote + + + 2.6.6 + 2.6.6 + + + +

+ GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 + protocols. +

+ + +

+ The following vulnerabilities were found in GnuTLS: +

+
    +
  • Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not + properly handle corrupt DSA signatures, possibly leading to a + double-free vulnerability (CVE-2009-1415).
    • +
  • Simon Josefsson + reported that GnuTLS generates RSA keys stored in DSA structures when + creating a DSA key (CVE-2009-1416).
    • +
  • Romain Francoise reported + that the _gnutls_x509_verify_certificate() function in + lib/x509/verify.c does not perform time checks, resulting in the + "gnutls-cli" program accepting X.509 certificates with validity times + in the past or future (CVE-2009-1417).
    • +
+ + +

+ A remote attacker could entice a user or automated system to process a + specially crafted DSA certificate, possibly resulting in a Denial of + Service condition. NOTE: This issue might have other unspecified impact + including the execution of arbitrary code. Furthermore, a remote + attacker could spoof signatures on certificates and the "gnutls-cli" + application can be tricked into accepting an invalid certificate. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GnuTLS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.6.6" + + + CVE-2009-1415 + CVE-2009-1416 + CVE-2009-1417 + + + a3li + + + a3li + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-05.xml new file mode 100644 index 0000000000..1b1fce391e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-05.xml @@ -0,0 +1,68 @@ + + + + + FreeType: Multiple vulnerabilities + + Multiple integer overflows in FreeType might allow for the remote execution + of arbitrary code or a Denial of Service. + + freetype + May 24, 2009 + May 25, 2009: 02 + 263032 + remote + + + 2.3.9-r1 + 2.0 + 2.3.9-r1 + + + +

+ FreeType is a high-quality and portable font engine. +

+ + +

+ Tavis Ormandy reported multiple integer overflows in the + cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and + the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly + leading to heap or stack-based buffer overflows. +

+ + +

+ A remote attacker could entice a user or automated system to open a + specially crafted font file, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application, + or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeType users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.9-r1" + + + CVE-2009-0946 + + + a3li + + + a3li + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-06.xml new file mode 100644 index 0000000000..5acd305cee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-06.xml @@ -0,0 +1,64 @@ + + + + + acpid: Denial of Service + + An error in acpid might allow remote attackers to cause a Denial of + Service. + + acpid + May 24, 2009 + May 24, 2009: 01 + 268079 + remote + + + 1.0.10 + 1.0.10 + + + +

+ acpid is a daemon for the Advanced Configuration and Power Interface + (ACPI). +

+ + +

+ The acpid daemon allows opening a large number of UNIX sockets without + closing them, triggering an infinite loop. +

+ + +

+ Remote attackers can cause a Denial of Service (CPU consumption and + connectivity loss). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All acpid users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-power/acpid-1.0.10" + + + CVE-2009-0798 + + + craig + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-07.xml new file mode 100644 index 0000000000..87e7d34505 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-07.xml @@ -0,0 +1,79 @@ + + + + + Pidgin: Multiple vulnerabilities + + Multiple vulnerabilities in Pidgin might allow for the remote execution of + arbitrary code or a Denial of Service. + + pidgin + May 25, 2009 + May 25, 2009: 01 + 270811 + remote + + + 2.5.6 + 2.5.6 + + + +

+ Pidgin (formerly Gaim) is an instant messaging client for a variety of + instant messaging protocols. +

+ + +

+ Multiple vulnerabilities have been discovered in Pidgin: +

+
    +
  • Veracode reported a boundary error in the "XMPP SOCKS5 bytestream + server" when initiating an outgoing file transfer (CVE-2009-1373).
    • +
  • Ka-Hing Cheung reported a heap corruption flaw in the QQ protocol + handler (CVE-2009-1374).
    • +
  • A memory corruption flaw in + "PurpleCircBuffer" was disclosed by Josef Andrysek + (CVE-2009-1375).
    • +
  • The previous fix for CVE-2008-2927 contains a + cast from uint64 to size_t, possibly leading to an integer overflow + (CVE-2009-1376, GLSA 200901-13).
    • +
+ + +

+ A remote attacker could send specially crafted messages or files using + the MSN, XMPP or QQ protocols, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application, + or a Denial of Service. NOTE: Successful exploitation might require the + victim's interaction. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pidgin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.6" + + + CVE-2009-1373 + CVE-2009-1374 + CVE-2009-1375 + CVE-2009-1376 + GLSA 200901-13 + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-08.xml new file mode 100644 index 0000000000..1bf5ed4a13 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-08.xml @@ -0,0 +1,82 @@ + + + + + NTP: Remote execution of arbitrary code + + Multiple errors in the NTP client and server programs might allow for the + remote execution of arbitrary code. + + ntp + May 26, 2009 + May 26, 2009: 01 + 263033 + 268962 + remote + + + 4.2.4_p7 + 4.2.4_p7 + + + +

+ NTP contains the client and daemon implementations for the Network Time + Protocol. +

+ + +

+ Multiple vulnerabilities have been found in the programs included in + the NTP package: +

+
    +
  • Apple Product Security reported a + boundary error in the cookedprint() function in ntpq/ntpq.c, possibly + leading to a stack-based buffer overflow (CVE-2009-0159).
    • +
  • Chris Ries of CMU reported a boundary error within the + crypto_recv() function in ntpd/ntp_crypto.c, possibly leading to a + stack-based buffer overflow (CVE-2009-1252).
    • +
+ + +

+ A remote attacker might send a specially crafted package to a machine + running ntpd, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running the daemon, or a Denial of + Service. NOTE: Successful exploitation requires the "autokey" feature + to be enabled. This feature is only available if NTP was built with the + 'ssl' USE flag. +

+

+ Furthermore, a remote attacker could entice a user into connecting to a + malicious server using ntpq, possibly resulting in the remote execution + of arbitrary code with the privileges of the user running the + application, or a Denial of Service. +

+ + +

+ You can protect against CVE-2009-1252 by disabling the 'ssl' USE flag + and recompiling NTP. +

+ + +

+ All NTP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7" + + + CVE-2009-0159 + CVE-2009-1252 + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-09.xml new file mode 100644 index 0000000000..420cc0a132 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200905-09.xml @@ -0,0 +1,75 @@ + + + + + libsndfile: User-assisted execution of arbitrary code + + Multiple heap-based buffer overflow vulnerabilities in libsndfile might + allow remote attackers to execute arbitrary code. + + libsndfile + May 27, 2009 + May 27, 2009: 01 + 269863 + remote + + + 1.0.20 + 1.0.20 + + + +

+ libsndfile is a C library for reading and writing files containing + sampled sound. +

+ + +

+ The following vulnerabilities have been found in libsndfile: +

+
    +
  • Tobias Klein reported that the header_read() function in + src/common.c uses user input for calculating a buffer size, possibly + leading to a heap-based buffer overflow (CVE-2009-1788).
    • +
  • The + vendor reported a boundary error in the aiff_read_header() function in + src/aiff.c, possibly leading to a heap-based buffer overflow + (CVE-2009-1791).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted AIFF + or VOC file in a program using libsndfile, possibly resulting in the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libsndfile users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.20" + + + CVE-2009-1788 + CVE-2009-1791 + + + keytoaster + + + a3li + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-01.xml new file mode 100644 index 0000000000..b046010b46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-01.xml @@ -0,0 +1,67 @@ + + + + + libpng: Information disclosure + + A vulnerability has been discovered in libpng that allows for information + disclosure. + + libpng + June 27, 2009 + June 27, 2009: 01 + 272970 + remote + + + 1.2.37 + 1.2.37 + + + +

+ libpng is the official PNG reference library used to read, write and + manipulate PNG images. +

+ + +

+ Jeff Phillips discovered that libpng does not properly parse 1-bit + interlaced images with width values that are not divisible by 8, which + causes libpng to include uninitialized bits in certain rows of a PNG + file. +

+ + +

+ A remote attacker might entice a user to open a specially crafted PNG + file, possibly resulting in the disclosure of sensitive memory + portions. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.37" + + + CVE-2009-2042 + + + keytoaster + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-02.xml new file mode 100644 index 0000000000..24e6639e80 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-02.xml @@ -0,0 +1,62 @@ + + + + + Ruby: Denial of Service + + A flaw in the Ruby standard library might allow remote attackers to cause a + Denial of Service attack. + + ruby + June 28, 2009 + June 28, 2009: 01 + 273213 + remote + + + 1.8.6_p369 + 1.8.6_p369 + + + +

+ Ruby is an interpreted object-oriented programming language. The + elaborate standard library includes the "BigDecimal" class. +

+ + +

+ Tadayoshi Funaba reported that BigDecimal in + ext/bigdecimal/bigdecimal.c does not properly handle string arguments + containing overly long numbers. +

+ + +

+ A remote attacker could exploit this issue to remotely cause a Denial + of Service attack. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p369" + + + CVE-2009-1904 + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-03.xml new file mode 100644 index 0000000000..5d25434891 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-03.xml @@ -0,0 +1,70 @@ + + + + + phpMyAdmin: Multiple vulnerabilities + + Multiple errors in phpMyAdmin might allow the remote execution of arbitrary + code or a Cross-Site Scripting attack. + + phpmyadmin + June 29, 2009 + June 29, 2009: 01 + 263711 + remote + + + 2.11.9.5 + 2.11.9.5 + + + +

+ phpMyAdmin is a web-based management tool for MySQL databases. +

+ + +

+ Multiple vulnerabilities have been reported in phpMyAdmin: +

+
    +
  • Greg Ose discovered that the setup script does not sanitize input + properly, leading to the injection of arbitrary PHP code into the + configuration file (CVE-2009-1151).
    • +
  • Manuel Lopez Gallego and + Santiago Rodriguez Collazo reported that data from cookies used in the + "Export" page is not properly sanitized (CVE-2009-1150).
    • +
+ + +

+ A remote unauthorized attacker could exploit the first vulnerability to + execute arbitrary code with the privileges of the user running + phpMyAdmin and conduct Cross-Site Scripting attacks using the second + vulnerability. +

+ + +

+ Removing the "scripts/setup.php" file protects you from CVE-2009-1151. +

+ + +

+ All phpMyAdmin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.5" + + + CVE-2009-1150 + CVE-2009-1151 + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-04.xml new file mode 100644 index 0000000000..2fa9ac989b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-04.xml @@ -0,0 +1,68 @@ + + + + + Apache Tomcat JK Connector: Information disclosure + + An error in the Apache Tomcat JK Connector might allow for an information + disclosure flaw. + + mod_jk + June 29, 2009 + June 29, 2009: 01 + 265455 + remote + + + 1.2.27 + 1.2.27 + + + +

+ The Apache Tomcat JK Connector (aka mod_jk) connects the Tomcat + application server with the Apache HTTP Server. +

+ + +

+ The Red Hat Security Response Team discovered that mod_jk does not + properly handle (1) requests setting the "Content-Length" header while + not providing data and (2) clients sending repeated requests very + quickly. +

+ + +

+ A remote attacker could send specially crafted requests or a large + number of requests at a time, possibly resulting in the disclosure of a + response intended for another client. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache Tomcat JK Connector users should upgrade to the latest + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27" + + + CVE-2008-5519 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-05.xml new file mode 100644 index 0000000000..df890cb688 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200906-05.xml @@ -0,0 +1,152 @@ + + + + + Wireshark: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Wireshark which allow for + Denial of Service or remote code execution. + + wireshark + June 30, 2009 + June 30, 2009: 02 + 242996 + 248425 + 258013 + 264571 + 271062 + remote + + + 1.0.8 + 1.0.8 + + + +

+ Wireshark is a versatile network protocol analyzer. +

+ + +

+ Multiple vulnerabilities have been discovered in Wireshark: +

+
    +
  • + David Maciejak discovered a vulnerability in packet-usb.c in the USB + dissector via a malformed USB Request Block (URB) (CVE-2008-4680). +
    • +
  • + Florent Drouin and David Maciejak reported an unspecified vulnerability + in the Bluetooth RFCOMM dissector (CVE-2008-4681). +
    • +
  • + A malformed Tamos CommView capture file (aka .ncf file) with an + "unknown/unexpected packet type" triggers a failed assertion in wtap.c + (CVE-2008-4682). +
    • +
  • + An unchecked packet length parameter in the dissect_btacl() function in + packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous + tvb_memcpy() call (CVE-2008-4683). +
    • +
  • + A vulnerability where packet-frame does not properly handle exceptions + thrown by post dissectors caused by a certain series of packets + (CVE-2008-4684). +
    • +
  • + Mike Davies reported a use-after-free vulnerability in the + dissect_q931_cause_ie() function in packet-q931.c in the Q.931 + dissector via certain packets that trigger an exception + (CVE-2008-4685). +
    • +
  • + The Security Vulnerability Research Team of Bkis reported that the SMTP + dissector could consume excessive amounts of CPU and memory + (CVE-2008-5285). +
    • +
  • + The vendor reported that the WLCCP dissector could go into an infinite + loop (CVE-2008-6472). +
    • +
  • + babi discovered a buffer overflow in wiretap/netscreen.c via a + malformed NetScreen snoop file (CVE-2009-0599). +
    • +
  • + A specially crafted Tektronix K12 text capture file can cause an + application crash (CVE-2009-0600). +
    • +
  • + A format string vulnerability via format string specifiers in the HOME + environment variable (CVE-2009-0601). +
    • +
  • THCX Labs reported a format string vulnerability in the + PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string + specifiers in the station name (CVE-2009-1210). +
    • +
  • An unspecified vulnerability with unknown impact and attack vectors + (CVE-2009-1266). +
    • +
  • + Marty Adkins and Chris Maynard discovered a parsing error in the + dissector for the Check Point High-Availability Protocol (CPHAP) + (CVE-2009-1268). +
    • +
  • + Magnus Homann discovered a parsing error when loading a Tektronix .rf5 + file (CVE-2009-1269). +
    • +
  • The vendor reported that the PCNFSD dissector could crash + (CVE-2009-1829).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file which can + trigger a Denial of Service (application crash or excessive CPU and + memory usage) and possibly allow for the execution of arbitrary code + with the privileges of the user running Wireshark. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8" + + + CVE-2008-4680 + CVE-2008-4681 + CVE-2008-4682 + CVE-2008-4683 + CVE-2008-4684 + CVE-2008-4685 + CVE-2008-5285 + CVE-2008-6472 + CVE-2009-0599 + CVE-2009-0600 + CVE-2009-0601 + CVE-2009-1210 + CVE-2009-1266 + CVE-2009-1268 + CVE-2009-1269 + CVE-2009-1829 + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-01.xml new file mode 100644 index 0000000000..23ad526d13 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-01.xml @@ -0,0 +1,65 @@ + + + + + libwmf: User-assisted execution of arbitrary code + + libwmf bundles an old GD version which contains a "use-after-free" + vulnerability. + + libwmf + July 02, 2009 + July 02, 2009: 01 + 268161 + remote + + + 0.2.8.4-r3 + 0.2.8.4-r3 + + + +

+ libwmf is a library for converting WMF files. +

+ + +

+ The embedded fork of the GD library introduced a "use-after-free" + vulnerability in a modification which is specific to libwmf. +

+ + +

+ A remote attacker could entice a user to open a specially crafted WMF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libwmf users should upgrade to the latest version which no longer + builds the GD library: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3" + + + CVE-2009-1364 + + + keytoaster + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-02.xml new file mode 100644 index 0000000000..f90976835a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-02.xml @@ -0,0 +1,73 @@ + + + + + ModSecurity: Denial of Service + + Two vulnerabilities in ModSecurity might lead to a Denial of Service. + + mod_security + July 02, 2009 + July 02, 2009: 01 + 262302 + remote + + + 2.5.9 + 2.5.9 + + + +

+ ModSecurity is a popular web application firewall for the Apache HTTP + server. +

+ + +

+ Multiple vulnerabilities were discovered in ModSecurity: +

+
    +
  • Juan Galiana Lara of ISecAuditors discovered a NULL pointer + dereference when processing multipart requests without a part header + name (CVE-2009-1902).
    • +
  • Steve Grubb of Red Hat reported that the + "PDF XSS protection" feature does not properly handle HTTP requests to + a PDF file that do not use the GET method (CVE-2009-1903).
    • +
+ + +

+ A remote attacker might send requests containing specially crafted + multipart data or send certain requests to access a PDF file, possibly + resulting in a Denial of Service (crash) of the Apache HTTP daemon. + NOTE: The PDF XSS protection is not enabled by default. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ModSecurity users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9" + + + CVE-2009-1902 + CVE-2009-1903 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-03.xml new file mode 100644 index 0000000000..e2703089b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-03.xml @@ -0,0 +1,88 @@ + + + + + APR Utility Library: Multiple vulnerabilities + + Multiple vulnerabilities in the Apache Portable Runtime Utility Library + might enable remote attackers to cause a Denial of Service or disclose + sensitive information. + + apr-util + July 04, 2009 + July 04, 2009: 01 + 268643 + 272260 + 274193 + remote + + + 1.3.7 + 1.3.7 + + + +

+ The Apache Portable Runtime Utility Library (aka apr-util) provides an + interface to functionality such as XML parsing, string matching and + databases connections. +

+ + +

+ Multiple vulnerabilities have been discovered in the APR Utility + Library: +

+
    +
  • Matthew Palmer reported a heap-based buffer + underflow while compiling search patterns in the + apr_strmatch_precompile() function in strmatch/apr_strmatch.c + (CVE-2009-0023).
    • +
  • kcope reported that the expat XML parser in + xml/apr_xml.c does not limit the amount of XML entities expanded + recursively (CVE-2009-1955).
    • +
  • C. Michael Pilato reported an + off-by-one error in the apr_brigade_vprintf() function in + buckets/apr_brigade.c (CVE-2009-1956).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities to cause a Denial + of Service (crash or memory exhaustion) via an Apache HTTP server + running mod_dav or mod_dav_svn, or using several configuration files. + Additionally, a remote attacker could disclose sensitive information or + cause a Denial of Service by sending a specially crafted input. NOTE: + Only big-endian architectures such as PPC and HPPA are affected by the + latter flaw. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache Portable Runtime Utility Library users should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.7" + + + CVE-2009-0023 + CVE-2009-1955 + CVE-2009-1956 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-04.xml new file mode 100644 index 0000000000..6666b61e1c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-04.xml @@ -0,0 +1,94 @@ + + + + + Apache: Multiple vulnerabilities + + Multiple vulnerabilities in the Apache HTTP daemon allow for local + privilege escalation, information disclosure or Denial of Service attacks. + + apache + July 12, 2009 + July 12, 2009: 01 + 268154 + 271470 + 276426 + 276792 + local, remote + + + 2.2.11-r2 + 2.2.11-r2 + + + +

+ The Apache HTTP server is one of the most popular web servers on the + Internet. +

+ + +

+ Multiple vulnerabilities have been discovered in the Apache HTTP + server: +

+
    +
  • Jonathan Peatfield reported that the + "Options=IncludesNoEXEC" argument to the "AllowOverride" directive is + not processed properly (CVE-2009-1195).
    • +
  • Sander de Boer + discovered that the AJP proxy module (mod_proxy_ajp) does not correctly + handle POST requests that do not contain a request body + (CVE-2009-1191).
    • +
  • The vendor reported that the HTTP proxy + module (mod_proxy_http), when being used as a reverse proxy, does not + properly handle requests containing more data as stated in the + "Content-Length" header (CVE-2009-1890).
    • +
  • Francois Guerraz + discovered that mod_deflate does not abort the compression of large + files even when the requesting connection is closed prematurely + (CVE-2009-1891).
    • +
+ + +

+ A local attacker could circumvent restrictions put up by the server + administrator and execute arbitrary commands with the privileges of the + user running the Apache server. A remote attacker could send multiple + requests to a server with the AJP proxy module, possibly resulting in + the disclosure of a request intended for another client, or cause a + Denial of Service by sending specially crafted requests to servers + running mod_proxy_http or mod_deflate. +

+ + +

+ Remove "include", "proxy_ajp", "proxy_http" and "deflate" from + APACHE2_MODULES in make.conf and rebuild Apache, or disable the + aforementioned modules in the Apache configuration. +

+ + +

+ All Apache users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.11-r2" + + + CVE-2009-1195 + CVE-2009-1191 + CVE-2009-1890 + CVE-2009-1891 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-05.xml new file mode 100644 index 0000000000..e19d88dcaf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-05.xml @@ -0,0 +1,65 @@ + + + + + git: git-daemon Denial of Service + + An error in git-daemon might lead to a Denial of Service via resource + consumption. + + git + July 12, 2009 + July 12, 2009: 01 + 273905 + remote + + + 1.6.3.3 + 1.6.3.3 + + + +

+ git - the stupid content tracker, the revision control system used by + the Linux kernel team. +

+ + +

+ Shawn O. Pearce reported that git-daemon runs into an infinite loop + when handling requests that contain unrecognized arguments. +

+ + +

+ A remote unauthenticated attacker could send a specially crafted + request to git-daemon, possibly leading to a Denial of Service (CPU + consumption). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All git users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/git-1.6.3.3" + + + CVE-2009-2108 + + + craig + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-06.xml new file mode 100644 index 0000000000..082d6369da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-06.xml @@ -0,0 +1,123 @@ + + + + + Adobe Reader: User-assisted execution of arbitrary code + + Adobe Reader is vulnerable to remote code execution via crafted PDF files. + + acroread + July 12, 2009 + July 12, 2009: 01 + 267846 + 273908 + remote + + + 8.1.6 + 8.1.6 + + + +

+ Adobe Reader is a PDF reader released by Adobe. +

+ + +

+ Multiple vulnerabilities have been reported in Adobe Reader: +

+
    +
  • Alin Rad Pop of Secunia Research reported a heap-based buffer + overflow in the JBIG2 filter (CVE-2009-0198). +
    • +
  • Mark Dowd of the IBM Internet Security Systems X-Force and + Nicolas Joly of VUPEN Security reported multiple heap-based buffer + overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, + CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889) +
    • +
  • Arr1val reported that multiple methods in the JavaScript API + might lead to memory corruption when called with crafted arguments + (CVE-2009-1492, CVE-2009-1493). +
    • +
  • + An anonymous researcher reported a stack-based buffer overflow related + to U3D model files with a crafted extension block (CVE-2009-1855). +
    • +
  • + Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow + related to the FlateDecode filter, which triggers a heap-based buffer + overflow (CVE-2009-1856). +
    • +
  • + Haifei Li of Fortinet's FortiGuard Global Security Research Team + reported a memory corruption vulnerability related to TrueType fonts + (CVE-2009-1857). +
    • +
  • + The Apple Product Security Team reported a memory corruption + vulnerability in the JBIG2 filter (CVE-2009-1858). +
    • +
  • + Matthew Watchinski of Sourcefire VRT reported an unspecified memory + corruption (CVE-2009-1859). +
    • +
  • + Will Dormann of CERT reported multiple heap-based buffer overflows when + processing JPX (aka JPEG2000) stream that trigger heap memory + corruption (CVE-2009-1861). +
    • +
  • + Multiple unspecified vulnerabilities have been discovered + (CVE-2009-2028). +
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted + document, possibly resulting in the execution of arbitrary code with + the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.6" + + + CVE-2009-0198 + CVE-2009-0509 + CVE-2009-0510 + CVE-2009-0511 + CVE-2009-0512 + CVE-2009-0888 + CVE-2009-0889 + CVE-2009-1492 + CVE-2009-1493 + CVE-2009-1855 + CVE-2009-1856 + CVE-2009-1857 + CVE-2009-1858 + CVE-2009-1859 + CVE-2009-1861 + CVE-2009-2028 + + + keytoaster + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-07.xml new file mode 100644 index 0000000000..63ed6a7487 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-07.xml @@ -0,0 +1,93 @@ + + + + + ModPlug: User-assisted execution of arbitrary code + + ModPlug contains several buffer overflows that could lead to the execution + of arbitrary code. + + libmodplug gst-plugins-bad + July 12, 2009 + July 12, 2009: 01 + 266913 + remote + + + 0.8.7 + 0.8.7 + + + 0.10.11 + 0.10.11 + + + +

+ ModPlug is a library for playing MOD-like music. +

+ + +

+ Two vulnerabilities have been reported in ModPlug: +

+
    +
  • + dummy reported an integer overflow in the CSoundFile::ReadMed() + function when processing a MED file with a crafted song comment or song + name, which triggers a heap-based buffer overflow (CVE-2009-1438). +
    • +
  • + Manfred Tremmel and Stanislav Brabec reported a buffer overflow in the + PATinst() function when processing a long instrument name + (CVE-2009-1513). +
    • +

+ The GStreamer Bad plug-ins (gst-plugins-bad) before 0.10.11 built a + vulnerable copy of ModPlug. +

+ + +

+ A remote attacker could entice a user to read specially crafted files, + possibly resulting in the execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ModPlug users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.7" +

+ gst-plugins-bad 0.10.11 and later versions do not include the ModPlug + plug-in (it has been moved to media-plugins/gst-plugins-modplug). All + gst-plugins-bad users should upgrade to the latest version and install + media-plugins/gst-plugins-modplug: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-bad-0.10.11" + # emerge --ask --verbose "media-plugins/gst-plugins-modplug" + + + CVE-2009-1438 + CVE-2009-1513 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-08.xml new file mode 100644 index 0000000000..c6988d0b9f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-08.xml @@ -0,0 +1,84 @@ + + + + + Multiple Ralink wireless drivers: Execution of arbitrary code + + An integer overflow in multiple Ralink wireless drivers might lead to the + execution of arbitrary code with elevated privileges. + + rt2400 rt2500 rt2570 rt61 ralink-rt61 + July 12, 2009 + July 12, 2009: 01 + 257023 + remote + + + 1.2.2_beta3 + + + 1.1.0_pre2007071515 + + + 20070209 + + + 1.1.0_beta2 + + + 1.1.1.0 + + + +

+ All listed packages are external kernel modules that provide drivers + for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, + the other packages by the rt2x00.serialmonkey.com project. +

+ + +

+ Aviv reported an integer overflow in multiple Ralink wireless card + drivers when processing a probe request packet with a long SSID, + possibly related to an integer signedness error. +

+ + +

+ A physically proximate attacker could send specially crafted packets to + a user who has wireless networking enabled, possibly resulting in the + execution of arbitrary code with root privileges. +

+ + +

+ Unload the kernel modules. +

+ + +

+ All external kernel modules have been masked and we recommend that + users unmerge those drivers. The Linux mainline kernel has equivalent + support for these devices and the vulnerability has been resolved in + stable versions of sys-kernel/gentoo-sources. +

+ + # emerge --unmerge "net-wireless/rt2400" + # emerge --unmerge "net-wireless/rt2500" + # emerge --unmerge "net-wireless/rt2570" + # emerge --unmerge "net-wireless/rt61" + # emerge --unmerge "net-wireless/ralink-rt61" + + + CVE-2009-0282 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-09.xml new file mode 100644 index 0000000000..28d22b7b12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-09.xml @@ -0,0 +1,67 @@ + + + + + Cyrus-SASL: Execution of arbitrary code + + A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary + code in applications or daemons that authenticate using SASL. + + cyrus-sasl + July 12, 2009 + July 12, 2009: 01 + 270261 + remote + + + 2.1.23 + 2.1.23 + + + +

+ Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +

+ + +

+ James Ralston reported that in certain situations, Cyrus-SASL does not + properly terminate strings which can result in buffer overflows when + performing Base64 encoding. +

+ + +

+ A remote unauthenticated user might send specially crafted packets to a + daemon using Cyrus-SASL, possibly resulting in the execution of + arbitrary code with the privileges of the user running the daemon or a + Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Cyrus-SASL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.23" + + + CVE-2009-0688 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-10.xml new file mode 100644 index 0000000000..b1892d29db --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-10.xml @@ -0,0 +1,71 @@ + + + + + Syslog-ng: Chroot escape + + Syslog-ng does not properly initialize its chroot jail allowing for an + escape if a separate vulnerability in Syslog-ng is exploited. + + syslog-ng + July 12, 2009 + July 12, 2009: 01 + 247278 + local + + + 2.0.10 + 2.1.3 + 2.1.3 + + + +

+ Syslog-ng is a flexible and scalable system logger. +

+ + +

+ Florian Grandel reported that Syslog-ng does not call chdir() before + chroot() which leads to an inherited file descriptor to the current + working directory. +

+ + +

+ A local attacker might exploit a separate vulnerability in Syslog-ng + and use this vulnerability to escape the chroot jail. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Syslog-ng 2.0 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-2.0.10" +

+ All Syslog-ng 2.1 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-2.1.3" + + + CVE-2008-5110 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-11.xml new file mode 100644 index 0000000000..51ada9eda5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-11.xml @@ -0,0 +1,110 @@ + + + + + GStreamer plug-ins: User-assisted execution of arbitrary code + + Multiple vulnerabilities in multiple GStreamer plug-ins might allow for the + execution of arbitrary code. + + gst-plugins-good gst-plugins-base gst-plugins-libpng + July 12, 2009 + July 12, 2009: 01 + 256096 + 261594 + 272972 + remote + + + 0.10.14 + 0.10.14 + + + 0.10.22 + 0.10.22 + + + 0.10.14-r1 + 0.10.14-r1 + + + +

+ The GStreamer plug-ins provide decoders to the GStreamer open source + media framework. +

+ + +

+ Multiple vulnerabilities have been reported in several GStreamer + plug-ins: +

+
    +
  • + Tobias Klein reported two heap-based buffer overflows and an array + index error in the qtdemux_parse_samples() function in gst-plugins-good + when processing a QuickTime media .mov file (CVE-2009-0386, + CVE-2009-0387, CVE-2009-0397). +
    • +
  • + Thomas Hoger of the Red Hat Security Response Team reported an integer + overflow that can lead to a heap-based buffer overflow in the + gst_vorbis_tag_add_coverart() function in gst-plugins-base when + processing COVERART tags (CVE-2009-0586). +
    • +
  • + Tielei Wang of ICST-ERCIS, Peking University reported multiple integer + overflows leading to buffer overflows in gst-plugins-libpng when + processing a PNG file (CVE-2009-1932). +
    • +
+ + +

+ A remote attacker could entice a user or automated system using a + GStreamer plug-in to process a specially crafted file, resulting in the + execution of arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gst-plugins-good users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-0.10.14" +

+ All gst-plugins-base users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-base-0.10.22" +

+ All gst-plugins-libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-libpng-0.10.14-r1" + + + CVE-2009-0386 + CVE-2009-0387 + CVE-2009-0397 + CVE-2009-0586 + CVE-2009-1932 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-12.xml new file mode 100644 index 0000000000..6b28c8a2a6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-12.xml @@ -0,0 +1,65 @@ + + + + + ISC DHCP: dhcpclient Remote execution of arbitrary code + + A buffer overflow in dhclient as included in the ISC DHCP implementation + allows for the remote execution of arbitrary code with root privileges. + + dhcp + July 14, 2009 + July 14, 2009: 01 + 277729 + remote + + + 3.1.1-r1 + 3.1.1-r1 + + + +

+ ISC DHCP is the reference implementation of the Dynamic Host + Configuration Protocol as specified in RFC 2131. +

+ + +

+ The Mandriva Linux Engineering Team has reported a stack-based buffer + overflow in the subnet-mask handling of dhclient. +

+ + +

+ A remote attacker might set up a rogue DHCP server in a victim's local + network, possibly leading to the execution of arbitrary code with root + privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ISC DHCP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.1-r1" + + + CVE-2009-0692 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-13.xml new file mode 100644 index 0000000000..89ef20a85b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-13.xml @@ -0,0 +1,68 @@ + + + + + PulseAudio: Local privilege escalation + + A vulnerability in PulseAudio may allow a local user to execute code with + escalated privileges. + + pulseaudio + July 16, 2009 + July 16, 2009: 01 + 276986 + local + + + 0.9.9-r54 + 0.9.9-r54 + + + +

+ PulseAudio is a network-enabled sound server with an advanced plug-in + system. +

+ + +

+ Tavis Ormandy and Julien Tinnes of the Google Security Team discovered + that the pulseaudio binary is installed setuid root, and does not drop + privileges before re-executing itself. The vulnerability has + independently been reported to oCERT by Yorick Koster. +

+ + +

+ A local user who has write access to any directory on the file system + containing /usr/bin can exploit this vulnerability using a race + condition to execute arbitrary code with root privileges. +

+ + +

+ Ensure that the file system holding /usr/bin does not contain + directories that are writable for unprivileged users. +

+ + +

+ All PulseAudio users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9-r54" + + + CVE-2009-1894 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-14.xml new file mode 100644 index 0000000000..ed302b9947 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-14.xml @@ -0,0 +1,78 @@ + + + + + Rasterbar libtorrent: Directory traversal + + A directory traversal vulnerability in Rasterbar libtorrent might allow a + remote attacker to overwrite arbitrary files. + + rb_libtorrent deluge + July 17, 2009 + July 17, 2009: 01 + 273156 + 273961 + remote + + + 0.13-r1 + 0.13-r1 + + + 1.1.9 + 1.1.9 + + + +

+ Rasterbar libtorrent is a C++ BitTorrent implementation focusing on + efficiency and scalability. Deluge is a BitTorrent client that ships a + copy of libtorrent. +

+ + +

+ census reported a directory traversal vulnerability in + src/torrent_info.cpp that can be triggered via .torrent files. +

+ + +

+ A remote attacker could entice a user or automated system using + Rasterbar libtorrent to load a specially crafted BitTorrent file to + create or overwrite arbitrary files using dot dot sequences in + filenames. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Rasterbar libtorrent users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/rb_libtorrent-0.13-r1" +

+ All Deluge users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/deluge-1.1.9" + + + CVE-2009-1760 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-15.xml new file mode 100644 index 0000000000..97ad8a4879 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-15.xml @@ -0,0 +1,94 @@ + + + + + Nagios: Execution of arbitrary code + + Multiple vulnerabilities in Nagios may lead to the execution of arbitrary + code. + + nagios-core + July 19, 2009 + July 19, 2009: 01 + 245887 + 249876 + 275288 + remote + + + 3.0.6-r2 + 3.0.6-r2 + + + +

+ Nagios is an open source host, service and network monitoring program. +

+ + +

+ Multiple vulnerabilities have been reported in Nagios: +

+
    +
  • + Paul reported that statuswml.cgi does not properly sanitize shell + metacharacters in the (1) ping and (2) traceroute parameters + (CVE-2009-2288). +
    • +
  • + Nagios does not properly verify whether an authenticated user is + authorized to run certain commands (CVE-2008-5027). +
    • +
  • + Andreas Ericsson reported that Nagios does not perform validity checks + to verify HTTP requests, leading to Cross-Site Request Forgery + (CVE-2008-5028). +
    • +
  • + An unspecified vulnerability in Nagios related to CGI programs, + "adaptive external commands," and "writing newlines and submitting + service comments" has been reported (CVE-2008-6373). +
    • +
+ + +

+ A remote authenticated or unauthenticated attacker may exploit these + vulnerabilities to execute arbitrary commands or elevate privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Nagios users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-3.0.6-r2" +

+ NOTE: Users of the Nagios 2 branch can update to version 2.12-r1 which + contains a patch to fix CVE-2009-2288. However, that branch is not + supported upstream or in Gentoo and we are unaware whether the other + vulnerabilities affect 2.x installations. +

+ + + CVE-2008-5027 + CVE-2008-5028 + CVE-2008-6373 + CVE-2009-2288 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-16.xml new file mode 100644 index 0000000000..9f0cb7837b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200907-16.xml @@ -0,0 +1,74 @@ + + + + + Python: Integer overflows + + Multiple integer overflows in Python have an unspecified impact. + + python + July 19, 2009 + July 19, 2009: 01 + 246991 + remote + + + 2.5.4-r2 + 2.4.6 + 2.5.4-r2 + + + +

+ Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

+ Chris Evans reported multiple integer overflows in the expandtabs + method, as implemented by (1) the string_expandtabs function in + Objects/stringobject.c and (2) the unicode_expandtabs function in + Objects/unicodeobject.c. +

+ + +

+ A remote attacker could exploit these vulnerabilities in Python + applications or daemons that pass user-controlled input to vulnerable + functions. The security impact is currently unknown but may include the + execution of arbitrary code or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Python 2.5 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.4-r2" +

+ All Python 2.4 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.6" + + + CVE-2008-5031 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-01.xml new file mode 100644 index 0000000000..9be8336c40 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-01.xml @@ -0,0 +1,79 @@ + + + + + OpenSC: Multiple vulnerabilities + + Multiple vulnerabilities were found in OpenSC. + + opensc + August 01, 2009 + August 01, 2009: 01 + 260514 + 269920 + local + + + 0.11.8 + 0.11.8 + + + +

+ OpenSC provides a set of libraries and utilities to access smart cards. +

+ + +

+ Multiple vulnerabilities were found in OpenSC: +

+
    +
  • b.badrignans discovered that OpenSC incorrectly initialises private + data objects (CVE-2009-0368).
    • +
  • Miquel Comas Marti discovered + that src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used + with unspecified third-party PKCS#11 modules, generates RSA keys with + incorrect public exponents (CVE-2009-1603).
    • +
+ + +

+ The first vulnerabilty allows physically proximate attackers to bypass + intended PIN requirements and read private data objects. The second + vulnerability allows attackers to read the cleartext form of messages + that were intended to be encrypted. +

+

+ NOTE: Smart cards which were initialised using an affected version of + OpenSC need to be modified or re-initialised. See the vendor's advisory + for details. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.8" + + + CVE-2009-0368 + CVE-2009-1603 + OpenSC Security Advisory + + + keytoaster + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-02.xml new file mode 100644 index 0000000000..4884c598c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-02.xml @@ -0,0 +1,68 @@ + + + + + BIND: Denial of Service + + Dynamic Update packets can cause a Denial of Service in the BIND daemon. + + bind + August 01, 2009 + August 01, 2009: 01 + 279508 + remote + + + 9.4.3_p3 + 9.4.3_p3 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ Matthias Urlichs reported that the dns_db_findrdataset() function fails + when the prerequisite section of the dynamic update message contains a + record of type "ANY" and where at least one RRset for this FQDN exists + on the server. +

+ + +

+ A remote unauthenticated attacker could send a specially crafted + dynamic update message to the BIND daemon (named), leading to a Denial + of Service (daemon crash). This vulnerability affects all primary + (master) servers -- it is not limited to those that are configured to + allow dynamic updates. +

+ + +

+ Configure a firewall that performs Deep Packet Inspection to prevent + nsupdate messages from reaching named. Alternatively, expose only + secondary (slave) servers to untrusted networks. +

+ + +

+ All BIND users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p3" + + + CVE-2009-0696 + ISC advisory + + + rbu + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-03.xml new file mode 100644 index 0000000000..550b169859 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-03.xml @@ -0,0 +1,78 @@ + + + + + libTIFF: User-assisted execution of arbitrary code + + Multiple boundary checking vulnerabilities in libTIFF may allow for the + remote execution of arbitrary code. + + tiff + August 07, 2009 + August 07, 2009: 01 + 276339 + 276988 + remote + + + 3.8.2-r8 + 3.8.2-r8 + + + +

+ libTIFF provides support for reading and manipulating TIFF (Tagged + Image File Format) images. +

+ + +

+ Two vulnerabilities have been reported in libTIFF: +

+
    +
  • + wololo reported a buffer underflow in the LZWDecodeCompat() function + (CVE-2009-2285). +
    • +
  • + Tielei Wang of ICST-ERCIS, Peking University reported two integer + overflows leading to heap-based buffer overflows in the tiff2rgba and + rgb2ycbcr tools (CVE-2009-2347). +
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF or the tiff2rgba and + rgb2ycbcr tools, possibly resulting in the execution of arbitrary code + with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libTIFF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r8" + + + CVE-2009-2285 + CVE-2009-2347 + + + rbu + + + rbu + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-04.xml new file mode 100644 index 0000000000..5c97cfba12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-04.xml @@ -0,0 +1,113 @@ + + + + + Adobe products: Multiple vulnerabilities + + Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow for + attacks including the remote execution of arbitrary code. + + adobe-flash acroread + August 07, 2009 + August 07, 2009: 01 + 278813 + 278819 + remote + + + 10.0.32.18 + 10.0.32.18 + + + 9.1.3 + 9.1.3 + + + +

+ Adobe Flash Player is a closed-source playback software for Flash SWF + files. Adobe Reader is a closed-source PDF reader that plays Flash + content as well. +

+ + +

+ Multiple vulnerabilities have been reported in Adobe Flash Player: +

+
    +
  • lakehu of Tencent Security Center reported an unspecified + memory corruption vulnerability (CVE-2009-1862).
    • +
  • Mike Wroe + reported an unspecified vulnerability, related to "privilege + escalation" (CVE-2009-1863).
    • +
  • An anonymous researcher through + iDefense reported an unspecified heap-based buffer overflow + (CVE-2009-1864).
    • +
  • Chen Chen of Venustech reported an + unspecified "null pointer vulnerability" (CVE-2009-1865).
    • +
  • Chen + Chen of Venustech reported an unspecified stack-based buffer overflow + (CVE-2009-1866).
    • +
  • Joran Benker reported that Adobe Flash Player + facilitates "clickjacking" attacks (CVE-2009-1867).
    • +
  • Jun Mao of + iDefense reported a heap-based buffer overflow, related to URL parsing + (CVE-2009-1868).
    • +
  • Roee Hay of IBM Rational Application Security + reported an unspecified integer overflow (CVE-2009-1869).
    • +
  • Gareth Heyes and Microsoft Vulnerability Research reported that the + sandbox in Adobe Flash Player allows for information disclosure, when + "SWFs are saved to the hard drive" (CVE-2009-1870).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + file or web site containing Adobe Flash (SWF) contents, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application, or a Denial of Service (application + crash). Furthermore, a remote attacker could trick a user into clicking + a button on a dialog by supplying a specially crafted SWF file and + disclose sensitive information by exploiting a sandbox issue. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.32.18" +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.1.3" + + + CVE-2009-1862 + CVE-2009-1863 + CVE-2009-1864 + CVE-2009-1865 + CVE-2009-1866 + CVE-2009-1867 + CVE-2009-1868 + CVE-2009-1869 + CVE-2009-1870 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-05.xml new file mode 100644 index 0000000000..15c8b1b125 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-05.xml @@ -0,0 +1,68 @@ + + + + + Subversion: Remote execution of arbitrary code + + Multiple integer overflows, leading to heap-based buffer overflows in the + Subversion client and server might allow remote attackers to execute + arbitrary code. + + subversion + August 18, 2009 + August 18, 2009: 01 + 280494 + remote + + + 1.6.4 + 1.6.4 + + + +

+ Subversion is a versioning system designed to be a replacement for CVS. +

+ + +

+ Matt Lewis of Google reported multiple integer overflows in the + libsvn_delta library, possibly leading to heap-based buffer overflows. +

+ + +

+ A remote attacker with commit access could exploit this vulnerability + by sending a specially crafted commit to a Subversion server, or a + remote attacker could entice a user to check out or update a repository + from a malicious Subversion server, possibly resulting in the execution + of arbitrary code with the privileges of the user running the server or + client. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Subversion users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/subversion-1.6.4" + + + CVE-2009-2411 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-06.xml new file mode 100644 index 0000000000..66f5853120 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-06.xml @@ -0,0 +1,67 @@ + + + + + CDF: User-assisted execution of arbitrary code + + Multiple heap-based buffer overflows in CDF might result in the execution + of arbitrary code. + + cdf + August 18, 2009 + August 18, 2009: 01 + 278679 + remote + + + 3.3.0 + 3.3.0 + + + +

+ CDF is a library for the Common Data Format which is a self-describing + data format for the storage and manipulation of scalar and + multidimensional data. It is developed by the NASA. +

+ + +

+ Leon Juranic reported multiple heap-based buffer overflows for instance + in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and + CDFsel64() functions. +

+ + +

+ A remote attacker could entice a user to open a specially crafted CDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CDF users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-libs/cdf-3.3.0" + + + CVE-2009-2850 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-07.xml new file mode 100644 index 0000000000..7824f4eb66 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-07.xml @@ -0,0 +1,82 @@ + + + + + Perl Compress::Raw modules: Denial of Service + + An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might + lead to a Denial of Service. + + Compress-Raw-Zlib Compress-Raw-Bzip2 + August 18, 2009 + August 18, 2009: 01 + 273141 + 281955 + remote + + + 2.020 + 2.020 + + + 2.020 + 2.020 + + + +

+ Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level + interfaces to the zlib and bzip2 compression libraries. +

+ + +

+ Leo Bergolth reported an off-by-one error in the inflate() function in + Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer + overflow (CVE-2009-1391). +

+

+ Paul Marquess discovered a similar vulnerability in the bzinflate() + function in Bzip2.xs of Compress::Raw::Bzip2 (CVE-2009-1884). +

+ + +

+ A remote attacker might entice a user or automated system (for instance + running SpamAssassin or AMaViS) to process specially crafted files, + possibly resulting in a Denial of Service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Compress::Raw::Zlib users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=perl-core/Compress-Raw-Zlib-2.020" +

+ All Compress::Raw::Bzip2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=perl-core/Compress-Raw-Bzip2-2.020" + + + CVE-2009-1391 + CVE-2009-1884 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-08.xml new file mode 100644 index 0000000000..be457f7b88 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-08.xml @@ -0,0 +1,65 @@ + + + + + ISC DHCP: dhcpd Denial of Service + + dhcpd as included in the ISC DHCP implementation does not properly handle + special conditions, leading to a Denial of Service. + + dhcp + August 18, 2009 + August 18, 2009: 01 + 275231 + remote + + + 3.1.2_p1 + 3.1.2_p1 + + + +

+ ISC DHCP is the reference implementation of the Dynamic Host + Configuration Protocol as specified in RFC 2131. +

+ + +

+ Christoph Biedl discovered that dhcpd does not properly handle certain + DHCP requests when configured both using "dhcp-client-identifier" and + "hardware ethernet". +

+ + +

+ A remote attacker might send a specially crafted request to dhcpd, + possibly resulting in a Denial of Service (daemon crash). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ISC DHCP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1" + + + CVE-2009-1892 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-09.xml new file mode 100644 index 0000000000..efac18554a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-09.xml @@ -0,0 +1,66 @@ + + + + + DokuWiki: Local file inclusion + + An input sanitation error in DokuWiki might lead to the dislosure of local + files or even the remote execution of arbitrary code. + + dokuwiki + August 18, 2009 + August 19, 2009: 02 + 272431 + remote + + + 20090214b + 20090214b + + + +

+ DokuWiki is a standards compliant Wiki system written in PHP. +

+ + +

+ girex reported that data from the "config_cascade" parameter in + inc/init.php is not properly sanitized before being used. +

+ + +

+ A remote attacker could exploit this vulnerability to execute PHP code + from arbitrary local, or, when the used PHP version supports ftp:// + URLs, also from remote files via FTP. Furthermore, it is possible to + disclose the contents of local files. NOTE: Successful exploitation + requires the PHP option "register_globals" to be enabled. +

+ + +

+ Disable "register_globals" in php.ini. +

+ + +

+ All DokuWiki users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-2009-02-14b" + + + CVE-2009-1960 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-10.xml new file mode 100644 index 0000000000..c873822e2f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200908-10.xml @@ -0,0 +1,66 @@ + + + + + Dillo: User-assisted execution of arbitrary code + + An integer overflow in the PNG handling of Dillo might result in the remote + execution of arbitrary code. + + dillo + August 18, 2009 + August 18, 2009: 01 + 276432 + remote + + + 2.1.1 + 2.1.1 + + + +

+ Dillo is a graphical web browser known for its speed and small + footprint. +

+ + +

+ Tilei Wang reported an integer overflow in the Png_datainfo_callback() + function, possibly leading to a heap-based buffer overflow. +

+ + +

+ A remote attacker could entice a user to open an HTML document + containing a specially crafted, large PNG image, possibly resulting in + the execution of arbitrary code with the privileges of the user running + the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Dillo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/dillo-2.1.1" + + + CVE-2009-2294 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-01.xml new file mode 100644 index 0000000000..f806256507 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-01.xml @@ -0,0 +1,69 @@ + + + + + Linux-PAM: Privilege escalation + + An error in the handling of user names of Linux-PAM might allow remote + attackers to cause a Denial of Service or escalate privileges. + + pam + September 07, 2009 + September 07, 2009: 01 + 261512 + remote + + + 1.0.4 + 1.0.4 + + + +

+ Linux-PAM (Pluggable Authentication Modules) is an architecture + allowing the separation of the development of privilege granting + software from the development of secure and appropriate authentication + schemes. +

+ + +

+ Marcus Granado repoted that Linux-PAM does not properly handle user + names that contain Unicode characters. This is related to integer + signedness errors in the pam_StrTok() function in libpam/pam_misc.c. +

+ + +

+ A remote attacker could exploit this vulnerability to cause a Denial of + Service. A remote authenticated attacker could exploit this + vulnerability to log in to a system with the account of a user that has + a similar user name, but with non-ASCII characters. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Linux-PAM users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.0.4" + + + CVE-2009-0887 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-02.xml new file mode 100644 index 0000000000..b85a37b67a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-02.xml @@ -0,0 +1,67 @@ + + + + + libvorbis: User-assisted execution of arbitrary code + + A processing error in libvorbis might result in the execution of arbitrary + code or a Denial of Service. + + libvorbis + September 07, 2009 + September 07, 2009: 01 + 280590 + remote + + + 1.2.3 + 1.2.3 + + + +

+ libvorbis is the reference implementation of the Xiph.org Ogg Vorbis + audio file format. It is used by many applications for playback of Ogg + Vorbis files. +

+ + +

+ Lucas Adamski reported that libvorbis does not correctly process file + headers, related to static mode headers and encoding books. +

+ + +

+ A remote attacker could entice a user to play a specially crafted OGG + Vorbis file using an application that uses libvorbis, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libvorbis users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.3" + + + CVE-2009-2663 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-03.xml new file mode 100644 index 0000000000..bb3d37e9d2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-03.xml @@ -0,0 +1,81 @@ + + + + + Apache Portable Runtime, APR Utility Library: Execution of arbitrary code + + Multiple integer overflows in the Apache Portable Runtime and its Utility + Library might allow for the remote execution of arbitrary code. + + apr apr-util + September 09, 2009 + September 09, 2009: 01 + 280514 + remote + + + 1.3.8 + 1.3.8 + + + 1.3.9 + 1.3.9 + + + +

+ The Apache Portable Runtime (aka APR) provides a set of APIs for + creating platform-independent applications. The Apache Portable Runtime + Utility Library (aka APR-Util) provides an interface to functionality + such as XML parsing, string matching and databases connections. +

+ + +

+ Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), + apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of + APR-Util and in memory/unix/apr_pools.c of APR, both occurring when + aligning memory blocks. +

+ + +

+ A remote attacker could entice a user to connect to a malicious server + with software that uses the APR or act as a malicious client to a + server that uses the APR (such as Subversion or Apache servers), + possibly resulting in the execution of arbitrary code with the + privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Apache Portable Runtime users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.3.8" +

+ All APR Utility Library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.9" + + + CVE-2009-2412 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-04.xml new file mode 100644 index 0000000000..299013480f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-04.xml @@ -0,0 +1,87 @@ + + + + + Clam AntiVirus: Multiple vulnerabilities + + Multiple vulnerabilities in ClamAV allow for the remote execution of + arbitrary code or Denial of Service. + + clamav + September 09, 2009 + September 09, 2009: 01 + 264834 + 265545 + remote + + + 0.95.2 + 0.95.2 + + + +

+ Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +

+ + +

+ Multiple vulnerabilities have been found in ClamAV: +

+
    +
  • The + vendor reported a Divide-by-zero error in the PE ("Portable + Executable"; Windows .exe) file handling of ClamAV + (CVE-2008-6680).
    • +
  • Jeffrey Thomas Peckham found a flaw in + libclamav/untar.c, possibly resulting in an infinite loop when + processing TAR archives in clamd and clamscan (CVE-2009-1270).
    • +
  • Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro + in libclamav/others.h, when processing UPack archives + (CVE-2009-1371).
    • +
  • Nigel disclosed a stack-based buffer overflow + in the "cli_url_canon()" function in libclamav/phishcheck.c when + processing URLs (CVE-2009-1372).
    • +
+ + +

+ A remote attacker could entice a user or automated system to process a + specially crafted UPack archive or a file containing a specially + crafted URL, possibly resulting in the remote execution of arbitrary + code with the privileges of the user running the application, or a + Denial of Service. Furthermore, a remote attacker could cause a Denial + of Service by supplying a specially crafted TAR archive or PE + executable to a Clam AntiVirus instance. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Clam AntiVirus users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.95.2" + + + CVE-2008-6680 + CVE-2009-1270 + CVE-2009-1371 + CVE-2009-1372 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-05.xml new file mode 100644 index 0000000000..82c8bf2618 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-05.xml @@ -0,0 +1,75 @@ + + + + + Openswan: Denial of Service + + Multiple vulnerabilities in the pluto IKE daemon of Openswan might allow + remote attackers to cause a Denial of Service. + + openswan + September 09, 2009 + September 09, 2009: 01 + 264346 + 275233 + remote + + + 2.4.15 + 2.4.15 + + + +

+ Openswan is an implementation of IPsec for Linux. +

+ + +

+ Multiple vulnerabilities have been discovered in Openswan: +

+
    +
  • Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer + Detection of the pluto IKE daemon as included in Openswan + (CVE-2009-0790).
    • +
  • The Orange Labs vulnerability research team + discovered multiple vulnerabilities in the ASN.1 parser + (CVE-2009-2185).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by sending + specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially + crafted X.509 certificate containing a malicious Relative Distinguished + Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial + of Service of the pluto IKE daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Openswan users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.15" + + + CVE-2009-0790 + CVE-2009-2185 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-06.xml new file mode 100644 index 0000000000..9d85bdb48c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-06.xml @@ -0,0 +1,65 @@ + + + + + aMule: Parameter injection + + An input validation error in aMule enables remote attackers to pass + arbitrary parameters to a victim's media player. + + amule + September 09, 2009 + September 09, 2009: 01 + 268163 + remote + + + 2.2.5 + 2.2.5 + + + +

+ aMule is an eMule-like client for the eD2k and Kademlia networks, + supporting multiple platforms. +

+ + +

+ Sam Hocevar discovered that the aMule preview function does not + properly sanitize file names. +

+ + +

+ A remote attacker could entice a user to download a file with a + specially crafted file name to inject arbitrary arguments to the + victim's video player. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All aMule users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/amule-2.2.5" + + + CVE-2009-1440 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-07.xml new file mode 100644 index 0000000000..f45cfe1f87 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-07.xml @@ -0,0 +1,64 @@ + + + + + TkMan: Insecure temporary file usage + + An insecure temporary file usage has been reported in TkMan, allowing for + symlink attacks. + + tkman + September 09, 2009 + September 09, 2009: 01 + 247540 + local + + + 2.2-r1 + 2.2-r1 + + + +

+ TkMan is a graphical, hypertext manual page and Texinfo browser for + UNIX. +

+ + +

+ Dmitry E. Oboukhov reported that TkMan does not handle the + "/tmp/tkman#####" and "/tmp/ll" temporary files securely. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All TkMan users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/tkman-2.2-r1" + + + CVE-2008-5137 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-08.xml new file mode 100644 index 0000000000..dc3f4a866e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-08.xml @@ -0,0 +1,64 @@ + + + + + C* music player: Insecure temporary file usage + + An insecure temporary file usage has been reported in the C* music player, + allowing for symlink attacks. + + cmus + September 09, 2009 + September 09, 2009: 01 + 250474 + local + + + 2.2.0-r1 + 2.2.0-r1 + + + +

+ The C* Music Player (cmus) is a modular and very configurable + ncurses-based audio player. +

+ + +

+ Dmitry E. Oboukhov reported that cmus-status-display does not handle + the "/tmp/cmus-status" temporary file securely. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All C* music player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/cmus-2.2.0-r1" + + + CVE-2008-5375 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-09.xml new file mode 100644 index 0000000000..74310cddd8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-09.xml @@ -0,0 +1,64 @@ + + + + + Screenie: Insecure temporary file usage + + An insecure temporary file usage has been reported in Screenie, allowing + for symlink attacks. + + screenie + September 09, 2009 + September 09, 2009: 01 + 250476 + local + + + 1.30.0-r1 + 1.30.0-r1 + + + +

+ Screenie is a small screen frontend that is designed to be a session + handler. +

+ + +

+ Dmitry E. Oboukhov reported that Screenie does not handle + "/tmp/.screenie.#####" temporary files securely. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Screenie users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/screenie-1.30.0-r1" + + + CVE-2008-5371 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-10.xml new file mode 100644 index 0000000000..4d2ed89dc6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-10.xml @@ -0,0 +1,63 @@ + + + + + LMBench: Insecure temporary file usage + + Multiple insecure temporary file usage issues have been reported in + LMBench, allowing for symlink attacks. + + lmbench + September 09, 2009 + September 09, 2009: 01 + 246015 + local + + + 3 + + + +

+ LMBench is a suite of simple, portable benchmarks for UNIX platforms. +

+ + +

+ Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not + handle "/tmp/sdiff.#####" temporary files securely. NOTE: There might + be further occurances of insecure temporary file usage. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ LMBench has been removed from Portage. We recommend that users unmerge + LMBench: +

+ + # emerge --unmerge app-benchmarks/lmbench + + + CVE-2008-4968 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-11.xml new file mode 100644 index 0000000000..a97f216b3d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-11.xml @@ -0,0 +1,63 @@ + + + + + GCC-XML: Insecure temporary file usage + + An insecure temporary file usage has been reported in GCC-XML allowing for + symlink attacks. + + gccxml + September 09, 2009 + September 09, 2009: 01 + 245765 + local + + + 0.9.0_pre20090516 + 0.9.0_pre20090516 + + + +

+ GCC-XML is an XML output extension to the C++ front-end of GCC. +

+ + +

+ Dmitry E. Oboukhov reported that find_flags in GCC-XML does not handle + "/tmp/*.cxx" temporary files securely. +

+ + +

+ A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GCC-XML users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-cpp/gccxml-0.9.0_pre20090516" + + + CVE-2008-4957 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-12.xml new file mode 100644 index 0000000000..c0cf495b95 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-12.xml @@ -0,0 +1,70 @@ + + + + + HTMLDOC: User-assisted execution of arbitrary code + + Multiple insecure calls to the sscanf() function in HTMLDOC might result in + the execution of arbitrary code. + + htmldoc + September 12, 2009 + September 12, 2009: 01 + 278186 + remote + + + 1.8.27-r1 + 1.8.27-r1 + + + +

+ HTMLDOC is a HTML indexer and HTML to PS and PDF converter. +

+ + +

+ ANTHRAX666 reported an insecure call to the sscanf() function in the + set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian + Security Team found two more insecure calls in the write_type1() + function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in + htmldoc/htmllib.cxx. +

+ + +

+ A remote attacker could entice a user to process a specially crafted + HTML file using htmldoc, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. + NOTE: Additional vectors via specially crafted AFM font metric files do + not cross trust boundaries, as the files can only be modified by + privileged users. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All HTMLDOC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/htmldoc-1.8.27-r1" + + + CVE-2009-3050 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-13.xml new file mode 100644 index 0000000000..453b739952 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-13.xml @@ -0,0 +1,66 @@ + + + + + irssi: Execution of arbitrary code + + A remotely exploitable off-by-one error leading to a heap overflow was + found in irssi which might result in the execution of arbitrary code. + + irssi + September 12, 2009 + September 12, 2009: 01 + 271875 + remote + + + 0.8.13-r1 + 0.8.13-r1 + + + +

+ irssi is a modular textUI IRC client with IPv6 support. +

+ + +

+ Nemo discovered an off-by-one error leading to a heap overflow in + irssi's event_wallops() parsing function. +

+ + +

+ A remote attacker might entice a user to connect to a malicious IRC + server, use a man-in-the-middle attack to redirect a user to such a + server or use ircop rights to send a specially crafted WALLOPS message, + which might result in the execution of arbitrary code with the + privileges of the user running irssi. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All irssi users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/irssi-0.8.13-r1" + + + CVE-2009-1959 + + + a3li + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-14.xml new file mode 100644 index 0000000000..6c79d9fc7b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-14.xml @@ -0,0 +1,113 @@ + + + + + Horde: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Horde and two modules, + allowing for the execution of arbitrary code, information disclosure, or + Cross-Site Scripting. + + horde horde-imp horde-passwd + September 12, 2009 + September 12, 2009: 01 + 256125 + 262976 + 262978 + 277294 + remote + + + 3.3.4 + 3.3.4 + + + 4.3.4 + 4.3.4 + + + 3.1.1 + 3.1.1 + + + +

+ Horde is a web application framework written in PHP. Horde IMP, the + "Internet Messaging Program", is a Webmail module and Horde Passwd is a + password changing module for Horde. +

+ + +

+ Multiple vulnerabilities have been discovered in Horde: +

+
    +
  • Gunnar Wrobel reported an input sanitation and directory traversal + flaw in framework/Image/Image.php, related to the "Horde_Image driver + name" (CVE-2009-0932).
    • +
  • Gunnar Wrobel reported that data sent + to horde/services/portal/cloud_search.php is not properly sanitized + before used in the output (CVE-2009-0931).
    • +
  • It was reported + that data sent to framework/Text_Filter/Filter/xss.php is not properly + sanitized before used in the output (CVE-2008-5917).
    • +

+ Horde Passwd: David Wharton reported that data sent via the "backend" + parameter to passwd/main.php is not properly sanitized before used in + the output (CVE-2009-2360). +

+

+ Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, + and message.php is not properly sanitized before used in the output + (CVE-2009-0930). +

+ + +

+ A remote authenticated attacker could exploit these vulnerabilities to + execute arbitrary PHP files on the server, or disclose the content of + arbitrary files, both only if the file is readable to the web server. A + remote authenticated attacker could conduct Cross-Site Scripting + attacks. NOTE: Some Cross-Site Scripting vectors are limited to the + usage of Microsoft Internet Explorer. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Horde users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-3.3.4" +

+ All Horde IMP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-4.3.4" +

+ All Horde Passwd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-passwd-3.1.1" + + + CVE-2008-5917 + CVE-2009-0930 + CVE-2009-0931 + CVE-2009-0932 + CVE-2009-2360 + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-15.xml new file mode 100644 index 0000000000..ec7ca16776 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-15.xml @@ -0,0 +1,70 @@ + + + + + Lynx: Arbitrary command execution + + An incomplete fix for an issue related to the Lynx URL handler might allow + for the remote execution of arbitrary commands. + + lynx + September 12, 2009 + September 12, 2009: 01 + 243058 + remote + + + 2.8.6-r4 + 2.8.6-r4 + + + +

+ Lynx is a fully-featured WWW client for users running + cursor-addressable, character-cell display devices such as vt100 + terminals and terminal emulators. +

+ + +

+ Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) + only disabled the lynxcgi:// handler when not using the advanced mode. +

+ + +

+ A remote attacker can entice a user to access a malicious HTTP server, + causing Lynx to execute arbitrary commands. NOTE: The advanced mode is + not enabled by default. Successful exploitation requires the + "lynxcgi://" protocol to be registered with lynx on the victim's + system. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Lynx users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.6-r4" + + + CVE-2005-2929 + CVE-2008-4690 + GLSA 200511-09 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-16.xml new file mode 100644 index 0000000000..c053270552 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-16.xml @@ -0,0 +1,82 @@ + + + + + Wireshark: Denial of Service + + Multiple vulnerabilities have been discovered in Wireshark which allow for + Denial of Service. + + wireshark + September 13, 2009 + September 13, 2009: 01 + 278564 + remote + + + 1.2.1 + 1.2.1 + + + +

+ Wireshark is a versatile network protocol analyzer. +

+ + +

+ Multiple vulnerabilities were discovered in Wireshark: +

+
    +
  • A + buffer overflow in the IPMI dissector related to an array index error + (CVE-2009-2559).
    • +
  • Multiple unspecified vulnerabilities in the + Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560).
    • +
  • An unspecified vulnerability in the sFlow dissector + (CVE-2009-2561).
    • +
  • An unspecified vulnerability in the AFS + dissector (CVE-2009-2562).
    • +
  • An unspecified vulnerability in the + Infiniband dissector when running on unspecified platforms + (CVE-2009-2563).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file to cause a + Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.1" + + + CVE-2009-2559 + CVE-2009-2560 + CVE-2009-2561 + CVE-2009-2562 + CVE-2009-2563 + + + keytoaster + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-17.xml new file mode 100644 index 0000000000..97e06251d9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-17.xml @@ -0,0 +1,65 @@ + + + + + ZNC: Directory traversal + + A directory traversal was found in ZNC, allowing for overwriting of + arbitrary files. + + znc + September 13, 2009 + September 13, 2009: 01 + 278684 + remote + + + 0.074 + 0.074 + + + +

+ ZNC is an advanced IRC bouncer. +

+ + +

+ The vendor reported a directory traversal vulnerability when processing + DCC SEND requests. +

+ + +

+ A remote, authenticated user could send a specially crafted DCC SEND + request to overwrite arbitrary files with the privileges of the user + running ZNC, and possibly cause the execution of arbitrary code e.g. by + uploading a malicious ZNC module. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ZNC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/znc-0.074" + + + CVE-2009-2658 + + + keytoaster + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-18.xml new file mode 100644 index 0000000000..bee7433a0b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-18.xml @@ -0,0 +1,82 @@ + + + + + nginx: Remote execution of arbitrary code + + A buffer underflow vulnerability in the request URI processing of nginx + might enable remote attackers to execute arbitrary code or cause a Denial + of Service. + + nginx + September 18, 2009 + September 18, 2009: 01 + 285162 + remote + + + 0.5.38 + 0.6.39 + 0.7.62 + 0.7.62 + + + +

+ nginx is a robust, small and high performance HTTP and reverse proxy + server. +

+ + +

+ Chris Ries reported a heap-based buffer underflow in the + ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when + parsing the request URI. +

+ + +

+ A remote attacker might send a specially crafted request URI to a nginx + server, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the server, or a Denial of + Service. NOTE: By default, nginx runs as the "nginx" user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All nginx 0.5.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-0.5.38" +

+ All nginx 0.6.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-0.6.39" +

+ All nginx 0.7.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-0.7.62" + + + CVE-2009-2629 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-19.xml new file mode 100644 index 0000000000..0e8e82c9dd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-19.xml @@ -0,0 +1,76 @@ + + + + + Dnsmasq: Multiple vulnerabilities + + Multiple vulnerabilities in Dnsmasq might result in the remote execution of + arbitrary code, or a Denial of Service. + + dnsmasq + September 20, 2009 + September 20, 2009: 01 + 282653 + remote + + + 2.5.0 + 2.5.0 + + + +

+ Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP + server. It includes support for Trivial FTP (TFTP). +

+ + +

+ Multiple vulnerabilities have been reported in the TFTP functionality + included in Dnsmasq: +

+
    +
  • Pablo Jorge and Alberto Solino + discovered a heap-based buffer overflow (CVE-2009-2957).
    • +
  • An + anonymous researcher reported a NULL pointer reference + (CVE-2009-2958).
    • +
+ + +

+ A remote attacker in the local network could exploit these + vulnerabilities by sending specially crafted TFTP requests to a machine + running Dnsmasq, possibly resulting in the remote execution of + arbitrary code with the privileges of the user running the daemon, or a + Denial of Service. NOTE: The TFTP server is not enabled by default. +

+ + +

+ You can disable the TFTP server either at buildtime by not enabling the + "tftp" USE flag, or at runtime. Make sure "--enable-tftp" is not set in + the DNSMASQ_OPTS variable in the /etc/conf.d/dnsmasq file and + "enable-tftp" is not set in /etc/dnsmasq.conf, either of which would + enable TFTP support if it is compiled in. +

+ + +

+ All Dnsmasq users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.5.0" + + + CVE-2009-2957 + CVE-2009-2958 + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-20.xml new file mode 100644 index 0000000000..b3fedc8ccf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200909-20.xml @@ -0,0 +1,68 @@ + + + + + cURL: Certificate validation error + + An error in the X.509 certificate handling of cURL might enable remote + attackers to conduct man-in-the-middle attacks. + + curl + September 25, 2009 + September 25, 2009: 01 + 281515 + remote + + + 7.19.6 + 7.19.6 + + + +

+ cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +

+ + +

+ Scott Cantor reported that cURL does not properly handle fields in + X.509 certificates that contain an ASCII NUL (\0) character. + Specifically, the processing of such fields is stopped at the first + occurence of a NUL character. This type of vulnerability was recently + discovered by Dan Kaminsky and Moxie Marlinspike. +

+ + +

+ A remote attacker might employ a specially crafted X.509 certificate + (that for instance contains a NUL character in the Common Name field) + to conduct man-in-the-middle attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All cURL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.19.6" + + + CVE-2009-2417 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-01.xml new file mode 100644 index 0000000000..4b2010afa8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-01.xml @@ -0,0 +1,68 @@ + + + + + Wget: Certificate validation error + + An error in the X.509 certificate handling of Wget might enable remote + attackers to conduct man-in-the-middle attacks. + + wget + October 20, 2009 + October 20, 2009: 01 + 286058 + remote + + + 1.12 + 1.12 + + + +

+ GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +

+ + +

+ The vendor reported that Wget does not properly handle Common Name (CN) + fields in X.509 certificates that contain an ASCII NUL (\0) character. + Specifically, the processing of such fields is stopped at the first + occurrence of a NUL character. This type of vulnerability was recently + discovered by Dan Kaminsky and Moxie Marlinspike. +

+ + +

+ A remote attacker might employ a specially crafted X.509 certificate, + containing a NUL character in the Common Name field to conduct + man-in-the-middle attacks on SSL connections made using Wget. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wget users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wget-1.12" + + + CVE-2009-3490 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-02.xml new file mode 100644 index 0000000000..d901ff1f45 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-02.xml @@ -0,0 +1,90 @@ + + + + + Pidgin: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Pidgin, leading to the + remote execution of arbitrary code, unauthorized information disclosure, or + Denial of Service. + + pidgin + October 22, 2009 + October 22, 2009: 01 + 276000 + 281545 + 283324 + remote + + + 2.5.9-r1 + 2.5.9-r1 + + + +

+ Pidgin is a client for a variety of instant messaging protocols. +

+ + +

+ Multiple vulnerabilities were found in Pidgin: +

+
    +
  • Yuriy + Kaminskiy reported that the OSCAR protocol implementation in Pidgin + misinterprets the ICQWebMessage message type as the ICQSMS message + type, triggering an allocation of a large amount of memory + (CVE-2009-1889).
    • +
  • Federico Muttis of Core Security Technologies + reported that the msn_slplink_process_msg() function in + libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin + doesn't properly process incoming SLP messages, triggering an overwrite + of an arbitrary memory location (CVE-2009-2694). NOTE: This issue + reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA + 200905-07).
    • +
  • bugdave reported that protocols/jabber/auth.c in + libpurple as used in Pidgin does not follow the "require TSL/SSL" + preference when connecting to older Jabber servers that do not follow + the XMPP specification, resulting in a connection to the server without + the expected encryption (CVE-2009-3026).
    • +
+ + +

+ A remote attacker could send specially crafted SLP (via MSN) or ICQ web + messages, possibly leading to execution of arbitrary code with the + privileges of the user running Pidgin, unauthorized information + disclosure, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Pidgin users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.9-r1" + + + CVE-2009-1376 + CVE-2009-1889 + CVE-2009-2694 + CVE-2009-3026 + GLSA 200905-07 + + + a3li + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-03.xml new file mode 100644 index 0000000000..f3e319559c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200910-03.xml @@ -0,0 +1,89 @@ + + + + + Adobe Reader: Multiple vulnerabilities + + Multiple vulnerabilities in Adobe Reader might result in the execution of + arbitrary code, or other attacks. + + acroread + October 25, 2009 + October 25, 2009: 01 + 289016 + remote + + + 9.2 + 9.2 + + + +

+ Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +

+ + +

+ Multiple vulnerabilities were discovered in Adobe Reader. For further + information please consult the CVE entries and the Adobe Security + Bulletin referenced below. +

+ + +

+ A remote attacker might entice a user to open a specially crafted PDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, Denial of Service, the + creation of arbitrary files on the victim's system, "Trust Manager" + bypass, or social engineering attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.2" + + + APSB09-15 + CVE-2007-0045 + CVE-2007-0048 + CVE-2009-2979 + CVE-2009-2980 + CVE-2009-2981 + CVE-2009-2982 + CVE-2009-2983 + CVE-2009-2985 + CVE-2009-2986 + CVE-2009-2988 + CVE-2009-2990 + CVE-2009-2991 + CVE-2009-2993 + CVE-2009-2994 + CVE-2009-2996 + CVE-2009-2997 + CVE-2009-2998 + CVE-2009-3431 + CVE-2009-3458 + CVE-2009-3459 + CVE-2009-3462 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-01.xml new file mode 100644 index 0000000000..5c5056b980 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-01.xml @@ -0,0 +1,94 @@ + + + + + Horde: Multiple vulnerabilities + + Multiple vulnerabilities in the Horde Application Framework can allow for + arbitrary files to be overwritten and cross-site scripting attacks. + + horde horde-webmail horde-groupware + November 06, 2009 + November 06, 2009: 01 + 285052 + remote + + + 3.3.5 + 3.3.5 + + + 1.2.4 + 1.2.4 + + + 1.2.4 + 1.2.4 + + + +

+ Horde is a web application framework written in PHP. +

+ + +

+ Multiple vulnerabilities have been discovered in Horde: +

+
    +
  • Stefan Esser of Sektion1 reported an error within the form library + when handling image form fields (CVE-2009-3236).
    • +
  • Martin + Geisler and David Wharton reported that an error exists in the MIME + viewer library when viewing unknown text parts and the preferences + system in services/prefs.php when handling number preferences + (CVE-2009-3237).
    • +
+ + +

+ A remote authenticated attacker could exploit these vulnerabilities to + overwrite arbitrary files on the server, provided that the user has + write permissions. A remote authenticated attacker could conduct + Cross-Site Scripting attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Horde users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-3.3.5" +

+ All Horde webmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-webmail-1.2.4" +

+ All Horde groupware users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/horde-groupware-1.2.4" + + + CVE-2009-3236 + CVE-2009-3237 + + + keytoaster + + + chainsaw + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-02.xml new file mode 100644 index 0000000000..b48ddf25ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-02.xml @@ -0,0 +1,238 @@ + + + + + Sun JDK/JRE: Multiple vulnerabilities + + Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks, + including the remote execution of arbitrary code. + + sun-jre-bin sun-jdk emul-linux-x86-java blackdown-jre blackdown-jdk + November 17, 2009 + November 17, 2009: 01 + 182824 + 231337 + 250012 + 263810 + 280409 + 291817 + remote + + + 1.5.0.22 + 1.6.0.17 + 1.6.0.17 + + + 1.5.0.22 + 1.6.0.17 + 1.6.0.17 + + + 1.4.2.03-r14 + + + 1.4.2.03-r16 + + + 1.5.0.22 + 1.6.0.17 + 1.6.0.17 + + + +

+ The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment + (JRE) provide the Sun Java platform. +

+ + +

+ Multiple vulnerabilities have been reported in the Sun Java + implementation. Please review the CVE identifiers referenced below and + the associated Sun Alerts for details. +

+ + +

+ A remote attacker could entice a user to open a specially crafted JAR + archive, applet, or Java Web Start application, possibly resulting in + the execution of arbitrary code with the privileges of the user running + the application. Furthermore, a remote attacker could cause a Denial of + Service affecting multiple services via several vectors, disclose + information and memory contents, write or execute local files, conduct + session hijacking attacks via GIFAR files, steal cookies, bypass the + same-origin policy, load untrusted JAR files, establish network + connections to arbitrary hosts and posts via several vectors, modify + the list of supported graphics configurations, bypass HMAC-based + authentication systems, escalate privileges via several vectors and + cause applet code to be executed with older, possibly vulnerable + versions of the JRE. +

+

+ NOTE: Some vulnerabilities require a trusted environment, user + interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Sun JRE 1.5.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.5.0.22" +

+ All Sun JRE 1.6.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.17" +

+ All Sun JDK 1.5.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.5.0.22" +

+ All Sun JDK 1.6.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.17" +

+ All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.5.0.22" +

+ All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.17" +

+ All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and + precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge + Java 1.4: +

+ + # emerge --unmerge =app-emulation/emul-linux-x86-java-1.4* + # emerge --unmerge =dev-java/sun-jre-bin-1.4* + # emerge --unmerge =dev-java/sun-jdk-1.4* + # emerge --unmerge dev-java/blackdown-jdk + # emerge --unmerge dev-java/blackdown-jre +

+ Gentoo is ceasing support for the 1.4 generation of the Sun Java + Platform in accordance with upstream. All 1.4 JRE and JDK versions are + masked and will be removed shortly. +

+ + + CVE-2008-2086 + CVE-2008-3103 + CVE-2008-3104 + CVE-2008-3105 + CVE-2008-3106 + CVE-2008-3107 + CVE-2008-3108 + CVE-2008-3109 + CVE-2008-3110 + CVE-2008-3111 + CVE-2008-3112 + CVE-2008-3113 + CVE-2008-3114 + CVE-2008-3115 + CVE-2008-5339 + CVE-2008-5340 + CVE-2008-5341 + CVE-2008-5342 + CVE-2008-5343 + CVE-2008-5344 + CVE-2008-5345 + CVE-2008-5346 + CVE-2008-5347 + CVE-2008-5348 + CVE-2008-5349 + CVE-2008-5350 + CVE-2008-5351 + CVE-2008-5352 + CVE-2008-5353 + CVE-2008-5354 + CVE-2008-5355 + CVE-2008-5356 + CVE-2008-5357 + CVE-2008-5358 + CVE-2008-5359 + CVE-2008-5360 + CVE-2009-1093 + CVE-2009-1094 + CVE-2009-1095 + CVE-2009-1096 + CVE-2009-1097 + CVE-2009-1098 + CVE-2009-1099 + CVE-2009-1100 + CVE-2009-1101 + CVE-2009-1102 + CVE-2009-1103 + CVE-2009-1104 + CVE-2009-1105 + CVE-2009-1106 + CVE-2009-1107 + CVE-2009-2409 + CVE-2009-2475 + CVE-2009-2476 + CVE-2009-2670 + CVE-2009-2671 + CVE-2009-2672 + CVE-2009-2673 + CVE-2009-2674 + CVE-2009-2675 + CVE-2009-2676 + CVE-2009-2689 + CVE-2009-2690 + CVE-2009-2716 + CVE-2009-2718 + CVE-2009-2719 + CVE-2009-2720 + CVE-2009-2721 + CVE-2009-2722 + CVE-2009-2723 + CVE-2009-2724 + CVE-2009-3728 + CVE-2009-3729 + CVE-2009-3865 + CVE-2009-3866 + CVE-2009-3867 + CVE-2009-3868 + CVE-2009-3869 + CVE-2009-3871 + CVE-2009-3872 + CVE-2009-3873 + CVE-2009-3874 + CVE-2009-3875 + CVE-2009-3876 + CVE-2009-3877 + CVE-2009-3879 + CVE-2009-3880 + CVE-2009-3881 + CVE-2009-3882 + CVE-2009-3883 + CVE-2009-3884 + CVE-2009-3886 + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-03.xml new file mode 100644 index 0000000000..01a296a2cd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-03.xml @@ -0,0 +1,97 @@ + + + + + UW IMAP toolkit: Multiple vulnerabilities + + Multiple vulnerabilities have been found in the UW IMAP toolkit and the + c-client library, the worst of which leading to the execution of arbitrary + code. + + c-client uw-imap + November 25, 2009 + November 25, 2009: 01 + 245425 + 252567 + remote + + + 2007e + 2007e + + + 2007e + 2007e + + + +

+ The UW IMAP toolkit is a daemon for the IMAP and POP3 network mail + protocols. The c-client library provides an API for IMAP, POP3 and + other protocols. +

+ + +

+ Multiple vulnerabilities were found in the UW IMAP toolkit: +

+
    +
  • Aron Andersson and Jan Sahlin of Bitsec reported boundary errors in + the "tmail" and "dmail" utilities when processing overly long mailbox + names, leading to stack-based buffer overflows (CVE-2008-5005).
    • +
  • An error in smtp.c in the c-client library was found, leading to a + NULL pointer dereference vulnerability (CVE-2008-5006).
    • +
  • Ludwig + Nussel reported an off-by-one error in the rfc822_output_char() + function in the RFC822BUFFER routines in the c-client library, as used + by the UW IMAP toolkit (CVE-2008-5514).
    • +
+ + +

+ A remote attacker could send an e-mail to a destination mailbox name + composed of a username and '+' character followed by a long string, + possibly leading to the execution of arbitrary code. A local attacker + could gain privileges by specifying a long folder extension argument to + the tmail or dmail program. Furthermore, a remote attacker could send a + specially crafted mail message to the UW IMAP toolkit or another daemon + using the c-client library, leading to a Denial of Service. A remote + SMTP server could respond to the QUIT command with a close of the TCP + connection instead of the expected 221 response code, possibly leading + to a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All c-client library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/c-client-2007e" +

+ All UW IMAP toolkit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2007e" + + + CVE-2008-5005 + CVE-2008-5006 + CVE-2008-5514 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-04.xml new file mode 100644 index 0000000000..eb30656fe7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-04.xml @@ -0,0 +1,66 @@ + + + + + dstat: Untrusted search path + + An untrusted search path vulnerability in the dstat might result in the + execution of arbitrary code. + + dstat + November 25, 2009 + November 25, 2009: 01 + 293497 + local + + + 0.6.9-r1 + 0.6.9-r1 + + + +

+ dstat is a versatile system resource monitor written in Python. +

+ + +

+ Robert Buchholz of the Gentoo Security Team reported that dstat + includes the current working directory and subdirectories in the Python + module search path (sys.path) before calling "import". +

+ + +

+ A local attacker could entice a user to run "dstat" from a directory + containing a specially crafted Python module, resulting in the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ Do not run "dstat" from untrusted working directories. +

+ + +

+ All dstat users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dstat-0.6.9-r1" + + + CVE-2009-3894 + + + rbu + + + rbu + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-05.xml new file mode 100644 index 0000000000..c552866f23 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-05.xml @@ -0,0 +1,86 @@ + + + + + Wireshark: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Wireshark, allowing for + the remote execution of arbitrary code, or Denial of Service. + + wireshark + November 25, 2009 + November 25, 2009: 01 + 285280 + 290710 + remote + + + 1.2.3 + 1.2.3 + + + +

+ Wireshark is a versatile network protocol analyzer. +

+ + +

+ Multiple vulnerabilities have been discovered in Wireshark: +

+
  • Ryan Giobbi reported an integer overflow in wiretap/erf.c + (CVE-2009-3829).
    • +
  • The vendor reported multiple unspecified + vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors + (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in + the GSM A RR dissector (CVE-2009-3242), in the TLS dissector + (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the + DCERPC/NT dissector (CVE-2009-3550), and in the + dissect_negprot_response() function in packet-smb.c in the SMB + dissector (CVE-2009-3551).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted "erf" + file using Wireshark, possibly resulting in the execution of arbitrary + code with the privileges of the user running the application. A remote + attacker could furthermore send specially crafted packets on a network + being monitored by Wireshark or entice a user to open a malformed + packet trace file using Wireshark, possibly resulting in a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.3" + + + CVE-2009-2560 + CVE-2009-3241 + CVE-2009-3242 + CVE-2009-3243 + CVE-2009-3549 + CVE-2009-3550 + CVE-2009-3551 + CVE-2009-3829 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-06.xml new file mode 100644 index 0000000000..30adba6d3b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200911-06.xml @@ -0,0 +1,69 @@ + + + + + PEAR Net_Traceroute: Command injection + + An input sanitation error in PEAR Net_Traceroute might allow remote + attackers to execute arbitrary commands. + + PEAR-Net_Traceroute + November 26, 2009 + November 26, 2009: 01 + 294264 + remote + + + 0.21.2 + 0.21.2 + + + +

+ PEAR Net_Traceroute is an OS independent wrapper class for executing + traceroute calls from PHP. +

+ + +

+ Pasquale Imperato reported that the $host parameter to the traceroute() + function in Traceroute.php is not properly sanitized before being + passed to exec(). +

+ + +

+ A remote attacker could exploit this vulnerability when user input is + passed directly to PEAR Net_Traceroute in a PHP script, possibly + resulting in the remote execution of arbitrary shell commands with the + privileges of the user running the affected PHP script. +

+ + +

+ Ensure that all data that is passed to the traceroute() function is + properly shell escaped (for instance using the escapeshellcmd() + function). +

+ + +

+ All PEAR Net_Traceroute users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Net_Traceroute-0.21.2" + + + CVE-2009-4025 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-01.xml new file mode 100644 index 0000000000..8dc3dff843 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-01.xml @@ -0,0 +1,95 @@ + + + + + OpenSSL: Multiple vulnerabilities + + Multiple vulnerabilities in OpenSSL might allow remote attackers to conduct + multiple attacks, including the injection of arbitrary data into encrypted + byte streams. + + openssl + December 01, 2009 + December 02, 2009: 02 + 270305 + 280591 + 292022 + remote + + + 0.9.8l-r2 + 0.9.8l-r2 + + + +

+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

+ Multiple vulnerabilities have been reported in OpenSSL: +

+
    +
  • Marsh Ray of PhoneFactor and Martin Rex of SAP independently + reported that the TLS protocol does not properly handle session + renegotiation requests (CVE-2009-3555).
    • +
  • The MD2 hash algorithm is no longer considered to be + cryptographically strong, as demonstrated by Dan Kaminsky. Certificates + using this algorithm are no longer accepted (CVE-2009-2409).
    • +
  • Daniel Mentz and Robin Seggelmann reported the following + vulnerabilities related to DTLS: A use-after-free flaw (CVE-2009-1379) + and a NULL pointer dereference (CVE-2009-1387) in the + dtls1_retrieve_buffered_fragment() function in src/d1_both.c, multiple + memory leaks in the dtls1_process_out_of_seq_message() function in + src/d1_both.c (CVE-2009-1378), and a processing error related to a + large amount of DTLS records with a future epoch in the + dtls1_buffer_record() function in ssl/d1_pkt.c + (CVE-2009-1377).
    • +
+ + +

+ A remote unauthenticated attacker, acting as a Man in the Middle, could + inject arbitrary plain text into a TLS session, possibly leading to the + ability to send requests as if authenticated as the victim. A remote + attacker could furthermore send specially crafted DTLS packages to a + service using OpenSSL for DTLS support, possibly resulting in a Denial + of Service. Also, a remote attacker might be able to create rogue + certificates, facilitated by a MD2 collision. NOTE: The amount of + computation needed for this attack is still very large. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8l-r2" + + + CVE-2009-1377 + CVE-2009-1378 + CVE-2009-1379 + CVE-2009-1387 + CVE-2009-2409 + CVE-2009-3555 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-02.xml new file mode 100644 index 0000000000..6dcaa2500b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200912-02.xml @@ -0,0 +1,116 @@ + + + + + Ruby on Rails: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Rails, the worst of which + leading to the execution of arbitrary SQL statements. + + rails + December 20, 2009 + December 20, 2009: 01 + 200159 + 237385 + 247549 + 276279 + 283396 + 294797 + remote + + + 2.3.5 + 2.2.3-r1 + 2.2.2 + + + +

+ Ruby on Rails is a web-application and persistence framework. +

+ + +

+ The following vulnerabilities were discovered: +

+
    +
  • sameer + reported that lib/action_controller/cgi_process.rb removes the + :cookie_only attribute from the default session options + (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA + 200711-17).
    • +
  • Tobias Schlottke reported that the :limit and + :offset parameters of ActiveRecord::Base.find() are not properly + sanitized before being processed (CVE-2008-4094).
    • +
  • Steve from + Coderrr reported that the CRSF protection in protect_from_forgery() + does not parse the text/plain MIME format (CVE-2008-7248).
    • +
  • Nate reported a documentation error that leads to the assumption + that a block returning nil passed to + authenticate_or_request_with_http_digest() would deny access to the + requested resource (CVE-2009-2422).
    • +
  • Brian Mastenbrook reported + an input sanitation flaw, related to multibyte characters + (CVE-2009-3009).
    • +
  • Gabe da Silveira reported an input sanitation + flaw in the strip_tags() function (CVE-2009-4214).
    • +
  • Coda Hale + reported an information disclosure vulnerability related to HMAC + digests (CVE-2009-3086).
    • +
+ + +

+ A remote attacker could send specially crafted requests to a vulnerable + application, possibly leading to the execution of arbitrary SQL + statements or a circumvention of access control. A remote attacker + could also conduct session fixation attacks to hijack a user's session + or bypass the CSRF protection mechanism, or furthermore conduct + Cross-Site Scripting attacks or forge a digest via multiple attempts. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby on Rails 2.3.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rails-2.3.5" +

+ All Ruby on Rails 2.2.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose "=dev-ruby/rails-2.2.3-r1" +

+ NOTE: All applications using Ruby on Rails should also be configured to + use the latest version available by running "rake rails:update" inside + the application directory. +

+ + + CVE-2007-5380 + CVE-2007-6077 + CVE-2008-4094 + CVE-2008-7248 + CVE-2009-2422 + CVE-2009-3009 + CVE-2009-3086 + CVE-2009-4214 + GLSA 200711-17 + + + keytoaster + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-01.xml new file mode 100644 index 0000000000..4e4e73dd19 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-01.xml @@ -0,0 +1,66 @@ + + + + + NTP: Denial of Service + + A Denial of Service condition in ntpd can cause excessive CPU or bandwidth + consumption. + + ntp + January 03, 2010 + January 03, 2010: 01 + 290881 + remote + + + 4.2.4_p7-r1 + 4.2.4_p7-r1 + + + +

+ NTP is a set of the Network Time Protocol programs. +

+ + +

+ Robin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd + does not handle MODE_PRIVATE packets correctly, causing a continuous + exchange of MODE_PRIVATE error responses between two NTP daemons or + causing high CPU load on a single host. +

+ + +

+ A remote, unauthenticated attacker could send a specially crafted + MODE_PRIVATE packet, allowing for a Denial of Service condition (CPU + and bandwidth consumption). +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All NTP users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7-r1" + + + CVE-2009-3563 + + + craig + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-02.xml new file mode 100644 index 0000000000..cae51109c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-02.xml @@ -0,0 +1,83 @@ + + + + + Adobe Flash Player: Multiple vulnerabilities + + Multiple vulnerabilities in Adobe Flash Player might allow remote attackers + to execute arbitrary code or cause a Denial of Service. + + adobe-flash + January 03, 2010 + January 03, 2010: 01 + 296407 + remote + + + 10.0.42.34 + 10.0.42.34 + + + +

+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

+ Multiple vulnerabilities have been discovered in Adobe Flash Player: +

+
  • An anonymous researcher working with the Zero Day + Initiative reported that Adobe Flash Player does not properly process + JPEG files (CVE-2009-3794).
    • +
  • Jim Cheng of EffectiveUI reported + an unspecified data injection vulnerability (CVE-2009-3796).
    • +
  • Bing Liu of Fortinet's FortiGuard Labs reported multiple + unspecified memory corruption vulnerabilities (CVE-2009-3797, + CVE-2009-3798).
    • +
  • Damian Put reported an integer overflow in the + Verifier::parseExceptionHandlers() function (CVE-2009-3799).
    • +
  • Will Dormann of CERT reported multiple unspecified Denial of + Service vulnerabilities (CVE-2009-3800).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in the remote execution of arbitrary code with + the privileges of the user running the application, or a Denial of + Service via unknown vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.42.34" + + + CVE-2009-3794 + CVE-2009-3796 + CVE-2009-3797 + CVE-2009-3798 + CVE-2009-3799 + CVE-2009-3800 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-03.xml new file mode 100644 index 0000000000..87637c014f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-03.xml @@ -0,0 +1,116 @@ + + + + + PHP: Multiple vulnerabilities + + Multiple vulnerabilities were found in PHP, the worst of which leading to + the remote execution of arbitrary code. + + php + January 05, 2010 + January 05, 2010: 01 + 249875 + 255121 + 260576 + 261192 + 266125 + 274670 + 280602 + 285434 + 292132 + 293888 + 297369 + 297370 + local remote + + + 5.2.12 + 5.2.12 + + + +

+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

+ Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below and the associated PHP release notes + for details. +

+ + +

+ A context-dependent attacker could execute arbitrary code via a + specially crafted string containing an HTML entity when the mbstring + extension is enabled. Furthermore a remote attacker could execute + arbitrary code via a specially crafted GD graphics file. +

+

+ A remote attacker could also cause a Denial of Service via a malformed + string passed to the json_decode() function, via a specially crafted + ZIP file passed to the php_zip_make_relative_path() function, via a + malformed JPEG image passed to the exif_read_data() function, or via + temporary file exhaustion. It is also possible for an attacker to spoof + certificates, bypass various safe_mode and open_basedir restrictions + when certain criteria are met, perform Cross-site scripting attacks, + more easily perform SQL injection attacks, manipulate settings of other + virtual hosts on the same server via a malicious .htaccess entry when + running on Apache, disclose memory portions, and write arbitrary files + via a specially crafted ZIP archive. Some vulnerabilities with unknown + impact and attack vectors have been reported as well. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PHP users should upgrade to the latest version. As PHP is + statically linked against a vulnerable version of the c-client library + when the imap or kolab USE flag is enabled (GLSA 200911-03), users + should upgrade net-libs/c-client beforehand: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/c-client-2007e" + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.12" + + + CVE-2008-5498 + CVE-2008-5514 + CVE-2008-5557 + CVE-2008-5624 + CVE-2008-5625 + CVE-2008-5658 + CVE-2008-5814 + CVE-2008-5844 + CVE-2008-7002 + CVE-2009-0754 + CVE-2009-1271 + CVE-2009-1272 + CVE-2009-2626 + CVE-2009-2687 + CVE-2009-3291 + CVE-2009-3292 + CVE-2009-3293 + CVE-2009-3546 + CVE-2009-3557 + CVE-2009-3558 + CVE-2009-4017 + CVE-2009-4142 + CVE-2009-4143 + GLSA 200911-03 + + + keytoaster + + + rbu + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-04.xml new file mode 100644 index 0000000000..58a3ffc71b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-04.xml @@ -0,0 +1,105 @@ + + + + + VirtualBox: Multiple vulnerabilities + + Multiple vulnerabilities in VirtualBox were found, the worst of which + allowing for privilege escalation. + + virtualbox-bin virtualbox-ose virtualbox-guest-additions virtualbox-ose-additions + January 13, 2010 + January 13, 2010: 01 + 288836 + 294678 + local + + + 3.0.12 + 3.0.12 + + + 3.0.12 + 3.0.12 + + + 3.0.12 + 3.0.12 + + + 3.0.12 + 3.0.12 + + + +

+ The VirtualBox family provides powerful x86 virtualization products. +

+ + +

+ Thomas Biege of SUSE discovered multiple vulnerabilities: +

+
  • A shell metacharacter injection in popen() (CVE-2009-3692) and + a possible buffer overflow in strncpy() in the VBoxNetAdpCtl + configuration tool.
    • +
  • An unspecified vulnerability in VirtualBox + Guest Additions (CVE-2009-3940).
    • +
+ + +

+ A local, unprivileged attacker with the permission to run VirtualBox + could gain root privileges. A guest OS local user could cause a Denial + of Service (memory consumption) on the guest OS via unknown vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All users of the binary version of VirtualBox should upgrade to the + latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-bin-3.0.12" +

+ All users of the Open Source version of VirtualBox should upgrade to + the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-3.0.12" +

+ All users of the binary VirtualBox Guest Additions should upgrade to + the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-guest-additions-3.0.12" +

+ All users of the Open Source VirtualBox Guest Additions should upgrade + to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-additions-3.0.12" + + + CVE-2009-3692 + CVE-2009-3940 + + + craig + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-05.xml new file mode 100644 index 0000000000..8fc1176660 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-05.xml @@ -0,0 +1,67 @@ + + + + + net-snmp: Authorization bypass + + A remote attacker can bypass the tcp-wrappers client authorization in + net-snmp. + + net-snmp + January 13, 2010 + January 13, 2010: 01 + 250429 + remote + + + 5.4.2.1-r1 + 5.4.2.1-r1 + + + +

+ net-snmp bundles software for generating and retrieving SNMP data. +

+ + +

+ The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when + using TCP wrappers for client authorization, does not properly parse + hosts.allow rules. +

+ + +

+ A remote, unauthenticated attacker could bypass the ACL filtering, + possibly resulting in the execution of arbitrary SNMP queries. +

+ + +

+ If possible, protect net-snmp with custom iptables rules: +

+ + iptables -s [client] -d [host] -p udp --dport 161 -j ACCEPT + iptables -s 0.0.0.0/0 -d [host] -p udp --dport 161 -j DROP + + +

+ All net-snmp users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1-r1" + + + CVE-2008-6123 + + + craig + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-06.xml new file mode 100644 index 0000000000..b651e3b086 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-06.xml @@ -0,0 +1,68 @@ + + + + + aria2: Multiple vulnerabilities + + A buffer overflow and a format string vulnerability in aria2 allow remote + attackers to execute arbitrary code. + + aria2 + January 13, 2010 + January 13, 2010: 01 + 288291 + remote + + + 1.6.3 + 1.6.3 + + + +

+ aria2 is a download utility with resuming and segmented downloading + with HTTP/HTTPS/FTP/BitTorrent support. +

+ + +

+ Tatsuhiro Tsujikawa reported a buffer overflow in + DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string + vulnerability in the AbstractCommand::onAbort() function in + src/AbstractCommand.cc (CVE-2009-3617). +

+ + +

+ A remote, unauthenticated attacker could possibly execute arbitrary + code with the privileges of the user running the application or cause a + Denial of Service (application crash). +

+ + +

+ Do not use DHT (CVE-2009-3575) and disable logging (CVE-2009-3617). +

+ + +

+ All aria2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/aria2-1.6.3" + + + CVE-2009-3575 + CVE-2009-3617 + + + keytoaster + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-07.xml new file mode 100644 index 0000000000..5d5daba25c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-07.xml @@ -0,0 +1,66 @@ + + + + + Blender: Untrusted search path + + An untrusted search path vulnerability in Blender might result in the + execution of arbitrary code. + + blender + January 13, 2010 + January 13, 2010: 01 + 245310 + local + + + 2.48a-r3 + 2.48a-r3 + + + +

+ Blender is a 3D Creation/Animation/Publishing System. +

+ + +

+ Steffen Joeris reported that Blender's BPY_interface calls + PySys_SetArgv() in such a way that Python prepends sys.path with an + empty string. +

+ + +

+ A local attacker could entice a user to run "blender" from a directory + containing a specially crafted Python module, resulting in the + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Blender users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.48a-r3" + + + CVE-2008-4863 + + + keytoaster + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-08.xml new file mode 100644 index 0000000000..cd9f876840 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-08.xml @@ -0,0 +1,85 @@ + + + + + SquirrelMail: Multiple vulnerabilities + + Multiple vulnerabilities were found in SquirrelMail of which the worst + results in remote code execution. + + squirrelmail + January 13, 2010 + January 13, 2010: 01 + 269567 + 270671 + remote + + + 1.4.19 + 1.4.19 + + + +

+ SquirrelMail is a standards-based webmail package written in PHP. +

+ + +

+ Multiple vulnerabilities were found in SquirrelMail: +

+
  • Niels + Teusink reported multiple input sanitation flaws in certain encrypted + strings in e-mail headers, related to contrib/decrypt_headers.php, + PHP_SELF and the query string (aka QUERY_STRING) (CVE-2009-1578). +
    • +
  • Niels Teusink also reported that the map_yp_alias() function + in functions/imap_general.php does not filter shell metacharacters in a + username and that the original patch was incomplete (CVE-2009-1381, + CVE-2009-1579). +
    • +
  • Tomas Hoger discovered an unspecified session fixation + vulnerability (CVE-2009-1580). +
    • +
  • Luc Beurton reported that functions/mime.php does not protect + the application's content from Cascading Style Sheets (CSS) positioning + in HTML e-mail messages (CVE-2009-1581). +
    • +
+ + +

+ The vulnerabilities allow remote attackers to execute arbitrary code + with the privileges of the user running the web server, to hijack web + sessions via a crafted cookie, to spoof the user interface and to + conduct Cross-Site Scripting and phishing attacks, via a specially + crafted message. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SquirrelMail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.19" + + + CVE-2009-1381 + CVE-2009-1578 + CVE-2009-1579 + CVE-2009-1580 + CVE-2009-1581 + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-09.xml new file mode 100644 index 0000000000..1eeb4f5a5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201001-09.xml @@ -0,0 +1,77 @@ + + + + + Ruby: Terminal Control Character Injection + + An input sanitation flaw in the WEBrick HTTP server included in Ruby might + allow remote attackers to inject arbitrary control characters into terminal + sessions. + + ruby + January 14, 2010 + January 14, 2010: 01 + 300468 + remote + + + 1.8.7_p249 + 1.8.6_p388 + 1.8.7_p249 + + + +

+ Ruby is an interpreted scripting language for quick and easy + object-oriented programming. It comes bundled with a HTTP server + ("WEBrick"). +

+ + +

+ Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported + that WEBrick does not filter terminal control characters, for instance + when handling HTTP logs. +

+ + +

+ A remote attacker could send a specially crafted HTTP request to a + WEBrick server to inject arbitrary terminal control characters, + possibly resulting in the execution of arbitrary commands, data loss, + or other unspecified impact. This could also be used to facilitate + other attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Ruby 1.8.7 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.7_p249" +

+ All Ruby 1.8.6 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p388" + + + CVE-2009-4492 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201003-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201003-01.xml new file mode 100644 index 0000000000..7adcbc04d6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201003-01.xml @@ -0,0 +1,76 @@ + + + + + sudo: Privilege escalation + + Two vulnerabilities in sudo might allow local users to escalate privileges + and execute arbitrary code with root privileges. + + sudo + March 03, 2010 + March 03, 2010: 01 + 306865 + local + + + 1.7.2_p4 + 1.7.2_p4 + + + +

+ sudo allows a system administrator to give users the ability to run + commands as other users. +

+ + +

+ Multiple vulnerabilities have been discovered in sudo: +

+
    +
  • Glenn Waller and neonsignal reported that sudo does not properly + handle access control of the "sudoedit" pseudo-command + (CVE-2010-0426).
    • +
  • Harald Koenig reported that sudo does not + properly set supplementary groups when using the "runas_default" option + (CVE-2010-0427).
    • +
+ + +

+ A local attacker with privileges to use "sudoedit" or the privilege to + execute commands with the "runas_default" setting enabled could + leverage these vulnerabilities to execute arbitrary code with elevated + privileges. +

+ + +

+ CVE-2010-0426: Revoke all "sudoedit" privileges, or use the full path + to sudoedit. CVE-2010-0427: Remove all occurrences of the + "runas_default" setting. +

+ + +

+ All sudo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.2_p4" + + + CVE-2010-0426 + CVE-2010-0427 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-01.xml new file mode 100644 index 0000000000..e3adae71c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-01.xml @@ -0,0 +1,73 @@ + + + + + FreeType 1: User-assisted execution of arbitrary code + + Multiple vulnerabilities in FreeType might result in the remote execution + of arbitrary code. + + freetype + June 01, 2010 + June 01, 2010: 01 + 271234 + remote + + + 1.4_pre20080316-r2 + 1.4_pre20080316-r2 + + + +

+ FreeType is a True Type Font rendering library. +

+ + +

+ Multiple issues found in FreeType 2 were also discovered in FreeType 1. + For details on these issues, please review the Gentoo Linux Security + Advisories and CVE identifiers referenced below. +

+ + +

+ A remote attacker could entice a user to open a specially crafted TTF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running FreeType. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All FreeType 1 users should upgrade to an unaffected version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-1.4_pre20080316-r2" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 27, 2009. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2006-1861 + CVE-2007-2754 + GLSA 200607-02 + GLSA 200705-22 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-02.xml new file mode 100644 index 0000000000..a1be29c6a9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-02.xml @@ -0,0 +1,74 @@ + + + + + CamlImages: User-assisted execution of arbitrary code + + Multiple integer overflows in CamlImages might result in the remote + execution of arbitrary code. + + camlimages + June 01, 2010 + June 01, 2010: 01 + 276235 + 290222 + remote + + + 3.0.2 + 3.0.2 + + + +

+ CamlImages is an image processing library for Objective Caml. +

+ + +

+ Tielei Wang reported multiple integer overflows, possibly leading to + heap-based buffer overflows in the (1) read_png_file() and + read_png_file_as_rgb24() functions, when processing a PNG image + (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing + GIF or JPEG images (CVE-2009-2660). +

+

+ Other integer overflows were also found in tiffread.c (CVE-2009-3296). +

+ + +

+ A remote attacker could entice a user to open a specially crafted, + overly large PNG, GIF, TIFF, or JPEG image using an application that + uses the CamlImages library, possibly resulting in the execution of + arbitrary code with the privileges of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All CamlImages users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose =dev-ml/camlimages-3.0.2 + + + CVE-2009-2295 + CVE-2009-2660 + CVE-2009-3296 + + + rbu + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-03.xml new file mode 100644 index 0000000000..448eba7a3a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-03.xml @@ -0,0 +1,72 @@ + + + + + ImageMagick: User-assisted execution of arbitrary code + + An integer overflow in ImageMagick might allow remote attackers to cause + the remote execution of arbitrary code. + + imagemagick + June 01, 2010 + June 01, 2010: 01 + 271502 + remote + + + 6.5.2.9 + 6.5.2.9 + + + +

+ ImageMagick is a collection of tools and libraries for manipulating + various image formats. +

+ + +

+ Tielei Wang has discovered that the XMakeImage() function in + magick/xwindow.c is prone to an integer overflow, possibly leading to a + buffer overflow. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application, or a Denial of + Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All ImageMagick users should upgrade to an unaffected version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.5.2.9" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since June 4, 2009. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2009-1882 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-04.xml new file mode 100644 index 0000000000..0243c50a99 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-04.xml @@ -0,0 +1,92 @@ + + + + + xine-lib: User-assisted execution of arbitrary code + + Multiple vulnerabilities in xine-lib might result in the remote execution + of arbitrary code. + + xine-lib + June 01, 2010 + June 01, 2010: 01 + 234777 + 249041 + 260069 + 265250 + remote + + + 1.1.16.3 + 1.1.16.3 + + + +

+ xine-lib is the core library package for the xine media player, and + other players such as Amarok, Codeine/Dragon Player and Kaffeine. +

+ + +

+ Multiple vulnerabilities have been reported in xine-lib. Please review + the CVE identifiers referenced below for details. +

+ + +

+ A remote attacker could entice a user to play a specially crafted video + file or stream with a player using xine-lib, potentially resulting in + the execution of arbitrary code with the privileges of the user running + the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All xine-lib users should upgrade to an unaffected version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.16.3" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 10, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2008-3231 + CVE-2008-5233 + CVE-2008-5234 + CVE-2008-5235 + CVE-2008-5236 + CVE-2008-5237 + CVE-2008-5238 + CVE-2008-5239 + CVE-2008-5240 + CVE-2008-5241 + CVE-2008-5242 + CVE-2008-5243 + CVE-2008-5244 + CVE-2008-5245 + CVE-2008-5246 + CVE-2008-5247 + CVE-2008-5248 + CVE-2009-0698 + CVE-2009-1274 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-05.xml new file mode 100644 index 0000000000..af092cd92d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-05.xml @@ -0,0 +1,67 @@ + + + + + Wireshark: Multiple vulnerabilities + + Multiple vulnerabilities were found in Wireshark. + + wireshark + June 01, 2010 + June 01, 2010: 01 + 297388 + 318935 + remote + + + 1.2.8-r1 + 1.2.8-r1 + + + +

+ Wireshark is a versatile network protocol analyzer. +

+ + +

+ Multiple vulnerabilities were found in the Daintree SNA file parser, + the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information + please consult the CVE entries referenced below. +

+ + +

+ A remote attacker could cause a Denial of Service and possibly execute + arbitrary code via crafted packets or malformed packet trace files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.8-r1" + + + CVE-2009-4376 + CVE-2009-4377 + CVE-2009-4378 + CVE-2010-1455 + + + a3li + + + keytoaster + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-06.xml new file mode 100644 index 0000000000..a4346d69f0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-06.xml @@ -0,0 +1,64 @@ + + + + + Transmission: Multiple vulnerabilities + + Stack-based buffer overflows in Transmission may allow for remote execution + of arbitrary code. + + transmission + June 01, 2010 + June 01, 2010: 01 + 309831 + remote + + + 1.92 + 1.92 + + + +

+ Transmission is a cross-platform BitTorrent client. +

+ + +

+ Multiple stack-based buffer overflows in the tr_magnetParse() function + in libtransmission/magnet.c have been discovered. +

+ + +

+ A remote attacker could cause a Denial of Service or possibly execute + arbitrary code via a crafted magnet URL with a large number of tr or ws + links. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Transmission users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/transmission-1.92" + + + CVE-2010-1853 + + + craig + + + keytoaster + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-07.xml new file mode 100644 index 0000000000..945f28e7d0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-07.xml @@ -0,0 +1,80 @@ + + + + + SILC: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client, + the worst of which allowing for execution of arbitrary code. + + silc-toolkit silc-client + June 01, 2010 + June 01, 2010: 01 + 284561 + remote + + + 1.1.10 + 1.1.10 + + + 1.1.8 + 1.1.8 + + + +

+ SILC (Secure Internet Live Conferencing protocol) Toolkit is a software + development kit for use in clients, and SILC Client is an IRSSI-based + text client. +

+ + +

+ Multiple vulnerabilities were discovered in SILC Toolkit and SILC + Client. For further information please consult the CVE entries + referenced below. +

+ + +

+ A remote attacker could overwrite stack locations and possibly execute + arbitrary code via a crafted OID value, Content-Length header or format + string specifiers in a nickname field or channel name. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SILC Toolkit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.10" +

+ All SILC Client users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/silc-client-1.1.8" + + + CVE-2008-7159 + CVE-2008-7160 + CVE-2009-3051 + CVE-2009-3163 + + + craig + + + keytoaster + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-08.xml new file mode 100644 index 0000000000..9e24b75333 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-08.xml @@ -0,0 +1,67 @@ + + + + + nano: Multiple vulnerabilities + + Race conditions when editing files could lead to symlink attacks or changes + of ownerships of important files. + + nano + June 01, 2010 + June 01, 2010: 01 + 315355 + local + + + 2.2.4 + 2.2.4 + + + +

+ nano is a GNU GPL'd Pico clone with more functionality. +

+ + +

+ Multiple race condition vulnerabilities have been discovered in nano. + For further information please consult the CVE entries referenced + below. +

+ + +

+ Under certain conditions, a local, user-assisted attacker could + possibly overwrite arbitrary files via a symlink attack on an + attacker-owned file that is being edited by the victim, or change the + ownership of arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All nano users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/nano-2.2.4" + + + CVE-2010-1160 + CVE-2010-1161 + + + chiiph + + + keytoaster + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-09.xml new file mode 100644 index 0000000000..3283b97352 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-09.xml @@ -0,0 +1,66 @@ + + + + + sudo: Privilege escalation + + A flaw in sudo's -e option may allow local attackers to execute arbitrary + commands. + + sudo + June 01, 2010 + June 01, 2010: 01 + 321697 + local + + + 1.7.2_p6 + 1.7.2_p6 + + + +

+ sudo allows a system administrator to give users the ability to run + commands as other users. +

+ + +

+ The command matching functionality does not properly handle when a file + in the current working directory has the same name as a pseudo-command + in the sudoers file and the PATH contains an entry for ".". +

+ + +

+ A local attacker with the permission to run sudoedit could, under + certain circumstances, execute arbitrary commands as whichever user he + has permission to run sudoedit as, typically root. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All sudo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.2_p6" + + + CVE-2010-1163 + + + keytoaster + + + keytoaster + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-10.xml new file mode 100644 index 0000000000..a27f03006d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-10.xml @@ -0,0 +1,70 @@ + + + + + multipath-tools: World-writeable socket + + multipath-tools does not set correct permissions on the socket file, making + it possible to send arbitrary commands to the multipath daemon for local + users. + + multipath-tools + June 01, 2010 + June 01, 2010: 01 + 264564 + local + + + 0.4.8-r1 + 0.4.8-r1 + + + +

+ multipath-tools are used to drive the Device Mapper multipathing + driver. +

+ + +

+ multipath-tools uses world-writable permissions for the socket file + (/var/run/multipathd.sock). +

+ + +

+ Local users could send arbitrary commands to the multipath daemon, + causing cluster failures and data loss. +

+ + +

+ chmod o-rwx /var/run/multipath.sock +

+ + +

+ All multipath-tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.4.8-r1" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 13, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2009-0115 + + + craig + + + craig + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-11.xml new file mode 100644 index 0000000000..c4cb1c012d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-11.xml @@ -0,0 +1,74 @@ + + + + + BIND: Multiple vulnerabilities + + Several cache poisoning vulnerabilities have been found in BIND. + + BIND + June 01, 2010 + June 01, 2010: 01 + 301548 + 308035 + remote + + + 9.4.3_p5 + 9.4.3_p5 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ Multiple cache poisoning vulnerabilities were discovered in BIND. For + further information please consult the CVE entries and the ISC Security + Bulletin referenced below. +

+

+ Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete + fix and a regression for CVE-2009-4022. +

+ + +

+ An attacker could exploit this weakness to poison the cache of a + recursive resolver and thus spoof DNS traffic, which could e.g. lead to + the redirection of web or mail traffic to malicious sites. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BIND users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p5" + + + ISC Advisory + CVE-2009-4022 + CVE-2010-0097 + CVE-2010-0290 + CVE-2010-0382 + + + craig + + + craig + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-12.xml new file mode 100644 index 0000000000..4bf64b000a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-12.xml @@ -0,0 +1,85 @@ + + + + + Fetchmail: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Fetchmail, allowing remote + attackers to execute arbitrary code or to conduct Man-in-the-Middle + attacks. + + fetchmail + June 01, 2010 + June 01, 2010: 01 + 280537 + 307761 + remote + + + 6.3.14 + 6.3.14 + + + +

+ Fetchmail is a remote mail retrieval and forwarding utility. +

+ + +

+ Multiple vulnerabilities have been reported in Fetchmail: +

+
    +
  • The sdump() function might trigger a heap-based buffer overflow + during the escaping of non-printable characters with the high bit set + from an X.509 certificate (CVE-2010-0562).
    • +
  • The vendor reported + that Fetchmail does not properly handle Common Name (CN) fields in + X.509 certificates that contain an ASCII NUL character. Specifically, + the processing of such fields is stopped at the first occurrence of a + NUL character. This type of vulnerability was recently discovered by + Dan Kaminsky and Moxie Marlinspike (CVE-2009-2666).
    • +
+ + +

+ A remote attacker could entice a user to connect with Fetchmail to a + specially crafted SSL-enabled server in verbose mode, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application. NOTE: The issue is only existent on + platforms on which char is signed. +

+

+ Furthermore, a remote attacker might employ a specially crafted X.509 + certificate, containing a NUL character in the Common Name field to + conduct man-in-the-middle attacks on SSL connections made using + Fetchmail. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Fetchmail users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.3.14" + + + CVE-2010-0562 + CVE-2009-2666 + + + craig + + + craig + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-13.xml new file mode 100644 index 0000000000..3f55113053 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-13.xml @@ -0,0 +1,84 @@ + + + + + Smarty: Multiple vulnerabilities + + Multiple vulnerabilities in the Smarty template engine might allow remote + attackers to execute arbitrary PHP code. + + smarty + June 02, 2010 + June 02, 2010: 01 + 212147 + 243856 + 270494 + remote + + + 2.6.23 + 2.6.23 + + + +

+ Smarty is a template engine for PHP. +

+ + +

+ Multiple vulnerabilities have been discovered in Smarty: +

+
    +
  • The vendor reported that the modifier.regex_replace.php plug-in + contains an input sanitation flaw related to the ASCII NUL character + (CVE-2008-1066).
    • +
  • The vendor reported that the + _expand_quoted_text() function in libs/Smarty_Compiler.class.php + contains an input sanitation flaw via multiple vectors (CVE-2008-4810, + CVE-2008-4811).
    • +
  • Nine:Situations:Group::bookoo reported that + the smarty_function_math() function in libs/plugins/function.math.php + contains input sanitation flaw (CVE-2009-1669).
    • +
+ + +

+ These issues might allow a remote attacker to execute arbitrary PHP + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Smarty users should upgrade to an unaffected version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.23" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since June 2, 2009. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2008-1066 + CVE-2008-4810 + CVE-2008-4811 + CVE-2009-1669 + + + p-y + + + p-y + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-14.xml new file mode 100644 index 0000000000..ab654ffa2e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-14.xml @@ -0,0 +1,70 @@ + + + + + Newt: User-assisted execution of arbitrary code + + A heap-based buffer overflow in the Newt library might allow remote, + user-assisted attackers to execute arbitrary code. + + newt + June 02, 2010 + June 02, 2010: 01 + 285854 + remote + + + 0.52.10-r1 + 0.52.10-r1 + + + +

+ Newt is a library for displaying text mode user interfaces. +

+ + +

+ Miroslav Lichvar reported that Newt is prone to a heap-based buffer + overflow in textbox.c. +

+ + +

+ A remote attacker could entice a user to enter a specially crafted + string into a text dialog box rendered by Newt, possibly resulting in + the remote execution of arbitrary code with the privileges of the user + running the application, or a Denial of Service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Newt users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/newt-0.52.10-r1" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 26, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2009-2905 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-15.xml new file mode 100644 index 0000000000..fdce6a2837 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-15.xml @@ -0,0 +1,72 @@ + + + + + XEmacs: User-assisted execution of arbitrary code + + Multiple integer overflow errors in XEmacs might allow remote, + user-assisted attackers to execute arbitrary code. + + xemacs + June 03, 2010 + June 03, 2010: 01 + 275397 + remote + + + 21.4.22-r1 + 21.4.22-r1 + + + +

+ XEmacs is a highly extensible and customizable text editor. +

+ + +

+ Tielei Wang reported multiple integer overflow vulnerabilities in the + tiff_instantiate(), png_instantiate() and jpeg_instantiate() functions + in glyphs-eimage.c, all possibly leading to heap-based buffer + overflows. +

+ + +

+ A remote attacker could entice a user to open a specially crafted TIFF, + JPEG or PNG file using XEmacs, possibly resulting in the remote + execution of arbitrary code with the privileges of the user running the + application, or a Denial of Service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All XEmacs users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/xemacs-21.4.22-r1" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 26, 2009. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2009-2688 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-16.xml new file mode 100644 index 0000000000..5ec1e91b10 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-16.xml @@ -0,0 +1,70 @@ + + + + + GD: User-assisted execution of arbitrary code + + The GD library is prone to a buffer overflow vulnerability. + + gd + June 03, 2010 + June 03, 2010: 01 + 292130 + remote + + + 2.0.35-r1 + 2.0.35-r1 + + + +

+ GD is a graphic library for fast image creation. +

+ + +

+ Tomas Hoger reported that the _gdGetColors() function in gd_gd.c does + not properly verify the colorsTotal struct member, possibly leading to + a buffer overflow. +

+ + +

+ A remote attacker could entice a user to open a specially crafted image + file with a program using the GD library, possibly resulting in the + remote execution of arbitrary code with the privileges of the user + running the application, or a Denial of Service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GD users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gd-2.0.35-r1" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 21, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2009-3546 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-17.xml new file mode 100644 index 0000000000..f464c01c73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-17.xml @@ -0,0 +1,64 @@ + + + + + lighttpd: Denial of Service + + A processing error in lighttpd might result in a Denial of Service + condition. + + lighttpd + June 03, 2010 + June 03, 2010: 01 + 303213 + remote + + + 1.4.25-r1 + 1.4.25-r1 + + + +

+ lighttpd is a lightweight high-performance web server. +

+ + +

+ Li Ming reported that lighttpd does not properly process packets that + are sent overly slow. +

+ + +

+ A remote attacker might send specially crafted packets to a server + running lighttpd, possibly resulting in a Denial of Service condition + via host memory exhaustion. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All lighttpd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.25-r1" + + + CVE-2010-0295 + + + keytoaster + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-18.xml new file mode 100644 index 0000000000..3327e4b5b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-18.xml @@ -0,0 +1,141 @@ + + + + + Oracle JRE/JDK: Multiple vulnerabilities + + The Oracle JDK and JRE are vulnerable to multiple unspecified + vulnerabilities. + + sun-jre-bin sun-jdk emul-linux-x86-java + June 04, 2010 + June 04, 2010: 01 + 306579 + 314531 + remote + + + 1.6.0.20 + 1.6.0.20 + + + 1.6.0.20 + 1.6.0.20 + + + 1.6.0.20 + 1.6.0.20 + + + +

+ The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and + the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) + provide the Oracle Java platform (formerly known as Sun Java Platform). +

+ + +

+ Multiple vulnerabilities have been reported in the Oracle Java + implementation. Please review the CVE identifiers referenced below and + the associated Oracle Critical Patch Update Advisory for details. +

+ + +

+ A remote attacker could exploit these vulnerabilities to cause + unspecified impact, possibly including remote execution of arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Oracle JRE 1.6.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20" +

+ All Oracle JDK 1.6.x users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20" +

+ All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to + the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20" +

+ All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle + JRE 1.5.x users are strongly advised to unmerge Java 1.5: +

+ + # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5* + # emerge --unmerge =dev-java/sun-jre-bin-1.5* + # emerge --unmerge =dev-java/sun-jdk-1.5* +

+ Gentoo is ceasing support for the 1.5 generation of the Oracle Java + Platform in accordance with upstream. All 1.5 JRE versions are masked + and will be removed shortly. All 1.5 JDK versions are marked as + "build-only" and will be masked for removal shortly. Users are advised + to change their default user and system Java implementation to an + unaffected version. For example: +

+ + # java-config --set-system-vm sun-jdk-1.6 +

+ For more information, please consult the Gentoo Linux Java + documentation. +

+ + + CVE-2009-3555 + CVE-2010-0082 + CVE-2010-0084 + CVE-2010-0085 + CVE-2010-0087 + CVE-2010-0088 + CVE-2010-0089 + CVE-2010-0090 + CVE-2010-0091 + CVE-2010-0092 + CVE-2010-0093 + CVE-2010-0094 + CVE-2010-0095 + CVE-2010-0837 + CVE-2010-0838 + CVE-2010-0839 + CVE-2010-0840 + CVE-2010-0841 + CVE-2010-0842 + CVE-2010-0843 + CVE-2010-0844 + CVE-2010-0845 + CVE-2010-0846 + CVE-2010-0847 + CVE-2010-0848 + CVE-2010-0849 + CVE-2010-0850 + CVE-2010-0886 + CVE-2010-0887 + Gentoo Linux Java documentation + Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010 + + + a3li + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-19.xml new file mode 100644 index 0000000000..6ed0b0414a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-19.xml @@ -0,0 +1,85 @@ + + + + + Bugzilla: Multiple vulnerabilities + + Bugzilla is prone to multiple medium severity vulnerabilities. + + bugzilla + June 04, 2010 + June 04, 2010: 02 + 239564 + 258592 + 264572 + 284824 + 303437 + 303725 + remote + + + 3.2.6 + 3.2.6 + + + +

+ Bugzilla is a bug tracking system from the Mozilla project. +

+ + +

+ Multiple vulnerabilities have been reported in Bugzilla. Please review + the CVE identifiers referenced below for details. +

+ + +

+ A remote attacker might be able to disclose local files, bug + information, passwords, and other data under certain circumstances. + Furthermore, a remote attacker could conduct SQL injection, Cross-Site + Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via + various vectors. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Bugzilla users should upgrade to an unaffected version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.2.6" +

+ Bugzilla 2.x and 3.0 have reached their end of life. There will be no + more security updates. All Bugzilla 2.x and 3.0 users should update to + a supported Bugzilla 3.x version. +

+ + + CVE-2008-4437 + CVE-2008-6098 + CVE-2009-0481 + CVE-2009-0482 + CVE-2009-0483 + CVE-2009-0484 + CVE-2009-0485 + CVE-2009-0486 + CVE-2009-1213 + CVE-2009-3125 + CVE-2009-3165 + CVE-2009-3166 + CVE-2009-3387 + CVE-2009-3989 + + + a3li + + + jaervosz + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-20.xml new file mode 100644 index 0000000000..a236214301 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-20.xml @@ -0,0 +1,88 @@ + + + + + Asterisk: Multiple vulnerabilities + + Multiple vulnerabilities in Asterisk might allow remote attackers to cause + a Denial of Service condition, or conduct other attacks. + + asterisk + June 04, 2010 + June 04, 2010: 01 + 281107 + 283624 + 284892 + 295270 + remote + + + 1.2.37 + 1.2.37 + + + +

+ Asterisk is an open source telephony engine and toolkit. +

+ + +

+ Multiple vulnerabilities have been reported in Asterisk: +

+
    +
  • Nick Baggott reported that Asterisk does not properly process + overly long ASCII strings in various packets (CVE-2009-2726).
    • +
  • Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol + implementation (CVE-2009-2346).
    • +
  • amorsen reported an input + processing error in the RTP protocol implementation + (CVE-2009-4055).
    • +
  • Patrik Karlsson reported an information + disclosure flaw related to the REGISTER message (CVE-2009-3727).
    • +
  • A vulnerability was found in the bundled Prototype JavaScript + library, related to AJAX calls (CVE-2008-7220).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by sending a + specially crafted package, possibly causing a Denial of Service + condition, or resulting in information disclosure. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Asterisk users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.37" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 5, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2009-2726 + CVE-2009-2346 + CVE-2009-4055 + CVE-2009-3727 + CVE-2008-7220 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-21.xml new file mode 100644 index 0000000000..31cdc1d585 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-21.xml @@ -0,0 +1,76 @@ + + + + + UnrealIRCd: Multiple vulnerabilities + + Multiple vulnerabilities in UnrealIRCd might allow remote attackers to + compromise the "unrealircd" account, or cause a Denial of Service. + + unrealircd + June 14, 2010 + June 14, 2010: 02 + 260806 + 323691 + remote + + + 3.2.8.1-r1 + 3.2.8.1-r1 + + + +

+ UnrealIRCd is an Internet Relay Chat (IRC) daemon. +

+ + +

+ Multiple vulnerabilities have been reported in UnrealIRCd: +

+
    +
  • The vendor reported a buffer overflow in the user authorization + code (CVE-2009-4893).
    • +
  • The vendor reported that the distributed source code of UnrealIRCd + was compromised and altered to include a system() call that could be + called with arbitrary user input (CVE-2010-2075).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities to cause the + execution of arbitrary commands with the privileges of the user running + UnrealIRCd, or a Denial of Service condition. NOTE: By default + UnrealIRCd on Gentoo is run with the privileges of the "unrealircd" + user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All UnrealIRCd users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/unrealircd-3.2.8.1-r1" + + + UnrealIRCd Security Advisory 20090413 + UnrealIRCd Security Advisory 20100612 + CVE-2009-4893 + CVE-2010-2075 + + + a3li + + + a3li + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-01.xml new file mode 100644 index 0000000000..65263aac98 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-01.xml @@ -0,0 +1,79 @@ + + + + + wxGTK: User-assisted execution of arbitrary code + + An integer overflow vulnerability in wxGTK might enable remote attackers to + cause the execution of arbitrary code. + + wxGTK + September 02, 2010 + September 02, 2010: 01 + 277722 + remote + + + 2.6.4.0-r5 + 2.8.10.1-r1 + 2.8.10.1-r1 + + + +

+ wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI + toolkit. +

+ + +

+ wxGTK is prone to an integer overflow error in the wxImage::Create() + function in src/common/image.cpp, possibly leading to a heap-based + buffer overflow. +

+ + +

+ A remote attacker might entice a user to open a specially crafted JPEG + file using a program that uses wxGTK, possibly resulting in the remote + execution of arbitrary code with the privileges of the user running the + application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All wxGTK 2.6 users should upgrade to an updated version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/wxGTK-2.6.4.0-r5" +

+ All wxGTK 2.8 users should upgrade to an updated version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/wxGTK-2.8.10.1-r1" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 9, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2009-2369 + + + craig + + + a3li + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-02.xml new file mode 100644 index 0000000000..ef10078611 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-02.xml @@ -0,0 +1,66 @@ + + + + + Maildrop: privilege escalation + + Insecure permission handling in maildrop might allow local attackers to + elevate their privileges. + + maildrop + September 06, 2010 + September 06, 2010: 01 + 308043 + local + + + 2.4.2 + 2.4.2 + + + +

+ maildrop is the mail filter/mail delivery agent that is used by the + Courier Mail Server. +

+ + +

+ Christoph Anton Mitterer reported that maildrop does not properly drop + its privileges when run as root. +

+ + +

+ A local attacker could create a specially crafted .mailfilter file, + possibly leading to the execution of arbitrary commands with the "root" + group privileges. NOTE: Successful exploitation requires that maildrop + is run as root with the -d option. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All maildrop users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/maildrop-2.4.2" + + + CVE-2010-0301 + + + a3li + + + p-y + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-03.xml new file mode 100644 index 0000000000..f5072945ca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-03.xml @@ -0,0 +1,75 @@ + + + + + sudo: Privilege Escalation + + The secure path feature and group handling in sudo allow local attackers to + escalate privileges. + + sudo + September 07, 2010 + September 07, 2010: 01 + 322517 + 335381 + local + + + 1.7.4_p3-r1 + 1.7.4_p3-r1 + + + +

+ sudo allows a system administrator to give users the ability to run + commands as other users. +

+ + +

+ Multiple vulnerabilities have been reported in sudo: +

+
    +
  • Evan + Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo + 'secure path' feature does not properly handle multiple PATH variables + (CVE-2010-1646).
    • +
  • Markus Wuethrich of Swiss Post reported that + sudo fails to restrict access when using Runas groups and the group + (-g) command line option (CVE-2010-2956).
    • +
+ + +

+ A local attacker could exploit these vulnerabilities to gain the + ability to run certain commands with the privileges of other users, + including root, depending on the configuration. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All sudo users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.4_p3-r1" + + + CVE-2010-1646 + CVE-2010-2956 + + + vorlon + + + vorlon + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-04.xml new file mode 100644 index 0000000000..eecb6647f8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-04.xml @@ -0,0 +1,68 @@ + + + + + SARG: User-assisted execution of arbitrary code + + Multiple stack-based buffer overflow vulnerabilities were discovered in + SARG allowing for remote code execution. + + SARG sarg + September 07, 2010 + September 07, 2010: 01 + 222121 + remote + + + 2.2.5-r5 + 2.2.5-r5 + + + +

+ SARG is the Squid Analysis Report Generator. +

+ + +

+ Multiple vulnerabilities were discovered in SARG. For further + information please consult the CVE entries referenced below. +

+ + +

+ These vulnerabilities might allow attackers to execute arbitrary code + via unknown vectors. +

+

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 18, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All SARG users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5-r5" + + + CVE-2008-1922 + + + rbu + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-05.xml new file mode 100644 index 0000000000..55646aaa1a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-05.xml @@ -0,0 +1,111 @@ + + + + + Adobe Reader: Multiple vulnerabilities + + Multiple vulnerabilities in Adobe Reader might result in the execution of + arbitrary code or other attacks. + + acroread + September 07, 2010 + September 07, 2010: 01 + 297385 + 306429 + 313343 + 322857 + remote + + + 9.3.4 + 9.3.4 + + + +

+ Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +

+ + +

+ Multiple vulnerabilities were discovered in Adobe Reader. For further + information please consult the CVE entries and the Adobe Security + Bulletins referenced below. +

+ + +

+ A remote attacker might entice a user to open a specially crafted PDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or bypass intended + sandbox restrictions, make cross-domain requests, inject arbitrary web + script or HTML, or cause a Denial of Service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4" + + + APSA10-01 + APSB10-02 + APSB10-07 + APSB10-09 + APSB10-14 + APSB10-16 + CVE-2009-3953 + CVE-2009-4324 + CVE-2010-0186 + CVE-2010-0188 + CVE-2010-0190 + CVE-2010-0191 + CVE-2010-0192 + CVE-2010-0193 + CVE-2010-0194 + CVE-2010-0195 + CVE-2010-0196 + CVE-2010-0197 + CVE-2010-0198 + CVE-2010-0199 + CVE-2010-0201 + CVE-2010-0202 + CVE-2010-0203 + CVE-2010-0204 + CVE-2010-1241 + CVE-2010-1285 + CVE-2010-1295 + CVE-2010-1297 + CVE-2010-2168 + CVE-2010-2201 + CVE-2010-2202 + CVE-2010-2203 + CVE-2010-2204 + CVE-2010-2205 + CVE-2010-2206 + CVE-2010-2207 + CVE-2010-2208 + CVE-2010-2209 + CVE-2010-2210 + CVE-2010-2211 + CVE-2010-2212 + + + a3li + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-06.xml new file mode 100644 index 0000000000..76b9bb0997 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-06.xml @@ -0,0 +1,67 @@ + + + + + Clam AntiVirus: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Clam AntiVirus. + + clamav + September 07, 2010 + September 07, 2010: 01 + 314087 + 321157 + remote + + + 0.96.1 + 0.96.1 + + + +

+ Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +

+ + +

+ Multiple vulnerabilities were discovered in Clam AntiVirus. For further + information, please consult the CVE entries referenced below. +

+ + +

+ A remote attacker could possibly bypass virus detection or cause a + Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Clam AntiVirus users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.96.1" + + + CVE-2010-0098 + CVE-2010-1311 + CVE-2010-1639 + CVE-2010-1640 + + + craig + + + keytoaster + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-07.xml new file mode 100644 index 0000000000..b798248f1b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-07.xml @@ -0,0 +1,80 @@ + + + + + libxml2: Denial of Service + + Multiple Denial of Services vulnerabilities were found in libxml2. + + libxml2 + September 21, 2010 + September 21, 2010: 01 + 280617 + remote + + + 2.7.3-r2 + 2.7.3-r2 + + + +

+ libxml2 is a library to manipulate XML files. +

+ + +

+ The following vulnerabilities were reported after a test with the + Codenomicon XML fuzzing framework: +

+
    +
  • + Two use-after-free vulnerabilities are possible when parsing a XML file + with Notation or Enumeration attribute types (CVE-2009-2416). +
    • +
  • + A stack consumption vulnerability can be triggered via a large depth of + element declarations in a DTD, related to a function recursion + (CVE-2009-2414). +
    • +
+ + +

+ A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2 + resulting in a Denial of Service condition. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libxml2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.3-r2" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 30, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2009-2414 + CVE-2009-2416 + + + a3li + + + craig + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-08.xml new file mode 100644 index 0000000000..d6b0e82e4e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-08.xml @@ -0,0 +1,65 @@ + + + + + python-updater: Untrusted search path + + An untrusted search path vulnerability in python-updater might result in + the execution of arbitrary code. + + python-updater + September 21, 2010 + September 21, 2010: 01 + 288361 + local + + + 0.7-r1 + 0.7-r1 + + + +

+ python-updater is a script used to remerge python packages when + changing Python version. +

+ + +

+ Robert Buchholz of the Gentoo Security Team reported that + python-updater includes the current working directory and + subdirectories in the Python module search path (sys.path) before + calling "import". +

+ + +

+ A local attacker could entice the root user to run "python-updater" + from a directory containing a specially crafted Python module, + resulting in the execution of arbitrary code with root privileges. +

+ + +

+ Do not run "python-updater" from untrusted working directories. +

+ + +

+ All python-updater users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/python-updater-0.7-r1" + + + + craig + + + craig + + + craig + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-09.xml new file mode 100644 index 0000000000..163ac30139 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201009-09.xml @@ -0,0 +1,63 @@ + + + + + fence: Multiple symlink vulnerabilities + + fence contains multiple programs containing vulnerabilities that may allow + local users to overwrite arbitrary files via a symlink attack. + + fence + September 29, 2010 + September 29, 2010: 01 + 240576 + local + + + 2.03.09 + + + +

+ fence is an I/O group fencing system. +

+ + +

+ The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual + (CVE-2008-4580) programs contain symlink vulnerabilities. +

+ + +

+ These vulnerabilities may allow arbitrary files to be overwritten with + root privileges. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ Gentoo discontinued support for fence. All fence users should uninstall + and choose another software that provides the same functionality. +

+ + # emerge --unmerge sys-cluster/fence + + + CVE-2008-4579 + CVE-2008-4580 + + + rbu + + + craig + + + a3li + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201010-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201010-01.xml new file mode 100644 index 0000000000..86b88087a0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201010-01.xml @@ -0,0 +1,92 @@ + + + + Libpng: Multiple vulnerabilities + Multiple vulnerabilities in libpng might lead to privilege + escalation or a Denial of Service. + + libpng + October 05, 2010 + June 06, 2015: 8 + 307637 + 324153 + 335887 + remote + + + 1.4.3 + 1.2.46 + 1.2.47 + 1.2.49 + 1.2.50 + 1.2.51 + 1.2.52 + 1.2.53 + 1.2.54 + 1.2.55 + 1.4.3 + + + +

libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +

+ + +

Multiple vulnerabilities were found in libpng:

+ +
    +
  • The png_decompress_chunk() function in pngrutil.c does not properly + handle certain type of compressed data (CVE-2010-0205) +
    • +
  • A buffer overflow in pngread.c when using progressive applications + (CVE-2010-1205) +
    • +
  • A memory leak in pngrutil.c when dealing with a certain type of + chunks (CVE-2010-2249) +
    • +
+ + +

An attacker could exploit these vulnerabilities to cause programs linked + against the library to crash or execute arbitrary code with the + permissions of the user running the vulnerable program, which could be + the root user. +

+ + +

There is no known workaround at this time.

+ + + +

All libpng 1.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3" + + +

All libpng 1.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.46" + + + + + + CVE-2010-0205 + + + CVE-2010-1205 + + + CVE-2010-2249 + + + craig + system + system + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201011-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201011-01.xml new file mode 100644 index 0000000000..cc3091ad96 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201011-01.xml @@ -0,0 +1,76 @@ + + + + + GNU C library: Multiple vulnerabilities + + Multiple vulnerabilities were found in glibc, the worst of which allowing + local attackers to execute arbitrary code as root. + + glibc + November 15, 2010 + November 15, 2010: 01 + 285818 + 325555 + 330923 + 335871 + 341755 + local remote + + + 2.11.2-r3 + 2.11.2-r3 + + + +

+ The GNU C library is the standard C library used by Gentoo Linux + systems. +

+ + +

+ Multiple vulnerabilities were found in glibc, amongst others the + widely-known recent LD_AUDIT and $ORIGIN issues. For further + information please consult the CVE entries referenced below. +

+ + +

+ A local attacker could execute arbitrary code as root, cause a Denial + of Service, or gain privileges. Additionally, a user-assisted remote + attacker could cause the execution of arbitrary code, and a + context-dependent attacker could cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All GNU C library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.11.2-r3" + + + CVE-2009-4880 + CVE-2009-4881 + CVE-2010-0296 + CVE-2010-0830 + CVE-2010-3847 + CVE-2010-3856 + + + craig + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201012-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201012-01.xml new file mode 100644 index 0000000000..871306a1c3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201012-01.xml @@ -0,0 +1,99 @@ + + + + + Chromium: Multiple vulnerabilities + + Multiple vulnerabilities have been reported in Chromium, some of which may + allow user-assisted execution of arbitrary code. + + chromium + December 17, 2010 + December 17, 2010: 01 + 325451 + 326717 + 330003 + 333559 + 335750 + 338204 + 341797 + 344201 + 347625 + 348651 + remote + + + 8.0.552.224 + 8.0.552.224 + + + +

+ Chromium is an open-source web browser project. +

+ + +

+ Multiple vulnerabilities were found in Chromium. For further + information please consult the release notes referenced below. +

+ + +

+ A remote attacker could trick a user to perform a set of UI actions + that trigger a possibly exploitable crash, leading to execution of + arbitrary code or a Denial of Service. +

+

+ It was also possible for an attacker to entice a user to visit a + specially-crafted web page that would trigger one of the + vulnerabilities, leading to execution of arbitrary code within the + confines of the sandbox, successful Cross-Site Scripting attacks, + violation of the same-origin policy, successful website spoofing + attacks, information leak, or a Denial of Service. An attacker could + also trick a user to perform a set of UI actions that might result in a + successful website spoofing attack. +

+

+ Multiple bugs in the sandbox could result in a sandbox escape. +

+

+ Multiple UI bugs could lead to information leak and successful website + spoofing attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Chromium users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-8.0.552.224" + + + Release Notes 5.0.375.86 + Release Notes 5.0.375.99 + Release Notes 5.0.375.125 + Release Notes 5.0.375.127 + Release Notes 6.0.472.59 + Release Notes 6.0.472.62 + Release Notes 7.0.517.41 + Release Notes 7.0.517.44 + Release Notes 8.0.552.215 + Release Notes 8.0.552.224 + + + craig + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-01.xml new file mode 100644 index 0000000000..906eb036c3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-01.xml @@ -0,0 +1,68 @@ + + + + + gif2png: User-assisted execution of arbitrary code + + gif2png contains a stack overflow vulnerability when parsing command line + arguments. + + gif2png + January 05, 2011 + January 05, 2011: 01 + 346501 + remote + + + 2.5.1-r1 + 2.5.1-r1 + + + +

+ gif2png is a command line program that converts image files from the + Graphics Interchange Format (GIF) format to the Portable Network + Graphics (PNG) format. +

+ + +

+ gif2png contains a command line parsing vulnerability that may result + in a stack overflow due to an unexpectedly long input filename. +

+ + +

+ A remote attacker could entice a user to open a specially crafted + image, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. + Note that applications relying on gif2png to process images can also + trigger the vulnerability. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All gif2png users should upgrade to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.1-r1" + + + CVE-2009-5018 + + + underling + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-02.xml new file mode 100644 index 0000000000..3ebf52facf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-02.xml @@ -0,0 +1,65 @@ + + + + + Tor: Remote heap-based buffer overflow + + Tor is vulnerable to a heap-based buffer overflow that may allow arbitrary + code execution. + + Tor + January 15, 2011 + January 15, 2011: 01 + 349312 + remote + + + 0.2.1.28 + 0.2.1.28 + + + +

+ Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

+ Tor contains a heap-based buffer overflow in the processing of user or + attacker supplied data. No additional information is available. +

+ + +

+ Successful exploitation of this vulnerability may allow an + unauthenticated remote attacker to execute arbitrary code with the + permissions of the Tor user, or to cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Tor users should upgrade to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.28" + + + CVE-2010-1676 + + + underling + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-03.xml new file mode 100644 index 0000000000..6f498b88c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-03.xml @@ -0,0 +1,71 @@ + + + + + libvpx: User-assisted execution of arbitrary code + + Timothy B. Terriberry discovered that libvpx contains an integer overflow + vulnerability in the processing of video streams that may allow + user-assisted execution of arbitrary code. + + libvpx + January 15, 2011 + January 15, 2011: 01 + 345559 + remote + + + 0.9.5 + 0.9.5 + + + +

+ libvpx is the VP8 codec SDK used to encode and decode video streams, + typically within a WebM format media file. +

+ + +

+ libvpx is vulnerable to an integer overflow vulnerability when + processing crafted VP8 video streams. +

+ + +

+ A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libvpx users should upgrade to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libvpx-0.9.5" +

+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these + packages. +

+ + + CVE-2010-4203 + + + underling + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-04.xml new file mode 100644 index 0000000000..7c7a70a85f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-04.xml @@ -0,0 +1,62 @@ + + + + + aria2: Directory traversal + + A directory traversal vulnerability has been found in aria2. + + aria2 + January 15, 2011 + January 15, 2011: 01 + 320975 + remote + + + 1.9.3 + 1.9.3 + + + +

+ aria2 is a download utility with resuming and segmented downloading + with HTTP/HTTPS/FTP/BitTorrent support. +

+ + +

+ A directory traversal vulnerability was discovered in aria2. +

+ + +

+ A remote attacker could entice a user to download from a specially + crafted metalink file, resulting in the creation of arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All aria2 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/aria2-1.9.3" + + + CVE-2010-1512 + + + craig + + + keytoaster + + + vorlon + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-05.xml new file mode 100644 index 0000000000..9320122f75 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-05.xml @@ -0,0 +1,70 @@ + + + + + OpenAFS: Arbitrary code execution + + The cache manager of OpenAFS contains several bugs resulting in remote + execution of arbitrary code. + + OpenAFS + January 16, 2011 + January 16, 2011: 01 + 265538 + remote + + + 1.4.9 + 1.4.9 + + + +

+ OpenAFS is a distributed file system. +

+ + +

+ Two vulnerabilities were discovered: +

+
  • + Simon Wilkinson discovered from a bug report by Toby Blake that the + cache manager of OpenAFS contains a heap-based buffer overflow which is + related to the use of the ERR_PTR macro (CVE-2009-1250).
    • +
  • A + pointer dereference bug when using XDR arrays was discovered by Simon + Wilkinson, with assistance from Derrick Brashear and Jeffrey Altman. + (CVE-2009-1251).
    • +
+ + +

+ The vulnerabilities might allow remote unauthenticated attackers to + cause a Denial of Service (system crash) and possibly execute arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenAFS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.9" + + + CVE-2009-1250 + CVE-2009-1251 + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-06.xml new file mode 100644 index 0000000000..559fd0aa3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-06.xml @@ -0,0 +1,65 @@ + + + + + IO::Socket::SSL: Certificate validation error + + An error in the hostname matching of IO::Socket::SSL might enable remote + attackers to conduct man-in-the-middle attacks. + + IO::Socket::SSL + January 16, 2011 + January 16, 2011: 01 + 276360 + remote + + + 1.26 + 1.26 + + + +

+ IO::Socket::SSL is a Perl class implementing an object oriented + interface to SSL sockets. +

+ + +

+ The vendor reported that IO::Socket::SSL does not properly handle + Common Name (CN) fields. +

+ + +

+ A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using + IO::Socket::SSL. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IO::Socket::SSL users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/IO-Socket-SSL-1.26" + + + CVE-2009-3024 + + + craig + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-07.xml new file mode 100644 index 0000000000..31924b56c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-07.xml @@ -0,0 +1,68 @@ + + + + + Prewikka: password disclosure + + Due to a world-readable file, a local attacker can obtain the SQL database + password used by Prewikka. + + Prewikka + January 16, 2011 + January 16, 2011: 01 + 270056 + local + + + 0.9.14-r2 + 0.9.14-r2 + + + +

+ Prewikka is a graphical front-end analysis console for the Prelude + Hybrid IDS Framework. +

+ + +

+ The permissions of the prewikka.conf file are set world readable. +

+ + +

+ A local attacker could obtain the SQL database password used by + Prewikka. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Prewikka users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/prewikka-0.9.14-r2" +

+ NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 18, 2009 . It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-2058 + + + craig + + + craig + + + p-y + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-08.xml new file mode 100644 index 0000000000..c53377884c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-08.xml @@ -0,0 +1,89 @@ + + + + + Adobe Reader: Multiple vulnerabilities + + Multiple vulnerabilities in Adobe Reader might result in the execution of + arbitrary code. + + acroread + January 21, 2011 + January 21, 2011: 02 + 336508 + 343091 + remote + + + 9.4.1 + 9.4.1 + + + +

+ Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF + reader. +

+ + +

+ Multiple vulnerabilities were discovered in Adobe Reader. For further + information please consult the CVE entries and the Adobe Security + Bulletins referenced below. +

+ + +

+ A remote attacker might entice a user to open a specially crafted PDF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Reader users should upgrade to the latest stable version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.1" + + + APSB10-21 + APSB10-28 + CVE-2010-2883 + CVE-2010-2884 + CVE-2010-2887 + CVE-2010-2889 + CVE-2010-2890 + CVE-2010-3619 + CVE-2010-3620 + CVE-2010-3621 + CVE-2010-3622 + CVE-2010-3625 + CVE-2010-3626 + CVE-2010-3627 + CVE-2010-3628 + CVE-2010-3629 + CVE-2010-3630 + CVE-2010-3632 + CVE-2010-3654 + CVE-2010-3656 + CVE-2010-3657 + CVE-2010-3658 + CVE-2010-4091 + + + underling + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-09.xml new file mode 100644 index 0000000000..5fe38f4025 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201101-09.xml @@ -0,0 +1,131 @@ + + + + + Adobe Flash Player: Multiple vulnerabilities + + Multiple vulnerabilities in Adobe Flash Player might allow remote attackers + to execute arbitrary code or cause a Denial of Service. + + adobe-flash + January 21, 2011 + January 21, 2011: 01 + 307749 + 322855 + 332205 + 337204 + 343089 + remote + + + 10.1.102.64 + 10.1.102.64 + + + +

+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

+ Multiple vulnerabilities were discovered in Adobe Flash Player. For + further information please consult the CVE entries and the Adobe + Security Bulletins referenced below. +

+ + +

+ A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in the execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest stable + version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.1.102.64" + + + APSB10-06 + APSB10-14 + APSB10-16 + APSB10-22 + APSB10-26 + CVE-2008-4546 + CVE-2009-3793 + CVE-2010-0186 + CVE-2010-0187 + CVE-2010-0209 + CVE-2010-1297 + CVE-2010-2160 + CVE-2010-2161 + CVE-2010-2162 + CVE-2010-2163 + CVE-2010-2164 + CVE-2010-2165 + CVE-2010-2166 + CVE-2010-2167 + CVE-2010-2169 + CVE-2010-2170 + CVE-2010-2171 + CVE-2010-2172 + CVE-2010-2173 + CVE-2010-2174 + CVE-2010-2175 + CVE-2010-2176 + CVE-2010-2177 + CVE-2010-2178 + CVE-2010-2179 + CVE-2010-2180 + CVE-2010-2181 + CVE-2010-2182 + CVE-2010-2183 + CVE-2010-2184 + CVE-2010-2185 + CVE-2010-2186 + CVE-2010-2187 + CVE-2010-2188 + CVE-2010-2189 + CVE-2010-2213 + CVE-2010-2214 + CVE-2010-2215 + CVE-2010-2216 + CVE-2010-2884 + CVE-2010-3636 + CVE-2010-3639 + CVE-2010-3640 + CVE-2010-3641 + CVE-2010-3642 + CVE-2010-3643 + CVE-2010-3644 + CVE-2010-3645 + CVE-2010-3646 + CVE-2010-3647 + CVE-2010-3648 + CVE-2010-3649 + CVE-2010-3650 + CVE-2010-3652 + CVE-2010-3654 + CVE-2010-3976 + + + a3li + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-01.xml new file mode 100644 index 0000000000..93b517a2f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-01.xml @@ -0,0 +1,103 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities were found in OpenSSL, allowing for the + execution of arbitrary code and other attacks. + + openssl + October 09, 2011 + June 06, 2015: 13 + 303739 + 308011 + 322575 + 332027 + 345767 + 347623 + 354139 + 382069 + local, remote + + + 1.0.0e + 0.9.8r + 0.9.8s + 0.9.8t + 0.9.8u + 0.9.8v + 0.9.8w + 0.9.8x + 0.9.8y + 0.9.8z_p1 + 0.9.8z_p2 + 0.9.8z_p3 + 0.9.8z_p4 + 0.9.8z_p5 + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.0e + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could cause a Denial of Service, possibly + execute arbitrary code, bypass intended key requirements, force the + downgrade to unintended ciphers, bypass the need for knowledge of shared + secrets and successfully authenticate, bypass CRL validation, or obtain + sensitive information in applications that use OpenSSL. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 17, 2011. It is likely that your system is + already no longer affected by most of these issues. +

+ + + CVE-2009-3245 + CVE-2009-4355 + CVE-2010-0433 + CVE-2010-0740 + CVE-2010-0742 + CVE-2010-1633 + CVE-2010-2939 + CVE-2010-3864 + CVE-2010-4180 + CVE-2010-4252 + CVE-2011-0014 + CVE-2011-3207 + CVE-2011-3210 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-02.xml new file mode 100644 index 0000000000..ab8b75cef7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-02.xml @@ -0,0 +1,105 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities in Wireshark allow for the remote + execution of arbitrary code, or a Denial of Service condition. + + wireshark + October 09, 2011 + October 09, 2011: 1 + 323859 + 330479 + 339401 + 346191 + 350551 + 354197 + 357237 + 363895 + 369683 + 373961 + 381551 + 383823 + 386179 + local, remote + + + 1.4.9 + 1.4.9 + + + +

Wireshark is a versatile network protocol analyzer.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send specially crafted packets on a network + being monitored by Wireshark, entice a user to open a malformed packet + trace file using Wireshark, or deploy a specially crafted Lua script for + use by Wireshark, possibly resulting in the execution of arbitrary code, + or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.4.9" + + + + + CVE-2010-2283 + CVE-2010-2284 + CVE-2010-2285 + CVE-2010-2286 + CVE-2010-2287 + CVE-2010-2992 + CVE-2010-2993 + CVE-2010-2994 + CVE-2010-2995 + CVE-2010-3133 + CVE-2010-3445 + CVE-2010-4300 + CVE-2010-4301 + CVE-2010-4538 + CVE-2011-0024 + CVE-2011-0444 + CVE-2011-0445 + CVE-2011-0538 + CVE-2011-0713 + CVE-2011-1138 + CVE-2011-1139 + CVE-2011-1140 + CVE-2011-1141 + CVE-2011-1142 + CVE-2011-1143 + CVE-2011-1590 + CVE-2011-1591 + CVE-2011-1592 + CVE-2011-1956 + CVE-2011-1957 + CVE-2011-1958 + CVE-2011-1959 + CVE-2011-2174 + CVE-2011-2175 + CVE-2011-2597 + CVE-2011-2698 + CVE-2011-3266 + CVE-2011-3360 + CVE-2011-3482 + CVE-2011-3483 + + + underling + + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-03.xml new file mode 100644 index 0000000000..2ebd383b54 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-03.xml @@ -0,0 +1,81 @@ + + + + Bugzilla: Multiple vulnerabilities + Multiple vulnerabilities were found in Bugzilla, the worst of which + leading to privilege escalation. + + bugzilla + October 10, 2011 + October 10, 2011: 1 + 352781 + 380255 + 386203 + local, remote + + + 3.6.6 + 3.6.6 + + + +

Bugzilla is the bug-tracking system from the Mozilla project.

+ + +

Multiple vulnerabilities have been discovered in Bugzilla. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could conduct cross-site scripting attacks, conduct + script insertion and spoofing attacks, hijack the authentication of + arbitrary users, inject arbitrary HTTP headers, obtain access to + arbitrary accounts, disclose the existence of confidential groups and its + names, or inject arbitrary e-mail headers. +

+ +

A local attacker could disclose the contents of temporarfy files for + uploaded attachments. +

+ + +

There is no known workaround at this time.

+ + +

All Bugzilla users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.6.6" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 27, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-2761 + CVE-2010-3172 + CVE-2010-3764 + CVE-2010-4411 + CVE-2010-4567 + CVE-2010-4568 + CVE-2010-4569 + CVE-2010-4570 + CVE-2010-4572 + CVE-2011-0046 + CVE-2011-0048 + CVE-2011-2379 + CVE-2011-2380 + CVE-2011-2381 + CVE-2011-2976 + CVE-2011-2977 + CVE-2011-2978 + CVE-2011-2979 + + + keytoaster + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-04.xml new file mode 100644 index 0000000000..16873863b3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-04.xml @@ -0,0 +1,78 @@ + + + + Dovecot: Multiple vulnerabilities + Multiple vulnerabilities were found in Dovecot, the worst of which + allowing for remote execution of arbitrary code. + + Dovecot + October 10, 2011 + October 10, 2011: 2 + 286844 + 293954 + 314533 + 368653 + remote + + + 1.2.17 + 2.0.13 + 2.0.13 + + + +

Dovecot is an IMAP and POP3 server written with security primarily in + mind. +

+ + +

Multiple vulnerabilities have been discovered in Dovecot. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could exploit these vulnerabilities to cause the + remote execution of arbitrary code, or a Denial of Service condition, to + conduct directory traversal attacks, corrupt data, or disclose + information. +

+ + +

There is no known workaround at this time.

+ + +

All Dovecot 1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.2.17" + + +

All Dovecot 2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.0.13" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 28, 2011. It is likely that your system is already no + longer affected by this issue. +

+ + + CVE-2009-3235 + CVE-2009-3897 + CVE-2010-0745 + CVE-2010-3304 + CVE-2010-3706 + CVE-2010-3707 + CVE-2010-3779 + CVE-2010-3780 + CVE-2011-1929 + CVE-2011-2166 + CVE-2011-2167 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-05.xml new file mode 100644 index 0000000000..538cbd75da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-05.xml @@ -0,0 +1,64 @@ + + + + GnuTLS: Multiple vulnerabilities + Multiple vulnerabilities were found in GnuTLS, allowing for easier + man-in-the-middle attacks. + + gnutls + October 10, 2011 + October 10, 2011: 1 + 281224 + 292025 + remote + + + 2.10.0 + 2.10.0 + + + +

GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +

+ + +

Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers referenced below for details. +

+ + +

An attacker could perform man-in-the-middle attacks to spoof arbitrary + SSL servers via a crafted certificate issued by a legitimate + Certification Authority or to inject an arbitrary amount of chosen + plaintext into the beginning of the application protocol stream, allowing + for further exploitation. +

+ + +

There is no known workaround at this time.

+ + +

All GnuTLS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.10.0" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 6, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2009-2730 + CVE-2009-3555 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-06.xml new file mode 100644 index 0000000000..47771f87d5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-06.xml @@ -0,0 +1,133 @@ + + + + PHP: Multiple vulnerabilities + Multiple vulnerabilities were found in PHP, the worst of which + leading to remote execution of arbitrary code. + + php + October 10, 2011 + October 10, 2011: 2 + 306939 + 332039 + 340807 + 350908 + 355399 + 358791 + 358975 + 369071 + 372745 + 373965 + 380261 + local, remote + + + 5.3.8 + 5.3.8 + + + +

PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could execute arbitrary code, obtain + sensitive information from process memory, bypass intended access + restrictions, or cause a Denial of Service in various ways. +

+ +

A remote attacker could cause a Denial of Service in various ways, + bypass spam detections, or bypass open_basedir restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All PHP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8" + + + + + CVE-2006-7243 + CVE-2009-5016 + CVE-2010-1128 + CVE-2010-1129 + CVE-2010-1130 + CVE-2010-1860 + CVE-2010-1861 + CVE-2010-1862 + CVE-2010-1864 + CVE-2010-1866 + CVE-2010-1868 + CVE-2010-1914 + CVE-2010-1915 + CVE-2010-1917 + CVE-2010-2093 + CVE-2010-2094 + CVE-2010-2097 + CVE-2010-2100 + CVE-2010-2101 + CVE-2010-2190 + CVE-2010-2191 + CVE-2010-2225 + CVE-2010-2484 + CVE-2010-2531 + CVE-2010-2950 + CVE-2010-3062 + CVE-2010-3063 + CVE-2010-3064 + CVE-2010-3065 + CVE-2010-3436 + CVE-2010-3709 + CVE-2010-3709 + CVE-2010-3710 + CVE-2010-3710 + CVE-2010-3870 + CVE-2010-4150 + CVE-2010-4409 + CVE-2010-4645 + CVE-2010-4697 + CVE-2010-4698 + CVE-2010-4699 + CVE-2010-4700 + CVE-2011-0420 + CVE-2011-0421 + CVE-2011-0708 + CVE-2011-0752 + CVE-2011-0753 + CVE-2011-0755 + CVE-2011-1092 + CVE-2011-1148 + CVE-2011-1153 + CVE-2011-1464 + CVE-2011-1466 + CVE-2011-1467 + CVE-2011-1468 + CVE-2011-1469 + CVE-2011-1470 + CVE-2011-1471 + CVE-2011-1657 + CVE-2011-1938 + CVE-2011-2202 + CVE-2011-2483 + CVE-2011-3182 + CVE-2011-3189 + CVE-2011-3267 + CVE-2011-3268 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-07.xml new file mode 100644 index 0000000000..f55107bcd7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-07.xml @@ -0,0 +1,49 @@ + + + + vsftpd: Denial of Service + A Denial of Service vulnerability was found in vsftpd. + vsftpd + October 10, 2011 + October 10, 2011: 1 + 357001 + remote + + + 2.3.4 + 2.3.4 + + + +

vsftpd is a very secure FTP daemon written with speed, size and security + in mind. +

+ + +

A Denial of Service vulnerability was discovered in vsftpd. Please + review the CVE identifier referenced below for details. +

+ + +

A remote authenticated attacker could cause a Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All vsftpd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/vsftpd-2.3.4" + + + + + CVE-2011-0762 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-08.xml new file mode 100644 index 0000000000..25dd4f4f1d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-08.xml @@ -0,0 +1,54 @@ + + + + feh: Multiple vulnerabilities + Multiple vulnerabilities were found in feh, the worst of which + leading to remote passive code execution. + + feh + October 13, 2011 + October 13, 2011: 2 + 325531 + 354063 + local, remote + + + 1.12 + 1.12 + + + +

feh is a fast, lightweight imageviewer using imlib2.

+ + +

Multiple vulnerabilities have been discovered in feh. Please review the + CVE identifiers referenced below for details. +

+ + +

A malicious entity might entice a user to visit a URL using the + --wget-timestamp option, thus executing arbitrary commands via shell + metacharacters; a malicious local user could perform a symlink attack and + overwrite arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All feh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/feh-1.12" + + + + + CVE-2010-2246 + CVE-2011-0702 + CVE-2011-1031 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-09.xml new file mode 100644 index 0000000000..f9603ed828 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-09.xml @@ -0,0 +1,49 @@ + + + + Conky: Privilege escalation + A privilege escalation vulnerability was found in Conky. + Conky + October 13, 2011 + October 13, 2011: 1 + 354061 + local + + + 1.8.1-r2 + 1.8.1-r2 + + + +

Conky is an advanced, highly configurable system monitor for X.

+ + +

A privilege escalation vulnerability due to an insecure temporary file + was found in Conky. +

+ + +

A local attacker could possibly overwrite arbitrary files with the + privileges of the user running Conky. +

+ + +

There is no known workaround at this time.

+ + +

All Conky users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/conky-1.8.1-r2" + + + + + CVE-2011-3616 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-10.xml new file mode 100644 index 0000000000..35c0048a5c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-10.xml @@ -0,0 +1,62 @@ + + + + Wget: User-assisted file creation or overwrite + Insecure usage of server provided filenames may allow the creation + or overwriting of local files. + + Wget + October 13, 2011 + October 13, 2011: 1 + 329941 + remote + + + 1.12-r2 + 1.12-r2 + + + +

GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +

+ + +

It was discovered that Wget was unsafely trusting server-provided + filenames. This allowed attackers to overwrite or create files on the + user's system by sending a redirect from the expected URL to another URL + specifying the targeted file. +

+ + +

An unauthenticated remote attacker may be able to create or overwrite + local files by enticing the user to open an attacker controlled URL, + possibly leading to execution of arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All Wget users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wget-1.12-r2" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 19, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2010-2252 + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-11.xml new file mode 100644 index 0000000000..08494b19b1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-11.xml @@ -0,0 +1,135 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities in Adobe Flash Player might allow remote + attackers to execute arbitrary code or cause a Denial of Service. + + Adobe Flash Player + October 13, 2011 + October 13, 2011: 1 + 354207 + 359019 + 363179 + 367031 + 370215 + 372899 + 378637 + 384017 + remote + + + 10.3.183.10 + 10.3.183.10 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers and Adobe Security Advisories and + Bulletins referenced below for details. +

+ + +

By enticing a user to open a specially crafted SWF file a remote + attacker could cause a Denial of Service or the execution of arbitrary + code with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-10.3.183.10" + + + + + + APSA11-01 + + + APSA11-02 + + + APSB11-02 + + + APSB11-12 + + + APSB11-13 + + + APSB11-21 + + + APSB11-26 + + CVE-2011-0558 + CVE-2011-0559 + CVE-2011-0560 + CVE-2011-0561 + CVE-2011-0571 + CVE-2011-0572 + CVE-2011-0573 + CVE-2011-0574 + CVE-2011-0575 + CVE-2011-0577 + CVE-2011-0578 + CVE-2011-0579 + CVE-2011-0589 + CVE-2011-0607 + CVE-2011-0608 + CVE-2011-0609 + CVE-2011-0611 + CVE-2011-0618 + CVE-2011-0619 + CVE-2011-0620 + CVE-2011-0621 + CVE-2011-0622 + CVE-2011-0623 + CVE-2011-0624 + CVE-2011-0625 + CVE-2011-0626 + CVE-2011-0627 + CVE-2011-0628 + CVE-2011-2107 + CVE-2011-2110 + CVE-2011-2125 + CVE-2011-2130 + CVE-2011-2134 + CVE-2011-2136 + CVE-2011-2137 + CVE-2011-2138 + CVE-2011-2139 + CVE-2011-2140 + CVE-2011-2414 + CVE-2011-2415 + CVE-2011-2416 + CVE-2011-2417 + CVE-2011-2424 + CVE-2011-2425 + CVE-2011-2426 + CVE-2011-2427 + CVE-2011-2428 + CVE-2011-2429 + CVE-2011-2430 + CVE-2011-2444 + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-12.xml new file mode 100644 index 0000000000..88fc4275a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-12.xml @@ -0,0 +1,49 @@ + + + + Unbound: Denial of Service + Multiple Denial of Service vulnerabilities were found in Unbound. + unbound + October 15, 2011 + October 15, 2011: 1 + 309117 + 368981 + remote + + + 1.4.10 + 1.4.10 + + + +

Unbound is a validating, recursive, and caching DNS resolver.

+ + +

Multiple vulnerabilities have been discovered in unbound. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All Unbound users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.4.10" + + + + + CVE-2010-0969 + CVE-2011-1922 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-13.xml new file mode 100644 index 0000000000..715f79174d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-13.xml @@ -0,0 +1,67 @@ + + + + Tor: Multiple vulnerabilities + Multiple vulnerabilities were found in Tor, the most severe of + which may allow a remote attacker to execute arbitrary code. + + Tor + October 18, 2011 + October 18, 2011: 1 + 351920 + 359789 + remote + + + 0.2.1.30 + 0.2.1.30 + + + +

Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

Multiple vulnerabilities have been discovered in Tor. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote unauthenticated attacker may be able to execute arbitrary code + with the privileges of the Tor process or create a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All Tor users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 2, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2011-0015 + CVE-2011-0016 + CVE-2011-0427 + CVE-2011-0490 + CVE-2011-0491 + CVE-2011-0492 + CVE-2011-0493 + CVE-2011-1924 + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-14.xml new file mode 100644 index 0000000000..2cce3feae0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-14.xml @@ -0,0 +1,56 @@ + + + + D-Bus: Multiple vulnerabilities + Multiple vulnerabilities were found in D-Bus, the worst of which + allowing for a symlink attack. + + D-Bus + October 21, 2011 + October 21, 2011: 1 + 348766 + 371261 + 372743 + local + + + 1.4.12 + 1.4.12 + + + +

D-Bus is a message bus system, a simple way for applications to talk to + each other. +

+ + +

Multiple vulnerabilities have been discovered in D-Bus. Please review + the CVE identifiers referenced below for details. +

+ + +

The vulnerabilities allow for local Denial of Service (daemon crash), or + arbitrary file overwriting. +

+ + +

There is no known workaround at this time.

+ + +

All D-Bus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.4.12" + + + + CVE-2010-4352 + CVE-2011-2200 + CVE-2011-2533 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-15.xml new file mode 100644 index 0000000000..e025ccad6a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-15.xml @@ -0,0 +1,59 @@ + + + + GnuPG: User-assisted execution of arbitrary code + The GPGSM utility included in GnuPG contains a use-after-free + vulnerability that may allow an unauthenticated remote attacker to execute + arbitrary code. + + GnuPG + October 22, 2011 + October 22, 2011: 1 + 329583 + remote + + + 2.0.16-r1 + 2.0 + 2.0.16-r1 + + + +

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of + cryptographic software. The GPGSM utility in GnuPG is responsible for + processing X.509 certificates, signatures and encryption as well as + S/MIME messages. +

+ + +

The GPGSM utility in GnuPG contains a use-after-free vulnerability that + may be exploited when importing a crafted X.509 certificate explicitly or + during the signature verification process. +

+ + +

An unauthenticated remote attacker may execute arbitrary code with the + privileges of the user running GnuPG by enticing them to import a crafted + certificate. +

+ + +

There is no known workaround at this time.

+ + +

All GnuPG 2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.16-r1" + + + + + CVE-2010-2547 + + system + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-16.xml new file mode 100644 index 0000000000..ace2f481ed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-16.xml @@ -0,0 +1,59 @@ + + + + Cyrus IMAP Server: Multiple vulnerabilities + The Cyrus IMAP Server is affected by multiple vulnerabilities which + could potentially lead to the remote execution of arbitrary code or a + Denial of Service. + + Cyrus IMAP Server + October 22, 2011 + October 22, 2011: 1 + 283596 + 382349 + 385729 + local, remote + + + 2.4.12 + 2.4.12 + + + +

The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail + server. +

+ + +

Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. + Please review the CVE identifiers referenced below for details. +

+ + +

An unauthenticated local or remote attacker may be able to execute + arbitrary code with the privileges of the Cyrus IMAP Server process or + cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All Cyrus IMAP Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.4.12" + + + + + CVE-2009-2632 + CVE-2011-3208 + CVE-2011-3481 + + a3li + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-17.xml new file mode 100644 index 0000000000..07e0ad35bc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-17.xml @@ -0,0 +1,53 @@ + + + + Avahi: Denial of Service + Multiple vulnerabilities were found in Avahi, allowing for Denial + of Service. + + avahi + October 22, 2011 + October 22, 2011: 1 + 335885 + 355583 + remote + + + 0.6.28-r1 + 0.6.28-r1 + + + +

Avahi is a system which facilitates service discovery on a local + network. +

+ + +

Multiple vulnerabilities have been discovered in Avahi. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All Avahi users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.28-r1" + + + + + CVE-2010-2244 + CVE-2011-1002 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-18.xml new file mode 100644 index 0000000000..71fbdbb2db --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-18.xml @@ -0,0 +1,50 @@ + + + + rgmanager: Privilege escalation + A vulnerability was found in rgmanager, allowing for privilege + escalation. + + rgmanager + October 22, 2011 + October 22, 2011: 1 + 352213 + local + + + 2.03.09-r1 + 2.03.09-r1 + + + +

rgmanager is a clustered resource group manager.

+ + +

A vulnerability has been discovered in rgmanager. Please review the CVE + identifier referenced below for details. +

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All rgmanager users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=sys-cluster/rgmanager-2.03.09-r1" + + + + + CVE-2010-3389 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-19.xml new file mode 100644 index 0000000000..7045319f6a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-19.xml @@ -0,0 +1,71 @@ + + + + X.Org X Server: Multiple vulnerabilities + Multiple vulnerabilities in the X.Org X server might allow local + attackers to disclose information. + + xorg-server + October 22, 2011 + October 22, 2011: 2 + 387069 + local + + + 1.9.5-r1 + 1.10.4-r1 + 1.10.4-r1 + + + +

The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

vladz reported the following vulnerabilities in the X.Org X server:

+ +
    +
  • The X.Org X server follows symbolic links when trying to access the + lock file for a X display, showing a predictable behavior depending on + the file type of the link target (CVE-2011-4028). +
    • +
  • The X.Org X server lock file mechanism allows for a race condition to + cause the X server to modify the file permissions of an arbitrary file + to 0444 (CVE-2011-4029). +
    • +
+ + +

A local attacker could exploit these vulnerabilities to disclose + information by making arbitrary files on a system world-readable or gain + information whether a specified file exists on the system and whether it + is a file, directory, or a named pipe. +

+ + +

There is no known workaround at this time.

+ + +

All X.Org X Server 1.9 users should upgrade to the latest 1.9 version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.9.5-r1" + + +

All X.Org X Server 1.10 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.10.4-r1" + + + + + CVE-2011-4028 + CVE-2011-4029 + + a3li + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-20.xml new file mode 100644 index 0000000000..06072f698f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-20.xml @@ -0,0 +1,66 @@ + + + + Clam AntiVirus: Multiple vulnerabilities + Multiple vulnerabilities were found in Clam AntiVirus, the most + severe of which may allow the execution of arbitrary code. + + Clam AntiVirus + October 24, 2011 + October 24, 2011: 2 + 338226 + 347627 + 354019 + 378815 + 387521 + local, remote + + + 0.97.3 + 0.97.3 + + + +

Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +

+ + +

Multiple vulnerabilities have been discovered in Clam AntiVirus. Please + review the CVE identifiers referenced below for details. +

+ + +

An unauthenticated remote attacker may execute arbitrary code with the + privileges of the Clam AntiVirus process or cause a Denial of Service by + causing an affected user or system to scan a crafted file. +

+ + +

There is no known workaround at this time.

+ + +

All Clam AntiVirus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.97.3" + + + + CVE-2010-0405 + CVE-2010-3434 + CVE-2010-4260 + CVE-2010-4261 + CVE-2010-4479 + CVE-2011-1003 + CVE-2011-2721 + CVE-2011-3627 + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-21.xml new file mode 100644 index 0000000000..ca52cbfb1f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-21.xml @@ -0,0 +1,76 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities in Asterisk might allow unauthenticated + remote attackers to execute arbitrary code. + + Asterisk + October 24, 2011 + October 24, 2011: 1 + 352059 + 355967 + 359767 + 364887 + 372793 + 373409 + 387453 + remote + + + 1.8.7.1 + 1.6.2.18.2 + 1.8.7.1 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers referenced below for details. +

+ + +

An unauthenticated remote attacker may execute code with the privileges + of the Asterisk process or cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All asterisk 1.6.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.6.2.18.2" + + +

All asterisk 1.8.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.7.1" + + + + CVE-2011-1147 + CVE-2011-1174 + CVE-2011-1175 + CVE-2011-1507 + CVE-2011-1599 + CVE-2011-2529 + CVE-2011-2535 + CVE-2011-2536 + CVE-2011-2665 + CVE-2011-2666 + CVE-2011-4063 + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-22.xml new file mode 100644 index 0000000000..9e185314ea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-22.xml @@ -0,0 +1,179 @@ + + + + PostgreSQL: Multiple vulnerabilities + Multiple vulnerabilities in the PostgreSQL server and client allow + remote attacker to conduct several attacks, including the execution of + arbitrary code and Denial of Service. + + postgresql-server postgresql-base + October 25, 2011 + March 05, 2012: 3 + 261223 + 284274 + 297383 + 308063 + 313335 + 320967 + 339935 + 353387 + 384539 + remote + + + 9 + + + 9.0.5 + 8.4.9 + 8.3.16 + 8.2.22 + 8.4.10 + 8.3.17 + 8.2.23 + 8.4.11 + 8.3.18 + 9.0.5 + + + 9.0.5 + 8.4.9 + 8.3.16 + 8.2.22 + 8.4.10 + 8.3.17 + 8.2.23 + 8.4.11 + 8.3.18 + 9.0.5 + + + +

PostgreSQL is an open source object-relational database management + system. +

+ + +

Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote authenticated attacker could send a specially crafted SQL query + to a PostgreSQL server with the "intarray" module enabled, possibly + resulting in the execution of arbitrary code with the privileges of the + PostgreSQL server process, or a Denial of Service condition. Furthermore, + a remote authenticated attacker could execute arbitrary Perl code, cause + a Denial of Service condition via different vectors, bypass LDAP + authentication, bypass X.509 certificate validation, gain database + privileges, exploit weak blowfish encryption and possibly cause other + unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-base-8.2.22:8.2" + + +

All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-base-8.3.16:8.3" + + +

All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-base-8.4.9:8.4" + + +

All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-base-9.0.5:9.0" + + +

All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-server-8.2.22:8.2" + + +

All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-server-8.3.16:8.3" + + +

All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-server-8.4.9:8.4" + + +

All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/postgresql-server-9.0.5:9.0" + + +

The old unsplit PostgreSQL packages have been removed from portage. + Users still using them are urged to migrate to the new PostgreSQL + packages as stated above and to remove the old package: +

+ + + # emerge --unmerge "dev-db/postgresql" + + + + CVE-2009-0922 + CVE-2009-3229 + CVE-2009-3230 + CVE-2009-3231 + CVE-2009-4034 + CVE-2009-4136 + CVE-2010-0442 + CVE-2010-0733 + CVE-2010-1169 + CVE-2010-1170 + CVE-2010-1447 + CVE-2010-1975 + CVE-2010-3433 + CVE-2010-4015 + CVE-2011-2483 + + + keytoaster + + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-23.xml new file mode 100644 index 0000000000..35d3593a3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-23.xml @@ -0,0 +1,57 @@ + + + + Apache mod_authnz_external: SQL injection + An input sanitation flaw in mod_authnz_external allows remote + attacker to conduct SQL injection. + + mod_authnz_external + October 25, 2011 + October 25, 2011: 1 + 386165 + remote + + + 3.2.6 + 3.2.6 + + + +

mod_authnz_external is a tool for creating custom authentication + backends for HTTP basic authentication. +

+ + +

mysql/mysql-auth.pl in mod_authnz_external does not properly sanitize + input before using it in an SQL query. +

+ + +

A remote attacker could exploit this vulnerability to inject arbitrary + SQL statements by using a specially crafted username for HTTP + authentication on a site using mod_authnz_external. +

+ + +

There is no known workaround at this time.

+ + +

All Apache mod_authnz_external users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-apache/mod_authnz_external-3.2.6" + + + + + CVE-2011-2688 + + + underling + + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-24.xml new file mode 100644 index 0000000000..aea4aecc06 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-24.xml @@ -0,0 +1,67 @@ + + + + Squid: Multiple vulnerabilities + Multiple vulnerabilities were found in Squid allowing attackers to + execute arbitrary code or cause a Denial of Service. + + Squid + October 26, 2011 + October 26, 2011: 1 + 279379 + 279380 + 301828 + 334263 + 381065 + 386215 + remote + + + 3.1.15 + 3.1.15 + + + +

Squid is a full-featured web proxy cache.

+ + +

Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. +

+ + +

Remote unauthenticated attackers may be able to execute arbitrary code + with the privileges of the Squid process or cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All squid users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 4, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2009-2621 + CVE-2009-2622 + CVE-2009-2855 + CVE-2010-0308 + CVE-2010-0639 + CVE-2010-2951 + CVE-2010-3072 + CVE-2011-3205 + + craig + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-25.xml new file mode 100644 index 0000000000..076c4bdb8b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-25.xml @@ -0,0 +1,61 @@ + + + + Pure-FTPd: Multiple vulnerabilities + Multiple vulnerabilities were found in Pure-FTPd allowing attackers + to inject FTP commands or cause a Denial of Service. + + Pure-FTPd + October 26, 2011 + October 26, 2011: 1 + 358375 + 365751 + remote + + + 1.0.32 + 1.0.32 + + + +

Pure-FTPd is a fast, production-quality and standards-compliant FTP + server. +

+ + +

Multiple vulnerabilities have been discovered in Pure-FTPd. Please + review the CVE identifiers referenced below for details. +

+ + +

Remote unauthenticated attackers may be able to inject FTP commands or + cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All pure-ftpd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/pure-ftpd-1.0.32" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 14, 2011. It is likely that your system is already no + longer affected by this issue. +

+ + + CVE-2011-0418 + CVE-2011-1575 + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-26.xml new file mode 100644 index 0000000000..f1ea0c0519 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201110-26.xml @@ -0,0 +1,59 @@ + + + + libxml2: Multiple vulnerabilities + Multiple vulnerabilities were found in libxml2 which could lead to + execution of arbitrary code or a Denial of Service. + + libxml2 + October 26, 2011 + October 26, 2011: 1 + 345555 + 370715 + 386985 + local, remote + + + 2.7.8-r3 + 2.7.8-r3 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

Multiple vulnerabilities have been discovered in libxml2. Please review + the CVE identifiers referenced below for details. +

+ + +

A local or remote attacker may be able to execute arbitrary code with + the privileges of the application or cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r3" + + + + + CVE-2010-4008 + CVE-2010-4494 + CVE-2011-1944 + CVE-2011-2821 + CVE-2011-2834 + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-01.xml new file mode 100644 index 0000000000..82a5ddb400 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-01.xml @@ -0,0 +1,210 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + some of which may allow execution of arbitrary code and local root + privilege escalation. + + chromium v8 + November 01, 2011 + November 01, 2011: 1 + 351525 + 353626 + 354121 + 356933 + 357963 + 358581 + 360399 + 363629 + 365125 + 366335 + 367013 + 368649 + 370481 + 373451 + 373469 + 377475 + 377629 + 380311 + 380897 + 381713 + 383251 + 385649 + 388461 + remote + + + 15.0.874.102 + 15.0.874.102 + + + 3.5.10.22 + 3.5.10.22 + + + +

Chromium is an open-source web browser project. V8 is Google's open + source JavaScript engine. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A local attacker could gain root privileges (CVE-2011-1444, fixed in + chromium-11.0.696.57). +

+ +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. The attacker also could obtain + cookies and other sensitive information, conduct man-in-the-middle + attacks, perform address bar spoofing, bypass the same origin policy, + perform Cross-Site Scripting attacks, or bypass pop-up blocks. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-15.0.874.102" + + +

All V8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22" + + + + CVE-2011-2345 + CVE-2011-2346 + CVE-2011-2347 + CVE-2011-2348 + CVE-2011-2349 + CVE-2011-2350 + CVE-2011-2351 + CVE-2011-2834 + CVE-2011-2835 + CVE-2011-2837 + CVE-2011-2838 + CVE-2011-2839 + CVE-2011-2840 + CVE-2011-2841 + CVE-2011-2843 + CVE-2011-2844 + CVE-2011-2845 + CVE-2011-2846 + CVE-2011-2847 + CVE-2011-2848 + CVE-2011-2849 + CVE-2011-2850 + CVE-2011-2851 + CVE-2011-2852 + CVE-2011-2853 + CVE-2011-2854 + CVE-2011-2855 + CVE-2011-2856 + CVE-2011-2857 + CVE-2011-2858 + CVE-2011-2859 + CVE-2011-2860 + CVE-2011-2861 + CVE-2011-2862 + CVE-2011-2864 + CVE-2011-2874 + CVE-2011-3234 + CVE-2011-3873 + CVE-2011-3875 + CVE-2011-3876 + CVE-2011-3877 + CVE-2011-3878 + CVE-2011-3879 + CVE-2011-3880 + CVE-2011-3881 + CVE-2011-3882 + CVE-2011-3883 + CVE-2011-3884 + CVE-2011-3885 + CVE-2011-3886 + CVE-2011-3887 + CVE-2011-3888 + CVE-2011-3889 + CVE-2011-3890 + CVE-2011-3891 + + Release Notes 10.0.648.127 + + + Release Notes 10.0.648.133 + + + Release Notes 10.0.648.205 + + + Release Notes 11.0.696.57 + + + Release Notes 11.0.696.65 + + + Release Notes 11.0.696.68 + + + Release Notes 11.0.696.71 + + + Release Notes 12.0.742.112 + + + Release Notes 12.0.742.91 + + + Release Notes 13.0.782.107 + + + Release Notes 13.0.782.215 + + + Release Notes 13.0.782.220 + + + Release Notes 14.0.835.163 + + + Release Notes 14.0.835.202 + + + Release Notes 15.0.874.102 + + + Release Notes 8.0.552.237 + + + Release Notes 9.0.597.107 + + + Release Notes 9.0.597.84 + + + Release Notes 9.0.597.94 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-02.xml new file mode 100644 index 0000000000..15bf9f07f4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-02.xml @@ -0,0 +1,169 @@ + + + + Oracle JRE/JDK: Multiple vulnerabilities + Multiple vulnerabilities have been found in the Oracle JRE/JDK, + allowing attackers to cause unspecified impact. + + sun-jre-bin sun-jdk emul-linux-x86-java + November 05, 2011 + November 05, 2011: 1 + 340421 + 354213 + 370559 + 387851 + remote + + + 1.6.0.29 + 1.6.0.29 + + + 1.6.0.29 + 1.6.0.29 + + + 1.6.0.29 + 1.6.0.29 + + + +

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and + the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) + provide the Oracle Java platform (formerly known as Sun Java Platform). +

+ + +

Multiple vulnerabilities have been reported in the Oracle Java + implementation. Please review the CVE identifiers referenced below and + the associated Oracle Critical Patch Update Advisory for details. +

+ + +

A remote attacker could exploit these vulnerabilities to cause + unspecified impact, possibly including remote execution of arbitrary + code. +

+ + +

There is no known workaround at this time.

+ + +

All Oracle JDK 1.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29" + + +

All Oracle JRE 1.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29" + + +

All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/emul-linux-x86-java-1.6.0.29" + + +

NOTE: As Oracle has revoked the DLJ license for its Java implementation, + the packages can no longer be updated automatically. This limitation is + not present on a non-fetch restricted implementation such as + dev-java/icedtea-bin. +

+ + + CVE-2010-3541 + CVE-2010-3548 + CVE-2010-3549 + CVE-2010-3550 + CVE-2010-3551 + CVE-2010-3552 + CVE-2010-3553 + CVE-2010-3554 + CVE-2010-3555 + CVE-2010-3556 + CVE-2010-3557 + CVE-2010-3558 + CVE-2010-3559 + CVE-2010-3560 + CVE-2010-3561 + CVE-2010-3562 + CVE-2010-3563 + CVE-2010-3565 + CVE-2010-3566 + CVE-2010-3567 + CVE-2010-3568 + CVE-2010-3569 + CVE-2010-3570 + CVE-2010-3571 + CVE-2010-3572 + CVE-2010-3573 + CVE-2010-3574 + CVE-2010-4422 + CVE-2010-4447 + CVE-2010-4448 + CVE-2010-4450 + CVE-2010-4451 + CVE-2010-4452 + CVE-2010-4454 + CVE-2010-4462 + CVE-2010-4463 + CVE-2010-4465 + CVE-2010-4466 + CVE-2010-4467 + CVE-2010-4468 + CVE-2010-4469 + CVE-2010-4470 + CVE-2010-4471 + CVE-2010-4472 + CVE-2010-4473 + CVE-2010-4474 + CVE-2010-4475 + CVE-2010-4476 + CVE-2011-0802 + CVE-2011-0814 + CVE-2011-0815 + CVE-2011-0862 + CVE-2011-0863 + CVE-2011-0864 + CVE-2011-0865 + CVE-2011-0867 + CVE-2011-0868 + CVE-2011-0869 + CVE-2011-0871 + CVE-2011-0872 + CVE-2011-0873 + CVE-2011-3389 + CVE-2011-3516 + CVE-2011-3521 + CVE-2011-3544 + CVE-2011-3545 + CVE-2011-3546 + CVE-2011-3547 + CVE-2011-3548 + CVE-2011-3549 + CVE-2011-3550 + CVE-2011-3551 + CVE-2011-3552 + CVE-2011-3553 + CVE-2011-3554 + CVE-2011-3555 + CVE-2011-3556 + CVE-2011-3557 + CVE-2011-3558 + CVE-2011-3560 + CVE-2011-3561 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-03.xml new file mode 100644 index 0000000000..4af3494749 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-03.xml @@ -0,0 +1,59 @@ + + + + OpenTTD: Multiple vulnerabilities + Multiple vulnerabilities were found in OpenTTD which could lead to + execution of arbitrary code, a Denial of Service, or privilege escalation. + + ebuild OpenTTD + November 11, 2011 + November 11, 2011: 2 + 381799 + local, remote + + + 1.1.3 + 1.1.3 + + + +

OpenTTD is a clone of Transport Tycoon Deluxe.

+ + +

Multiple vulnerabilities have been discovered in OpenTTD. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code with the privileges of + the OpenTTD process or cause a Denial of Service. Local users could cause + a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All OpenTTD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-simulation/openttd-1.1.3" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 27, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2010-4168 + CVE-2011-3341 + CVE-2011-3342 + CVE-2011-3343 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-04.xml new file mode 100644 index 0000000000..b5e86a78e2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-04.xml @@ -0,0 +1,59 @@ + + + + phpDocumentor: Function call injection + phpDocumentor bundles Smarty which contains an input sanitation + flaw, allowing attackers to call arbitrary PHP functions. + + PhpDocumentor + November 11, 2011 + November 11, 2011: 1 + 213318 + remote + + + 1.4.3-r1 + 1.4.3-r1 + + + +

The phpDocumentor package provides automatic documenting of PHP API + directly from the source. +

+ + +

phpDocumentor bundles Smarty with the modifier.regex_replace.php plug-in + which does not properly sanitize input related to the ASCII NUL character + in a search string. +

+ + +

A remote attacker could call arbitrary PHP functions via templates.

+ + +

There is no known workaround at this time.

+ + +

All phpDocumentor users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-php/PEAR-PhpDocumentor-1.4.3-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since February 12, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2008-1066 + + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-05.xml new file mode 100644 index 0000000000..8d9f241b53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-05.xml @@ -0,0 +1,100 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + some of which may allow execution of arbitrary code. + + chromium v8 + November 19, 2011 + November 19, 2011: 1 + 390113 + 390779 + remote + + + 15.0.874.121 + 15.0.874.121 + + + 3.5.10.24 + 3.5.10.24 + + + +

Chromium is an open-source web browser project. V8 is Google's open + source JavaScript engine. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. The attacker also could cause + a Java applet to run without user confirmation. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-15.0.874.121" + + +

All V8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.24" + + + + + CVE-2011-3892 + + + CVE-2011-3893 + + + CVE-2011-3894 + + + CVE-2011-3895 + + + CVE-2011-3896 + + + CVE-2011-3897 + + + CVE-2011-3898 + + + CVE-2011-3900 + + + Release Notes 15.0.874.120 + + + Release Notes 15.0.874.121 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-06.xml new file mode 100644 index 0000000000..c005e67108 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-06.xml @@ -0,0 +1,55 @@ + + + + MaraDNS: Arbitrary code execution + A buffer overflow vulnerability in MaraDNS allows remote attackers + to execute arbitrary code or cause a Denial of Service. + + MaraDNS + November 20, 2011 + November 20, 2011: 1 + 352569 + remote + + + 1.4.06 + 1.4.06 + + + +

MaraDNS is a proxy DNS server with permanent caching.

+ + +

A long DNS hostname with a large number of labels could trigger a buffer + overflow in the compress_add_dlabel_points() function of dns/Compress.c. +

+ + +

A remote unauthenticated attacker could execute arbitrary code or cause + a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All MaraDNS users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/maradns-1.4.06" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since February 12, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2011-0520 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-07.xml new file mode 100644 index 0000000000..9effd86ff0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-07.xml @@ -0,0 +1,58 @@ + + + + TinTin++: Multiple vulnerabilities + Multiple vulnerabilities have been reported in TinTin++ which could + allow a remote attacker to conduct several attacks, including the execution + of arbitrary code and Denial of Service. + + TinTin++ + November 20, 2011 + November 20, 2011: 1 + 209903 + remote + + + 1.98.0 + 1.98.0 + + + +

TinTin++ is a free MUD gaming client.

+ + +

Multiple vulnerabilities have been discovered in TinTin++. Please review + the CVE identifiers referenced below for details. +

+ + +

Remote unauthenticated attackers may be able to execute arbitrary code + with the privileges of the TinTin++ process, cause a Denial of Service, + or truncate arbitrary files in the top level of the home directory + belonging to the user running the TinTin++ process. +

+ + +

There is no known workaround at this time.

+ + +

All TinTin++ users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-mud/tintin-1.98.0" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 25, 2008. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2008-0671 + CVE-2008-0672 + CVE-2008-0673 + + system + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-08.xml new file mode 100644 index 0000000000..f53a0b6a2d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-08.xml @@ -0,0 +1,55 @@ + + + + radvd: Multiple vulnerabilities + Multiple vulnerabilities have been found in radvd which could + potentially lead to privilege escalation, data loss, or a Denial of + Service. + + radvd + November 20, 2011 + November 20, 2011: 1 + 385967 + local, remote + + + 1.8.2 + 1.8.2 + + + +

radvd is an IPv6 router advertisement daemon for Linux and BSD.

+ + +

Multiple vulnerabilities have been discovered in radvd. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote unauthenticated attacker may be able to gain escalated + privileges, escalate the privileges of the radvd process, overwrite files + with specific names, or cause a Denial of Service. Local attackers may be + able to overwrite the contents of arbitrary files using symlinks. +

+ + +

There is no known workaround at this time.

+ + +

All radvd users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" + + + + CVE-2011-3601 + CVE-2011-3602 + CVE-2011-3603 + CVE-2011-3604 + CVE-2011-3605 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-09.xml new file mode 100644 index 0000000000..36aa682d50 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-09.xml @@ -0,0 +1,75 @@ + + + + Perl Safe module: Arbitrary Perl code injection + The Safe module for Perl does not properly restrict code, allowing + a remote attacker to execute arbitrary Perl code outside of a restricted + compartment. + + Safe + November 20, 2011 + November 20, 2011: 1 + 325563 + remote + + + 2.27 + 2.27 + + + 2.27 + 2.27 + + + +

Safe is a Perl module to compile and execute code in restricted + compartments. +

+ + +

Unsafe code evaluation prevents the Safe module from properly + restricting the code of implicitly called methods on implicitly blessed + objects. +

+ + +

A remote attacker could entice a user to load a specially crafted Perl + script, resulting in execution arbitrary Perl code outside of a + restricted compartment. +

+ + +

There is no known workaround at this time.

+ + +

All users of the standalone Perl Safe module should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=perl-core/Safe-2.27" + + +

All users of the Safe module bundled with Perl should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=virtual/perl-Safe-2.27" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 18, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-1168 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-10.xml new file mode 100644 index 0000000000..a070ec0d48 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-10.xml @@ -0,0 +1,63 @@ + + + + Evince: Multiple vulnerabilities + Multiple vulnerabilities have been found in Evince, allowing remote + attackers to execute arbitrary code or cause a Denial of Service. + + evince + November 20, 2011 + November 20, 2011: 1 + 350681 + 363447 + remote + + + 2.32.0-r2 + 2.32.0-r2 + + + +

Evince is a document viewer for multiple document formats, including + PostScript. +

+ + +

Multiple vulnerabilities have been discovered in Evince. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to load a DVI file with a + specially crafted font, resulting in the execution of arbitrary code with + the privileges of the user running the application or a Denial of + Service. +

+ + +

There is no known workaround at this time.

+ + +

All Evince users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/evince-2.32.0-r2" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 26, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-2640 + CVE-2010-2641 + CVE-2010-2642 + CVE-2010-2643 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-11.xml new file mode 100644 index 0000000000..4b3579d85d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-11.xml @@ -0,0 +1,58 @@ + + + + GNU Tar: User-assisted execution of arbitrary code + A buffer overflow flaw in GNU Tar could result in execution of + arbitrary code or a Denial of Service. + + tar + November 20, 2011 + November 20, 2011: 1 + 313333 + remote + + + 1.23 + 1.23 + + + +

GNU Tar is a utility to create archives as well as add and extract files + from archives. +

+ + +

GNU Tar is vulnerable to a boundary error in the rmt_read__ function in + lib/rtapelib.c, which could cause a heap-based buffer overflow. +

+ + +

A remote attacker could entice the user to load a specially crafted + archive, possibly resulting in the execution of arbitrary code or a + Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Tar users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/tar-1.23" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 18, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-0624 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-12.xml new file mode 100644 index 0000000000..f06469b36e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201111-12.xml @@ -0,0 +1,67 @@ + + + + abcm2ps: Multiple vulnerabilities + Multiple vulnerabilities, including buffer overflows, have been + found in abcm2ps. + + abcm2ps + November 20, 2011 + November 20, 2011: 1 + 322859 + remote + + + 5.9.13 + 5.9.13 + + + +

abcm2ps is a program to convert abc files to Postscript files.

+ + +

Multiple vulnerabilities have been discovered in abcm2ps:

+ +
    +
  • Boundary errors in the PUT0 and PUT1 macros, the trim_title() + function, or a long "-O" command line option can lead to a buffer + overflow (CVE-2010-3441). +
    • +
  • A vulnerability in the getarena() function in abc2ps.c can cause a + heap-based buffer overflow in abcm2ps (CVE-2010-4743). +
    • +
  • Multiple unspecified vulnerabilities (CVE-2010-4744).
    • +
+ + +

A remote attacker could entice a user to load a specially crafted ABC + file or use a long -O option on the command line, resulting in the + execution of arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All abcm2ps users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/abcm2ps-5.9.13" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 27, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-3441 + CVE-2010-4743 + CVE-2010-4744 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-01.xml new file mode 100644 index 0000000000..fa354b5e57 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-01.xml @@ -0,0 +1,150 @@ + + + + phpMyAdmin: Multiple vulnerabilities + Multiple vulnerabilities were found in phpMyAdmin, the most severe + of which allows the execution of arbitrary PHP code. + + phpMyAdmin + January 04, 2012 + January 04, 2012: 1 + 302745 + 335490 + 336462 + 354227 + 373951 + 376369 + 387413 + 389427 + 395715 + remote + + + 3.4.9 + 3.4.9 + + + +

phpMyAdmin is a web-based management tool for MySQL databases.

+ + +

Multiple vulnerabilities have been discovered in phpMyAdmin. Please + review the CVE identifiers and phpMyAdmin Security Advisories referenced + below for details. +

+ + +

Remote attackers might be able to insert and execute PHP code, include + and execute local PHP files, or perform Cross-Site Scripting (XSS) + attacks via various vectors. +

+ + +

There is no known workaround at this time.

+ + +

All phpMyAdmin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-3.4.9" + + + + + CVE-2008-7251 + CVE-2008-7252 + CVE-2010-2958 + CVE-2010-3055 + CVE-2010-3056 + CVE-2010-3263 + CVE-2011-0986 + CVE-2011-0987 + CVE-2011-2505 + CVE-2011-2506 + CVE-2011-2507 + CVE-2011-2508 + CVE-2011-2642 + CVE-2011-2643 + CVE-2011-2718 + CVE-2011-2719 + CVE-2011-3646 + CVE-2011-4064 + CVE-2011-4107 + CVE-2011-4634 + CVE-2011-4780 + CVE-2011-4782 + + PMASA-2010-1 + + + PMASA-2010-2 + + + PMASA-2010-4 + + + PMASA-2010-5 + + + PMASA-2010-6 + + + PMASA-2010-7 + + + PMASA-2011-1 + + + PMASA-2011-10 + + + PMASA-2011-11 + + + PMASA-2011-12 + + + PMASA-2011-15 + + + PMASA-2011-16 + + + PMASA-2011-17 + + + PMASA-2011-18 + + + PMASA-2011-19 + + + PMASA-2011-2 + + + PMASA-2011-20 + + + PMASA-2011-5 + + + PMASA-2011-6 + + + PMASA-2011-7 + + + PMASA-2011-8 + + + PMASA-2011-9 + + + + underling + + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-02.xml new file mode 100644 index 0000000000..0e6bb3a252 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-02.xml @@ -0,0 +1,101 @@ + + + + MySQL: Multiple vulnerabilities + Multiple vulnerabilities were found in MySQL, some of which may + allow execution of arbitrary code. + + MySQL + January 05, 2012 + January 05, 2012: 1 + 220813 + 229329 + 237166 + 238117 + 240407 + 277717 + 294187 + 303747 + 319489 + 321791 + 339717 + 344987 + 351413 + remote + + + 5.1.56 + 5.1.56 + + + +

MySQL is a popular open-source multi-threaded, multi-user SQL database + server. +

+ + +

Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +

+ + +

An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the MySQL process, cause a Denial of Service + condition, bypass security restrictions, uninstall arbitrary MySQL + plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. +

+ + +

There is no known workaround at this time.

+ + +

All MySQL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.56" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since May 14, 2011. It is likely that your system is already no + longer affected by this issue. +

+ + + CVE-2008-3963 + CVE-2008-4097 + CVE-2008-4098 + CVE-2008-4456 + CVE-2008-7247 + CVE-2009-2446 + CVE-2009-4019 + CVE-2009-4028 + CVE-2009-4484 + CVE-2010-1621 + CVE-2010-1626 + CVE-2010-1848 + CVE-2010-1849 + CVE-2010-1850 + CVE-2010-2008 + CVE-2010-3676 + CVE-2010-3677 + CVE-2010-3678 + CVE-2010-3679 + CVE-2010-3680 + CVE-2010-3681 + CVE-2010-3682 + CVE-2010-3683 + CVE-2010-3833 + CVE-2010-3834 + CVE-2010-3835 + CVE-2010-3836 + CVE-2010-3837 + CVE-2010-3838 + CVE-2010-3839 + CVE-2010-3840 + + a3li + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-03.xml new file mode 100644 index 0000000000..d2aa5c927f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-03.xml @@ -0,0 +1,115 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + some of which may allow execution of arbitrary code. + + chromium v8 + January 08, 2012 + January 08, 2012: 1 + 394587 + 397907 + remote + + + 16.0.912.75 + 16.0.912.75 + + + 3.6.6.11 + 3.6.6.11 + + + +

Chromium is an open source web browser project. V8 is Google's open + source JavaScript engine. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +

+ +

The attacker could also perform URL bar spoofing.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-16.0.912.75" + + +

All V8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.6.6.11" + + + + + CVE-2011-3903 + + + CVE-2011-3904 + + + CVE-2011-3906 + + + CVE-2011-3907 + + + CVE-2011-3908 + + + CVE-2011-3909 + + + CVE-2011-3910 + + + CVE-2011-3912 + + + CVE-2011-3913 + + + CVE-2011-3914 + + + CVE-2011-3917 + + + CVE-2011-3921 + + + CVE-2011-3922 + + + Release Notes 16.0.912.63 + + + Release Notes 16.0.912.75 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-04.xml new file mode 100644 index 0000000000..c293c9f5ab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-04.xml @@ -0,0 +1,53 @@ + + + + Logsurfer: Arbitrary code execution + A double-free flaw in Logsurfer allows a remote attacker to execute + arbitrary code. + + Logsurfer + January 20, 2012 + January 20, 2012: 1 + 387397 + remote + + + 1.8 + 1.8 + + + +

Logsurfer is a real time log monitoring and analysis tool.

+ + +

Logsurfer log files may contain substrings used for executing external + commands. The prepare_exec() function in src/exec.c contains a + double-free vulnerability. +

+ + +

A remote attacker could inject specially-crafted strings into a log file + processed by Logsurfer, resulting in the execution of arbitrary code with + the permissions of the Logsurfer user. +

+ + +

There is no known workaround at this time.

+ + +

All Logsurfer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/logsurfer+-1.8" + + + + + + CVE-2011-3626 + + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-05.xml new file mode 100644 index 0000000000..5b95c69345 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-05.xml @@ -0,0 +1,62 @@ + + + + mDNSResponder: Multiple vulnerabilities + Multiple vulnerabilities have been found in mDNSResponder, which + could lead to execution of arbitrary code with root privileges. + + mDNSResponder + January 22, 2012 + January 22, 2012: 1 + 290822 + local, remote + + + 212.1 + 212.1 + + + +

mDNSResponder is a component of Apple's Bonjour, an initiative for + zero-configuration networking. +

+ + +

Multiple vulnerabilities have been discovered in mDNSResponder. Please + review the CVE identifiers referenced below for details. +

+ + +

A local or remote attacker may be able to execute arbitrary code with + root privileges or cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All mDNSResponder users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/mDNSResponder-212.1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 21, 2009. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2007-2386 + CVE-2007-3744 + CVE-2007-3828 + CVE-2008-0989 + CVE-2008-2326 + CVE-2008-3630 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-06.xml new file mode 100644 index 0000000000..412bc4b10d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-06.xml @@ -0,0 +1,56 @@ + + + + iSCSI Enterprise Target: Arbitrary code execution + Format string vulnerabilities in iSCSI Enterprise Target could + result in execution of arbitrary code or a Denial of Service. + + iscsitarget + January 23, 2012 + January 23, 2012: 1 + 314187 + remote + + + 1.4.19 + 1.4.19 + + + +

iSCSI Enterprise Target is an open source iSCSI target with professional + features. +

+ + +

Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target + contain format string errors. +

+ + +

A remote attacker could send a specially-crafted Internet Storage Name + Service (iSNS) request, possibly resulting in the execution of arbitrary + code with root privileges or cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All iSCSI Enterprise Target users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-block/iscsitarget-1.4.19" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 11, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-0743 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-07.xml new file mode 100644 index 0000000000..8e34d5842b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-07.xml @@ -0,0 +1,69 @@ + + + + NX Server Free Edition, NX Node: Privilege escalation + An unspecified vulnerability in NX Server Free Edition and NX Node + could allow local attackers to gain root privileges. + + NX Server NX Node + January 23, 2012 + January 23, 2012: 1 + 378345 + local + + + 3.5.0.5 + 3.5.0.5 + + + 3.5.0.4 + 3.5.0.4 + + + +

NX Server Free Edition is a remote display technology by No Machine. NX + Node provides the shared components for NX Server. +

+ + +

NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script + containing an unspecified vulnerability. +

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All NX Server Free Edition users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-misc/nxserver-freeedition-3.5.0.5" + + +

All NX Node users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.5.0.4" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 23, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + + CVE-2011-3977 + + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-08.xml new file mode 100644 index 0000000000..9dada34b7a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-08.xml @@ -0,0 +1,58 @@ + + + + FontForge: User-assisted execution of arbitrary code + A stack-based buffer overflow flaw in FontForge could result in + execution of arbitrary code or a Denial of Service. + + FontForge + January 23, 2012 + January 23, 2012: 1 + 386293 + remote + + + 20110222-r1 + 20110222-r1 + + + +

FontForge is a PostScript font editor and converter.

+ + +

FontForge is vulnerable to an error when processing the + "CHARSET_REGISTRY" header in font files, which could cause a stack-based + buffer overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted BDF + file using FontForge font editor, possibly resulting in the remote + execution of arbitrary code with the privileges of the FontForge process, + or a Denial of Service (application crash). +

+ + +

There is no known workaround at this time.

+ + +

All FontForge users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/fontforge-20110222-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 12, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2010-4259 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-09.xml new file mode 100644 index 0000000000..e176b92014 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-09.xml @@ -0,0 +1,120 @@ + + + + FreeType: Multiple vulnerabilities + Multiple vulnerabilities have been found in FreeType, allowing + remote attackers to possibly execute arbitrary code or cause a Denial of + Service. + + FreeType + January 23, 2012 + January 23, 2012: 1 + 332701 + 342121 + 345843 + 377143 + 387535 + 390623 + remote + + + 2.4.8 + 2.4.8 + + + +

FreeType is a high-quality and portable font engine.

+ + +

Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted font, + possibly resulting in the remote execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All FreeType users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8" + + + + + + CVE-2010-1797 + + + CVE-2010-2497 + + + CVE-2010-2498 + + + CVE-2010-2499 + + + CVE-2010-2500 + + + CVE-2010-2519 + + + CVE-2010-2520 + + + CVE-2010-2527 + + + CVE-2010-2541 + + + CVE-2010-2805 + + + CVE-2010-2806 + + + CVE-2010-2807 + + + CVE-2010-2808 + + + CVE-2010-3053 + + + CVE-2010-3054 + + + CVE-2010-3311 + + + CVE-2010-3814 + + + CVE-2010-3855 + + + CVE-2011-0226 + + + CVE-2011-3256 + + + CVE-2011-3439 + + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-10.xml new file mode 100644 index 0000000000..76cd5bb6cd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-10.xml @@ -0,0 +1,66 @@ + + + + JasPer: User-assisted execution of arbitrary code + Multiple memory management errors in JasPer could result in + execution of arbitrary code or a Denial of Service. + + JasPer + January 23, 2012 + January 23, 2012: 1 + 394879 + remote + + + 1.900.1-r4 + 1.900.1-r4 + + + +

The JasPer Project is an open-source initiative to provide a free + software-based reference implementation of the codec specified in the + JPEG-2000 Part-1 (jpeg2k) standard. +

+ + +

Two vulnerabilities have been found in JasPer:

+ +
    +
  • The jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c contains + an error that could overwrite certain callback pointers, possibly + causing a heap-based buffer overflow (CVE-2011-4516). +
    • +
  • The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c uses an + incorrect data type, possibly causing a heap-based buffer overflow + (CVE-2011-4517). +
    • +
+ + +

A remote attacker could entice a user or automated system to process + specially crafted JPEG-2000 files with an application using JasPer, + possibly resulting in the execution of arbitrary code with the privileges + of the application, or a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All JasPer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r4" + + + + + CVE-2011-4516 + CVE-2011-4517 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-11.xml new file mode 100644 index 0000000000..2503ca9b26 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-11.xml @@ -0,0 +1,57 @@ + + + + Firewall Builder: Privilege escalation + Insecure temporary file usage in Firewall Builder could allow + attackers to overwrite arbitrary files. + + fwbuilder + January 23, 2012 + January 23, 2012: 1 + 235809 + 285861 + local + + + 3.0.7 + 3.0.7 + + + +

Firewall Builder is a GUI for easy management of multiple firewall + platforms. +

+ + +

Two vulnerabilities in Firewall Builder allow the iptables and + fwb_install scripts to use temporary files insecurely. +

+ + +

A local attacker could possibly overwrite arbitrary files with the + privileges of the user running Firewall Builder. +

+ + +

There is no known workaround at this time.

+ + +

All Firewall Builder users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 09, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2008-4956 + CVE-2009-4664 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-12.xml new file mode 100644 index 0000000000..0bd1787b29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-12.xml @@ -0,0 +1,68 @@ + + + + Tor: Multiple vulnerabilities + Multiple vulnerabilities have been found in Tor, the most severe of + which may allow a remote attacker to execute arbitrary code. + + Tor + January 23, 2012 + January 23, 2012: 1 + 388769 + 394969 + remote + + + 0.2.2.35 + 0.2.2.35 + + + +

Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

Multiple vulnerabilities have been discovered in Tor:

+ +
    +
  • When configured as client or bridge, Tor uses the same TLS + certificate chain for all outgoing connections (CVE-2011-2768). +
    • +
  • When configured as a bridge, Tor relays can distinguish incoming + bridge connections from client connections (CVE-2011-2769). +
    • +
  • An error in or/buffers.c could result in a heap-based buffer overflow + (CVE-2011-2778). +
    • +
+ + +

A remote attacker could possibly execute arbitrary code or cause a + Denial of Service. Furthermore, a remote relay the user is directly + connected to may be able to disclose anonymous information about that + user or enumerate bridges in the user's connection. +

+ + +

There is no known workaround at this time.

+ + +

All Tor users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.2.35" + + + + + CVE-2011-2768 + CVE-2011-2769 + CVE-2011-2778 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-13.xml new file mode 100644 index 0000000000..bbafd290a0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-13.xml @@ -0,0 +1,86 @@ + + + + MIT Kerberos 5: Multiple vulnerabilities + Multiple vulnerabilities have been found in MIT Kerberos 5, the + most severe of which may allow remote execution of arbitrary code. + + mit-krb5 + January 23, 2012 + January 23, 2012: 1 + 303723 + 308021 + 321935 + 323525 + 339866 + 347369 + 352859 + 359129 + 363507 + 387585 + 393429 + remote + + + 1.9.2-r1 + 1.9.2-r1 + + + +

MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +

+ + +

Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the administration daemon or the Key Distribution Center + (KDC) daemon, cause a Denial of Service condition, or possibly obtain + sensitive information. Furthermore, a remote attacker may be able to + spoof Kerberos authorization, modify KDC responses, forge user data + messages, forge tokens, forge signatures, impersonate a client, modify + user-visible prompt text, or have other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All MIT Kerberos 5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.9.2-r1" + + + + CVE-2009-3295 + CVE-2009-4212 + CVE-2010-0283 + CVE-2010-0629 + CVE-2010-1320 + CVE-2010-1321 + CVE-2010-1322 + CVE-2010-1323 + CVE-2010-1324 + CVE-2010-4020 + CVE-2010-4021 + CVE-2010-4022 + CVE-2011-0281 + CVE-2011-0282 + CVE-2011-0283 + CVE-2011-0284 + CVE-2011-0285 + CVE-2011-1527 + CVE-2011-1528 + CVE-2011-1529 + CVE-2011-1530 + CVE-2011-4151 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-14.xml new file mode 100644 index 0000000000..4edc2f848b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-14.xml @@ -0,0 +1,70 @@ + + + + MIT Kerberos 5 Applications: Multiple vulnerabilities + Multiple vulnerabilities have been found in MIT Kerberos 5 + Applications, the most severe of which may allow execution of arbitrary + code. + + mit-krb5-appl + January 23, 2012 + January 23, 2012: 1 + 374229 + 396137 + remote + + + 1.0.2-r1 + 1.0.2-r1 + + + +

A suite of applications that implement the Kerberos 5 network protocol + from MIT. +

+ + +

Multiple vulnerabilities have been discovered in MIT Kerberos 5 + Applications: +

+ +
    +
  • An error in the FTP daemon prevents it from dropping its initial + effective group identifier (CVE-2011-1526). +
    • +
  • A boundary error in the telnet daemon and client could cause a buffer + overflow (CVE-2011-4862). +
    • +
+ + + +

An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the user running the telnet daemon or client. + Furthermore, an authenticated remote attacker may be able to read or + write files owned by the same group as the effective group of the FTP + daemon. +

+ + +

There is no known workaround at this time.

+ + +

All MIT Kerberos 5 Applications users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-crypt/mit-krb5-appl-1.0.2-r1" + + + + + CVE-2011-1526 + CVE-2011-4862 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-15.xml new file mode 100644 index 0000000000..27f39adfce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-15.xml @@ -0,0 +1,59 @@ + + + + ktsuss: Privilege escalation + Two vulnerabilities have been found in ktsuss, allowing local + attackers to gain escalated privileges. + + ktsuss + January 27, 2012 + January 27, 2012: 1 + 381115 + local + + + 1.4 + + + +

ktsuss is a simple, graphical version of su written in C and GTK+.

+ + +

Two vulnerabilities have been found in ktuss:

+ +
    +
  • Under specific circumstances, ktsuss skips authentication and fails + to change the effective UID back to the real UID (CVE-2011-2921). +
    • +
  • The GTK interface spawned by the ktsuss binary is run as root + (CVE-2011-2922). +
    • +
+ + +

A local attacker could gain escalated privileges and use the + "GTK_MODULES" environment variable to possibly execute arbitrary code + with root privileges. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo discontinued support for ktsuss. We recommend that users unmerge + ktsuss: +

+ + + # emerge --unmerge "x11-misc/ktsuss" + + + + CVE-2011-2921 + CVE-2011-2922 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-16.xml new file mode 100644 index 0000000000..79d77ddce3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-16.xml @@ -0,0 +1,70 @@ + + + + X.Org X Server/X Keyboard Configuration Database: Screen lock bypass + A debugging functionality in the X.Org X Server that is bound to a + hotkey by default can be used by local attackers to circumvent screen + locking utilities. + + xkeyboard-config xorg-server + January 27, 2012 + January 27, 2012: 1 + 399347 + local + + + 2.4.1-r3 + 2.4.1-r3 + + + +

The X Keyboard Configuration Database provides keyboard configuration + for various X server implementations. +

+ + +

Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server + again provides debugging functionality that can be used terminate an + application that exclusively grabs mouse and keyboard input, like screen + locking utilities. +

+ +

Gu1 reported that the X Keyboard Configuration Database maps this + functionality by default to the Ctrl+Alt+Numpad * key combination. +

+ + +

A physically proximate attacker could exploit this vulnerability to gain + access to a locked X session without providing the correct credentials. +

+ + +

Downgrade to any version of x11-base/xorg-server below + x11-base/xorg-server-1.11: +

+ + + # emerge --oneshot --verbose "<x11-base/xorg-server-1.11" + + + +

All xkeyboard-config users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=x11-misc/xkeyboard-config-2.4.1-r3" + + +

NOTE: The X.Org X Server 1.11 was only stable on the AMD64, ARM, HPPA, + and x86 architectures. Users of the stable branches of all other + architectures are not affected and will be directly provided with a fixed + X Keyboard Configuration Database version. +

+ + + CVE-2012-0064 + + a3li + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-17.xml new file mode 100644 index 0000000000..84bfb109a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-17.xml @@ -0,0 +1,72 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium, some of + which may allow execution of arbitrary code. + + chromium + January 28, 2012 + January 28, 2012: 1 + 400551 + remote + + + 16.0.912.77 + 16.0.912.77 + + + +

Chromium is an open source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-16.0.912.77" + + + + + + CVE-2011-3924 + + + CVE-2011-3925 + + + CVE-2011-3926 + + + CVE-2011-3927 + + + CVE-2011-3928 + + + Release Notes 16.0.912.77 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-18.xml new file mode 100644 index 0000000000..adf353f6dd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-18.xml @@ -0,0 +1,66 @@ + + + + bip: Multiple vulnerabilities + Multiple vulnerabilities in bip might allow remote unauthenticated + attackers to cause a Denial of Service or possibly execute arbitrary code. + + bip + January 30, 2012 + January 30, 2012: 1 + 336321 + 400599 + remote + + + 0.8.8-r1 + 0.8.8-r1 + + + +

bip is a multi-user IRC proxy with SSL support.

+ + +

Multiple vulnerabilities have been discovered in bip:

+ +
    +
  • Uli Schlachter reported that bip does not properly handle invalid + data during authentication, resulting in a daemon crash + (CVE-2010-3071). +
    • +
  • Julien Tinnes reported that bip does not check the number of open + file descriptors against FD_SETSIZE, resulting in a stack buffer + overflow (CVE-2012-0806). +
    • +
+ + +

A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the privileges of the user running the bip daemon, or + cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All bip users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/bip-0.8.8-r1" + + +

NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version + of bip and is included in this advisory for completeness. +

+ + + CVE-2010-3071 + CVE-2012-0806 + + + underling + + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-19.xml new file mode 100644 index 0000000000..81a863cadb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201201-19.xml @@ -0,0 +1,108 @@ + + + + Adobe Reader: Multiple vulnerabilities + Multiple vulnerabilities in Adobe Reader might allow remote + attackers to execute arbitrary code or conduct various other attacks. + + acroread + January 30, 2012 + January 30, 2012: 1 + 354211 + 382969 + 393481 + remote + + + 9.4.7 + 9.4.7 + + + +

Adobe Reader is a closed-source PDF reader.

+ + +

Multiple vulnerabilities have been discovered in Adobe Reader. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted PDF + file using Adobe Reader, possibly resulting in the remote execution of + arbitrary code, a Denial of Service, or other impact. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Reader users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7" + + + + + CVE-2010-4091 + CVE-2011-0562 + CVE-2011-0563 + CVE-2011-0565 + CVE-2011-0566 + CVE-2011-0567 + CVE-2011-0570 + CVE-2011-0585 + CVE-2011-0586 + CVE-2011-0587 + CVE-2011-0588 + CVE-2011-0589 + CVE-2011-0590 + CVE-2011-0591 + CVE-2011-0592 + CVE-2011-0593 + CVE-2011-0594 + CVE-2011-0595 + CVE-2011-0596 + CVE-2011-0598 + CVE-2011-0599 + CVE-2011-0600 + CVE-2011-0602 + CVE-2011-0603 + CVE-2011-0604 + CVE-2011-0605 + CVE-2011-0606 + CVE-2011-2130 + CVE-2011-2134 + CVE-2011-2135 + CVE-2011-2136 + CVE-2011-2137 + CVE-2011-2138 + CVE-2011-2139 + CVE-2011-2140 + CVE-2011-2414 + CVE-2011-2415 + CVE-2011-2416 + CVE-2011-2417 + CVE-2011-2424 + CVE-2011-2425 + CVE-2011-2431 + CVE-2011-2432 + CVE-2011-2433 + CVE-2011-2434 + CVE-2011-2435 + CVE-2011-2436 + CVE-2011-2437 + CVE-2011-2438 + CVE-2011-2439 + CVE-2011-2440 + CVE-2011-2441 + CVE-2011-2442 + CVE-2011-2462 + CVE-2011-4369 + + + underling + + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-01.xml new file mode 100644 index 0000000000..3452a00cc7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-01.xml @@ -0,0 +1,158 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium, some of + which may allow execution of arbitrary code. + + chromium + February 18, 2012 + February 18, 2012: 1 + 402841 + 404067 + remote + + + 17.0.963.56 + 17.0.963.56 + + + +

Chromium is an open source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + information leak (clipboard contents), bypass of the Same Origin Policy, + or escape from NativeClient's sandbox. +

+ +

A remote attacker could also entice the user to perform a set of UI + actions (drag and drop) to trigger an URL bar spoofing vulnerability. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-17.0.963.56" + + + + + CVE-2011-3016 + + + CVE-2011-3017 + + + CVE-2011-3018 + + + CVE-2011-3019 + + + CVE-2011-3020 + + + CVE-2011-3021 + + + CVE-2011-3022 + + + CVE-2011-3023 + + + CVE-2011-3024 + + + CVE-2011-3025 + + + CVE-2011-3027 + + + CVE-2011-3953 + + + CVE-2011-3954 + + + CVE-2011-3955 + + + CVE-2011-3956 + + + CVE-2011-3957 + + + CVE-2011-3958 + + + CVE-2011-3959 + + + CVE-2011-3960 + + + CVE-2011-3961 + + + CVE-2011-3962 + + + CVE-2011-3963 + + + CVE-2011-3964 + + + CVE-2011-3965 + + + CVE-2011-3966 + + + CVE-2011-3967 + + + CVE-2011-3968 + + + CVE-2011-3969 + + + CVE-2011-3970 + + + CVE-2011-3971 + + + CVE-2011-3972 + + + Release Notes 17.0.963.46 + + + Release Notes 17.0.963.56 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-02.xml new file mode 100644 index 0000000000..fb2031a7a3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-02.xml @@ -0,0 +1,72 @@ + + + + Quagga: Multiple vulnerabilities + Multiple vulnerabilities were found in Quagga, the worst of which + leading to remote execution of arbitrary code. + + Quagga + February 21, 2012 + February 21, 2012: 2 + 334303 + 359903 + 384651 + remote + + + 0.99.20 + 0.99.20 + + + +

Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and + BGP. +

+ + +

Multiple vulnerabilities have been discovered in Quagga. Please review + the CVE identifiers referenced below for details. +

+ + +

A BGP peer could send a Route-Refresh message with specially-crafted ORF + record, which can cause Quagga's bgpd to crash or possibly execute + arbitrary code with the privileges of the user running Quagga's bgpd; a + BGP update AS path request with unknown AS type, or malformed + AS-Pathlimit or Extended-Community attributes could lead to Denial of + Service (daemon crash), an error in bgpd when handling AS_PATH attributes + within UPDATE messages can + be exploited to cause a heap-based buffer overflow resulting in a crash + of the + daemon and disruption of IPv4 routing, two errors in ospf6d and ospfd can + each be exploited to crash the daemon and disrupt IP routing. +

+ + +

There is no known workaround at this time.

+ + +

All Quagga users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20" + + + + + CVE-2010-1674 + CVE-2010-1675 + CVE-2010-2948 + CVE-2010-2949 + CVE-2011-3323 + CVE-2011-3324 + CVE-2011-3325 + CVE-2011-3326 + CVE-2011-3327 + + + underling + + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-03.xml new file mode 100644 index 0000000000..21d10084c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-03.xml @@ -0,0 +1,49 @@ + + + + MaraDNS: Denial of Service + A hash collision vulnerability in MaraDNS allows remote attackers + to cause a Denial of Service condition. + + maradns + February 22, 2012 + February 22, 2012: 1 + 397431 + remote + + + 1.4.09 + 1.4.09 + + + +

MaraDNS is a proxy DNS server with permanent caching.

+ + +

MaraDNS does not properly randomize hash functions to protect against + hash collision attacks. +

+ + +

A remote attacker could send many specially crafted DNS recursive + queries, possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MaraDNS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/maradns-1.4.09" + + + + + CVE-2012-0024 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-04.xml new file mode 100644 index 0000000000..2efcbfcecb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-04.xml @@ -0,0 +1,64 @@ + + + + PowerDNS: Denial of Service + A vulnerability in PowerDNS could allow a remote attacker to create + a Denial of Service condition. + + pdns + February 22, 2012 + February 22, 2012: 1 + 398403 + remote + + + 3.0.1 + 3.0.1 + + + +

The PowerDNS nameserver is an authoritative-only nameserver which uses a + flexible backend architecture. +

+ + +

A vulnerability has been found in PowerDNS which could cause a packet + loop of DNS responses. +

+ + +

A remote attacker could send specially crafted DNS response packets, + possibly resulting in a Denial of Service condition. +

+ + +

PowerDNS users can set "cache-ttl=0" in /etc/powerdns/pdns.conf and then + restart the PowerDNS daemon: +

+ + + # /etc/init.d/pdns restart + + +

Please review the PowerDNS Security Advisory below for more workaround + details. +

+ + +

All PowerDNS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdns-3.0.1" + + + + + CVE-2012-0206 + PowerDNS + Security Advisory 2012-01 + + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-05.xml new file mode 100644 index 0000000000..122ea63a71 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-05.xml @@ -0,0 +1,51 @@ + + + + Heimdal: Arbitrary code execution + A boundary error in Heimdal could result in execution of arbitrary + code. + + heimdal + February 22, 2012 + February 22, 2012: 1 + 396105 + remote + + + 1.5.1-r1 + 1.5.1-r1 + + + +

Heimdal is a free implementation of Kerberos 5.

+ + +

A boundary error in the "encrypt_keyid()" function in + appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could + cause a buffer overflow. +

+ + +

An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the user running the telnet daemon or client, or + cause Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All Heimdal users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-1.5.1-r1" + + + + + CVE-2011-4862 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-06.xml new file mode 100644 index 0000000000..ec0f9bc975 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-06.xml @@ -0,0 +1,50 @@ + + + + Asterisk: Denial of Service + A vulnerability in Asterisk could allow a remote attacker to cause + a Denial of Service condition. + + asterisk + February 22, 2012 + February 22, 2012: 1 + 399507 + remote + + + 1.8.8.2 + 1.8.8.2 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

A vulnerability has been found in Asterisk's handling of certain + encrypted streams where the res_srtp module has been loaded but video + support has not been enabled. +

+ + +

A remote attacker could send a specially crafted SDP message to the + Asterisk daemon, possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.8.2" + + + + + CVE-2012-0885 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-07.xml new file mode 100644 index 0000000000..0a2f2d9815 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-07.xml @@ -0,0 +1,56 @@ + + + + libvirt: Multiple vulnerabilities + Multiple vulnerabilities were found in libvirt, the worst of which + might allow guest OS users to read arbitrary files on the host OS. + + libvirt + February 27, 2012 + February 27, 2012: 1 + 358877 + 372963 + 373991 + 386287 + local, remote + + + 0.9.3-r1 + 0.9.3-r1 + + + +

libvirt is a C toolkit to manipulate virtual machines.

+ + +

Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +

+ + +

These vulnerabilities allow a remote attacker to cause a Denial of + Service condition on the host server or libvirt daemon, or might allow + guest OS users to read arbitrary files on the host OS. +

+ + +

There is no known workaround at this time.

+ + +

All libvirt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-0.9.3-r1" + + + + + CVE-2011-1146 + CVE-2011-1486 + CVE-2011-2178 + CVE-2011-2511 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-08.xml new file mode 100644 index 0000000000..35757c9e76 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-08.xml @@ -0,0 +1,49 @@ + + + + stunnel: Arbitrary code execution + A vulnerability was found in stunnel, allowing remote attackers to + cause a Denial of Service and potentially arbitrary code execution. + + ebuild stunnel + February 29, 2012 + July 30, 2012: 2 + 379859 + remote + + + 4.44 + 4 + 4.44 + + + +

The stunnel program is designed to work as an SSL encryption wrapper + between a client and a local or remote server. +

+ + +

An unspecified heap vulnerability was discovered in stunnel.

+ + +

The vulnerability may possibly be leveraged to perform remote code + execution or a Denial of Service attack. +

+ + +

There is no known workaround at this time.

+ + +

All stunnel 4.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.44" + + + + CVE-2011-2940 + + ago + ago + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-09.xml new file mode 100644 index 0000000000..856531bcf0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201202-09.xml @@ -0,0 +1,54 @@ + + + + libxml2: User-assisted execution of arbitrary code + A boundary error in libxml2 could result in execution of arbitrary + code or Denial of Service. + + libxml2 + February 29, 2012 + February 29, 2012: 2 + 398361 + remote + + + 2.7.8-r4 + 2.7.8-r4 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

The "xmlStringLenDecodeEntities()" function in parser.c contains a + boundary error which could possibly cause a heap-based buffer overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted XML + file in an application linked against libxml2, possibly resulting in the + remote execution of arbitrary code with the permissions of the user + running the application, or Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r4" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2011-3919 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-01.xml new file mode 100644 index 0000000000..fe6b66333c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-01.xml @@ -0,0 +1,49 @@ + + + + spamdyke: Arbitrary code execution + A buffer overflow in spamdyke might allow remote attackers to + execute arbitrary code. + + spamdyke + March 06, 2012 + March 06, 2012: 1 + 399157 + remote + + + 4.3.0 + 4.3.0 + + + +

spamdyke is a drop-in connection-time spam filter for qmail.

+ + +

Boundary errors related to the "snprintf()" and "vsnprintf()" functions + in spamdyke could cause a buffer overflow. +

+ + +

A remote attacker could possibly execute arbitrary code or cause a + Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All spamdyke users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/spamdyke-4.3.0" + + + + + CVE-2012-0802 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-02.xml new file mode 100644 index 0000000000..ffd4fdb65c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-02.xml @@ -0,0 +1,80 @@ + + + + cURL: Multiple vulnerabilities + Multiple vulnerabilities have been found in cURL, the worst of + which might allow remote execution of arbitrary code. + + cURL + March 06, 2012 + March 06, 2012: 1 + 308645 + 373235 + 400799 + remote + + + 7.24.0 + 7.24.0 + + + +

cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +

+ + +

Multiple vulnerabilities have been found in cURL:

+ +
    +
  • When zlib is enabled, the amount of data sent to an application for + automatic decompression is not restricted (CVE-2010-0734). +
    • +
  • When performing GSSAPI authentication, credential delegation is + always used (CVE-2011-2192). +
    • +
  • When SSL is enabled, cURL improperly disables the OpenSSL workaround + to mitigate an information disclosure vulnerability in the SSL and TLS + protocols (CVE-2011-3389). +
    • +
  • libcurl does not properly verify file paths for escape control + characters in IMAP, POP3 or SMTP URLs (CVE-2012-0036). +
    • +
+ + +

A remote attacker could entice a user or automated process to open a + specially crafted file or URL using cURL, possibly resulting in the + remote execution of arbitrary code, a Denial of Service condition, + disclosure of sensitive information, or unwanted actions performed via + the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able + to impersonate clients via GSSAPI requests. +

+ + +

There is no known workaround at this time.

+ + +

All cURL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.24.0" + + + + + CVE-2010-0734 + + CVE-2011-2192 + + CVE-2011-3389 + + CVE-2012-0036 + + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-03.xml new file mode 100644 index 0000000000..65e1fab0d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-03.xml @@ -0,0 +1,65 @@ + + + + Puppet: Multiple vulnerabilities + Multiple vulnerabilities have been found in Puppet, the worst of + which might allow local attackers to gain escalated privileges. + + puppet + March 06, 2012 + March 06, 2012: 1 + 303729 + 308031 + 384859 + 385149 + 388161 + 403963 + local, remote + + + 2.7.11 + 2.7.11 + + + +

Puppet is a system configuration management tool written in Ruby.

+ + +

Multiple vulnerabilities have been discovered in Puppet. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could gain elevated privileges, or access and modify + arbitrary files. Furthermore, a remote attacker may be able to spoof a + Puppet Master or write X.509 Certificate Signing Requests to arbitrary + locations. +

+ + +

There is no known workaround at this time.

+ + +

All Puppet users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.11" + + + + + CVE-2009-3564 + CVE-2010-0156 + CVE-2011-3848 + CVE-2011-3869 + CVE-2011-3870 + CVE-2011-3871 + CVE-2011-3872 + CVE-2012-1053 + + CVE-2012-1054 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-04.xml new file mode 100644 index 0000000000..b7be26ffa6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-04.xml @@ -0,0 +1,50 @@ + + + + libxml2: Denial of Service + A hash collision vulnerability in libxml2 allows remote attackers + to cause a Denial of Service condition. + + libxml2 + March 06, 2012 + March 06, 2012: 1 + 405261 + remote + + + 2.7.8-r5 + 2.7.8-r5 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

libxml2 does not properly randomize hash functions to protect against + hash collision attacks. +

+ + +

A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2 + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r5" + + + + + CVE-2012-0841 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-05.xml new file mode 100644 index 0000000000..892b4b7217 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-05.xml @@ -0,0 +1,49 @@ + + + + Rack: Denial of Service + A hash collision vulnerability in Rack allows remote attackers to + cause a Denial of Service condition. + + rack + March 06, 2012 + March 06, 2012: 1 + 396455 + remote + + + 1.1.3 + 1.1.3 + + + +

Rack is a modular Ruby web server interface.

+ + +

Rack does not properly randomize hash functions to protect against hash + collision attacks. +

+ + +

A remote attacker could send a specially crafted form post, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Rack users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.1.3" + + + + + CVE-2011-5036 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-06.xml new file mode 100644 index 0000000000..43fda601bd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-06.xml @@ -0,0 +1,63 @@ + + + + sudo: Privilege escalation + Two vulnerabilities have been discovered in sudo, allowing local + attackers to possibly gain escalated privileges. + + sudo + March 06, 2012 + March 06, 2012: 1 + 351490 + 401533 + local + + + 1.8.3_p2 + 1.7.4_p5 + 1.8.3_p2 + + + +

sudo allows a system administrator to give users the ability to run + commands as other users. +

+ + +

Two vulnerabilities have been discovered in sudo:

+ +
    +
  • When the sudoers file is configured with a Runas group, sudo does not + prompt for a password when changing to the new group (CVE-2011-0010). +
    • +
  • A format string vulnerability exists in the "sudo_debug()" function + (CVE-2012-0809). +
    • +
+ + +

A local attacker could possibly gain the ability to run arbitrary + commands with the privileges of other users or groups, including root. +

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.3_p2" + + + + + CVE-2011-0010 + CVE-2012-0809 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-07.xml new file mode 100644 index 0000000000..4a6964b863 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-07.xml @@ -0,0 +1,54 @@ + + + + foomatic-filters: User-assisted execution of arbitrary code + A vulnerability in foomatic-filters could result in the execution + of arbitrary code. + + foomatic-filters + March 06, 2012 + March 06, 2012: 1 + 379559 + remote + + + 4.0.9 + 4.0.9 + + + +

The foomatic-filters package contains wrapper scripts which are designed + to be used with Foomatic. +

+ + +

The foomatic-rip filter improperly handles command-line arguments, + including those issued by FoomaticRIPCommandLine fields in PPD files. +

+ + +

A remote attacker could entice a user to open a specially crafted PPD + file, possibly resulting in execution of arbitrary code with the + privileges of the system user "lp". +

+ + +

There is no known workaround at this time.

+ + +

All foomatic-filters users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-print/foomatic-filters-4.0.9" + + + + + CVE-2011-2697 + CVE-2011-2964 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-08.xml new file mode 100644 index 0000000000..7704d7b700 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-08.xml @@ -0,0 +1,49 @@ + + + + libxslt: Denial of Service + A vulnerability in libxslt could result in Denial of Service. + libxslt + March 06, 2012 + March 06, 2012: 1 + 402861 + remote + + + 1.1.26-r3 + 1.1.26-r3 + + + +

libxslt is the XSLT C library developed for the GNOME project. XSLT is + an XML language to define transformations for XML. +

+ + +

An out of bounds read error has been found in libxslt/pattern.c in + libxslt. +

+ + +

A remote attacker could entice a user to process an XML file using a + specially crafted XSLT stylesheet in an application linked against + libxslt, possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libxslt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.26-r3" + + + + CVE-2011-3970 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-09.xml new file mode 100644 index 0000000000..f8215de1b0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-09.xml @@ -0,0 +1,60 @@ + + + + ImageMagick: User-assisted execution of arbitrary code + Vulnerabilities found in ImageMagick might allow remote attackers + to execute arbitrary code. + + ImageMagick + March 06, 2012 + March 06, 2012: 1 + 402999 + remote + + + 6.7.5.3 + 6.7.5.3 + + + +

ImageMagick is a collection of tools and libraries for manipulating + various image formats. +

+ + +

Two vulnerabilities have been found in ImageMagick:

+ +
    +
  • Incorrect offset and count values in the ResolutionUnit tag in EXIF + IFD could cause memory corruption (CVE-2012-0247). +
    • +
  • IOP tag offsets pointing to the beginning of an IFD could cause an + infinite loop of ImageMagick parsing the IFD structure (CVE-2012-0248). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted image, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All ImageMagick users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.7.5.3" + + + + + CVE-2012-0247 + CVE-2012-0248 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-10.xml new file mode 100644 index 0000000000..ee601ed771 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-10.xml @@ -0,0 +1,64 @@ + + + + libmikmod: User-assisted execution of arbitrary code + Multiple buffer overflow vulnerabilities in libmikmod may allow an + attacker to execute arbitrary code or cause a Denial of Service condition. + + libmikmod + March 06, 2012 + March 06, 2012: 1 + 335892 + remote + + + 3.2.0_beta2-r3 + 3.1.12-r1 + 3.2.0_beta2-r3 + + + +

libmikmod is a library to play a wide range of module formats.

+ + +

Multiple boundary errors have been found in load_it.c in libmikmod, + which may cause a buffer overflow. +

+ + +

A remote attacker could entice a user to open specially crafted files in + an application linked against libmikmod, possibly resulting in execution + of arbitrary code with the permissions of the user running the + application, or Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All libmikmod 3.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-libs/libmikmod-3.2.0_beta2-r3" + + +

All libmikmod 3.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libmikmod-3.1.12-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2010-2546 + CVE-2010-2971 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-11.xml new file mode 100644 index 0000000000..7aa72875fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-11.xml @@ -0,0 +1,53 @@ + + + + usbmuxd: User-assisted execution of arbitrary code + A buffer overflow vulnerability in usbmuxd could result in the + execution of arbitrary code. + + usbmuxd + March 06, 2012 + March 06, 2012: 1 + 399409 + local + + + 1.0.7-r1 + 1.0.7-r1 + + + +

usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod + Touch devices. +

+ + +

The "receive_packet()" function in libusbmuxd.c contains a boundary + error when parsing the "SerialNumber" field of a USB device, which could + cause a heap-based buffer overflow. +

+ + +

An attacker could gain physical access or entice a user to connect to a + malicious USB device, possibly resulting in execution of arbitrary code + with the privileges of the "usbmux" user. +

+ + +

There is no known workaround at this time.

+ + +

All usbmuxd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-pda/usbmuxd-1.0.7-r1" + + + + + CVE-2012-0065 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-12.xml new file mode 100644 index 0000000000..831a623b9f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-12.xml @@ -0,0 +1,108 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSL, allowing + remote attackers to cause a Denial of Service or obtain sensitive + information. + + openssl + March 06, 2012 + June 06, 2015: 9 + 397695 + 399365 + remote + + + 1.0.0g + 0.9.8t + 0.9.8u + 0.9.8v + 0.9.8w + 0.9.8x + 0.9.8y + 0.9.8z_p1 + 0.9.8z_p2 + 0.9.8z_p3 + 0.9.8z_p4 + 0.9.8z_p5 + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.0g + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been found in OpenSSL:

+ +
    +
  • Timing differences for decryption are exposed by CBC mode encryption + in OpenSSL’s implementation of DTLS (CVE-2011-4108). +
    • +
  • A policy check failure can result in a double-free error when + X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109). +
    • +
  • Clients and servers using SSL 3.0 handshakes do not clear the block + cipher padding, allowing a record to contain up to 15 bytes of + uninitialized memory, which could include sensitive information + (CVE-2011-4576). +
    • +
  • Assertion errors can occur during the handling of malformed X.509 + certificates when OpenSSL is built with RFC 3779 support + (CVE-2011-4577). +
    • +
  • A resource management error can occur when OpenSSL’s server gated + cryptography (SGC) does not properly handle handshake restarts + (CVE-2011-4619). +
    • +
  • Invalid parameters in the GOST block cipher are not properly handled + by the GOST ENGINE(CVE-2012-0027). +
    • +
  • An incorrect fix for CVE-2011-4108 creates an unspecified + vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). +
    • +
+ + +

A remote attacker may be able to cause a Denial of Service or obtain + sensitive information, including plaintext passwords. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g" + + + + CVE-2011-4108 + CVE-2011-4109 + CVE-2011-4576 + CVE-2011-4577 + CVE-2011-4619 + CVE-2012-0027 + + CVE-2012-0050 + + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-13.xml new file mode 100644 index 0000000000..4296f860c5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-13.xml @@ -0,0 +1,62 @@ + + + + Openswan: Denial of Service + Multiple vulnerabilities in Openswan may create a Denial of Service + condition. + + Openswan + March 16, 2012 + March 16, 2012: 1 + 372961 + 389097 + local, remote + + + 2.6.37 + 2.6.37 + + + +

Openswan is an implementation of IPsec for Linux.

+ + +

Two vulnerabilities have been found in Openswan:

+ +
    +
  • Improper permissions are used on /var/run/starter.pid and + /var/lock/subsys/ipsec (CVE-2011-2147). +
    • +
  • Openswan contains a use-after-free error in the cryptographic helper + handler (CVE-2011-4073). +
    • +
+ + +

A remote authenticated attacker or a local attacker may be able to cause + a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Openswan users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.6.37" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 10, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2011-2147 + CVE-2011-4073 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-14.xml new file mode 100644 index 0000000000..fe8f97462b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-14.xml @@ -0,0 +1,73 @@ + + + + Audacious Plugins: User-assisted execution of arbitrary code + Multiple vulnerabilities in Audacious Plugins could result in + execution of arbitrary code or Denial of Service. + + audacious-plugins + March 16, 2012 + March 16, 2012: 1 + 383991 + remote + + + 3.1 + 3.1 + + + +

Plugins for the Audacious music player.

+ + +

Multiple vulnerabilities have been found in Audacious Plugins:

+ +
    +
  • The "CSoundFile::ReadWav()" function in load_wav.cpp contains an + integer overflow which could cause a heap-based buffer overflow + (CVE-2011-2911). +
    • +
  • The "CSoundFile::ReadS3M()" function in load_s3m.cpp contains + multiple boundary errors which could cause a stack-based buffer + overflow (CVE-2011-2912). +
    • +
  • The "CSoundFile::ReadAMS()" function in load_ams.cpp contains an + off-by-one error which could cause memory corruption (CVE-2011-2913). +
    • +
  • The "CSoundFile::ReadDSM()" function in load_dms.cpp contains an + off-by-one error which could cause memory corruption (CVE-2011-2914). +
    • +
  • The "CSoundFile::ReadAMS2()" function in load_ams.cpp contains an + off-by-one error which could cause memory corruption (CVE-2011-2915). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in execution of arbitrary code, or a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Audacious Plugins users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-plugins/audacious-plugins-3.1" + + + + + CVE-2011-2911 + CVE-2011-2912 + CVE-2011-2913 + CVE-2011-2914 + CVE-2011-2915 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-15.xml new file mode 100644 index 0000000000..b1c6b4bce3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-15.xml @@ -0,0 +1,59 @@ + + + + gif2png: Multiple vulnerabilities + Multiple vulnerabilities have been found in gif2png, the worst of + which might allow execution of arbitrary code. + + gif2png + March 16, 2012 + March 16, 2012: 1 + 351698 + remote + + + 2.5.8 + 2.5.8 + + + +

gif2png converts images from GIF format to PNG format.

+ + +

Two vulnerabilities have been found in gif2png:

+ +
    +
  • A boundary error in gif2png.c could cause a buffer overflow + (CVE-2010-4694). +
    • +
  • The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames + (CVE-2010-4695). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted GIF + file, possibly resulting in execution of arbitrary code, a Denial of + Service condition, or the creation of PNG files in unintended + directories. +

+ + +

There is no known workaround at this time.

+ + +

All gif2png users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.8" + + + + + CVE-2010-4694 + CVE-2010-4695 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-16.xml new file mode 100644 index 0000000000..03927b2042 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-16.xml @@ -0,0 +1,84 @@ + + + + ModPlug: User-assisted execution of arbitrary code + Multiple vulnerabilities in ModPlug could result in execution of + arbitrary code or Denial of Service. + + libmodplug + March 16, 2012 + March 16, 2012: 2 + 362503 + 379557 + remote + + + 0.8.8.4 + 0.8.8.4 + + + +

ModPlug is a library for playing MOD-like music.

+ + +

Multiple vulnerabilities have been found in ModPlug:

+ +
    +
  • The ReadS3M method in load_s3m.cpp fails to validate user-supplied + information, which could cause a stack-based buffer overflow + (CVE-2011-1574). +
    • +
  • The "CSoundFile::ReadWav()" function in load_wav.cpp contains an + integer overflow which could cause a heap-based buffer overflow + (CVE-2011-2911). +
    • +
  • The "CSoundFile::ReadS3M()" function in load_s3m.cpp contains + multiple boundary errors which could cause a stack-based buffer + overflow (CVE-2011-2912). +
    • +
  • The "CSoundFile::ReadAMS()" function in load_ams.cpp contains an + off-by-one error which could cause memory corruption (CVE-2011-2913). +
    • +
  • The "CSoundFile::ReadDSM()" function in load_dms.cpp contains an + off-by-one error which could cause memory corruption (CVE-2011-2914). +
    • +
  • The "CSoundFile::ReadAMS2()" function in load_ams.cpp contains an + off-by-one error which could cause memory corruption (CVE-2011-2915). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted media + file, possibly resulting in execution of arbitrary code, or a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ModPlug users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.8.4" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 27, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2011-1574 + CVE-2011-2911 + CVE-2011-2912 + CVE-2011-2913 + CVE-2011-2914 + CVE-2011-2915 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-17.xml new file mode 100644 index 0000000000..e02b8e4f92 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-17.xml @@ -0,0 +1,64 @@ + + + + HPLIP: Multiple vulnerabilities + Multiple vulnerabilities have been found in HPLIP, the worst of + which may allow execution of arbitrary code. + + hplip + March 16, 2012 + March 16, 2012: 1 + 352085 + 388655 + local, remote + + + 3.11.10 + 3.11.10 + + + +

The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides + drivers for HP's inkjet and laser printers, scanners and fax machines. +

+ + +

Two vulnerabilities have been found in HPLIP:

+ +
    +
  • The "hpmud_get_pml()" function in pml.c contains a boundary error + which could cause a stack-based buffer overflow (CVE-2010-4267). +
    • +
  • The "send_data_to_stdout()" function in hpcupsfax.cpp creates + insecure temporary files (CVE-2011-2722). +
    • +
+ + +

A remote attacker might send specially crafted SNMP reponses, possibly + resulting in execution of arbitrary code or a Denial of Service + condition. Furthermore, a local attacker could perform symlink attacks to + overwrite arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All HPLIP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/hplip-3.11.10" + + + + + CVE-2010-4267 + CVE-2011-2722 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-18.xml new file mode 100644 index 0000000000..e64a53e192 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-18.xml @@ -0,0 +1,55 @@ + + + + Minitube: Insecure temporary file usage + An insecure temporary file usage has been reported in Minitube, + possibly allowing symlink attacks. + + Minitube + March 16, 2012 + March 16, 2012: 1 + 388867 + local + + + 1.6 + 1.6 + + + +

Minitube is a Qt4 YouTube desktop client.

+ + +

Tomáš Pružina reported that Minitube does not handle temporary files + securely. +

+ + +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Minitube users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/minitube-1.6" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 11, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + Minitube 1.6 + Release + + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-19.xml new file mode 100644 index 0000000000..bf17f6b3f4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-19.xml @@ -0,0 +1,148 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium, some of + which may allow execution of arbitrary code. + + chromium + March 25, 2012 + March 25, 2012: 1 + 406975 + 407465 + 407755 + 409251 + remote + + + 17.0.963.83 + 17.0.963.83 + + + +

Chromium is an open source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + Universal Cross-Site Scripting, or installation of an extension without + user interaction. +

+ +

A remote attacker could also entice a user to install a specially + crafted extension that would interfere with browser-issued web requests. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-17.0.963.83" + + + + + CVE-2011-3031 + + + CVE-2011-3032 + + + CVE-2011-3033 + + + CVE-2011-3034 + + + CVE-2011-3035 + + + CVE-2011-3036 + + + CVE-2011-3037 + + + CVE-2011-3038 + + + CVE-2011-3039 + + + CVE-2011-3040 + + + CVE-2011-3041 + + + CVE-2011-3042 + + + CVE-2011-3043 + + + CVE-2011-3044 + + + CVE-2011-3046 + + + CVE-2011-3047 + + + CVE-2011-3049 + + + CVE-2011-3050 + + + CVE-2011-3051 + + + CVE-2011-3052 + + + CVE-2011-3053 + + + CVE-2011-3054 + + + CVE-2011-3055 + + + CVE-2011-3056 + + + CVE-2011-3057 + + + Release Notes 17.0.963.65 + + + Release Notes 17.0.963.78 + + + Release Notes 17.0.963.79 + + + Release Notes 17.0.963.83 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-20.xml new file mode 100644 index 0000000000..12daa03f4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-20.xml @@ -0,0 +1,50 @@ + + + + Logwatch: Arbitrary code execution + A vulnerability in Logwatch might allow remote attackers to execute + arbitrary code. + + Logwatch + March 28, 2012 + March 28, 2012: 1 + 356387 + remote + + + 7.4.0 + 7.4.0 + + + +

Logwatch analyzes and reports on system logs.

+ + +

logwatch.pl does not properly sanitize log filenames against shell + metacharacters before passing them to the "system()" function. +

+ + +

A remote attacker could pass a specially crafted log filename to + Logwatch, possibly resulting in execution of arbitrary code with root + privileges or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Logwatch users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/logwatch-7.4.0" + + + + + CVE-2011-1018 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-21.xml new file mode 100644 index 0000000000..b7997d15a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-21.xml @@ -0,0 +1,63 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities have been found in Asterisk, the worst of + which may allow execution of arbitrary code. + + Asterisk + March 28, 2012 + March 28, 2012: 1 + 408431 + remote + + + 1.8.10.1 + 1.8.10.1 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Two vulnerabilities have been found in Asterisk:

+ +
    +
  • The "milliwatt_generate()" function in app_milliwatt.c is vulnerable + to a stack overrun (AST-2012-002). +
    • +
  • The "ast_parse_digest()" function in utils.c is vulnerable to a + stack-based buffer overflow (AST-2012-003). +
    • +
+ + +

A remote unauthenticated attacker could execute arbitrary code or cause + a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.10.1" + + + + + + AST-2012-002 + + + AST-2012-003 + + CVE-2012-1183 + CVE-2012-1184 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-22.xml new file mode 100644 index 0000000000..f05ab05bd6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-22.xml @@ -0,0 +1,82 @@ + + + + nginx: Multiple vulnerabilities + Multiple vulnerabilities have been found in nginx, the worst of + which may allow execution of arbitrary code. + + nginx + March 28, 2012 + March 28, 2012: 1 + 293785 + 293786 + 293788 + 389319 + 408367 + remote + + + 1.0.14 + 1.0.14 + + + +

nginx is a robust, small, and high performance HTTP and reverse proxy + server. +

+ + +

Multiple vulnerabilities have been found in nginx:

+ +
    +
  • The TLS protocol does not properly handle session renegotiation + requests (CVE-2009-3555). +
    • +
  • The "ngx_http_process_request_headers()" function in ngx_http_parse.c + could cause a NULL pointer dereference (CVE-2009-3896). +
    • +
  • nginx does not properly sanitize user input for the the WebDAV COPY + or MOVE methods (CVE-2009-3898). +
    • +
  • The "ngx_resolver_copy()" function in ngx_resolver.c contains a + boundary error which could cause a heap-based buffer overflow + (CVE-2011-4315). +
    • +
  • nginx does not properly parse HTTP header responses which could + expose sensitive information (CVE-2012-1180). +
    • +
+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the nginx process, cause a Denial of Service condition, + create or overwrite arbitrary files, or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All nginx users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14" + + + + + CVE-2009-3555 + + CVE-2009-3896 + + CVE-2009-3898 + + CVE-2011-4315 + + CVE-2012-1180 + + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-23.xml new file mode 100644 index 0000000000..7a72191bf2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-23.xml @@ -0,0 +1,61 @@ + + + + libzip: Multiple vulnerabilities + Multiple vulnerabilities have been found in libzip, the worst of + which might allow execution of arbitrary code. + + libzip + March 29, 2012 + March 29, 2012: 1 + 409117 + remote + + + 0.10.1 + 0.10.1 + + + +

libzip is a library for manipulating zip archives.

+ + +

Two vulnerabilities have been found in the "_zip_readcdir()" function in + zip_open.c of libzip: +

+ +
    +
  • An incorrect loop construct, which could cause a heap-based buffer + overflow (CVE-2012-1162). +
    • +
  • An integer overflow, which may not restrict operations within the + memory buffer (CVE-2012-1163). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted ZIP + file, possibly resulting in execution of arbitrary code with the + privileges of the process, a Denial of Service condition, or information + leaks. +

+ + +

There is no known workaround at this time.

+ + +

All libzip users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libzip-0.10.1" + + + + + CVE-2012-1162 + CVE-2012-1163 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-24.xml new file mode 100644 index 0000000000..c5ac7a1f44 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201203-24.xml @@ -0,0 +1,103 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + some of which may allow execution of arbitrary code. + + chromium v8 + March 30, 2012 + March 30, 2012: 1 + 410045 + remote + + + 18.0.1025.142 + 18.0.1025.142 + + + 3.8.9.16 + 3.8.9.16 + + + +

Chromium is an open source web browser project. V8 is Google's open + source JavaScript engine. SPDY is an experimental networking protocol. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +

+ +

The attacker could also entice a user to open a specially crafted web + site using Chromium, possibly resulting in cross-site scripting (XSS), or + an unspecified SPDY certificate checking error. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-18.0.1025.142" + + +

All V8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.8.9.16" + + + + + CVE-2011-3057 + + + CVE-2011-3058 + + + CVE-2011-3059 + + + CVE-2011-3060 + + + CVE-2011-3061 + + + CVE-2011-3062 + + + CVE-2011-3063 + + + CVE-2011-3064 + + + CVE-2011-3065 + + + Release Notes 18.0.1025.142 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-01.xml new file mode 100644 index 0000000000..a9a159e140 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-01.xml @@ -0,0 +1,66 @@ + + + + VirtualBox: Multiple vulnerabilities + Multiple vulnerabilities were found in VirtualBox, allowing local + attackers to gain escalated privileges. + + virtualbox + April 09, 2012 + April 09, 2012: 1 + 386317 + 399807 + local + + + 4.1.8 + 4.1.8 + + + 4.1.4 + 4.1.8 + + + +

VirtualBox is a powerful virtualization product from Oracle.

+ + +

Multiple unspecified vulnerabilities have been discovered in VirtualBox. + Please review the CVE identifiers referenced below for details. +

+ + +

A local attacker may be able to gain escalated privileges via unknown + attack vectors. +

+ + +

There is no known workaround at this time.

+ + +

All VirtualBox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.1.8" + + +

All VirtualBox binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/virtualbox-bin-4.1.8" + + + + + CVE-2010-4414 + CVE-2011-2300 + CVE-2011-2305 + CVE-2012-0105 + CVE-2012-0111 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-02.xml new file mode 100644 index 0000000000..5845a2a036 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-02.xml @@ -0,0 +1,50 @@ + + + + InspIRCd: Arbitrary code execution + A heap-based buffer overflow in InspIRCd may allow execution of + arbitrary code. + + InspIRCd + April 10, 2012 + April 10, 2012: 1 + 409159 + remote + + + 2.0.5-r1 + 2.0.5-r1 + + + +

InspIRCd (Inspire IRCd) is a modular C++ IRC daemon

+ + +

A vulnerability in InspIRCd allows DNS compression features to control + the number of overflowed bytes sent to the heap-based buffer "res[]" in + dns.cpp. +

+ + +

A remote attacker could send specially crafted DNS responses, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All InspIRCd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/inspircd-2.0.5-r1" + + + + CVE-2012-1836 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-03.xml new file mode 100644 index 0000000000..b8f93b6946 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-03.xml @@ -0,0 +1,94 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium, some of + which may allow execution of arbitrary code. + + chromium + April 10, 2012 + April 10, 2012: 1 + 410963 + remote + + + 18.0.1025.151 + 18.0.1025.151 + + + +

Chromium is an open source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + or bypass of the same origin policy. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-18.0.1025.151" + + + + + + CVE-2011-3066 + + + CVE-2011-3067 + + + CVE-2011-3068 + + + CVE-2011-3069 + + + CVE-2011-3070 + + + CVE-2011-3071 + + + CVE-2011-3072 + + + CVE-2011-3073 + + + CVE-2011-3074 + + + CVE-2011-3075 + + + CVE-2011-3076 + + + CVE-2011-3077 + + + Release Notes 18.0.1025.151 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-04.xml new file mode 100644 index 0000000000..880a27c83b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-04.xml @@ -0,0 +1,69 @@ + + + + FreeType: Multiple vulnerabilities + Multiple vulnerabilities have been found in FreeType, allowing + remote attackers to possibly execute arbitrary code or cause Denial of + Service. + + FreeType + April 17, 2012 + April 17, 2012: 1 + 407257 + remote + + + 2.4.9 + 2.4.9 + + + +

FreeType is a high-quality and portable font engine.

+ + +

Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted font, + possibly resulting in execution of arbitrary code with the privileges of + the user running the application, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All FreeType users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.9" + + + + + CVE-2012-1126 + CVE-2012-1127 + CVE-2012-1128 + CVE-2012-1129 + CVE-2012-1130 + CVE-2012-1131 + CVE-2012-1132 + CVE-2012-1133 + CVE-2012-1134 + CVE-2012-1135 + CVE-2012-1136 + CVE-2012-1137 + CVE-2012-1138 + CVE-2012-1139 + CVE-2012-1140 + CVE-2012-1141 + CVE-2012-1142 + CVE-2012-1143 + CVE-2012-1144 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-05.xml new file mode 100644 index 0000000000..a49cb99250 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-05.xml @@ -0,0 +1,56 @@ + + + + SWFTools: User-assisted execution of arbitrary code + A heap-based buffer overflow in SWFTools could result in the + execution of arbitrary code. + + SWFTools + April 17, 2012 + April 18, 2012: 2 + 332649 + remote + + + 0.9.1 + + + +

SWFTools is a collection of SWF manipulation and generation utilities + written by Rainer Böhme and Matthias Kramm. +

+ + +

Integer overflow errors in the "getPNG()" function in png.c and the + "jpeg_load()" function in jpeg.c could cause a heap-based buffer + overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted PNG or + JPEG file, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo discontinued support for SWFTools. We recommend that users + unmerge swftools: +

+ + + # emerge --unmerge "media-gfx/swftools" + + +

NOTE: Users could upgrade to ">=media-gfx/swftools-0.9.1", however + these packages are not currently stable. +

+ + + CVE-2010-1516 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-06.xml new file mode 100644 index 0000000000..5e0f58eb1c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-06.xml @@ -0,0 +1,68 @@ + + + + PolicyKit: Multiple vulnerabilities + Multiple vulnerabilities have been found in PolicyKit, the worst of + which may allow a local attacker to gain root privileges. + + polkit + April 17, 2012 + April 17, 2012: 1 + 314535 + 364973 + 401513 + local + + + 0.104-r1 + 0.104-r1 + + + +

PolicyKit is a toolkit for controlling privileges for system-wide + services. +

+ + +

Multiple vulnerabilities have been found in PolicyKit:

+ +
    +
  • Error messages in the pkexec utility disclose the existence of local + files (CVE-2010-0750). +
    • +
  • The pkexec utility initially checks the effective user ID of its + parent process for authorization, instead of checking the real user ID + (CVE-2011-1485). +
    • +
  • Members of the "wheel" group are able to execute commands as an + administrator without a password (CVE-2011-4945). +
    • +
+ + +

A local attacker could gain elevated privileges or sensitive + information. +

+ + +

There is no known workaround at this time.

+ + +

All PolicyKit users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.104-r1" + + + + + CVE-2010-0750 + CVE-2011-1485 + CVE-2011-4945 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-07.xml new file mode 100644 index 0000000000..d02c805fb0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-07.xml @@ -0,0 +1,78 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities in Adobe Flash Player, the worst of which + might allow remote attackers to execute arbitrary code. + + Adobe Flash Player + April 17, 2012 + April 17, 2012: 1 + 390149 + 404101 + 407023 + 410005 + remote + + + 11.2.202.228 + 11.2.202.228 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker may be able to bypass intended access restrictions, + bypass cross-domain policy, inject arbitrary web script, or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.228" + + + + CVE-2011-2445 + CVE-2011-2450 + CVE-2011-2451 + CVE-2011-2452 + CVE-2011-2453 + CVE-2011-2454 + CVE-2011-2455 + CVE-2011-2456 + CVE-2011-2457 + CVE-2011-2458 + CVE-2011-2459 + CVE-2011-2460 + CVE-2012-0752 + CVE-2012-0753 + CVE-2012-0754 + CVE-2012-0755 + CVE-2012-0756 + CVE-2012-0767 + CVE-2012-0768 + CVE-2012-0769 + CVE-2012-0773 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-08.xml new file mode 100644 index 0000000000..5f66954891 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201204-08.xml @@ -0,0 +1,53 @@ + + + + Perl DBD-Pg Module: Arbitrary code execution + Two format string vulnerabilities have been found in the Perl + DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary + code. + + DBD-Pg + April 17, 2012 + April 17, 2012: 1 + 407549 + remote + + + 2.19.0 + 2.19.0 + + + +

DBD-Pg is a PostgreSQL interface module for Perl.

+ + +

Format string vulnerabilities have been found in the the "pg_warn()" and + "dbd_st_prepare()" functions in dbdimp.c. +

+ + +

A remote PostgreSQL server could send specially crafted database + warnings or DBD statements, possibly resulting in execution of arbitrary + code. +

+ + +

There is no known workaround at this time.

+ + +

All users of the Perl DBD-Pg module should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/DBD-Pg-2.19.0" + + + + + CVE-2012-1151 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-01.xml new file mode 100644 index 0000000000..1fcb87f9c9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-01.xml @@ -0,0 +1,60 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium, some of + which may allow execution of arbitrary code. + + chromium + May 15, 2012 + May 15, 2012: 1 + 414199 + remote + + + 18.0.1025.168 + 18.0.1025.168 + + + +

Chromium is an open source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-18.0.1025.168" + + + + CVE-2011-3078 + CVE-2011-3081 + CVE-2012-1521 + + Release Notes 18.0.1025.168 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-02.xml new file mode 100644 index 0000000000..005ec14a4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-02.xml @@ -0,0 +1,58 @@ + + + + ConnMan: Multiple vulnerabilities + Multiple vulnerabilities have been found in ConnMan, allowing + attackers to execute arbitrary code or cause Denial of Service. + + ConnMan + May 15, 2012 + May 15, 2012: 1 + 415415 + remote + + + 1.0-r1 + 1.0-r1 + + + +

ConnMan provides a daemon for managing Internet connections.

+ + +

Multiple vulnerabilities have been found in ConnMan:

+ +
    +
  • Errors in inet.c and rtnl.c prevent ConnMan from checking the origin + of netlink messages (CVE-2012-2320). +
    • +
  • ConnMan does not properly check for shell escapes when requesting a + hostname via DHCP (CVE-2012-2321). +
    • +
  • An infinite loop error exists in client.c (CVE-2012-2322).
    • +
+ + +

A remote attacker could execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ConnMan users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/connman-1.0-r1" + + + + CVE-2012-2320 + CVE-2012-2321 + CVE-2012-2322 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-03.xml new file mode 100644 index 0000000000..f9b96dd31e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-03.xml @@ -0,0 +1,119 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + some of which may allow execution of arbitrary code. + + chromium v8 + May 21, 2012 + May 21, 2012: 1 + 416119 + remote + + + 19.0.1084.46 + 19.0.1084.46 + + + 3.9.24.21 + 3.9.24.21 + + + +

Chromium is an open source web browser project. V8 is Google’s open + source JavaScript engine. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-19.0.1084.46" + + +

All V8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.9.24.21" + + + + + CVE-2011-3083 + + + CVE-2011-3084 + + + CVE-2011-3085 + + + CVE-2011-3086 + + + CVE-2011-3087 + + + CVE-2011-3088 + + + CVE-2011-3089 + + + CVE-2011-3090 + + + CVE-2011-3091 + + + CVE-2011-3092 + + + CVE-2011-3093 + + + CVE-2011-3094 + + + CVE-2011-3095 + + + CVE-2011-3096 + + + CVE-2011-3100 + + + CVE-2011-3101 + + + Release Notes 19.0.1084.46 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-04.xml new file mode 100644 index 0000000000..1169967f72 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201205-04.xml @@ -0,0 +1,99 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + some of which may allow execution of arbitrary code. + + chromium v8 + May 27, 2012 + May 27, 2012: 1 + 417321 + remote + + + 19.0.1084.52 + 19.0.1084.52 + + + 3.9.24.28 + 3.9.24.28 + + + +

Chromium is an open source web browser project. V8 is Google’s open + source JavaScript engine. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-19.0.1084.52" + + +

All V8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.9.24.28" + + + + + + CVE-2011-3103 + + + CVE-2011-3104 + + + CVE-2011-3105 + + + CVE-2011-3106 + + + CVE-2011-3107 + + + CVE-2011-3108 + + + CVE-2011-3109 + + + CVE-2011-3111 + + + CVE-2011-3115 + + + Release Notes 19.0.1084.52 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-01.xml new file mode 100644 index 0000000000..a99347edf5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-01.xml @@ -0,0 +1,69 @@ + + + + BIND: Multiple vulnerabilities + Multiple vulnerabilities have been found in BIND, the worst of + which allowing to cause remote Denial of Service. + + bind + June 02, 2012 + June 02, 2012: 1 + 347621 + 356223 + 368863 + 374201 + 374623 + 390753 + remote + + + 9.7.4_p1 + 9.7.4_p1 + + + +

BIND is the Berkeley Internet Name Domain Server.

+ + +

Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +

+ + +

The vulnerabilities allow remote attackers to cause a Denial of Service + (daemon crash) via a DNS query, to bypass intended access restrictions, + to incorrectly cache a ncache entry and a rrsig for the same type and to + incorrectly mark zone data as insecure. +

+ + +

There is no known workaround at this time.

+ + +

All bind users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.7.4_p1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since December 22, 2011. It is likely that your system is + already + no longer affected by this issue. +

+ + + CVE-2010-3613 + CVE-2010-3614 + CVE-2010-3615 + CVE-2010-3762 + CVE-2011-0414 + CVE-2011-1910 + CVE-2011-2464 + CVE-2011-2465 + CVE-2011-4313 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-02.xml new file mode 100644 index 0000000000..d3d160cb77 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-02.xml @@ -0,0 +1,54 @@ + + + + QtGui: User-assisted execution of arbitrary code + A buffer overflow in QtGui could result in execution of arbitrary + code or Denial of Service. + + qt-gui + June 03, 2012 + June 03, 2012: 1 + 384089 + remote + + + 4.7.4-r1 + 4.7.4-r1 + + + +

QtGui is a module for the Qt toolkit.

+ + +

An error in qtiffhandler.cpp could cause a buffer overflow.

+ + +

A remote attacker could entice a user to open a specially crafted TIFF + image with an application linked against QtGui, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All QtGui users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/qt-gui-4.7.4-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2011-3194 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-03.xml new file mode 100644 index 0000000000..a4bdd77571 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-03.xml @@ -0,0 +1,186 @@ + + + + Opera: Multiple vulnerabilities + Multiple vulnerabilities have been found in Opera, the worst of + which allow for the execution of arbitrary code. + + Opera + June 15, 2012 + June 15, 2012: 1 + 264831 + 283391 + 290862 + 293902 + 294208 + 294680 + 308069 + 324189 + 325199 + 326413 + 332449 + 348874 + 352750 + 367837 + 373289 + 381275 + 386217 + 387137 + 393395 + 409857 + 415379 + 421075 + remote + + + 12.00.1467 + 12.00.1467 + + + +

Opera is a fast web browser that is available free of charge.

+ + +

Multiple vulnerabilities have been discovered in Opera. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + page, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. A remote + attacker may be able to: trick users into downloading and executing + arbitrary files, bypass intended access restrictions, spoof trusted + content, spoof URLs, bypass the Same Origin Policy, obtain sensitive + information, force subscriptions to arbitrary feeds, bypass the popup + blocker, bypass CSS filtering, conduct cross-site scripting attacks, or + have other unknown impact. +

+ +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application or possibly + obtain sensitive information. +

+ +

A physically proximate attacker may be able to access an email account.

+ + +

There is no known workaround at this time.

+ + +

All Opera users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" + + + + CVE-2009-1234 + CVE-2009-2059 + CVE-2009-2063 + CVE-2009-2067 + CVE-2009-2070 + CVE-2009-3013 + CVE-2009-3044 + CVE-2009-3045 + CVE-2009-3046 + CVE-2009-3047 + CVE-2009-3048 + CVE-2009-3049 + CVE-2009-3831 + CVE-2009-4071 + CVE-2009-4072 + CVE-2010-0653 + CVE-2010-1349 + CVE-2010-1989 + CVE-2010-1993 + CVE-2010-2121 + CVE-2010-2421 + CVE-2010-2455 + CVE-2010-2576 + CVE-2010-2658 + CVE-2010-2659 + CVE-2010-2660 + CVE-2010-2661 + CVE-2010-2662 + CVE-2010-2663 + CVE-2010-2664 + CVE-2010-2665 + CVE-2010-3019 + CVE-2010-3020 + CVE-2010-3021 + CVE-2010-4579 + CVE-2010-4580 + CVE-2010-4581 + CVE-2010-4582 + CVE-2010-4583 + CVE-2010-4584 + CVE-2010-4585 + CVE-2010-4586 + CVE-2011-0681 + CVE-2011-0682 + CVE-2011-0683 + CVE-2011-0684 + CVE-2011-0685 + CVE-2011-0686 + CVE-2011-0687 + CVE-2011-1337 + CVE-2011-1824 + CVE-2011-2609 + CVE-2011-2610 + CVE-2011-2611 + CVE-2011-2612 + CVE-2011-2613 + CVE-2011-2614 + CVE-2011-2615 + CVE-2011-2616 + CVE-2011-2617 + CVE-2011-2618 + CVE-2011-2619 + CVE-2011-2620 + CVE-2011-2621 + CVE-2011-2622 + CVE-2011-2623 + CVE-2011-2624 + CVE-2011-2625 + CVE-2011-2626 + CVE-2011-2627 + CVE-2011-2628 + CVE-2011-2629 + CVE-2011-2630 + CVE-2011-2631 + CVE-2011-2632 + CVE-2011-2633 + CVE-2011-2634 + CVE-2011-2635 + CVE-2011-2636 + CVE-2011-2637 + CVE-2011-2638 + CVE-2011-2639 + CVE-2011-2640 + CVE-2011-2641 + CVE-2011-3388 + CVE-2011-4065 + CVE-2011-4681 + CVE-2011-4682 + CVE-2011-4683 + CVE-2012-1924 + CVE-2012-1925 + CVE-2012-1926 + CVE-2012-1927 + CVE-2012-1928 + CVE-2012-1930 + CVE-2012-1931 + CVE-2012-3555 + CVE-2012-3556 + CVE-2012-3557 + CVE-2012-3558 + CVE-2012-3560 + CVE-2012-3561 + + + keytoaster + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-04.xml new file mode 100644 index 0000000000..16c76aa19d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-04.xml @@ -0,0 +1,54 @@ + + + + ArgyllCMS: User-assisted execution of arbitrary code + A vulnerability has been found in ArgyllCMS which could allow + attackers to execute arbitrary code. + + argyllcms + June 18, 2012 + June 18, 2012: 1 + 416781 + remote + + + 1.4.0 + 1.4.0 + + + +

ArgyllCMS is an ICC compatible color management system that supports + accurate ICC profile creation for scanners, cameras and film recorders. +

+ + +

ArgyllCMS does not properly handle ICC profiles causing a use-after-free + vulnerability. +

+ + +

A remote attacker could entice a user to open a specially crafted image + file using ArgyllCMS, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All argyllcms users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0" + + + + + + CVE-2012-1616 + + + n0idx80 + n0idx80 + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-05.xml new file mode 100644 index 0000000000..9929beab00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-05.xml @@ -0,0 +1,68 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities in Asterisk might allow remote attackers + to execute arbitrary code. + + Asterisk + June 21, 2012 + June 21, 2012: 1 + 413353 + 418189 + 418191 + remote + + + 1.8.12.1 + 1.8.12.1 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple vulnerabilities have been found in Asterisk:

+ +
    +
  • An error in manager.c allows shell access through the MixMonitor + application, GetVar, or Status (CVE-2012-2414). +
    • +
  • An error in chan_skinny.c could cause a heap-based buffer overflow + (CVE-2012-2415). +
    • +
  • An error in chan_sip.c prevents Asterisk from checking if a channel + exists before connected line updates (CVE-2012-2416). +
    • +
  • An error in chan_iax2.c may cause an invalid pointer to be called + (CVE-2012-2947). +
    • +
  • chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948).
    • +
+ + +

A remote attacker could execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.12.1" + + + + CVE-2012-2414 + CVE-2012-2415 + CVE-2012-2416 + CVE-2012-2947 + CVE-2012-2948 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-06.xml new file mode 100644 index 0000000000..416dec08f2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-06.xml @@ -0,0 +1,48 @@ + + + + OpenJPEG: User-assisted execution of arbitrary code + A vulnerability in OpenJPEG could result in execution of arbitrary + code. + + OpenJPEG + June 21, 2012 + June 21, 2012: 1 + 409203 + remote + + + 1.5.0 + 1.5.0 + + + +

OpenJPEG is an open-source JPEG 2000 library.

+ + +

An error in jp2.c of OpenJPEG could allow an out-of-bounds write error.

+ + +

A remote attacker could entice a user to open a specially crafted JPEG + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OpenJPEG users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-1.5.0" + + + + + CVE-2012-1499 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-07.xml new file mode 100644 index 0000000000..36b34e8b0f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-07.xml @@ -0,0 +1,54 @@ + + + + nginx: User-assisted execution of arbitrary code + A buffer overflow vulnerability in nginx could result in the + execution of arbitrary code. + + nginx + June 21, 2012 + June 21, 2012: 1 + 411751 + remote + + + 1.0.15 + 1.0.15 + + + +

nginx is a robust, small, and high performance HTTP and reverse proxy + server. +

+ + +

An error in ngx_http_mp4_module.c could cause a buffer overflow.

+ +

NOTE: nginx must have been emerged with USE="nginx_modules_http_mp4" in + order to be affected by this vulnerability. +

+ + +

A remote attacker could entice a user to place a specially crafted MP4 + file on the nginx server, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All nginx users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.15" + + + + + CVE-2012-2089 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-08.xml new file mode 100644 index 0000000000..2bd6590789 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-08.xml @@ -0,0 +1,60 @@ + + + + Wicd: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wicd, the worst of + which might allow execution of arbitrary code as root. + + wicd + June 21, 2012 + June 21, 2012: 1 + 401005 + 411729 + local + + + 1.7.2.1 + 1.7.2.1 + + + +

Wicd is an open source wired and wireless network manager for Linux.

+ + +

Two vulnerabilities have been found in Wicd:

+ +
    +
  • Passwords and passphrases are written to /var/log/wicd + (CVE-2012-0813). +
    • +
  • Input from the daemon's D-Bus interface is not properly sanitized + (CVE-2012-2095). +
    • +
+ + +

A local attacker could gain privileges of the root user or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Wicd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.7.2.1" + + + + + CVE-2012-0813 + CVE-2012-2095 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-09.xml new file mode 100644 index 0000000000..eb3f2e5fed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-09.xml @@ -0,0 +1,68 @@ + + + + MediaWiki: Multiple vulnerabilities + Multiple vulnerabilities have been found in MediaWiki, the worst of + which leading to remote execution of arbitrary code. + + MediaWiki + June 21, 2012 + June 21, 2012: 1 + 366685 + 409513 + remote + + + 1.18.2 + 1.18.2 + + + +

The MediaWiki wiki web application as used on wikipedia.org.

+ + +

Multiple vulnerabilities have been discovered in mediawiki. Please + review the CVE identifiers referenced below for details. +

+ + +

MediaWiki allows remote attackers to bypass authentication, to perform + imports from any wgImportSources wiki via a crafted POST request, to + conduct cross-site scripting (XSS) attacks or obtain sensitive + information, to inject arbitrary web script or HTML, to conduct + clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary + web script or HTML, to bypass intended access restrictions and to obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All MediaWiki users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.18.2" + + + + CVE-2010-2787 + CVE-2010-2788 + CVE-2010-2789 + CVE-2011-0003 + CVE-2011-0047 + CVE-2011-0537 + CVE-2011-1579 + CVE-2011-1580 + CVE-2011-1766 + CVE-2011-1766 + CVE-2012-1578 + CVE-2012-1579 + CVE-2012-1580 + CVE-2012-1581 + CVE-2012-1582 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-10.xml new file mode 100644 index 0000000000..44c50cc63a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-10.xml @@ -0,0 +1,55 @@ + + + + ejabberd: Multiple Denial of Service vulnerabilities + Multiple vulnerabilities have been found in ejabberd, the worst of + which allowing for remote Denial of Service. + + ejabberd + June 21, 2012 + June 21, 2012: 1 + 308047 + 370201 + 386075 + remote + + + 2.1.9 + 2.1.9 + + + +

ejabberd is the Erlang jabber daemon.

+ + +

Multiple vulnerabilities have been discovered in ejabberd. Please review + the CVE identifiers referenced below for details. +

+ + +

ejabberd allows remote attackers to cause a Denial of Service condition + with the result of either crashing the daemon or the whole system by + causing memory and CPU consumption. +

+ + +

There is no known workaround at this time.

+ + +

All ejabberd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/ejabberd-2.1.9" + + + + CVE-2010-0305 + CVE-2011-1753 + CVE-2011-4320 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-11.xml new file mode 100644 index 0000000000..60566be288 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-11.xml @@ -0,0 +1,56 @@ + + + + Pidgin: Multiple vulnerabilities + Multiple vulnerabilities were found in Pidgin, the worst of which + allowing for the remote execution of arbitrary code. + + Pidgin + June 21, 2012 + June 21, 2012: 1 + 299751 + 372785 + 385073 + remote + + + 2.10.0-r1 + 2.10.0-r1 + + + +

Pidgin is an GTK Instant Messenger client.

+ + +

Multiple vulnerabilities have been discovered in Pidgin. Please review + the CVE identifiers referenced below for details. +

+ + +

These vulnerabilities allow for arbitrary file retrieval, Denial of + Service and arbitrary code execution with the privileges of the user + running Pidgin. +

+ + +

There is no known workaround at this time.

+ + +

All Pidgin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.0-r1" + + + + + CVE-2010-0013 + CVE-2011-2485 + CVE-2011-3594 + + + keytoaster + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml new file mode 100644 index 0000000000..8d77909c4f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml @@ -0,0 +1,51 @@ + + + + tftp-hpa: Remote buffer overflow + A vulnerability was found in tftp-hpa, which leads to remote + execution of arbitrary code. + + tftp-hpa + June 21, 2012 + June 21, 2012: draft + 374001 + remote + + + 5.1 + 5.1 + + + +

tftp-hpa is the port of the OpenBSD TFTP server.

+ + +

A vulnerability has been discovered in tftp-hpa. Please review the CVE + identifier referenced below for details. +

+ + +

The vulnerability might allow remote attackers to execute arbitrary + code. +

+ + +

There is no known workaround at this time.

+ + +

All tftp-hpa users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/tftp-hpa-5.1" + + + + + CVE-2011-2199 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-13.xml new file mode 100644 index 0000000000..f620e1e690 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-13.xml @@ -0,0 +1,87 @@ + + + + Mono: Multiple vulnerabilities + Multiple vulnerabilities were found in Mono, the worst of which + allowing for the remote execution of arbitrary code. + + mono mono-debugger + June 21, 2012 + June 21, 2012: 1 + 277878 + 342133 + 345561 + 346401 + 351087 + 372983 + local, remote + + + 2.8.1-r1 + 2.8.1-r1 + + + 2.10.2-r1 + 2.10.2-r1 + + + +

Mono is an open source implementation of Microsoft's .NET Framework.

+ + +

Multiple vulnerabilities have been discovered in Mono and Mono debugger. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code, bypass general + constraints, obtain the source code for .aspx applications, obtain other + sensitive information, cause a Denial of Service, modify internal data + structures, or corrupt the internal state of the security manager. +

+ +

A local attacker could entice a user into running Mono debugger in a + directory containing a specially crafted library file to execute + arbitrary code with the privileges of the user running Mono debugger. +

+ +

A context-dependant attacker could bypass the authentication mechanism + provided by the XML Signature specification. +

+ + +

There is no known workaround at this time.

+ + +

All Mono debugger users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/mono-debugger-2.8.1-r1" + + +

All Mono users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/mono-2.10.2-r1" + + + + + CVE-2009-0217 + CVE-2010-3332 + CVE-2010-3369 + CVE-2010-4159 + CVE-2010-4225 + CVE-2010-4254 + CVE-2011-0989 + CVE-2011-0990 + CVE-2011-0991 + CVE-2011-0992 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-14.xml new file mode 100644 index 0000000000..910f31d018 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-14.xml @@ -0,0 +1,58 @@ + + + + Adobe Reader: Multiple vulnerabilities + Multiple vulnerabilities in Adobe Reader might allow remote + attackers to execute arbitrary code or conduct various other attacks. + + acroread + June 22, 2012 + June 22, 2012: 1 + 405949 + 411499 + remote + + + 9.5.1 + 9.5.1 + + + +

Adobe Reader is a closed-source PDF reader.

+ + +

Multiple vulnerabilities have been found in Adobe Reader, including an + integer overflow in TrueType Font handling (CVE-2012-0774) and multiple + unspecified errors which could cause memory corruption. +

+ + +

A remote attacker could entice a user to open a specially crafted PDF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Reader users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.1" + + + + CVE-2011-4370 + CVE-2011-4371 + CVE-2011-4372 + CVE-2011-4373 + CVE-2012-0774 + CVE-2012-0775 + CVE-2012-0776 + CVE-2012-0777 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-15.xml new file mode 100644 index 0000000000..c4a9358d99 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-15.xml @@ -0,0 +1,113 @@ + + + + libpng: Multiple vulnerabilities + Multiple vulnerabilities in libpng might allow remote attackers to + execute arbitrary code or cause a Denial of Service condition. + + libpng + June 22, 2012 + June 06, 2015: 4 + 373967 + 386185 + 401987 + 404197 + 410153 + remote + + + 1.5.10 + 1.2.49 + 1.2.50 + 1.2.51 + 1.2.52 + 1.2.53 + 1.2.54 + 1.2.55 + 1.5.10 + + + +

libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +

+ + +

Multiple vulnerabilities have been discovered in libpng:

+ +
    +
  • The “embedded_profile_len()” function in pngwutil.c does not + check for negative values, resulting in a memory leak (CVE-2009-5063). +
    • +
  • The “png_format_buffer()” function in pngerror.c contains an + off-by-one error (CVE-2011-2501). +
    • +
  • The “png_rgb_to_gray()” function in pngrtran.c contains an + integer overflow error (CVE-2011-2690). +
    • +
  • The “png_err()” function in pngerror.c contains a NULL pointer + dereference error (CVE-2011-2691). +
    • +
  • The “png_handle_sCAL()” function in pngrutil.c improperly handles + malformed sCAL chunks(CVE-2011-2692). +
    • +
  • The “png_decompress_chunk()” function in pngrutil.c contains an + integer overflow error (CVE-2011-3026). +
    • +
  • The “png_inflate()” function in pngrutil.c contains and out of + bounds error (CVE-2011-3045). +
    • +
  • The “png_set_text_2()” function in pngset.c contains an error + which could result in memory corruption (CVE-2011-3048). +
    • +
  • The “png_formatted_warning()” function in pngerror.c contains an + off-by-one error (CVE-2011-3464). +
    • +
+ + +

An attacker could exploit these vulnerabilities to execute arbitrary + code with the permissions of the user running the vulnerable program, + which could be the root user, or to cause programs linked against the + library to crash. +

+ + +

There is no known workaround at this time.

+ + +

All libpng 1.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10" + + +

All libpng 1.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2009-5063 + CVE-2011-2501 + CVE-2011-2690 + CVE-2011-2691 + CVE-2011-2692 + CVE-2011-3026 + CVE-2011-3045 + CVE-2011-3048 + CVE-2011-3464 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-16.xml new file mode 100644 index 0000000000..ed773e226e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-16.xml @@ -0,0 +1,67 @@ + + + + TagLib: Multiple vulnerabilities + Multiple vulnerabilities have been found in TagLib, possibly + resulting in Denial of Service. + + TagLib + June 22, 2012 + June 22, 2012: 1 + 407673 + 410953 + remote + + + 1.7.1 + 1.7.1 + + + +

TagLib is a library for reading and editing audio meta data.

+ + +

Multiple vulnerabilities have been found in TagLib:

+ +
    +
  • The "analyzeCurrent()" function in ape/apeproperties.cpp contains a + division by zero error (CVE-2012-1107). +
    • +
  • The "parse()" function in inogg/xiphcomment.cpp contains an error + when processing the "vendorLength" field (CVE-2012-1108). +
    • +
  • The "mid()" function in toolkit/tbytevector.cpp contains an integer + overflow error (CVE-2012-1584). +
    • +
+ + +

A remote attacker could entice a user or automated system to open a + specially crafted OGG file with an application using TagLib, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All TagLib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/taglib-1.7.1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these + packages. +

+ + + CVE-2012-1107 + CVE-2012-1108 + CVE-2012-1584 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-17.xml new file mode 100644 index 0000000000..6bed28d703 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-17.xml @@ -0,0 +1,48 @@ + + + + virtualenv: Insecure temporary file usage + An insecure temporary file usage has been reported in virtualenv, + possibly allowing symlink attacks. + + virtualenv + June 22, 2012 + June 22, 2012: 1 + 395285 + local + + + 1.5.1 + 1.5.1 + + + +

virtualenv is a virtual Python environment builder.

+ + +

The virtualenv.py script in virtualenv does not handle temporary files + securely. +

+ + +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All virtualenv users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/virtualenv-1.5.1" + + + + CVE-2011-4617 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-18.xml new file mode 100644 index 0000000000..716cd2dba8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-18.xml @@ -0,0 +1,71 @@ + + + + GnuTLS: Multiple vulnerabilities + Multiple vulnerabilities have been found in GnuTLS, allowing a + remote attacker to perform man-in-the-middle or Denial of Service attacks. + + GnuTLS + June 23, 2012 + June 23, 2012: 1 + 281224 + 292025 + 389947 + 409287 + remote + + + 2.12.18 + 2.12.18 + + + +

GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +

+ + +

Multiple vulnerabilities have been found in GnuTLS:

+ +
    +
  • An error in libgnutls does not properly sanitize "\0" characters from + certificate fields (CVE-2009-2730). +
    • +
  • An error in the TLS and SSL protocols mistreats renegotiation + handshakes (CVE-2009-3555). +
    • +
  • A boundary error in the "gnutls_session_get_data()" function in + gnutls_session.c could cause a buffer overflow (CVE-2011-4128). +
    • +
  • An error in the "_gnutls_ciphertext2compressed()" function in + gnutls_cipher.c could cause memory corruption (CVE-2012-1573). +
    • +
+ + +

A remote attacker could perform man-in-the-middle attacks to spoof + arbitrary SSL servers or cause a Denial of Service condition in + applications linked against GnuTLS. +

+ + +

There is no known workaround at this time.

+ + +

All GnuTLS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.12.18" + + + + + CVE-2009-2730 + CVE-2009-3555 + CVE-2011-4128 + CVE-2012-1573 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-19.xml new file mode 100644 index 0000000000..a937e883d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-19.xml @@ -0,0 +1,54 @@ + + + + NVIDIA Drivers: Privilege escalation + A vulnerability in NVIDIA drivers may allow a local attacker to + gain escalated privileges. + + nvidia-drivers + June 23, 2012 + June 23, 2012: 1 + 411617 + local + + + 295.40 + 295.40 + + + +

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic + boards. +

+ + +

A vulnerability has been found in the way NVIDIA drivers handle + read/write access to GPU device nodes, allowing access to arbitrary + system memory locations. +

+ +

NOTE: Exposure to this vulnerability is reduced in Gentoo due to 660 + permissions being used on the GPU device nodes by default. +

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All NVIDIA driver users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=x11-drivers/nvidia-drivers-295.40" + + + + CVE-2012-0946 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-20.xml new file mode 100644 index 0000000000..bc946857ca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-20.xml @@ -0,0 +1,64 @@ + + + + gdk-pixbuf: Denial of Service + Multiple vulnerabilities in gdk-pixbuf may create a Denial of + Service condition. + + gdk-pixbuf + June 23, 2012 + June 23, 2012: 1 + 373999 + 412033 + remote + + + 2.24.1-r1 + 2.24.1-r1 + + + +

gdk-pixbuf is an image loading library for GTK+.

+ + +

Two vulnerabilities have been found in gdk-pixbuf:

+ +
    +
  • The "gdk_pixbuf__gif_image_load()" function in io-gif.c fails to + properly handle certain return values from subroutines (CVE-2011-2485). +
    • +
  • The "read_bitmap_file_data()" function in io-xbm.c contains an + integer overflow error (CVE-2012-2370). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted image + in an application linked against gdk-pixbuf, possibly resulting in Denial + of Service. +

+ + +

There is no known workaround at this time.

+ + +

All gdk-pixbuf users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.24.1-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2011-2485 + CVE-2012-2370 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-21.xml new file mode 100644 index 0000000000..ad3d24b7d8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-21.xml @@ -0,0 +1,60 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player + could result in the execution of arbitrary code or Denial of Service. + + Adobe Flash Player + June 23, 2012 + June 23, 2012: 1 + 414603 + 420311 + remote + + + 11.2.202.236 + 11.2.202.236 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.236" + + + + CVE-2012-0779 + CVE-2012-2034 + CVE-2012-2035 + CVE-2012-2036 + CVE-2012-2037 + CVE-2012-2038 + CVE-2012-2039 + CVE-2012-2040 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-22.xml new file mode 100644 index 0000000000..8f57043f00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-22.xml @@ -0,0 +1,76 @@ + + + + Samba: Multiple vulnerabilities + Multiple vulnerabilities have been found in Samba, the worst of + which may allow execution of arbitrary code with root privileges. + + Samba + June 24, 2012 + June 24, 2012: 1 + 290633 + 310105 + 323785 + 332063 + 337295 + 356917 + 382263 + 386375 + 405551 + 411487 + 414319 + local, remote + + + 3.5.15 + 3.5.15 + + + +

Samba is a suite of SMB and CIFS client/server programs.

+ + +

Multiple vulnerabilities have been discovered in Samba. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with root + privileges, cause a Denial of Service condition, take ownership of shared + files, or bypass file permissions. Furthermore, a local attacker may be + able to cause a Denial of Service condition or obtain sensitive + information in a Samba credentials file. +

+ + +

There is no known workaround at this time.

+ + +

All Samba users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.5.15" + + + + + CVE-2009-2906 + CVE-2009-2948 + CVE-2010-0728 + CVE-2010-1635 + CVE-2010-1642 + CVE-2010-2063 + CVE-2010-3069 + CVE-2011-0719 + CVE-2011-1678 + CVE-2011-2724 + CVE-2012-0870 + CVE-2012-1182 + CVE-2012-2111 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-23.xml new file mode 100644 index 0000000000..486814d7c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-23.xml @@ -0,0 +1,44 @@ + + + + PyCrypto: Weak key generation + PyCrypto generates weak ElGamal keys. + pycrypto + June 24, 2012 + June 24, 2012: 1 + 417625 + remote + + + 2.6 + 2.6 + + + +

PyCrypto is the Python Cryptography Toolkit.

+ + +

An error in the generate() function in ElGamal.py causes PyCrypto to + generate weak ElGamal keys. +

+ + +

A remote attacker might be able to derive private keys.

+ + +

There is no known workaround at this time.

+ + +

All PyCrypto users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.6" + + + + CVE-2012-2417 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-24.xml new file mode 100644 index 0000000000..8147f0539c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-24.xml @@ -0,0 +1,110 @@ + + + + Apache Tomcat: Multiple vulnerabilities + Multiple vulnerabilities were found in Apache Tomcat, the worst of + which allowing to read, modify and overwrite arbitrary files. + + apache tomcat + June 24, 2012 + March 20, 2016: 3 + 272566 + 273662 + 303719 + 320963 + 329937 + 373987 + 374619 + 382043 + 386213 + 396401 + 399227 + local, remote + + + 6.0.35 + 7.0.23 + 6.0.44 + 6.0.45 + 6.0.46 + 6.0.47 + 6.0.48 + 7.0.23 + + + +

Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

+ + +

Multiple vulnerabilities have been discovered in Apache Tomcat. Please + review the CVE identifiers referenced below for details. +

+ + +

The vulnerabilities allow an attacker to cause a Denial of Service, to + hijack a session, to bypass authentication, to inject webscript, to + enumerate valid usernames, to read, modify and overwrite arbitrary files, + to bypass intended access restrictions, to delete work-directory files, + to discover the server’s hostname or IP, to bypass read permissions for + files or HTTP headers, to read or write files outside of the intended + working directory, and to obtain sensitive information by reading a log + file. +

+ + +

There is no known workaround at this time.

+ + +

All Apache Tomcat 6.0.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35" + + +

All Apache Tomcat 7.0.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23" + + + + CVE-2008-5515 + CVE-2009-0033 + CVE-2009-0580 + CVE-2009-0781 + CVE-2009-0783 + CVE-2009-2693 + CVE-2009-2901 + CVE-2009-2902 + CVE-2010-1157 + CVE-2010-2227 + CVE-2010-3718 + CVE-2010-4172 + CVE-2010-4312 + CVE-2011-0013 + CVE-2011-0534 + CVE-2011-1088 + CVE-2011-1183 + CVE-2011-1184 + CVE-2011-1419 + CVE-2011-1475 + CVE-2011-1582 + CVE-2011-2204 + CVE-2011-2481 + CVE-2011-2526 + CVE-2011-2729 + CVE-2011-3190 + CVE-2011-3375 + CVE-2011-4858 + CVE-2011-5062 + CVE-2011-5063 + CVE-2011-5064 + CVE-2012-0022 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-25.xml new file mode 100644 index 0000000000..68c569e795 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-25.xml @@ -0,0 +1,76 @@ + + + + Apache HTTP Server: Multiple vulnerabilities + Multiple vulnerabilities were found in Apache HTTP Server. + apache + June 24, 2012 + June 24, 2012: 1 + 308049 + 330195 + 380475 + 382971 + 385859 + 389353 + 392189 + 398761 + 401081 + 412481 + local, remote + + + 2.2.22-r1 + 2.2.22-r1 + + + +

Apache HTTP Server is one of the most popular web servers on the + Internet. +

+ + +

Multiple vulnerabilities have been discovered in Apache HTTP Server. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker might obtain sensitive information, gain privileges, + send requests to unintended servers behind proxies, bypass certain + security restrictions, obtain the values of HTTPOnly cookies, or cause a + Denial of Service in various ways. +

+ +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All Apache HTTP Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1" + + + + + CVE-2010-0408 + CVE-2010-0434 + CVE-2010-1452 + CVE-2010-2791 + CVE-2011-3192 + CVE-2011-3348 + CVE-2011-3368 + CVE-2011-3607 + CVE-2011-4317 + CVE-2012-0021 + CVE-2012-0031 + CVE-2012-0053 + CVE-2012-0883 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-26.xml new file mode 100644 index 0000000000..bf57bee853 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-26.xml @@ -0,0 +1,88 @@ + + + + RPM: Multiple vulnerabilities + Multiple vulnerabilities have been found in RPM, possibly allowing + local attackers to gain elevated privileges or remote attackers to execute + arbitrary code. + + RPM + June 24, 2012 + June 24, 2012: 1 + 335880 + 384967 + 410949 + local, remote + + + 4.9.1.3 + 4.9.1.3 + + + +

The Red Hat Package Manager (RPM) is a command line driven package + management system capable of installing, uninstalling, verifying, + querying, and updating computer software packages. +

+ + +

Multiple vulnerabilities have been found in RPM:

+ +
    +
  • fsm.c fails to properly strip setuid and setgid bits from executable + files during a package upgrade (CVE-2010-2059). +
    • +
  • RPM does not properly parse spec files (CVE-2010-2197).
    • +
  • fsm.c fails to properly strip POSIX file capabilities from executable + files during a package upgrade or removal (CVE-2010-2198). +
    • +
  • fsm.c fails to properly strip POSIX ACLs from executable files during + a package upgrade or removal (CVE-2010-2199). +
    • +
  • header.c does not properly parse region offsets in package files + (CVE-2011-3378). +
    • +
  • RPM does not properly sanitize region tags in package headers + (CVE-2012-0060). +
    • +
  • RPM does not properly sanitize region sizes in package headers + (CVE-2012-0061). +
    • +
  • RPM does not properly sanitize region offsets in package + headers(CVE-2012-0815). +
    • +
+ + +

A local attacker may be able to gain elevated privileges. Furthermore, a + remote attacker could entice a user to open a specially crafted RPM + package, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All RPM users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.9.1.3" + + + + CVE-2010-2059 + CVE-2010-2197 + CVE-2010-2198 + CVE-2010-2199 + CVE-2011-3378 + CVE-2012-0060 + CVE-2012-0061 + CVE-2012-0815 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-27.xml new file mode 100644 index 0000000000..ede13c650d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-27.xml @@ -0,0 +1,51 @@ + + + + mini_httpd: Arbitrary code execution + A vulnerability in mini_httpd could allow remote attackers to + execute arbitrary code. + + mini_httpd + June 24, 2012 + June 24, 2012: 1 + 303755 + remote + + + 1.19 + + + +

mini_httpd is a small webserver with optional SSL and IPv6 support.

+ + +

mini_httpd does not properly check for shell escapes when parsing HTTP + requests. +

+ + +

A remote attacker could send specially crafted HTTP requests, possibly + resulting in execution of arbitrary code with the privileges of the + process, or allowing for overwriting of files. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo discontinued support for mini_httpd. We recommend that users + unmerge mini_httpd: +

+ + + # emerge --unmerge "www-servers/mini_httpd" + + + + CVE-2009-4490 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-28.xml new file mode 100644 index 0000000000..20a5331e36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-28.xml @@ -0,0 +1,56 @@ + + + + TeX Live: Multiple vulnerabilities + Multiple vulnerabilities were found in texlive-core, allowing + attackers to execute arbitrary code. + + TeX Live + June 25, 2012 + June 25, 2012: 1 + 264598 + 324019 + remote + + + 2009-r2 + 2009-r2 + + + +

TeX Live is a complete TeX distribution.

+ + +

Multiple vulnerabilities have been discovered in texlive-core. Please + review the CVE identifiers referenced below for details. +

+ + +

These vulnerabilities might allow user-assisted remote attackers to + execute arbitrary code via a specially-crafted DVI file, or cause a + Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All texlive-core users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/texlive-core-2009-r2" + + + + + CVE-2009-1284 + CVE-2010-0739 + CVE-2010-0827 + CVE-2010-1440 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-29.xml new file mode 100644 index 0000000000..7c4685d552 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-29.xml @@ -0,0 +1,53 @@ + + + + mount-cifs: Multiple vulnerabilites + Multiple vulnerabilities were found in mount-cifs, the worst of + which leading to privilege escalation. + + mount-cifs + June 25, 2012 + February 02, 2014: 2 + 308067 + remote + + + 3.0.30 + + + +

mount-cifs is the cifs filesystem mount helper split from Samba.

+ + +

Multiple vulnerabilities have been discovered in mount-cifs. Please + review the CVE identifiers referenced below for details. +

+ + +

The vulnerabilities allow local users to cause a denial of service (mtab + corruption) via a crafted string. Also, local users could mount a CIFS + share on an arbitrary mountpoint, and gain privileges via a symlink + attack on the mountpoint directory file. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for mount-cifs. We recommend that users + unmerge mount-cifs: +

+ + + # emerge --unmerge "net-fs/mount-cifs" + + + + CVE-2010-0547 + CVE-2010-0787 + + + keytoaster + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-30.xml new file mode 100644 index 0000000000..d29b201acf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-30.xml @@ -0,0 +1,51 @@ + + + + sendmail: X.509 NULL spoofing vulnerability + An error in the hostname matching in sendmail might enable remote + attackers to conduct man-in-the-middle attacks. + + sendmail + June 25, 2012 + June 25, 2012: 1 + 299120 + remote + + + 8.14.4 + 8.14.4 + + + +

sendmail is a widely-used Mail Transport Agent (MTA).

+ + +

A vulnerability has been discovered in sendmail. Please review the CVE + identifier referenced below for details. +

+ + +

A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using sendmail. +

+ + +

There is no known workaround at this time.

+ + +

All sendmail users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.14.4" + + + + + CVE-2009-4565 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-31.xml new file mode 100644 index 0000000000..73c233eadf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-31.xml @@ -0,0 +1,73 @@ + + + + Linux-PAM: Multiple vulnerabilities + Multiple vulnerabilities have been found in Linux-PAM, allowing + local attackers to possibly gain escalated privileges, cause a Denial of + Service, corrupt data, or obtain sensitive information. + + pam + June 25, 2012 + June 25, 2012: 1 + 343399 + 386273 + 388431 + local + + + 1.1.5 + 1.1.5 + + + +

Linux-PAM (Pluggable Authentication Modules) is an architecture allowing + the separation of the development of privilege granting software from the + development of secure and appropriate authentication schemes. +

+ + +

Multiple vulnerabilities have been discovered in Linux-PAM. Please + review the CVE identifiers referenced below for details. +

+ + +

A local attacker could use specially crafted files to cause a buffer + overflow, possibly resulting in privilege escalation or Denial of + Service. Furthermore, a local attacker could execute specially crafted + programs or symlink attacks, possibly resulting in data loss or + disclosure of sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Linux-PAM users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.1.5" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 25, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2010-3316 + CVE-2010-3430 + CVE-2010-3431 + CVE-2010-3435 + CVE-2010-3853 + CVE-2010-4706 + CVE-2010-4707 + CVE-2010-4708 + CVE-2011-3148 + CVE-2011-3149 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-32.xml new file mode 100644 index 0000000000..f7eeba470a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-32.xml @@ -0,0 +1,51 @@ + + + + Links: SSL verification vulnerability + An error in the verification of SSL certificates in Links might + enable remote attackers to conduct man-in-the-middle attacks. + + Links + June 25, 2012 + June 25, 2012: 1 + 253847 + 411493 + remote + + + 2.6 + 2.6 + + + +

Links is a fast lightweight text and graphic web-browser.

+ + +

A SSL verification vulnerability and two unspecified vulnerabilities + have been discovered in Links. Please review the Secunia Advisory + referenced below for details. +

+ + +

An attacker might conduct man-in-the-middle attacks. The unspecified + errors could allow for out-of-bounds reads and writes. +

+ + +

There is no known workaround at this time.

+ + +

All Links users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/links-2.6" + + + + + Secunia Advisory SA33391 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-33.xml new file mode 100644 index 0000000000..796bf1260d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-33.xml @@ -0,0 +1,55 @@ + + + + Postfix: Multiple vulnerabilities + A vulnerability has been found in Postfix, the worst of which + possibly allowing remote code execution. + + Postfix + June 25, 2012 + June 25, 2012: 1 + 358085 + 366605 + remote + + + 2.7.4 + 2.7.4 + + + +

Postfix is Wietse Venema’s mailer that attempts to be fast, easy to + administer, and secure, as an alternative to the widely-used Sendmail + program. +

+ + +

A vulnerability have been discovered in Postfix. Please review the CVE + identifier referenced below for details. +

+ + +

An attacker could perform a man-in-the-middle attack and inject SMTP + commands during the plaintext to TLS session switch or might execute + arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All Postfix users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4" + + + + + CVE-2011-0411 + CVE-2011-1720 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-34.xml new file mode 100644 index 0000000000..f589ab06d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-34.xml @@ -0,0 +1,51 @@ + + + + msmtp: X.509 NULL spoofing vulnerability + An error in the hostname matching in msmtp might enable remote + attackers to conduct man-in-the-middle attacks. + + msmtp + June 25, 2012 + June 25, 2012: 1 + 293647 + remote + + + 1.4.19 + 1.4.19 + + + +

msmtp is an SMTP client and SMTP plugin for mail user agents such as + Mutt. +

+ + +

A vulnerability have been discovered in msmtp. Please review the CVE + identifier referenced below for details. +

+ + +

A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using msmtp. +

+ + +

There is no known workaround at this time.

+ + +

All msmtp users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/msmtp-1.4.19" + + + + + CVE-2009-3942 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-35.xml new file mode 100644 index 0000000000..2636b1f16d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-35.xml @@ -0,0 +1,53 @@ + + + + nbd: Multiple vulnerabilities + Multiple vulnerabilities were found in nbd, which could lead to + remote execution of arbitrary code. + + nbd + June 25, 2012 + June 25, 2012: 1 + 353097 + 372891 + remote + + + 2.9.22 + 2.9.22 + + + +

nbd is a userland client/server for kernel network block device.

+ + +

Multiple vulnerabilities have been discovered in nbd. Please review the + CVE identifiers referenced below for details. +

+ + +

nbd allows remote attackers to cause a denial of service (NULL pointer + dereference and crash) or the execution of arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All nbd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-block/nbd-2.9.22" + + + + + CVE-2011-0530 + CVE-2011-1925 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-36.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-36.xml new file mode 100644 index 0000000000..068602a8f7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-36.xml @@ -0,0 +1,60 @@ + + + + logrotate: Multiple vulnerabilities + Multiple vulnerabilities were found in logrotate, which could lead + to arbitrary system command execution. + + logrotate + June 25, 2012 + June 25, 2012: 1 + 356811 + 372973 + local + + + 3.8.0 + 3.8.0 + + + +

logrotate rotates, compresses, and mails system logs.

+ + +

Multiple vulnerabilities have been discovered in logrotate. Please + review the CVE identifiers referenced below for details. +

+ + +

A local attacker could use this flaw to truncate arbitrary system file, + to change file owner or mode on arbitrary system files, to conduct + symlink attacks and send arbitrary system files, to execute arbitrary + system commands, to cause abort in subsequent logrotate runs, to disclose + sensitive information, to execute arbitrary code or cause a Denial of + Service condition. +

+ + + +

There is no known workaround at this time.

+ + +

All logrotate users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/logrotate-3.8.0" + + + + + CVE-2011-1098 + CVE-2011-1154 + CVE-2011-1155 + CVE-2011-1549 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-01.xml new file mode 100644 index 0000000000..327262216a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-01.xml @@ -0,0 +1,50 @@ + + + + sudo: Privilege escalation + A vulnerability has been found in sudo which may allow local users + to gain escalated privileges. + + sudo + July 09, 2012 + July 09, 2012: 1 + 416281 + local + + + 1.8.5_p1 + 1.8.5_p1 + + + +

sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +

+ + +

An error in sudo may allow unintended IPv4 hosts to be granted access to + commands. +

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.5_p1" + + + + + CVE-2012-2337 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-02.xml new file mode 100644 index 0000000000..1b35ff7d63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-02.xml @@ -0,0 +1,52 @@ + + + + libxml2: User-assisted execution of arbitrary code + A off-by-one error in libxml2 could result in execution of + arbitrary code or Denial of Service. + + libxml2 + July 09, 2012 + July 09, 2012: 1 + 416209 + remote + + + 2.8.0_rc1 + 2.8.0_rc1 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

The "xmlXPtrEvalXPtrPart()" function in xpointer.c contains an + off-by-one error. +

+ + +

A remote attacker could entice a user or automated system to open a + specially crafted XML document with an application using libxml2, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.8.0_rc1" + + + + CVE-2011-3102 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-03.xml new file mode 100644 index 0000000000..1815989b42 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-03.xml @@ -0,0 +1,49 @@ + + + + ChaSen: User-assisted execution of arbitrary code + A buffer overflow vulnerability in ChaSen could result in the + execution of arbitrary code. + + ChaSen + July 09, 2012 + July 09, 2012: 1 + 390769 + remote + + + 2.4.4-r2 + 2.4.4-r2 + + + +

ChaSen is a Japanese morphological analysis system.

+ + +

An error in chalib.c of ChaSen could cause a buffer overflow.

+ + +

A remote attacker could entice a user to open a specially crafted text + file using ChaSen or an application using the ChaSen libraries, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ChaSen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/chasen-2.4.4-r2" + + + + + CVE-2011-4000 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-04.xml new file mode 100644 index 0000000000..173e30d304 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-04.xml @@ -0,0 +1,65 @@ + + + + X.Org X Server: Privilege escalation + A format string vulnerability in X.Org X Server may allow local + privilege escalation or Denial of Service. + + xorg-server + July 09, 2012 + July 09, 2012: 1 + 412609 + local + + + 1.11.4-r1 + 1.10.6-r1 + 1.9.5-r1 + 1.11.4-r1 + + + +

The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

The "LogVHdrMessageVerb()" function in log.c contains a format string + vulnerability. +

+ +

NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X + Server being built with "-D_FORTIFY_SOURCE=2" by default. +

+ + +

A local attacker could gain escalated privileges or cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All X.Org X Server 1.11.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.11.4-r1" + + +

All X.Org X Server 1.10.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.10.6-r1" + + +

X.Org X Server 1.9.x is not affected.

+ + + CVE-2012-2118 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-05.xml new file mode 100644 index 0000000000..1dbf1dce9a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-05.xml @@ -0,0 +1,52 @@ + + + + pidgin-otr: Arbitrary code execution + A format string vulnerability in pidgin-otr may allow execution of + arbitrary code. + + pidgin-otr + July 09, 2012 + July 09, 2012: 1 + 416263 + remote + + + 3.2.1 + 3.2.1 + + + +

pidgin-otr messaging allows you to have private conversations over + instant messaging. +

+ + +

A format string vulnerability has been found in the "log_message_cb()" + function in otr-plugin.c. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All pidgin-otr users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-plugins/pidgin-otr-3.2.1" + + + + CVE-2012-2369 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-06.xml new file mode 100644 index 0000000000..247de6236d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-06.xml @@ -0,0 +1,48 @@ + + + + JRuby: Denial of Service + A hash collision vulnerability in JRuby allows remote attackers to + cause a Denial of Service condition. + + jruby + July 09, 2012 + July 09, 2012: 1 + 396305 + remote + + + 1.6.5.1 + 1.6.5.1 + + + +

JRuby is a Java-based Ruby interpreter implementation.

+ + +

JRuby does not properly randomize hash functions to protect against hash + collision attacks. +

+ + +

A remote attacker could send a specially crafted input, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All JRuby users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/jruby-1.6.5.1" + + + + CVE-2011-4838 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-07.xml new file mode 100644 index 0000000000..8ffe82ac13 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-07.xml @@ -0,0 +1,50 @@ + + + + Keepalived: Denial of Service + Keepalived uses world-writable PID files, allowing a local attacker + to kill arbitrary processes. + + keepalived + July 09, 2012 + July 09, 2012: 1 + 371469 + local + + + 1.2.2-r3 + 1.2.2-r3 + + + +

Keepalived is a strong & robust keepalive facility to the Linux + Virtual Server project. +

+ + +

The "pidfile_write()" function in pidfile.c in Keepalived writes PID + files with insecure permissions. +

+ + +

A local attacker may be able to cause a Denial of Service of arbitrary + processes. +

+ + +

There is no known workaround at this time.

+ + +

All Keepalived users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/keepalived-1.2.2-r3" + + + + CVE-2011-1784 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-08.xml new file mode 100644 index 0000000000..592c49e87e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-08.xml @@ -0,0 +1,61 @@ + + + + Gnash: Multiple vulnerabilities + Multiple vulnerabilities have been found in Gnash which could + result in execution of arbitrary code, Denial of Service, or information + disclosure. + + Gnash + July 09, 2012 + July 09, 2012: 1 + 391283 + 408209 + local, remote + + + 0.8.10-r2 + 0.8.10-r2 + + + +

Gnash is a GNU flash movie player that supports many SWF features.

+ + +

Multiple vulnerabilities have been found in Gnash:

+ +
    +
  • The "nsPluginInstance::setupCookies()" function in plugin.cpp creates + world-readable cookies with predictable file names (CVE-2011-4328). +
    • +
  • The "GnashImage::size()" function in GnashImage.h contains an integer + overflow error which could cause a heap-based buffer overflow + (CVE-2012-1175). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted SWF + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. Furthermore, a local attacker may be able to obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Gnash users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/gnash-0.8.10-r2" + + + + CVE-2011-4328 + CVE-2012-1175 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-09.xml new file mode 100644 index 0000000000..2cc9e991ae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-09.xml @@ -0,0 +1,65 @@ + + + + mod_fcgid: Multiple vulnerabilities + Multiple vulnerabilities have been found in mod_fcgid, allowing + execution of arbitrary code or Denial of Service. + + mod_fcgid + July 09, 2012 + July 09, 2012: 1 + 344685 + 409373 + local, remote + + + 2.3.7 + 2.3.7 + + + +

mod_fcgid is a binary-compatible alternative to mod_fastcgi with better + process management. +

+ + +

Multiple vulnerabilities have been found in mod_fcgid:

+ +
    +
  • An error in the "fcgid_header_bucket_read()" function in + fcgid_bucket.c could cause a stack-based buffer overflow + (CVE-2010-3872). +
    • +
  • An error in the "is_spawn_allowed() function in fcgid_spawn_ctl.c + prevents Apache from recognizing the FcgidMaxProcessesPerClass + directive for a virtual host (CVE-2012-1181). +
    • +
+ + +

A local attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. + Furthermore, a remote attacker could send specially crafted HTTP + requests, possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All mod_fcgid users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_fcgid-2.3.7" + + + + CVE-2010-3872 + CVE-2012-1181 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-10.xml new file mode 100644 index 0000000000..0393d13fde --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201207-10.xml @@ -0,0 +1,91 @@ + + + + CUPS: Multiple vulnerabilities + Multiple vulnerabilities have been found in CUPS, some of which may + allow execution of arbitrary code or local privilege escalation. + + cups + July 09, 2012 + July 09, 2012: 1 + 295256 + 308045 + 325551 + 380771 + local, remote + + + 1.4.8-r1 + 1.4.8-r1 + + + +

CUPS, the Common Unix Printing System, is a full-featured print server.

+ + +

Multiple vulnerabilities have been discovered in CUPS. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code using specially + crafted streams, IPP requests or files, or cause a Denial of Service + (daemon crash or hang). A local attacker may be able to gain escalated + privileges or overwrite arbitrary files. Furthermore, a remote attacker + may be able to obtain sensitive information from the CUPS process or + hijack a CUPS administrator authentication request. +

+ + +

There is no known workaround at this time.

+ + +

All CUPS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 03, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2009-3553 + + + CVE-2010-0302 + + + CVE-2010-0393 + + + CVE-2010-0540 + + + CVE-2010-0542 + + + CVE-2010-1748 + + + CVE-2010-2431 + + + CVE-2010-2432 + + + CVE-2010-2941 + + + CVE-2011-3170 + + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-01.xml new file mode 100644 index 0000000000..61d9c3a2f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-01.xml @@ -0,0 +1,51 @@ + + + + socat: Arbitrary code execution + A buffer overflow in socat might allow remote attackers to execute + arbitrary code. + + socat + August 14, 2012 + August 14, 2012: 1 + 415977 + local, remote + + + 1.7.2.1 + 1.7.2.1 + + + +

socat is a multipurpose bidirectional relay, similar to netcat.

+ + +

A vulnerability in the "xioscan_readline()" function in xio-readline.c + could cause a heap-based buffer overflow. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the socat process. +

+ + +

There is no known workaround at this time.

+ + +

All socat users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.2.1" + + + + CVE-2012-0219 + + Socat security advisory 3 + + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-02.xml new file mode 100644 index 0000000000..d52918180c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-02.xml @@ -0,0 +1,72 @@ + + + + Puppet: Multiple vulnerabilities + Multiple vulnerabilities have been found in Puppet, the worst of + which could lead to execution of arbitrary code. + + Puppet + August 14, 2012 + August 14, 2012: 1 + 410857 + local + + + 2.7.13 + 2.7.13 + + + +

Puppet is a system configuration management tool written in Ruby.

+ + +

Multiple vulnerabilities have been found in Puppet:

+ +
    +
  • Puppet uses predictable file names for temporary files + (CVE-2012-1906). +
    • +
  • REST requests for a file in a remote filebucket are not handled + properly by overriding filebucket storage locations (CVE-2012-1986). +
    • +
  • REST requests for a file in a remote filebucket are not handled + properly by reading streams or writing files on the Puppet master's + file system (CVE-2012-1987). +
    • +
  • File name paths are not properly sanitized from bucket requests + (CVE-2012-1988). +
    • +
  • The Telnet utility in Puppet does not handle temporary files securely + (CVE-2012-1989). +
    • +
+ + +

A local attacker with access to agent SSL keys could possibly execute + arbitrary code with the privileges of the process, cause a Denial of + Service condition, or perform symlink attacks to overwrite or read + arbitrary files on the Puppet master. +

+ + +

There is no known workaround at this time.

+ + +

All Puppet users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.13" + + + + + CVE-2012-1906 + CVE-2012-1986 + CVE-2012-1987 + CVE-2012-1988 + CVE-2012-1989 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-03.xml new file mode 100644 index 0000000000..e1a92e79e1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-03.xml @@ -0,0 +1,87 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium, some of + which may allow execution of arbitrary code. + + chromium + August 14, 2012 + August 14, 2012: 1 + 423719 + 426204 + 429174 + remote + + + 21.0.1180.57 + 21.0.1180.57 + + + +

Chromium is an open source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, a Denial of Service condition, + disclosure of sensitive information, or other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-21.0.1180.57" + + + + CVE-2012-2815 + CVE-2012-2817 + CVE-2012-2818 + CVE-2012-2819 + CVE-2012-2820 + CVE-2012-2821 + CVE-2012-2823 + CVE-2012-2824 + CVE-2012-2825 + CVE-2012-2826 + CVE-2012-2829 + CVE-2012-2830 + CVE-2012-2831 + CVE-2012-2834 + CVE-2012-2842 + CVE-2012-2843 + CVE-2012-2846 + CVE-2012-2847 + CVE-2012-2848 + CVE-2012-2849 + CVE-2012-2853 + CVE-2012-2854 + CVE-2012-2857 + CVE-2012-2858 + CVE-2012-2859 + CVE-2012-2860 + + Release Notes 20.0.1132.43 + + + Release Notes 20.0.1132.57 + + + Release Notes 21.0.1180.57 + + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-04.xml new file mode 100644 index 0000000000..63b09a1fd0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-04.xml @@ -0,0 +1,58 @@ + + + + Gajim: Multiple vulnerabilities + Multiple vulnerabilities have been found in Gajim, the worst of + which may allow execution of arbitrary code. + + gajim + August 14, 2012 + August 14, 2012: 1 + 411269 + 412215 + local, remote + + + 0.15-r1 + 0.15-r1 + + + +

Gajim is a Jabber and XMPP client written in PyGTK.

+ + +

Multiple vulnerabilities have been discovered in Gajim. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted link + using Gajim, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker could use a specially crafted Jabber ID, possibly + resulting in execution of arbitrary SQL statements. +

+ +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Gajim users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gajim-0.15-r1" + + + + CVE-2012-2085 + CVE-2012-2086 + CVE-2012-2093 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-05.xml new file mode 100644 index 0000000000..1da1bc165d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-05.xml @@ -0,0 +1,54 @@ + + + + Perl Config-IniFiles Module: Insecure temporary file usage + An insecure temporary file usage has been reported in the Perl + Config-IniFiles module, possibly allowing symlink attacks. + + Config-IniFiles + August 14, 2012 + August 14, 2012: 1 + 414485 + local + + + 2.710.0 + 2.710.0 + + + +

Config-IniFiles is a Perl module for reading .ini-style configuration + files. +

+ + +

The Perl Config-IniFiles module uses predicatable temporary file names.

+ + +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All users of the Perl Config-IniFiles module should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-perl/Config-IniFiles-2.710.0" + + + + + CVE-2012-2451 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-06.xml new file mode 100644 index 0000000000..d6dc7f2060 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201208-06.xml @@ -0,0 +1,50 @@ + + + + libgdata: Man-in-the-Middle attack + A vulnerability in libgdata could allow remote attackers to perform + man-in-the-middle attacks. + + libgdata + August 14, 2012 + August 14, 2012: 1 + 408245 + remote + + + 0.8.1-r2 + 0.8.1-r2 + + + +

libgdata is a GLib-based library for accessing online service APIs using + the GData protocol. +

+ + +

An error in the "_gdata_service_build_session()" function of + gdata-service.c prevents libgdata from properly validating certificates. +

+ + +

A remote attacker could perform man-in-the-middle attacks to spoof + arbitrary SSL servers via a crafted certificate. +

+ + +

There is no known workaround at this time.

+ + +

All libgdata users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libgdata-0.8.1-r2" + + + + CVE-2012-1177 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-01.xml new file mode 100644 index 0000000000..82f1415c56 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-01.xml @@ -0,0 +1,60 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which could result in execution of arbitrary code. + + adobe-flash + September 05, 2012 + September 05, 2012: 2 + 431432 + 432286 + remote + + + 11.2.202.238 + 11.2.202.238 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple unspecified vulnerabilities have been discovered in Adobe Flash + Player. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open specially crafted SWF + content, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition. Furthermore, + a remote attacker may be able to obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.238" + + + + CVE-2012-1535 + CVE-2012-4163 + CVE-2012-4164 + CVE-2012-4165 + CVE-2012-4166 + CVE-2012-4167 + CVE-2012-4168 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-02.xml new file mode 100644 index 0000000000..6ff3e6e99a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-02.xml @@ -0,0 +1,95 @@ + + + + libTIFF: Multiple vulnerabilities + Multiple vulnerabilities in libTIFF could result in execution of + arbitrary code or Denial of Service. + + tiff + September 23, 2012 + June 02, 2014: 6 + 307001 + 324885 + 357271 + 359871 + 371308 + 410931 + 422673 + 427166 + remote + + + 4.0.2-r1 + 3.9.5-r2 + 3.9.7-r1 + 4.0.2-r1 + + + +

libTIFF provides support for reading and manipulating TIFF (Tagged Image + File Format) images. +

+ + +

Multiple vulnerabilities have been discovered in libTIFF. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF, possibly resulting in + execution of arbitrary code with the privileges of the user running the + application or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libTIFF 4.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.2-r1" + + +

All libTIFF 3.9 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.5-r2" + + + + + CVE-2009-2347 + CVE-2009-5022 + CVE-2010-1411 + CVE-2010-2065 + CVE-2010-2067 + CVE-2010-2233 + CVE-2010-2443 + CVE-2010-2481 + CVE-2010-2482 + CVE-2010-2483 + CVE-2010-2595 + CVE-2010-2596 + CVE-2010-2597 + CVE-2010-2630 + CVE-2010-2631 + CVE-2010-3087 + CVE-2010-4665 + CVE-2011-0192 + CVE-2011-0192 + CVE-2011-1167 + CVE-2011-1167 + CVE-2012-1173 + CVE-2012-2088 + CVE-2012-2113 + CVE-2012-3401 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-03.xml new file mode 100644 index 0000000000..e1718ac315 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-03.xml @@ -0,0 +1,92 @@ + + + + PHP: Multiple vulnerabilities + Multiple vulnerabilities were found in PHP, the worst of which lead + to remote execution of arbitrary code. + + php + September 24, 2012 + September 24, 2012: 1 + 384301 + 396311 + 396533 + 399247 + 399567 + 399573 + 401997 + 410957 + 414553 + 421489 + 427354 + 429630 + remote + + + 5.3.15 + 5.4.5 + 5.3.15 + 5.4.5 + + + +

PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, obtain sensitive + information, create arbitrary files, conduct directory traversal attacks, + bypass protection mechanisms, or perform further attacks with unspecified + impact. +

+ + +

There is no known workaround at this time.

+ + +

All PHP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15" + + +

All PHP users on ARM should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5" + + + + + CVE-2011-1398 + CVE-2011-3379 + CVE-2011-4566 + CVE-2011-4885 + CVE-2012-0057 + CVE-2012-0788 + CVE-2012-0789 + CVE-2012-0830 + CVE-2012-0831 + CVE-2012-1172 + CVE-2012-1823 + CVE-2012-2143 + CVE-2012-2311 + CVE-2012-2335 + CVE-2012-2336 + CVE-2012-2386 + CVE-2012-2688 + CVE-2012-3365 + CVE-2012-3450 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-04.xml new file mode 100644 index 0000000000..708d346ccf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-04.xml @@ -0,0 +1,67 @@ + + + + BIND: Multiple vulnerabilities + Multiple vulnerabilities have been found in BIND, the worst of + which may allow remote Denial of Service. + + bind + September 24, 2012 + September 24, 2012: 1 + 402661 + 419637 + 427966 + 434876 + remote + + + 9.9.1_p3 + 9.9.1_p3 + + + +

BIND is the Berkeley Internet Name Domain Server.

+ + +

Multiple vulnerabilities have been discovered in BIND:

+ +
    +
  • Domain names are not properly revoked due to an error in the cache + update policy (CVE-2012-1033). +
    • +
  • BIND accepts records with zero-length RDATA fields (CVE-2012-1667).
    • +
  • An assertion failure from the failing-query cache could occur when + DNSSEC validation is enabled (CVE-2012-3817). +
    • +
  • A memory leak may occur under high TCP query loads (CVE-2012-3868).
    • +
  • An assertion error can occur when a query is performed for a record + with RDATA greater than 65535 bytes (CVE-2012-4244). +
    • +
+ + +

A remote attacker may be able to cause a Denial of Service condition or + keep domain names resolvable after it has been deleted from registration. +

+ + +

There is no known workaround at this time.

+ + +

All BIND users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.1_p3" + + + + CVE-2012-1033 + CVE-2012-1667 + CVE-2012-3817 + CVE-2012-3868 + CVE-2012-4244 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-05.xml new file mode 100644 index 0000000000..357b46562a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-05.xml @@ -0,0 +1,85 @@ + + + + LibreOffice: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibreOffice, allowing + remote attackers to execute arbitrary code or cause a Denial of Service. + + libreoffice + September 24, 2012 + September 24, 2012: 1 + 386081 + 409455 + 416457 + 429482 + remote + + + 3.5.5.3 + 3.5.5.3 + + + 3.5.5.3 + 3.5.5.3 + + + +

LibreOffice is a full office productivity suite.

+ + +

Multiple vulnerabilities have been found in LibreOffice:

+ +
    +
  • The Microsoft Word Document parser contains an out-of-bounds read + error (CVE-2011-2713). +
    • +
  • The Raptor RDF parser contains an XML External Entity expansion error + (CVE-2012-0037). +
    • +
  • The graphic loading parser contains an integer overflow error which + could cause a heap-based buffer overflow (CVE-2012-1149). +
    • +
  • Multiple errors in the XML manifest handling code could cause a + heap-based buffer overflow (CVE-2012-2665). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted + document file using LibreOffice, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All LibreOffice users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-3.5.5.3" + + +

All users of the LibreOffice binary package should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-office/libreoffice-bin-3.5.5.3" + + + + CVE-2011-2713 + CVE-2012-0037 + CVE-2012-1149 + CVE-2012-2665 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-06.xml new file mode 100644 index 0000000000..3e556afea2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-06.xml @@ -0,0 +1,61 @@ + + + + Expat: Multiple vulnerabilities + Multiple vulnerabilities have been found in Expat, possibly + resulting in Denial of Service. + + expat + September 24, 2012 + September 24, 2012: 1 + 280615 + 303727 + 407519 + remote + + + 2.1.0_beta3 + 2.1.0_beta3 + + + +

Expat is a set of XML parsing libraries.

+ + +

Multiple vulnerabilities have been discovered in Expat. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted XML + file in an application linked against Expat, possibly resulting in a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Expat users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.1.0_beta3" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2009-3560 + CVE-2009-3720 + CVE-2012-0876 + CVE-2012-1147 + CVE-2012-1148 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-07.xml new file mode 100644 index 0000000000..f028c3f8f9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-07.xml @@ -0,0 +1,56 @@ + + + + International Components for Unicode: User-assisted execution of + arbitrary code + + A buffer overflow in International Components for Unicode could + result in execution of arbitrary code or Denial of Service. + + icu + September 24, 2012 + September 24, 2012: 1 + 394201 + remote + + + 49.1.1-r1 + 49.1.1-r1 + + + +

International Components for Unicode (ICU) is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +

+ + +

An error in the _canonicalize() function in uloc.cpp could cause a + stack-based buffer overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted locale + representation using an application linked against ICU, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ICU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/icu-49.1.1-r1" + + + + + CVE-2011-4599 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-08.xml new file mode 100644 index 0000000000..c4e977516f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-08.xml @@ -0,0 +1,49 @@ + + + + SquidClamav: Denial of Service + A vulnerability in SquidClamav may result in Denial of Service. + squidclamav + September 24, 2012 + September 24, 2012: 1 + 428778 + remote + + + 6.8 + 6.8 + + + +

SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP.

+ + +

SquidClamav does not properly escape URLs before passing them to the + system command call. +

+ + +

A remote attacker could send a specially crafted URL to SquidClamav, + possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All SquidClamav users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squidclamav-6.8" + + + + CVE-2012-3501 + SquidClamav News + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-09.xml new file mode 100644 index 0000000000..e49fb76fe9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-09.xml @@ -0,0 +1,53 @@ + + + + Atheme IRC Services: Denial of Service + A vulnerability has been found in Atheme which may lead to Denial + of Service or a bypass of security restrictions. + + atheme + September 25, 2012 + September 25, 2012: 1 + 409103 + remote + + + 6.0.10 + 6.0.10 + + + +

Atheme is a portable and secure set of open-source and modular IRC + services. CertFP is certificate fingerprinting used to authenticate users + to nicknames. +

+ + +

The “myuser_delete()” function in account.c does not properly remove + CertFP entries when deleting user accounts. +

+ + +

A remote authenticated attacker may be able to cause a Denial of Service + condition or gain access to an Atheme IRC Services user account. +

+ + +

There is no known workaround at this time.

+ + +

All Atheme users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10" + + + + CVE-2012-1576 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-10.xml new file mode 100644 index 0000000000..0d5b9dbafe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-10.xml @@ -0,0 +1,50 @@ + + + + Calligra: User-assisted execution of arbitrary code + A buffer overflow vulnerability in Calligra could result in the + execution of arbitrary code. + + calligra + September 25, 2012 + September 25, 2012: 1 + 428890 + remote + + + 2.4.3-r1 + 2.4.3-r1 + + + +

Calligra is an office suite by KDE.

+ + +

An error in the read() function in styles.cpp could cause a heap-based + buffer overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted ODF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Calligra users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/calligra-2.4.3-r1" + + + + + CVE-2012-3456 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-11.xml new file mode 100644 index 0000000000..b24cb4c131 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-11.xml @@ -0,0 +1,62 @@ + + + + Opera: Multiple vulnerabilities + Multiple vulnerabilities have been found in Opera, the worst of + which may allow remote execution of arbitrary code. + + opera + September 25, 2012 + September 25, 2012: 1 + 429478 + 434584 + remote + + + 12.01.1532 + 12.01.1532 + + + +

Opera is a fast web browser that is available free of charge.

+ + +

Multiple vulnerabilities have been discovered in Opera. Please review + the CVE identifiers and Opera Release Notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + page using Opera, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. + Furthermore, a remote attacker may be able to trick a user into + downloading and executing files, conduct Cross-Site Scripting (XSS) + attacks, spoof the address bar, or have other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All Opera users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532" + + + + + CVE-2012-4010 + CVE-2012-4142 + CVE-2012-4143 + CVE-2012-4144 + CVE-2012-4145 + CVE-2012-4146 + Opera 12.01 for + UNIX changelog + + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-12.xml new file mode 100644 index 0000000000..87fa78cdaf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-12.xml @@ -0,0 +1,57 @@ + + + + Libtasn1: Denial of Service + A vulnerability in Libtasn1 might cause a Denial of Service + condition. + + libtasn1 + September 25, 2012 + September 25, 2012: 1 + 409031 + remote + + + 2.12 + 2.12 + + + +

Libtasn1 is a library used to parse ASN.1 (Abstract Syntax Notation One) + objects, and perform DER (Distinguished Encoding Rules) decoding. +

+ + +

Libtasn1 does not properly handle length fields when performing DER + decoding. +

+ + +

A remote attacker could entice a user to open a specially crafted + DER-encoded object in an application linked against Libtasn1, possibly + resulting in Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All Libtasn1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-2.12" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2012-1569 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-13.xml new file mode 100644 index 0000000000..ec2b5db028 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-13.xml @@ -0,0 +1,54 @@ + + + + libjpeg-turbo: User-assisted execution of arbitrary code + A vulnerability in libjpeg-turbo could result in execution of + arbitrary code or Denial of Service. + + libjpeg-turbo + September 26, 2012 + September 26, 2012: 1 + 426938 + remote + + + 1.2.1 + 1.2.1 + + + +

libjpeg-turbo accelerates JPEG compression and decompression.

+ + +

A vulnerability in the get_sos() function in jdmarker.c could cause a + heap-based buffer overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted JPEG + file in an application linked against libjpeg-turbo, possibly resulting + in the remote execution of arbitrary code with the permissions of the + user running the application, or Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All libjpeg-turbo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-1.2.1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2012-2806 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-14.xml new file mode 100644 index 0000000000..f655550199 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-14.xml @@ -0,0 +1,49 @@ + + + + file: Denial of Service + A vulnerability in file could result in Denial of Service. + file + September 26, 2012 + September 26, 2012: 1 + 427368 + remote + + + 5.11 + 5.11 + + + +

file is a utility that guesses a file format by scanning binary data for + patterns. +

+ + +

Multiple out-of-bounds read errors and invalid pointer dereference + errors have been found in cdf.c. +

+ + +

A remote attacker could entice a user to open a specially crafted + Composite Document File (CDF) using file, possibly resulting in a Denial + of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All file users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-5.11" + + + + CVE-2012-1571 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-15.xml new file mode 100644 index 0000000000..f0e61cb3c5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-15.xml @@ -0,0 +1,66 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities have been found in Asterisk, the worst of + which may allow execution of arbitrary code. + + asterisk + September 26, 2012 + September 26, 2012: 1 + 425050 + 433750 + remote + + + 1.8.15.1 + 1.8.15.1 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple vulnerabilities have been found in Asterisk:

+ +
    +
  • An error in manager.c allows shell access (CVE-2012-2186).
    • +
  • An error in Asterisk could cause all RTP ports to be exhausted + (CVE-2012-3812). +
    • +
  • A double-free error could occur when two parties attempt to + manipulate the same voicemail account simultaneously (CVE-2012-3863). +
    • +
  • Asterisk does not properly implement certain ACL rules + (CVE-2012-4737). +
    • +
+ + +

A remote, authenticated attacker could execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or bypass + outbound call restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.15.1" + + + + CVE-2012-2186 + CVE-2012-3812 + CVE-2012-3863 + CVE-2012-4737 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-16.xml new file mode 100644 index 0000000000..c1e439e585 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-16.xml @@ -0,0 +1,51 @@ + + + + SQLAlchemy: SQL injection + An input sanitation flaw in SQLAlchemy allows remote attacker to + conduct SQL injection. + + sqlalchemy + September 26, 2012 + September 26, 2012: 1 + 407437 + remote + + + 0.7.4 + 0.7.4 + + + +

SQLAlchemy is a Python SQL toolkit and Object Relational Mapper.

+ + +

SQLAlchemy does not properly sanitize input passed from the “limit” + and “offset” keywords to the select() function before using it in an + SQL query. +

+ + +

A remote attacker could exploit this vulnerability to execute arbitrary + SQL statements. +

+ + +

There is no known workaround at this time.

+ + +

All SQLAlchemy users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/sqlalchemy-0.7.4" + + + + CVE-2012-0805 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-17.xml new file mode 100644 index 0000000000..10a8f3171f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-17.xml @@ -0,0 +1,50 @@ + + + + Pidgin: Arbitrary code execution + A buffer overflow in Pidgin might allow remote attackers to execute + arbitrary code or cause Denial of Service. + + pidgin + September 27, 2012 + September 27, 2012: 1 + 425076 + remote + + + 2.10.6 + 2.10.6 + + + +

Pidgin is a GTK Instant Messenger client for a variety of instant + messaging protocols. libpurple is the core library for Pidgin. +

+ + +

A stack-based buffer overflow vulnerability has been found in the MXit + protocol plug-in for libpurple. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the Pidgin process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Pidgin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.6" + + + + CVE-2012-3374 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-18.xml new file mode 100644 index 0000000000..839a29a8b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-18.xml @@ -0,0 +1,54 @@ + + + + Postfixadmin: Multiple vulnerabilities + Multiple vulnerabilities have been found in Postfixadmin which may + lead to SQL injection or cross-site scripting attacks. + + postfixadmin + September 27, 2012 + September 27, 2012: 1 + 400971 + remote + + + 2.3.5 + 2.3.5 + + + +

Postfixadmin is a web-based management tool for Postfix-style virtual + domains and users. +

+ + +

Multiple SQL injection vulnerabilities (CVE-2012-0811) and cross-site + scripting vulnerabilities (CVE-2012-0812) have been found in + Postfixadmin. +

+ + +

A remote attacker could exploit these vulnerabilities to execute + arbitrary SQL statements or arbitrary HTML and script code. +

+ + +

There is no known workaround at this time.

+ + +

All Postfixadmin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/postfixadmin-2.3.5" + + + + CVE-2012-0811 + CVE-2012-0812 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-19.xml new file mode 100644 index 0000000000..4f9ce6e485 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-19.xml @@ -0,0 +1,49 @@ + + + + NUT: Arbitrary code execution + A buffer overflow in NUT might allow remote attackers to execute + arbitrary code. + + nut + September 27, 2012 + September 27, 2012: 1 + 419377 + remote + + + 2.6.3 + 2.6.3 + + + +

The Network UPS Tools (NUT) provide support for power devices.

+ + +

An error in the addchar() function in parseconf.c may cause a buffer + overflow. +

+ + +

A remote attacker could send a specially crafted string to upsd, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All NUT users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-power/nut-2.6.3" + + + + CVE-2012-2944 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-20.xml new file mode 100644 index 0000000000..5e4a09281f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-20.xml @@ -0,0 +1,48 @@ + + + + mod_rpaf: Denial of Service + A vulnerability in mod_rpaf may result in Denial of Service. + mod_rpaf + September 27, 2012 + September 27, 2012: 1 + 432406 + remote + + + 0.6 + 0.6 + + + +

mod_rpaf is a reverse proxy add forward module for backend Apache + servers. +

+ + +

An error has been found in the way mod_rpaf handles X-Forwarded-For + headers. Please review the CVE identifier referenced below for details. +

+ + +

A remote attacker could send a specially crafted HTTP header, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All mod_rpaf users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_rpaf-0.6" + + + + CVE-2012-3526 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-21.xml new file mode 100644 index 0000000000..65e2f41e13 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-21.xml @@ -0,0 +1,50 @@ + + + + fastjar: Directory traversal + Two directory traversal vulnerabilities have been found in fastjar, + allowing remote attackers to create or overwrite arbitrary files. + + fastjar + September 28, 2012 + September 28, 2012: 1 + 325557 + remote + + + 0.98-r1 + 0.98-r1 + + + +

fastjar is a Java archiver written in C.

+ + +

Two directory traversal vulnerabilities have been discovered in fastjar. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted JAR + file, possibly resulting in the creation or truncation of arbitrary + files. +

+ + +

There is no known workaround at this time.

+ + +

All fastjar users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/fastjar-0.98-r1" + + + + CVE-2010-0831 + CVE-2010-2322 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-22.xml new file mode 100644 index 0000000000..1322f116c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-22.xml @@ -0,0 +1,48 @@ + + + + libgssglue: Privilege escalation + A vulnerability in libgssglue may allow a local attacker to gain + escalated privileges. + + libgssglue + September 28, 2012 + September 28, 2012: 1 + 385321 + local + + + 0.4 + 0.4 + + + +

libgssglue exports a GSSAPI interface which calls other random GSSAPI + libraries. +

+ + +

libgssglue does not securely use getenv() when loading a library for a + setuid application. +

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All libgssglue users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libgssglue-0.4" + + + + CVE-2011-2709 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-23.xml new file mode 100644 index 0000000000..c4755d61b0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-23.xml @@ -0,0 +1,63 @@ + + + + GIMP: Multiple vulnerabilities + Multiple vulnerabilities have been found in GIMP, the worst of + which allow execution of arbitrary code or Denial of Service. + + gimp + September 28, 2012 + September 28, 2012: 1 + 293127 + 350915 + 372975 + 379289 + 418425 + 432582 + remote + + + 2.6.12-r2 + 2.6.12-r2 + + + +

GIMP is the GNU Image Manipulation Program.

+ + +

Multiple vulnerabilities have been discovered in GIMP. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GIMP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.6.12-r2" + + + + + CVE-2009-1570 + CVE-2009-3909 + CVE-2010-4540 + CVE-2010-4541 + CVE-2010-4542 + CVE-2010-4543 + CVE-2011-1178 + CVE-2011-2896 + CVE-2012-2763 + CVE-2012-3402 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-24.xml new file mode 100644 index 0000000000..d360b59f15 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-24.xml @@ -0,0 +1,102 @@ + + + + PostgreSQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in PostgreSQL which may + allow a remote attacker to conduct several attacks. + + + PostgreSQL + September 28, 2012 + January 20, 2014: 2 + 406037 + 419727 + 431766 + remote + + + 9.1.5 + 9.0.9 + 8.4.13 + 8.3.20 + 8.4.17 + 8.4.19 + 9.0.13 + 9.0.14 + 9.0.15 + 8.4.14 + 8.4.15 + 8.4.16 + 9.0.16 + 9.0.17 + 9.1.5 + + + +

PostgreSQL is an open source object-relational database management + system. +

+ + +

Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could spoof SSL connections. Furthermore, a remote + authenticated attacker could cause a Denial of Service, read and write + arbitrary files, inject SQL commands into dump scripts, or bypass + database restrictions to execute database functions. +

+ +

A context-dependent attacker could more easily obtain access via + authentication attempts with an initial substring of the intended + password. +

+ + +

There is no known workaround at this time.

+ + +

All PostgreSQL 9.1 server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.1.5" + + +

All PostgreSQL 9.0 server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.0.9" + + +

All PostgreSQL 8.4 server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.4.13" + + +

All PostgreSQL 8.3 server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.3.20" + + + + CVE-2012-0866 + CVE-2012-0867 + CVE-2012-0868 + CVE-2012-2143 + CVE-2012-2655 + CVE-2012-3488 + CVE-2012-3489 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-25.xml new file mode 100644 index 0000000000..8e5009eeeb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201209-25.xml @@ -0,0 +1,209 @@ + + + + VMware Player, Server, Workstation: Multiple vulnerabilities + Multiple vulnerabilities have been found in VMware Player, Server, + and Workstation, allowing remote and local attackers to conduct several + attacks, including privilege escalation, remote execution of arbitrary + code, and a Denial of Service. + + vmware-server vmware-player vmware-workstation + September 29, 2012 + September 29, 2012: 2 + 213548 + 224637 + 236167 + 245941 + 265139 + 282213 + 297367 + 335866 + 385727 + local, remote + + + 2.5.5.328052 + + + 6.5.5.328052 + + + 1.0.9.156507 + + + +

VMware Player, Server, and Workstation allow emulation of a complete PC + on a PC without the usual performance overhead of most emulators. +

+ + +

Multiple vulnerabilities have been discovered in VMware Player, Server, + and Workstation. Please review the CVE identifiers referenced below for + details. +

+ + +

Local users may be able to gain escalated privileges, cause a Denial of + Service, or gain sensitive information. +

+ +

A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the remote execution of arbitrary code, or a Denial + of Service. Remote attackers also may be able to spoof DNS traffic, read + arbitrary files, or inject arbitrary web script to the VMware Server + Console. +

+ +

Furthermore, guest OS users may be able to execute arbitrary code on the + host OS, gain escalated privileges on the guest OS, or cause a Denial of + Service (crash the host OS). +

+ + +

There is no known workaround at this time.

+ + +

Gentoo discontinued support for VMware Player. We recommend that users + unmerge VMware Player: +

+ + + # emerge --unmerge "app-emulation/vmware-player" + + +

NOTE: Users could upgrade to + “>=app-emulation/vmware-player-3.1.5”, however these packages are + not currently stable. +

+ +

Gentoo discontinued support for VMware Workstation. We recommend that + users unmerge VMware Workstation: +

+ + + # emerge --unmerge "app-emulation/vmware-workstation" + + +

NOTE: Users could upgrade to + “>=app-emulation/vmware-workstation-7.1.5”, however these packages + are not currently stable. +

+ +

Gentoo discontinued support for VMware Server. We recommend that users + unmerge VMware Server: +

+ + + # emerge --unmerge "app-emulation/vmware-server" + + + + CVE-2007-5269 + + CVE-2007-5503 + + + CVE-2007-5671 + + + CVE-2008-0967 + + + CVE-2008-1340 + + + CVE-2008-1361 + + + CVE-2008-1362 + + + CVE-2008-1363 + + + CVE-2008-1364 + + + CVE-2008-1392 + + + CVE-2008-1447 + + + CVE-2008-1806 + + + CVE-2008-1807 + + + CVE-2008-1808 + + + CVE-2008-2098 + + + CVE-2008-2100 + + + CVE-2008-2101 + + + CVE-2008-4915 + + + CVE-2008-4916 + + + CVE-2008-4917 + + + CVE-2009-0040 + + + CVE-2009-0909 + + + CVE-2009-0910 + + CVE-2009-1244 + + CVE-2009-2267 + + + CVE-2009-3707 + + + CVE-2009-3732 + + + CVE-2009-3733 + + + CVE-2009-4811 + + + CVE-2010-1137 + + + CVE-2010-1138 + + + CVE-2010-1139 + + + CVE-2010-1140 + + + CVE-2010-1141 + + + CVE-2010-1142 + + + CVE-2010-1143 + + CVE-2011-3868 + + system + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-01.xml new file mode 100644 index 0000000000..a801679f57 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-01.xml @@ -0,0 +1,49 @@ + + + + w3m: SSL spoofing vulnerability + An error in the hostname matching of w3m might enable remote + attackers to conduct man-in-the-middle attacks. + + w3m + October 18, 2012 + October 18, 2012: 1 + 325431 + remote + + + 0.5.2-r4 + 0.5.2-r4 + + + +

w3m is a text based WWW browser.

+ + +

A SSL spoofing vulnerability has been discovered in w3m. Please review + the CVE identifier referenced below for details. +

+ + +

A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using w3m. +

+ + +

There is no known workaround at this time.

+ + +

All w3m users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/w3m-0.5.2-r4" + + + + + CVE-2010-2074 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-02.xml new file mode 100644 index 0000000000..9d804f19dd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-02.xml @@ -0,0 +1,61 @@ + + + + MoinMoin: Multiple vulnerabilities + Multiple vulnerabilities have been found in MoinMoin, the worst of + which allowing for injection of arbitrary web script or HTML. + + MoinMoin + October 18, 2012 + October 18, 2012: 1 + 305663 + 339295 + remote + + + 1.9.4 + 1.9.4 + + + +

MoinMoin is a Python WikiEngine.

+ + +

Multiple vulnerabilities have been discovered in MoinMoin. Please review + the CVE identifiers referenced below for details. +

+ + +

These vulnerabilities in MoinMoin allow remote users to inject arbitrary + web script or HTML, to obtain sensitive information and to bypass the + textcha protection mechanism. There are several other unknown impacts and + attack vectors. +

+ + + +

There is no known workaround at this time.

+ + +

All MoinMoin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.4" + + + + + CVE-2010-0668 + CVE-2010-0669 + CVE-2010-0717 + CVE-2010-0828 + CVE-2010-1238 + CVE-2010-2487 + CVE-2010-2969 + CVE-2010-2970 + CVE-2011-1058 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-03.xml new file mode 100644 index 0000000000..3deaeb2d6d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-03.xml @@ -0,0 +1,51 @@ + + + + rdesktop: Directory Traversal + A vulnerability which allows a remote attacking server to read or + overwrite arbitrary files has been found in rdesktop. + + rdesktop + October 18, 2012 + October 18, 2012: 1 + 364191 + remote + + + 1.7.0 + 1.7.0 + + + +

rdesktop is a Remote Desktop Protocol (RDP) Client.

+ + +

A vulnerability has been discovered in rdesktop. Please review the CVE + identifier referenced below for details. +

+ + +

Remote RDP servers may be able to read or overwrite arbitrary files via + a .. (dot dot) in a pathname. +

+ + +

There is no known workaround at this time.

+ + +

All rdesktop users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.7.0" + + + + + CVE-2011-1595 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-04.xml new file mode 100644 index 0000000000..a114d20fc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-04.xml @@ -0,0 +1,61 @@ + + + + qemu-kvm: Multiple vulnerabilities + Multiple vulnerabilities were found in qemu-kvm, allowing attackers + to execute arbitrary code. + + ebuild + October 18, 2012 + October 18, 2012: 1 + 364889 + 365259 + 372411 + 373997 + 400595 + 430456 + remote + + + 1.1.1-r1 + 1.1.1-r1 + + + +

qemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools.

+ + +

Multiple vulnerabilities have been discovered in qemu-kvm. Please review + the CVE identifiers referenced below for details. +

+ + +

These vulnerabilities allow a remote attacker to cause a Denial of + Service condition on the host server or qemu process, might allow for + arbitrary code execution or a symlink attack when qemu-kvm is in snapshot + mode. +

+ + +

There is no known workaround at this time.

+ + +

All qemu-kvm users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-kvm-1.1.1-r1" + + + + + CVE-2011-1750 + CVE-2011-1751 + CVE-2011-2212 + CVE-2011-2512 + CVE-2012-0029 + CVE-2012-2652 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-05.xml new file mode 100644 index 0000000000..0ed0fbb769 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-05.xml @@ -0,0 +1,66 @@ + + + + Bash: Multiple vulnerabilities + Two vulnerabilities have been found in Bash, the worst of which may + allow execution of arbitrary code. + + bash + October 20, 2012 + October 20, 2012: 1 + 251319 + 431850 + local + + + 4.2_p37 + 4.2_p37 + + + +

Bash is the standard GNU Bourne Again SHell.

+ + +

Two vulnerabilities have been found in Bash:

+ +
    +
  • Bash example scripts do not handle temporary files securely + (CVE-2008-5374). +
    • +
  • Improper bounds checking in Bash could cause a stack-based buffer + overflow (CVE-2012-3410). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted Bash + script, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition of the Bash + executable. +

+ +

A local attacker may be able to perform symlink attacks to overwrite + arbitrary files with the privileges of the user running the application + or bypass shell access restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Bash users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p37" + + + + CVE-2008-5374 + CVE-2012-3410 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-06.xml new file mode 100644 index 0000000000..3a59ad0673 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-06.xml @@ -0,0 +1,67 @@ + + + + Libav: Multiple vulnerabilities + Multiple vulnerabilities have been found in Libav, allowing + attackers to execute arbitrary code or cause Denial of Service. + + libav + October 20, 2012 + October 20, 2012: 1 + 408555 + 422537 + remote + + + 0.8.3 + 0.8.3 + + + +

Libav is a complete solution to record, convert and stream audio and + video. +

+ + +

Multiple vulnerabilities have been discovered in Libav. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted media + file in an application linked against Libav, possibly resulting in + execution of arbitrary code with the privileges of the application or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Libav users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/libav-0.8.3" + + + + CVE-2011-3929 + CVE-2011-3936 + CVE-2011-3937 + CVE-2011-3937 + CVE-2011-3940 + CVE-2011-3945 + CVE-2011-3947 + CVE-2011-3951 + CVE-2011-3952 + CVE-2012-0848 + CVE-2012-0851 + CVE-2012-0852 + CVE-2012-0853 + CVE-2012-0858 + CVE-2012-0947 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-07.xml new file mode 100644 index 0000000000..2dc4761eca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201210-07.xml @@ -0,0 +1,103 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium, some of + which may allow execution of arbitrary code. + + chromium + October 21, 2012 + October 21, 2012: 1 + 433551 + 436234 + 437664 + 437984 + remote + + + 22.0.1229.94 + 22.0.1229.94 + + + +

Chromium is an open source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers and release notes referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Chromium, possibly resulting in the execution of arbitrary + code with the privileges of the process, arbitrary file write, a Denial + of Service condition, Cross-Site Scripting in SSL interstitial and + various Universal Cross-Site Scripting attacks. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-22.0.1229.94" + + + + CVE-2012-2859 + CVE-2012-2860 + CVE-2012-2865 + CVE-2012-2866 + CVE-2012-2867 + CVE-2012-2868 + CVE-2012-2869 + CVE-2012-2872 + CVE-2012-2874 + CVE-2012-2876 + CVE-2012-2877 + CVE-2012-2878 + CVE-2012-2879 + CVE-2012-2880 + CVE-2012-2881 + CVE-2012-2882 + CVE-2012-2883 + CVE-2012-2884 + CVE-2012-2885 + CVE-2012-2886 + CVE-2012-2887 + CVE-2012-2888 + CVE-2012-2889 + CVE-2012-2891 + CVE-2012-2892 + CVE-2012-2894 + CVE-2012-2896 + CVE-2012-2900 + CVE-2012-5108 + CVE-2012-5110 + CVE-2012-5111 + CVE-2012-5112 + CVE-2012-5376 + + Release Notes 21.0.1180.89 + + + Release Notes 22.0.1229.79 + + + Release Notes 22.0.1229.92 + + + Release Notes 22.0.1229.94 + + + + phajdan.jr + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201211-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201211-01.xml new file mode 100644 index 0000000000..70fe2b214e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201211-01.xml @@ -0,0 +1,78 @@ + + + + MantisBT: Multiple vulnerabilities + Multiple vulnerabilities have been found in MantisBT, the worst of + which allowing for local file inclusion. + + MantisBT + November 08, 2012 + November 08, 2012: 1 + 348761 + 381417 + 386153 + 407121 + 420375 + remote + + + 1.2.11 + 1.2.11 + + + +

MantisBT is a PHP/MySQL/Web based bugtracking system.

+ + +

Multiple vulnerabilities have been discovered in MantisBT. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could exploit these vulnerabilities to conduct + directory traversal attacks, disclose the contents of local files, inject + arbitrary web scripts, obtain sensitive information, bypass + authentication and intended access restrictions, or manipulate bugs and + attachments. +

+ + +

There is no known workaround at this time.

+ + +

All MantisBT users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.2.11" + + + + + CVE-2010-3303 + CVE-2010-3763 + CVE-2010-4348 + CVE-2010-4349 + CVE-2010-4350 + CVE-2011-2938 + CVE-2011-3356 + CVE-2011-3357 + CVE-2011-3358 + CVE-2011-3578 + CVE-2011-3755 + CVE-2012-1118 + CVE-2012-1119 + CVE-2012-1120 + CVE-2012-1121 + CVE-2012-1122 + CVE-2012-1123 + CVE-2012-2691 + CVE-2012-2692 + + + underling + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-01.xml new file mode 100644 index 0000000000..6be2552dac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-01.xml @@ -0,0 +1,1245 @@ + + + + Mozilla Products: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, + Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may + allow execution of arbitrary code or local privilege escalation. + + firefox + January 08, 2013 + January 08, 2013: 1 + 180159 + 181361 + 207261 + 238535 + 246602 + 251322 + 255221 + 255234 + 255687 + 257577 + 260062 + 261386 + 262704 + 267234 + 273918 + 277752 + 280226 + 280234 + 280393 + 282549 + 284439 + 286721 + 290892 + 292034 + 297532 + 305689 + 307045 + 311021 + 312361 + 312645 + 312651 + 312675 + 312679 + 312763 + 313003 + 324735 + 326341 + 329279 + 336396 + 341821 + 342847 + 348316 + 357057 + 360055 + 360315 + 365323 + 373595 + 379549 + 381245 + 388045 + 390771 + 395431 + 401701 + 403183 + 404437 + 408161 + 413657 + 419917 + 427224 + 433383 + 437780 + 439586 + 439960 + 444318 + local, remote + + + 10.0.11 + 10.0.11 + + + 10.0.11 + 10.0.11 + + + 10.0.11 + 10.0.11 + + + 10.0.11 + 10.0.11 + + + 2.14-r1 + 2.14-r1 + + + 2.14 + 2.14 + + + 3.14 + 3.14 + + + 3.6.8 + + + 3.5.6 + + + 3.0.4-r1 + + + 3.0 + + + 10.0-r1 + + + 2.0-r1 + + + 1.8.1.19 + + + +

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an + open-source email client, both from the Mozilla Project. The SeaMonkey + project is a community effort to deliver production-quality releases of + code derived from the application formerly known as the ‘Mozilla + Application Suite’. XULRunner is a Mozilla runtime package that can be + used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. + NSS is Mozilla’s Network Security Services library that implements PKI + support. IceCat is the GNU version of Firefox. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox, + Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. Furthermore, a remote attacker may be able + to perform Man-in-the-Middle attacks, obtain sensitive information, + bypass restrictions and protection mechanisms, force file downloads, + conduct XML injection attacks, conduct XSS attacks, bypass the Same + Origin Policy, spoof URL’s for phishing attacks, trigger a vertical + scroll, spoof the location bar, spoof an SSL indicator, modify the + browser’s font, conduct clickjacking attacks, or have other unspecified + impact. +

+ +

A local attacker could gain escalated privileges, obtain sensitive + information, or replace an arbitrary downloaded file. +

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" + + +

All users of the Mozilla Firefox binary package should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11" + + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-10.0.11" + + +

All users of the Mozilla Thunderbird binary package should upgrade to + the latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-10.0.11" + + +

All Mozilla SeaMonkey users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1" + + +

All users of the Mozilla SeaMonkey binary package should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14" + + +

All NSS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14" + + +

The “www-client/mozilla-firefox” package has been merged into the + “www-client/firefox” package. To upgrade, please unmerge + “www-client/mozilla-firefox” and then emerge the latest + “www-client/firefox” package: +

+ + + # emerge --sync + # emerge --unmerge "www-client/mozilla-firefox" + # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" + + +

The “www-client/mozilla-firefox-bin” package has been merged into + the “www-client/firefox-bin” package. To upgrade, please unmerge + “www-client/mozilla-firefox-bin” and then emerge the latest + “www-client/firefox-bin” package: +

+ + + # emerge --sync + # emerge --unmerge "www-client/mozilla-firefox-bin" + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11" + + +

The “mail-client/mozilla-thunderbird” package has been merged into + the “mail-client/thunderbird” package. To upgrade, please unmerge + “mail-client/mozilla-thunderbird” and then emerge the latest + “mail-client/thunderbird” package: +

+ + + # emerge --sync + # emerge --unmerge "mail-client/mozilla-thunderbird" + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-10.0.11" + + +

The “mail-client/mozilla-thunderbird-bin” package has been merged + into the “mail-client/thunderbird-bin” package. To upgrade, please + unmerge “mail-client/mozilla-thunderbird-bin” and then emerge the + latest “mail-client/thunderbird-bin” package: +

+ + + # emerge --sync + # emerge --unmerge "mail-client/mozilla-thunderbird-bin" + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-10.0.11" + + +

Gentoo discontinued support for GNU IceCat. We recommend that users + unmerge GNU IceCat: +

+ + + # emerge --unmerge "www-client/icecat" + + +

Gentoo discontinued support for XULRunner. We recommend that users + unmerge XULRunner: +

+ + + # emerge --unmerge "net-libs/xulrunner" + + +

Gentoo discontinued support for the XULRunner binary package. We + recommend that users unmerge XULRunner: +

+ + + # emerge --unmerge "net-libs/xulrunner-bin" + + + + + CVE-2011-3101 + + CVE-2007-2436 + + CVE-2007-2437 + + CVE-2007-2671 + CVE-2007-3073 + CVE-2008-0016 + + CVE-2008-0017 + + CVE-2008-0367 + CVE-2008-3835 + + CVE-2008-3836 + + CVE-2008-3837 + + CVE-2008-4058 + + CVE-2008-4059 + + CVE-2008-4060 + + CVE-2008-4061 + + CVE-2008-4062 + + CVE-2008-4063 + + CVE-2008-4064 + + CVE-2008-4065 + + CVE-2008-4066 + + CVE-2008-4067 + + CVE-2008-4068 + + CVE-2008-4069 + + CVE-2008-4070 + + CVE-2008-4582 + + CVE-2008-5012 + + CVE-2008-5013 + + CVE-2008-5014 + + CVE-2008-5015 + + CVE-2008-5016 + + CVE-2008-5017 + + CVE-2008-5018 + + CVE-2008-5019 + + CVE-2008-5021 + + CVE-2008-5022 + + CVE-2008-5023 + + CVE-2008-5024 + + CVE-2008-5052 + + CVE-2008-5500 + + CVE-2008-5501 + + CVE-2008-5502 + + CVE-2008-5503 + + CVE-2008-5504 + + CVE-2008-5505 + + CVE-2008-5506 + + CVE-2008-5507 + + CVE-2008-5508 + + CVE-2008-5510 + + CVE-2008-5511 + + CVE-2008-5512 + + CVE-2008-5513 + + CVE-2008-5822 + + CVE-2008-5913 + + CVE-2008-6961 + + CVE-2009-0071 + + CVE-2009-0071 + + CVE-2009-0352 + + CVE-2009-0353 + + CVE-2009-0354 + + CVE-2009-0355 + + CVE-2009-0356 + + CVE-2009-0357 + + CVE-2009-0358 + + CVE-2009-0652 + + CVE-2009-0771 + + CVE-2009-0772 + + CVE-2009-0773 + + CVE-2009-0774 + + CVE-2009-0775 + + CVE-2009-0776 + + CVE-2009-0777 + + CVE-2009-1044 + + CVE-2009-1169 + + CVE-2009-1302 + + CVE-2009-1303 + + CVE-2009-1304 + + CVE-2009-1305 + + CVE-2009-1306 + + CVE-2009-1307 + + CVE-2009-1308 + + CVE-2009-1309 + + CVE-2009-1310 + + CVE-2009-1311 + + CVE-2009-1312 + + CVE-2009-1313 + + CVE-2009-1392 + + CVE-2009-1563 + + CVE-2009-1571 + + CVE-2009-1828 + + CVE-2009-1832 + + CVE-2009-1833 + + CVE-2009-1834 + + CVE-2009-1835 + + CVE-2009-1836 + + CVE-2009-1837 + + CVE-2009-1838 + + CVE-2009-1839 + + CVE-2009-1840 + + CVE-2009-1841 + + CVE-2009-2043 + + CVE-2009-2044 + + CVE-2009-2061 + + CVE-2009-2065 + + CVE-2009-2210 + + CVE-2009-2404 + + CVE-2009-2408 + + CVE-2009-2462 + + CVE-2009-2463 + + CVE-2009-2464 + + CVE-2009-2465 + + CVE-2009-2466 + + CVE-2009-2467 + + CVE-2009-2469 + + CVE-2009-2470 + + CVE-2009-2471 + + CVE-2009-2472 + + CVE-2009-2477 + + CVE-2009-2478 + CVE-2009-2479 + CVE-2009-2535 + + CVE-2009-2654 + + CVE-2009-2662 + + CVE-2009-2664 + + CVE-2009-2665 + + CVE-2009-3069 + + CVE-2009-3070 + + CVE-2009-3071 + + CVE-2009-3072 + + CVE-2009-3074 + + CVE-2009-3075 + + CVE-2009-3076 + + CVE-2009-3077 + + CVE-2009-3078 + + CVE-2009-3079 + + CVE-2009-3274 + + CVE-2009-3371 + + CVE-2009-3372 + + CVE-2009-3373 + + CVE-2009-3374 + + CVE-2009-3375 + + CVE-2009-3376 + + CVE-2009-3377 + + CVE-2009-3378 + + CVE-2009-3379 + + CVE-2009-3380 + + CVE-2009-3381 + + CVE-2009-3382 + + CVE-2009-3383 + + CVE-2009-3388 + + CVE-2009-3389 + + CVE-2009-3555 + + CVE-2009-3978 + + CVE-2009-3979 + + CVE-2009-3980 + + CVE-2009-3981 + + CVE-2009-3982 + + CVE-2009-3983 + + CVE-2009-3984 + + CVE-2009-3985 + + CVE-2009-3986 + + CVE-2009-3987 + + CVE-2009-3988 + + CVE-2010-0159 + + CVE-2010-0160 + + CVE-2010-0162 + + CVE-2010-0163 + + CVE-2010-0164 + + CVE-2010-0165 + + CVE-2010-0166 + + CVE-2010-0167 + + CVE-2010-0167 + + CVE-2010-0168 + + CVE-2010-0169 + + CVE-2010-0169 + + CVE-2010-0170 + + CVE-2010-0171 + + CVE-2010-0171 + + CVE-2010-0172 + + CVE-2010-0173 + + CVE-2010-0174 + + CVE-2010-0174 + + CVE-2010-0175 + + CVE-2010-0175 + + CVE-2010-0176 + + CVE-2010-0176 + + CVE-2010-0177 + + CVE-2010-0178 + + CVE-2010-0179 + + CVE-2010-0181 + + CVE-2010-0182 + + CVE-2010-0183 + + CVE-2010-0220 + + CVE-2010-0648 + + CVE-2010-0654 + + CVE-2010-1028 + + CVE-2010-1121 + + CVE-2010-1125 + + CVE-2010-1196 + + CVE-2010-1197 + + CVE-2010-1198 + + CVE-2010-1199 + + CVE-2010-1200 + + CVE-2010-1201 + + CVE-2010-1202 + + CVE-2010-1203 + + CVE-2010-1205 + + CVE-2010-1206 + + CVE-2010-1207 + + CVE-2010-1208 + + CVE-2010-1209 + + CVE-2010-1210 + + CVE-2010-1211 + + CVE-2010-1212 + + CVE-2010-1213 + + CVE-2010-1214 + + CVE-2010-1215 + + CVE-2010-1585 + + CVE-2010-2751 + + CVE-2010-2752 + + CVE-2010-2753 + + CVE-2010-2754 + + CVE-2010-2755 + + CVE-2010-2760 + + CVE-2010-2762 + + CVE-2010-2763 + + CVE-2010-2764 + + CVE-2010-2765 + + CVE-2010-2766 + + CVE-2010-2767 + + CVE-2010-2768 + + CVE-2010-2769 + + CVE-2010-2770 + + CVE-2010-3131 + + CVE-2010-3166 + + CVE-2010-3167 + + CVE-2010-3168 + + CVE-2010-3169 + + CVE-2010-3170 + + CVE-2010-3171 + + CVE-2010-3173 + + CVE-2010-3174 + + CVE-2010-3175 + + CVE-2010-3176 + + CVE-2010-3177 + + CVE-2010-3178 + + CVE-2010-3179 + + CVE-2010-3180 + + CVE-2010-3182 + + CVE-2010-3183 + + CVE-2010-3399 + + CVE-2010-3400 + + CVE-2010-3765 + CVE-2010-3766 + + CVE-2010-3767 + + CVE-2010-3768 + + CVE-2010-3769 + + CVE-2010-3770 + + CVE-2010-3771 + + CVE-2010-3772 + + CVE-2010-3773 + + CVE-2010-3774 + + CVE-2010-3775 + + CVE-2010-3776 + + CVE-2010-3777 + + CVE-2010-3778 + + CVE-2010-4508 + + CVE-2010-5074 + + CVE-2011-0051 + + CVE-2011-0053 + + CVE-2011-0054 + + CVE-2011-0055 + + CVE-2011-0056 + + CVE-2011-0057 + + CVE-2011-0058 + + CVE-2011-0059 + + CVE-2011-0061 + + CVE-2011-0062 + + CVE-2011-0065 + + CVE-2011-0066 + + CVE-2011-0067 + + CVE-2011-0068 + + CVE-2011-0069 + + CVE-2011-0070 + + CVE-2011-0071 + + CVE-2011-0072 + + CVE-2011-0073 + + CVE-2011-0074 + + CVE-2011-0075 + + CVE-2011-0076 + + CVE-2011-0077 + + CVE-2011-0078 + + CVE-2011-0079 + + CVE-2011-0080 + + CVE-2011-0081 + + CVE-2011-0082 + + CVE-2011-0083 + + CVE-2011-0084 + + CVE-2011-0085 + + CVE-2011-1187 + CVE-2011-1202 + + CVE-2011-1712 + + CVE-2011-2362 + + CVE-2011-2363 + + CVE-2011-2364 + + CVE-2011-2365 + + CVE-2011-2369 + + CVE-2011-2370 + + CVE-2011-2371 + + CVE-2011-2372 + + CVE-2011-2373 + + CVE-2011-2374 + + CVE-2011-2375 + + CVE-2011-2376 + + CVE-2011-2377 + + CVE-2011-2378 + + CVE-2011-2605 + + CVE-2011-2980 + + CVE-2011-2981 + + CVE-2011-2982 + + CVE-2011-2983 + + CVE-2011-2984 + + CVE-2011-2985 + + CVE-2011-2986 + + CVE-2011-2987 + + CVE-2011-2988 + + CVE-2011-2989 + + CVE-2011-2990 + + CVE-2011-2991 + + CVE-2011-2993 + + CVE-2011-2995 + + CVE-2011-2996 + + CVE-2011-2997 + + CVE-2011-2998 + + CVE-2011-2999 + + CVE-2011-3000 + + CVE-2011-3001 + + CVE-2011-3002 + + CVE-2011-3003 + + CVE-2011-3004 + + CVE-2011-3005 + + CVE-2011-3026 + CVE-2011-3062 + CVE-2011-3232 + + CVE-2011-3389 + CVE-2011-3640 + CVE-2011-3647 + + CVE-2011-3648 + + CVE-2011-3649 + + CVE-2011-3650 + + CVE-2011-3651 + + CVE-2011-3652 + + CVE-2011-3653 + + CVE-2011-3654 + + CVE-2011-3655 + + CVE-2011-3658 + + CVE-2011-3659 + + + CVE-2011-3660 + + CVE-2011-3661 + + CVE-2011-3663 + + CVE-2011-3665 + + CVE-2011-3670 + + CVE-2011-3866 + + CVE-2011-4688 + + CVE-2012-0441 + CVE-2012-0442 + + + CVE-2012-0443 + + + CVE-2012-0444 + + + CVE-2012-0445 + + + CVE-2012-0446 + + + CVE-2012-0447 + + + CVE-2012-0449 + + + CVE-2012-0450 + + CVE-2012-0451 + CVE-2012-0452 + + CVE-2012-0455 + CVE-2012-0456 + CVE-2012-0457 + CVE-2012-0458 + CVE-2012-0459 + CVE-2012-0460 + CVE-2012-0461 + CVE-2012-0462 + CVE-2012-0463 + CVE-2012-0464 + CVE-2012-0467 + CVE-2012-0468 + CVE-2012-0469 + CVE-2012-0470 + CVE-2012-0471 + CVE-2012-0473 + CVE-2012-0474 + CVE-2012-0475 + CVE-2012-0477 + CVE-2012-0478 + CVE-2012-0479 + CVE-2012-1937 + CVE-2012-1938 + CVE-2012-1939 + CVE-2012-1940 + CVE-2012-1941 + CVE-2012-1945 + CVE-2012-1946 + CVE-2012-1947 + CVE-2012-1948 + CVE-2012-1949 + CVE-2012-1950 + CVE-2012-1951 + CVE-2012-1952 + CVE-2012-1953 + CVE-2012-1954 + CVE-2012-1955 + CVE-2012-1956 + + CVE-2012-1957 + CVE-2012-1958 + CVE-2012-1959 + CVE-2012-1960 + CVE-2012-1961 + CVE-2012-1962 + CVE-2012-1963 + CVE-2012-1964 + CVE-2012-1965 + CVE-2012-1966 + CVE-2012-1967 + CVE-2012-1970 + + CVE-2012-1971 + + CVE-2012-1972 + + CVE-2012-1973 + + CVE-2012-1974 + + CVE-2012-1975 + + CVE-2012-1976 + + CVE-2012-1994 + CVE-2012-3956 + + CVE-2012-3957 + + CVE-2012-3958 + + CVE-2012-3959 + + CVE-2012-3960 + + CVE-2012-3961 + + CVE-2012-3962 + + CVE-2012-3963 + + CVE-2012-3964 + + CVE-2012-3965 + + CVE-2012-3966 + + CVE-2012-3967 + + CVE-2012-3968 + + CVE-2012-3969 + + CVE-2012-3970 + + CVE-2012-3971 + + CVE-2012-3972 + + CVE-2012-3973 + + CVE-2012-3975 + + CVE-2012-3976 + + CVE-2012-3977 + + CVE-2012-3978 + + CVE-2012-3980 + + CVE-2012-3982 + + CVE-2012-3984 + + CVE-2012-3985 + + CVE-2012-3986 + + CVE-2012-3988 + + CVE-2012-3989 + + CVE-2012-3990 + + CVE-2012-3991 + + CVE-2012-3992 + + CVE-2012-3993 + + CVE-2012-3994 + + CVE-2012-3995 + + CVE-2012-4179 + + CVE-2012-4180 + + CVE-2012-4181 + + CVE-2012-4182 + + CVE-2012-4183 + + CVE-2012-4184 + + CVE-2012-4185 + + CVE-2012-4186 + + CVE-2012-4187 + + CVE-2012-4188 + + CVE-2012-4190 + + CVE-2012-4191 + + CVE-2012-4192 + + CVE-2012-4193 + + CVE-2012-4194 + CVE-2012-4195 + CVE-2012-4196 + CVE-2012-4201 + CVE-2012-4202 + CVE-2012-4204 + CVE-2012-4205 + CVE-2012-4206 + CVE-2012-4207 + CVE-2012-4208 + CVE-2012-4209 + CVE-2012-4210 + CVE-2012-4212 + CVE-2012-4215 + CVE-2012-4216 + CVE-2012-5354 + + CVE-2012-5829 + CVE-2012-5830 + CVE-2012-5833 + CVE-2012-5835 + CVE-2012-5836 + CVE-2012-5838 + CVE-2012-5839 + CVE-2012-5840 + CVE-2012-5841 + CVE-2012-5842 + CVE-2012-5843 + + Firefox Blocking Fraudulent Certificates + + + Mozilla Foundation Security Advisory 2011-11 + + + Mozilla Foundation Security Advisory 2011-34 + + + + keytoaster + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-02.xml new file mode 100644 index 0000000000..f0b93a82b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-02.xml @@ -0,0 +1,49 @@ + + + + HAProxy: Arbitrary code execution + A buffer overflow in HAProxy may allow execution of arbitrary code. + haproxy + January 08, 2013 + January 08, 2013: 1 + 417079 + remote + + + 1.4.21 + 1.4.21 + + + +

HAProxy is a TCP/HTTP reverse proxy for high availability environments.

+ + +

A boundary error in HAProxy could cause a buffer overflow when header + rewriting is enabled and the configuration sets global.tune.bufsize to a + value greater than the default (16384 bytes). +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All HAProxy users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-1.4.21" + + + + CVE-2012-2942 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-03.xml new file mode 100644 index 0000000000..480d5d7ea5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-03.xml @@ -0,0 +1,57 @@ + + + + Tor: Multiple vulnerabilities + Multiple vulnerabilities have been found in Tor, allowing attackers + to cause Denial of Service or obtain sensitive information. + + tor + January 08, 2013 + January 08, 2013: 1 + 432188 + 434882 + 444804 + remote + + + 0.2.3.25 + 0.2.3.25 + + + +

Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

Multiple vulnerabilities have been discovered in Tor. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service condition or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Tor users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.3.25" + + + + CVE-2012-3517 + CVE-2012-3518 + CVE-2012-3519 + CVE-2012-4419 + CVE-2012-4922 + CVE-2012-5573 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-04.xml new file mode 100644 index 0000000000..b3d0c17d10 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-04.xml @@ -0,0 +1,53 @@ + + + + dhcpcd: Arbitrary code execution + A vulnerability has been found in dhcpcd, allowing remote attackers + to execute arbitrary code on the DHCP client. + + dhcpcd + January 09, 2013 + January 09, 2013: 1 + 362459 + remote + + + 5.2.12 + 5.2.12 + + + +

dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP + client. +

+ + +

A vulnerability has been discovered in dhcpcd. Please review the CVE + identifier referenced below for details. +

+ + +

The vulnerability might allow an attacker to execute arbitrary code on + the DHCP client. +

+ + +

There is no known workaround at this time.

+ + +

All dhcpcd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-5.2.12" + + + + + CVE-2011-0996 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-05.xml new file mode 100644 index 0000000000..d2daa5c4c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-05.xml @@ -0,0 +1,52 @@ + + + + bzip2: User-assisted execution of arbitrary code + An integer overflow vulnerability has been found in bzip2 and could + result in execution of arbitrary code or Denial of Service. + + bzip2 + January 09, 2013 + January 09, 2013: 1 + 338215 + local + + + 1.0.6 + 1.0.6 + + + +

bzip2 is a high-quality data compressor used extensively by Gentoo + Linux. +

+ + +

An integer overflow vulnerability has been discovered in bzip2. Please + review the CVE identifier referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted + compressed file using bzip2, possibly resulting in execution of arbitrary + code with the privileges of the process, or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All bzip2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/bzip2-1.0.6" + + + + CVE-2010-0405 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-06.xml new file mode 100644 index 0000000000..41f56f8271 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-06.xml @@ -0,0 +1,63 @@ + + + + ISC DHCP: Denial of Service + Multiple vulnerabilities have been found in ISC DHCP, the worst of + which may allow remote Denial of Service. + + ISC DHCP Server + January 09, 2013 + January 09, 2013: 1 + 362453 + 378799 + 393617 + 398763 + 428120 + 434880 + remote + + + 4.2.4_p2 + 4.2.4_p2 + + + +

ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.

+ + +

Multiple vulnerabilities have been discovered in ISC DHCP. Please review + the CVE identifiers referenced below for details. +

+ + +

The vulnerabilities might allow remote attackers to execute arbitrary + code or cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All ISC DHCP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.2.4_p2" + + + + CVE-2011-0997 + CVE-2011-2748 + CVE-2011-2749 + CVE-2011-4539 + CVE-2011-4868 + CVE-2012-3570 + CVE-2012-3571 + CVE-2012-3954 + CVE-2012-3955 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-07.xml new file mode 100644 index 0000000000..d0c0b3807c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201301-07.xml @@ -0,0 +1,61 @@ + + + + DokuWiki: Multiple vulnerabilities + Multiple vulnerabilities were found in DokuWiki, the worst of which + leading to privilege escalation. + + DokuWiki + January 09, 2013 + January 09, 2013: 1 + 301310 + 386155 + 412891 + 427232 + remote + + + 20121013 + 20121013 + + + +

DokuWiki is a simple to use Wiki aimed at a small company’s + documentation needs. +

+ + +

Multiple vulnerabilities have been discovered in DokuWiki. Please review + the CVE identifiers referenced below for details. +

+ + +

The vulnerabilities might allow an attacker to disclose local files, to + inject arbitrary web script, or to gain elevated privileges in the + DokuWiki application. +

+ + +

There is no known workaround at this time.

+ + +

All DokuWiki users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20121013" + + + + CVE-2010-0287 + CVE-2010-0288 + CVE-2010-0289 + CVE-2011-2510 + CVE-2011-3727 + CVE-2012-0283 + + + keytoaster + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201304-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201304-01.xml new file mode 100644 index 0000000000..a0ea597c3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201304-01.xml @@ -0,0 +1,63 @@ + + + + NVIDIA Drivers: Privilege escalation + Two vulnerabilities in NVIDIA drivers may allow a local attacker to + gain escalated privileges. + + nvidia-drivers + April 08, 2013 + April 08, 2013: 1 + 429614 + 464248 + remote + + + 304.88 + 304.88 + + + +

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic + boards. +

+ + +

Two vulnerabilities have been discovered in NVIDIA drivers:

+ +
    +
  • A vulnerability has been found in the way NVIDIA drivers handle + read/write access to GPU device nodes, allowing access to arbitrary + system memory locations (CVE-2012-4225). +
    • +
  • A buffer overflow error has been discovered in NVIDIA drivers + (CVE-2013-0131). +
    • +
+ +

NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660 + permissions being used on the GPU device nodes by default. +

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All NVIDIA driver users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=x11-drivers/nvidia-drivers-304.88" + + + + CVE-2012-4225 + CVE-2013-0131 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201307-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201307-01.xml new file mode 100644 index 0000000000..b072e1b6b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201307-01.xml @@ -0,0 +1,58 @@ + + + + HAProxy: Multiple vulnerabilities + Multiple vulnerabilities have been found in HAProxy, allowing + attackers to execute arbitrary code or cause Denial of Service. + + HAProxy + July 11, 2013 + July 11, 2013: 1 + 464340 + 473674 + remote + + + 1.4.24 + 1.4.24 + + + +

HAProxy is a free, very fast and reliable solution offering high + availability, load balancing, and proxying for TCP and HTTP-based + applications. +

+ + +

Multiple vulnerabilities have been discovered in HAProxy. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + application or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All HAProxy users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-1.4.24" + + + + CVE-2013-1912 + CVE-2013-2175 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-01.xml new file mode 100644 index 0000000000..eaa3204c18 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-01.xml @@ -0,0 +1,53 @@ + + + + PuTTY: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Putty, allowing + attackers to compromise user system + + putty + August 21, 2013 + August 21, 2013: 2 + 394429 + 479872 + local, remote + + + 0.63 + 0.63 + + + +

PuTTY is a telnet and SSH client.

+ + +

Multiple vulnerabilities have been discovered in PuTTY. Please review + the CVE identifiers referenced below for details. +

+ + +

An attacker could entice a user to open connection to specially crafted + SSH server, possibly resulting in execution of arbitrary code with the + privileges of the process or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All PuTTY users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/putty-0.63" + + + + CVE-2011-4607 + CVE-2013-4852 + + ackle + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-02.xml new file mode 100644 index 0000000000..32f4887903 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-02.xml @@ -0,0 +1,58 @@ + + + + D-Bus: Denial of Service + A vulnerability has been found in D-Bus which allows a local user + to cause a Denial of Service. + + d-bus + August 22, 2013 + August 22, 2013: 1 + 473190 + local + + + 1.6.12 + 1.6.12 + + + +

D-Bus is a message bus system which processes can use to talk to each + other. +

+ + +

D-Bus’ _dbus_printf_string_upper_bound() function crashes if it + returns exactly 1024 bytes. +

+ + +

A local attacker could provide specially-crafted input to an application + using D-Bus which would cause _dbus_printf_string_upper_bound() to return + 1024 bytes and crash, causing a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All D-Bus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.6.12" + + + + + + CVE-2013-2168 + + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-03.xml new file mode 100644 index 0000000000..c63b10ed97 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-03.xml @@ -0,0 +1,130 @@ + + + + Adobe Reader: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Reader, including + potential remote execution of arbitrary code and local privilege + escalation. + + Ebuild + August 22, 2013 + January 30, 2014: 2 + 431732 + 451058 + 469960 + local, remote + + + 9.5.5 + 9.5.5 + + + +

Adobe Reader is a closed-source PDF reader.

+ + +

Multiple vulnerabilities have been discovered in Adobe Reader. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted PDF + file, possibly resulting in arbitrary code execution or a Denial of + Service condition. A local attacker could gain privileges via unspecified + vectors. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Reader users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5" + + + + + CVE-2012-1525 + CVE-2012-1530 + CVE-2012-2049 + CVE-2012-2050 + CVE-2012-2051 + CVE-2012-4147 + CVE-2012-4148 + CVE-2012-4149 + CVE-2012-4150 + CVE-2012-4151 + CVE-2012-4152 + CVE-2012-4153 + CVE-2012-4154 + CVE-2012-4155 + CVE-2012-4156 + CVE-2012-4157 + CVE-2012-4158 + CVE-2012-4159 + CVE-2012-4160 + CVE-2012-4363 + CVE-2013-0601 + CVE-2013-0602 + CVE-2013-0603 + CVE-2013-0604 + CVE-2013-0605 + CVE-2013-0606 + CVE-2013-0607 + CVE-2013-0608 + CVE-2013-0609 + CVE-2013-0610 + CVE-2013-0611 + CVE-2013-0612 + CVE-2013-0613 + CVE-2013-0614 + CVE-2013-0615 + CVE-2013-0616 + CVE-2013-0617 + CVE-2013-0618 + CVE-2013-0619 + CVE-2013-0620 + CVE-2013-0621 + CVE-2013-0622 + CVE-2013-0623 + CVE-2013-0624 + CVE-2013-0626 + CVE-2013-0627 + CVE-2013-0640 + CVE-2013-0641 + CVE-2013-2549 + CVE-2013-2550 + CVE-2013-2718 + CVE-2013-2719 + CVE-2013-2720 + CVE-2013-2721 + CVE-2013-2722 + CVE-2013-2723 + CVE-2013-2724 + CVE-2013-2725 + CVE-2013-2726 + CVE-2013-2727 + CVE-2013-2729 + CVE-2013-2730 + CVE-2013-2731 + CVE-2013-2732 + CVE-2013-2733 + CVE-2013-2734 + CVE-2013-2735 + CVE-2013-2736 + CVE-2013-2737 + CVE-2013-3337 + CVE-2013-3338 + CVE-2013-3339 + CVE-2013-3340 + CVE-2013-3341 + CVE-2013-3342 + + ackle + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-04.xml new file mode 100644 index 0000000000..8da001b041 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-04.xml @@ -0,0 +1,62 @@ + + + + Puppet: Multiple vulnerabilities + Multiple vulnerabilities have been found in Puppet, the worst of + which could lead to execution of arbitrary code. + + puppet + August 23, 2013 + August 23, 2013: 1 + 456002 + 461656 + 473720 + 481186 + remote + + + 2.7.23 + 2.7.23 + + + +

Puppet is a system configuration management tool written in Ruby.

+ + +

Multiple vulnerabilities have been discovered in Puppet. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Puppet users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.23" + + + + CVE-2012-6120 + CVE-2013-1640 + CVE-2013-1652 + CVE-2013-1653 + CVE-2013-1654 + CVE-2013-1655 + CVE-2013-2274 + CVE-2013-2275 + CVE-2013-3567 + CVE-2013-4761 + CVE-2013-4956 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-05.xml new file mode 100644 index 0000000000..c63c908552 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-05.xml @@ -0,0 +1,121 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark, allowing + remote attackers to execute arbitrary code or cause Denial of Service. + + wireshark + August 28, 2013 + August 30, 2013: 2 + 398549 + 427964 + 431572 + 433990 + 470262 + 472762 + 478694 + remote + + + 1.10.1 + 1.8.9 + 1.10.1 + + + +

Wireshark is a versatile network protocol analyzer.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark 1.10 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.1" + + +

All Wireshark 1.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.9" + + + + CVE-2012-0041 + CVE-2012-0042 + CVE-2012-0043 + CVE-2012-0066 + CVE-2012-0067 + CVE-2012-0068 + CVE-2012-3548 + CVE-2012-4048 + CVE-2012-4049 + CVE-2012-4285 + CVE-2012-4286 + CVE-2012-4287 + CVE-2012-4288 + CVE-2012-4289 + CVE-2012-4290 + CVE-2012-4291 + CVE-2012-4292 + CVE-2012-4293 + CVE-2012-4294 + CVE-2012-4295 + CVE-2012-4296 + CVE-2012-4297 + CVE-2012-4298 + CVE-2013-3555 + CVE-2013-3556 + CVE-2013-3557 + CVE-2013-3558 + CVE-2013-3559 + CVE-2013-3560 + CVE-2013-3561 + CVE-2013-3562 + CVE-2013-4074 + CVE-2013-4075 + CVE-2013-4076 + CVE-2013-4077 + CVE-2013-4078 + CVE-2013-4079 + CVE-2013-4080 + CVE-2013-4081 + CVE-2013-4082 + CVE-2013-4083 + CVE-2013-4920 + CVE-2013-4921 + CVE-2013-4922 + CVE-2013-4923 + CVE-2013-4924 + CVE-2013-4925 + CVE-2013-4926 + CVE-2013-4927 + CVE-2013-4928 + CVE-2013-4929 + CVE-2013-4930 + CVE-2013-4931 + CVE-2013-4932 + CVE-2013-4933 + CVE-2013-4934 + CVE-2013-4935 + CVE-2013-4936 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-06.xml new file mode 100644 index 0000000000..c8ce0ba901 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201308-06.xml @@ -0,0 +1,161 @@ + + + + MySQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in MySQL, allowing + attackers to execute arbitrary code or cause Denial of Service. + + mysql + August 29, 2013 + August 30, 2013: 2 + 399375 + 411503 + 412889 + 417989 + 445602 + 462498 + 466236 + 477474 + remote + + + 5.1.70 + 5.1.70 + + + +

MySQL is a fast, multi-threaded, multi-user SQL database server.

+ + +

Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + application or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MySQL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70" + + + + + CVE-2011-2262 + CVE-2012-0075 + CVE-2012-0087 + CVE-2012-0101 + CVE-2012-0102 + CVE-2012-0112 + CVE-2012-0113 + CVE-2012-0114 + CVE-2012-0115 + CVE-2012-0116 + CVE-2012-0117 + CVE-2012-0118 + CVE-2012-0119 + CVE-2012-0120 + CVE-2012-0484 + CVE-2012-0485 + CVE-2012-0486 + CVE-2012-0487 + CVE-2012-0488 + CVE-2012-0489 + CVE-2012-0490 + CVE-2012-0491 + CVE-2012-0492 + CVE-2012-0493 + CVE-2012-0494 + CVE-2012-0495 + CVE-2012-0496 + CVE-2012-0540 + CVE-2012-0553 + CVE-2012-0572 + CVE-2012-0574 + CVE-2012-0578 + CVE-2012-0583 + CVE-2012-1688 + CVE-2012-1689 + CVE-2012-1690 + CVE-2012-1696 + CVE-2012-1697 + CVE-2012-1702 + CVE-2012-1703 + CVE-2012-1705 + CVE-2012-1734 + CVE-2012-2102 + CVE-2012-2122 + CVE-2012-2749 + CVE-2012-3150 + CVE-2012-3158 + CVE-2012-3160 + CVE-2012-3163 + CVE-2012-3166 + CVE-2012-3167 + CVE-2012-3173 + CVE-2012-3177 + CVE-2012-3180 + CVE-2012-3197 + CVE-2012-5060 + CVE-2012-5096 + CVE-2012-5611 + CVE-2012-5612 + CVE-2012-5613 + CVE-2012-5614 + CVE-2012-5615 + CVE-2012-5627 + CVE-2013-0367 + CVE-2013-0368 + CVE-2013-0371 + CVE-2013-0375 + CVE-2013-0383 + CVE-2013-0384 + CVE-2013-0385 + CVE-2013-0386 + CVE-2013-0389 + CVE-2013-1492 + CVE-2013-1502 + CVE-2013-1506 + CVE-2013-1511 + CVE-2013-1512 + CVE-2013-1521 + CVE-2013-1523 + CVE-2013-1526 + CVE-2013-1531 + CVE-2013-1532 + CVE-2013-1544 + CVE-2013-1548 + CVE-2013-1552 + CVE-2013-1555 + CVE-2013-1566 + CVE-2013-1567 + CVE-2013-1570 + CVE-2013-1623 + CVE-2013-2375 + CVE-2013-2376 + CVE-2013-2378 + CVE-2013-2381 + CVE-2013-2389 + CVE-2013-2391 + CVE-2013-2392 + CVE-2013-2395 + CVE-2013-3802 + CVE-2013-3804 + CVE-2013-3808 + + + underling + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-01.xml new file mode 100644 index 0000000000..d1c62750c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-01.xml @@ -0,0 +1,57 @@ + + + + Cyrus-SASL: Denial of Service + A NULL pointer dereference in Cyrus-SASL may allow remote attackers + to cause a Denial of Service condition. + + cyrus-sasl + September 01, 2013 + September 01, 2013: 1 + 476764 + remote + + + 2.1.26-r3 + 2.1.26-r3 + + + +

Cyrus-SASL is an implementation of the Simple Authentication and + Security Layer. +

+ + +

In the GNU C Library (glibc) from version 2.17 onwards, the crypt() + function call can return NULL when the salt violates specifications or + the system is in FIPS-140 mode and a DES or MD5 hashed password is + passed. When Cyrus-SASL’s authentication mechanisms call crypt(), a + NULL may be returned. +

+ + +

A remote attacker could trigger this vulnerability to cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Cyrus-SASL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.26-r3" + + + + CVE-2013-4122 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-02.xml new file mode 100644 index 0000000000..fcb81b9a00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-02.xml @@ -0,0 +1,59 @@ + + + + strongSwan: Multiple vulnerabilities + Multiple vulnerabilities have been found in strongSwan, possibly + allowing remote attackers to authenticate as other users or cause a Denial + of Service condition. + + strongswan + September 01, 2013 + September 01, 2013: 1 + 468504 + 479396 + 483202 + remote + + + 5.1.0 + 5.1.0 + + + +

strongSwan is an IPSec implementation for Linux.

+ + +

Multiple vulnerabilities have been discovered in strongSwan. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could use ECDSA to authenticate as another user with + an invalid signature. Additionally, a remote attacker could send a + specially crafted request, possibly resulting in a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All strongSwan users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/strongswan-5.1.0" + + + + + CVE-2013-2054 + CVE-2013-2944 + CVE-2013-5018 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-03.xml new file mode 100644 index 0000000000..4a838a0a45 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-03.xml @@ -0,0 +1,56 @@ + + + + Xlockmore: Denial of Service + A buffer overflow in Xlockmore might allow remote attackers to + cause a Denial of Service. + + Xlockmore + September 02, 2013 + September 02, 2013: 1 + 255229 + 440776 + 477328 + local + + + 5.43 + 5.43 + + + +

Xlockmore is just another screensaver application for X.

+ + +

A Denial of Service flaw was found in the way Xlockmore performed + the passing of arguments to the underlying localtime() call, when the + ‘dlock’ mode was used. +

+ + +

A local attacker could possibly cause a Denial of Service condition and + potentially obtain unauthorized access to the graphical session, + previously locked by another user. +

+ + +

There is no known workaround at this time.

+ + +

All Xlockmore users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/xlockmore-5.43" + + + + + CVE-2012-4524 + CVE-2013-4143 + + craig + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-04.xml new file mode 100644 index 0000000000..cdc1f28106 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-04.xml @@ -0,0 +1,54 @@ + + + + Snack: User-assisted execution of arbitrary code + A buffer overflow in Snack could result in execution of arbitrary + code or Denial of Service. + + snack + September 11, 2013 + September 11, 2013: 1 + 446822 + remote + + + 2.2.10-r5 + 2.2.10-r5 + + + +

Snack is a sound toolkit for creating multi-platform audio applications + with scripting languages. +

+ + +

The GetWavHeader() function in jkSoundFile.c does not have boundary + checks when parsing format sub-chunks or unknown sub-chunks. +

+ + +

A remote attacker could entice a user to open a specially crafted WAV + file with an application using Snack, possibly resulting in execution of + arbitrary code or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Snack users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-tcltk/snack-2.2.10-r5" + + + + + CVE-2012-6303 + + ackle + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-05.xml new file mode 100644 index 0000000000..c8e72bf0a7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-05.xml @@ -0,0 +1,58 @@ + + + + pip: Multiple vulnerabilities + Multiple vulnerabilities have been found in pip, which may allow + remote attackers to execute arbitrary code or local attackers to conduct + symlink attacks. + + pip + September 12, 2013 + September 12, 2013: 1 + 462616 + 480202 + local, remote + + + 1.3.1 + 1.3.1 + + + +

pip is a tool for installing and managing Python packages.

+ + +

Multiple vulnerabilities have been discovered in pip. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could conduct a Man-in-the-Middle attack to cause pip + to execute arbitrary code. A local attacker could perform symlink attacks + to overwrite arbitrary files with the privileges of the user running the + application. +

+ + +

There is no known workaround at this time.

+ + +

All pip users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/pip-1.3.1" + + + + + CVE-2013-1629 + CVE-2013-1888 + + + keytoaster + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-06.xml new file mode 100644 index 0000000000..6cece4a287 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-06.xml @@ -0,0 +1,139 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which could result in execution of arbitrary code. + + adobe-flash + September 14, 2013 + September 14, 2013: 2 + 437808 + 442084 + 446984 + 452104 + 456132 + 457066 + 459368 + 461598 + 465534 + 469870 + 473038 + 476328 + 484512 + remote + + + 11.2.202.310 + 11.2.202.310 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple unspecified vulnerabilities have been discovered in Adobe Flash + Player. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open specially crafted SWF + content, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker may be able to bypass access restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.310" + + + + CVE-2012-5248 + CVE-2012-5249 + CVE-2012-5250 + CVE-2012-5251 + CVE-2012-5252 + CVE-2012-5253 + CVE-2012-5254 + CVE-2012-5255 + CVE-2012-5256 + CVE-2012-5257 + CVE-2012-5258 + CVE-2012-5259 + CVE-2012-5260 + CVE-2012-5261 + CVE-2012-5262 + CVE-2012-5263 + CVE-2012-5264 + CVE-2012-5265 + CVE-2012-5266 + CVE-2012-5267 + CVE-2012-5268 + CVE-2012-5269 + CVE-2012-5270 + CVE-2012-5271 + CVE-2012-5272 + CVE-2012-5274 + CVE-2012-5275 + CVE-2012-5276 + CVE-2012-5277 + CVE-2012-5278 + CVE-2012-5279 + CVE-2012-5280 + CVE-2012-5676 + CVE-2012-5677 + CVE-2012-5678 + CVE-2013-0504 + CVE-2013-0630 + CVE-2013-0633 + CVE-2013-0634 + CVE-2013-0637 + CVE-2013-0638 + CVE-2013-0639 + CVE-2013-0642 + CVE-2013-0643 + CVE-2013-0644 + CVE-2013-0645 + CVE-2013-0646 + CVE-2013-0647 + CVE-2013-0648 + CVE-2013-0649 + CVE-2013-0650 + CVE-2013-1365 + CVE-2013-1366 + CVE-2013-1367 + CVE-2013-1368 + CVE-2013-1369 + CVE-2013-1370 + CVE-2013-1371 + CVE-2013-1372 + CVE-2013-1373 + CVE-2013-1374 + CVE-2013-1375 + CVE-2013-1378 + CVE-2013-1379 + CVE-2013-1380 + CVE-2013-2555 + CVE-2013-2728 + CVE-2013-3343 + CVE-2013-3344 + CVE-2013-3345 + CVE-2013-3347 + CVE-2013-3361 + CVE-2013-3362 + CVE-2013-3363 + CVE-2013-5324 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-07.xml new file mode 100644 index 0000000000..6138e98f11 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-07.xml @@ -0,0 +1,54 @@ + + + + libotr: Arbitrary code execution + A buffer overflow vulnerability in libotr could allow a remote + attacker to execute arbitrary code or cause a Denial of Service condition. + + libotr + September 15, 2013 + September 15, 2013: 1 + 430486 + remote + + + 3.2.1 + 3.2.1 + + + +

libotr is a portable off-the-record messaging library.

+ + +

Multiple heap-based buffer overflows are present in the Base64 decoder + of libotr. +

+ + +

A remote attacker could send a specially crafted OTR message, resulting + in arbitrary code execution with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libotr users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libotr-3.2.1" + + + + + CVE-2012-3461 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-08.xml new file mode 100644 index 0000000000..17ace76726 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-08.xml @@ -0,0 +1,65 @@ + + + + FileZilla: Multiple vulnerabilities + Multiple vulnerabilities have been found in FileZilla, the worst of + which could result in arbitrary code execution. + + filezilla + September 15, 2013 + September 15, 2013: 1 + 479880 + 482672 + local, remote + + + 3.7.3 + 3.7.3 + + + +

FileZilla is an open source FTP client.

+ + +

Multiple vulnerabilities have been discovered in FileZilla. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to connect to a malicious server, + resulting in possible arbitrary code execution or a Denial of Service. + Additionally, a local attacker could read sensitive memory, potentially + resulting in password disclosure. +

+ + +

There is no known workaround at this time.

+ + +

All FileZilla users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/filezilla-3.7.3" + + + + + + CVE-2013-4206 + + + CVE-2013-4207 + + + CVE-2013-4208 + + CVE-2013-4852 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-09.xml new file mode 100644 index 0000000000..9bb3f40b0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-09.xml @@ -0,0 +1,70 @@ + + + + LibRaw, libkdcraw: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibRaw and libkdcraw, + the worst of which may lead to arbitrary code execution. + + libraw + September 15, 2013 + September 15, 2013: 1 + 471694 + 482926 + remote + + + 0.15.4 + 0.15.4 + + + 4.10.5-r1 + 4.10.5-r1 + + + +

LibRaw is a library for reading RAW files obtained from digital photo + cameras. libkdcraw is a wrapper for LibRaw within KDE. +

+ + +

Multiple vulnerabilities have been discovered in LibRaw and libkdcraw. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted file, + possibly resulting in arbitrary code execution or Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All LibRaw users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.15.4" + + +

All libkdcraw users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/libkdcraw-4.10.5-r1" + + + + + CVE-2013-1438 + CVE-2013-1439 + CVE-2013-2126 + CVE-2013-2127 + + + pinkbyte + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-10.xml new file mode 100644 index 0000000000..f04b98efb5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-10.xml @@ -0,0 +1,51 @@ + + + + Adobe Reader: Arbitrary Code Execution + A vulnerability in Adobe Reader could result in execution of + arbitrary code or Denial of Service. + + acroread + September 15, 2013 + September 15, 2013: 1 + 483210 + remote + + + 9.5.5 + 9.5.5 + + + +

Adobe Reader is a closed-source PDF reader.

+ + +

An unspecified vulnerability exists in Adobe Reader.

+ + +

An attacker could execute arbitrary code or cause a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Reader users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5" + + + + + CVE-2013-3346 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-11.xml new file mode 100644 index 0000000000..b00446299d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-11.xml @@ -0,0 +1,73 @@ + + + + Subversion: Multiple vulnerabilities + Multiple vulnerabilities have been found in Subversion, allowing + attackers to cause a Denial of Service, escalate privileges, or obtain + sensitive information. + + subversion + September 23, 2013 + September 23, 2013: 1 + 350166 + 356741 + 369065 + 463728 + 463860 + 472202 + 482166 + local, remote + + + 1.7.13 + 1.7.13 + + + +

Subversion is a versioning system designed to be a replacement for CVS.

+ + +

Multiple vulnerabilities have been discovered in Subversion. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service condition or obtain + sensitive information. A local attacker could escalate his privileges to + the user running svnserve. +

+ + +

There is no known workaround at this time.

+ + +

All Subversion users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13" + + + + CVE-2010-4539 + CVE-2010-4644 + CVE-2011-0715 + CVE-2011-1752 + CVE-2011-1783 + CVE-2011-1921 + CVE-2013-1845 + CVE-2013-1846 + CVE-2013-1847 + CVE-2013-1849 + CVE-2013-1884 + CVE-2013-1968 + CVE-2013-2088 + CVE-2013-2112 + CVE-2013-4131 + CVE-2013-4277 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-12.xml new file mode 100644 index 0000000000..76ef2ffd39 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-12.xml @@ -0,0 +1,62 @@ + + + + Apache HTTP Server: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in Apache HTTP + Server, possibly allowing remote attackers to execute arbitrary code, cause + a Denial of Service condition or perform man-in-the-middle attacks. + + apache + September 23, 2013 + September 23, 2013: 1 + 275645 + 438680 + 466502 + 476568 + remote + + + 2.2.25 + 2.2.25 + + + +

Apache HTTP Server is one of the most popular web servers on the + Internet. +

+ + +

Multiple vulnerabilities have been found in Apache HTTP Server. Please + review the CVE identifiers and research paper referenced below for + details. +

+ + +

A remote attacker could send a specially crafted request to possibly + execute arbitrary code, cause Denial of Service, or obtain sensitive + information. +

+ + +

There is no known workaround at this time.

+ + +

All Apache HTTP Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.25" + + + + CVE-2007-6750 + CVE-2012-4929 + CVE-2013-1862 + CVE-2013-1896 + + Compression and Information Leakage of Plaintext + + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-13.xml new file mode 100644 index 0000000000..2b13c86819 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-13.xml @@ -0,0 +1,51 @@ + + + + GNU ZRTP: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNU ZRTP, some of which + may allow execution of arbitrary code. + + libzrtpcpp + September 24, 2013 + September 24, 2013: 1 + 481228 + remote + + + 2.3.4 + 2.3.4 + + + +

GNU ZRTP is a C++ implementation of the ZRTP protocol.

+ + +

Multiple vulnerabilities have been discovered in GNU ZRTP. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All GNU ZRTP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libzrtpcpp-2.3.4" + + + + CVE-2013-2221 + CVE-2013-2222 + CVE-2013-2223 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-14.xml new file mode 100644 index 0000000000..c95032945c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-14.xml @@ -0,0 +1,52 @@ + + + + MoinMoin: Multiple vulnerabilities + Multiple vulnerabilities have been reported in MoinMoin, the worst + of which may allow execution of arbitrary code. + + moinmoin + September 24, 2013 + September 24, 2013: 1 + 449314 + remote + + + 1.9.6 + 1.9.6 + + + +

MoinMoin is a Python WikiEngine.

+ + +

Multiple vulnerabilities have been discovered in MoinMoin. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the process, overwrite arbitrary files, or conduct + Cross-Site Scripting (XSS) attacks. +

+ + +

There is no known workaround at this time.

+ + +

All MoinMoin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.6" + + + + CVE-2012-6080 + CVE-2012-6081 + CVE-2012-6082 + CVE-2012-6495 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-15.xml new file mode 100644 index 0000000000..69c23efa5d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-15.xml @@ -0,0 +1,66 @@ + + + + ProFTPD: Multiple vulnerabilities + Multiple vulnerabilities have been found in ProFTPD, the worst of + which leading to remote execution of arbitrary code. + + ProFTPD + September 24, 2013 + September 24, 2013: 1 + 305343 + 343389 + 348998 + 354080 + 361963 + 390075 + 450746 + 484614 + local, remote + + + 1.3.4d + 1.3.4d + + + +

ProFTPD is an advanced and very configurable FTP server.

+ + +

Multiple vulnerabilities have been discovered in ProFTPD. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process, perform man-in-the-middle attacks to spoof + arbitrary SSL servers, cause a Denial of Service condition, or read and + modify arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All ProFTPD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d" + + + + CVE-2009-3555 + CVE-2010-3867 + CVE-2010-4221 + CVE-2010-4652 + CVE-2011-1137 + CVE-2011-4130 + CVE-2012-6095 + CVE-2013-4359 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-16.xml new file mode 100644 index 0000000000..07b548a93a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-16.xml @@ -0,0 +1,234 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + some of which may allow execution of arbitrary code. + + chromium v8 + September 24, 2013 + September 25, 2013: 2 + 442096 + 444826 + 445246 + 446944 + 451334 + 453610 + 458644 + 460318 + 460776 + 463426 + 470920 + 472350 + 476344 + 479048 + 481990 + remote + + + 29.0.1457.57 + 29.0.1457.57 + + + 3.18.5.14 + 3.18.5.14 + + + +

Chromium is an open-source web browser project. V8 is Google’s open + source JavaScript engine. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. Furthermore, a remote attacker + may be able to bypass security restrictions or have other, unspecified, + impact. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-29.0.1457.57" + + +

All V8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" + + + + CVE-2012-5116 + CVE-2012-5117 + CVE-2012-5118 + CVE-2012-5120 + CVE-2012-5121 + CVE-2012-5122 + CVE-2012-5123 + CVE-2012-5124 + CVE-2012-5125 + CVE-2012-5126 + CVE-2012-5127 + CVE-2012-5128 + CVE-2012-5130 + CVE-2012-5132 + CVE-2012-5133 + CVE-2012-5135 + CVE-2012-5136 + CVE-2012-5137 + CVE-2012-5138 + CVE-2012-5139 + CVE-2012-5140 + CVE-2012-5141 + CVE-2012-5142 + CVE-2012-5143 + CVE-2012-5144 + CVE-2012-5145 + CVE-2012-5146 + CVE-2012-5147 + CVE-2012-5148 + CVE-2012-5149 + CVE-2012-5150 + CVE-2012-5151 + CVE-2012-5152 + CVE-2012-5153 + CVE-2012-5154 + CVE-2013-0828 + CVE-2013-0829 + CVE-2013-0830 + CVE-2013-0831 + CVE-2013-0832 + CVE-2013-0833 + CVE-2013-0834 + CVE-2013-0835 + CVE-2013-0836 + CVE-2013-0837 + CVE-2013-0838 + CVE-2013-0839 + CVE-2013-0840 + CVE-2013-0841 + CVE-2013-0842 + CVE-2013-0879 + CVE-2013-0880 + CVE-2013-0881 + CVE-2013-0882 + CVE-2013-0883 + CVE-2013-0884 + CVE-2013-0885 + CVE-2013-0887 + CVE-2013-0888 + CVE-2013-0889 + CVE-2013-0890 + CVE-2013-0891 + CVE-2013-0892 + CVE-2013-0893 + CVE-2013-0894 + CVE-2013-0895 + CVE-2013-0896 + CVE-2013-0897 + CVE-2013-0898 + CVE-2013-0899 + CVE-2013-0900 + CVE-2013-0902 + CVE-2013-0903 + CVE-2013-0904 + CVE-2013-0905 + CVE-2013-0906 + CVE-2013-0907 + CVE-2013-0908 + CVE-2013-0909 + CVE-2013-0910 + CVE-2013-0911 + CVE-2013-0912 + CVE-2013-0916 + CVE-2013-0917 + CVE-2013-0918 + CVE-2013-0919 + CVE-2013-0920 + CVE-2013-0921 + CVE-2013-0922 + CVE-2013-0923 + CVE-2013-0924 + CVE-2013-0925 + CVE-2013-0926 + CVE-2013-2836 + CVE-2013-2837 + CVE-2013-2838 + CVE-2013-2839 + CVE-2013-2840 + CVE-2013-2841 + CVE-2013-2842 + CVE-2013-2843 + CVE-2013-2844 + CVE-2013-2845 + CVE-2013-2846 + CVE-2013-2847 + CVE-2013-2848 + CVE-2013-2849 + CVE-2013-2853 + CVE-2013-2855 + CVE-2013-2856 + CVE-2013-2857 + CVE-2013-2858 + CVE-2013-2859 + CVE-2013-2860 + CVE-2013-2861 + CVE-2013-2862 + CVE-2013-2863 + CVE-2013-2865 + CVE-2013-2867 + CVE-2013-2868 + CVE-2013-2869 + CVE-2013-2870 + CVE-2013-2871 + CVE-2013-2874 + CVE-2013-2875 + CVE-2013-2876 + CVE-2013-2877 + CVE-2013-2878 + CVE-2013-2879 + CVE-2013-2880 + CVE-2013-2881 + CVE-2013-2882 + CVE-2013-2883 + CVE-2013-2884 + CVE-2013-2885 + CVE-2013-2886 + CVE-2013-2887 + CVE-2013-2900 + CVE-2013-2901 + CVE-2013-2902 + CVE-2013-2903 + CVE-2013-2904 + CVE-2013-2905 + + Release Notes 23.0.1271.64 + + + Release Notes 23.0.1271.91 + + + Release Notes 23.0.1271.95 + + + ackle + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-17.xml new file mode 100644 index 0000000000..0b6f864d24 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-17.xml @@ -0,0 +1,58 @@ + + + + Monkey HTTP Daemon: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in Monkey HTTP + Daemon, the worst of which could result in arbitrary code execution. + + monkeyd + September 25, 2013 + September 25, 2013: 1 + 471906 + 472400 + 472644 + remote + + + 1.2.2 + 1.2.2 + + + +

Monkey HTTP Daemon is a lightweight and powerful web server for + GNU/Linux. +

+ + +

Multiple vulnerabilities have been discovered in Monkey HTTP Daemon. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted request, resulting in + possible arbitrary code execution or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Monkey HTTP Daemon users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/monkeyd-1.2.2" + + + + CVE-2013-2163 + CVE-2013-3724 + CVE-2013-3843 + + + pinkbyte + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-18.xml new file mode 100644 index 0000000000..71170e1a64 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-18.xml @@ -0,0 +1,59 @@ + + + + libvirt: Multiple vulnerabilities + Multiple vulnerabilities have been found in libvirt, allowing + remote attackers to execute arbitrary code or cause Denial of Service. + + libvirt + September 25, 2013 + September 25, 2013: 1 + 454588 + 470096 + remote + + + 1.0.5.1-r3 + 1.0.5.1-r3 + + + +

libvirt is a C toolkit for manipulating virtual machines.

+ + +

An error in the virNetMessageFree() function in rpc/virnetserverclient.c + can lead to a use-after-free. Additionally, a socket leak in the + remoteDispatchStoragePoolListAllVolumes command can lead to file + descriptor exhaustion. +

+ + +

A remote attacker could cause certain errors during an RPC connection to + cause a message to be freed without being removed from the message queue, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. Additionally, a remote attacker could repeatedly issue the + command to list all pool volumes, causing a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libvirt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/libvirt-1.0.5.1-r3" + + + + + CVE-2013-0170 + CVE-2013-1962 + + ackle + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-19.xml new file mode 100644 index 0000000000..efa061179a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-19.xml @@ -0,0 +1,54 @@ + + + + TPP: User-assisted execution of arbitrary code + A vulnerability in TPP might allow a remote attacker to execute + arbitrary code. + + tpp + September 25, 2013 + September 25, 2013: 1 + 474018 + remote + + + 1.3.1-r2 + 1.3.1-r2 + + + +

TPP is an ncurses-based text presentation tool.

+ + +

TPP templates may contain a --exec clause, the contents of which are + automatically executed without confirmation from the user. +

+ + +

A remote attacker could entice a user to open a specially crafted file + using TPP, possibly resulting in execution of arbitrary code with the + privileges of the user. +

+ + +

There is no known workaround at this time.

+ + +

All TPP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/tpp-1.3.1-r2" + + + + + CVE-2013-2208 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-20.xml new file mode 100644 index 0000000000..ff48422cb0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-20.xml @@ -0,0 +1,62 @@ + + + + Dropbear: Multiple vulnerabilities + Multiple vulnerabilities have been found in Dropbear, the worst of + which could lead to arbitrary code execution. + + dropbear + September 26, 2013 + September 26, 2013: 1 + 328409 + 405607 + remote + + + 2012.55 + 2012.55 + + + +

Dropbear is an SSH server and client designed with a small memory + footprint. +

+ + +

Multiple vulnerabilities have been discovered in Dropbear. Please review + the CVE identifier and Gentoo bug referenced below for details. +

+ + +

A remote attacker could send a specially crafted request to trigger a + use-after-free condition, possibly resulting in arbitrary code execution + or a Denial of Service condition. Additionally, the bundled version of + libtommath has an error in its prime number generation, which could + result in the generation of weak keys. +

+ + +

There is no known workaround at this time.

+ + +

All Dropbear users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dropbear-2012.55" + + + + + CVE-2012-0920 + libtommath + Gentoo bug + + + + underling + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-21.xml new file mode 100644 index 0000000000..cfb7fc7358 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-21.xml @@ -0,0 +1,56 @@ + + + + klibc: Command Injection + A vulnerability in klibc could allow remote attackers to execute + arbitrary shell code. + + klibc + September 26, 2013 + September 26, 2013: 1 + 369075 + remote + + + 1.5.25 + 1.5.25 + + + +

klibc is a minimalistic libc used for making an initramfs.

+ + +

The ipconfig utility in klibc writes DHCP options to + /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to + get defined variables. The options written to this file are not properly + escaped. +

+ + +

A remote attacker could send a specially crafted DHCP reply, which could + execute arbitrary shell code with the privileges of any process which + sources DHCP options. +

+ + +

There is no known workaround at this time.

+ + +

All klibc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/klibc-1.5.25" + + + + + CVE-2011-1930 + + + pinkbyte + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-22.xml new file mode 100644 index 0000000000..6ec23783ea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-22.xml @@ -0,0 +1,60 @@ + + + + Squid: Multiple vulnerabilities + Multiple vulnerabilities have been found in Squid, possibly + resulting in remote Denial of Service. + + squid + September 27, 2013 + September 27, 2013: 1 + 261208 + 389133 + 447596 + 452584 + 461492 + 476562 + 476960 + remote + + + 3.2.13 + 3.2.13 + + + +

Squid is a full-featured web proxy cache.

+ + +

Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to bypass ACL restrictions or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Squid users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.2.13" + + + + CVE-2009-0801 + CVE-2011-4096 + CVE-2012-5643 + CVE-2013-0189 + CVE-2013-1839 + CVE-2013-4115 + CVE-2013-4123 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-23.xml new file mode 100644 index 0000000000..c9679c3cee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-23.xml @@ -0,0 +1,232 @@ + + + + Mozilla Products: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, + Thunderbird, and SeaMonkey, some of which may allow a remote user to + execute arbitrary code. + + firefox,thunderbird,seamonkey + September 27, 2013 + September 27, 2013: 1 + 450940 + 458390 + 460818 + 464226 + 469868 + 474758 + 479968 + 485258 + remote + + + 17.0.9 + 17.0.9 + + + 17.0.9 + 17.0.9 + + + 2.21 + 2.21 + + + 17.0.9 + 17.0.9 + + + 17.0.9 + 17.0.9 + + + 2.21 + 2.21 + + + +

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird + an open-source email client, both from the Mozilla Project. The + SeaMonkey project is a community effort to deliver production-quality + releases of code derived from the application formerly known as the + ‘Mozilla Application Suite’. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox, + Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced + below for details. +

+ + +

A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. Further, a remote attacker could conduct XSS + attacks, spoof URLs, bypass address space layout randomization, conduct + clickjacking attacks, obtain potentially sensitive information, bypass + access restrictions, modify the local filesystem, or conduct other + unspecified attacks. +

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9" + + +

All users of the Mozilla Firefox binary package should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9" + + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9" + + +

All users of the Mozilla Thunderbird binary package should upgrade to + the latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-17.0.9" + + +

All SeaMonkey users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21" + + +

All users of the Mozilla SeaMonkey binary package should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21" + + + + CVE-2013-0744 + CVE-2013-0745 + CVE-2013-0746 + CVE-2013-0747 + CVE-2013-0748 + CVE-2013-0749 + CVE-2013-0750 + CVE-2013-0751 + CVE-2013-0752 + CVE-2013-0753 + CVE-2013-0754 + CVE-2013-0755 + CVE-2013-0756 + CVE-2013-0757 + CVE-2013-0758 + CVE-2013-0759 + CVE-2013-0760 + CVE-2013-0761 + CVE-2013-0762 + CVE-2013-0763 + CVE-2013-0764 + CVE-2013-0765 + CVE-2013-0766 + CVE-2013-0767 + CVE-2013-0768 + CVE-2013-0769 + CVE-2013-0770 + CVE-2013-0771 + CVE-2013-0772 + CVE-2013-0773 + CVE-2013-0774 + CVE-2013-0775 + CVE-2013-0776 + CVE-2013-0777 + CVE-2013-0778 + CVE-2013-0779 + CVE-2013-0780 + CVE-2013-0781 + CVE-2013-0782 + CVE-2013-0783 + CVE-2013-0784 + CVE-2013-0787 + CVE-2013-0788 + CVE-2013-0789 + CVE-2013-0791 + CVE-2013-0792 + CVE-2013-0793 + CVE-2013-0794 + CVE-2013-0795 + CVE-2013-0796 + CVE-2013-0797 + CVE-2013-0799 + CVE-2013-0800 + CVE-2013-0801 + CVE-2013-1670 + CVE-2013-1671 + CVE-2013-1674 + CVE-2013-1675 + CVE-2013-1676 + CVE-2013-1677 + CVE-2013-1678 + CVE-2013-1679 + CVE-2013-1680 + CVE-2013-1681 + CVE-2013-1682 + CVE-2013-1684 + CVE-2013-1687 + CVE-2013-1690 + CVE-2013-1692 + CVE-2013-1693 + CVE-2013-1694 + CVE-2013-1697 + CVE-2013-1701 + CVE-2013-1702 + CVE-2013-1704 + CVE-2013-1705 + CVE-2013-1707 + CVE-2013-1708 + CVE-2013-1709 + CVE-2013-1710 + CVE-2013-1711 + CVE-2013-1712 + CVE-2013-1713 + CVE-2013-1714 + CVE-2013-1717 + CVE-2013-1718 + CVE-2013-1719 + CVE-2013-1720 + CVE-2013-1722 + CVE-2013-1723 + CVE-2013-1724 + CVE-2013-1725 + CVE-2013-1726 + CVE-2013-1728 + CVE-2013-1730 + CVE-2013-1732 + CVE-2013-1735 + CVE-2013-1736 + CVE-2013-1737 + CVE-2013-1738 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-24.xml new file mode 100644 index 0000000000..1b342254a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201309-24.xml @@ -0,0 +1,156 @@ + + + + Xen: Multiple vulnerabilities + Multiple vulnerabilities have been found in Xen, allowing attackers + on a Xen Virtual Machine to execute arbitrary code, cause Denial of + Service, or gain access to data on the host. + + xen + September 27, 2013 + September 27, 2013: 1 + 385319 + 386371 + 420875 + 431156 + 454314 + 464724 + 472214 + 482860 + local + + + 4.2.2-r1 + 4.2.2-r1 + + + 4.2.2-r3 + 4.2.2-r3 + + + 4.2.2-r1 + 4.2.2-r1 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +

+ + +

Guest domains could possibly gain privileges, execute arbitrary code, or + cause a Denial of Service on the host domain (Dom0). Additionally, guest + domains could gain information about other virtual machines running on + the same host or read arbitrary files on the host. +

+ + +

The CVEs listed below do not currently have fixes, but only apply to Xen + setups which have “tmem” specified on the hypervisor command line. + TMEM is not currently supported for use in production systems, and + administrators using tmem should disable it. + Relevant CVEs: + * CVE-2012-2497 + * CVE-2012-6030 + * CVE-2012-6031 + * CVE-2012-6032 + * CVE-2012-6033 + * CVE-2012-6034 + * CVE-2012-6035 + * CVE-2012-6036 +

+ + +

All Xen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.2-r1" + + +

All Xen-tools users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/xen-tools-4.2.2-r3" + + +

All Xen-pvgrub users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/xen-pvgrub-4.2.2-r1" + + + + + CVE-2011-2901 + CVE-2011-3262 + CVE-2012-0217 + CVE-2012-0218 + CVE-2012-2934 + CVE-2012-3432 + CVE-2012-3433 + CVE-2012-3494 + CVE-2012-3495 + CVE-2012-3496 + CVE-2012-3497 + CVE-2012-3498 + CVE-2012-3515 + CVE-2012-4411 + CVE-2012-4535 + CVE-2012-4536 + CVE-2012-4537 + CVE-2012-4538 + CVE-2012-4539 + CVE-2012-5510 + CVE-2012-5511 + CVE-2012-5512 + CVE-2012-5513 + CVE-2012-5514 + CVE-2012-5515 + CVE-2012-5525 + CVE-2012-5634 + CVE-2012-6030 + CVE-2012-6031 + CVE-2012-6032 + CVE-2012-6033 + CVE-2012-6034 + CVE-2012-6035 + CVE-2012-6036 + CVE-2012-6075 + CVE-2012-6333 + CVE-2013-0151 + CVE-2013-0152 + CVE-2013-0153 + CVE-2013-0154 + CVE-2013-0215 + CVE-2013-1432 + CVE-2013-1917 + CVE-2013-1918 + CVE-2013-1919 + CVE-2013-1920 + CVE-2013-1922 + CVE-2013-1952 + CVE-2013-1964 + CVE-2013-2076 + CVE-2013-2077 + CVE-2013-2078 + CVE-2013-2194 + CVE-2013-2195 + CVE-2013-2196 + CVE-2013-2211 + + Xen TMEM + + + craig + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-01.xml new file mode 100644 index 0000000000..bfef3f91db --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-01.xml @@ -0,0 +1,62 @@ + + + + Perl Module-Signature module: Arbitrary code execution + The Module-Signature module for Perl has insufficient path checks, + allowing a remote attacker to execute arbitrary Perl code. + + Module-Signature + October 04, 2013 + October 04, 2013: 1 + 472428 + remote + + + 0.720.0 + 0.720.0 + + + +

The Perl Module::Signature module adds signing capabilities to CPAN + modules. +

+ + +

The ‘cpansign verify’ command will automatically download keys and + use them to check the signature of CPAN packages via the SIGNATURE file. + If an attacker were to replace this (SHA1) with a special unknown cipher + (e.g. ‘Special’) and were to include in the distribution a + ‘Digest/Special.pm’, the code in this Perl module would be executed + when ‘cpansign -verify’ is run. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All users of the Module-Signature Perl module should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-perl/Module-Signature-0.720.0" + + + + + CVE-2013-2145 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-02.xml new file mode 100644 index 0000000000..29b3470aa5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-02.xml @@ -0,0 +1,48 @@ + + + + isync: Man-in-the-Middle attack + A vulnerability in isync could allow remote attackers to perform + man-in-the-middle attacks. + + isync + October 05, 2013 + October 05, 2013: 1 + 458420 + remote + + + 1.0.6 + 1.0.6 + + + +

isync is an IMAP and MailDir mailbox synchronizer.

+ + +

isync does not properly verify the server’s hostname against the CN + field in the SSL certificate. +

+ + +

A remote server could perform man-in-the-middle attacks to disclose + passwords or obtain other sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All isync users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/isync-1.0.6" + + + + CVE-2013-0289 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-03.xml new file mode 100644 index 0000000000..4b2f41de09 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-03.xml @@ -0,0 +1,90 @@ + + + + Poppler: Multiple vulnerabilities + Multiple vulnerabilities have been found in Poppler, some of which + may allow execution of arbitrary code. + + poppler + October 06, 2013 + October 06, 2013: 1 + 263028 + 290430 + 290464 + 308017 + 338878 + 352581 + 459866 + 480366 + remote + + + 0.22.2-r1 + 0.22.2-r1 + + + +

Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +

+ + +

Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted PDF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Poppler users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.22.2-r1" + + + + CVE-2009-0146 + CVE-2009-0147 + CVE-2009-0165 + CVE-2009-0166 + CVE-2009-0195 + CVE-2009-0799 + CVE-2009-0800 + CVE-2009-1179 + CVE-2009-1180 + CVE-2009-1181 + CVE-2009-1182 + CVE-2009-1183 + CVE-2009-1187 + CVE-2009-1188 + CVE-2009-3603 + CVE-2009-3604 + CVE-2009-3605 + CVE-2009-3606 + CVE-2009-3607 + CVE-2009-3608 + CVE-2009-3609 + CVE-2009-3938 + CVE-2010-3702 + CVE-2010-3703 + CVE-2010-3704 + CVE-2010-4653 + CVE-2010-4654 + CVE-2012-2142 + CVE-2013-1788 + CVE-2013-1789 + CVE-2013-1790 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-04.xml new file mode 100644 index 0000000000..d5883652e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-04.xml @@ -0,0 +1,55 @@ + + + + nginx: Multiple vulnerabilities + Multiple vulnerabilities have been found in nginx, the worst of + which may allow execution of arbitrary code. + + nginx + October 06, 2013 + October 06, 2013: 1 + 458726 + 468870 + local, remote + + + 1.4.1-r2 + 1.4.1-r2 + + + +

nginx is a robust, small, and high performance HTTP and reverse proxy + server. +

+ + +

Multiple vulnerabilities have been discovered in nginx. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. Furthermore, a + context-dependent attacker may be able to obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All nginx users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2" + + + + CVE-2013-0337 + CVE-2013-2028 + CVE-2013-2070 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-05.xml new file mode 100644 index 0000000000..9201a431ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-05.xml @@ -0,0 +1,54 @@ + + + + GEGL: User-assisted execution of arbitrary code + A vulnerability in GEGL might allow a remote attacker to execute + arbitrary code. + + gegl + October 06, 2013 + October 06, 2013: 1 + 442016 + remote + + + 0.2.0-r2 + 0.2.0-r2 + + + +

GEGL is a graph-based image processing framework.

+ + +

Multiple integer overflows in GEGL may cause a heap-based buffer + overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted PPM + image using an application linked against GEGL, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All gegl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gegl-0.2.0-r2" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2012-4433 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-06.xml new file mode 100644 index 0000000000..69dbcddcb2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-06.xml @@ -0,0 +1,49 @@ + + + + Aircrack-ng: User-assisted execution of arbitrary code + A buffer overflow vulnerability in Aircrack-ng could result in + execution of arbitrary code or Denial of Service. + + aircrack-ng + October 07, 2013 + October 07, 2013: 1 + 311797 + remote + + + 1.1-r2 + 1.1-r2 + + + +

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can + recover keys once enough data packets have been captured. +

+ + +

A buffer overflow vulnerability has been discovered in Aircrack-ng.

+ + +

A remote attacker could entice a user to open a specially crafted dump + file using Aircrack-ng, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Aircrack-ng users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/aircrack-ng-1.1-r2" + + + + CVE-2010-1159 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-07.xml new file mode 100644 index 0000000000..71f7d82ec1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-07.xml @@ -0,0 +1,53 @@ + + + + OpenJPEG: User-assisted execution of arbitrary code + Multiple vulnerabilities in OpenJPEG could result in execution of + arbitrary code. + + openjpeg + October 10, 2013 + October 10, 2013: 1 + 412895 + 425772 + 433766 + remote + + + 1.5.1 + 1.5.1 + + + +

OpenJPEG is an open-source JPEG 2000 library.

+ + +

OpenJPEG contains an invalid free error and multiple buffer overflow + flaws. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted JPEG + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OpenJPEG users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-1.5.1" + + + + CVE-2009-5030 + CVE-2012-3358 + CVE-2012-3535 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-08.xml new file mode 100644 index 0000000000..0a9c754770 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-08.xml @@ -0,0 +1,57 @@ + + + + Quagga: Multiple vulnerabilities + Multiple vulnerabilities have been found in Quagga, the worst of + which could lead to arbitrary code execution. + + quagga + October 10, 2013 + October 10, 2013: 1 + 408507 + 475706 + remote + + + 0.99.22.4 + 0.99.22.4 + + + +

Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and + BGP. +

+ + +

Multiple vulnerabilities have been discovered in Quagga. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause arbitrary code execution or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Quagga users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4" + + + + CVE-2012-0249 + CVE-2012-0250 + CVE-2012-0255 + CVE-2012-1820 + CVE-2013-2236 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-09.xml new file mode 100644 index 0000000000..06e57cb32a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-09.xml @@ -0,0 +1,46 @@ + + + + Setuptools: Man-in-the-Middle attack + A vulnerability in Setuptools could allow remote attackers to + perform man-in-the-middle attacks. + + setuptools + October 10, 2013 + October 10, 2013: 1 + 479964 + remote + + + 0.8-r1 + 0.8-r1 + + + +

Setuptools is a manager for Python packages.

+ + +

Setuptools does not check the integrity of downloaded Python packages.

+ + +

A remote attacker could perform man-in-the-middle attacks to execute + arbitrary code with the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All Setuptools users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/setuptools-0.8-r1" + + + + CVE-2013-1633 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-10.xml new file mode 100644 index 0000000000..ce5baffa04 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-10.xml @@ -0,0 +1,59 @@ + + + + PolarSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in PolarSSL, the worst of + which might allow a remote attacker to cause a Denial of Service condition. + + PolarSSL + October 17, 2013 + October 17, 2013: 1 + 358783 + 416399 + 455562 + 464206 + 480882 + 487170 + remote + + + 1.3.0 + 1.3.0 + + + +

PolarSSL is a cryptographic library for embedded systems.

+ + +

Multiple vulnerabilities have been discovered in PolarSSL. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker might be able to cause Denial of Service, conduct a + man-in-the middle attack, compromise an encrypted communication channel, + or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All PolarSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/polarssl-1.3.0" + + + + CVE-2011-1923 + CVE-2012-2130 + CVE-2013-0169 + CVE-2013-1621 + CVE-2013-4623 + CVE-2013-5915 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-11.xml new file mode 100644 index 0000000000..593beb4483 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-11.xml @@ -0,0 +1,53 @@ + + + + Perl Parallel-ForkManager Module: Insecure temporary file usage + An insecure temporary file usage has been reported in the Perl + Parallel-ForkManager module, possibly allowing symlink attacks. + + Parallel-ForkManager + October 17, 2013 + October 17, 2013: 1 + 389839 + local + + + 1.20.0 + 1.20.0 + + + +

Parallel-ForkManager is a simple parallel processing fork manager for + Perl. +

+ + +

The Perl Parallel-ForkManager module does not handle temporary files + securely. +

+ + +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Parallel-ForkManager users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-perl/Parallel-ForkManager-1.20.0" + + + + CVE-2011-4115 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-12.xml new file mode 100644 index 0000000000..5824c64205 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-12.xml @@ -0,0 +1,169 @@ + + + + FFmpeg: Multiple vulnerabilities + Multiple vulnerabilities were found in FFmpeg, the worst of which + might enable remote attackers to cause user-assisted execution of arbitrary + code. + + FFmpeg + October 25, 2013 + October 25, 2013: 1 + 285719 + 307755 + 339036 + 352481 + 365273 + 378801 + 382301 + 384095 + 385511 + 389807 + 391421 + 397893 + 401069 + 411369 + 420305 + 433772 + 439054 + 454420 + 465496 + 473302 + 473790 + 476218 + 482136 + remote + + + 1.0.7 + 1.0.7 + + + +

FFmpeg is a complete solution to record, convert and stream audio and + video. +

+ + +

Multiple vulnerabilities have been discovered in FFmpeg. Please review + the CVE identifiers and FFmpeg changelogs referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted media + file, possibly leading to the execution of arbitrary code with the + privileges of the user running the application or a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All FFmpeg users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7" + + + + + CVE-2009-4631 + CVE-2009-4632 + CVE-2009-4633 + CVE-2009-4634 + CVE-2009-4635 + CVE-2009-4636 + CVE-2009-4637 + CVE-2009-4638 + CVE-2009-4639 + CVE-2009-4640 + CVE-2010-3429 + CVE-2010-3908 + CVE-2010-4704 + CVE-2010-4704 + CVE-2010-4705 + CVE-2011-1931 + CVE-2011-3362 + CVE-2011-3893 + CVE-2011-3895 + CVE-2011-3929 + CVE-2011-3934 + CVE-2011-3935 + CVE-2011-3936 + CVE-2011-3937 + CVE-2011-3940 + CVE-2011-3941 + CVE-2011-3944 + CVE-2011-3945 + CVE-2011-3946 + CVE-2011-3947 + CVE-2011-3949 + CVE-2011-3950 + CVE-2011-3951 + CVE-2011-3952 + CVE-2011-3973 + CVE-2011-3974 + CVE-2011-4351 + CVE-2011-4352 + CVE-2011-4353 + CVE-2011-4364 + CVE-2012-0947 + CVE-2012-2771 + CVE-2012-2772 + CVE-2012-2773 + CVE-2012-2774 + CVE-2012-2775 + CVE-2012-2776 + CVE-2012-2777 + CVE-2012-2778 + CVE-2012-2779 + CVE-2012-2780 + CVE-2012-2781 + CVE-2012-2782 + CVE-2012-2783 + CVE-2012-2784 + CVE-2012-2785 + CVE-2012-2786 + CVE-2012-2787 + CVE-2012-2788 + CVE-2012-2789 + CVE-2012-2790 + CVE-2012-2791 + CVE-2012-2792 + CVE-2012-2793 + CVE-2012-2794 + CVE-2012-2795 + CVE-2012-2796 + CVE-2012-2797 + CVE-2012-2798 + CVE-2012-2799 + CVE-2012-2800 + CVE-2012-2801 + CVE-2012-2802 + CVE-2012-2803 + CVE-2012-2804 + CVE-2012-2805 + CVE-2013-3670 + CVE-2013-3671 + CVE-2013-3672 + CVE-2013-3673 + CVE-2013-3674 + CVE-2013-3675 + + FFmpeg 0.10.x Changelog + + + FFmpeg 1.0.x Changelog + + + NGS Secure Research NGS00068 + + Secunia Advisory SA36760 + Secunia Advisory SA46134 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-13.xml new file mode 100644 index 0000000000..4780a41f8a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-13.xml @@ -0,0 +1,64 @@ + + + + MPlayer: Multiple vulnerabilities + Multiple vulnerabilities have been found in MPlayer and the bundled + FFmpeg, the worst of which may lead to the execution of arbitrary code. + + MPlayer + October 25, 2013 + October 25, 2013: 1 + 253649 + 279342 + 339037 + 379297 + 394809 + remote + + + 1.1-r1 + 1.1-r1 + + + +

MPlayer is a media player including support for a wide range of audio + and video formats. +

+ + +

Multiple vulnerabilities have been discovered in MPlayer and the bundled + FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced + below for details. +

+ + +

A remote attacker could entice a user to open a crafted media file to + execute arbitrary code or cause a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All MPlayer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.1-r1" + + + + CVE-2007-6718 + CVE-2008-4610 + CVE-2010-2062 + CVE-2010-3429 + CVE-2011-3625 + FFmpeg: + Multiple Vulnerabilities + + + a3li + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-14.xml new file mode 100644 index 0000000000..e91ae173fb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-14.xml @@ -0,0 +1,57 @@ + + + + Groff: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Groff, allowing + context-dependent attackers to conduct symlink attacks. + + groff + October 25, 2013 + October 25, 2013: 1 + 386335 + local, remote + + + 1.22.2 + 1.22.2 + + + +

GNU Troff (Groff) is a text formatter used for man pages.

+ + +

Multiple vulnerabilities have been discovered in Groff. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could perform symlink attacks to overwrite + arbitrary files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Groff users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2" + + + + CVE-2009-5044 + CVE-2009-5078 + CVE-2009-5079 + CVE-2009-5080 + CVE-2009-5081 + CVE-2009-5082 + + + creffett + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-15.xml new file mode 100644 index 0000000000..b7061efc0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-15.xml @@ -0,0 +1,57 @@ + + + + GNU Automake: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNU Automake, allowing + local arbitrary command execution with the privileges of the user running + an Automake-based build. + + automake + October 25, 2013 + October 25, 2013: 1 + 295357 + 426336 + local + + + 1.11.6 + 1.11.6 + + + +

GNU Automake is a tool for automatically generating Makefile.in files + compliant with the GNU Coding Standards. +

+ + +

Multiple vulnerabilities have been discovered in GNU Automake. Please + review the CVE identifiers referenced below for details. +

+ + +

A local attacker could execute arbitrary commands with the privileges of + the user running an Automake-based build. +

+ + +

There is no known workaround at this time.

+ + +

All Automake users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6" + + + + CVE-2009-4029 + CVE-2012-3386 + + + underling + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-16.xml new file mode 100644 index 0000000000..94d30193a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-16.xml @@ -0,0 +1,54 @@ + + + + TPTEST: Arbitrary code execution + Two buffer overflow vulnerabilities in TPTEST may allow remote + attackers to execute arbitrary code or cause Denial of Service. + + tptest + October 26, 2013 + October 26, 2013: 1 + 261191 + remote + + + 3.1.7-r2 + 3.1.7-r2 + + + +

TPTEST is a tool to measure the speed of a user’s Internet connection.

+ + +

The GetStatsFromLine() function in TPTEST is vulnerable to buffer + overflows from STATS lines with long email and pwd fields. +

+ + +

A remote attacker could send a specially-crafted STATS line, possibly + resulting in arbitrary code execution or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All TPTEST users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/tptest-3.1.7-r2" + + + + + CVE-2009-0650 + CVE-2009-0659 + + + pinkbyte + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-17.xml new file mode 100644 index 0000000000..df19f7bcc8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-17.xml @@ -0,0 +1,52 @@ + + + + pmake: Insecure temporary file usage + pmake uses temporary files in an insecure manner, allowing for + symlink attacks. + + pmake + October 28, 2013 + October 28, 2013: 2 + 367891 + local + + + 1.111.3.1 + 1.111.3.1 + + + +

pmake is Debian’s version of NetBSD’s make, a tool to build programs + in parallel. +

+ + +

/usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary + files insecurely, with predictable names (/tmp/_depend[PID]), and + without using $TMPDIR. +

+ + +

The make include files allow local users to overwrite arbitrary files + via a symlink attack. +

+ + +

There is no known workaround at this time.

+ + +

All pmake users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/pmake-1.111.3.1" + + + + + CVE-2011-1920 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-18.xml new file mode 100644 index 0000000000..a44d54691b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-18.xml @@ -0,0 +1,60 @@ + + + + GnuTLS: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in GnuTLS, the worst + of which could lead to Denial of Service. + + gnutls + October 28, 2013 + October 28, 2013: 1 + 455560 + 471788 + remote + + + 2.12.23-r1 + 2.12.23-r1 + + + +

GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +

+ + +

Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers and Lucky Thirteen research paper referenced below + for details. +

+ + +

A remote attacker could sent a specially crafted packet to cause a + Denial of Service condition. Additionally, a remote attacker could + perform man-in-the-middle attacks to recover plaintext data. +

+ + +

There is no known workaround at this time.

+ + +

All GnuTLS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.12.23-r1" + + + + + CVE-2013-1619 + CVE-2013-2116 + Lucky Thirteen: + Breaking the TLS and DTLS Record Protocols + + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-19.xml new file mode 100644 index 0000000000..0ce1fc17b6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-19.xml @@ -0,0 +1,54 @@ + + + + X2Go Server: Arbitrary code execution + A path vulnerability in X2Go Server may allow remote execution of + arbitrary code. + + x2goserver + October 28, 2013 + October 28, 2013: 1 + 472582 + remote + + + 4.0.0.2 + 4.0.0.2 + + + +

X2Go is an open source terminal server project.

+ + +

A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not + hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote + attacker to change that path. +

+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the user running the server process. +

+ + +

There is no known workaround at this time.

+ + +

All X2Go Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/x2goserver-4.0.0.2" + + + + + CVE-2013-4376 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-20.xml new file mode 100644 index 0000000000..66fdd9c1e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-20.xml @@ -0,0 +1,44 @@ + + + + acpid2: Privilege escalation + A vulnerability in acpid2 may allow a local attacker to gain + escalated privileges. + + acpid + October 28, 2013 + October 28, 2013: 1 + 434522 + local + + + 2.0.17 + 2.0.17 + + + +

acpid2 is a daemon for Advanced Configuration and Power Interface.

+ + +

acpid2 does not properly use the pidof program in powerbtn.sh.

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All acpid2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-power/acpid-2.0.17" + + + + CVE-2011-2777 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-21.xml new file mode 100644 index 0000000000..e3e2788b23 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201310-21.xml @@ -0,0 +1,85 @@ + + + + MediaWiki: Multiple vulnerabilities + Multiple vulnerabilities have been found in MediaWiki, the worst of + which could lead to Denial of Service. + + mediawiki + October 28, 2013 + October 28, 2013: 1 + 460352 + 466124 + 468110 + 471140 + 483594 + remote + + + 1.21.2 + 1.20.7 + 1.19.8 + 1.21.2 + + + +

The MediaWiki wiki web application as used on wikipedia.org.

+ + +

Multiple vulnerabilities have been discovered in MediaWiki. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code, perform + man-in-the-middle attacks, obtain sensitive information or perform + cross-site scripting attacks. +

+ + +

There is no known workaround at this time.

+ + +

All MediaWiki 1.21.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.21.2" + + +

All MediaWiki 1.20.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.20.7" + + +

All MediaWiki 1.19.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.8" + + + + CVE-2013-1816 + CVE-2013-1817 + CVE-2013-1818 + CVE-2013-1951 + CVE-2013-2031 + CVE-2013-2032 + CVE-2013-2114 + CVE-2013-4301 + CVE-2013-4302 + CVE-2013-4303 + CVE-2013-4304 + CVE-2013-4305 + CVE-2013-4306 + CVE-2013-4307 + CVE-2013-4308 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-01.xml new file mode 100644 index 0000000000..68ac8bbdbf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-01.xml @@ -0,0 +1,52 @@ + + + + Mednafen: Arbitrary code execution + An unspecified vulnerability in Mednafen could result in the + execution of arbitrary code. + + mednafen + November 04, 2013 + November 04, 2013: 1 + 326141 + remote + + + 0.8.13 + 0.8.13 + + + +

Mednafen is an advanced NES, GB/GBC/GBA, TurboGrafx 16/CD, NGPC and Lynx + emulator. +

+ + +

An unspecified vulnerability has been discovered in Mednafen when using + network play. +

+ + +

A remote server could execute arbitrary code with the privileges of the + process. +

+ + +

There is no known workaround at this time.

+ + +

All Mednafen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-emulation/mednafen-0.8.13" + + + + CVE-2010-3085 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-02.xml new file mode 100644 index 0000000000..7176a14b12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-02.xml @@ -0,0 +1,67 @@ + + + + phpMyAdmin: Multiple vulnerabilities + Multiple vulnerabilities have been found in phpMyAdmin, allowing + remote authenticated attackers to execute arbitrary code, inject SQL code + or conduct other attacks. + + phpmyadmin + November 04, 2013 + November 04, 2013: 1 + 465420 + 467080 + 478696 + 479870 + remote + + + 4.0.5 + 4.0.5 + + + +

phpMyAdmin is a web-based management tool for MySQL databases.

+ + +

Multiple vulnerabilities have been discovered in phpMyAdmin. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote authenticated attacker could exploit these vulnerabilities to + execute arbitrary code with the privileges of the process running + phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and + Clickjacking attacks. +

+ + +

There is no known workaround at this time.

+ + +

All phpMyAdmin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.5" + + + + + CVE-2013-1937 + CVE-2013-3238 + CVE-2013-3239 + CVE-2013-4995 + CVE-2013-4996 + CVE-2013-4997 + CVE-2013-4998 + CVE-2013-4999 + CVE-2013-5000 + CVE-2013-5001 + CVE-2013-5002 + CVE-2013-5003 + CVE-2013-5029 + + a3li + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-03.xml new file mode 100644 index 0000000000..b1b6c99b11 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-03.xml @@ -0,0 +1,62 @@ + + + + Quassel: Multiple Vulnerabilities + Two vulnerabilities in Quassel may result in Denial of Service or + SQL injection. + + quassel + November 07, 2013 + November 07, 2013: 1 + 338879 + 487632 + remote + + + 0.9.1 + 0.9.1 + + + +

Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7 + connectivity. +

+ + +

Two vulnerabilities have been found in Quassel:

+ +
    +
  • Quassel does not properly handle multiple CTCP requests + (CVE-2010-3443). +
    • +
  • Quassel, when used with certain versions of Qt and PostgreSQL, does + not sanitize user input (CVE-2013-4422). +
    • +
+ + +

A remote attacker could send multiple CTCP requests in single private + message, possibly resulting in a Denial of Service condition. Futhermore, + a remote attacker may be able to execute arbitrary SQL statements. +

+ + +

There is no known workaround at this time.

+ + +

All Quassel users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/quassel-0.9.1" + + + + CVE-2010-3443 + CVE-2013-4422 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-04.xml new file mode 100644 index 0000000000..5a75da42e6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-04.xml @@ -0,0 +1,53 @@ + + + + Vixie cron: Denial of Service + A vulnerability has been found in Vixie cron, allowing local + attackers to conduct symlink attacks. + + vixie-cron + November 07, 2013 + November 07, 2013: 1 + 308055 + local + + + 4.1-r14 + 4.1-r14 + + + +

Paul Vixie’s cron daemon, a fully featured crond implementation.

+ + +

Vixie cron contains a race condition relating to atime and mtime values + of temporary files. +

+ + +

A local attacker could change the modification time of files, possibly + resulting in a Denial of Service condition via a symlink attack. +

+ + +

There is no known workaround at this time.

+ + +

All Vixie cron users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r14" + + + + + CVE-2010-0424 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-05.xml new file mode 100644 index 0000000000..9bd9cdb7d1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-05.xml @@ -0,0 +1,53 @@ + + + + GIMP: Multiple vulnerabilities + Multiple vulnerabilities have been found in GIMP, the worst of + which allow execution of arbitrary code. + + gimp + November 10, 2013 + November 10, 2013: 1 + 434580 + 444280 + remote + + + 2.8.2-r1 + 2.8.2-r1 + + + +

GIMP is the GNU Image Manipulation Program.

+ + +

Multiple vulnerabilities have been discovered in GIMP. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted KiSS + palette, GIF image or XWD file using GIMP, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GIMP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.8.2-r1" + + + + CVE-2012-3403 + CVE-2012-3481 + CVE-2012-5576 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-06.xml new file mode 100644 index 0000000000..912be6b562 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-06.xml @@ -0,0 +1,60 @@ + + + + libxml2: Multiple vulnerabilities + Multiple vulnerabilities have been found in libxml2, allowing + remote attackers to execute arbitrary code or cause Denial of Service. + + libxml2 + November 10, 2013 + November 10, 2013: 1 + 434344 + 444836 + 458430 + 458740 + 466238 + 476438 + remote + + + 2.9.1-r1 + 2.9.1-r1 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

Multiple vulnerabilities have been discovered in libxml2. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted + document with an application linked against libxml2, possibly resulting + in execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1" + + + + CVE-2012-2871 + CVE-2012-5134 + CVE-2013-0338 + CVE-2013-1664 + CVE-2013-1969 + CVE-2013-2877 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-07.xml new file mode 100644 index 0000000000..51118aa29b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-07.xml @@ -0,0 +1,56 @@ + + + + Blender: Multiple vulnerabilities + Multiple vulnerabilities have been found in Blender, the worst of + which could allow attackers to execute arbitrary code. + + blender + November 13, 2013 + November 13, 2013: 1 + 219008 + 293130 + local, remote + + + 2.49b-r2 + 2.49b-r2 + + + +

Blender is a 3D Creation/Animation/Publishing System.

+ + +

Multiple vulnerabilities have been discovered in Blender. Please review + the CVE identifier referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Blender users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.49b-r2" + + + + + CVE-2008-1102 + CVE-2008-1103 + + CVE-2009-3850 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-08.xml new file mode 100644 index 0000000000..438fdeccde --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-08.xml @@ -0,0 +1,57 @@ + + + + Netpbm: User-assisted arbitrary code execution + A vulnerability in Netpbm could result in execution of arbitrary + code or Denial of Service. + + Netpbm + November 13, 2013 + November 13, 2013: 1 + 308025 + remote + + + 10.49.00 + 10.49.00 + + + +

Netpbm is a toolkit for manipulation of graphic images, including + conversion of images between a variety of different formats. +

+ + +

A stack-based buffer overflow exists in converter/ppm/xpmtoppm.c in + Netpbm. +

+ + +

A remote attacker could entice a user to open a specially crafted XMP + file using Netpbm, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Netpbm users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/netpbm-10.49.00" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2009-4274 + + + craig + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-09.xml new file mode 100644 index 0000000000..61520763a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-09.xml @@ -0,0 +1,53 @@ + + + + FreeRADIUS: Multiple vulnerabilities + Multiple vulnerabilities have been found in FreeRADIUS, the worst + of which allow execution of arbitrary code or Denial of Service. + + freeradius + November 13, 2013 + November 13, 2013: 1 + 339389 + 386183 + 434802 + remote + + + 2.2.0 + 2.2.0 + + + +

FreeRADIUS is an open source RADIUS authentication server.

+ + +

Multiple vulnerabilities have been discovered in FreeRADIUS. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All FreeRADIUS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-2.2.0" + + + + CVE-2010-3696 + CVE-2010-3697 + CVE-2011-2701 + CVE-2012-3547 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-10.xml new file mode 100644 index 0000000000..28e326c9c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-10.xml @@ -0,0 +1,55 @@ + + + + GraphicsMagick: Multiple vulnerabilities + Multiple vulnerabilities have been found in GraphicsMagick, + allowing remote attackers to execute arbitrary code or cause a Denial of + Service condition. + + graphicsmagick + November 19, 2013 + November 19, 2013: 1 + 365769 + 488050 + remote + + + 1.3.18 + 1.3.18 + + + +

GraphicsMagick is the Swiss army knife of image processing.

+ + +

Multiple vulnerabilities have been discovered in GraphicsMagick. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially-crafted image + file, potentially resulting in arbitrary code execution or a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GraphicsMagick users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.18" + + + + + CVE-2008-1097 + CVE-2009-1882 + CVE-2009-3736 + CVE-2013-4589 + + ackle + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-11.xml new file mode 100644 index 0000000000..28819ea4dc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-11.xml @@ -0,0 +1,56 @@ + + + + CTorrent: User-assisted arbitrary code execution + A stack-based buffer overflow in CTorrent might allow a remote + attacker to execute arbitrary code or cause a Denial of Service condition. + + ctorrent + November 20, 2013 + November 22, 2013: 2 + 266953 + remote + + + 3.3.2-r1 + 3.3.2-r1 + + + +

CTorrent is a BitTorrent client implemented in C++ to be lightweight and + quick. +

+ + +

CTorrent contains a stack-based buffer overflow in the + btFiles::BuildFromMI function in trunk/btfiles.cpp. +

+ + +

A remote attacker could entice a user to open a specially crafted + torrent file using CTorrent, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All CTorrent users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/ctorrent-3.3.2-r1" + + + + + + CVE-2009-1759 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-12.xml new file mode 100644 index 0000000000..4cc4558504 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-12.xml @@ -0,0 +1,55 @@ + + + + Open DC Hub: Arbitrary code execution + A vulnerability in Open DC Hub could result in execution of + arbitrary code. + + opendchub + November 20, 2013 + November 20, 2013: 1 + 314551 + remote + + + 0.8.2 + 0.8.2 + + + +

Open DC Hub is the hub software for the Direct Connect file sharing + network. +

+ + +

A stack-based buffer overflow flaw has been discovered in the way Open + DC Hub sanitized content of a user’s MyINFO message. +

+ + +

A remote authenticated user may be able to execute arbitrary code or + cause a Denial of Service condition via specially crafted MyINFO message. +

+ + +

There is no known workaround at this time.

+ + +

All Open DC Hub users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.8.2" + + + + + + CVE-2010-1147 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-13.xml new file mode 100644 index 0000000000..2cd734294e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-13.xml @@ -0,0 +1,56 @@ + + + + OpenVPN: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenVPN, allowing + remote attackers to read encrypted traffic. + + openvpn + November 20, 2013 + November 20, 2013: 1 + 293894 + 468756 + remote + + + 2.3.1 + 2.3.1 + + + +

OpenVPN is a multi-platform, full-featured SSL VPN solution.

+ + +

Multiple vulnerabilities have been discovered in OpenVPN. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to recover plaintext from an encrypted + communication. Another vulnerability could allow remote attacker perform + a Man-in-the-Middle attack. +

+ + +

There is no known workaround at this time.

+ + +

All OpenVPN users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.3.1" + + + + + CVE-2009-3555 + CVE-2013-2061 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-14.xml new file mode 100644 index 0000000000..a24378da30 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-14.xml @@ -0,0 +1,80 @@ + + + + QtCore, QtGui: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in QtCore and QtGui, + possibly resulting in execution of arbitrary code, Denial of Service, or + man-in-the-middle attacks. + + qt-core qt-gui + November 22, 2013 + November 22, 2013: 1 + 361401 + 382171 + 384103 + 455884 + remote + + + 4.8.4-r2 + 4.8.4-r2 + + + 4.8.4-r1 + 4.8.4-r1 + + + +

The Qt toolkit is a comprehensive C++ application development framework.

+ + +

Multiple vulnerabilities have been discovered in QtCore and QtGui. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted file + with an application linked against QtCore or QtGui, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. Furthermore, a remote attacker might employ + a specially crafted certificate to conduct man-in-the-middle attacks on + SSL connections. +

+ + +

There is no known workaround at this time.

+ + +

All QtCore users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.4-r2" + + +

All QtGui users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.4-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2011-3193 + CVE-2013-0254 + + Security advisory: Fraudulent certificates + + + What the DigiNotar security breach means for Qt users + + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-15.xml new file mode 100644 index 0000000000..c2d5aa168f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-15.xml @@ -0,0 +1,60 @@ + + + + Zabbix: Multiple vulnerabilities + Multiple vulnerabilities have been found in Zabbix, possibly + leading to SQL injection attacks, Denial of Service, or information + disclosure. + + zabbix + November 25, 2013 + November 25, 2013: 1 + 312875 + 394497 + 428372 + 452878 + 486696 + remote + + + 2.0.9_rc1-r2 + 2.0.9_rc1-r2 + + + +

Zabbix is software for monitoring applications, networks, and servers.

+ + +

Multiple vulnerabilities have been discovered in Zabbix. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary SQL statements, cause + a Denial of Service condition, or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Zabbix users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-analyzer/zabbix-2.0.9_rc1-r2" + + + + CVE-2010-1277 + CVE-2011-2904 + CVE-2011-3263 + CVE-2011-4674 + CVE-2012-3435 + CVE-2013-1364 + CVE-2013-5572 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-16.xml new file mode 100644 index 0000000000..2d49e40641 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-16.xml @@ -0,0 +1,51 @@ + + + + fcron: Information disclosure + A vulnerability has been found in fcron, allowing local attackers + to conduct symlink attacks. + + fcron + November 25, 2013 + November 25, 2013: 1 + 308075 + local + + + 3.0.5-r2 + 3.0.5-r2 + + + +

fcron is a periodic command scheduler for Unix-based systems

+ + +

The fcrontab function contains a race condition relating to symlinks.

+ + +

A local attacker could perform symlink attacks to read arbitrary files + with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All fcron users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-process/fcron-3.0.5-r2" + + + + + CVE-2010-0792 + + + keytoaster + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-17.xml new file mode 100644 index 0000000000..13e1b43fe2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-17.xml @@ -0,0 +1,60 @@ + + + + Perl: Multiple vulnerabilities + Multiple vulnerabilities were found in Perl, the worst of which + could allow a local attacker to cause a Denial of Service condition. + + perl + November 28, 2013 + November 28, 2013: 1 + 249629 + 313565 + 362025 + 386357 + local, remote + + + 5.12.3-r1 + 5.12.3-r1 + + + +

Perl is Larry Wall’s Practical Extraction and Report Language.

+ + +

Multiple vulnerabilities have been discovered in Perl. Please review the + CVE identifiers referenced below for details. +

+ + +

A local attacker could cause a Denial of Service condition or perform + symlink attacks to overwrite arbitrary files with the privileges of the + user running the application. A context-dependent attacker could cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Perl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.12.3-r1" + + + + + CVE-2008-5302 + CVE-2008-5303 + CVE-2010-1158 + CVE-2011-0761 + CVE-2011-1487 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-18.xml new file mode 100644 index 0000000000..b31f798a12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-18.xml @@ -0,0 +1,50 @@ + + + + Unbound: Denial of Service + Multiple Denial of Service vulnerabilities have been found in + Unbound. + + unbound + November 28, 2013 + November 28, 2013: 1 + 395287 + remote + + + 1.4.13_p2 + 1.4.13_p2 + + + +

Unbound is a validating, recursive, and caching DNS resolver.

+ + +

Multiple vulnerabilities have been discovered in Unbound. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition via + a specially crafted response. +

+ + +

There is no known workaround at this time.

+ + +

All Unbound users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.4.13_p2" + + + + + CVE-2011-4528 + CVE-2011-4869 + + craig + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-19.xml new file mode 100644 index 0000000000..2ed9ff8740 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-19.xml @@ -0,0 +1,63 @@ + + + + rssh: Access restriction bypass + Multiple vulnerabilities have been found in rssh, allowing local + attackers to bypass access restrictions. + + rssh + November 28, 2013 + November 28, 2013: 1 + 415255 + 445166 + local + + + 2.3.4 + 2.3.4 + + + +

rssh is a restricted shell, allowing only a few commands like scp or + sftp. It is often used as a complement to OpenSSH to provide limited + access to users. +

+ + +

Multiple command line parsing and validation vulnerabilities have been + discovered in rssh. Please review the CVE identifiers referenced below + for details. +

+ + +

Multiple parsing and validation vulnerabilities can cause the + restrictions set up by rssh to be bypassed. +

+ + +

There is no known workaround at this time.

+ + +

All rssh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.4" + + + + + + CVE-2012-2252 + + + CVE-2012-3478 + + + + underling + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-20.xml new file mode 100644 index 0000000000..ab99d089af --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-20.xml @@ -0,0 +1,55 @@ + + + + Okular: Arbitrary code execution + A heap-based buffer overflow in Okular might allow a remote + attacker to execute arbitrary code or cause a Denial of Service condition. + + okular + November 28, 2013 + November 28, 2013: 1 + 334469 + remote + + + 4.4.5-r2 + 4.4.5-r2 + + + +

Okular is a universal document viewer based on KPDF for KDE 4.

+ + +

Okular contains a heap-based buffer overflow in the RLE decompression + functionality in the TranscribePalmImageToJPEG function in + generators/plucker/inplug/image.cpp. +

+ + +

A remote attacker could entice a user to open a specially crafted PBD + file using Okular, possibly resulting in execution of arbitrary code with + the privileges of the process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Okular users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/okular-4.4.5-r2" + + + + + + CVE-2010-2575 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-21.xml new file mode 100644 index 0000000000..743371bfca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-21.xml @@ -0,0 +1,54 @@ + + + + cpio: Arbitrary code execution + A heap-based buffer overflow in cpio might allow a remote rmt + server to execute arbitrary code or cause a Denial of Service condition. + + cpio + November 28, 2013 + November 28, 2013: 1 + 314663 + remote + + + 2.11 + 2.11 + + + +

GNU cpio copies files into or out of a cpio or tar archive.

+ + +

Cpio contains a heap-based buffer overflow in the rmt_read__ function in + lib/rtapelib.c. +

+ + +

A remote server could sending more data than was requested, related to + archive filenames that contain a : (colon) character, possibly resulting + in execution of arbitrary code or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All cpio users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.11" + + + + + + CVE-2010-0624 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-22.xml new file mode 100644 index 0000000000..a12ddb02c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201311-22.xml @@ -0,0 +1,53 @@ + + + + Namazu: Multiple vulnerabilities + Multiple vulnerabilities have been found in Namazu, worst of which + allows remote attackers to cause a Denial of Service condition. + + namazu + November 28, 2013 + November 28, 2013: 1 + 391259 + remote + + + 2.0.21 + 2.0.21 + + + +

Namazu is a full-text search engine intended for easy use.

+ + +

Multiple vulnerabilities have been discovered in Namazu. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code or cause a Denial of + Service condition. + Furthermore, a remote attacker may be able to inject arbitrary web script + or HTML via a cookie. +

+ + +

There is no known workaround at this time.

+ + +

All Namazu users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/namazu-2.0.21" + + + + + CVE-2009-5028 + CVE-2011-4345 + CVE-2011-4711 + + craig + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-01.xml new file mode 100644 index 0000000000..250799d55f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-01.xml @@ -0,0 +1,77 @@ + + + + GNU C Library: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNU C Library, the + worst of which allowing arbitrary code execution and privilege escalation. + + glibc + December 03, 2013 + December 03, 2013: 1 + 350744 + 356567 + 386323 + 386327 + 386329 + 386333 + 386343 + 386349 + 393477 + 404993 + local, remote + + + 2.15-r3 + 2.15-r3 + + + +

The GNU C library is the standard C library used by Gentoo Linux + systems. +

+ + +

Multiple vulnerabilities have been discovered in GNU C Library. Please + review the CVE identifiers referenced below for details. +

+ + +

A local attacker could trigger vulnerabilities in dynamic library + loader, making it possible to load attacker-controlled shared objects + during execution of setuid/setgid programs to escalate privileges. +

+ +

A context-dependent attacker could trigger various vulnerabilities in + GNU C Library, including a buffer overflow, leading to execution of + arbitrary code or a Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All GNU C Library users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.15-r3" + + + + CVE-2009-5029 + CVE-2010-3847 + CVE-2011-0536 + CVE-2011-1071 + CVE-2011-1089 + CVE-2011-1095 + CVE-2011-1658 + CVE-2011-1659 + CVE-2012-0864 + + + underling + + + phajdan.jr + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-02.xml new file mode 100644 index 0000000000..22d8f0ab87 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-02.xml @@ -0,0 +1,60 @@ + + + + BusyBox: Multiple vulnerabilities + Multiple vulnerabilities have been found in BusyBox, allowing + remote attackers to execute arbitrary code or cause a Denial of Service + condition. + + busybox + December 03, 2013 + December 03, 2013: 1 + 379857 + 426504 + 461372 + remote + + + 1.21.0 + 1.21.0 + + + +

BusyBox is set of tools for embedded systems and is a replacement for + GNU Coreutils. +

+ + +

Multiple vulnerabilities have been discovered in BusyBox. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted DHCP request to + possibly execute arbitrary code or cause Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All BusyBox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.21.0" + + + + + CVE-2006-1168 + CVE-2011-2716 + CVE-2013-1813 + + + underling + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-03.xml new file mode 100644 index 0000000000..de23f65c1d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-03.xml @@ -0,0 +1,89 @@ + + + + OpenSSL: Multiple Vulnerabilities + Multiple vulnerabilities have been found in OpenSSL allowing remote + attackers to determine private keys or cause a Denial of Service. + + OpenSSL + December 03, 2013 + June 06, 2015: 5 + 369753 + 406199 + 412643 + 415435 + 455592 + remote + + + 1.0.0j + 0.9.8y + 0.9.8z_p1 + 0.9.8z_p2 + 0.9.8z_p3 + 0.9.8z_p4 + 0.9.8z_p5 + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.0j + 0.9.8y + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +

+ + +

Remote attackers can determine private keys, decrypt data, cause a + Denial of Service or possibly have other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL 1.0.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0j" + + +

All OpenSSL 0.9.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8y" + + + + CVE-2006-7250 + CVE-2011-1945 + CVE-2012-0884 + CVE-2012-1165 + CVE-2012-2110 + CVE-2012-2333 + CVE-2012-2686 + CVE-2013-0166 + CVE-2013-0169 + + + underling + + n0idx80 + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-04.xml new file mode 100644 index 0000000000..28ed56836b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-04.xml @@ -0,0 +1,56 @@ + + + + libtheora: Arbitrary code execution + An integer overflow in libtheora might allow remote attackers to + execute arbitrary code or cause a Denial of Service condition. + + libtheora + December 03, 2013 + December 03, 2013: 1 + 298039 + remote + + + 1.1.1 + 1.1.1 + + + +

libtheora is the reference implementation of Theora, a free and open + video compression format from the Xiph.org Foundation. +

+ + +

An integer overflow flaw has been discovered in libtheora.

+ + +

A remote attacker could execute arbitrary code or cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libtheora users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libtheora-1.1.1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2009-3389 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-05.xml new file mode 100644 index 0000000000..e0be095e23 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-05.xml @@ -0,0 +1,54 @@ + + + + SWI-Prolog : Multiple vulnerabilities + Multiple vulnerabilities have been found in SWI-Prolog which allow + attackers to execute arbitrary code or cause a Denial of Service condition. + + swi-prolog + December 06, 2013 + December 06, 2013: 1 + 450284 + remote + + + 6.2.5 + 6.2.5 + + + +

SWI-Prolog is a free, small, and standard compliant Prolog compiler.

+ + +

Multiple vulnerabilities have been discovered in SWI-Prolog: + * An error in the canoniseFileName() function could cause a stack-based + buffer overflow (CVE-2012-6089). + * An error in the expand() function could cause a stack-based buffer + overflow (CVE-2012-6090). +

+ + +

A context-dependent attack can create files with specially crafted + names, causing arbitrary code execution or a denial of service condition. +

+ + +

There is no known workaround at this time.

+ + +

All SWI-Prolog users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/swi-prolog-6.2.5" + + + + CVE-2012-6089 + CVE-2012-6090 + + ackle + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-06.xml new file mode 100644 index 0000000000..af2d0d1b7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-06.xml @@ -0,0 +1,54 @@ + + + + Festival: Arbitrary code execution + A vulnerability in Festival could result in arbitrary code + execution, and privilege escalation. + + festival + December 09, 2013 + December 09, 2013: 1 + 386319 + remote + + + 2.1 + 2.1 + + + +

Festival is a Text to Speech Engine from The Centre for Speech + Technology Research. +

+ + +

A vulnerability in Festival Server has an incorrect path in + LD_LIBRARY_PATH, which allows local users to place a Trojan horse shared + library in the current working directory. +

+ + +

A local attacker can execute arbitrary a Trojan horse shared library, + potentially resulting in arbitrary code execution and privilege + escalation. +

+ + +

There is no known workaround at this time.

+ + +

All Festival users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-accessibility/festival-2.1" + + + + CVE-2010-3996 + + ackle + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-07.xml new file mode 100644 index 0000000000..1ebc52bcd3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-07.xml @@ -0,0 +1,67 @@ + + + + OpenEXR: Multiple Vulnerabilities + Multiple vulnerabilities have been found in OpenEXR, allowing + remote attackers to execute arbitrary code or cause a Denial of Service + condition. + + openexr + December 09, 2013 + December 09, 2013: 1 + 277202 + local, remote + + + 1.7.0 + 1.7.0 + + + +

OpenEXR is a high dynamic-range (HDR) image file format developed by + Industrial Light & Magic for use in computer imaging applications. +

+ + +

Multiple vulnerabilities have been discovered in OpenEXR. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could execute arbitrary code or cause a + Denial of Service condition via unspecified vectors. +

+ + +

There is no known workaround at this time.

+ + +

All OpenEXR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openexr-1.7.0" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since December 08, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2009-1720 + + + CVE-2009-1721 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-08.xml new file mode 100644 index 0000000000..121409561e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-08.xml @@ -0,0 +1,48 @@ + + + + WebP: User-assisted execution of arbitrary code + An integer overflow vulnerability in WebP could lead to arbitrary + code execution or Denial of Service. + + libwebp + December 10, 2013 + December 10, 2013: 1 + 442152 + remote + + + 0.2.1 + 0.2.1 + + + +

WebP is a lossy image compression format.

+ + +

An integer overflow flaw has been found in WebP.

+ + +

A remote attacker could entice a user to open a specially crafted image + in an application linked against WebP, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All WebP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libwebp-0.2.1" + + + + CVE-2012-5127 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-09.xml new file mode 100644 index 0000000000..1645a9fce1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-09.xml @@ -0,0 +1,62 @@ + + + + cabextract: Multiple vulnerabilities + Multiple vulnerabilities have been found in cabextract, allowing + remote attackers to execute arbitrary code or cause a Denial of Service + condition. + + cabextract + December 14, 2013 + December 14, 2013: 1 + 329891 + remote + + + 1.3 + 1.3 + + + +

cabextract is free software for extracting Microsoft cabinet files.

+ + +

Multiple vulnerabilities have been discovered in cabextract. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially-crafted + archive in a .cab file, related to the libmspack library, potentially + resulting in arbitrary code execution or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All cabextract users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/cabextract-1.3" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 03, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + + CVE-2010-2800 + + + CVE-2010-2801 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-10.xml new file mode 100644 index 0000000000..2c9415c1cb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-10.xml @@ -0,0 +1,61 @@ + + + + libsmi: Arbitrary code execution + A buffer overflow in libsmi might allow a context-dependent + attacker to execute arbitrary code. + + libsmi + December 14, 2013 + December 14, 2013: 1 + 342127 + local, remote + + + 0.4.8-r1 + 0.4.8-r1 + + + +

libsmi is a library that allows management applications to access SMI + MIB module definitions. +

+ + +

libsmi contains a buffer overflow vulnerability in the smiGetNode() + function in lib/smi.c. +

+ + +

A context-dependent attacker could possibly execute arbitrary code by + way of a specially crafted Object Identifier (OID). +

+ + +

There is no known workaround at this time.

+ + +

All libsmi users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libsmi-0.4.8-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 30, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2010-2891 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-11.xml new file mode 100644 index 0000000000..32601300ed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-11.xml @@ -0,0 +1,52 @@ + + + + Win32 Codecs: User-assisted execution of arbitrary code + A buffer overflow vulnerability in Win32 Codecs can potentially + allow for user-assisted arbitrary code execution. + + win32codecs + December 16, 2013 + December 16, 2013: 1 + 232999 + remote + + + 20071007-r4 + + + +

Win32 Codecs is a set of Windows audio and video playback codecs.

+ + +

A heap-based buffer overflow exists when handling Shockwave Flash files.

+ + +

A remote attacker could entice a user to open a specially crafted Flash + file using a package linked against Win32 Codecs, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for Win32 Codecs. We recommend that + users unmerge Win32 Codecs: +

+ + + # emerge --unmerge "media-libs/win32codecs" + + + + CVE-2007-5400 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-12.xml new file mode 100644 index 0000000000..302ba43a27 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-12.xml @@ -0,0 +1,66 @@ + + + + MIT Kerberos 5: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in MIT Kerberos 5, + allowing execution of arbitrary code or Denial of Service. + + mit-krb5 + December 16, 2013 + December 16, 2013: 1 + 429324 + 466268 + 469752 + 490668 + 494062 + 494064 + remote + + + 1.11.4 + 1.11.4 + + + +

MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +

+ + +

Multiple vulnerabilities have been discovered in the Key Distribution + Center in MIT Kerberos 5. Please review the CVE identifiers referenced + below for details. +

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. Additionally, a remote attacker + could impersonate a kadmind server and send a specially crafted packet to + the password change port, which can result in a ping-pong condition and a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MIT Kerberos 5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.11.4" + + + + CVE-2002-2443 + CVE-2012-1014 + CVE-2012-1015 + CVE-2013-1416 + CVE-2013-1417 + CVE-2013-1418 + CVE-2013-6800 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-13.xml new file mode 100644 index 0000000000..ee088cb147 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-13.xml @@ -0,0 +1,67 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark, allowing + remote attackers to execute arbitrary code or cause Denial of Service. + + wireshark + December 16, 2013 + December 16, 2013: 1 + 484582 + 490434 + remote + + + 1.10.3 + 1.8.11 + 1.10.3 + + + +

Wireshark is a versatile network protocol analyzer.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark 1.10 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.3" + + +

All Wireshark 1.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.11" + + + + CVE-2013-5717 + CVE-2013-5718 + CVE-2013-5719 + CVE-2013-5720 + CVE-2013-5721 + CVE-2013-5722 + CVE-2013-6336 + CVE-2013-6337 + CVE-2013-6338 + CVE-2013-6339 + CVE-2013-6340 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-14.xml new file mode 100644 index 0000000000..3663ef5ac7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-14.xml @@ -0,0 +1,60 @@ + + + + libsndfile: Arbitrary code execution + An integer overflow in libsndfile might allow remote attackers to + execute arbitrary code or cause a Denial of Service condition. + + libsndfile + December 17, 2013 + December 17, 2013: 1 + 375125 + remote + + + 1.0.25 + 1.0.25 + + + +

Libsndfile is a C library for reading and writing files containing + sampled sound through one standard library interface. +

+ + +

An integer overflow flaw has been discovered in Libsndfile.

+ + +

A remote attacker could entice a user to open a specially crafted PAF + file using libsndfile, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libsndfile users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.25" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 12, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2011-2696 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-15.xml new file mode 100644 index 0000000000..7ee578819d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-15.xml @@ -0,0 +1,55 @@ + + + + Tinyproxy: Denial of Service + A vulnerability has been found in Tinyproxy, allows remote + attackers to cause a Denial of Service condition. + + tinyproxy + December 23, 2013 + December 23, 2013: 1 + 432046 + remote + + + 1.8.3-r3 + 1.8.3-r3 + + + +

Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating + systems. +

+ + +

A vulnerability has been discovered in the way how Tinyproxy works with + headers. +

+ + +

A remote attacker could send a specially crafted request with too many + headers, possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Tinyproxy users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.8.3-r3" + + + + + CVE-2012-3505 + + + creffett + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-16.xml new file mode 100644 index 0000000000..53e2265077 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201312-16.xml @@ -0,0 +1,56 @@ + + + + Xfig: Arbitrary code execution + A vulnerability in Xfig could result in execution of arbitrary code + or Denial of Service. + + xfig + December 27, 2013 + December 27, 2013: 1 + 348344 + remote + + + 3.2.5b-r1 + 3.2.5b-r1 + + + +

Xfig is an interactive drawing tool.

+ + +

Xfig contains a buffer overflow vulnerability in processing certain FIG + images. +

+ + +

A remote attacker could entice a user to open a specially-crafted file, + potentially resulting in arbitrary code execution or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Xfig users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xfig-3.2.5b-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 09, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2010-4262 + + + craig + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-01.xml new file mode 100644 index 0000000000..6191c04e0a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-01.xml @@ -0,0 +1,59 @@ + + + + Libgdiplus: Arbitrary code execution + Multiple integer overflow vulnerabilities in Libgdiplus may allow + remote attackers to execute arbitrary code. + + libgdiplus + January 05, 2014 + January 05, 2014: 1 + 334101 + remote + + + 2.6.7-r1 + 2.6.7-r1 + + + +

Libgdiplus is the Mono library that provide a GDI+ comptible API on + non-Windows operating systems. +

+ + +

An integer overflow flaw has been discovered in Libgdiplus.

+ + +

A remote attacker could entice a user to open a specially-crafted + TIFF/JPEG/BMP file, potentially resulting in arbitrary code execution. +

+ + +

There is no known workaround at this time.

+ + +

All Libgdiplus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-dotnet/libgdiplus-2.6.7-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 12, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2010-1526 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-02.xml new file mode 100644 index 0000000000..942b6f0660 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-02.xml @@ -0,0 +1,55 @@ + + + + Gajim: Information disclosure + An error in Gajim causes invalid OpenSSL certificates to be + accepted as valid. + + gajim + January 06, 2014 + January 06, 2014: 1 + 442860 + remote + + + 0.15.3-r1 + 0.15.3-r1 + + + +

Gajim is a Jabber/XMPP client which uses GTK+.

+ + +

The _ssl_verify_callback() function in tls_nb.py does not properly + validate SSL certificates, causing any certificate to be accepted as + valid as long as the root CA is valid. +

+ + +

A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections and potentially + disclose sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Gajim users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gajim-0.15.3-r1" + + + + + CVE-2012-5524 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-03.xml new file mode 100644 index 0000000000..a79a024e81 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-03.xml @@ -0,0 +1,55 @@ + + + + Nagstamon: Information disclosure + A vulnerability in Nagstamon could expose user credentials to a + remote attacker. + + nagstamon + January 06, 2014 + January 06, 2014: 2 + 476538 + remote + + + 0.9.11_rc1 + 0.9.11_rc1 + + + +

Nagstamon is a Nagios status monitor application.

+ + +

Nagstamon’s automatic request to check for updates includes plaintext + username and password information for one of the monitor servers that the + Nagstamon instance connects to. +

+ + +

A remote attacker could eavesdrop on this request and gain user + credentials for a monitor server. +

+ + +

There is no known workaround at this time.

+ + +

All Nagstamon users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-analyzer/nagstamon-0.9.11_rc1" + + + + + CVE-2013-4114 + + + underling + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-04.xml new file mode 100644 index 0000000000..a7d5e69fef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-04.xml @@ -0,0 +1,103 @@ + + + + Python: Multiple vulnerabilities + Multiple vulnerabilities have been found in Python, the worst of + which allow remote attackers to cause a Denial of Service condition. + + python + January 06, 2014 + June 17, 2015: 5 + 325593 + 355927 + 358663 + 396329 + 403437 + 469988 + remote + + + 3.2.5-r1 + 2.6.8 + 2.7.3-r1 + 3.3.2-r1 + 2.6.9 + 2.7.4 + 2.7.5 + 2.7.6 + 2.7.7 + 2.7.8 + 2.7.9 + 2.7.10 + 2.7.11 + 2.7.12 + 2.7.13 + 2.7.14 + 2.7.15 + 3.3.2-r1 + + + +

Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

Multiple vulnerabilities have been discovered in Python. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition or + perform a man-in-the-middle attack to disclose sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Python 3.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.2-r1" + + +

All Python 3.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.2.5-r1" + + +

All Python 2.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.6.8" + + +

All Python 2.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.3-r1" + + + + CVE-2010-1634 + CVE-2010-2089 + CVE-2010-3492 + CVE-2010-3493 + CVE-2011-1015 + CVE-2012-0845 + CVE-2012-1150 + CVE-2013-2099 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-05.xml new file mode 100644 index 0000000000..a54a6f31f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-05.xml @@ -0,0 +1,54 @@ + + + + ISC DHCP: Denial of Service + A memory exhaustion vulnerability in ISC DHCP could lead to Denial + of Service. + + dhcp + January 06, 2014 + January 06, 2014: 1 + 463848 + remote + + + 4.2.5_p1 + 4.2.5_p1 + + + +

ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.

+ + +

ISC DHCP is vulnerable to a memory exhaustion attack involving regular + expressions sent by DHCP clients. +

+ + +

A remote attacker could send a specially crafted request from a + malicious or spoofed client, potentially leading to a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All ISC DHCP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.2.5_p1" + + + + + CVE-2013-2494 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-06.xml new file mode 100644 index 0000000000..82d697f2ea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-06.xml @@ -0,0 +1,59 @@ + + + + Git: Privilege escalation + A stack-based buffer overflow in Git might allow a local attacker + to gain escalated privileges. + + git + January 10, 2014 + January 10, 2014: 1 + 335891 + local + + + 1.7.2.2 + 1.7.2.2 + + + +

Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +

+ + +

Git contains a stack-based buffer overflow in the is_git_directory + function in setup.c. +

+ + +

A local attacker could gain escalated privileges via a specially crafted + git repository. +

+ + +

There is no known workaround at this time.

+ + +

All Git users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.7.2.2" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since September 11, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2010-2542 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-07.xml new file mode 100644 index 0000000000..905d929f2e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-07.xml @@ -0,0 +1,68 @@ + + + + libxslt: Denial of Service + Multiple Denial of Service vulnerabilities have been found in + libxslt. + + libxslt + January 10, 2014 + January 10, 2014: 1 + 433603 + 436284 + 463236 + 496114 + remote + + + 1.1.28 + 1.1.28 + + + +

libxslt is the XSLT C library developed for the GNOME project. XSLT is + an XML language to define transformations for XML. +

+ + +

Multiple vulnerabilities have been found in libxslt:

+ +
    +
  • Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, + CVE-2012-6139). +
    • +
  • A double-free error exists in templates.c (CVE-2012-2893).
    • +
  • A NULL pointer dereference in keys.c (CVE-2012-6139).
    • +
  • An error in handling stylesheets containing DTDs (CVE-2013-4520).
    • +
+ + +

A remote attacker could entice a user to process a specially crafted + file in an application linked against libxslt, possibly resulting in a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libxslt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.28" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2012-2870 + CVE-2012-2893 + CVE-2012-6139 + CVE-2013-4520 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-08.xml new file mode 100644 index 0000000000..a9a6b5c11d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-08.xml @@ -0,0 +1,71 @@ + + + + NTP: Traffic amplification + NTP can be abused to amplify Denial of Service attack traffic. + + January 16, 2014 + January 16, 2014: 1 + 496776 + remote + + + 4.2.6_p5-r10 + 4.2.6_p5-r10 + + + +

NTP is a protocol designed to synchronize the clocks of computers over a + network. The net-misc/ntp package contains the official reference + implementation by the NTP Project. +

+ + +

ntpd is susceptible to a reflected Denial of Service attack. Please + review the CVE identifiers and references below for details. +

+ + +

An unauthenticated remote attacker may conduct a distributed reflective + Denial of Service attack on another user via a vulnerable NTP server. +

+ + +

We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10 + and added “noquery” to the default restriction which disallows anyone + to query the ntpd status, including “monlist”. +

+ +

If you use a non-default configuration, and provide a ntp service to + untrusted networks, we highly recommend you to revise your configuration + to disable mode 6 and 7 queries for any untrusted (public) network. +

+ +

You can always enable these queries for specific trusted networks. For + more details please see the “Access Control Support” chapter in the + ntp.conf(5) man page. +

+ + +

All NTP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.6_p5-r10" + + +

Note that the updated package contains a modified default configuration + only. You may need to modify your configuration further. +

+ + + CVE-2013-5211 + VU#348126 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-09.xml new file mode 100644 index 0000000000..5587a34516 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-09.xml @@ -0,0 +1,49 @@ + + + + Openswan: User-assisted execution of arbitrary code + A vulnerability in Openswan could result in execution of arbitrary + code or Denial of Service. + + openswan + January 18, 2014 + January 18, 2014: 1 + 483204 + remote + + + 2.6.39 + 2.6.39 + + + +

Openswan is an implementation of IPsec for Linux.

+ + +

A buffer overflow flaw has been discovered in Openswan when using + Opportunistic Encryption. +

+ + +

A remote attacker could send a specially crafted DNS TXT record, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Openswan users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.6.39" + + + + CVE-2013-2053 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-10.xml new file mode 100644 index 0000000000..41768ef240 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-10.xml @@ -0,0 +1,75 @@ + + + + libexif, exif: Multiple vulnerabilities + Multiple vulnerabilities have been found in libexif and exif, some + of which may allow execution of arbitrary code. + + libexif + January 19, 2014 + January 19, 2014: 1 + 426366 + remote + + + 0.6.21 + 0.6.21 + + + 0.6.21 + 0.6.21 + + + +

libexif is a library for parsing, editing and saving Exif metadata from + images. exif is a small command line interface for libexif. +

+ + +

Multiple vulnerabilities have been discovered in libexif and exif. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted image + file using exif or an application linked against libexif, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libexif users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.21" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these + packages. +

+ +

All exif users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/exif-0.6.21" + + + + CVE-2012-2812 + CVE-2012-2813 + CVE-2012-2814 + CVE-2012-2836 + CVE-2012-2837 + CVE-2012-2840 + CVE-2012-2841 + CVE-2012-2845 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-11.xml new file mode 100644 index 0000000000..c5dc9cae33 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-11.xml @@ -0,0 +1,71 @@ + + + + Perl, Locale Maketext Perl module: Multiple vulnerabilities + Multiple vulnerabilities have been found in Perl and + Locale::Maketext Perl module, the worst of which could allow a + context-dependent attacker to execute arbitrary code. + + perl + January 19, 2014 + January 19, 2014: 1 + 384887 + 448632 + 460444 + 483448 + local, remote + + + 5.16.3 + 5.16.3 + + + 1.230.0 + 1.230.0 + + + +

Perl is Larry Wall’s Practical Extraction and Report Language. + Locale::Maketext is a Perl module - framework for localization. +

+ + +

Multiple vulnerabilities have been discovered in Perl and + Locale::Maketext Perl module. Please review the CVE identifiers + referenced below for details. +

+ + +

A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Perl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.16.3" + + +

All Locale::Maketext users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=perl-core/locale-maketext-1.230.0" + + + + CVE-2011-2728 + CVE-2011-2939 + CVE-2012-5195 + + CVE-2013-1667 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-12.xml new file mode 100644 index 0000000000..5149c1f367 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-12.xml @@ -0,0 +1,63 @@ + + + + GNUstep Base library: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNUstep Base library, + the worst of which allow execution of arbitrary code. + + gnustep-base + January 20, 2014 + January 20, 2014: 1 + 325577 + local, remote + + + 1.20.1 + 1.20.1 + + + +

GNUstep Base library is a free software package implementing the API of + the OpenStep Foundation Kit (tm), including later additions. +

+ + +

Multiple vulnerabilities have been discovered in GNUstep Base library. + Please review the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could possibly execute arbitrary code. A + local attacker could possibly read arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All GNUstep Base library users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=gnustep-base/gnustep-base-1.20.1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 13, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-1457 + CVE-2010-1620 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-13.xml new file mode 100644 index 0000000000..9096c62f97 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-13.xml @@ -0,0 +1,70 @@ + + + + VirtualBox: Multiple Vulnerabilities + Multiple vulnerabilities have been found in VirtualBox, allowing + local attackers to escalate their privileges or cause a Denial of Service + condition. + + virtualbox + January 20, 2014 + January 20, 2014: 1 + 434872 + 498166 + local + + + 4.2.22 + 4.2.22 + + + 4.2.22 + 4.2.22 + + + +

VirtualBox is a powerful virtualization product from Oracle.

+ + +

Multiple vulnerabilities have been discovered in Virtualbox. Please + review the CVE identifiers referenced below for details. +

+ + +

A local attacker in a guest virtual machine may be able to escalate + privileges or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All virtualbox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.2.22" + + +

All virtualbox-bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/virtualbox-bin-4.2.22" + + + + + CVE-2012-3221 + CVE-2013-5892 + CVE-2014-0404 + CVE-2014-0405 + CVE-2014-0406 + CVE-2014-0407 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-14.xml new file mode 100644 index 0000000000..12461391a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-14.xml @@ -0,0 +1,59 @@ + + + + cURL: Multiple vulnerabilities + Multiple vulnerabilities have been found in cURL, allowing + attackers to execute arbitrary code or cause Denial of Service. + + curl + January 20, 2014 + January 20, 2014: 1 + 456074 + 465678 + 474354 + 492688 + 497092 + remote + + + 7.34.0-r1 + 7.34.0-r1 + + + +

cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +

+ + +

Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user or automated process to connect to + a malicious server using cURL, possibly resulting in the remote execution + of arbitrary code or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All cURL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.34.0-r1" + + + + + CVE-2013-0249 + CVE-2013-1944 + CVE-2013-2174 + CVE-2013-6422 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-15.xml new file mode 100644 index 0000000000..f3ad69bfff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-15.xml @@ -0,0 +1,70 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities have been found in Asterisk, the worst of + which may allow execution of arbitrary code. + + asterisk + January 21, 2014 + January 21, 2014: 1 + 449828 + 463622 + 482776 + 494630 + remote + + + 11.7.0 + 1.8.25.0 + 11.7.0 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, or obtain sensitive + information. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk 11.* users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.7.0" + + +

All Asterisk 1.8.* users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.25.0" + + + + + CVE-2012-5976 + CVE-2012-5977 + CVE-2013-2264 + CVE-2013-2685 + CVE-2013-2686 + CVE-2013-5641 + CVE-2013-5642 + CVE-2013-7100 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-16.xml new file mode 100644 index 0000000000..3abef0437f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-16.xml @@ -0,0 +1,54 @@ + + + + CCID: Arbitrary code execution + A vulnerability in CCID could result in execution of arbitrary + code. + + ccid + January 21, 2014 + January 21, 2014: 1 + 349559 + local + + + 1.4.1-r1 + 1.4.1-r1 + + + +

CCID is a generic USB Chip/Smart Card Interface Devices driver.

+ + +

CCID contains an integer overflow vulnerability in ccid_serial.c.

+ + +

A physically proximate attacker could execute arbitrary code via a smart + card with a specially crafted + serial number. +

+ + +

There is no known workaround at this time.

+ + +

All CCID users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/ccid-1.4.1-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 21, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2010-4530 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-17.xml new file mode 100644 index 0000000000..7dbf850f74 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-17.xml @@ -0,0 +1,57 @@ + + + + PCSC-Lite: Arbitrary code execution + A vulnerability in PCSC-Lite could result in execution of arbitrary + code or Denial of Service. + + pcsc-lite + January 21, 2014 + January 21, 2014: 1 + 349561 + local + + + 1.6.6 + 1.6.6 + + + +

PCSC-Lite is a PC/SC Architecture smartcard middleware library.

+ + +

PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr + function in the + Answer-to-Reset Handler (atrhandler.c). +

+ + +

A physically proximate attacker could execute arbitrary code or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All PCSC-Lite users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/pcsc-lite-1.6.6" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since January 10, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2010-4531 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-18.xml new file mode 100644 index 0000000000..2d6fd134b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-18.xml @@ -0,0 +1,54 @@ + + + + OpenSC: Arbitrary code execution + Multiple stack-based buffer overflows have been found in OpenSC, + allowing attackers to execute arbitrary code. + + opensc + January 21, 2014 + January 21, 2014: 1 + 349567 + local + + + 0.11.13-r2 + 0.11.13-r2 + + + +

OpenSC is a tools and libraries for smart cards.

+ + +

Multiple stack-based buffer overflow errors have been discovered in + OpenSC. +

+ + +

A physically proximate attacker could possibly execute arbitrary code + using a specially crafted smart card. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.13-r2" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2010-4523 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-19.xml new file mode 100644 index 0000000000..bbc0a8d12d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-19.xml @@ -0,0 +1,78 @@ + + + + GMime: Arbitrary code execution + A buffer overflow error in GMime might allow remote attackers to + execute arbitrary code or cause a Denial of Service condition. + + gmime + January 21, 2014 + January 21, 2014: 1 + 308051 + local, remote + + + 2.4.15 + 2.4.17 + 2.2.26 + 2.4.15 + + + +

GMime is a C/C++ library which may be used for the creation and parsing + of messages using the Multipurpose Internet Mail Extension (MIME). +

+ + +

GMime contains a buffer overflow flaw in the GMIME_UUENCODE_LEN macro in + gmime/gmime-encodings.h. +

+ + +

A context-dependent attacker could possibly execute arbitrary code or + cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

GMime 2.4.x users on the PPC64 architecture should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.4.17" + + +

GMime 2.4.x users on other architectures should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.4.15" + + +

GMime 2.2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/gmime-2.2.26" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2010-0409 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-20.xml new file mode 100644 index 0000000000..15ffac9f17 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-20.xml @@ -0,0 +1,73 @@ + + + + Cacti: Multiple vulnerabilities + Multiple vulnerabilities have been found in Cacti, allowing + attackers to execute arbitrary code or perform XSS attacks. + + cacti + January 21, 2014 + January 21, 2014: 1 + 324031 + 480196 + remote + + + 0.8.8b + 0.8.8b + + + +

Cacti is a complete network graphing solution designed to harness the + power of RRDTool’s data storage and graphing functionality. +

+ + +

Multiple vulnerabilities have been discovered in Cacti. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary SQL commands via specially + crafted parameters, execute arbitrary shell code or inject malicious + script code. +

+ + +

There is no known workaround at this time.

+ + +

All Cacti users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8b" + + + + + CVE-2010-1644 + + + CVE-2010-1645 + + + CVE-2010-2092 + + + CVE-2010-2543 + + + CVE-2010-2544 + + + CVE-2010-2545 + + CVE-2013-1434 + CVE-2013-1435 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-21.xml new file mode 100644 index 0000000000..883af072be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-21.xml @@ -0,0 +1,57 @@ + + + + Poppler: Multiple vulnerabilities + Multiple vulnerabilities have been found in Poppler, allowing + remote attackers to execute arbitrary code or cause a Denial of Service + condition. + + poppler + January 21, 2014 + January 21, 2014: 1 + 489720 + 496770 + remote + + + 0.24.5 + 0.24.5 + + + +

Poppler is a cross-platform PDF rendering library originally based on + Xpdf. +

+ + +

Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted PDF in + an application linked against Poppler, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Poppler users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.24.5" + + + + + CVE-2013-4473 + CVE-2013-4474 + CVE-2013-7296 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-22.xml new file mode 100644 index 0000000000..31b0de2609 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-22.xml @@ -0,0 +1,57 @@ + + + + Active Record: SQL injection + A vulnerability in Active Record could allow a remote attacker to + inject SQL commands. + + activerecord + January 21, 2014 + January 21, 2014: 1 + 449826 + remote + + + 2.3.14-r1 + 2.3.14-r1 + + + +

Active Record is a Ruby gem that allows database entries to be + manipulated as objects. +

+ + +

An Active Record method parameter can mistakenly be used as a scope.

+ + +

A remote attacker could use specially crafted input to execute arbitrary + SQL statements. +

+ + +

The vulnerability may be mitigated by converting the input to an + expected value. This is accomplished by changing instances of + ‘Post.find_by_id(params[:id])’ in code using Active Record to + ‘Post.find_by_id(params[:id].to_s)’ +

+ + +

All Active Record users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/activerecord-2.3.14-r1" + + + + + CVE-2012-6496 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-23.xml new file mode 100644 index 0000000000..b7f45bd0a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-23.xml @@ -0,0 +1,66 @@ + + + + sudo: Privilege escalation + Multiple vulnerabilities have been found in sudo which could result + in privilege escalation. + + sudo + January 21, 2014 + January 21, 2014: 1 + 459722 + local + + + 1.8.6_p7 + 1.8.6_p7 + + + +

sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +

+ + +

Multiple vulnerabilities have been found in sudo:

+ +
    +
  • sudo does not correctly validate the controlling terminal on a system + without /proc or when the tty_tickets option is enabled. +
    • +
  • sudo does not properly handle the clock when it is set to the epoch.
    • +
+ + +

A local attacker with sudo privileges could connect to the stdin, + stdout, and stderr of the terminal of a user who has authenticated with + sudo, allowing the attacker to hijack the authorization of the other + user. Additionally, a local or physically proximate attacker could set + the system clock to the epoch, bypassing time restrictions on sudo + authentication. +

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.6_p7" + + + + + CVE-2013-1775 + CVE-2013-1776 + CVE-2013-2776 + CVE-2013-2777 + + ackle + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-24.xml new file mode 100644 index 0000000000..ed3b8529df --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-24.xml @@ -0,0 +1,47 @@ + + + + INN: Man-in-the-middle attack + A vulnerability in INN's STARTTLS implementation could allow a + remote attacker to conduct a man-in-the-middle attack. + + inn + January 21, 2014 + January 21, 2014: 1 + 432002 + remote + + + 2.5.3 + 2.5.3 + + + +

INN is a news server which can interface with Usenet.

+ + +

INN’s I/O buffering is not correctly restricted.

+ + +

A remote attacker could inject commands into encrypted NNTP sessions.

+ + +

There is no known workaround at this time.

+ + +

All INN users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.5.3" + + + + + CVE-2012-3523 + + craig + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-25.xml new file mode 100644 index 0000000000..fd83c2370f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-25.xml @@ -0,0 +1,62 @@ + + + + ldns: Arbitrary code execution + A heap-based buffer overflow in ldns might allow remote attackers + to execute arbitrary code or cause a Denial of Service condition. + + ldns + January 21, 2014 + January 21, 2014: 1 + 384249 + remote + + + 1.6.11 + 1.6.11 + + + +

ldns is a fast DNS library with the goal to simplify DNS programming and + to allow developers to easily create software conforming to current RFCs + and Internet drafts. +

+ + +

ldns contains a heap-based buffer overflow in the + ldns_rr_new_frm_str_internal function. +

+ + +

A remote attacker could execute arbitrary code or cause a Denial of + Service condition with a crafted Resource Record. +

+ + +

There is no known workaround at this time.

+ + +

All ldns users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/ldns-1.6.11" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since October 11, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2011-3581 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-26.xml new file mode 100644 index 0000000000..bf229bd420 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-26.xml @@ -0,0 +1,58 @@ + + + + Zabbix: Shell command injection + A vulnerability in Zabbix could allow remote attackers to execute + arbitrary shell code. + + zabbix + January 23, 2014 + June 02, 2014: 2 + 493250 + remote + + + 2.0.9-r1 + 2.0.9-r1 + + + +

Zabbix is software for monitoring applications, networks, and servers.

+ + +

If a flexible user parameter is configured in Zabbix agent, including a + newline in the parameters will execute newline section as a separate + command even if UnsafeUserParameters are disabled. +

+ + +

A remote attacker could possibly execute arbitrary shell code with the + privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All Zabbix 2.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-2.2.0-r4" + + +

All Zabbix 2.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-2.0.9-r1" + + + + CVE-2013-6824 + + Zlogene + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-27.xml new file mode 100644 index 0000000000..ef1a40180b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-27.xml @@ -0,0 +1,62 @@ + + + + GNU TeXmacs: Privilege escalation + A vulnerability in GNU TeXmacs could result in privilege + escalation. + + texmacs + January 26, 2014 + January 26, 2014: 2 + 337532 + local + + + 1.0.7.2-r1 + 1.0.7.2-r1 + + + +

GNU TeXmacs is a free WYSIWYG editing platform with special features for + scientists. +

+ + +

The texmacs and tm_mupad_help scripts in TeXmacs place a zero-length + directory name in the LD_LIBRARY_PATH, which might result in the current + working directory (.) to be included when searching for dynamically + linked libraries. +

+ + +

A local attacker could gain escalated privileges via a specially crafted + shared library. +

+ + +

There is no known workaround at this time.

+ + +

All GNU TeXmacs users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/texmacs-1.0.7.2-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since April 02, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + + + CVE-2010-3394 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-28.xml new file mode 100644 index 0000000000..eaf0e21fd2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-28.xml @@ -0,0 +1,62 @@ + + + + Tomboy: Privilege escalation + A vulnerability in Tomboy could result in privilege escalation. + tomboy + January 26, 2014 + January 26, 2014: 1 + 356583 + local + + + 1.4.2-r1 + 1.4.2-r1 + + + +

Tomboy is a desktop note-taking application.

+ + +

Tomboy places a zero-length directory name in the LD_LIBRARY_PATH, which + might result in the current working directory (.) to be included when + searching for dynamically linked libraries. +

+ +

NOTE: This vulnerability exists due to an incomplete fix for + CVE-2005-4790 (GLSA 200711-12). +

+ + +

A local attacker could gain escalated privileges via a specially crafted + shared library. +

+ + +

There is no known workaround at this time.

+ + +

All Tomboy users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/tomboy-1.4.2-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 02, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + + CVE-2010-4005 + GLSA + 200711-12 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-29.xml new file mode 100644 index 0000000000..f9227f6b63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-29.xml @@ -0,0 +1,57 @@ + + + + VIPS: Privilege Escalation + A vulnerability in VIPS could result in privilege escalation. + vips + January 26, 2014 + January 26, 2014: 1 + 344561 + local + + + 7.22.4 + 7.22.4 + + + +

VIPS is a free image processing system.

+ + +

VIPS places a zero-length directory name in the LD_LIBRARY_PATH, which + might result in the current working directory (.) to be included when + searching for dynamically linked libraries. +

+ + +

A local attacker could gain escalated privileges via a specially crafted + shared library. +

+ + +

There is no known workaround at this time.

+ + +

All VIPS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/vips-7.22.4" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 23, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + + + CVE-2010-3364 + + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-30.xml new file mode 100644 index 0000000000..cf7492b9c5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-30.xml @@ -0,0 +1,362 @@ + + + + Oracle JRE/JDK: Multiple vulnerabilities + Multiple vulnerabilities have been found in the Oracle JRE/JDK, + allowing attackers to cause unspecified impact. + + sun-jre-bin sun-jdk oracle-jdk-bin oracle-jre-bin + emul-linux-x86-java + + January 27, 2014 + January 27, 2014: 1 + 404071 + 421073 + 433094 + 438706 + 451206 + 455174 + 458444 + 460360 + 466212 + 473830 + 473980 + 488210 + 498148 + local, remote + + + 1.6.0.45 + + + 1.7.0.51 + 1.7.0.51 + + + 1.6.0.45 + + + 1.7.0.51 + 1.7.0.51 + + + 1.7.0.51 + 1.7.0.51 + + + +

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and + the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) + provide the Oracle Java platform (formerly known as Sun Java Platform). +

+ + +

Multiple vulnerabilities have been reported in the Oracle Java + implementation. Please review the CVE identifiers referenced below for + details. +

+ + +

An unauthenticated, remote attacker could exploit these vulnerabilities + to execute arbitrary code. + Furthermore, a local or remote attacker could exploit these + vulnerabilities to cause unspecified impact, possibly including remote + execution of arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All Oracle JDK 1.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jdk-bin-1.7.0.51" + + +

All Oracle JRE 1.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jre-bin-1.7.0.51" + + +

All users of the precompiled 32-bit Oracle JRE should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/emul-linux-x86-java-1.7.0.51" + + +

All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one + of the newer Oracle packages like dev-java/oracle-jdk-bin or + dev-java/oracle-jre-bin or choose another alternative we provide; eg. the + IBM JDK/JRE or the open source IcedTea. +

+ +

NOTE: As Oracle has revoked the DLJ license for its Java implementation, + the packages can no longer be updated automatically. +

+ + + CVE-2011-3563 + CVE-2011-5035 + CVE-2012-0497 + CVE-2012-0498 + CVE-2012-0499 + CVE-2012-0500 + CVE-2012-0501 + CVE-2012-0502 + CVE-2012-0503 + CVE-2012-0504 + CVE-2012-0505 + CVE-2012-0506 + CVE-2012-0507 + CVE-2012-0547 + CVE-2012-1531 + CVE-2012-1532 + CVE-2012-1533 + CVE-2012-1541 + CVE-2012-1682 + CVE-2012-1711 + CVE-2012-1713 + CVE-2012-1716 + CVE-2012-1717 + CVE-2012-1718 + CVE-2012-1719 + CVE-2012-1721 + CVE-2012-1722 + CVE-2012-1723 + CVE-2012-1724 + CVE-2012-1725 + CVE-2012-1726 + CVE-2012-3136 + CVE-2012-3143 + CVE-2012-3159 + CVE-2012-3174 + CVE-2012-3213 + CVE-2012-3216 + CVE-2012-3342 + CVE-2012-4416 + CVE-2012-4681 + CVE-2012-5067 + CVE-2012-5068 + CVE-2012-5069 + CVE-2012-5070 + CVE-2012-5071 + CVE-2012-5072 + CVE-2012-5073 + CVE-2012-5074 + CVE-2012-5075 + CVE-2012-5076 + CVE-2012-5077 + CVE-2012-5079 + CVE-2012-5081 + CVE-2012-5083 + CVE-2012-5084 + CVE-2012-5085 + CVE-2012-5086 + CVE-2012-5087 + CVE-2012-5088 + CVE-2012-5089 + CVE-2013-0169 + CVE-2013-0351 + CVE-2013-0401 + CVE-2013-0402 + CVE-2013-0409 + CVE-2013-0419 + CVE-2013-0422 + CVE-2013-0423 + CVE-2013-0430 + CVE-2013-0437 + CVE-2013-0438 + CVE-2013-0445 + CVE-2013-0446 + CVE-2013-0448 + CVE-2013-0449 + CVE-2013-0809 + CVE-2013-1473 + CVE-2013-1479 + CVE-2013-1481 + CVE-2013-1484 + CVE-2013-1485 + CVE-2013-1486 + CVE-2013-1487 + CVE-2013-1488 + CVE-2013-1491 + CVE-2013-1493 + CVE-2013-1500 + CVE-2013-1518 + CVE-2013-1537 + CVE-2013-1540 + CVE-2013-1557 + CVE-2013-1558 + CVE-2013-1561 + CVE-2013-1563 + CVE-2013-1564 + CVE-2013-1569 + CVE-2013-1571 + CVE-2013-2383 + CVE-2013-2384 + CVE-2013-2394 + CVE-2013-2400 + CVE-2013-2407 + CVE-2013-2412 + CVE-2013-2414 + CVE-2013-2415 + CVE-2013-2416 + CVE-2013-2417 + CVE-2013-2418 + CVE-2013-2419 + CVE-2013-2420 + CVE-2013-2421 + CVE-2013-2422 + CVE-2013-2423 + CVE-2013-2424 + CVE-2013-2425 + CVE-2013-2426 + CVE-2013-2427 + CVE-2013-2428 + CVE-2013-2429 + CVE-2013-2430 + CVE-2013-2431 + CVE-2013-2432 + CVE-2013-2433 + CVE-2013-2434 + CVE-2013-2435 + CVE-2013-2436 + CVE-2013-2437 + CVE-2013-2438 + CVE-2013-2439 + CVE-2013-2440 + CVE-2013-2442 + CVE-2013-2443 + CVE-2013-2444 + CVE-2013-2445 + CVE-2013-2446 + CVE-2013-2447 + CVE-2013-2448 + CVE-2013-2449 + CVE-2013-2450 + CVE-2013-2451 + CVE-2013-2452 + CVE-2013-2453 + CVE-2013-2454 + CVE-2013-2455 + CVE-2013-2456 + CVE-2013-2457 + CVE-2013-2458 + CVE-2013-2459 + CVE-2013-2460 + CVE-2013-2461 + CVE-2013-2462 + CVE-2013-2463 + CVE-2013-2464 + CVE-2013-2465 + CVE-2013-2466 + CVE-2013-2467 + CVE-2013-2468 + CVE-2013-2469 + CVE-2013-2470 + CVE-2013-2471 + CVE-2013-2472 + CVE-2013-2473 + CVE-2013-3743 + CVE-2013-3744 + CVE-2013-3829 + CVE-2013-5772 + CVE-2013-5774 + CVE-2013-5775 + CVE-2013-5776 + CVE-2013-5777 + CVE-2013-5778 + CVE-2013-5780 + CVE-2013-5782 + CVE-2013-5783 + CVE-2013-5784 + CVE-2013-5787 + CVE-2013-5788 + CVE-2013-5789 + CVE-2013-5790 + CVE-2013-5797 + CVE-2013-5800 + CVE-2013-5801 + CVE-2013-5802 + CVE-2013-5803 + CVE-2013-5804 + CVE-2013-5805 + CVE-2013-5806 + CVE-2013-5809 + CVE-2013-5810 + CVE-2013-5812 + CVE-2013-5814 + CVE-2013-5817 + CVE-2013-5818 + CVE-2013-5819 + CVE-2013-5820 + CVE-2013-5823 + CVE-2013-5824 + CVE-2013-5825 + CVE-2013-5829 + CVE-2013-5830 + CVE-2013-5831 + CVE-2013-5832 + CVE-2013-5838 + CVE-2013-5840 + CVE-2013-5842 + CVE-2013-5843 + CVE-2013-5844 + CVE-2013-5846 + CVE-2013-5848 + CVE-2013-5849 + CVE-2013-5850 + CVE-2013-5851 + CVE-2013-5852 + CVE-2013-5854 + CVE-2013-5870 + CVE-2013-5878 + CVE-2013-5887 + CVE-2013-5888 + CVE-2013-5889 + CVE-2013-5893 + CVE-2013-5895 + CVE-2013-5896 + CVE-2013-5898 + CVE-2013-5899 + CVE-2013-5902 + CVE-2013-5904 + CVE-2013-5905 + CVE-2013-5906 + CVE-2013-5907 + CVE-2013-5910 + CVE-2014-0368 + CVE-2014-0373 + CVE-2014-0375 + CVE-2014-0376 + CVE-2014-0382 + CVE-2014-0385 + CVE-2014-0387 + CVE-2014-0403 + CVE-2014-0408 + CVE-2014-0410 + CVE-2014-0411 + CVE-2014-0415 + CVE-2014-0416 + CVE-2014-0417 + CVE-2014-0418 + CVE-2014-0422 + CVE-2014-0423 + CVE-2014-0424 + CVE-2014-0428 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-31.xml new file mode 100644 index 0000000000..e50e4f05ba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-31.xml @@ -0,0 +1,54 @@ + + + + CEDET: Privilege escalation + A vulnerability in CEDET could result in privilege escalation. + cedet + January 27, 2014 + January 27, 2014: 2 + 398227 + local + + + 1.0.1 + 1.0.1 + + + +

CEDET is a Collection of Emacs Development Environment Tools written + with the end goal of creating an advanced development environment in + Emacs. +

+ + +

An untrusted search path vulnerability was discovered in CEDET.

+ + +

A local attacker could escalate his privileges via a specially crafted + Lisp expression in a Project.ede file in the directory or a parent + directory of an opened file. +

+ + +

There is no known workaround at this time.

+ + +

All CEDET users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emacs/cedet-1.0.1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since February 01, 2012. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2012-0035 + + ago + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-32.xml new file mode 100644 index 0000000000..18a7112669 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-32.xml @@ -0,0 +1,60 @@ + + + + Exim: Multiple vulnerabilities + Multiple vulnerabilities were found in Exim, the worst of which + leading to remote execution of arbitrary code with root privileges. + + Exim + January 27, 2014 + January 27, 2014: 3 + 322665 + 348249 + 353352 + 366369 + 439734 + remote + + + 4.80.1 + 4.80.1 + + + +

Exim is a highly configurable, drop-in replacement for sendmail.

+ + +

Multiple vulnerabilities have been discovered in Exim. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with root + privileges, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Exim users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.80.1" + + + + + CVE-2010-2023 + CVE-2010-2024 + CVE-2010-4344 + CVE-2010-4345 + CVE-2011-0017 + CVE-2011-1407 + CVE-2011-1764 + CVE-2012-5671 + + craig + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-33.xml new file mode 100644 index 0000000000..b3c17b3a2d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-33.xml @@ -0,0 +1,51 @@ + + + + Perl Digest-Base module: Arbitrary code execution + A vulnerability has been found in the Digest-Base Perl module, + allowing remote attackers to execute arbitrary code. + + digest-base + January 29, 2014 + January 29, 2014: 1 + 385487 + remote + + + 1.170.0 + 1.170.0 + + + +

Digest-Base is a set of Perl modules that calculate message digests

+ + +

The vulnerability is caused due to the “Digest->new()” function + not properly sanitising input before using it in an “eval()” call. +

+ + +

The vulnerability might allow an attacker to execute arbitrary code.

+ + +

There is no known workaround at this time.

+ + +

All Digest-Base module users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=perl-core/digest-base-1.170.0" + + + + + CVE-2011-3597 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-34.xml new file mode 100644 index 0000000000..754a7f4ad5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-34.xml @@ -0,0 +1,59 @@ + + + + BIND: Denial of Service + Multiple vulnerabilities have been found in BIND, possibly + resulting in Denial of Service. + + bind + January 29, 2014 + January 29, 2014: 1 + 437828 + 446094 + 453974 + 463497 + 478316 + 483208 + 498016 + remote + + + 9.9.4_p2 + 9.9.4_p2 + + + +

BIND is the Berkeley Internet Name Domain Server.

+ + +

Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All BIND users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.4_p2" + + + + + CVE-2012-5166 + CVE-2012-5688 + CVE-2012-5689 + CVE-2013-2266 + CVE-2013-3919 + CVE-2013-4854 + CVE-2014-0591 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-01.xml new file mode 100644 index 0000000000..4d1667b2a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-01.xml @@ -0,0 +1,53 @@ + + + + GNU libmicrohttpd: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNU libmicrohttpd, the + worst of which may allow execution of arbitrary code. + + libmicrohttpd + February 02, 2014 + February 02, 2014: 1 + 493450 + remote + + + 0.9.32 + 0.9.32 + + + +

GNU libmicrohttpd is a small C library that is supposed to make it easy + to run an HTTP server as part of another application. +

+ + +

Multiple vulnerabilities have been discovered in GNU libmicrohttpd. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, or obtain sensitive + information. +

+ + +

There is no known workaround at this time.

+ + +

All GNU libmicrohttpd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libmicrohttpd-0.9.32" + + + + + CVE-2013-7038 + CVE-2013-7039 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-02.xml new file mode 100644 index 0000000000..c87f366625 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-02.xml @@ -0,0 +1,80 @@ + + + + NVIDIA Drivers: Privilege Escalation + A NVIDIA drivers bug allows unprivileged user-mode software to + access the GPU inappropriately, allowing for privilege escalation. + + nvidia-drivers + February 02, 2014 + March 13, 2014: 3 + 493448 + local + + + 331.20 + 319.76 + 304.116 + 304.119 + 304.121 + 331.20 + + + +

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic + boards. +

+ + +

The vulnerability is caused due to the driver allowing unprivileged + user-mode software to access the GPU. +

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All NVIDIA Drivers users using the 331 branch should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=x11-drivers/nvidia-drivers-331.20" + + +

All NVIDIA Drivers users using the 319 branch should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=x11-drivers/nvidia-drivers-319.76" + + +

All NVIDIA Drivers users using the 304 branch should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=x11-drivers/nvidia-drivers-304.116" + + + + CVE-2013-5986 + CVE-2013-5987 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-03.xml new file mode 100644 index 0000000000..2a1e83b463 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-03.xml @@ -0,0 +1,56 @@ + + + + Pixman: User-assisted execution of arbitrary code + An integer underflow vulnerability in Pixman may allow a + context-dependent attacker to cause Denial of Service. + + pixman + February 02, 2014 + February 02, 2014: 1 + 493292 + local, remote + + + 0.32.4 + 0.32.4 + + + +

Pixman is a pixel manipulation library.

+ + +

The trapezoid handling code in Pixman contains an integer underflow + vulnerability. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted file using an application linked against Pixman, possibly + resulting in execution of arbitrary code with the privileges of the + process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Pixman users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/pixman-0.32.4" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2013-6425 + + Zlogene + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-04.xml new file mode 100644 index 0000000000..fa39917a7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-04.xml @@ -0,0 +1,65 @@ + + + + libwww-perl: Multiple vulnerabilities + Multiple vulnerabilities have been found in libwww-perl, the worst + of which could allow attackers to execute arbitrary code. + + libwww-perl + February 04, 2014 + February 04, 2014: 1 + 329943 + 386309 + remote + + + 6.30.0 + 6.30.0 + + + +

libwww is a collection of Perl modules providing a consistent interface + to the World-Wide Web. +

+ + +

Multiple vulnerabilities have been discovered in libwww-perl. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to download a specially-crafted + file with an application linked against libwww-perl, which could result + in overwritten files or arbitrary code execution by writing to a dotfile + in the user’s home directory (such as .bashrc). Additionally, a remote + attacker could perform a Man-in-the-Middle attack. +

+ + +

There is no known workaround at this time.

+ + +

All libwww-perl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/libwww-perl-6.30.0" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since December 18, 2011. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2010-2253 + CVE-2011-0633 + + + underling + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-05.xml new file mode 100644 index 0000000000..a972c406ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-05.xml @@ -0,0 +1,58 @@ + + + + Banshee: Arbitrary code execution + An environment variable processing error has been reported in + Banshee, possibly allowing local attacker to load a specially crafted + shared library. + + banshee + February 05, 2014 + February 05, 2014: 1 + 345567 + local + + + 1.8.0-r1 + 1.8.0-r1 + + + +

Banshee is a multimedia management and playback application for GNOME.

+ + +

Banshee places a zero-length directory name in PATH, which allows + libraries to be loaded from the working directory. +

+ + +

A local attacker could put specially crafted library into working + directory of Banshee, possibly resulting in execution of arbitrary code + with the privileges of the process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Banshee users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/banshee-1.8.0-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 17, 2010. It is likely that your system is + already no longer affected by this issue. +

+ + + + CVE-2010-3998 + + craig + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-06.xml new file mode 100644 index 0000000000..7dde80a160 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-06.xml @@ -0,0 +1,67 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which could result in execution of arbitrary code. + + adobe-flash + February 06, 2014 + February 06, 2014: 1 + 491148 + 493894 + 498170 + 500313 + remote + + + 11.2.202.336 + 11.2.202.336 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple unspecified vulnerabilities have been discovered in Adobe Flash + Player. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted SWF + file using Adobe Flash Player, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.336" + + + + + CVE-2013-5329 + CVE-2013-5330 + CVE-2013-5331 + CVE-2013-5332 + CVE-2014-0491 + CVE-2014-0492 + CVE-2014-0497 + + + BlueKnight + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-07.xml new file mode 100644 index 0000000000..869b315317 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-07.xml @@ -0,0 +1,58 @@ + + + + Freeciv: User-assisted execution of arbitrary code + A vulnerability in Freeciv may allow a remote attacker to execute + arbitrary code. + + freeciv + February 06, 2014 + February 06, 2014: 1 + 329949 + remote + + + 2.2.1 + 2.2.1 + + + +

Freeciv is an open-source empire building strategy game.

+ + +

The Lua component of Freeciv does not restrict which modules may be + loaded by scenario scripts. +

+ + +

A remote attacker could entice a user to open a specially crafted + scenario file, possibly resulting in execution of arbitrary code or + reading of arbitrary files with the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All Freeciv users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-strategy/freeciv-2.2.1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 26, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-2445 + + + underling + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-08.xml new file mode 100644 index 0000000000..c033017eba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-08.xml @@ -0,0 +1,61 @@ + + + + stunnel: Arbitrary code execution + A vulnerability has been found in stunnel, allowing for the + execution of arbitrary code. + + stunnel + February 06, 2014 + February 07, 2014: 4 + 460278 + remote + + + 4.56-r1 + 4.00 + 4.56-r1 + + + +

The stunnel program is designed to work as an SSL encryption wrapper + between a client and a local or remote server. +

+ + +

A buffer overflow vulnerability has been discovered in stunnel. Please + review the CVE identifier referenced below for details. +

+ + +

A remote attacker could entice a user to connect to a malicious proxy + server, resulting in the execution of arbitrary code within the + configured chroot directory, with the privileges of the user running + stunnel. Please review the references below for details. +

+ + +

There is no known workaround at this time.

+ + +

All stunnel users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.56-r1" + + + + + CVE-2013-1762 + stunnel: + CVE-2013-1762 + + + + creffett + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-09.xml new file mode 100644 index 0000000000..e6a57fa150 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-09.xml @@ -0,0 +1,55 @@ + + + + Apache mod_fcgid: Arbitrary code execution + A buffer overflow in Apache mod_fcgid might allow remote attackers + to execute arbitrary code or cause a Denial of Service condition. + + mod_fcgid + February 07, 2014 + February 07, 2014: 1 + 487314 + remote + + + 2.3.9 + 2.3.9 + + + +

Apache mod_fcgid is a binary-compatible alternative to mod_fastcgi with + better process management. +

+ + +

Apache mod_fcgid fails to perform a boundary check on user-supplied + input, potentially resulting in a heap-based buffer overflow. +

+ + +

A remote attacker can supply a crafted input, possibly resulting in + execution of arbitrary code or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Apache mod_fcgid users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_fcgid-2.3.9" + + + + + CVE-2013-4365 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-10.xml new file mode 100644 index 0000000000..95586f4245 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-10.xml @@ -0,0 +1,49 @@ + + + + PulseAudio: Insecure temporary file usage + An insecure temporary file usage has been reported in PulseAudio, + possibly allowing symlink attacks. + + pulseaudio + February 07, 2014 + February 07, 2014: 1 + 313329 + local + + + 0.9.22 + 0.9.22 + + + +

PulseAudio is a sound system for POSIX OSes.

+ + +

The pa_make_secure_dir function in core-util.c does not handle temporary + files securely. +

+ + +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All PulseAudio users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.22" + + + + + CVE-2009-1299 + + craig + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-11.xml new file mode 100644 index 0000000000..015678d169 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-11.xml @@ -0,0 +1,51 @@ + + + + Links: Denial of Service + An integer overflow in Links might allow remote attackers to cause + a Denial of Service condition. + + links + February 07, 2014 + February 07, 2014: 1 + 493138 + remote + + + 2.8-r1 + 2.8-r1 + + + +

Links is a web browser which runs in both graphics and text modes.

+ + +

An integer overflow vulnerability was found in the parsing of HTML + tables in the Links web browser when running in graphical mode. +

+ + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Links users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/links-2.8-r1" + + + + + CVE-2013-6050 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-12.xml new file mode 100644 index 0000000000..0ef0ac8b98 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-12.xml @@ -0,0 +1,51 @@ + + + + PAM S/Key: Information disclosure + PAM S/Key does not clear provided credentials from memory, allowing + local attackers to gain access to cleartext credentials. + + pam_skey + February 09, 2014 + February 09, 2014: 1 + 482588 + local + + + 1.1.5-r5 + 1.1.5-r5 + + + +

PAM S/Key is a pluggable authentication module for the OpenBSD + Single-key Password system. +

+ + +

Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove + credentials provided by the user from memory. +

+ + +

A local attacker with privileged access could inspect a memory dump to + gain access to cleartext credentials provided by users. +

+ + +

There is no known workaround at this time.

+ + +

All PAM S/Key users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_skey-1.1.5-r5" + + + + + CVE-2013-4285 + + a3li + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-13.xml new file mode 100644 index 0000000000..14ba013f7c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-13.xml @@ -0,0 +1,52 @@ + + + + DjVu: User-assisted execution of arbitrary code + A vulnerability in DjVu could result in execution of arbitrary code + or Denial of Service. + + djvu + February 09, 2014 + February 09, 2014: 1 + 497088 + remote + + + 3.5.25.3 + 3.5.25.3 + + + +

DjVu is a web-centric format and software platform for distributing + documents and images. +

+ + +

A vulnerability has been discovered in DjVu. Please review the CVE + identifier referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted DjVu + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All DjVu users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/djvu-3.5.25.3" + + + + + CVE-2012-6535 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-14.xml new file mode 100644 index 0000000000..c2a2b939c5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-14.xml @@ -0,0 +1,62 @@ + + + + International Components for Unicode: Denial of Service + Two vulnerabilities in International Components for Unicode might + allow remote attackers to cause a Denial of Service condition. + + icu + February 10, 2014 + February 10, 2014: 1 + 460426 + 486948 + remote + + + 51.2-r1 + 51.2-r1 + + + +

International Components for Unicode is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +

+ + +

Multiple vulnerabilities have been discovered in International + Components for Unicode. Please review the CVE identifiers referenced + below for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All International Components for Unicode users should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/icu-51.2-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2013-0900 + CVE-2013-2924 + + + BlueKnight + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-15.xml new file mode 100644 index 0000000000..afab165b06 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-15.xml @@ -0,0 +1,63 @@ + + + + Roundcube: Arbitrary code execution + A vulnerability in Roundcube could result in arbitrary code + execution, SQL injection, or reading of arbitrary files. + + roundcube + February 11, 2014 + February 11, 2014: 1 + 488954 + remote + + + 0.9.5 + 0.8.7 + 0.9.5 + + + +

Roundcube is a browser-based multilingual IMAP client with an + application-like user interface. +

+ + +

A vulnerability in steps/utils/save_pref.inc allows remote attackers to + use the _session parameter to change configuration settings. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, inject SQL code, or read arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All Roundcube 0.9 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/roundcube-0.9.5" + + +

All Roundcube 0.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/roundcube-0.8.7" + + + + + CVE-2013-6172 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-16.xml new file mode 100644 index 0000000000..9c08a94058 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-16.xml @@ -0,0 +1,57 @@ + + + + FreeType: Multiple vulnerabilities + Multiple vulnerabilities have been found in FreeType, allowing + context-dependent attackers to possibly execute arbitrary code or cause + Denial of Service. + + freetype + February 11, 2014 + February 11, 2014: 1 + 448550 + local, remote + + + 2.4.11 + 2.4.11 + + + +

FreeType is a high-quality and portable font engine.

+ + +

Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted font, possibly resulting in execution of arbitrary code with the + privileges of the user running the application, or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Freetype users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.11" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2012-5668 + CVE-2012-5669 + CVE-2012-5670 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-17.xml new file mode 100644 index 0000000000..9e1a5183d4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-17.xml @@ -0,0 +1,52 @@ + + + + Xpdf: User-assisted execution of arbitrary code + Multiple vulnerabilities in Xpdf could result in execution of + arbitrary code. + + xpdf + February 17, 2014 + February 17, 2014: 1 + 386271 + local, remote + + + 3.02-r4 + + + +

Xpdf is an X viewer for PDF files.

+ + +

Multiple vulnerabilities have been discovered in Xpdf. Please review the + CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could execute arbitrary code or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for Xpdf. We recommend that users + unmerge Xpdf: +

+ + + # emerge --unmerge "app-text/xpdf" + + + + CVE-2009-4035 + CVE-2010-3702 + CVE-2010-3704 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-18.xml new file mode 100644 index 0000000000..aaccff4bd5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-18.xml @@ -0,0 +1,49 @@ + + + + GNU Midnight Commander: User-assisted execution of arbitrary code + GNU Midnight Commander does not properly sanitize environment + variables, possibly resulting in execution of arbitrary code or Denial of + Service. + + mc + February 20, 2014 + February 20, 2014: 1 + 436518 + remote + + + 4.8.7 + 4.8.7 + + + +

GNU Midnight Commander is a text based file manager.

+ + +

GNU Midnight Commander does not properly sanitize environment variables.

+ + +

A remote attacker could entice a user to open a specially crafted + archive file using GNU Midnight Commander, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Midnight Commander users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/mc-4.8.7" + + + + CVE-2012-4463 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-19.xml new file mode 100644 index 0000000000..8db600ad5a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-19.xml @@ -0,0 +1,56 @@ + + + + libtar: Arbitraty code execution + A buffer overflow in libtar might allow remote attackers to execute + arbitrary code or cause a Denial of Service condition. + + libtar + February 21, 2014 + February 21, 2014: 1 + 487420 + remote + + + 1.2.20-r2 + 1.2.20-r2 + + + +

libtar is a C library for manipulating POSIX tar files.

+ + +

An integer overflow error within the “th_read()” function when + processing long names or link extensions can be exploited to cause a + heap-based buffer overflow via a specially crafted archive. +

+ + +

A remote attacker could entice a user to open a specially crafted file + using a program linked against libtar, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All libtar users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libtar-1.2.20-r2" + + + + + CVE-2013-4397 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-20.xml new file mode 100644 index 0000000000..cc74de520d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-20.xml @@ -0,0 +1,59 @@ + + + + KVIrc: Multiple vulnerabilities + Multiple vulnerabilities have been found in KVIrc, the worst of + which allows remote attackers to execute arbitrary code. + + kvirc + February 21, 2014 + February 21, 2014: 1 + 326149 + 330111 + remote + + + 4.1_pre4693 + 4.1_pre4693 + + + +

KVIrc is a free portable IRC client based on Qt.

+ + +

Multiple vulnerabilities have been discovered in KVIrc. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of + Service condition, or overwrite arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All KVIrc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/kvirc-4.1_pre4693" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since July 29, 2010. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2010-2451 + CVE-2010-2452 + CVE-2010-2785 + + craig + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-21.xml new file mode 100644 index 0000000000..c37af13667 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-21.xml @@ -0,0 +1,78 @@ + + + + libTIFF: Multiple vulnerabilities + Multiple vulnerabilities have been found in libTIFF, allowing + remote attackers to execute arbitrary code or cause Denial of Service. + + tiff + February 21, 2014 + February 21, 2014: 1 + 440154 + 440944 + 468334 + 480466 + 486590 + remote + + + 4.0.3-r6 + 3.9.7-r1 + 4.0.3-r6 + + + +

libTIFF provides support for reading and manipulating TIFF (Tagged Image + File Format) images. +

+ + +

Multiple vulnerabilities have been discovered in libTIFF. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted TIFF + file with an application making use of libTIFF, possibly resulting in + execution of arbitrary code with the privileges of the user running the + application or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libTIFF 4.* users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.3-r6" + + +

All libTIFF 3.* users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.7-r1:3" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2012-4447 + CVE-2012-4564 + CVE-2013-1960 + CVE-2013-1961 + CVE-2013-4231 + CVE-2013-4232 + CVE-2013-4244 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-22.xml new file mode 100644 index 0000000000..97599c52a1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-22.xml @@ -0,0 +1,62 @@ + + + + TCPTrack: Arbitrary code execution + A heap-based buffer overflow in TCPTrack might allow a remote + attacker to execute arbitrary code. + + tcptrack + February 21, 2014 + February 21, 2014: 1 + 377917 + local + + + 1.4.2 + 1.4.2 + + + +

TCPTrack is a simple libpcap based program for live TCP connection + monitoring. +

+ + +

A heap-based buffer overflow vulnerability exists in TCPTrack’s + parsing of command line arguments. This is only a vulnerability in + limited scenarios in which TCPTrack is “configured as a handler for + other applications.” +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition with a + specially crafted command-line argument. +

+ + +

There is no known workaround at this time.

+ + +

All TCPTrack users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/tcptrack-1.4.2" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since August 06, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2011-2903 + + + underling + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-23.xml new file mode 100644 index 0000000000..b884a6c758 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-23.xml @@ -0,0 +1,53 @@ + + + + libXfont: Multiple vulnerabilities + Multiple vulnerabilities have been found in libXfont, the worst of + which allow for local privilege escalation. + + libxfont + February 21, 2014 + February 21, 2014: 1 + 378797 + 497416 + local + + + 1.4.7 + 1.4.7 + + + +

libXfont is an X11 font rasterisation library.

+ + +

Multiple vulnerabilities have been discovered in libXfont. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could use a specially crafted file to gain privileges + or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libXfont users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.7 " + + + + + CVE-2011-2895 + CVE-2013-6462 + + + underling + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-24.xml new file mode 100644 index 0000000000..858d348146 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-24.xml @@ -0,0 +1,90 @@ + + + + GnuPG, Libgcrypt: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in GnuPG and + Libgcrypt, which may result in execution of arbitrary code, Denial of + Service, or the disclosure of private keys. + + gnupg libgcrypt + February 21, 2014 + July 07, 2014: 2 + 449546 + 478184 + 484836 + 487230 + 494658 + local, remote + + + 2.0.22 + 1.4.16 + 1.4.17 + 1.4.18 + 1.4.19 + 1.4.20 + 2.0.22 + + + 1.5.3 + 1.5.3 + + + +

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of + cryptographic software. Libgcrypt is a cryptographic library based on + GnuPG. +

+ + +

Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt. + Please review the CVE identifiers referenced below for details. +

+ + +

An unauthenticated remote attacker may be able to execute arbitrary code + with the privileges of the user running GnuPG, cause a Denial of Service + condition, or bypass security restrictions. Additionally, a side-channel + attack may allow a local attacker to recover a private key, please review + “Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel + Attack” in the References section for further details. +

+ + +

There is no known workaround at this time.

+ + +

All GnuPG 2.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.22" + + +

All GnuPG 1.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.16" + + +

All Libgcrypt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.5.3" + + + + + CVE-2012-6085 + CVE-2013-4242 + CVE-2013-4351 + CVE-2013-4402 + Flush+Reload: a High + Resolution, Low Noise, L3 Cache Side-Channel Attack + + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-25.xml new file mode 100644 index 0000000000..65f974cf29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-25.xml @@ -0,0 +1,56 @@ + + + + OpenSSL: Denial of Service + A vulnerability in OpenSSL's handling of TLS handshakes could + result in a Denial of Service condition. + + openssl + February 21, 2014 + February 21, 2014: 1 + 497838 + remote + + + 1.0.1f + 1.0.1 + 1.0.1f + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

A flaw in the ssl3_take_mac function can result in a NULL pointer + dereference. +

+ + +

A remote attacker could send a specially crafted TLS handshake, + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL 1.0.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1f" + + + + CVE-2013-4353 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-26.xml new file mode 100644 index 0000000000..60fe74589d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-26.xml @@ -0,0 +1,52 @@ + + + + libssh: Arbitrary code execution + Multiple vulnerabilities have been found in libssh, allowing + attackers to execute arbitrary code or cause Denial of Service. + + libssh + February 21, 2014 + February 21, 2014: 1 + 444147 + remote + + + 0.5.3 + 0.5.3 + + + +

libssh is a C library providing SSHv2 and SSHv1.

+ + +

Multiple buffer overflow, double free, and integer overflow + vulnerabilities have been discovered in libssh. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libssh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.5.3" + + + + CVE-2012-4559 + CVE-2012-4560 + CVE-2012-4561 + CVE-2012-4562 + CVE-2012-6063 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-27.xml new file mode 100644 index 0000000000..711dc1edf8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-27.xml @@ -0,0 +1,51 @@ + + + + pidgin-knotify: Arbitrary code execution + A vulnerability in pidgin-knotify might allow remote attackers to + execute arbitrary code. + + pidgin-knotify + February 26, 2014 + February 26, 2014: 1 + 336916 + remote + + + 0.2.1 + + + +

pidgin-knotify is a Pidgin plug-in to display message notifications in + KDE. +

+ + +

pidgin-knotify does not properly sanitize shell metacharacters from + received messages. +

+ + +

A remote attacker could send a specially crafted instant message, + possibly resulting in execution of arbitrary code with the privileges of + the Pidgin process. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for pidgin-knotify. We recommend that + users unmerge pidgin-knotify: +

+ + + # emerge --unmerge "x11-plugins/pidgin-knotify" + + + + CVE-2010-3088 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-28.xml new file mode 100644 index 0000000000..cc7f602129 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-28.xml @@ -0,0 +1,56 @@ + + + + Chrony: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chrony, possibly + allowing remote attackers to cause a Denial of Service condition. + + chrony + February 28, 2014 + February 28, 2014: 1 + 480364 + remote + + + 1.29 + 1.29 + + + +

Chrony is a pair of programs which are used to maintain the accuracy of + the system clock on a computer. +

+ + +

Multiple vulnerabilities have been discovered in Chrony. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition by + sending specially crafted packets. +

+ + +

There is no known workaround at this time.

+ + +

All Chrony users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/chrony-1.29" + + + + + CVE-2012-4502 + CVE-2012-4503 + + + jaervosz + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-29.xml new file mode 100644 index 0000000000..0809642695 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201402-29.xml @@ -0,0 +1,51 @@ + + + + ArgyllCMS: User-assisted execution of arbitrary code + Multiple integer overflow vulnerabilities have been found in + ArgyllCMS which could allow attackers to execute arbitrary code. + + argyllcms + February 28, 2014 + February 28, 2014: 1 + 437652 + remote + + + 1.4.0-r1 + 1.4.0-r1 + + + +

ArgyllCMS is an ICC compatible color management system that supports + accurate ICC profile creation for scanners, cameras and film recorders. +

+ + +

Multiple integer overflow vulnerabilities have been discovered in the + ICC Format Library in ArgyllCMS. +

+ + +

A remote attacker could entice a user to open a specially crafted image + file using ArgyllCMS, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ArgyllCMS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0-r1" + + + + CVE-2012-4405 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-01.xml new file mode 100644 index 0000000000..0fb960bbdf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-01.xml @@ -0,0 +1,141 @@ + + + + Chromium, V8: Multiple vulnerabilities + Multiple vulnerabilities have been reported in Chromium and V8, + worst of which may allow execution of arbitrary code. + + chromium v8 + March 05, 2014 + March 05, 2014: 1 + 486742 + 488148 + 491128 + 491326 + 493364 + 498168 + 499502 + 501948 + 503372 + remote + + + 33.0.1750.146 + 33.0.1750.146 + + + 3.20.17.13 + + + +

Chromium is an open-source web browser project. V8 is Google’s open + source JavaScript engine. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and V8. Please + review the CVE identifiers and release notes referenced below for + details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted web site or JavaScript program using Chromium or V8, possibly + resulting in the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. Furthermore, a remote attacker + may be able to bypass security restrictions or have other unspecified + impact. +

+ + +

There is no known workaround at this time.

+ + +

All chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-33.0.1750.146" + + +

Gentoo has discontinued support for separate V8 package. We recommend + that users unmerge V8: +

+ + + # emerge --unmerge "dev-lang/v8" + + + + CVE-2013-2906 + CVE-2013-2907 + CVE-2013-2908 + CVE-2013-2909 + CVE-2013-2910 + CVE-2013-2911 + CVE-2013-2912 + CVE-2013-2913 + CVE-2013-2915 + CVE-2013-2916 + CVE-2013-2917 + CVE-2013-2918 + CVE-2013-2919 + CVE-2013-2920 + CVE-2013-2921 + CVE-2013-2922 + CVE-2013-2923 + CVE-2013-2925 + CVE-2013-2926 + CVE-2013-2927 + CVE-2013-2928 + CVE-2013-2931 + CVE-2013-6621 + CVE-2013-6622 + CVE-2013-6623 + CVE-2013-6624 + CVE-2013-6625 + CVE-2013-6626 + CVE-2013-6627 + CVE-2013-6628 + CVE-2013-6632 + CVE-2013-6634 + CVE-2013-6635 + CVE-2013-6636 + CVE-2013-6637 + CVE-2013-6638 + CVE-2013-6639 + CVE-2013-6640 + CVE-2013-6641 + CVE-2013-6643 + CVE-2013-6644 + CVE-2013-6645 + CVE-2013-6646 + CVE-2013-6649 + CVE-2013-6650 + CVE-2013-6652 + CVE-2013-6653 + CVE-2013-6654 + CVE-2013-6655 + CVE-2013-6656 + CVE-2013-6657 + CVE-2013-6658 + CVE-2013-6659 + CVE-2013-6660 + CVE-2013-6661 + CVE-2013-6663 + CVE-2013-6664 + CVE-2013-6665 + CVE-2013-6666 + CVE-2013-6667 + CVE-2013-6668 + CVE-2013-6802 + CVE-2014-1681 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-02.xml new file mode 100644 index 0000000000..faad0adcbc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-02.xml @@ -0,0 +1,53 @@ + + + + LibYAML: Arbitrary code execution + A Vulnerability in LibYAML could result in execution of arbitrary + code. + + libyaml + March 08, 2014 + March 08, 2014: 1 + 499920 + remote + + + 0.1.5 + 0.1.5 + + + +

LibYAML is a YAML 1.1 parser and emitter written in C.

+ + +

A heap-based buffer overflow flaw was found in the way libyaml parsed + YAML tags. +

+ + +

A remote attacker could provide a specially-crafted YAML document which + when parsed by LibYAML, would cause the application to crash or, + potentially, execute arbitrary code with the privileges the user who is + running the application. +

+ + +

There is no known workaround at this time.

+ + +

All LibYAML users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libyaml-0.1.5" + + + + + CVE-2013-6393 + + Zlogene + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-03.xml new file mode 100644 index 0000000000..799b5f0cfe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-03.xml @@ -0,0 +1,51 @@ + + + + file: Denial of Service + A vulnerability in file could result in Denial of Service. + file + March 13, 2014 + March 13, 2014: 1 + 501574 + remote + + + 5.17 + 5.17 + + + +

file is a utility that guesses a file format by scanning binary data for + patterns. +

+ + +

A flaw was found in the way the file utility determines the type of a + file. +

+ + +

A remote attacker could entice a user to open a specially crafted file, + possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All file users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-5.17" + + + + + CVE-2014-1943 + + Zlogene + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-04.xml new file mode 100644 index 0000000000..6deb9f2f17 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-04.xml @@ -0,0 +1,55 @@ + + + + QtCore: Denial of Service + A vulnerability in QXmlSimpleReader class can be used to cause a + Denial of Service condition. + + qt-core + March 13, 2014 + March 13, 2014: 1 + 494728 + remote + + + 4.8.5-r1 + 4.8.5-r1 + + + +

The Qt toolkit is a comprehensive C++ application development framework.

+ + +

A vulnerability in QXmlSimpleReader’s XML entity parsing has been + discovered. +

+ + +

A remote attacker could entice a user to open a specially crafted XML + file using an application linked against QtCore, possibly resulting in + Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All QtCore users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.5-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2013-4549 + + Zlogene + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-05.xml new file mode 100644 index 0000000000..41c1fc2a8b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-05.xml @@ -0,0 +1,67 @@ + + + + GNU Emacs: Multiple vulnerabilities + Two vulnerabilities have been found in GNU Emacs, possibly leading + to user-assisted execution of arbitrary code. + + emacs + March 20, 2014 + March 20, 2014: 1 + 398239 + 431178 + remote + + + 24.1-r1 + 23.4-r4 + 23.2 + 24.1-r1 + + + +

GNU Emacs is a highly extensible and customizable text editor.

+ + +

Multiple vulnerabilities have been discovered in GNU Emacs:

+ +
    +
  • When ‘global-ede-mode’ is enabled, EDE in Emacs automatically + loads a Project.ede file from the project directory (CVE-2012-0035). +
    • +
  • When ‘enable-local-variables’’ is set to ‘:safe’, Emacs + automatically processes eval forms (CVE-2012-3479). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted file, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Emacs 24.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-24.1-r1" + + +

All GNU Emacs 23.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r4" + + + + CVE-2012-0035 + CVE-2012-3479 + + ago + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-06.xml new file mode 100644 index 0000000000..39a0d6eee7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-06.xml @@ -0,0 +1,50 @@ + + + + libupnp: Arbitrary code execution + Multiple buffer overflow flaws in libupnp may allow execution of + arbitrary code. + + libupnp + March 26, 2014 + March 26, 2014: 1 + 454570 + remote + + + 1.6.18 + 1.6.18 + + + +

libupnp is a portable, open source, UPnP development kit.

+ + +

Multiple buffer overflow vulnerabilities have been discovered in + libupnp. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libupnp users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libupnp-1.6.18" + + + + CVE-2012-5958 + CVE-2012-5959 + CVE-2012-5960 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-07.xml new file mode 100644 index 0000000000..1384a2f023 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-07.xml @@ -0,0 +1,47 @@ + + + + grep: User-assisted execution of arbitrary code + A vulnerability in grep could result in execution of arbitrary code + or Denial of Service. + + grep + March 26, 2014 + March 26, 2014: 1 + 448246 + local, remote + + + 2.12 + 2.12 + + + +

grep is the GNU regular expression matcher.

+ + +

An integer overflow flaw has been discovered in grep.

+ + +

An attacker could entice a user to run grep on a specially crafted file, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All grep users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.12" + + + + CVE-2012-5667 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-08.xml new file mode 100644 index 0000000000..6c43feeebb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201403-08.xml @@ -0,0 +1,57 @@ + + + + PlRPC: Arbitrary code execution + PlRPC uses Storable which allows for code execution prior to + Authentication + + PlRPC + March 27, 2014 + March 27, 2014: 1 + 497692 + remote + + + 0.202.0-r2 + 0.202.0-r2 + + + +

The Perl RPC Module is a Perl module that implements IDL-free RPCs.

+ + +

PlRPC uses Storable module for serialization and deserialization of + untrusted data. Deserialized data can contain objects which can lead to + loading of foreign modules, and possible execution of arbitrary code. +

+ + +

A remote attacker could possibly execute + arbitrary code with the privileges of the process, or cause a Denial of + Service condition. +

+ + +

External authentication mechanism can be used with PlRPC such as TLS or + IPSEC. +

+ + +

All PlRPC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/PlRPC-0.202.0-r2" + + + + + CVE-2013-7284 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-01.xml new file mode 100644 index 0000000000..054a83eeeb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-01.xml @@ -0,0 +1,55 @@ + + + + CUPS: Arbitrary file read/write + A vulnerability in CUPS may allow for arbitrary file access. + cups + April 07, 2014 + April 07, 2014: 1 + 442926 + local + + + 1.6.2-r5 + 1.6.2-r5 + + + +

CUPS, the Common Unix Printing System, is a full-featured print server.

+ + +

Members of the lpadmin group have admin access to the web interface, + where they can + edit the config file and set some “dangerous” directives (like the + logfilenames), which enable them to read or write files as the user + running + the CUPS webserver. +

+ + +

A local attacker could possibly exploit this vulnerability to read or + write files as the user running the CUPS webserver. +

+ + +

There is no known workaround at this time.

+ + +

All CUPS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-1.6.2-r5" + + + + + CVE-2012-5519 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-02.xml new file mode 100644 index 0000000000..cc19f708c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-02.xml @@ -0,0 +1,49 @@ + + + + libproxy: User-assisted execution of arbitrary code + A buffer overflow in libproxy might allow remote attackers to + execute arbitrary code. + + libproxy + April 07, 2014 + April 07, 2014: 1 + 438146 + remote + + + 0.4.10 + 0.4.10 + + + +

libproxy is a library for automatic proxy configuration management.

+ + +

A boundary error when processing the proxy.pac file could cause a + stack-based buffer overflow. +

+ + +

A man-in-the-middle attacker could provide a specially crafted proxy.pac + file on a remote server, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libproxy users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libproxy-0.4.10" + + + + CVE-2012-4504 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-03.xml new file mode 100644 index 0000000000..0046c98900 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-03.xml @@ -0,0 +1,51 @@ + + + + OptiPNG: User-assisted execution of arbitrary code + A use-after-free error in OptiPNG could result in execution of + arbitrary code or Denial of Service. + + optipng + April 07, 2014 + April 07, 2014: 1 + 435340 + remote + + + 0.7.3 + 0.7.3 + + + +

OptiPNG is a PNG optimizer that recompresses image files to a smaller + size, without losing any information. +

+ + +

A use-after-free vulnerability exists in the palette reduction + functionality of OptiPNG. +

+ + +

A remote attacker could entice a user to open a specially crafted image + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OptiPNG users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.7.3" + + + + CVE-2012-4432 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-04.xml new file mode 100644 index 0000000000..e5f9cdfbed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-04.xml @@ -0,0 +1,49 @@ + + + + Crack: Arbitrary code execution + A vulnerability in Crack might allow remote attackers to execute + arbitrary code. + + crack + April 07, 2014 + April 07, 2014: 1 + 460164 + remote + + + 0.3.2 + 0.3.2 + + + +

Crack is a really simple JSON and XML parsing Ruby gem, ripped from Merb + and Rails. +

+ + +

An XML parameter parsing vulnerability has been discovered in Crack.

+ + +

A remote attacker could execute arbitrary code with the privileges of + the process, cause a Denial of + Service condition, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Crack users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/crack-0.3.2" + + + + CVE-2013-1800 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-05.xml new file mode 100644 index 0000000000..1f8eb9697f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-05.xml @@ -0,0 +1,69 @@ + + + + OpenAFS: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenAFS, worst of which + can allow attackers to execute arbitrary code + + openafs + April 07, 2014 + April 07, 2014: 1 + 265538 + 355533 + 460494 + 478282 + 478296 + local, remote + + + 1.6.5 + 1.6.5 + + + +

OpenAFS is an client-server program suite for federated file sharing and + replicated content distribution. +

+ + +

Multiple vulnerabilities have been discovered in OpenAFS. Please review + the CVE identifiers referenced below for details. +

+ + +

An attacker could potentially execute arbitrary code with the + permissions of the user running the AFS server, cause a Denial of Service + condition, or gain access to sensitive information. Additionally, an + attacker could compromise a cell’s private key, allowing them to + impersonate any user in the cell. +

+ + +

There is no known workaround at this time.

+ + +

All OpenAFS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.6.5" + + + + + CVE-2009-1250 + CVE-2009-1251 + CVE-2011-0430 + CVE-2011-0431 + CVE-2013-1794 + CVE-2013-1795 + CVE-2013-4134 + CVE-2013-4135 + + + underling + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-06.xml new file mode 100644 index 0000000000..eb648cc70f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-06.xml @@ -0,0 +1,54 @@ + + + + Mesa: Multiple vulnerabilities + Multiple vulnerabilities in Mesa could result in execution of + arbitrary code or Denial of Service. + + mesa + April 08, 2014 + April 08, 2014: 1 + 432400 + 445916 + 472280 + remote + + + 9.1.4 + 9.1.4 + + + +

Mesa is an OpenGL-like graphic library for Linux.

+ + +

Multiple vulnerabilities have been discovered in Mesa. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute + arbitrary code with the privileges of the process, or cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mesa users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/mesa-9.1.4" + + + + + CVE-2012-2864 + CVE-2012-5129 + CVE-2013-1872 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-07.xml new file mode 100644 index 0000000000..785480be91 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201404-07.xml @@ -0,0 +1,91 @@ + + + + OpenSSL: Information Disclosure + Multiple Information Disclosure vulnerabilities in OpenSSL allow + remote attackers to obtain sensitive information via various vectors. + + openssl + April 08, 2014 + June 06, 2015: 4 + 505278 + 507074 + remote + + + 1.0.1g + 0.9.8y + 0.9.8z_p1 + 0.9.8z_p2 + 0.9.8z_p3 + 0.9.8z_p4 + 0.9.8z_p5 + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.1g + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been found in OpenSSL:

+ +
    +
  • OpenSSL incorrectly handles memory in the TLS heartbeat extension, + leading to information disclosure of 64kb per request, possibly + including private keys (“Heartbleed bug”, OpenSSL 1.0.1 only, + CVE-2014-0160). +
    • +
  • The Montgomery ladder implementation of OpenSSL improperly handles + swap operations (CVE-2014-0076). +
    • +
+ + +

A remote attacker could exploit these issues to disclose information, + including private keys or other sensitive information, or perform + side-channel attacks to obtain ECDSA nonces. +

+ + +

Disabling the tls-heartbeat USE flag (enabled by default) provides a + workaround for the CVE-2014-0160 issue. +

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1g" + + +

Note: All services using OpenSSL to provide TLS connections have to be + restarted for the update to take effect. Utilities like + app-admin/lib_users can aid in identifying programs using OpenSSL. +

+ +

As private keys may have been compromised using the Heartbleed attack, + it is recommended to regenerate them. +

+ + + CVE-2014-0076 + CVE-2014-0160 + Heartbleed bug website + + a3li + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-01.xml new file mode 100644 index 0000000000..1832314f7f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-01.xml @@ -0,0 +1,62 @@ + + + + udisks: Arbitrary code execution + A stack-based buffer overflow vulnerability has been found in + udisks, allowing a local attacker to possibly execute arbitrary code or + cause Denial of Service. + + udisks + May 02, 2014 + May 02, 2014: 1 + 504100 + local + + + 1.0.5 + 2.1.3 + 2.1.3 + + + +

udisks is an abstraction for enumerating block devices and performing + operations on them. +

+ + +

A stack-based buffer overflow can be triggered when udisks is given a + long path name as a mount point. +

+ + +

A local attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All udisks 1.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/udisks-1.0.5:0" + + +

All udisks 2.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.1.3" + + + + + CVE-2014-0004 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-02.xml new file mode 100644 index 0000000000..c22f47d55d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-02.xml @@ -0,0 +1,54 @@ + + + + libSRTP: Denial of Service + A vulnerability in libSRTP can result in a Denial of Service + condition. + + libsrtp + May 03, 2014 + May 03, 2014: 1 + 472302 + remote + + + 1.4.4_p20121108-r1 + 1.4.4_p20121108-r1 + + + +

libSRTP is an Open-source implementation of the Secure Real-time + Transport Protocol. +

+ + +

A flaw was found in how the crypto_policy_set_from_profile_for_rtp() + function applies cryptographic profiles to an srtp_policy in libSRTP. +

+ + +

A remote attacker could exploit this vulnerability to crash an + application linked against libSRTP, resulting in Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All libSRTP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-libs/libsrtp-1.4.4_p20121108-r1" + + + + + CVE-2013-2139 + + Zlogene + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-03.xml new file mode 100644 index 0000000000..6ef2d33a1e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-03.xml @@ -0,0 +1,60 @@ + + + + WeeChat: Multiple vulnerabilities + Two vulnerabilities have been found in WeeChat, the worst of which + may allow execution of arbitrary code. + + weechat + May 03, 2014 + May 03, 2014: 1 + 442600 + remote + + + 0.3.9.2 + 0.3.9.2 + + + +

Wee Enhanced Environment for Chat (WeeChat) is a light and extensible + console IRC client. +

+ + +

Two vulnerabilities have been discovered in WeeChat:

+ +
    +
  • The hook_process() function does not properly handle shell expansions + (CVE-2012-5534). +
    • +
  • WeeChat does not properly decode colors which could cause a + heap-based buffer overflow (CVE-2012-5854). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted script + or send messages with specially crafted colors, possibly resulting in + execution of arbitrary code with the privileges of the process, or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All WeeChat users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/weechat-0.3.9.2" + + + + CVE-2012-5534 + CVE-2012-5854 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-04.xml new file mode 100644 index 0000000000..b8c4f52358 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-04.xml @@ -0,0 +1,71 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which could result in execution of arbitrary code. + + adobe-flash + May 03, 2014 + May 03, 2014: 1 + 501960 + 504286 + 507176 + 508986 + remote + + + 11.2.202.356 + 11.2.202.356 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted SWF + file using Adobe Flash Player, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. Furthermore, a remote attacker may be able to bypass the Same + Origin Policy or read the clipboard via unspecified vectors. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.356" + + + + + CVE-2014-0498 + CVE-2014-0499 + CVE-2014-0502 + CVE-2014-0503 + CVE-2014-0504 + CVE-2014-0506 + CVE-2014-0507 + CVE-2014-0508 + CVE-2014-0509 + CVE-2014-0515 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-05.xml new file mode 100644 index 0000000000..e232071f2e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-05.xml @@ -0,0 +1,75 @@ + + + + Asterisk: Denial of Service + Multiple buffer overflows in Asterisk might allow remote attackers + to cause a Denial of Service condition. + + asterisk + May 03, 2014 + May 03, 2014: 1 + 504180 + remote + + + 11.8.1 + 1.8.26.1 + 11.8.1 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers and Asterisk Project Security Advisories referenced + below for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Asterisk 11.* users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.8.1" + + +

All Asterisk 1.8.* users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.26.1" + + + + + + AST-2014-001 + + + AST-2014-002 + + + AST-2014-003 + + + AST-2014-004 + + CVE-2014-2286 + CVE-2014-2287 + CVE-2014-2288 + CVE-2014-2289 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-06.xml new file mode 100644 index 0000000000..9eb428a9d9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-06.xml @@ -0,0 +1,85 @@ + + + + OpenSSH: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSH, the worst of + which may allow remote attackers to execute arbitrary code. + + openssh + May 11, 2014 + May 11, 2014: 1 + 231292 + 247466 + 386307 + 410869 + 419357 + 456006 + 505066 + remote + + + 6.6_p1-r1 + 6.6_p1-r1 + + + +

OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSH. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code, cause a Denial of + Service condition, obtain sensitive information, or bypass environment + restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSH users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1" + + +

NOTE: One or more of the issues described in this advisory have been + fixed in previous updates. They are included in this advisory for the + sake of completeness. It is likely that your system is already no longer + affected by them. +

+ + + + CVE-2008-5161 + + + CVE-2010-4478 + + + CVE-2010-4755 + + CVE-2010-5107 + + CVE-2011-5000 + + + CVE-2012-0814 + + + CVE-2014-2532 + + + + keytoaster + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-07.xml new file mode 100644 index 0000000000..bba1aab875 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-07.xml @@ -0,0 +1,90 @@ + + + + X.Org X Server: Multiple vulnerabilities + Multiple vulnerabilities have been found in X.Org X Server, + allowing attackers to execute arbitrary code or cause a Denial of Service + condition. + + xorg-server + May 15, 2014 + May 15, 2014: 1 + 466222 + 471098 + 487360 + 497836 + local, remote + + + 1.14.3-r2 + 1.14.3-r2 + + + +

The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

Multiple vulnerabilities have been discovered in X.Org X Server. Please + review the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All X.Org X Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.14.3-r2" + + + + CVE-2013-1056 + CVE-2013-1940 + CVE-2013-1981 + CVE-2013-1982 + CVE-2013-1983 + CVE-2013-1984 + CVE-2013-1985 + CVE-2013-1986 + CVE-2013-1987 + CVE-2013-1988 + CVE-2013-1989 + CVE-2013-1990 + CVE-2013-1991 + CVE-2013-1992 + CVE-2013-1993 + CVE-2013-1994 + CVE-2013-1995 + CVE-2013-1996 + CVE-2013-1997 + CVE-2013-1998 + CVE-2013-1999 + CVE-2013-2000 + CVE-2013-2001 + CVE-2013-2002 + CVE-2013-2003 + CVE-2013-2004 + CVE-2013-2005 + CVE-2013-2062 + CVE-2013-2063 + CVE-2013-2064 + CVE-2013-2066 + CVE-2013-4396 + + + pinkbyte + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-08.xml new file mode 100644 index 0000000000..7daba39a58 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-08.xml @@ -0,0 +1,60 @@ + + + + ClamAV: Multiple vulnerabilities + Multiple vulnerabilities have been found in ClamAV, the worst of + which could lead to arbitrary code execution. + + clamav + May 16, 2014 + May 16, 2014: 1 + 462278 + 467710 + remote + + + 0.98 + 0.98 + + + +

Clam AntiVirus (ClamAV) is an anti-virus toolkit for UNIX, designed + especially for e-mail scanning on mail gateways. +

+ + +

Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted file, leading to + arbitrary code execution or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ClamAV users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98" + + + + + CVE-2013-2020 + CVE-2013-2021 + CVE-2013-7087 + CVE-2013-7088 + CVE-2013-7089 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-09.xml new file mode 100644 index 0000000000..e96c26e1da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-09.xml @@ -0,0 +1,67 @@ + + + + ImageMagick: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in ImageMagick, the + worst of which could lead to arbitrary code execution. + + imagemagick + May 17, 2014 + May 17, 2014: 1 + 409431 + 483032 + 500988 + 506562 + remote + + + 6.8.8.10 + 6.8.8.10 + + + +

ImageMagick is a collection of tools and libraries for manipulating + various image formats. +

+ + +

Multiple vulnerabilities have been discovered in ImageMagick. Please + review the CVE identifiers referenced below for details. +

+ +

Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete + fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs + were addressed in GLSA 201203-09. +

+ + +

A remote attacker can utilize multiple vectors to execute arbitrary code + or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ImageMagick users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.8.8.10" + + + + + CVE-2012-1185 + CVE-2012-1186 + CVE-2013-4298 + CVE-2014-1947 + CVE-2014-2030 + + + underling + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-10.xml new file mode 100644 index 0000000000..1155690582 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-10.xml @@ -0,0 +1,80 @@ + + + + Rack: Multiple vulnerabilities + Multiple vulnerabilities have been found in Rack, the worst of + which allow execution of arbitrary code. + + rack + May 17, 2014 + May 17, 2014: 1 + 451620 + 456176 + remote + + + 1.4.5 + 1.3.10 + 1.2.8 + 1.1.6 + 1.4.5 + + + +

Rack is a modular Ruby web server interface.

+ + +

Multiple vulnerabilities have been discovered in Rack. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Rack 1.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.4.5" + + +

All Rack 1.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.3.10" + + +

All Rack 1.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.2.8" + + +

All Rack 1.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.1.6" + + + + CVE-2012-6109 + CVE-2013-0183 + CVE-2013-0184 + CVE-2013-0262 + CVE-2013-0263 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-11.xml new file mode 100644 index 0000000000..89bbb9d39d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-11.xml @@ -0,0 +1,46 @@ + + + + Bacula: Information disclosure + A vulnerability in Bacula may allow remote attackers to obtain + sensitive information. + + bacula + May 17, 2014 + May 17, 2014: 1 + 434878 + remote + + + 5.2.12 + 5.2.12 + + + +

Bacula is a network based backup suite.

+ + +

Bacula does not properly enforce console access control lists.

+ + +

A remote authenticated attacker may be able to bypass restrictions to + obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Bacula users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-backup/bacula-5.2.12" + + + + CVE-2012-4430 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-12.xml new file mode 100644 index 0000000000..8119fbd959 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-12.xml @@ -0,0 +1,65 @@ + + + + Ettercap: Multiple vulnerabilities + Multiple vulnerabilities have been found in Ettercap, the worst of + which may allow execution of arbitrary code. + + ettercap + May 17, 2014 + May 17, 2014: 1 + 340897 + 451198 + remote + + + 0.7.5.2 + 0.7.5.2 + + + +

Ettercap is a suite of tools for content filtering, sniffing and man in + the middle attacks on a LAN. +

+ + +

Multiple vulnerabilities have been discovered in Ettercap:

+ +
    +
  • Ettercap does not handle temporary files securely (CVE-2010-3843).
    • +
  • A format string flaw in Ettercap could cause a buffer overflow + (CVE-2010-3844). +
    • +
  • A stack-based buffer overflow exists in Ettercap (CVE-2013-0722).
    • +
+ + +

A remote attacker could entice a user to load a specially crafted + configuration file using Ettercap, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +

+ +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Ettercap users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.7.5.2" + + + + CVE-2010-3843 + CVE-2010-3844 + CVE-2013-0722 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-13.xml new file mode 100644 index 0000000000..2d81f65c8e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-13.xml @@ -0,0 +1,66 @@ + + + + Pango: Multiple vulnerabilities + Multiple vulnerabilities have been found in Pango, the worst of + which allow execution of arbitrary code or Denial of Service. + + pango + May 17, 2014 + May 17, 2014: 1 + 268976 + 352087 + 357067 + local, remote + + + 1.28.3-r1 + 1.28.3-r1 + + + +

Pango is an internationalized text layout and rendering library

+ + +

Multiple vulnerabilities have been discovered in Pango. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could entice a user to load specially + crafted text using an application linked against Pango, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Pango users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/pango-1.28.3-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since March 18, 2011. It is likely that your system is already + no longer affected by this issue. +

+ + + CVE-2009-1194 + CVE-2009-2468 + CVE-2011-0020 + CVE-2011-0064 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-14.xml new file mode 100644 index 0000000000..0a7df1d468 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-14.xml @@ -0,0 +1,46 @@ + + + + Ruby OpenID: Denial of Service + A vulnerability in Ruby OpenID may lead to Denial of Service. + ruby-openid + May 17, 2014 + May 17, 2014: 1 + 460156 + remote + + + 2.2.2 + 2.2.2 + + + +

Ruby OpenID is a robust library for verifying and serving OpenID + identities. +

+ + +

An XML entity parsing error has been discovered in Ruby OpenID.

+ + +

A remote attacker could send a specially crafted XML file, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Ruby OpenID users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/ruby-openid-2.2.2" + + + + CVE-2013-1812 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-15.xml new file mode 100644 index 0000000000..4662511a9b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-15.xml @@ -0,0 +1,57 @@ + + + + util-linux: Multiple vulnerabilities + Multiple vulnerabilities have been found in util-linux, the worst + of which may lead to Denial of Service. + + util-linux + May 18, 2014 + May 18, 2014: 1 + 359759 + 450740 + local + + + 2.22.2 + 2.22.2 + + + +

util-linux is a suite of Linux programs including mount and umount, + programs used to mount and unmount filesystems. +

+ + +

Multiple vulnerabilities have been discovered in util-linux. Please + review the CVE identifiers referenced below for details. +

+ + +

A local attacker may be able to cause a Denial of Service condition, + trigger corruption of /etc/mtab, obtain sensitive information, or have + other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All util-linux users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.22.2" + + + + CVE-2011-1675 + CVE-2011-1676 + CVE-2011-1677 + CVE-2013-0157 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-16.xml new file mode 100644 index 0000000000..fecc2bf37d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-16.xml @@ -0,0 +1,48 @@ + + + + Mono: Denial of Service + A hash collision vulnerability in Mono allows remote attackers to + cause a Denial of Service condition. + + mono + May 18, 2014 + May 18, 2014: 1 + 433768 + remote + + + 2.10.9-r2 + 2.10.9-r2 + + + +

Mono is an open source implementation of Microsoft’s .NET Framework.

+ + +

Mono does not properly randomize hash functions for form posts to + protect against hash collision attacks. +

+ + +

A remote attacker could send specially crafted parameters, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mono users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/mono-2.10.9-r2" + + + + CVE-2012-3543 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-17.xml new file mode 100644 index 0000000000..07d1ee4d18 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-17.xml @@ -0,0 +1,55 @@ + + + + Munin: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in Munin which may + lead to symlink attacks, file creation, or bypass of security restrictions. + + munin + May 18, 2014 + May 18, 2014: 1 + 412881 + 445250 + local, remote + + + 2.0.8-r2 + 2.0.8-r2 + + + +

Munin is an open source server monitoring tool.

+ + +

Multiple vulnerabilities have been discovered in Munin. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ +

A remote attacker could create files or load new Munin configuration + files. +

+ + +

There is no known workaround at this time.

+ + +

All Munin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/munin-2.0.8-r2" + + + + CVE-2012-2103 + CVE-2012-3512 + CVE-2012-3513 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-18.xml new file mode 100644 index 0000000000..c6848436e5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-18.xml @@ -0,0 +1,48 @@ + + + + OpenConnect: User-assisted execution of arbitrary code + A buffer overflow in OpenConnect could result in execution of + arbitrary code or Denial of Service. + + openconnect + May 18, 2014 + May 18, 2014: 1 + 457068 + remote + + + 4.08 + 4.08 + + + +

OpenConnect is a free client for Cisco AnyConnect SSL VPN software.

+ + +

A stack-based buffer overflow error has been discovered in OpenConnect.

+ + +

A remote attacker could entice a user to connect to a malicious VPN + server, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OpenConnect users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openconnect-4.08" + + + + + CVE-2012-6128 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-19.xml new file mode 100644 index 0000000000..6525d4724b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-19.xml @@ -0,0 +1,60 @@ + + + + MCrypt: User-assisted execution of arbitrary code + Multiple vulnerabilities have been found in MCrypt, allowing + attackers to execute arbitrary code or cause Denial of Service. + + mcrypt + May 18, 2014 + May 18, 2014: 1 + 434112 + 440778 + remote + + + 2.6.8-r2 + 2.6.8-r2 + + + +

MCrypt is a replacement of the old unix crypt(1) utility.

+ + +

Multiple vulnerabilities have been discovered in MCrypt:

+ +
    +
  • A boundary error in MCrypt could cause a stack-based buffer overflow + (CVE-2012-4409). +
    • +
  • MCrypt contains multiple format string errors (CVE-2012-4426).
    • +
  • MCrypt does not properly handle long file names, which could cause a + stack-based buffer overflow (CVE-2012-4527). +
    • +
+ + +

A remote attacker could entice a user to open a specially crafted file + using MCrypt, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MCrypt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mcrypt-2.6.8-r2" + + + + CVE-2012-4409 + CVE-2012-4426 + CVE-2012-4527 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-20.xml new file mode 100644 index 0000000000..9e12fa9010 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-20.xml @@ -0,0 +1,53 @@ + + + + JBIG-KIT: Denial of Service + A stack-based buffer overflow in JBIG-KIT might allow remote + attackers to cause a Denial of Service. + + jbigkit + May 18, 2014 + May 18, 2014: 1 + 507254 + remote + + + 2.1 + 2.1 + + + +

JBIG-KIT is a software implementation of the JBIG1 data compression + standard. +

+ + +

JBIG-KIT contains a stack-based buffer overflow in the jbg_dec_in + function in libjbig/jbig.c. +

+ + +

A remote attacker could possibly cause a Denial of Service condition via + a specially crafted image file. +

+ + +

There is no known workaround at this time.

+ + +

All JBIG-KIT users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/jbigkit-2.1" + + + + + CVE-2013-6369 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-21.xml new file mode 100644 index 0000000000..e3de4fe48e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-21.xml @@ -0,0 +1,63 @@ + + + + Charybdis, ShadowIRCd: Denial of Service + A vulnerability has been found in Charybdis and ShadowIRCd, + possibly resulting in remote Denial of Service. + + shadowircd + May 18, 2014 + May 18, 2014: 1 + 449544 + 449790 + remote + + + 3.4.2 + 3.4.2 + + + 6.3.3 + 6.3.3 + + + +

Charybdis is the Atheme Project’s IRC daemon based on ratbox. + ShadowIRCd is an IRC daemon based on Charybdis that adds several useful + features. +

+ + +

A vulnerability has been discovered in Charybdis and ShadowIRCd. Please + review the CVE identifier referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Charybdis users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/charybdis-3.4.2" + + +

All ShadowIRCd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/shadowircd-6.3.3" + + + + CVE-2012-6084 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-22.xml new file mode 100644 index 0000000000..a6d72374b2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-22.xml @@ -0,0 +1,81 @@ + + + + Pidgin: Multiple vulnerabilities + Multiple vulnerabilities in Pidgin may allow execution of arbitrary + code. + + pidgin + May 18, 2014 + May 18, 2014: 1 + 457580 + 499596 + remote + + + 2.10.9 + 2.10.9-r1 + 2.10.9 + + + +

Pidgin is a GTK Instant Messenger client for a variety of instant + messaging protocols. +

+ + +

Multiple vulnerabilities have been discovered in Pidgin. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the Pidgin process, cause a Denial of Service condition, + overwrite files, or spoof traffic. +

+ + +

There is no known workaround at this time.

+ + +

All Pidgin users on HPPA or users of GNOME 3.8 and later on AMD64 or X86 + should upgrade to the latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.9-r1" + + +

All Pidgin users on ALPHA, PPC, PPC64, SPARC, and users of GNOME before + 3.8 on AMD64 and X86 should upgrade to the latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.9" + + + + + CVE-2012-6152 + CVE-2013-0271 + CVE-2013-0272 + CVE-2013-0273 + CVE-2013-0274 + CVE-2013-6477 + CVE-2013-6478 + CVE-2013-6479 + CVE-2013-6481 + CVE-2013-6482 + CVE-2013-6483 + CVE-2013-6484 + CVE-2013-6485 + CVE-2013-6487 + CVE-2013-6489 + CVE-2013-6490 + CVE-2014-0020 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-23.xml new file mode 100644 index 0000000000..530320fb64 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-23.xml @@ -0,0 +1,61 @@ + + + + lib3ds: User-assisted execution of arbitrary code + A vulnerability in lib3ds might allow a remote attacker to execute + arbitrary code. + + lib3ds + May 18, 2014 + December 10, 2014: 2 + 308033 + 519936 + remote + + + 2.0.0_rc1 + 1.3.0-r1 + 2.0.0_rc1 + + + +

lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files.

+ + +

An array index error has been discovered in lib3ds.

+ + +

A remote attacker could entice a user to open a specially crafted 3DS + file using an application linked against lib3ds, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All lib3ds 2.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/lib3ds-2.0.0_rc1" + + +

All lib3ds 1.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/lib3ds-1.3.0-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2010-0280 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-24.xml new file mode 100644 index 0000000000..86e88be413 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-24.xml @@ -0,0 +1,77 @@ + + + + Apache Portable Runtime, APR Utility Library: Denial of Service + Memory consumption errors in Apache Portable Runtime and APR + Utility Library could result in Denial of Service. + + apr apr-util + May 18, 2014 + May 18, 2014: 1 + 339527 + 366903 + 368651 + 399089 + remote + + + 1.4.8-r1 + 1.4.8-r1 + + + 1.3.10 + 1.3.10 + + + +

The Apache Portable Runtime (aka APR) provides a set of APIs for + creating platform-independent applications. The Apache Portable Runtime + Utility Library (aka APR-Util) provides an interface to functionality + such as XML parsing, string matching and database connections. +

+ + +

Multiple vulnerabilities have been discovered in Apache Portable Runtime + and APR Utility Library. Please review the CVE identifiers referenced + below for details. +

+ + +

A remote attacker could cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Apache Portable Runtime users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1" + + +

All users of the APR Utility Library should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10" + + +

Packages which depend on these libraries may need to be recompiled. + Tools such as revdep-rebuild may assist in identifying some of these + packages. +

+ + + CVE-2010-1623 + CVE-2011-0419 + CVE-2011-1928 + CVE-2012-0840 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-25.xml new file mode 100644 index 0000000000..5896ff81ba --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-25.xml @@ -0,0 +1,48 @@ + + + + Symfony: Information disclosure + A vulnerability in Symfony may allow remote attackers to read + arbitrary files. + + symfony + May 18, 2014 + May 18, 2014: 1 + 444696 + remote + + + 1.4.20 + + + +

Symfony is a professional, open-source PHP5 web development framework.

+ + +

Symfony does not properly sanitize input for upload requests.

+ + +

A remote attacker could send a specially crafted file upload request, + possibly resulting in disclosure of sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for Symfony. We recommend that users + unmerge Symfony: +

+ + + # emerge --unmerge "dev-php/symfony" + + + + CVE-2012-5574 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-26.xml new file mode 100644 index 0000000000..daefd49e59 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-26.xml @@ -0,0 +1,49 @@ + + + + X2Go Server: Privilege Escalation + A local privilege escalation vulnerability has been discovered in + X2Go Server. + + x2go + May 19, 2014 + May 19, 2014: 1 + 497260 + local + + + 4.0.1.12 + 4.0.1.12 + + + +

X2Go is an open source terminal server project.

+ + +

X2Go Server is prone to a local privilege-escalation vulnerability.

+ + +

A local attacker could gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All X2Go Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/x2goserver-4.0.1.12" + + + + + CVE-2013-7383 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-27.xml new file mode 100644 index 0000000000..3da7cd0879 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-27.xml @@ -0,0 +1,58 @@ + + + + LibYAML: Arbitrary code execution + A vulnerability in LibYAML could allow an attacker to execute + arbitrary code or cause a Denial of Service condition. + + libyaml + May 23, 2014 + May 23, 2014: 1 + 505948 + local, remote + + + 0.1.6 + 0.1.6 + + + +

LibYAML is a YAML 1.1 parser and emitter written in C.

+ + +

The yaml_parser_scan_uri_escapes() function does not properly expand + strings passed as input, which can result in a heap-based buffer + overflow. +

+ + +

An attacker could provide a specially-crafted YAML document, which, when + parsed by LibYAML, could result in arbitrary code execution or cause the + application to crash. +

+ + +

There is no known workaround at this time.

+ + +

All LibYAML users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libyaml-0.1.6" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2014-2525 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-28.xml new file mode 100644 index 0000000000..1469f3decd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201405-28.xml @@ -0,0 +1,57 @@ + + + + xmonad-contrib: Arbitrary code execution + A remote command injection vulnerability has been discovered in + xmonad-contrib. + + xmonad-contrib + May 28, 2014 + May 28, 2014: 1 + 478288 + remote + + + 0.11.2 + 0.11.2 + + + +

xmonad-contrib is a set of third party tiling algorithms, + configurations, and scripts for xmonad. +

+ + +

A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a + malicious website with a specially crafted title to inject commands into + the title bar which would be executed when the bar is clicked. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All xmonad-contrib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-wm/xmonad-contrib-0.11.2" + + + + + CVE-2013-1436 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-01.xml new file mode 100644 index 0000000000..12036147e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-01.xml @@ -0,0 +1,67 @@ + + + + D-Bus, GLib: Privilege escalation + A vulnerability has been found in D-Bus which allows local + attackers to gain escalated privileges. + + dbus + June 01, 2014 + June 01, 2014: 1 + 436028 + local + + + 1.6.8 + 1.6.8 + + + 2.32.4-r1 + 2.32.4-r1 + + + +

D-Bus is a daemon providing a framework for applications to communicate + with one another. GLib is a library providing a number of GNOME’s core + objects and functions. +

+ + +

When libdbus is used in a setuid program, a user can gain escalated + privileges by leveraging the DBUS_SYSTEM_BUS_ADDRESS variable. GLib can + be used in a setuid context with D-Bus, and so can trigger this + vulnerability. Please review the CVE identifier below for more details. +

+ + +

A local attacker could gain escalated privileges and execute arbitrary + code. +

+ + +

There is no known workaround at this time.

+ + +

All D-Bus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.6.8" + + +

All GLib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.32.4-r1" + + + + + CVE-2012-3524 + + ackle + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-02.xml new file mode 100644 index 0000000000..6bc6ba8fa0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-02.xml @@ -0,0 +1,64 @@ + + + + libarchive: Multiple vulnerabilities + Multiple vulnerabilities have been found in libarchive, some of + which may allow execution of arbitrary code. + + libarchive + June 01, 2014 + June 01, 2014: 1 + 366687 + 463632 + remote + + + 3.1.2-r1 + 3.1.2-r1 + + + +

libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +

+ + +

Multiple vulnerabilities have been discovered in libarchive. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user or automated process to open a + specially crafted archive using an application linked against libarchive, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libarchive users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.1.2-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2010-4666 + CVE-2011-1777 + CVE-2011-1778 + CVE-2011-1779 + CVE-2013-0211 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-03.xml new file mode 100644 index 0000000000..416dffa4b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-03.xml @@ -0,0 +1,61 @@ + + + + Fail2ban: Multiple vulnerabilities + Multiple vulnerabilities have been found in Fail2ban, the worst of + which allows remote attackers to cause a Denial of Service condition. + + fail2ban + June 01, 2014 + June 01, 2014: 1 + 364883 + 473118 + 499802 + remote + + + 0.8.12 + 0.8.12 + + + +

Fail2ban is a tool for parsing log files and banning IP addresses which + show suspicious behavior. +

+ + +

Multiple vulnerabilities have been discovered in Fail2ban. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a crafted URL to a web site which, when + parsed by Fail2ban, would deny a specific IP address. Also, errors in + regular expressions within certain filters can cause arbitrary IP + addresses to be banned. Furthermore, a local attacker could perform + symlink attacks to overwrite arbitrary files with the privileges of the + user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Fail2ban users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.8.12 + + + + + CVE-2009-5023 + CVE-2013-2178 + CVE-2013-7176 + + craig + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-04.xml new file mode 100644 index 0000000000..b7f6569a55 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-04.xml @@ -0,0 +1,55 @@ + + + + SystemTap: Denial of Service + A vulnerability in SystemTap could allow a local attacker to create + a Denial of Service condition. + + systemtap + June 05, 2014 + June 05, 2014: 1 + 405345 + local + + + 2.0 + 2.0 + + + +

SystemTap is a kernel profiling and instrumentation tool.

+ + +

SystemTap does not properly handle DWARF expressions when unwinding the + stack. +

+ + +

A local attacker with SystemTap permissions could trigger a kernel + panic, causing a Denial of Service condition. +

+ + +

Disabling unprivileged mode is a temporary workaround for this + vulnerability. +

+ + +

All SystemTap users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/systemtap-2.0" + + + + + CVE-2012-0875 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-05.xml new file mode 100644 index 0000000000..98bacd7c5e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-05.xml @@ -0,0 +1,54 @@ + + + + Mutt: Arbitrary code execution + A vulnerability in Mutt could allow remote attackers to execute + arbitrary code or cause a Denial of Service condition. + + mutt + June 05, 2014 + June 05, 2014: 1 + 504462 + remote + + + 1.5.22-r3 + 1.5.22-r3 + + + +

Mutt is a small but powerful text-based mail client.

+ + +

A heap-based buffer overflow has been discovered in the mutt_copy_hdr + function. +

+ + +

A remote attacker could send a specially crafted message, possibly + resulting in execution of arbitrary code with the privileges of the user + running Mutt or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mutt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mutt-1.5.22-r3" + + + + + CVE-2014-0467 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-06.xml new file mode 100644 index 0000000000..57c3706896 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-06.xml @@ -0,0 +1,71 @@ + + + + Mumble: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mumble, the worst of + which could lead to arbitrary code execution. + + mumble + June 06, 2014 + June 06, 2014: 1 + 500486 + 510380 + remote + + + 1.2.6 + 1.2.6 + + + +

Mumble is low-latency voice chat software intended for use with gaming.

+ + +

Multiple vulnerabilities have been discovered in Mumble:

+ +
    +
  • A crafted length prefix value can trigger a heap-based buffer + overflow or NULL pointer dereference in the + opus_packet_get_samples_per_frame function (CVE-2014-0044) +
    • +
  • A crafted packet can trigger an error in the opus_decode_float + function, leading to a heap-based buffer overflow (CVE-2014-0045) +
    • +
  • A crafted SVG referencing local files can lead to resource exhaustion + or hangs (CVE-2014-3755) +
    • +
  • Mumble does not properly escape HTML in some external strings before + displaying them (CVE-2014-3756) +
    • +
+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mumble users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mumble-1.2.6" + + + + + CVE-2014-0044 + CVE-2014-0045 + CVE-2014-3755 + CVE-2014-3756 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-07.xml new file mode 100644 index 0000000000..0e5e5a1602 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-07.xml @@ -0,0 +1,59 @@ + + + + Echoping: Buffer Overflow Vulnerabilities + A buffer overflow in Echoping might allow remote attackers to cause + a Denial of Service condition. + + echoping + June 06, 2014 + June 06, 2014: 1 + 349569 + remote + + + 6.0.2_p434 + 6.0.2_p434 + + + +

Echoping is a small program to test performances of a + remote host by sending it TCP packets. +

+ + +

A boundary error exists within the “TLS_readline()” function, which + can be exploited to overflow a global buffer by sending an overly long + encrypted HTTP reply to Echoping. Also, a similar boundary error exists + within the “SSL_readline()” function, which can be exploited in the + same manner. +

+ + +

A remote attacker could send a specially crafted HTTP reply, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Echoping users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-analyzer/echoping-6.0.2_p434" + + + + + CVE-2010-5111 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-08.xml new file mode 100644 index 0000000000..5d31f555f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-08.xml @@ -0,0 +1,60 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + June 10, 2014 + June 10, 2014: 1 + 510278 + remote + + + 11.2.202.359 + 11.2.202.359 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute + arbitrary code with the privileges of the process, or cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.359" + + + + + CVE-2014-0510 + CVE-2014-0516 + CVE-2014-0517 + CVE-2014-0518 + CVE-2014-0519 + CVE-2014-0520 + + Zlogene + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-09.xml new file mode 100644 index 0000000000..4bf458c8ea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-09.xml @@ -0,0 +1,59 @@ + + + + GnuTLS: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in GnuTLS, the worst + of which could lead to arbitrary code execution. + + gnutls + June 13, 2014 + June 13, 2014: 1 + 501282 + 503394 + 511840 + remote + + + 2.12.23-r6 + 2.12.23-r6 + + + +

GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 + protocols. +

+ + +

Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could utilize multiple vectors to spoof arbitrary SSL + servers via a crafted certificate, execute arbitrary code or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GnuTLS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.12.23-r6" + + + + + CVE-2014-0092 + CVE-2014-1959 + CVE-2014-3465 + CVE-2014-3466 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-10.xml new file mode 100644 index 0000000000..efae45e52d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-10.xml @@ -0,0 +1,60 @@ + + + + lighttpd: Multiple vulnerabilities + Multiple vulnerabilities have been found in lighttpd, allowing + remote attackers cause a Denial of Service condition or execute arbitrary + SQL statements. + + lighttpd + June 13, 2014 + June 13, 2014: 1 + 392581 + 444179 + 490432 + 491154 + 504330 + remote + + + 1.4.35 + 1.4.35 + + + +

lighttpd is a lightweight high-performance web server.

+ + +

Multiple vulnerabilities have been discovered in lighttpd. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could create a Denial of Service condition. + Futhermore, a remote attacker may be able to execute arbitrary SQL + statements. +

+ + +

There is no known workaround at this time.

+ + +

All lighttpd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.35" + + + + + CVE-2011-4362 + CVE-2012-5533 + CVE-2013-4508 + CVE-2013-4559 + CVE-2013-4560 + CVE-2014-2323 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-11.xml new file mode 100644 index 0000000000..d661bae522 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-11.xml @@ -0,0 +1,54 @@ + + + + libXfont: Multiple vulnerabilities + Multiple vulnerabilities have been found in libXfont, the worst of + which allow for local privilege escalation. + + libXfont + June 14, 2014 + June 14, 2014: 1 + 510250 + local, remote + + + 1.4.8 + 1.4.8 + + + +

libXfont is an X11 font rasterisation library.

+ + +

Multiple vulnerabilities have been discovered in libXfont. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could use a specially crafted file to gain + privileges, cause a Denial of Service condition or possibly execute + arbitrary code with the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All libXfont users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.8" + + + + + CVE-2014-0209 + CVE-2014-0210 + CVE-2014-0211 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-12.xml new file mode 100644 index 0000000000..0ab96251c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-12.xml @@ -0,0 +1,54 @@ + + + + FreeRADIUS: Arbitrary code execution + A vulnerability in FreeRADIUS can lead to arbitrary code execution + or Denial of Service by authenticated users. + + freeradius + June 15, 2014 + June 15, 2014: 1 + 501754 + remote + + + 2.2.5 + 2.2.5 + + + +

FreeRADIUS is an open source RADIUS authentication server.

+ + +

Large passwords can trigger a stack-based buffer overflow in + FreeRADIUS’s rlm_pap module when authenticating against an LDAP server. +

+ + +

An authenticated user could set a specially crafted long password, + possibly leading to arbitrary code execution or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All FreeRADIUS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-2.2.5" + + + + + CVE-2014-2015 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-13.xml new file mode 100644 index 0000000000..016c44c48d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-13.xml @@ -0,0 +1,68 @@ + + + + memcached: Multiple vulnerabilities + Multiple vulnerabilities have been found in memcached, allowing + remote attackers to execute arbitrary code or cause Denial of Service. + + memcached + June 15, 2014 + June 15, 2014: 1 + 279386 + 452098 + 467962 + 496506 + 498078 + remote + + + 1.4.17 + 1.4.17 + + + +

memcached is a high-performance, distributed memory object caching + system +

+ + +

memcached authentication could be bypassed when using SASL due to a flaw + related to SASL authentication state. Also several heap-based buffer + overflows due to integer conversions when parsing certain length + attributes were discovered. +

+ + +

A remote attacker could possibly execute + arbitrary code with the privileges of the process, cause a Denial of + Service condition or authenticate with invalid SASL credentials, + bypassing memcached authentication completely. +

+ + +

There is no known workaround at this time.

+ + +

All memcached users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/memcached-1.4.17" + + + + + CVE-2009-2415 + CVE-2013-7239 + CVE-2011-4971 + CVE-2013-0179 + CVE-2013-7290 + CVE-2013-7291 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-14.xml new file mode 100644 index 0000000000..b1f03d6b4f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-14.xml @@ -0,0 +1,72 @@ + + + + Opera: Multiple vulnerabilities + Multiple vulnerabilities have been found in Opera, the worst of + which may allow remote execution of arbitrary code. + + opera + June 15, 2014 + June 15, 2014: 1 + 442044 + 444040 + 446096 + 454654 + local, remote + + + 12.13_p1734 + 12.13_p1734 + + + +

Opera is a fast web browser that is available free of charge.

+ + +

Multiple vulnerabilities have been discovered in Opera. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + page using Opera, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. + Furthermore, a remote attacker may be able to obtain sensitive + information, conduct Cross-Site Scripting (XSS) attacks, or bypass + security restrictions. +

+ +

A local attacker may be able to obtain sensitive information.

+ + +

There is no known workaround at this time.

+ + +

All Opera users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-12.13_p1734" + + + + CVE-2012-6461 + CVE-2012-6462 + CVE-2012-6463 + CVE-2012-6464 + CVE-2012-6465 + CVE-2012-6466 + CVE-2012-6467 + CVE-2012-6468 + CVE-2012-6469 + CVE-2012-6470 + CVE-2012-6471 + CVE-2012-6472 + CVE-2013-1618 + CVE-2013-1637 + CVE-2013-1638 + CVE-2013-1639 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-15.xml new file mode 100644 index 0000000000..55a0300e83 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-15.xml @@ -0,0 +1,53 @@ + + + + KDirStat: Arbitrary command execution + A vulnerability in KDirStat could allow local attackers to execute + arbitrary shell commands. + + kdirstat + June 15, 2014 + June 15, 2014: 1 + 504994 + local + + + 2.7.5 + 2.7.5 + + + +

KDirStat is a graphical disk usage utility for KDE.

+ + +

Missing escape of executable shell command in KDirStat can be used to + insert malicious shell commands. +

+ + +

A local attacker could possibly execute arbitrary shell command with the + privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All KDirStat users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-misc/kdirstat-2.7.5" + + + + + CVE-2014-2527 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-16.xml new file mode 100644 index 0000000000..648f141df7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-16.xml @@ -0,0 +1,59 @@ + + + + cups-filters: Multiple vulnerabilities + Multiple vulnerabilities have been found in cups-filters, worst of + which allows remote attackers to execute arbitrary code. + + cups-filters + June 16, 2014 + June 16, 2014: 1 + 504474 + 506518 + 508844 + local, remote + + + 1.0.53 + 1.0.53 + + + +

cups-filters is an OpenPrinting CUPS Filters.

+ + +

Multiple vulnerabilities have been discovered in cups-filters. Please + review the CVE identifiers referenced below for more details about the + vulnerabilities. +

+ + +

A remote attacker(s) could possibly execute arbitrary code utilizing + multiple attack vectors, or a local attacker could gain escalated + privileges via a specially crafted shared library. +

+ + +

There is no known workaround at this time.

+ + +

All cups-filters users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.0.53" + + + + + CVE-2013-6473 + CVE-2013-6474 + CVE-2013-6475 + CVE-2013-6476 + CVE-2014-2707 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-17.xml new file mode 100644 index 0000000000..1bf526d7b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-17.xml @@ -0,0 +1,59 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + June 17, 2014 + June 17, 2014: 1 + 512888 + remote + + + 11.2.202.378 + 11.2.202.378 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, conduct + Cross-Site Scripting (XSS) attacks, or bypass + security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.378 " + + + + + CVE-2014-0531 + CVE-2014-0532 + CVE-2014-0533 + CVE-2014-0534 + CVE-2014-0535 + CVE-2014-0536 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-18.xml new file mode 100644 index 0000000000..9c1fb14c1b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-18.xml @@ -0,0 +1,54 @@ + + + + rxvt-unicode: User-assisted execution of arbitrary code + A vulnerability in rxvt-unicode may allow a remote attacker to + execute arbitrary code. + + rxvt-unicode + June 19, 2014 + June 19, 2014: 1 + 509174 + remote + + + 9.20 + 9.20 + + + +

rxvt-unicode (urxvt) is a clone of the rxvt terminal emulator.

+ + +

rxvt-unicode does not properly handle OSC escape sequences, including + those used to read and write X window properties. +

+ + +

A remote attacker could entice a user to run a specially crafted file + using rxvt-unicode, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All rxvt-unicode users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.20" + + + + + CVE-2014-3121 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-19.xml new file mode 100644 index 0000000000..515a32e2bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-19.xml @@ -0,0 +1,66 @@ + + + + Mozilla Network Security Service: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in Mozilla Network + Security Service, the worst of which could lead to Denial of Service. + + nss + June 21, 2014 + June 21, 2014: 1 + 455558 + 486114 + 491234 + remote + + + 3.15.3 + 3.15.3 + + + +

The Mozilla Network Security Service is a library implementing security + features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, + S/MIME and X.509 certificates. +

+ + +

Multiple vulnerabilities have been discovered in the Mozilla Network + Security Service. Please review the CVE identifiers referenced below for + more details about the vulnerabilities. +

+ + +

A remote attacker can cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Network Security Service users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.15.3" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + CVE-2013-1620 + CVE-2013-1739 + CVE-2013-1741 + CVE-2013-2566 + CVE-2013-5605 + CVE-2013-5606 + CVE-2013-5607 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-20.xml new file mode 100644 index 0000000000..8948d29941 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-20.xml @@ -0,0 +1,55 @@ + + + + nginx: Arbitrary code execution + A vulnerability has been found in nginx which may allow execution + of arbitrary code. + + nginx + June 22, 2014 + June 22, 2014: 1 + 505018 + remote + + + 1.4.7 + 1.4.7 + + + +

nginx is a robust, small, and high performance HTTP and reverse proxy + server. +

+ + +

A bug in the SPDY implementation in nginx was found which might cause a + heap memory buffer overflow in a worker process by using a specially + crafted request. The SPDY implementation is not enabled in default + configurations. +

+ + +

A remote attacker could cause execution of arbitrary code by using a + specially crafted request. +

+ + +

Disable the spdy module in NGINX_MODULES_HTTP.

+ + +

All nginx users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7" + + + + + CVE-2014-0133 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-21.xml new file mode 100644 index 0000000000..462ebe44c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-21.xml @@ -0,0 +1,56 @@ + + + + cURL: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in cURL, the worst of + which could lead to man-in-the-middle attacks. + + curl + June 22, 2014 + June 22, 2014: 1 + 505864 + local, remote + + + 7.36.0 + 7.36.0 + + + +

cURL is a command line tool for transferring files with URL syntax, + supporting numerous protocols. +

+ + +

Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a man-in-the-middle attack via a crafted + certificate issued by a legitimate certification authority. Furthermore, + a context-dependent attacker may be able to bypass security restrictions + by connecting as other users. +

+ + +

There is no known workaround at this time.

+ + +

All cURL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.36.0" + + + + + CVE-2014-0138 + CVE-2014-0139 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-22.xml new file mode 100644 index 0000000000..6ae24ef65f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-22.xml @@ -0,0 +1,58 @@ + + + + Network Audio System: Multiple vulnerabilities + Multiple vulnerabilities have been found in Network Audio System, + the worst of which allows remote attackers to execute arbitrary code. + + nas + June 25, 2014 + June 25, 2014: 1 + 484480 + local, remote + + + 1.9.4 + 1.9.4 + + + +

Network Audio System is a network transparent, client/server audio + transport system. +

+ + +

Multiple vulnerabilities have been discovered in Network Audio System. + Please review the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Network Audio System users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/nas-1.9.4" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2013-4256 + CVE-2013-4258 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-23.xml new file mode 100644 index 0000000000..5d668f1297 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-23.xml @@ -0,0 +1,53 @@ + + + + DenyHosts: Denial of Service + A vulnerability in DenyHosts could allow a remote attacker to + create a Denial of Service condition. + + denyhost + June 25, 2014 + June 25, 2014: 1 + 495130 + remote + + + 2.6-r9 + 2.6-r9 + + + +

DenyHosts is a script intended to be run by Linux system administrators + to help thwart SSH server attacks. +

+ + +

DenyHosts does not properly define the regular expressions used when + parsing SSH authentication logs. +

+ + +

A remote attacker could possibly cause a Denial of Service condition via + a crafted login name. +

+ + +

There is no known workaround at this time.

+ + +

All DenyHost users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6-r9" + + + + + CVE-2013-6890 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-24.xml new file mode 100644 index 0000000000..87a048b9fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-24.xml @@ -0,0 +1,55 @@ + + + + Dnsmasq: Denial of Service + A vulnerability in Dnsmasq can lead to a Denial of Service + condition. + + dnsmasq + June 25, 2014 + June 25, 2014: 1 + 436894 + 453170 + remote + + + 2.66 + 2.66 + + + +

Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP + server. +

+ + +

When used with certain libvirt configurations Dnsmasq replies to queries + from prohibited interfaces. +

+ + +

A remote attackers can cause a Denial of Service via spoofed TCP based + DNS queries. +

+ + +

There is no known workaround at this time.

+ + +

All Dnsmasq users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.66" + + + + + CVE-2012-3411 + CVE-2013-0198 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-25.xml new file mode 100644 index 0000000000..9ede4e0ef7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-25.xml @@ -0,0 +1,62 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in Asterisk, the + worst of which could allow privileged users to execute arbitrary system + shell commands. + + asterisk + June 25, 2014 + June 25, 2014: 2 + 513102 + remote + + + 11.10.2 + 1.8.28.2 + 11.10.2 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple vulnerabilities have been discovered in Asterisk. Please review + the CVE identifiers below for details. +

+ + +

A remote attacker that gains access to a privileged Asterisk account can + execute arbitrary system shell commands. Furthermore an unprivileged + remote attacker could cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk 11 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.10.2" + + +

All Asterisk 1.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.28.2" + + + + + CVE-2014-4046 + CVE-2014-4047 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-26.xml new file mode 100644 index 0000000000..c975b16ea7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-26.xml @@ -0,0 +1,75 @@ + + + + Django: Multiple vulnerabilities + Multiple vulnerabilities have been found Django, the worst of which + may allow a remote attacker to execute code. + + django + June 26, 2014 + December 03, 2014: 2 + 508514 + 510382 + remote + + + 1.6.5 + 1.5.8 + 1.4.13 + 1.5.10 + 1.4.15 + 1.6.5 + + + +

Django is a Python-based web framework.

+ + +

Multiple vulnerabilities have been discovered in Django. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute code with the privileges of the process, + modify SQL queries, or disclose sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Django 1.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.6.5" + + +

All Django 1.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.5.8" + + +

All Django 1.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.4.13" + + + + + CVE-2014-0472 + CVE-2014-0473 + CVE-2014-0474 + CVE-2014-1418 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-27.xml new file mode 100644 index 0000000000..b066f411c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-27.xml @@ -0,0 +1,105 @@ + + + + polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation + A race condition in polkit could allow a local attacker to gain + escalated privileges. + + polkit spice-gtk systemd hplip libvirt + June 26, 2014 + June 26, 2014: 1 + 484486 + 484488 + 485420 + 485546 + 485904 + local + + + 3.14.1 + 3.14.1 + + + 0.21 + 0.21 + + + 204-r1 + 204-r1 + + + 1.1.2-r3 + 1.1.2-r3 + + + 0.112 + 0.112 + + + +

polkit is a toolkit for managing policies relating to unprivileged + processes communicating with privileged processes. +

+ + +

polkit has a race condition which potentially allows a process to change + its UID/EUID via suid or pkexec before authentication is completed. +

+ + +

A local attacker could start a suid or pkexec process through a + polkit-enabled application, which could result in privilege escalation or + bypass of polkit restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All polkit users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.112" + + +

All HPLIP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/hplip-3.14.1" + + +

All Spice-Gtk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.21" + + +

All systemd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/systemd-204-r1" + + +

All libvirt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.1.2-r3" + + + + CVE-2013-4288 + CVE-2013-4311 + CVE-2013-4324 + CVE-2013-4325 + CVE-2013-4327 + + ackle + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-28.xml new file mode 100644 index 0000000000..b9c461c061 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-28.xml @@ -0,0 +1,81 @@ + + + + Libav: Multiple vulnerabilities + Multiple vulnerabilities have been found in Libav, allowing + attackers to execute arbitrary code or cause Denial of Service. + + libav + June 26, 2014 + June 26, 2014: 1 + 439052 + 452202 + 470734 + remote + + + 0.8.7 + 0.8.7 + + + +

Libav is a complete solution to record, convert and stream audio and + video. +

+ + +

Multiple vulnerabilities have been discovered in Libav. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted media + file in an application linked against Libav, possibly resulting in + execution of arbitrary code with the privileges of the application or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Libav users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/libav-0.8.7" + +

Packages which depend on this library may need to be recompiled. Tools such + as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2012-2772 + CVE-2012-2775 + CVE-2012-2776 + CVE-2012-2777 + CVE-2012-2779 + CVE-2012-2783 + CVE-2012-2784 + CVE-2012-2786 + CVE-2012-2787 + CVE-2012-2788 + CVE-2012-2789 + CVE-2012-2790 + CVE-2012-2791 + CVE-2012-2793 + CVE-2012-2794 + CVE-2012-2796 + CVE-2012-2797 + CVE-2012-2798 + CVE-2012-2800 + CVE-2012-2801 + CVE-2012-2802 + CVE-2012-2803 + CVE-2012-2804 + CVE-2012-5144 + +ackle +ackle + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-29.xml new file mode 100644 index 0000000000..06761c76dc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-29.xml @@ -0,0 +1,49 @@ + + + + spice-gtk: Privilege escalation + A vulnerability in spice-gtk could allow local attackers to gain + escalated privileges. + + spice-gtk + June 26, 2014 + June 26, 2014: 1 + 435694 + remote + + + 0.14 + 0.14 + + + +

spice-gtk is a set of GObject and Gtk objects for connecting to Spice + servers and a client GUI. +

+ + +

spice-gtk does not properly sanitize the DBUS_SYSTEM_BUS_ADDRESS + environment variable. +

+ + +

A local attacker may be able to gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All spice-gtk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.14" + + + + CVE-2012-4425 + + craig + ackle + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-30.xml new file mode 100644 index 0000000000..240c04bf19 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-30.xml @@ -0,0 +1,54 @@ + + + + sudo: Privilege escalation + A vulnerability has been found in sudo allowing a local attacker to + gain elevated privileges. + + sudo + June 27, 2014 + June 27, 2014: 1 + 503586 + local + + + 1.8.5 + 1.6.9 + 1.8.5 + + + +

sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +

+ + +

When the Sudo env_reset option is disabled (it is enabled by default), + certain environment variables are not blacklisted as expected. +

+ + +

A local attacker, authorized to run commands using sudo, can use this + flaw to execute arbitrary code or escalate his privileges. +

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.5" + + + + CVE-2014-0106 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-31.xml new file mode 100644 index 0000000000..ac904ff151 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-31.xml @@ -0,0 +1,57 @@ + + + + Konqueror: Multiple vulnerabilities + Multiple vulnerabilities have been found in Konqueror, the worst of + which may allow execution of arbitrary code. + + konqueror + June 27, 2014 + June 27, 2014: 1 + 438452 + remote + + + 4.9.3-r1 + 4.9.3-r1 + + + +

Konqueror is the KDE web browser and file manager.

+ + +

Multiple vulnerabilities have been discovered in Konqueror. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted web + site using Konqueror, possibly resulting in the execution of arbitrary + code with the privileges of the process or a Denial of Service condition +

+ + +

There is no known workaround at this time.

+ + +

All Konqueror users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/konqueror-4.9.3-r1" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures are + available since November 11, 2012. It is likely that your system is + already no longer affected by this issue. +

+ + + CVE-2012-4512 + CVE-2012-4513 + CVE-2012-4514 + CVE-2012-4515 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-32.xml new file mode 100644 index 0000000000..7f077e2a20 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-32.xml @@ -0,0 +1,305 @@ + + + + IcedTea JDK: Multiple vulnerabilities + Multiple vulnerabilities have been found in the IcedTea JDK, the + worst of which could lead to arbitrary code execution. + + icedtea-bin + June 29, 2014 + April 19, 2016: 2 + 312297 + 330205 + 340819 + 346799 + 352035 + 353418 + 354231 + 355127 + 370787 + 387637 + 404095 + 421031 + 429522 + 433389 + 438750 + 442478 + 457206 + 458410 + 461714 + 466822 + 477210 + 489570 + 508270 + remote + + + 6.1.13.3 + 6 + 6.1.13.3 + + + +

IcedTea is a distribution of the Java OpenJDK source code built with + free build tools. +

+ + +

Multiple vulnerabilities have been discovered in the IcedTea JDK. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, bypass intended security policies, or have other + unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All IcedTea JDK users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3" + + + + + CVE-2009-3555 + CVE-2010-2548 + CVE-2010-2783 + CVE-2010-3541 + CVE-2010-3548 + CVE-2010-3549 + CVE-2010-3551 + CVE-2010-3553 + CVE-2010-3554 + CVE-2010-3557 + CVE-2010-3561 + CVE-2010-3562 + CVE-2010-3564 + CVE-2010-3565 + CVE-2010-3566 + CVE-2010-3567 + CVE-2010-3568 + CVE-2010-3569 + CVE-2010-3573 + CVE-2010-3574 + CVE-2010-3860 + CVE-2010-4351 + CVE-2010-4448 + CVE-2010-4450 + CVE-2010-4465 + CVE-2010-4467 + CVE-2010-4469 + CVE-2010-4470 + CVE-2010-4471 + CVE-2010-4472 + CVE-2010-4476 + CVE-2011-0025 + CVE-2011-0706 + CVE-2011-0815 + CVE-2011-0822 + CVE-2011-0862 + CVE-2011-0864 + CVE-2011-0865 + CVE-2011-0868 + CVE-2011-0869 + CVE-2011-0870 + CVE-2011-0871 + CVE-2011-0872 + CVE-2011-3389 + CVE-2011-3521 + CVE-2011-3544 + CVE-2011-3547 + CVE-2011-3548 + CVE-2011-3551 + CVE-2011-3552 + CVE-2011-3553 + CVE-2011-3554 + CVE-2011-3556 + CVE-2011-3557 + CVE-2011-3558 + CVE-2011-3560 + CVE-2011-3563 + CVE-2011-3571 + CVE-2011-5035 + CVE-2012-0497 + CVE-2012-0501 + CVE-2012-0502 + CVE-2012-0503 + CVE-2012-0505 + CVE-2012-0506 + CVE-2012-0547 + CVE-2012-1711 + CVE-2012-1713 + CVE-2012-1716 + CVE-2012-1717 + CVE-2012-1718 + CVE-2012-1719 + CVE-2012-1723 + CVE-2012-1724 + CVE-2012-1725 + CVE-2012-1726 + CVE-2012-3216 + CVE-2012-3422 + CVE-2012-3423 + CVE-2012-4416 + CVE-2012-4540 + CVE-2012-5068 + CVE-2012-5069 + CVE-2012-5070 + CVE-2012-5071 + CVE-2012-5072 + CVE-2012-5073 + CVE-2012-5074 + CVE-2012-5075 + CVE-2012-5076 + CVE-2012-5077 + CVE-2012-5081 + CVE-2012-5084 + CVE-2012-5085 + CVE-2012-5086 + CVE-2012-5087 + CVE-2012-5089 + CVE-2012-5979 + CVE-2013-0169 + CVE-2013-0401 + CVE-2013-0424 + CVE-2013-0425 + CVE-2013-0426 + CVE-2013-0427 + CVE-2013-0428 + CVE-2013-0429 + CVE-2013-0431 + CVE-2013-0432 + CVE-2013-0433 + CVE-2013-0434 + CVE-2013-0435 + CVE-2013-0440 + CVE-2013-0441 + CVE-2013-0442 + CVE-2013-0443 + CVE-2013-0444 + CVE-2013-0450 + CVE-2013-0809 + CVE-2013-1475 + CVE-2013-1476 + CVE-2013-1478 + CVE-2013-1480 + CVE-2013-1484 + CVE-2013-1485 + CVE-2013-1486 + CVE-2013-1488 + CVE-2013-1493 + CVE-2013-1500 + CVE-2013-1518 + CVE-2013-1537 + CVE-2013-1557 + CVE-2013-1569 + CVE-2013-1571 + CVE-2013-2383 + CVE-2013-2384 + CVE-2013-2407 + CVE-2013-2412 + CVE-2013-2415 + CVE-2013-2417 + CVE-2013-2419 + CVE-2013-2420 + CVE-2013-2421 + CVE-2013-2422 + CVE-2013-2423 + CVE-2013-2424 + CVE-2013-2426 + CVE-2013-2429 + CVE-2013-2430 + CVE-2013-2431 + CVE-2013-2436 + CVE-2013-2443 + CVE-2013-2444 + CVE-2013-2445 + CVE-2013-2446 + CVE-2013-2447 + CVE-2013-2448 + CVE-2013-2449 + CVE-2013-2450 + CVE-2013-2451 + CVE-2013-2452 + CVE-2013-2453 + CVE-2013-2454 + CVE-2013-2455 + CVE-2013-2456 + CVE-2013-2457 + CVE-2013-2458 + CVE-2013-2459 + CVE-2013-2460 + CVE-2013-2461 + CVE-2013-2463 + CVE-2013-2465 + CVE-2013-2469 + CVE-2013-2470 + CVE-2013-2471 + CVE-2013-2472 + CVE-2013-2473 + CVE-2013-3829 + CVE-2013-4002 + CVE-2013-5772 + CVE-2013-5774 + CVE-2013-5778 + CVE-2013-5780 + CVE-2013-5782 + CVE-2013-5783 + CVE-2013-5784 + CVE-2013-5790 + CVE-2013-5797 + CVE-2013-5800 + CVE-2013-5802 + CVE-2013-5803 + CVE-2013-5804 + CVE-2013-5805 + CVE-2013-5806 + CVE-2013-5809 + CVE-2013-5814 + CVE-2013-5817 + CVE-2013-5820 + CVE-2013-5823 + CVE-2013-5825 + CVE-2013-5829 + CVE-2013-5830 + CVE-2013-5840 + CVE-2013-5842 + CVE-2013-5849 + CVE-2013-5850 + CVE-2013-5851 + CVE-2013-6629 + CVE-2013-6954 + CVE-2014-0429 + CVE-2014-0446 + CVE-2014-0451 + CVE-2014-0452 + CVE-2014-0453 + CVE-2014-0456 + CVE-2014-0457 + CVE-2014-0458 + CVE-2014-0459 + CVE-2014-0460 + CVE-2014-0461 + CVE-2014-1876 + CVE-2014-2397 + CVE-2014-2398 + CVE-2014-2403 + CVE-2014-2412 + CVE-2014-2414 + CVE-2014-2421 + CVE-2014-2423 + CVE-2014-2427 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-33.xml new file mode 100644 index 0000000000..922f532b12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-33.xml @@ -0,0 +1,70 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark, the worst of + which allows remote attackers to execute arbitrary code. + + wireshark + June 29, 2014 + June 29, 2014: 1 + 503792 + 507298 + 508506 + 513094 + remote + + + 1.8.15 + 1.10.8 + 1.10.8 + + + +

Wireshark is a network protocol analyzer formerly known as ethereal.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause arbitrary code execution or a Denial of + Service condition via a specially crafted packet. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark 1.8.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.15" + + +

All Wireshark 1.10.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.8" + + + + + CVE-2014-2281 + CVE-2014-2282 + CVE-2014-2283 + CVE-2014-2299 + CVE-2014-2907 + CVE-2014-4020 + CVE-2014-4174 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-34.xml new file mode 100644 index 0000000000..c530ef8bfe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-34.xml @@ -0,0 +1,62 @@ + + + + KDE Libraries: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in KDE Libraries, the + worst of which could lead to man-in-the-middle attacks. + + kdelibs + June 29, 2014 + June 29, 2014: 1 + 358025 + 384227 + 469140 + 513726 + local, remote + + + 4.12.5-r1 + 4.12.5-r1 + + + +

KDE is a feature-rich graphical desktop environment for Linux and + Unix-like operating systems. KDE Libraries contains libraries needed by + all KDE applications. +

+ + +

Multiple vulnerabilities have been discovered in KDE Libraries. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a man-in-the-middle attack via any + certificate issued by a legitimate certification authority. Furthermore, + a local attacker may gain knowledge of user passwords through an + information leak. +

+ + +

There is no known workaround at this time.

+ + +

All KDE users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-4.12.5-r1" + + + + + CVE-2011-1094 + CVE-2011-3365 + CVE-2013-2074 + CVE-2014-3494 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-35.xml new file mode 100644 index 0000000000..a5f61126bd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-35.xml @@ -0,0 +1,54 @@ + + + + Openfire: Multiple vulnerabilities + Multiple vulnerabilities have been found in Openfire, the worst of + which could lead to a Denial of Service condition. + + openfire + June 30, 2014 + June 30, 2014: 1 + 266129 + 507242 + remote + + + 3.9.2-r1 + 3.9.2-r1 + + + +

Openfire is a real time collaboration (RTC) server.

+ + +

Multiple vulnerabilities have been discovered in Openfire. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition or + bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Openfire users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/openfire-3.9.2-r1" + + + + + CVE-2009-1595 + CVE-2009-1596 + CVE-2014-2741 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-36.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-36.xml new file mode 100644 index 0000000000..2d04362ce3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201406-36.xml @@ -0,0 +1,65 @@ + + + + OpenLDAP: Multiple vulnerabilities + Multiple vulnerabilities were found in OpenLDAP, allowing for + Denial of Service or a man-in-the-middle attack. + + OpenLDAP + June 30, 2014 + June 30, 2014: 1 + 290345 + 323777 + 355333 + 388605 + 407941 + 424167 + remote + + + 2.4.35 + 2.4.35 + + + +

OpenLDAP is an LDAP suite of application and development tools.

+ + +

Multiple vulnerabilities have been discovered in OpenLDAP. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker might employ a specially crafted certificate to + conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, + bypass security restrictions or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OpenLDAP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35" + + + + + CVE-2009-3767 + CVE-2010-0211 + CVE-2010-0212 + CVE-2011-1024 + CVE-2011-1025 + CVE-2011-1081 + CVE-2011-4079 + CVE-2012-1164 + CVE-2012-2668 + + + keytoaster + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-01.xml new file mode 100644 index 0000000000..f6601da5d4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-01.xml @@ -0,0 +1,49 @@ + + + + OpenTTD: Denial of Service + A vulnerability in OpenTTD could allow a remote attacker to cause a + Denial of Service condition. + + openttd + July 07, 2014 + July 07, 2014: 1 + 492876 + remote + + + 1.3.3 + 1.3.3 + + + +

OpenTTD is a clone of Transport Tycoon Deluxe.

+ + +

The vulnerability is caused due to missing out-of-bound check within the + “HandleCrashedAircraft()” function. +

+ + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All OpenTTD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-simulation/openttd-1.3.3" + + + + + CVE-2013-6411 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-02.xml new file mode 100644 index 0000000000..bf039ef94b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-02.xml @@ -0,0 +1,54 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + July 09, 2014 + July 09, 2014: 1 + 516750 + remote + + + 11.2.202.394 + 11.2.202.394 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.394" + + + + + CVE-2014-0537 + CVE-2014-0539 + CVE-2014-4671 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-03.xml new file mode 100644 index 0000000000..a28279d4ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-03.xml @@ -0,0 +1,145 @@ + + + + Xen: Multiple Vunlerabilities + Multiple vulnerabilities have been found in Xen, the worst of which + could lead to arbitrary code execution. + + xen + July 16, 2014 + July 16, 2014: 1 + 440768 + 484478 + 486354 + 497082 + 497084 + 497086 + 499054 + 499124 + 500528 + 500530 + 500536 + 501080 + 501906 + 505714 + 509054 + 513824 + remote + + + 4.3.2-r4 + 4.2.4-r4 + 4.3.2-r4 + + + 4.3.2-r5 + 4.2.4-r6 + 4.3.2-r5 + + + 4.3.2 + 4.2.4 + 4.3.2 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker can utilize multiple vectors to execute arbitrary + code, cause Denial of Service, or gain access to data on the host. +

+ + +

There is no known workaround at this time.

+ + +

All Xen 4.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2" + + +

All Xen 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2" + + +

All xen-tools 4.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulations/xen-tools-4.3.2-r2" + + +

All xen-tools 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulations/xen-tools-4.2.4-r2" + + +

All Xen PVGRUB 4.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.3.2" + + +

All Xen PVGRUB 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.2.4" + + + + + CVE-2013-1442 + CVE-2013-4329 + CVE-2013-4355 + CVE-2013-4356 + CVE-2013-4361 + CVE-2013-4368 + CVE-2013-4369 + CVE-2013-4370 + CVE-2013-4371 + CVE-2013-4375 + CVE-2013-4416 + CVE-2013-4494 + CVE-2013-4551 + CVE-2013-4553 + CVE-2013-4554 + CVE-2013-6375 + CVE-2013-6400 + CVE-2013-6885 + CVE-2013-6885 + CVE-2014-1642 + CVE-2014-1666 + CVE-2014-1891 + CVE-2014-1892 + CVE-2014-1893 + CVE-2014-1894 + CVE-2014-1895 + CVE-2014-1896 + CVE-2014-2599 + CVE-2014-3124 + CVE-2014-4021 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-04.xml new file mode 100644 index 0000000000..4c6aae847b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-04.xml @@ -0,0 +1,58 @@ + + + + GnuPG: Denial of Service + A vulnerability in GnuPG can lead to a Denial of Service condition. + GnuPG. + July 16, 2014 + July 16, 2014: 1 + 514718 + local, remote + + + 2.0.24 + 1.4.17 + 1.4.18 + 1.4.19 + 1.4.20 + 1.4.21 + 2.0.24 + + + +

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of + cryptographic software. +

+ + +

GnuPG does not properly handle a specially crated compressed packet + resulting in an infinite loop. +

+ + +

A context-dependent attacker can cause a Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All GnuPG 2.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.24" + + +

All GnuPG 1.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.17" + + + + CVE-2014-4617 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-05.xml new file mode 100644 index 0000000000..7d7f83ff25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201407-05.xml @@ -0,0 +1,87 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSL, possibly + allowing remote attackers to execute arbitrary code. + + openssl + July 27, 2014 + June 06, 2015: 2 + 512506 + remote + + + 1.0.1h-r1 + 1.0.0m + 0.9.8z_p1 + 0.9.8z_p2 + 0.9.8z_p3 + 0.9.8z_p4 + 0.9.8z_p5 + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.1h-r1 + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL. Please review + the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers + referenced below for details. +

+ + +

A remote attacker could send specially crafted DTLS fragments to an + OpenSSL DTLS client or server to possibly execute arbitrary code with the + privileges of the process using OpenSSL. +

+ +

Furthermore, an attacker could force the use of weak keying material in + OpenSSL SSL/TLS clients and servers, inject data across sessions, or + cause a Denial of Service via various vectors. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1" + + + + + CVE-2010-5298 + CVE-2014-0195 + CVE-2014-0198 + CVE-2014-0221 + CVE-2014-0224 + CVE-2014-3470 + OpenSSL + Security Advisory [05 Jun 2014] + + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-01.xml new file mode 100644 index 0000000000..073a414f70 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-01.xml @@ -0,0 +1,57 @@ + + + + Zend Framework: SQL injection + A vulnerability in Zend Framework could allow a remote attacker to + inject SQL commands. + + ZendFramework + August 04, 2014 + August 04, 2014: 1 + 369139 + remote + + + 1.11.6 + 1.11.6 + + + +

Zend Framework is a high quality and open source framework for + developing Web Applications. +

+ + +

Developers using non-ASCII-compatible encodings in conjunction with the + MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. +

+ + +

A remote attacker could use specially crafted input to execute arbitrary + SQL statements. +

+ + +

There is no known workaround at this time.

+ + +

All ZendFramework users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/ZendFramework-1.11.6" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures have + been + available since 2011-06-07. It is likely that your system is already + updated + to no longer be affected by this issue. +

+ + + CVE-2011-1939 + + craig + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-02.xml new file mode 100644 index 0000000000..364a6024cc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-02.xml @@ -0,0 +1,52 @@ + + + + FreeType: Arbitrary code execution + A vulnerability in FreeType could result in execution of arbitrary + code or Denial of Service. + + freetype + August 09, 2014 + August 09, 2014: 1 + 504088 + remote + + + 2.5.3-r1 + 2.5.3-r1 + + + +

FreeType is a high-quality and portable font engine.

+ + +

A stack-based buffer overflow exists in Freetype’s cf2_hintmap_build + function in cff/cf2hints.c. +

+ + +

A remote attacker may be able to execute arbitrary code or cause a + Denial of Service condition via specially crafted font file. +

+ + +

There is no known workaround at this time.

+ + +

All FreeType users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.5.3-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2014-2240 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-03.xml new file mode 100644 index 0000000000..f3033f3aa7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-03.xml @@ -0,0 +1,51 @@ + + + + LibSSH: Information disclosure + A vulnerability in LibSSH can result in leakage of private key + information. + + libssh + August 10, 2014 + August 10, 2014: 1 + 503504 + local + + + 0.6.3 + 0.6.3 + + + +

LibSSH is a C library providing SSHv2 and SSHv1.

+ + +

A new connection inherits the state of the PRNG without re-seeding with + random data. +

+ + +

Servers using ECC (ECDSA) or DSA certificates in non-deterministic mode + may under certain conditions leak their private key. +

+ + +

There is no known workaround at this time.

+ + +

All LibSSH users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.6.3" + + + + + CVE-2014-0017 + + + keytoaster + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-04.xml new file mode 100644 index 0000000000..1e2d7668e6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-04.xml @@ -0,0 +1,54 @@ + + + + Catfish: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Catfish, allowing local + attackers to escalate their privileges. + + catfish + August 13, 2014 + August 13, 2014: 1 + 502536 + local + + + 1.0.2 + 1.0.2 + + + +

Catfish is a versatile file searching tool.

+ + +

Multiple vulnerabilities have been discovered in Catfish. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could gain escalated privileges via a specially crafted + shared library. +

+ + +

There is no known workaround at this time.

+ + +

All Catfish users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/catfish-1.0.2" + + + + + CVE-2014-2093 + CVE-2014-2094 + CVE-2014-2095 + CVE-2014-2096 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-05.xml new file mode 100644 index 0000000000..2738284175 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-05.xml @@ -0,0 +1,59 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + August 14, 2014 + August 14, 2014: 1 + 519790 + remote + + + 11.2.202.400 + 11.2.202.400 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition or bypass + security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.400" + + + + + CVE-2014-0538 + CVE-2014-0540 + CVE-2014-0541 + CVE-2014-0542 + CVE-2014-0543 + CVE-2014-0544 + CVE-2014-0545 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-06.xml new file mode 100644 index 0000000000..ade917ffd5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-06.xml @@ -0,0 +1,85 @@ + + + + libpng: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in libpng which can + allow a remote attacker to cause a Denial of Service condition. + + libpng + August 14, 2014 + June 06, 2015: 4 + 503014 + 507378 + remote + + + 1.6.10 + 1.3 + 1.5.18 + 1.5.19 + 1.5.20 + 1.5.21 + 1.5.22 + 1.5.23 + 1.5.24 + 1.5.25 + 1.6.10 + + + +

libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +

+ + +

The png_push_read_chunk function in pngpread.c in the progressive + decoder enters an infinite loop, when it encounters a zero-length IDAT + chunk. In addition certain integer overflows have been detected and + corrected. +

+ +

The 1.2 branch is not affected by these vulnerabilities.

+ + +

A remote attacker could entice a user to open a specially crafted PNG + file using an application linked against libpng, possibly resulting in + Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All libpng users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.10" + + +

Users with current installs in the 1.5 branch should also upgrade this + using: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.18:1.5" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2013-7353 + CVE-2013-7354 + CVE-2014-0333 + + + BlueKnight + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-07.xml new file mode 100644 index 0000000000..0be0b64637 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-07.xml @@ -0,0 +1,54 @@ + + + + ModPlug XMMS Plugin: Multiple vulnerabilities + + + Multiple vulnerabilities have been found in ModPlug XMMS Plugin, worst of + which allows remote attackers to execute arbitrary code. + + modplug + August 16, 2014 + August 16, 2014: 1 + 480388 + remote + + + 0.8.8.5 + 0.8.8.5 + + + +

ModPlug XMMS Plugin is a library for playing MOD-like music files

+ + +

Multiple vulnerabilities have been discovered in ModPlug XMMS Plugin. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ModPlug XMMS Plugin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.8.5" + + + + + CVE-2013-4233 + CVE-2013-4234 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-08.xml new file mode 100644 index 0000000000..0b7353f9eb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-08.xml @@ -0,0 +1,52 @@ + + + + file: Denial of Service + A vulnerability in file could result in Denial of Service. + file + August 26, 2014 + August 29, 2014: 6 + 505534 + local, remote + + + 5.15 + 5.15 + + + +

file is a utility that guesses a file format by scanning binary data for + patterns. +

+ + +

BEGIN regular expression in the awk script detector in + magic/Magdir/commands uses multiple wildcards with unlimited repetitions. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted file, + possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All file users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-5.15" + + + + + CVE-2013-7345 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-09.xml new file mode 100644 index 0000000000..bd816c0d93 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-09.xml @@ -0,0 +1,56 @@ + + + + GNU Libtasn1: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in GNU Libtasn1, the + worse of which can allow a context-dependent attacker to cause a Denial of + Service condition. + + libtasn1 + August 29, 2014 + August 29, 2014: 1 + 511536 + local, remote + + + 3.6 + 3.6 + + + +

The ASN.1 library used in GNUTLS.

+ + +

Multiple vulnerabilities have been discovered in GNU Libtasn1. Please + review the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could possibly cause a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Libtasn1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-3.6" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2014-3467 + CVE-2014-3468 + CVE-2014-3469 + + K_F + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-10.xml new file mode 100644 index 0000000000..bc5f023b32 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-10.xml @@ -0,0 +1,51 @@ + + + + Libgcrypt: Side-channel attack + A vulnerability in Libgcrypt could allow a remote attacker to + extract ElGamal private key information. + + libgcrypt,side-channel,elgamal + August 29, 2014 + August 29, 2014: 1 + 519396 + remote + + + 1.5.4 + 1.5.4 + + + +

Libgcrypt is a general purpose cryptographic library derived out of + GnuPG. +

+ + +

A vulnerability in the implementation of ElGamal decryption procedures + of Libgcrypt leaks information to various side-channels. +

+ + +

A physical side-channel attack allows a remote attacker to fully extract + decryption keys during the decryption of a chosen ciphertext. +

+ + +

There is no known workaround at this time.

+ + +

All Libgcrypt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.5.4" + + + + + CVE-2014-5270 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-11.xml new file mode 100644 index 0000000000..882adbbe88 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-11.xml @@ -0,0 +1,137 @@ + + + + PHP: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in PHP, the worst of + which could lead to remote execution of arbitrary code. + + php + August 29, 2014 + August 22, 2015: 4 + 459904 + 472204 + 472558 + 474656 + 476570 + 481004 + 483212 + 485252 + 492784 + 493982 + 501312 + 503630 + 503670 + 505172 + 505712 + 509132 + 512288 + 512492 + 513032 + 516994 + 519932 + 520134 + 520438 + remote + + + 5.5.16 + 5.4.32 + 5.3.29 + 5.4.34 + 5.4.35 + 5.4.36 + 5.4.37 + 5.4.38 + 5.4.39 + 5.4.40 + 5.4.41 + 5.4.42 + 5.4.43 + 5.4.44 + 5.4.45 + 5.4.46 + 5.5.16 + + + +

PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker can cause arbitrary code execution, create + a Denial of Service condition, read or write arbitrary files, impersonate + other servers, hijack a web session, or have other unspecified impact. + Additionally, a local attacker could gain escalated privileges. +

+ + +

There is no known workaround at this time.

+ + +

All PHP 5.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16" + + +

All PHP 5.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32" + + +

All PHP 5.3 users should upgrade to the latest version. This release + marks the end of life of the PHP 5.3 series. Future releases of this + series are not planned. All PHP 5.3 users are encouraged to upgrade to + the current stable version of PHP 5.5 or previous stable version of PHP + 5.4, which are supported till at least 2016 and 2015 respectively. +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29" + + + + CVE-2011-4718 + CVE-2013-1635 + CVE-2013-1643 + CVE-2013-1824 + CVE-2013-2110 + CVE-2013-3735 + CVE-2013-4113 + CVE-2013-4248 + CVE-2013-4635 + CVE-2013-4636 + CVE-2013-6420 + CVE-2013-6712 + CVE-2013-7226 + CVE-2013-7327 + CVE-2013-7345 + CVE-2014-0185 + CVE-2014-0237 + CVE-2014-0238 + CVE-2014-1943 + CVE-2014-2270 + CVE-2014-2497 + CVE-2014-3597 + CVE-2014-3981 + CVE-2014-4049 + CVE-2014-4670 + CVE-2014-5120 + + + creffett + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-12.xml new file mode 100644 index 0000000000..4dae67c539 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-12.xml @@ -0,0 +1,59 @@ + + + + Apache HTTP Server: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in Apache HTTP + Server, the worse of which could lead to execution of arbitrary code or a + Denial of Service condition + + apache,dos,ace + August 29, 2014 + August 29, 2014: 1 + 504990 + 507866 + 517298 + remote + + + 2.2.27-r4 + 2.2.27-r4 + + + +

Apache HTTP Server is one of the most popular web servers on the + Internet. +

+ + +

Multiple vulnerabilities have been found in Apache HTTP Server. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted request to possibly + execute arbitrary code, cause Denial of Service, or obtain sensitive + information. +

+ + +

There is no known workaround at this time.

+ + +

All Apache HTTP Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.27-r4" + + + + + CVE-2013-6438 + CVE-2014-0098 + CVE-2014-0226 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-13.xml new file mode 100644 index 0000000000..c9b4c24953 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-13.xml @@ -0,0 +1,52 @@ + + + + Jinja2: Multiple vulnerabilities + Multiple vulnerabilities have been found in Jinja2, allowing local + attackers to escalate their privileges. + + jinja + August 29, 2014 + August 29, 2014: 1 + 497690 + local + + + 2.7.3 + 2.7.3 + + + +

Jinja2 is a template engine written in pure Python.

+ + +

Multiple vulnerabilities have been discovered in Jinja2. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could gain escalated privileges via a specially crafted + cache file or pre-created temporary directory. +

+ + +

There is no known workaround at this time.

+ + +

All Jinja2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/jinja-2.7.3" + + + + + CVE-2014-0012 + CVE-2014-1402 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-14.xml new file mode 100644 index 0000000000..947901950e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-14.xml @@ -0,0 +1,56 @@ + + + + stunnel: Information disclosure + A vulnerability in stunnel might allow remote attackers to gain + access to private key information. + + stunnel + August 29, 2014 + August 29, 2014: 1 + 503506 + remote + + + 5.02 + 5.02 + + + +

The stunnel program is designed to work as an SSL encryption wrapper + between a client and a local or remote server. +

+ + +

stunnel does not properly update the state of the pseudo-random + generator after fork-threading which causes subsequent children with the + same process ID to use the same entropy pool. ECDSA and DSA keys, when + not used in deterministic mode (RFC6979), rely on random data for its k + parameter to not leak private key information. +

+ + +

A remote attacker may gain access to private key information from ECDSA + or DSA keys. +

+ + +

There is no known workaround at this time.

+ + +

All stunnel users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/stunnel-5.02" + + + + + CVE-2014-0016 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-15.xml new file mode 100644 index 0000000000..517ed5c8c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-15.xml @@ -0,0 +1,97 @@ + + + + PostgreSQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in PostgreSQL, the worst + of which may allow remote Denial of Service. + + postgresql-server + August 29, 2014 + August 29, 2014: 1 + 456080 + 463884 + 501946 + remote + + + 9.3.3 + 9.2.7 + 9.1.12 + 9.0.16 + 8.4.20 + 9.3.3 + + + +

PostgreSQL is an open source object-relational database management + system. +

+ + +

Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote authenticated attacker may be able to create a Denial of + Service condition, bypass security restrictions, or have other + unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All PostgreSQL 9.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.3.3" + + +

All PostgreSQL 9.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.2.7" + + +

All PostgreSQL 9.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.1.12" + + +

All PostgreSQL 9.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.0.16" + + +

All PostgreSQL 8.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.4.20" + + + + + CVE-2013-0255 + CVE-2013-1899 + CVE-2013-1900 + CVE-2013-1901 + CVE-2014-0060 + CVE-2014-0061 + CVE-2014-0062 + CVE-2014-0063 + CVE-2014-0064 + CVE-2014-0065 + CVE-2014-0066 + CVE-2014-2669 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-16.xml new file mode 100644 index 0000000000..0609f17e63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-16.xml @@ -0,0 +1,123 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium, the worst of + which can allow remote attackers to execute arbitrary code. + + chromium + August 30, 2014 + August 30, 2014: 1 + 504328 + 504890 + 507212 + 508788 + 510288 + 510904 + 512944 + 517304 + 519788 + 521276 + remote + + + 37.0.2062.94 + 37.0.2062.94 + + + +

Chromium is an open-source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could conduct a number of attacks which include: cross + site scripting attacks, bypassing of sandbox protection, potential + execution of arbitrary code with the privileges of the process, or cause + a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-37.0.2062.94" + + + + + + CVE-2014-1741 + + CVE-2014-0538 + CVE-2014-1700 + CVE-2014-1701 + CVE-2014-1702 + CVE-2014-1703 + CVE-2014-1704 + CVE-2014-1705 + CVE-2014-1713 + CVE-2014-1714 + CVE-2014-1715 + CVE-2014-1716 + CVE-2014-1717 + CVE-2014-1718 + CVE-2014-1719 + CVE-2014-1720 + CVE-2014-1721 + CVE-2014-1722 + CVE-2014-1723 + CVE-2014-1724 + CVE-2014-1725 + CVE-2014-1726 + CVE-2014-1727 + CVE-2014-1728 + CVE-2014-1729 + CVE-2014-1730 + CVE-2014-1731 + CVE-2014-1732 + CVE-2014-1733 + CVE-2014-1734 + CVE-2014-1735 + CVE-2014-1740 + CVE-2014-1742 + CVE-2014-1743 + CVE-2014-1744 + CVE-2014-1745 + CVE-2014-1746 + CVE-2014-1747 + CVE-2014-1748 + CVE-2014-1749 + CVE-2014-3154 + CVE-2014-3155 + CVE-2014-3156 + CVE-2014-3157 + CVE-2014-3160 + CVE-2014-3162 + CVE-2014-3165 + CVE-2014-3166 + CVE-2014-3167 + CVE-2014-3168 + CVE-2014-3169 + CVE-2014-3170 + CVE-2014-3171 + CVE-2014-3172 + CVE-2014-3173 + CVE-2014-3174 + CVE-2014-3175 + CVE-2014-3176 + CVE-2014-3177 + + Zlogene + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-17.xml new file mode 100644 index 0000000000..b04344577e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-17.xml @@ -0,0 +1,74 @@ + + + + QEMU: Multiple vulnerabilities + Multiple vulnerabilities have been found in QEMU, worst of which + allows local attackers to execute arbitrary code. + + qemu + August 30, 2014 + September 02, 2014: 3 + 201434 + 486352 + 505946 + 507692 + 507790 + 507796 + 510208 + 510234 + local + + + 2.0.0-r1 + 2.0.0-r1 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

A local attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.0.0-r1" + + + + + CVE-2007-6227 + CVE-2013-4377 + CVE-2013-4544 + CVE-2014-0142 + CVE-2014-0143 + CVE-2014-0144 + CVE-2014-0145 + CVE-2014-0146 + CVE-2014-0147 + CVE-2014-0150 + CVE-2014-0222 + CVE-2014-0223 + CVE-2014-2894 + CVE-2014-3461 + + + BlueKnight + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-18.xml new file mode 100644 index 0000000000..c490581e2f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-18.xml @@ -0,0 +1,57 @@ + + + + NRPE: Multiple Vulnerabilities + Multiple vulnerabilities have been found in NRPE, the worst of + which can allow execution of arbitrary code. + + nrpe + August 30, 2014 + August 30, 2014: 1 + 397603 + 459870 + 508122 + remote + + + 2.15 + 2.15 + + + +

Nagios Remote Plugin Executor (NRPE) remotely executes Nagios plugins on + other Linux/Unix machines. +

+ + +

Multiple vulnerabilities have been discovered in NRPE. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker can utilize multiple vectors to execute arbitrary + code. +

+ + +

There is no known workaround at this time.

+ + +

All NRPE users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/nrpe-2.15" + + + + CVE-2013-1362 + CVE-2014-2913 + + + underling + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-19.xml new file mode 100644 index 0000000000..48eb1150bd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201408-19.xml @@ -0,0 +1,120 @@ + + + + OpenOffice, LibreOffice: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenOffice and + LibreOffice, the worst of which may result in execution of arbitrary code. + + openoffice + August 31, 2014 + August 31, 2014: 1 + 283370 + 305195 + 320491 + 332321 + 352864 + 386081 + 409509 + 429482 + 514886 + remote + + + 3.5.5.3 + 3.5.5.3 + + + 3.5.5.3 + + + 4.2.5.2 + 4.2.5.2 + + + 4.2.5.2 + 4.2.5.2 + + + +

OpenOffice is the open source version of StarOffice, a full office + productivity suite. LibreOffice is a fork of OpenOffice. +

+ + +

Multiple vulnerabilities have been discovered in OpenOffice and + Libreoffice. Please review the CVE identifiers referenced below for + details. +

+ + +

A remote attacker could entice a user to open a specially crafted file + using OpenOffice, possibly resulting in execution of arbitrary code with + the privileges of the process, a Denial of Service condition, execution + of arbitrary Python code, authentication bypass, or reading and writing + of arbitrary files. +

+ + +

There is no known workaround at this time.

+ + +

All OpenOffice (binary) users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-office/openoffice-bin-3.5.5.3" + + +

All LibreOffice users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2" + + +

All LibreOffice (binary) users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-office/libreoffice-bin-4.2.5.2" + + +

We recommend that users unmerge OpenOffice:

+ + + # emerge --unmerge "app-office/openoffice" + + + + CVE-2006-4339 + CVE-2009-0200 + CVE-2009-0201 + CVE-2009-0217 + CVE-2009-2949 + CVE-2009-2950 + CVE-2009-3301 + CVE-2009-3302 + CVE-2010-0395 + CVE-2010-2935 + CVE-2010-2936 + CVE-2010-3450 + CVE-2010-3451 + CVE-2010-3452 + CVE-2010-3453 + CVE-2010-3454 + CVE-2010-3689 + CVE-2010-4253 + CVE-2010-4643 + CVE-2011-2713 + CVE-2012-0037 + CVE-2012-1149 + CVE-2012-2149 + CVE-2012-2334 + CVE-2012-2665 + CVE-2014-0247 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-01.xml new file mode 100644 index 0000000000..2f07318be8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-01.xml @@ -0,0 +1,53 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark which could + allow remote attackers to cause Denial of Service. + + wireshark + September 01, 2014 + September 01, 2014: 1 + 519014 + remote + + + 1.10.9 + 1.10.9 + + + +

Wireshark is a network protocol analyzer formerly known as ethereal.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause a Denial of Service condition via specially + crafted packets. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.9" + + + + + CVE-2014-5161 + CVE-2014-5162 + CVE-2014-5163 + CVE-2014-5164 + CVE-2014-5165 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-02.xml new file mode 100644 index 0000000000..39880224e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-02.xml @@ -0,0 +1,56 @@ + + + + Net-SNMP: Denial of Service + Multiple vulnerabilities have been found in Net-SNMP which could + allow remote attackers to cause Denial of Service. + + net-snmp + September 01, 2014 + September 01, 2014: 1 + 431752 + 493296 + 502968 + 509110 + remote + + + 5.7.3_pre3 + 5.7.3_pre3 + + + +

Net-SNMP bundles software for generating and retrieving SNMP data.

+ + +

Multiple vulnerabilities have been discovered in Net-SNMP. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could create a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All net-snmp users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-analyzer/net-snmp-5.7.3_pre3" + + + + + CVE-2012-2141 + CVE-2012-6151 + CVE-2014-2284 + CVE-2014-2285 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-03.xml new file mode 100644 index 0000000000..930b2941df --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-03.xml @@ -0,0 +1,50 @@ + + + + dhcpcd: Denial of service + A vulnerability in dhcpcd can lead to a Denial of Service + condition. + + dhcpcd + September 03, 2014 + September 03, 2014: 1 + 518596 + remote + + + 6.4.3 + 6.4.3 + + + +

dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP + client. +

+ + +

A vulnerability has been discovered in dhcpcd. A malicious dhcp server + can set flags as part of the dhcp reply that can cause a Denial of + Service condition. +

+ + +

A remote attacker can cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All dhcpcd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-6.4.3" + + + + + CVE-2014-6060 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-04.xml new file mode 100644 index 0000000000..9c23049ba1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-04.xml @@ -0,0 +1,96 @@ + + + + MySQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in MySQL, worst of which + allows local attackers to escalate their privileges. + + mysql + September 04, 2014 + September 04, 2014: 1 + 460748 + 488212 + 498164 + 500260 + 507802 + 518718 + local, remote + + + 5.5.39 + 5.5.39 + + + +

MySQL is a popular multi-threaded, multi-user SQL server.

+ + +

Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could possibly gain escalated privileges. A remote + attacker could send a specially crafted SQL query, possibly resulting in + a Denial of Service condition. A remote attacker could entice a user to + connect to specially crafted MySQL server, possibly resulting in + execution of arbitrary code with the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All MySQL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.39" + + + + + CVE-2013-1861 + CVE-2013-2134 + CVE-2013-3839 + CVE-2013-5767 + CVE-2013-5770 + CVE-2013-5786 + CVE-2013-5793 + CVE-2013-5807 + CVE-2013-5860 + CVE-2013-5881 + CVE-2013-5882 + CVE-2013-5891 + CVE-2013-5894 + CVE-2013-5908 + CVE-2014-0001 + CVE-2014-0384 + CVE-2014-0386 + CVE-2014-0393 + CVE-2014-0401 + CVE-2014-0402 + CVE-2014-0412 + CVE-2014-0420 + CVE-2014-0427 + CVE-2014-0430 + CVE-2014-0431 + CVE-2014-0433 + CVE-2014-0437 + CVE-2014-2419 + CVE-2014-2430 + CVE-2014-2431 + CVE-2014-2432 + CVE-2014-2434 + CVE-2014-2435 + CVE-2014-2436 + CVE-2014-2438 + CVE-2014-2440 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-05.xml new file mode 100644 index 0000000000..fa9d288517 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-05.xml @@ -0,0 +1,63 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + September 19, 2014 + September 19, 2014: 1 + 522448 + remote + + + 11.2.202.406 + 11.2.202.406 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.406" + + + + + CVE-2014-0547 + CVE-2014-0548 + CVE-2014-0549 + CVE-2014-0550 + CVE-2014-0551 + CVE-2014-0552 + CVE-2014-0553 + CVE-2014-0554 + CVE-2014-0555 + CVE-2014-0556 + CVE-2014-0557 + CVE-2014-0559 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-06.xml new file mode 100644 index 0000000000..3f19a72d84 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-06.xml @@ -0,0 +1,52 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium, the worst of + which can allow remote attackers to cause Denial of Service. + + chromium + September 19, 2014 + September 19, 2014: 1 + 522484 + remote + + + 37.0.2062.120 + 37.0.2062.120 + + + +

Chromium is an open-source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service condition or + possibly have other unspecified impact by leveraging improper handling of + render-tree inconsistencies. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-37.0.2062.120" + + + + + CVE-2014-3178 + CVE-2014-3179 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-07.xml new file mode 100644 index 0000000000..dc71896b8a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-07.xml @@ -0,0 +1,55 @@ + + + + c-icap: Denial of Service + A vulnerability in c-icap could result in Denial of Service. + c-icap,DoS + September 19, 2014 + September 19, 2014: 1 + 455324 + remote + + + 0.2.6 + 0.2.6 + + + +

c-icap is an implementation of an ICAP server. It can be used with HTTP + proxies that support the ICAP protocol to implement content adaptation + and filtering services. +

+ + +

c-icap contains a flaw in the parse_request() function of request.c that + may allow a remote denial of service. The issue is triggered when the + buffer fails to contain a ‘ ‘ or ‘?’ symbol, which will cause the + end pointer to increase and surpass allocated memory. With a specially + crafted request (e.g. via the OPTIONS method), a remote attacker can + cause a loss of availability for the program. +

+ + +

A remote attacker may cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All c-icap users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/c-icap-0.2.6" + + + + + CVE-2013-7401 + CVE-2013-7402 + + + keytoaster + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-08.xml new file mode 100644 index 0000000000..e582cc1f09 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-08.xml @@ -0,0 +1,52 @@ + + + + libxml2: Denial of Service + A vulnerability in libxml2 allows a remote attacker to cause Denial + of Service. + + libxml2 + September 19, 2014 + September 19, 2014: 1 + 509834 + remote + + + 2.9.1-r4 + 2.9.1-r4 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

A vulnerability in the xmlParserHandlePEReference() function of + parser.c, when expanding entity references, can be exploited to consume + large amounts of memory and cause a crash or hang. +

+ + +

A remote attacker may be able to cause Denial of Service via a specially + crafted XML file containing malicious attributes. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r4" + + + + + CVE-2014-0191 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-09.xml new file mode 100644 index 0000000000..2cecc3c0b6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-09.xml @@ -0,0 +1,81 @@ + + + + Bash: Code Injection + A parsing flaw related to functions and environments in Bash could + allow attackers to inject code. + + bash + September 24, 2014 + October 04, 2014: 4 + 523592 + local, remote + + + 3.1_p18 + 3.2_p52 + 4.0_p39 + 4.1_p12 + 4.2_p48 + 4.2_p48 + + + +

Bash is the standard GNU Bourne Again SHell.

+ + +

Stephane Chazelas reported that Bash incorrectly handles function + definitions, allowing attackers to inject arbitrary code. +

+ + +

A remote attacker could exploit this vulnerability to execute arbitrary + commands even in restricted environments. +

+ + +

There is no known workaround at this time.

+ + +

All Bash 3.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p18:3.1" + + +

All Bash 3.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52:3.2" + + +

All Bash 4.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39:4.0" + + +

All Bash 4.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12:4.1" + + +

All Bash 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48" + + + + + CVE-2014-6271 + + a3li + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-10.xml new file mode 100644 index 0000000000..bfe734fe09 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201409-10.xml @@ -0,0 +1,91 @@ + + + + Bash: Code Injection (Updated fix for GLSA 201409-09) + A parsing flaw related to functions and environments in Bash could + allow attackers to inject code. The unaffected packages listed in GLSA + 201409-09 had an incomplete fix. + + bash + September 25, 2014 + October 04, 2014: 2 + 523592 + local, remote + + + 3.1_p18-r1 + 3.2_p52-r1 + 4.0_p39-r1 + 4.1_p12-r1 + 4.2_p48-r1 + 4.2_p48-r1 + + + +

Bash is the standard GNU Bourne Again SHell.

+ + +

Stephane Chazelas reported that Bash incorrectly handles function + definitions, allowing attackers to inject arbitrary code (CVE-2014-6271). + Gentoo Linux informed about this issue in GLSA 201409-09. +

+ +

Tavis Ormandy reported that the patch for CVE-2014-6271 was incomplete. + As such, this GLSA supersedes GLSA 201409-09. +

+ + +

A remote attacker could exploit this vulnerability to execute arbitrary + commands even in restricted environments. +

+ + +

There is no known workaround at this time.

+ + +

All Bash 3.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p18-r1:3.1" + + +

All Bash 3.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52-r1:3.2" + + +

All Bash 4.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39-r1:4.0" + + +

All Bash 4.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12-r1:4.1" + + +

All Bash 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48-r1" + + + + + CVE-2014-7169 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-01.xml new file mode 100644 index 0000000000..41875ec460 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-01.xml @@ -0,0 +1,94 @@ + + + + Bash: Multiple vulnerabilities + Multiple parsing flaws in Bash could allow remote attackers to + inject code or cause a Denial of Service condition. + + bash + October 04, 2014 + October 04, 2014: 1 + 523742 + 524256 + local, remote + + + 3.1_p22 + 3.2_p56 + 4.0_p43 + 4.1_p16 + 4.2_p52 + 4.2_p52 + + + +

Bash is the standard GNU Bourne Again SHell.

+ + +

Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further + parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA + contain the official patches to fix the issues tracked as CVE-2014-6277, + CVE-2014-7186, and CVE-2014-7187. Furthermore, the official patch known + as “function prefix patch” is included which prevents the + exploitation of CVE-2014-6278. +

+ + +

A remote attacker could exploit these vulnerabilities to execute + arbitrary commands or cause a Denial of Service condition via various + vectors. +

+ + +

There is no known workaround at this time.

+ + +

All Bash 3.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p22:3.1" + + +

All Bash 3.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p56:3.2" + + +

All Bash 4.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p43:4.0" + + +

All Bash 4.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p16:4.1" + + +

All Bash 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p52" + + + + + CVE-2014-6277 + CVE-2014-6278 + CVE-2014-7186 + CVE-2014-7187 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-02.xml new file mode 100644 index 0000000000..a0aaef4190 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201410-02.xml @@ -0,0 +1,64 @@ + + + + Perl, Perl Locale-Maketext module: Multiple vulnerabilities + Multiple vulnerabilities have been found in the Perl + Locale-Maketext module, allowing remote attackers to inject and execute + arbitrary Perl code. + + Locale-Maketext + October 12, 2014 + December 29, 2014: 2 + 446376 + remote + + + 1.230.0 + 1.230.0 + + + 5.17.7 + 5.17.7 + + + +

Locale-Maketext - Perl framework for localization

+ + +

Two vulnerabilities have been reported in the Locale-Maketext module for + Perl, which can be exploited by malicious users to compromise an + application using the module. +

+ +

The vulnerabilities are caused due to the “_compile()” function not + properly sanitising input, which can be exploited to inject and execute + arbitrary Perl code. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All users of the Locale-Maketext module should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=perl-core/Locale-Maketext-1.230.0" + + + + CVE-2012-6329 + + ackle + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-01.xml new file mode 100644 index 0000000000..81a571549c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-01.xml @@ -0,0 +1,107 @@ + + + + VLC: Multiple vulnerabilities + Multiple vulnerabilities have been found in VLC, the worst of which + could lead to user-assisted execution of arbitrary code. + + VLC + November 05, 2014 + November 05, 2014: 1 + 279340 + 285370 + 316709 + 332361 + 350933 + 352206 + 352776 + 353326 + 360189 + 363359 + 370321 + 375167 + 385953 + 395543 + 408881 + 414409 + 424435 + 442758 + 450438 + 454650 + 476436 + 486902 + 493710 + 499806 + remote + + + 2.1.2 + 2.1.2 + + + +

VLC is a cross-platform media player and streaming server.

+ + +

Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted media + file using VLC, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All VLC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-2.1.2" + + + + + CVE-2010-1441 + CVE-2010-1442 + CVE-2010-1443 + CVE-2010-1444 + CVE-2010-1445 + CVE-2010-2062 + CVE-2010-2937 + CVE-2010-3124 + CVE-2010-3275 + CVE-2010-3276 + CVE-2010-3907 + CVE-2011-0021 + CVE-2011-0522 + CVE-2011-0531 + CVE-2011-1087 + CVE-2011-1684 + CVE-2011-2194 + CVE-2011-2587 + CVE-2011-2588 + CVE-2011-3623 + CVE-2012-0023 + CVE-2012-1775 + CVE-2012-1776 + CVE-2012-2396 + CVE-2012-3377 + CVE-2012-5470 + CVE-2012-5855 + CVE-2013-1868 + CVE-2013-1954 + CVE-2013-3245 + CVE-2013-4388 + CVE-2013-6283 + CVE-2013-6934 + + a3li + + underling + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-02.xml new file mode 100644 index 0000000000..3d3816d151 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-02.xml @@ -0,0 +1,71 @@ + + + + MySQL, MariaDB: Multiple vulnerabilities + Multiple vulnerabilities have been found in the MySQL and MariaDB, + possibly allowing attackers to cause unspecified impact. + + mysql mariadb + November 05, 2014 + November 05, 2014: 1 + 525504 + remote + + + 5.5.40 + 5.5.40 + + + 5.5.40-r1 + 5.5.40-r1 + + + +

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +

+ + +

Multiple unspecified vulnerabilities have been discovered in MySQL. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could exploit these vulnerabilities to cause + unspecified impact, possibly including remote execution of arbitrary + code, Denial of Service, or disclosure of sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All MySQL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40" + + +

All MariaDB users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1" + + + + + CVE-2014-6464 + CVE-2014-6469 + CVE-2014-6491 + CVE-2014-6494 + CVE-2014-6496 + CVE-2014-6500 + CVE-2014-6507 + CVE-2014-6555 + CVE-2014-6559 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-03.xml new file mode 100644 index 0000000000..75ea3e56c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-03.xml @@ -0,0 +1,50 @@ + + + + TigerVNC: User-assisted execution of arbitrary code + A buffer overflow in TigerVNC could result in execution of + arbitrary code or Denial of Service. + + tigervnc + November 05, 2014 + November 05, 2014: 1 + 505170 + remote + + + 1.3.1 + 1.3.1 + + + +

TigerVNC is a high-performance VNC server/client.

+ + +

Two boundary errors in TigerVNC could lead to a heap-based buffer + overflow. +

+ + +

A remote attacker could entice a user to connect to a malicious VNC + server using TigerVNC, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All TigerVNC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.3.1" + + + + + CVE-2014-0011 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-04.xml new file mode 100644 index 0000000000..5150a70650 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-04.xml @@ -0,0 +1,85 @@ + + + + PHP: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in PHP, the worst of + which could lead to remote execution of arbitrary code. + + php + November 09, 2014 + August 22, 2015: 3 + 525960 + remote + + + 5.5.18 + 5.4.34 + 5.3.29 + 5.4.36 + 5.4.37 + 5.4.38 + 5.4.39 + 5.4.35 + 5.4.40 + 5.4.41 + 5.4.42 + 5.4.43 + 5.4.44 + 5.4.45 + 5.4.46 + 5.5.18 + + + +

PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker can possibly execute arbitrary code or + create a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All PHP 5.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.18" + + +

All PHP 5.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.34" + + +

All PHP 5.3 users should upgrade to the latest version. This release + marks the end of life of the PHP 5.3 series. Future releases of this + series are not planned. All PHP 5.3 users are encouraged to upgrade to + the current stable version of PHP 5.5 or previous stable version of PHP + 5.4, which are supported till at least 2016 and 2015 respectively. +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29" + + + + CVE-2014-3668 + CVE-2014-3669 + CVE-2014-3670 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-05.xml new file mode 100644 index 0000000000..d10aff163b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-05.xml @@ -0,0 +1,49 @@ + + + + GNU Wget: Arbitrary code execution + An absolute path traversal vulnerability could lead to arbitrary + code execution. + + wget + November 16, 2014 + November 16, 2014: 1 + 527056 + remote + + + 1.16 + 1.16 + + + +

GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +

+ + +

An absolute path traversal vulnerability has been found in GNU Wget.

+ + +

A remote FTP server is able to write to arbitrary files, and + consequently execute arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Wget users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wget-1.16" + + + + + CVE-2014-4877 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-06.xml new file mode 100644 index 0000000000..8442421e8e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-06.xml @@ -0,0 +1,73 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + November 21, 2014 + November 21, 2014: 2 + 525430 + 529088 + remote + + + 11.2.202.418 + 11.2.202.418 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.418" + + + + + CVE-2014-0558 + CVE-2014-0564 + CVE-2014-0569 + CVE-2014-0573 + CVE-2014-0574 + CVE-2014-0576 + CVE-2014-0577 + CVE-2014-0581 + CVE-2014-0582 + CVE-2014-0583 + CVE-2014-0584 + CVE-2014-0585 + CVE-2014-0586 + CVE-2014-0588 + CVE-2014-0589 + CVE-2014-0590 + CVE-2014-8437 + CVE-2014-8438 + CVE-2014-8440 + CVE-2014-8441 + CVE-2014-8442 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-07.xml new file mode 100644 index 0000000000..40cbec8c40 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-07.xml @@ -0,0 +1,52 @@ + + + + Openswan: Denial of Service + A NULL pointer dereference in Openswan may allow remote attackers + to cause Denial of Service. + + openswan + November 23, 2014 + November 23, 2014: 1 + 499870 + remote + + + 2.6.39-r1 + + + +

Openswan is an implementation of IPsec for Linux.

+ + +

A NULL pointer dereference has been found in Openswan.

+ + +

A remote attacker could create a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for Openswan. We recommend that users + unmerge Openswan: +

+ + + # emerge --unmerge "net-misc/openswan" + + +

NOTE: The Gentoo developer(s) maintaining Openswan have discontinued + support at this time. It may be possible that a new Gentoo developer will + update Openswan at a later date. Alternatives packages such as Libreswan + and strongSwan are currently available in Gentoo Portage. +

+ + + CVE-2013-6466 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-08.xml new file mode 100644 index 0000000000..7ae5a57bc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-08.xml @@ -0,0 +1,56 @@ + + + + Aircrack-ng: User-assisted execution of arbitrary code + Multiple vulnerabilities have been found in Aircrack-ng, possibly + resulting in local privilege escalation, remote code execution, or Denial + of Service. + + aircrack-ng + November 23, 2014 + November 23, 2014: 1 + 528132 + local, remote + + + 1.2_rc1 + 1.2_rc1 + + + +

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can + recover keys once enough data packets have been captured. +

+ + +

Multiple vulnerabilities have been discovered in Aircrack-ng. Please + review the CVE identifiers referenced below for details. +

+ + +

A local attacker can use this flaw to execute arbitrary code or gain + escalated privileges. A remote attacker execute arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Aircrack-ng users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-wireless/aircrack-ng-1.2_rc1" + + + + CVE-2014-8321 + CVE-2014-8322 + CVE-2014-8323 + CVE-2014-8324 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-09.xml new file mode 100644 index 0000000000..c0f09a48c9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-09.xml @@ -0,0 +1,55 @@ + + + + Ansible: Privilege escalation + Multiple vulnerabilities has been found in Ansible which may allow + local privilege escalation. + + ansible + November 23, 2014 + November 23, 2014: 1 + 516564 + 517770 + local + + + 1.6.8 + 1.6.8 + + + +

Ansible is a radically simple IT automation platform.

+ + +

Multiple vulnerabilities have been discovered in Ansible. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Ansible users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/ansible-1.6.8" + + + + CVE-2014-4657 + CVE-2014-4678 + CVE-2014-4966 + CVE-2014-4967 + + + pinkbyte + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-10.xml new file mode 100644 index 0000000000..cb9b2b1fb5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-10.xml @@ -0,0 +1,53 @@ + + + + Asterisk: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Asterisk, the worst of + which could lead to Denial of Service. + + asterisk + November 23, 2014 + November 23, 2014: 1 + 523216 + 526208 + remote + + + 11.13.1 + 11.13.1 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple unspecified vulnerabilities have been discovered in Asterisk. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could exploit the vulnerabilities to cause a man in + the middle attack or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.13.1" + + + + + CVE-2014-3566 + CVE-2014-6610 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-11.xml new file mode 100644 index 0000000000..5cf8bd3242 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201411-11.xml @@ -0,0 +1,56 @@ + + + + Squid: Multiple vulnerabilities + Multiple vulnerabilities have been found in Squid, allowing remote + attackers to execute arbitrary code or cause a Denial of Service condition. + + squid + November 27, 2014 + November 27, 2014: 1 + 504176 + 522498 + remote + + + 3.3.13-r1 + 3.3.13-r1 + + + +

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and + more. +

+ + +

An assertion failure in processing of SSL-Bump has been found in Squid. + Heap based overflow is discovered when processing SNMP requests. +

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in a executing of arbitrary code or Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Squid users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.3.13-r1" + + + + CVE-2014-0128 + CVE-2014-7141 + CVE-2014-7142 + + + keytoaster + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-01.xml new file mode 100644 index 0000000000..88221fb102 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-01.xml @@ -0,0 +1,61 @@ + + + + QEMU: Multiple Vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which allows context dependent attackers to cause Denial of Service. + + qemu + December 08, 2014 + December 08, 2014: 1 + 514680 + 519506 + 520688 + 522364 + 523428 + 527088 + local, remote + + + 2.1.2-r1 + 2.1.2-r1 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could cause a Denial of Service condition + and a local user can obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.1.2-r1" + + + + + CVE-2014-3471 + CVE-2014-3615 + CVE-2014-3640 + CVE-2014-5263 + CVE-2014-5388 + CVE-2014-7815 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-02.xml new file mode 100644 index 0000000000..3aabc630bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-02.xml @@ -0,0 +1,52 @@ + + + + nfs-utils: Information disclosure + A vulnerability in nfs-utils might allow remote attackers to gain + access to restricted information. + + nfs-utils + December 08, 2014 + December 08, 2014: 1 + 464636 + remote + + + 1.2.8 + 1.2.8 + + + +

nfs-utils contains the client and daemon implementations for the NFS + protocol. +

+ + +

rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending + on PTR resolution for GSSAPI authentication, allowing for data to be + submitted to a malicious server without the knowledge of the user. +

+ + +

A remote attacker may be able to obtain sensitive information.

+ + +

There is no known workaround at this time.

+ + +

All nfs-utils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.2.8" + + + + + CVE-2013-1923 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-03.xml new file mode 100644 index 0000000000..14ce3a70fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-03.xml @@ -0,0 +1,49 @@ + + + + Dovecot: Denial of Service + A vulnerability in Dovecot could allow a remote attacker to create + a Denial of Service condition. + + dovecot + December 08, 2014 + December 08, 2014: 1 + 509954 + remote + + + 2.2.13 + 2.2.13 + + + +

Dovecot is an open source IMAP and POP3 email server.

+ + +

Dovecot does not properly close connections, allowing a resource + exhaustion for incomplete SSL/TLS handshakes. +

+ + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Dovecot users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.2.13" + + + + + CVE-2014-3430 + + + keytoaster + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-04.xml new file mode 100644 index 0000000000..93d1f22292 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-04.xml @@ -0,0 +1,83 @@ + + + + libvirt: Multiple vulnerabilities + Multiple vulnerabilities have been found in libvirt, worst of which + allows context-dependent attackers to escalate privileges. + + libvirt + December 08, 2014 + December 08, 2014: 1 + 483048 + 484014 + 485520 + 487684 + 489374 + 494072 + 496204 + 498534 + 502232 + 504996 + 509858 + 524184 + 528440 + local, remote + + + 1.2.9-r2 + 1.2.9-r2 + + + +

libvirt is a C toolkit for manipulating virtual machines.

+ + +

Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service or cause + information leakage. A local attacker may be able to escalate privileges, + cause a Denial of Service or possibly execute arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All libvirt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.2.9-r2" + + + + + CVE-2013-4292 + CVE-2013-4296 + CVE-2013-4297 + CVE-2013-4399 + CVE-2013-4400 + CVE-2013-4401 + CVE-2013-5651 + CVE-2013-6436 + CVE-2013-6456 + CVE-2013-6457 + CVE-2013-6458 + CVE-2013-7336 + CVE-2014-0028 + CVE-2014-0179 + CVE-2014-1447 + CVE-2014-3633 + CVE-2014-5177 + CVE-2014-7823 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-05.xml new file mode 100644 index 0000000000..34a06f6c56 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-05.xml @@ -0,0 +1,53 @@ + + + + Clam AntiVirus: Denial of service + A vulnerability in Clam AntiVirus can lead to a Denial of Service + condition. + + clamav + December 09, 2014 + December 09, 2014: 2 + 529728 + remote + + + 0.98.5 + 0.98.5 + + + +

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, + designed especially for e-mail scanning on mail gateways. +

+ + +

A heap-based buffer overflow exists in the cli_scanpe function in + libclamav/pe.c in ClamAV. +

+ + +

A remote attacker could possibly cause a Denial of Service condition via + a specially crafted file. +

+ + +

There is no known workaround at this time.

+ + +

All Clam AntiVirus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98.5" + + + + + CVE-2014-9050 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-06.xml new file mode 100644 index 0000000000..5983702013 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-06.xml @@ -0,0 +1,51 @@ + + + + libxml2: Denial of Service + A vulnerability in libxml2 could result in Denial of Service. + libxml2 + December 10, 2014 + December 10, 2014: 1 + 525656 + local, remote + + + 2.9.2 + 2.9.2 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

parser.c in libxml2 before 2.9.2 does not properly prevent entity + expansion even when entity substitution has been disabled. +

+ + +

A context-dependent attacker could entice a user to a specially crafted + XML file using an application linked against libxml2, possibly resulting + in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.2" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2014-3660 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-07.xml new file mode 100644 index 0000000000..112fac5c4b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-07.xml @@ -0,0 +1,59 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + flash,ACE + December 11, 2014 + December 11, 2014: 1 + 530692 + 532074 + remote + + + 11.2.202.425 + 11.2.202.425 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.425" + + + + + CVE-2014-0580 + CVE-2014-0587 + CVE-2014-8439 + CVE-2014-8443 + CVE-2014-9162 + CVE-2014-9163 + CVE-2014-9164 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-08.xml new file mode 100644 index 0000000000..172c499b2f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-08.xml @@ -0,0 +1,428 @@ + + + + Multiple packages, Multiple vulnerabilities fixed in 2010 + This GLSA contains notification of vulnerabilities found in several + Gentoo packages which have been fixed prior to January 1, 2011. The worst + of these vulnerabilities could lead to local privilege escalation and + remote code execution. Please see the package list and CVE identifiers + below for more information. + + + December 11, 2014 + December 11, 2014: 1 + 159556 + 208464 + 253822 + 259968 + 298067 + 300375 + 300943 + 302478 + 307525 + 307633 + 315235 + 316697 + 319719 + 320961 + 322457 + 325507 + 326759 + 326953 + 329125 + 329939 + 331421 + 332527 + 333661 + local, remote + + + 6.7.1-r1 + 6.7.1-r1 + + + 804.028-r2 + 804.028-r2 + + + 5.1.4 + 5.1.4 + + + 8.4.18-r1 + 8.4.18-r1 + + + 0.6.8 + 0.6.8 + + + 7.1 + + + 1.2.17.1 + 1.2.17.1 + + + 2.2.49 + 2.2.49 + + + 1.2.0-r4 + 1.2.0-r4 + + + 1.4 + 1.4 + + + 4.2.4.3 + 4.2.4.3 + + + 0.2 + 0.2 + + + 1.5.4.3-r3 + 1.5.4.3-r3 + + + 1.4.14-r1 + 1.4.14-r1 + + + 4.3.5-r1 + 4.3.5-r1 + + + 2.18.7 + 2.18.7 + + + 4.3.5-r1 + 4.3.5-r1 + + + 1.13 + 1.13 + + + 1.4.6 + 1.4.6 + + + 0.9.23 + 0.9.23 + + + 4.3 + 4.3 + + + 3.7.1 + 3.7.1 + + + 4.0.6 + 4.0.6 + + + 2010.08.05 + 2010.08.05 + + + 1.3.2 + 1.3.2 + + + 20100418 + 20100418 + + + 1.1-r1 + 1.1-r1 + + + +

For more information on the packages listed in this GLSA, please see + their homepage referenced in the ebuild. +

+ + +

Vulnerabilities have been discovered in the packages listed below. + Please review the CVE identifiers in the Reference section for details. +

+ +
    +
  • Insight
    • +
  • Perl Tk Module
    • +
  • Source-Navigator
    • +
  • Tk
    • +
  • Partimage
    • +
  • Mlmmj
    • +
  • acl
    • +
  • Xinit
    • +
  • gzip
    • +
  • ncompress
    • +
  • liblzw
    • +
  • splashutils
    • +
  • GNU M4
    • +
  • KDE Display Manager
    • +
  • GTK+
    • +
  • KGet
    • +
  • dvipng
    • +
  • Beanstalk
    • +
  • Policy Mount
    • +
  • pam_krb5
    • +
  • GNU gv
    • +
  • LFTP
    • +
  • Uzbl
    • +
  • Slim
    • +
  • Bitdefender Console
    • +
  • iputils
    • +
  • DVBStreamer
    • +
+ + +

A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, cause Denial of Service, obtain sensitive + information, or otherwise bypass security restrictions. +

+ + +

There are no known workarounds at this time.

+ + +

All Insight users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1" + + +

All Perl Tk Module users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2" + + +

All Source-Navigator users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4" + + +

All Tk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1" + + +

All Partimage users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8" + + +

All Mlmmj users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1" + + +

All acl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49" + + +

All Xinit users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4" + + +

All gzip users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4" + + +

All ncompress users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3" + + +

All liblzw users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2" + + +

All splashutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-gfx/splashutils-1.5.4.3-r3" + + +

All GNU M4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1" + + +

All KDE Display Manager users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1" + + +

All GTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7" + + +

All KGet 4.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1" + + +

All dvipng users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13" + + +

All Beanstalk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6" + + +

All Policy Mount users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23" + + +

All pam_krb5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3" + + +

All GNU gv users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1" + + +

All LFTP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6" + + +

All Uzbl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05" + + +

All Slim users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2" + + +

All iputils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418" + + +

All DVBStreamer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1" + + +

Gentoo has discontinued support for Bitdefender Console. We recommend + that users unmerge Bitdefender Console: +

+ + + # emerge --unmerge "app-antivirus/bitdefender-console" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures have + been available since 2011. It is likely that your system is already no + longer affected by these issues. +

+ + + CVE-2006-3005 + CVE-2007-2741 + CVE-2008-0553 + CVE-2008-1382 + CVE-2008-5907 + CVE-2008-6218 + CVE-2008-6661 + CVE-2009-0040 + CVE-2009-0360 + CVE-2009-0361 + CVE-2009-0946 + CVE-2009-2042 + CVE-2009-2624 + CVE-2009-3736 + CVE-2009-4029 + CVE-2009-4411 + CVE-2009-4896 + CVE-2010-0001 + CVE-2010-0436 + CVE-2010-0732 + CVE-2010-0829 + CVE-2010-1000 + CVE-2010-1205 + CVE-2010-1511 + CVE-2010-2056 + CVE-2010-2060 + CVE-2010-2192 + CVE-2010-2251 + CVE-2010-2529 + CVE-2010-2809 + CVE-2010-2945 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-09.xml new file mode 100644 index 0000000000..eefa163a8d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-09.xml @@ -0,0 +1,439 @@ + + + + Multiple packages, Multiple vulnerabilities fixed in 2011 + This GLSA contains notification of vulnerabilities found in several + Gentoo packages which have been fixed prior to January 1, 2012. The worst + of these vulnerabilities could lead to local privilege escalation and + remote code execution. Please see the package list and CVE identifiers + below for more information. + + + December 11, 2014 + December 11, 2014: 2 + 194151 + 294253 + 294256 + 334087 + 344059 + 346897 + 350598 + 352608 + 354209 + 355207 + 356893 + 358611 + 358785 + 358789 + 360891 + 361397 + 362185 + 366697 + 366699 + 369069 + 370839 + 372971 + 376793 + 381169 + 386321 + 386361 + local, remote + + + 0.5.0-r1 + + + 4.38.00 + 4.38.00 + + + 1.2.0 + 1.2.0 + + + 2.02.72 + 2.02.72 + + + 2.4.4 + 2.4.4 + + + 1.1.19 + 1.1.19 + + + 1.5.4.26862-r3 + 1.5.4.26862-r3 + + + 1.2.7 + 1.2.7 + + + 4.1.4.3 + 4.1.4.3 + + + 1.9.2-r1 + 1.9.2-r1 + + + 2.3.0-r1 + 2.3.0-r1 + + + 1.0.4-r1 + 1.0.4-r1 + + + 3.9.5 + 3.9.5 + + + 3.0.8 + 3.0.8 + + + 1.2.17 + 1.2.17 + + + 1.0.9 + 1.0.9 + + + 2.32.2 + 2.32.2 + + + 0.9.6-r1 + 0.9.6-r1 + + + 3.2.4 + 3.2.4 + + + 3.20 + 3.20 + + + 3.8.4-r3 + 3.8.4-r3 + + + 2.34.3 + 2.34.3 + + + 20110502-r1 + 20110502-r1 + + + 1.5.9.1 + 1.5.9.1 + + + 2.1.0 + 2.1.0 + + + +

For more information on the packages listed in this GLSA, please see + their homepage referenced in the ebuild. +

+ + +

Vulnerabilities have been discovered in the packages listed below. + Please review the CVE identifiers in the Reference section for details. +

+ +
    +
  • FMOD Studio
    • +
  • PEAR Mail
    • +
  • LVM2
    • +
  • GnuCash
    • +
  • xine-lib
    • +
  • Last.fm Scrobbler
    • +
  • WebKitGTK+
    • +
  • shadow tool suite
    • +
  • PEAR
    • +
  • unixODBC
    • +
  • Resource Agents
    • +
  • mrouted
    • +
  • rsync
    • +
  • XML Security Library
    • +
  • xrdb
    • +
  • Vino
    • +
  • OProfile
    • +
  • syslog-ng
    • +
  • sFlow Toolkit
    • +
  • GNOME Display Manager
    • +
  • libsoup
    • +
  • CA Certificates
    • +
  • Gitolite
    • +
  • QtCreator
    • +
  • Racer
    • +
+ + +

A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, cause Denial of Service, obtain sensitive + information, or otherwise bypass security restrictions. +

+ + +

There are no known workarounds at this time.

+ + +

All FMOD Studio users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" + + +

All PEAR Mail users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" + + +

All LVM2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" + + +

All GnuCash users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" + + +

All xine-lib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" + + +

All Last.fm Scrobbler users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-sound/lastfmplayer-1.5.4.26862-r3" + + +

All WebKitGTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" + + +

All shadow tool suite users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" + + +

All PEAR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" + + +

All unixODBC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" + + +

All Resource Agents users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=sys-cluster/resource-agents-1.0.4-r1" + + +

All mrouted users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" + + +

All rsync users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" + + +

All XML Security Library users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" + + +

All xrdb users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" + + +

All Vino users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" + + +

All OProfile users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" + + +

All syslog-ng users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" + + +

All sFlow Toolkit users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" + + +

All GNOME Display Manager users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" + + +

All libsoup users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" + + +

All CA Certificates users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-misc/ca-certificates-20110502-r1" + + +

All Gitolite users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" + + +

All QtCreator users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" + + +

Gentoo has discontinued support for Racer. We recommend that users + unmerge Racer: +

+ + + # emerge --unmerge "games-sports/racer-bin" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures have + been available since 2012. It is likely that your system is already no + longer affected by these issues. +

+ + + CVE-2007-4370 + CVE-2009-4023 + CVE-2009-4111 + CVE-2010-0778 + CVE-2010-1780 + CVE-2010-1782 + CVE-2010-1783 + CVE-2010-1784 + CVE-2010-1785 + CVE-2010-1786 + CVE-2010-1787 + CVE-2010-1788 + CVE-2010-1790 + CVE-2010-1791 + CVE-2010-1792 + CVE-2010-1793 + CVE-2010-1807 + CVE-2010-1812 + CVE-2010-1814 + CVE-2010-1815 + CVE-2010-2526 + CVE-2010-2901 + CVE-2010-3255 + CVE-2010-3257 + CVE-2010-3259 + CVE-2010-3362 + CVE-2010-3374 + CVE-2010-3389 + CVE-2010-3812 + CVE-2010-3813 + CVE-2010-3999 + CVE-2010-4042 + CVE-2010-4197 + CVE-2010-4198 + CVE-2010-4204 + CVE-2010-4206 + CVE-2010-4492 + CVE-2010-4493 + CVE-2010-4577 + CVE-2010-4578 + CVE-2011-0007 + CVE-2011-0465 + CVE-2011-0482 + CVE-2011-0721 + CVE-2011-0727 + CVE-2011-0904 + CVE-2011-0905 + CVE-2011-1072 + CVE-2011-1097 + CVE-2011-1144 + CVE-2011-1425 + CVE-2011-1572 + CVE-2011-1760 + CVE-2011-1951 + CVE-2011-2471 + CVE-2011-2472 + CVE-2011-2473 + CVE-2011-2524 + CVE-2011-3365 + CVE-2011-3366 + CVE-2011-3367 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-10.xml new file mode 100644 index 0000000000..77e07db4dd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-10.xml @@ -0,0 +1,166 @@ + + + + Multiple packages, Multiple vulnerabilities fixed in 2012 + This GLSA contains notification of vulnerabilities found in several + Gentoo packages which have been fixed prior to January 1, 2013. The worst + of these vulnerabilities could lead to local privilege escalation and + remote code execution. Please see the package list and CVE identifiers + below for more information. + + + December 11, 2014 + December 11, 2014: 1 + 284536 + 300903 + 334475 + 358787 + 371320 + 372905 + 399427 + 401645 + 427802 + 428776 + local, remote + + + 1.8.004.20120613 + 1.8.004.20120613 + + + 0.32.2 + 0.28.2-r204 + 0.28.2-r206 + 0.32.2 + + + 3.33 + 3.33 + + + 0.9.33 + 0.9.33 + + + 1.0 + 1.0 + + + 3.3.7 + 3.3.7 + + + 2.2.4 + 2.2.4 + + + +

For more information on the packages listed in this GLSA, please see + their homepage referenced in the ebuild. +

+ + +

Vulnerabilities have been discovered in the packages listed below. + Please review the CVE identifiers in the Reference section for details. +

+ +
    +
  • EGroupware
    • +
  • VTE
    • +
  • Layer Four Traceroute (LFT)
    • +
  • Suhosin
    • +
  • Slock
    • +
  • Ganglia
    • +
  • Jabber to GaduGadu Gateway
    • +
+ + +

A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, cause Denial of Service, obtain sensitive + information, or otherwise bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All EGroupware users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-apps/egroupware-1.8.004.20120613" + + +

All VTE 0.32 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/vte-0.32.2" + + +

All VTE 0.28 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/vte-0.28.2-r204" + + +

All Layer Four Traceroute users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/lft-3.33" + + +

All Suhosin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/suhosin-0.9.33" + + +

All Slock users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/slock-1.0" + + +

All Ganglia users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/ganglia-3.3.7" + + +

All Jabber to GaduGadu Gateway users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/gg-transport-2.2.4" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures have + been available since 2013. It is likely that your system is already no + longer affected by these issues. +

+ + + CVE-2008-4776 + CVE-2010-2713 + CVE-2010-3313 + CVE-2010-3314 + CVE-2011-0765 + CVE-2011-2198 + CVE-2012-0807 + CVE-2012-0808 + CVE-2012-1620 + CVE-2012-2738 + CVE-2012-3448 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-11.xml new file mode 100644 index 0000000000..81e484fee6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-11.xml @@ -0,0 +1,85 @@ + + + + AMD64 x86 emulation base libraries: Multiple vulnerabilities + Multiple vulnerabilities have been found in AMD64 x86 emulation + base libraries, the worst of which may allow remote execution of arbitrary + code. + + emul-linux-x86-baselibs + December 12, 2014 + December 12, 2014: 1 + 196865 + 335508 + 483632 + 508322 + local, remote + + + 20140406-r1 + 20140406-r1 + + + +

AMD64 x86 emulation base libraries provides pre-compiled 32-bit + libraries. +

+ + +

Multiple vulnerabilities have been discovered in AMD64 x86 emulation + base libraries. Please review the CVE identifiers referenced below for + details. +

+ + +

A context-dependent attacker may be able to execute arbitrary code, + cause a Denial of Service condition, or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All users of the AMD64 x86 emulation base libraries should upgrade to + the latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/emul-linux-x86-baselibs-20140406-r1" + + +

NOTE: One or more of the issues described in this advisory have been + fixed in previous updates. They are included in this advisory for the + sake of completeness. It is likely that your system is already no longer + affected by them. +

+ + + CVE-2007-0720 + CVE-2007-1536 + CVE-2007-2026 + CVE-2007-2445 + CVE-2007-2741 + CVE-2007-3108 + CVE-2007-4995 + CVE-2007-5116 + CVE-2007-5135 + CVE-2007-5266 + CVE-2007-5268 + CVE-2007-5269 + CVE-2007-5849 + CVE-2010-1205 + CVE-2013-0338 + CVE-2013-0339 + CVE-2013-1664 + CVE-2013-1969 + CVE-2013-2877 + CVE-2014-0160 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-12.xml new file mode 100644 index 0000000000..59fb651fd2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-12.xml @@ -0,0 +1,62 @@ + + + + D-Bus: Multiple Vulnerabilities + Multiple vulnerabilities have been found in D-Bus, possibly + resulting in local Denial of Service. + + dbus + December 13, 2014 + December 13, 2014: 1 + 512940 + 516080 + 522982 + 528900 + local + + + 1.8.10 + 1.8.10 + + + +

D-Bus is a message bus system, a simple way for applications to talk to + one another. +

+ + +

Multiple vulnerabilities have been discovered in D-Bus. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All D-Bus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.8.10" + + + + + CVE-2014-3477 + CVE-2014-3532 + CVE-2014-3533 + CVE-2014-3635 + CVE-2014-3636 + CVE-2014-3637 + CVE-2014-3638 + CVE-2014-3639 + CVE-2014-7824 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-13.xml new file mode 100644 index 0000000000..40cc91c0d0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-13.xml @@ -0,0 +1,74 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium, the worst of + which can allow remote attackers to execute arbitrary code. + + chromium + December 13, 2014 + December 13, 2014: 1 + 524764 + 529858 + remote + + + 39.0.2171.65 + 39.0.2171.65 + + + +

Chromium is an open-source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-39.0.2171.65" + + + + CVE-2014-3188 + CVE-2014-3189 + CVE-2014-3190 + CVE-2014-3191 + CVE-2014-3192 + CVE-2014-3193 + CVE-2014-3194 + CVE-2014-3195 + CVE-2014-3197 + CVE-2014-3198 + CVE-2014-3199 + CVE-2014-3200 + CVE-2014-7899 + CVE-2014-7900 + CVE-2014-7901 + CVE-2014-7902 + CVE-2014-7903 + CVE-2014-7904 + CVE-2014-7906 + CVE-2014-7907 + CVE-2014-7908 + CVE-2014-7909 + CVE-2014-7910 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-14.xml new file mode 100644 index 0000000000..c8e74a0897 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-14.xml @@ -0,0 +1,50 @@ + + + + Xfig: User-assisted execution of arbitrary code + Two vulnerabilities have been found in Xfig, possibly resulting in + execution of arbitrary code or Denial of Service. + + xfig + December 13, 2014 + December 13, 2014: 1 + 297379 + remote + + + 3.2.5c + 3.2.5c + + + +

Xfig is an interactive drawing tool.

+ + +

A stack-based buffer overflow and a stack consumption vulnerability have + been found in Xfig. +

+ + +

A remote attacker could entice a user to open a specially-crafted file, + potentially resulting in arbitrary code execution or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Xfig users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/xfig-3.2.5c" + + + + CVE-2009-4227 + CVE-2009-4228 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-15.xml new file mode 100644 index 0000000000..5dafa99c09 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-15.xml @@ -0,0 +1,61 @@ + + + + MCollective: Privilege escalation + Two vulnerabilities have been found in MCollective, the worst of + which could lead to privilege escalation. + + mcollective + December 13, 2014 + December 13, 2014: 1 + 513292 + 517286 + local + + + 2.5.3 + 2.5.3 + + + +

MCollective is a framework to build server orchestration or parallel job + execution systems. +

+ + +

Two vulnerabilities have been found in MCollective:

+ +
    +
  • An untrusted search path vulnerability exists in MCollective + (CVE-2014-3248) +
    • +
  • MCollective does not properly validate server certificates + (CVE-2014-3251) +
    • +
+ + +

A local attacker can execute arbitrary a Trojan horse shared library, + potentially resulting in arbitrary code execution and privilege + escalation. Furthermore, a local attacker may be able to establish + unauthorized MCollective connections. +

+ + +

There is no known workaround at this time.

+ + +

All MCollective users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/mcollective-2.5.3" + + + + CVE-2014-3248 + CVE-2014-3251 + + K_F + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-16.xml new file mode 100644 index 0000000000..8279d5f716 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-16.xml @@ -0,0 +1,56 @@ + + + + CouchDB: Denial of Service + A vulnerability in CouchDB could result in Denial of Service. + couchdb + December 13, 2014 + December 13, 2014: 1 + 506354 + remote + + + 1.5.1 + 1.5.1 + + + +

Apache CouchDB is a distributed, fault-tolerant and schema-free + document-oriented database. +

+ + +

CouchDB does not properly sanitize the count parameter for Universally + Unique Identifiers (UUID) requests. +

+ + +

A remote attacker could send a specially crafted request to CouchDB, + possibly resulting in a Denial of Service condition. +

+ + +

The /_uuids handler can be disabled in local.ini with the following + configuration: +

+ +

[httpd_global_handlers] + _uuids = +

+ + +

All CouchDB users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/couchdb-1.5.1" + + + + CVE-2014-2668 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-17.xml new file mode 100644 index 0000000000..349b03ab7a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-17.xml @@ -0,0 +1,62 @@ + + + + GPL Ghostscript: Multiple vulnerabilities + Multiple vulnerabilities have been found in GPL Ghostscript, the + worst of which may allow execution of arbitrary code. + + ghostscript-gpl + December 13, 2014 + December 13, 2014: 1 + 264594 + 300192 + 332061 + 437654 + remote + + + 9.10-r2 + 9.10-r2 + + + +

Ghostscript is an interpreter for the PostScript language and for PDF.

+ + +

Multiple vulnerabilities have been discovered in GPL Ghostscript. Please + review the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted PostScript file or PDF using GPL Ghostscript, possibly resulting + in execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GPL Ghostscript users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-text/ghostscript-gpl-9.10-r2" + + + + CVE-2009-0196 + CVE-2009-0792 + CVE-2009-3743 + CVE-2009-4270 + CVE-2009-4897 + CVE-2010-1628 + CVE-2010-2055 + CVE-2010-4054 + CVE-2012-4405 + + a3li + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-18.xml new file mode 100644 index 0000000000..92ddc66cee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-18.xml @@ -0,0 +1,49 @@ + + + + FreeRDP: User-assisted execution of arbitrary code + An integer overflow in FreeRDP couuld result in execution of + arbitrary code or Denial of Service. + + freerdp + December 13, 2014 + December 13, 2014: 1 + 511688 + remote + + + 1.1.0_beta1_p20130710-r1 + 1.1.0_beta1_p20130710-r1 + + + +

FreeRDP is a free implementation of the remote desktop protocol.

+ + +

FreeRDP does not properly validate user-supplied input, which could lead + to an integer overflow in the xf_Pointer_New() function. +

+ + +

A remote attacker could execute arbitrary code with the privileges of + the process or cause Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All FreeRDP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-misc/freerdp-1.1.0_beta1_p20130710-r1" + + + + CVE-2014-0250 + + K_F + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-19.xml new file mode 100644 index 0000000000..128b951d4b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-19.xml @@ -0,0 +1,51 @@ + + + + PPP: Information disclosure + An integer overflow in PPP might allow local attackers to obtain + sensitive information. + + ppp + December 13, 2014 + December 13, 2014: 2 + 519650 + local + + + 2.4.7 + 2.4.7 + + + +

PPP is a Unix implementation of the Point-to-Point Protocol

+ + +

Integer overflow is discovered in the getword function in options.c in + PPP +

+ + +

A local attacker could execute process with extremely long options list, + possibly obtaining sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All PPP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.7" + + + + + CVE-2014-3158 + + K_F + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-20.xml new file mode 100644 index 0000000000..f4d4eb518b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-20.xml @@ -0,0 +1,53 @@ + + + + GNUstep Base library: Denial of Service + A vulnerability in GNUstep Base library could lead to Denial of + Service. + + gnustep-base + December 13, 2014 + December 13, 2014: 1 + 508370 + remote + + + 1.24.6-r1 + 1.24.6-r1 + + + +

GNUstep Base library is a free software package implementing the API of + the OpenStep Foundation Kit (tm), including later additions. +

+ + +

GNUstep Base library does not properly handle the file descriptor for + logging, when run as a daemon. +

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GNUstep Base library users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=gnustep-base/gnustep-base-1.24.6-r1" + + + + CVE-2014-2980 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-21.xml new file mode 100644 index 0000000000..e5610e90c7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-21.xml @@ -0,0 +1,58 @@ + + + + mod_wsgi: Privilege escalation + Two vulnerabilities have been found in mod_wsgi, the worst of which + could result in local privilege escalation. + + mod_wsgi + December 13, 2014 + December 13, 2014: 1 + 510938 + local, remote + + + 3.5 + 3.5 + + + +

mod_wsgi is an Apache2 module for running Python WSGI applications.

+ + +

Two vulnerabilities have been found in mod_wsgi:

+ +
    +
  • Error codes returned by setuid are not properly handled + (CVE-2014-0240) +
    • +
  • A memory leak exists via the “Content-Type” header + (CVE-2014-0242) +
    • +
+ + +

A local attacker may be able to gain escalated privileges. Furthermore, + a remote attacker may be able to obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All mod_wsgi users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/mod_wsgi-3.5" + + + + CVE-2014-0240 + CVE-2014-0242 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-22.xml new file mode 100644 index 0000000000..bc4797f56e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-22.xml @@ -0,0 +1,67 @@ + + + + Django: Multiple vulnerabilities + Multiple vulnerabilities have been found in Django, the worst of + which may lead to Denial of Service. + + django + December 13, 2014 + December 13, 2014: 1 + 521324 + remote + + + 1.6.7 + 1.5.10 + 1.4.15 + 1.6.7 + + + +

Django is a Python-based web framework.

+ + +

Multiple vulnerabilities have been discovered in Django. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to create a Denial of Service condition, + obtain sensitive information, or hijack web sessions. +

+ + +

There is no known workaround at this time.

+ + +

All Django 1.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.6.7" + + +

All Django 1.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.5.10" + + +

All Django 1.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.4.15" + + + + CVE-2014-0480 + CVE-2014-0481 + CVE-2014-0482 + CVE-2014-0483 + + K_F + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-23.xml new file mode 100644 index 0000000000..1ae96c7c8e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-23.xml @@ -0,0 +1,52 @@ + + + + Nagios: Multiple vulnerabilities + Multiple vulnerabilities have been found in Nagios, the worst of + which may allow remote code execution. + + nagios-core + December 13, 2014 + December 13, 2014: 1 + 447802 + 495132 + 501200 + remote + + + 3.5.1 + 3.5.1 + + + +

Nagios is an open source host, service and network monitoring program.

+ + +

Multiple vulnerabilities have been discovered in Nagios. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code, cause a Denial + of Service condition, or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Nagios users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-3.5.1" + + + + CVE-2012-6096 + CVE-2013-7108 + CVE-2013-7205 + + K_F + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-24.xml new file mode 100644 index 0000000000..4772a232b1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-24.xml @@ -0,0 +1,60 @@ + + + + OpenJPEG: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenJPEG, the worst of + which may result in execution of arbitrary code. + + openjpeg + December 13, 2014 + December 13, 2014: 1 + 484802 + 493662 + remote + + + 1.5.2 + 1.5.2 + + + +

OpenJPEG is an open-source JPEG 2000 library.

+ + +

Multiple vulnerabilities have been discovered in OpenJPEG. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted JPEG + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. Furthermore, a remote attacker may be able to obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All OpenJPEG users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-1.5.2" + + + + CVE-2013-1447 + CVE-2013-4289 + CVE-2013-4290 + CVE-2013-6045 + CVE-2013-6052 + CVE-2013-6053 + CVE-2013-6054 + CVE-2013-6887 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-25.xml new file mode 100644 index 0000000000..3661daf640 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-25.xml @@ -0,0 +1,48 @@ + + + + QtGui: Denial of Service + A NULL pointer dereference in QtGui could lead to Denial of + Service. + + qtgui + December 13, 2014 + December 13, 2014: 1 + 508984 + remote + + + 4.8.5-r2 + 4.8.5-r2 + + + +

QtGui is the GUI module and platform plugins for the Qt5 framework.

+ + +

A NULL pointer dereference has been found in QtGui.

+ + +

A remote attacker could send a specially crafted GIF image, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All QtGui users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.5-r2" + + + + CVE-2014-0190 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-26.xml new file mode 100644 index 0000000000..5d588a5c4c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-26.xml @@ -0,0 +1,53 @@ + + + + strongSwan: Multiple Vulnerabilities + Two vulnerabilities have been found in strongSwan, possibly + resulting in Denial of Service or a bypass in authentication restrictions. + + strongswan + December 13, 2014 + December 13, 2014: 1 + 507722 + 509832 + remote + + + 5.1.3 + 5.1.3 + + + +

strongSwan is an IPSec implementation for Linux.

+ + +

A NULL pointer dereference and an error in the IKEv2 implementation have + been found in strongSwan. +

+ + +

A remote attacker could create a Denial of Service condition or bypass + security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All strongSwan users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/strongswan-5.1.3" + + + + + CVE-2014-2338 + CVE-2014-2891 + + + keytoaster + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-27.xml new file mode 100644 index 0000000000..b895503a00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-27.xml @@ -0,0 +1,78 @@ + + + + Ruby: Denial of Service + Multiple vulnerabilities have been found in Ruby, allowing + context-dependent attackers to cause a Denial of Service condition. + + Ruby + December 13, 2014 + December 13, 2014: 1 + 355439 + 369141 + 396301 + 437366 + 442580 + 458776 + 492282 + 527084 + 529216 + local, remote + + + 1.9.3_p551 + 2.0.0_p598 + 2.0.0_p598 + + + +

Ruby is an object-oriented scripting language.

+ + +

Multiple vulnerabilities have been discovered in Ruby. Please review the + CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process, cause a Denial of Service condition, or + bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Ruby 1.9 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551" + + +

All Ruby 2.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598" + + + + + CVE-2011-0188 + CVE-2011-1004 + CVE-2011-1005 + CVE-2011-4815 + CVE-2012-4481 + CVE-2012-5371 + CVE-2013-0269 + CVE-2013-1821 + CVE-2013-4164 + CVE-2014-8080 + CVE-2014-8090 + + + underling + + craig + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-28.xml new file mode 100644 index 0000000000..cd049c2a7a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-28.xml @@ -0,0 +1,89 @@ + + + + Ruby on Rails: Multiple vulnerabilities + Multiple vulnerabilities were found in Ruby on Rails, the worst of + which allowing for execution of arbitrary code. + + rails + December 14, 2014 + December 14, 2014: 1 + 354249 + 379511 + 386377 + 450974 + 453844 + 456840 + 462452 + remote + + + 2.3.18 + 2.3.18 + + + +

Ruby on Rails is a web-application and persistence framework.

+ + +

Multiple vulnerabilities have been discovered in Ruby on Rails. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code or cause a Denial of + Service condition. Furthermore, a remote attacker may be able to execute + arbitrary SQL commands, change parameter names for form inputs and make + changes to arbitrary records in the system, bypass intended access + restrictions, render arbitrary views, inject arbitrary web script or + HTML, or conduct cross-site request forgery (CSRF) attacks. +

+ + +

There is no known workaround at this time.

+ + +

All Ruby on Rails 2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rails-2.3.18" + + +

NOTE: All applications using Ruby on Rails should also be configured to + use the latest version available by running “rake rails:update” + inside the application directory. +

+ +

NOTE: This is a legacy GLSA and stable updates for Ruby on Rails, + including the unaffected version listed above, are no longer available + from Gentoo. It may be possible to upgrade to the 3.2, 4.0, or 4.1 + branches, however these packages are not currently stable. +

+ + + CVE-2010-3933 + CVE-2011-0446 + CVE-2011-0447 + CVE-2011-0448 + CVE-2011-0449 + CVE-2011-2929 + CVE-2011-2930 + CVE-2011-2931 + CVE-2011-2932 + CVE-2011-3186 + CVE-2013-0155 + CVE-2013-0156 + CVE-2013-0276 + CVE-2013-0277 + CVE-2013-0333 + CVE-2013-1854 + CVE-2013-1855 + CVE-2013-1856 + CVE-2013-1857 + + craig + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-29.xml new file mode 100644 index 0000000000..9f3aa55b31 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-29.xml @@ -0,0 +1,87 @@ + + + + Apache Tomcat: Multiple vulnerabilities + Multiple vulnerabilities have been found in Apache Tomcat, the + worst of which may result in Denial of Service. + + tomcat + December 15, 2014 + March 20, 2016: 2 + 442014 + 469434 + 500600 + 511762 + 517630 + 519590 + remote + + + 7.0.56 + 6.0.41 + 6.0.42 + 6.0.43 + 6.0.44 + 6.0.45 + 6.0.46 + 6.0.47 + 6.0.48 + 7.0.56 + + + +

Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

+ + +

Multiple vulnerabilities have been discovered in Tomcat. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service condition as + well as obtain sensitive information, bypass protection mechanisms and + authentication restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Tomcat 6.0.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41" + + +

All Tomcat 7.0.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56" + + + + CVE-2012-2733 + CVE-2012-3544 + CVE-2012-3546 + CVE-2012-4431 + CVE-2012-4534 + CVE-2012-5885 + CVE-2012-5886 + CVE-2012-5887 + CVE-2013-2067 + CVE-2013-2071 + CVE-2013-4286 + CVE-2013-4322 + CVE-2013-4590 + CVE-2014-0033 + CVE-2014-0050 + CVE-2014-0075 + CVE-2014-0096 + CVE-2014-0099 + CVE-2014-0119 + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-30.xml new file mode 100644 index 0000000000..74d686985d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-30.xml @@ -0,0 +1,55 @@ + + + + Varnish: Multiple vulnerabilities + Multiple vulnerabilities have been found in Varnish, the worst of + which could allow a remote attacker to create a Denial of Service + condition. + + varnish + December 15, 2014 + December 15, 2014: 1 + 458888 + 489944 + local, remote + + + 3.0.5 + 3.0.5 + + + +

Varnish is a web application accelerator.

+ + +

Multiple vulnerabilities have been discovered in Varnish. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service condition via a + specially crafted GET request. Furthermore a local attacker could obtain + sensitive information through insecure permissions on logfiles. +

+ + +

There is no known workaround at this time.

+ + +

All Varnish users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/varnish-3.0.5" + + + + + CVE-2013-0345 + CVE-2013-4484 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-31.xml new file mode 100644 index 0000000000..e125abbc8c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-31.xml @@ -0,0 +1,49 @@ + + + + ZNC: Denial of Service + Multiple vulnerabilities in ZNC could lead to Denial of Service. + znc + December 19, 2014 + December 19, 2014: 1 + 471738 + 507794 + remote + + + 1.2-r1 + 1.2-r1 + + + +

ZNC is an advanced IRC bouncer.

+ + +

Multiple NULL pointer dereferences have been found in ZNC.

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ZNC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/znc-1.2-r1" + + + + + CVE-2013-2130 + CVE-2014-9403 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-32.xml new file mode 100644 index 0000000000..8c1f7a2614 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-32.xml @@ -0,0 +1,51 @@ + + + + sendmail: Information disclosure + A vulnerability in sendmail could allow a local attacker to obtain + sensitive information. + + sendmail + December 22, 2014 + December 22, 2014: 1 + 511760 + local + + + 8.14.9 + 8.14.9 + + + +

sendmail is a widely-used Mail Transport Agent (MTA).

+ + +

The sm_close_on_exec function in conf.c has arguments in the wrong + order. +

+ + +

A local attacker could get access to unintended high-numbered file + descriptors via a specially crafted program. +

+ + +

There is no known workaround at this time.

+ + +

All sendmail users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.14.9" + + + + + CVE-2014-3956 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-33.xml new file mode 100644 index 0000000000..7c7f0594ab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-33.xml @@ -0,0 +1,59 @@ + + + + PowerDNS Recursor: Multiple vulnerabilities + Multiple vulnerabilities have been found in PowerDNS Recursor, the + worst of which may allow execution of arbitrary code. + + pdns-recursor + December 22, 2014 + December 22, 2014: 1 + 299942 + 404377 + 514946 + 531992 + remote + + + 3.6.1-r1 + 3.6.1-r1 + + + +

PowerDNS Recursor is a high-end, high-performance resolving name server

+ + +

Multiple vulnerabilities have been discovered in PowerDNS Recursor. + Please review the CVE identifiers and PowerDNS blog post referenced below + for details. +

+ + +

A remote attacker may be able to send specially crafted packets, + possibly resulting in arbitrary code execution or a Denial of Service + condition. Furthermore, a remote attacker may be able to spoof DNS data. +

+ + +

There is no known workaround at this time.

+ + +

All PowerDNS Recursor users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.6.1-r1" + + + + CVE-2009-4009 + CVE-2009-4010 + CVE-2012-1193 + CVE-2014-8601 + + Related to recent DoS attacks: Recursor configuration file guidance + + + craig + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-34.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-34.xml new file mode 100644 index 0000000000..0e09f84a8b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-34.xml @@ -0,0 +1,55 @@ + + + + NTP: Multiple vulnerabilities + Multiple vulnerabilities have been found in NTP, the worst of which + could result in remote execution of arbitrary code. + + ntp + December 24, 2014 + December 24, 2014: 2 + 533076 + remote + + + 4.2.8 + 4.2.8 + + + +

NTP is a protocol designed to synchronize the clocks of computers over a + network. The net-misc/ntp package contains the official reference + implementation by the NTP Project. +

+ + +

Multiple vulnerabilities have been discovered in NTP. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote unauthenticated attacker may be able to execute arbitrary code + with the privileges of the process, cause a Denial of Service condition, + and obtain sensitive information that could assist in other attacks. +

+ + +

There is no known workaround at this time.

+ + +

All NTP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8" + + + + CVE-2014-9293 + CVE-2014-9294 + CVE-2014-9295 + CVE-2014-9296 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-35.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-35.xml new file mode 100644 index 0000000000..577ec5ad1e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-35.xml @@ -0,0 +1,55 @@ + + + + RSYSLOG: Denial of Service + Multiple vulnerabilities have been found in RSYSLOG, allowing + attackers to cause Denial of Service. + + rsyslog + December 24, 2014 + December 24, 2014: 1 + 395709 + 491856 + 524058 + 524290 + local, remote + + + 8.4.2 + 8.4.2 + + + +

RSYSLOG is an enhanced multi-threaded syslogd with database support and + more. +

+ + +

Multiple vulnerabilities have been discovered in RSYSLOG. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker may be able to create a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All RSYSLOG users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/rsyslog-8.4.2" + + + + CVE-2011-4623 + CVE-2014-3634 + CVE-2014-3683 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-36.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-36.xml new file mode 100644 index 0000000000..4393c6743e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-36.xml @@ -0,0 +1,50 @@ + + + + libvirt: Denial of Service + Multiple vulnerabilities have been found in libvirt, worst of which + allows context-dependent attackers to cause Denial of Service. + + libvirt + December 24, 2014 + December 24, 2014: 1 + 532204 + 533286 + local, remote + + + 1.2.10-r3 + 1.2.10-r3 + + + +

libvirt is a C toolkit for manipulating virtual machines.

+ + +

Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker may be able to cause Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All libvirt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.2.10-r3" + + + + + CVE-2014-8131 + CVE-2014-8135 + CVE-2014-8136 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-37.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-37.xml new file mode 100644 index 0000000000..04b6eef590 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-37.xml @@ -0,0 +1,58 @@ + + + + QEMU: Multiple Vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which could result in execution of arbitrary code or Denial of Service. + + qemu + December 24, 2014 + December 24, 2014: 1 + 528922 + 529030 + 531666 + local, remote + + + 2.1.2-r2 + 2.1.2-r2 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker may be able to execute arbitrary code, + cause a Denial of Service condition, obtain sensitive information, or + bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.1.2-r2" + + + + + CVE-2014-3689 + CVE-2014-7840 + CVE-2014-8106 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-38.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-38.xml new file mode 100644 index 0000000000..fa9fb4b14c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-38.xml @@ -0,0 +1,59 @@ + + + + Icecast: Multiple Vulnerabilities + Two vulnerabilities have been found in Icecast, possibly resulting + in privilege escalation or disclosure of information. + + icecast + December 26, 2014 + December 26, 2014: 1 + 529956 + 530784 + local, remote + + + 2.4.1 + 2.4.1 + + + +

Icecast is an open source alternative to SHOUTcast that supports MP3, + OGG (Vorbis/Theora) and AAC streaming. +

+ + +

Two vulnerabilities have been discovered in Icecast:

+ +
    +
  • Icecast does not properly handle shared file descriptors + (CVE-2014-9018) +
    • +
  • Supplementary group privileges are not changed (CVE-2014-9091)
    • +
+ + +

A local attacker can possibly gain escalated privileges or obtain + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Icecast users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.1" + + + + CVE-2014-9018 + CVE-2014-9091 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-39.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-39.xml new file mode 100644 index 0000000000..394069a817 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-39.xml @@ -0,0 +1,91 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSL, the worst of + which could result in Denial of Service or Man-in-the-Middle attacks. + + openssl + December 26, 2014 + June 06, 2015: 2 + 494816 + 519264 + 525468 + remote + + + 1.0.1j + 0.9.8z_p2 + 0.9.8z_p3 + 0.9.8z_p4 + 0.9.8z_p5 + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.1j + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service condition, + perform Man-in-the-Middle attacks, obtain sensitive information, or + bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL 1.0.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j" + + +

All OpenSSL 0.9.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2013-6449 + CVE-2013-6450 + CVE-2014-3505 + CVE-2014-3506 + CVE-2014-3507 + CVE-2014-3509 + CVE-2014-3510 + CVE-2014-3511 + CVE-2014-3512 + CVE-2014-3513 + CVE-2014-3567 + CVE-2014-3568 + CVE-2014-5139 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-40.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-40.xml new file mode 100644 index 0000000000..10eae87723 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-40.xml @@ -0,0 +1,54 @@ + + + + FLAC: User-assisted execution of arbitrary code + A buffer overflow vulnerability in FLAC could lead to execution of + arbitrary code or Denial of Service. + + flac + December 26, 2014 + December 26, 2014: 1 + 530288 + remote + + + 1.3.1-r1 + 1.3.1-r1 + + + +

The Free Lossless Audio Codec (FLAC) library is the reference + implementation of the FLAC audio file format. +

+ + +

A stack-based buffer overflow flaw has been discovered in FLAC.

+ + +

A remote attacker could entice a user to open a specially crafted .flac + file using an application linked against FLAC, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All FLAC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/flac-1.3.1-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2014-8962 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-41.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-41.xml new file mode 100644 index 0000000000..96f261ce36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-41.xml @@ -0,0 +1,46 @@ + + + + OpenVPN: Denial of Service + A vulnerability in OpenVPN could lead to Denial of Service. + openvpn + December 26, 2014 + December 26, 2014: 1 + 531308 + remote + + + 2.3.6 + 2.3.6 + + + +

OpenVPN is a multi-platform, full-featured SSL VPN solution.

+ + +

OpenVPN does not properly handle control channel packets that are too + small. +

+ + +

A remote authenticated attacker could send a specially crafted control + channel packet, possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OpenVPN users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.3.6" + + + + CVE-2014-8104 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-42.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-42.xml new file mode 100644 index 0000000000..414433f036 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-42.xml @@ -0,0 +1,61 @@ + + + + Xen: Denial of Service + Multiple vulnerabilities have been found in Xen, possibly resulting + in Denial of Service. + + xen + December 26, 2014 + December 31, 2014: 2 + 523524 + 524200 + local + + + 4.2.5-r1 + 4.3.3-r3 + 4.3.3-r3 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +

+ + +

A local user could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All xen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.5-r1" + + +

All xen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.3.3-r3" + + + + + CVE-2014-7154 + CVE-2014-7155 + CVE-2014-7156 + CVE-2014-7188 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-43.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-43.xml new file mode 100644 index 0000000000..bf789027e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-43.xml @@ -0,0 +1,55 @@ + + + + MuPDF: User-assisted execution of arbitrary code + Multiple vulnerabilities have been found in MuPDF, possibly + resulting in remote code execution or Denial of Service. + + mupdf + December 26, 2014 + December 26, 2014: 1 + 358029 + 498876 + remote + + + 1.3_p20140118 + 1.3_p20140118 + + + +

MuPDF is a lightweight PDF viewer and toolkit written in portable C.

+ + +

Multiple vulnerabilities have been discovered in MuPDF. Please review + the CVE identifier and Secunia Research referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted PDF + using MuPDF, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MuPDF users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.3_p20140118" + + + + CVE-2014-2013 + Secunia Research: + MuPDF Two Integer Overflow Vulnerabilities + + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-44.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-44.xml new file mode 100644 index 0000000000..238abd7056 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-44.xml @@ -0,0 +1,49 @@ + + + + policycoreutils: Privilege escalation + A vulnerability in policycoreutils could lead to local privilege + escalation. + + policycoreutils + December 26, 2014 + December 26, 2014: 1 + 509896 + local + + + 2.2.5-r4 + 2.2.5-r4 + + + +

policycoreutils is a collection of SELinux policy utilities.

+ + +

The seunshare utility is owned by root with 4755 permissions which can + be exploited by a setuid system call. +

+ + +

A local attacker may be able to gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All policycoreutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=sys-apps/policycoreutils-2.2.5-r4" + + + + CVE-2014-3215 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-45.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-45.xml new file mode 100644 index 0000000000..f240371053 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-45.xml @@ -0,0 +1,48 @@ + + + + Facter: Privilege escalation + An untrusted search path vulnerability in Facter could lead to + local privilege escalation. + + facter + December 26, 2014 + December 26, 2014: 1 + 514476 + local + + + 1.7.6 + 1.7.6 + + + +

Facter is a cross-platform Ruby library for retrieving facts from + operating systems. +

+ + +

Facter includes the current working directory in the search path.

+ + +

A local attacker may be able to gain escalated privileges.

+ + +

There is no known workaround at this time.

+ + +

All Facter users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/facter-1.7.6" + + + + CVE-2014-3248 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-46.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-46.xml new file mode 100644 index 0000000000..b9ad0d5e5c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-46.xml @@ -0,0 +1,59 @@ + + + + LittleCMS: Denial of Service + Multiple buffer overflow flaws and a parser error in LittleCMS + could cause Denial of Service. + + lcms + December 26, 2014 + December 26, 2014: 1 + 479874 + 507788 + remote + + + 2.6-r1 + 2.6-r1 + + + +

LittleCMS, or short lcms, is a color management system for working with + ICC profiles. It is used by many applications including GIMP and Firefox. +

+ + +

Multiple stack-based buffer overflows and a profile parser error have + been found in LittleCMS. +

+ + +

A remote attacker could entice a user or automated system to open a + specially crafted file containing a malicious ICC profile, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All LittleCMS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/lcms-2.6-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ +

NOTE: Gentoo has discontinued support for the LittleCMS 1.9 branch.

+ + + CVE-2013-4276 + CVE-2014-0459 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-47.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-47.xml new file mode 100644 index 0000000000..7154eca852 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-47.xml @@ -0,0 +1,79 @@ + + + + TORQUE Resource Manager: Multiple vulnerabilities + Multiple vulnerabilities have been found in TORQUE Resource + Manager, possibly resulting in escalation of privileges or remote code + execution. + + torque + December 26, 2014 + December 26, 2014: 1 + 372959 + 378805 + 390167 + 484320 + 491270 + 510726 + local, remote + + + 4.1.7 + 2.5.13 + 4.1.7 + + + +

TORQUE is a resource manager and queuing system based on OpenPBS.

+ + +

Multiple vulnerabilities have been discovered in TORQUE Resource + Manager. Please review the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All TORQUE Resource Manager 4.x users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/torque-4.1.7" + + +

All TORQUE Resource Manager 2.x users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/torque-2.5.13" + + +

NOTE: One or more of the issues described in this advisory have been + fixed in previous updates. They are included in this advisory for the + sake of completeness. It is likely that your system is already no longer + affected by them. +

+ + + CVE-2011-2193 + CVE-2011-2907 + CVE-2011-4925 + CVE-2013-4319 + CVE-2013-4495 + CVE-2014-0749 + + + underling + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-48.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-48.xml new file mode 100644 index 0000000000..f6dad95252 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-48.xml @@ -0,0 +1,49 @@ + + + + file: Denial of Service + A vulnerability in file could allow a context-dependent attack to + create a Denial of Service condition. + + file + December 27, 2014 + December 27, 2014: 1 + 532686 + local, remote + + + 5.21 + 5.21 + + + +

The file utility attempts to identify a file’s format by scanning + binary data for patterns. +

+ + +

An issue with the ELF parser used by the file utility can cause a + resource consumption when reading a specially-crafted ELF binary. +

+ + +

A context-dependent attacker may be able to cause Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All file users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-5.21" + + + + + CVE-2014-8117 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-49.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-49.xml new file mode 100644 index 0000000000..7ffe9d4390 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-49.xml @@ -0,0 +1,54 @@ + + + + fish: Multiple vulnerabilities + Multiple vulnerabilities have been found in fish, the worst of + which could result in local privilege escalation or remote arbitrary code + execution. + + fish + December 28, 2014 + December 28, 2014: 1 + 509044 + local, remote + + + 2.1.1 + 2.1.1 + + + +

fish is the Friendly Interactive SHell.

+ + +

Multiple vulnerabilities have been discovered in fish. Please review the + CVE identifiers referenced below for details. +

+ + +

A local attacker may be able to gain escalated privileges or overwrite + arbitrary files. Furthermore, a remote attacker may be able to execute + arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All fish users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/fish-2.1.1" + + + + + CVE-2014-2905 + CVE-2014-2906 + CVE-2014-2914 + CVE-2014-3219 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-50.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-50.xml new file mode 100644 index 0000000000..c5e4cf7f90 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-50.xml @@ -0,0 +1,53 @@ + + + + getmail: Information disclosure + Multiple vulnerabilities have been discovered in getmail, allowing + remote attackers to obtain sensitive information. + + getmail + December 28, 2014 + December 28, 2014: 1 + 524684 + remote + + + 4.46.0 + 4.46.0 + + + +

getmail is a POP3 mail retriever with reliable Maildir and mbox + delivery. +

+ + +

Multiple vulnerabilities have been discovered in getmail. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a man-in-the-middle attack via multiple + vectors to obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All getmail users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/getmail-4.46.0" + + + + + CVE-2014-7273 + CVE-2014-7274 + CVE-2014-7275 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-51.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-51.xml new file mode 100644 index 0000000000..bfd67d8b3a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-51.xml @@ -0,0 +1,56 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities have been found in Asterisk, the worst of + which could lead to Denial of Service, bypass intended ACL restrictions or + allow an authenticated user to gain escalated privileges. + + asterisk,dos,escalated,acl + December 28, 2014 + December 28, 2014: 1 + 530056 + 532242 + remote + + + 11.14.2 + 11.14.2 + + + +

Asterisk is an open source telephony engine and toolkit.

+ + +

Multiple unspecified vulnerabilities have been discovered in Asterisk. + Please review the CVE identifiers referenced below for details. +

+ + +

Unauthenticated remote attackers can cause Denial of Service or bypass + intended ACL restrictions. Authenticated remote attackers can gain + escalated privileges. +

+ + +

There is no known workaround at this time.

+ + +

All asterisk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.14.2" + + + + + CVE-2014-8412 + CVE-2014-8414 + CVE-2014-8417 + CVE-2014-8418 + CVE-2014-9374 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-52.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-52.xml new file mode 100644 index 0000000000..afbc7e4b59 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-52.xml @@ -0,0 +1,61 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark which could + allow remote attackers to cause Denial of Service. + + wireshark + December 28, 2014 + December 28, 2014: 1 + 522968 + 529100 + remote + + + 1.12.2 + 1.12.2 + + + +

Wireshark is a network protocol analyzer formerly known as ethereal.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause a Denial of Service condition via specially + crafted packets. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.12.2" + + + + + CVE-2014-6421 + CVE-2014-6422 + CVE-2014-6423 + CVE-2014-6424 + CVE-2014-6425 + CVE-2014-6426 + CVE-2014-6427 + CVE-2014-6428 + CVE-2014-6429 + CVE-2014-6430 + CVE-2014-6431 + CVE-2014-6432 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-53.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-53.xml new file mode 100644 index 0000000000..fe05d50d41 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201412-53.xml @@ -0,0 +1,57 @@ + + + + MIT Kerberos 5: User-assisted execution of arbitrary code + A vulnerability has been found in MIT Kerberos 5, possibly + resulting in arbitrary code execution or a Denial of Service condition. + + mit-krb5 + December 31, 2014 + December 31, 2014: 1 + 516334 + 517936 + 519518 + 523506 + remote + + + 1.13 + 1.13 + + + +

MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +

+ + +

Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary code with the privileges of + the process or cause Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All MIT Kerberos 5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13" + + + + + CVE-2014-4341 + CVE-2014-4343 + CVE-2014-4345 + CVE-2014-5351 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-01.xml new file mode 100644 index 0000000000..6fb19c2e92 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-01.xml @@ -0,0 +1,55 @@ + + + + mpg123: User-assisted execution of arbitrary code + A vulnerability has been found in mpg123, which could result in + arbitrary code execution. + + mpg123 + February 06, 2015 + February 06, 2015: 1 + 500262 + remote + + + 1.18.1 + 1.18.1 + + + +

mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and + 3. +

+ + +

An issue has been found in mpg123 when decoding specifically crafted MP3 + file, that causes a heap-based buffer overflow. +

+ + +

A remote attacker could entice a user to open a specially crafted MPEG + file using mpg123, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All mpg123 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg123-1.18.1" + + + + CVE-2014-9497 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-02.xml new file mode 100644 index 0000000000..873d4e0144 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-02.xml @@ -0,0 +1,83 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + February 06, 2015 + February 06, 2015: 1 + 536562 + 537378 + 537426 + 538982 + remote + + + 11.2.202.442 + 11.2.202.442 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.442" + + + + + CVE-2015-0301 + CVE-2015-0302 + CVE-2015-0303 + CVE-2015-0304 + CVE-2015-0305 + CVE-2015-0306 + CVE-2015-0307 + CVE-2015-0308 + CVE-2015-0309 + CVE-2015-0310 + CVE-2015-0311 + CVE-2015-0314 + CVE-2015-0315 + CVE-2015-0316 + CVE-2015-0317 + CVE-2015-0318 + CVE-2015-0319 + CVE-2015-0320 + CVE-2015-0321 + CVE-2015-0322 + CVE-2015-0323 + CVE-2015-0324 + CVE-2015-0325 + CVE-2015-0326 + CVE-2015-0327 + CVE-2015-0328 + CVE-2015-0329 + CVE-2015-0330 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-03.xml new file mode 100644 index 0000000000..af06cfe144 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-03.xml @@ -0,0 +1,56 @@ + + + + BIND: Multiple Vulnerabilities + Multiple vulnerabilities have been found in BIND, allowing remote + attackers to cause a + denial of service condition. + + bind + February 07, 2015 + February 07, 2015: 1 + 531998 + remote + + + 9.10.1_p1 + 9.10.1_p1 + + + +

BIND (Berkeley Internet Name Domain) is a Name Server.

+ + +

Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause a denial of service condition by the lack of + GeoIP databases, or via a large or infinite number of referrals. +

+ + +

There is no known workaround at this time.

+ + +

All bind users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.1_p1" + + + + + CVE-2014-3214 + CVE-2014-8500 + CVE-2014-8680 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-04.xml new file mode 100644 index 0000000000..1a400f1b63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-04.xml @@ -0,0 +1,109 @@ + + + + MediaWiki: Multiple vulnerabilities + Multiple vulnerabilities have been found in MediaWiki, the worst of + which may allow remote attackers to execute arbitrary code. + + mediawiki + February 07, 2015 + February 07, 2015: 1 + 498064 + 499632 + 503012 + 506018 + 515138 + 518608 + 523852 + 524364 + 532920 + remote + + + 1.23.8 + 1.22.15 + 1.19.23 + 1.23.8 + + + +

MediaWiki is a collaborative editing software used by large projects + such as Wikipedia. +

+ + +

Multiple vulnerabilities have been discovered in MediaWiki. Please + review the CVE identifiers and MediaWiki announcement referenced below + for details. +

+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the process, create a Denial of Service condition, obtain + sensitive information, bypass security restrictions, and inject arbitrary + web script or HTML. +

+ + +

There is no known workaround at this time.

+ + +

All MediaWiki 1.23 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.8" + + +

All MediaWiki 1.22 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.22.15" + + +

All MediaWiki 1.19 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.23" + + + + CVE-2013-6451 + CVE-2013-6452 + CVE-2013-6453 + CVE-2013-6454 + CVE-2013-6472 + CVE-2014-1610 + CVE-2014-2242 + CVE-2014-2243 + CVE-2014-2244 + CVE-2014-2665 + CVE-2014-2853 + CVE-2014-5241 + CVE-2014-5242 + CVE-2014-5243 + CVE-2014-7199 + CVE-2014-7295 + CVE-2014-9276 + CVE-2014-9277 + CVE-2014-9475 + CVE-2014-9476 + CVE-2014-9477 + CVE-2014-9478 + CVE-2014-9479 + CVE-2014-9480 + CVE-2014-9481 + CVE-2014-9487 + CVE-2014-9507 + + MediaWiki Security and Maintenance Releases: 1.19.17, 1.21.11, 1.22.8 and + 1.23.1 + + + Zlogene + + sdamashek + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-05.xml new file mode 100644 index 0000000000..e5918c0127 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-05.xml @@ -0,0 +1,65 @@ + + + + tcpdump: Multiple vulnerabilities + Multiple vulnerabilities in tcpdump could result in execution of + arbitrary code or Denial of Service. + + tcpdump + February 07, 2015 + February 07, 2015: 1 + 534660 + remote + + + 4.6.2-r1 + 4.6.2-r1 + + + +

tcpdump is a tool for capturing and inspecting network traffic.

+ + +

Multiple vulnerabilities have been discovered in tcpdump:

+ +
    +
  • The olsr_print function function contains an integer underflow error + (CVE-2014-8767) +
    • +
  • The geonet_print function function contains multiple integer + underflow errors (CVE-2014-8768) +
    • +
  • The decoder for the Ad hoc On-Demand Distance Vector protocol + contains an out-of-bounds memory access error (CVE-2014-8769) +
    • +
  • The ppp_hdlc function contains a buffer overflow error + (CVE-2014-9140) +
    • +
+ + +

A remote attacker may be able to send a specially crafted packet, + possibly resulting in execution of arbitrary code or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All tcpdump users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.6.2-r1" + + + + CVE-2014-8767 + CVE-2014-8768 + CVE-2014-8769 + CVE-2014-9140 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-06.xml new file mode 100644 index 0000000000..bc10035f28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-06.xml @@ -0,0 +1,49 @@ + + + + nginx: Information disclosure + An SSL session fixation vulnerability in nginx may allow remote + attackers to obtain sensitive information. + + nginx + February 07, 2015 + February 07, 2015: 1 + 522994 + remote + + + 1.7.6 + 1.7.6 + + + +

nginx is a robust, small, and high performance HTTP and reverse proxy + server. +

+ + +

An SSL session fixation vulnerability has been found in nginx when + multiple servers use the same shared ssl_session_cache or + ssl_session_ticket_key. +

+ + +

A remote attacker may be able to obtain sensitive information.

+ + +

There is no known workaround at this time.

+ + +

All nginx users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.7.6" + + + + CVE-2014-3616 + + Zlogene + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-07.xml new file mode 100644 index 0000000000..908273bf31 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-07.xml @@ -0,0 +1,52 @@ + + + + libevent: User-assisted execution of arbitrary code + Multiple integer overflow errors in libevent could result in + execution of arbitrary code or Denial of Service. + + libevent + February 07, 2015 + February 07, 2015: 1 + 535774 + local, remote + + + 2.0.22 + 2.0.22 + + + +

libevent is a library to execute a function when a specific event occurs + on a file descriptor. +

+ + +

Multiple integer overflow errors in libevent could cause a heap-based + buffer overflow. +

+ + +

A context-dependent attacker could cause an application linked against + libevent to pass an excessively long input through evbuffer, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libevent users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libevent-2.0.22" + + + + CVE-2014-6272 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-08.xml new file mode 100644 index 0000000000..180df60064 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-08.xml @@ -0,0 +1,67 @@ + + + + Libav: Multiple vulnerabilities + Multiple vulnerabilities have been found in Libav, allowing + attackers to execute arbitrary code or cause Denial of Service. + + libav + February 07, 2015 + February 07, 2015: 1 + 492582 + 515234 + 531832 + remote + + + 9.17 + 9.17 + + + +

Libav is a complete solution to record, convert and stream audio and + video. +

+ + +

Multiple vulnerabilities have been discovered in Libav. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted media + file in an application linked against Libav, possibly resulting in + execution of arbitrary code with the privileges of the application or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Libav users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/libav-9.17" + + + + CVE-2011-3934 + CVE-2011-3935 + CVE-2011-3946 + CVE-2013-0848 + CVE-2013-0851 + CVE-2013-0852 + CVE-2013-0860 + CVE-2013-0868 + CVE-2013-3672 + CVE-2013-3674 + CVE-2014-4609 + Libav News November 2, 2013 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-09.xml new file mode 100644 index 0000000000..d4d63b3aca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-09.xml @@ -0,0 +1,47 @@ + + + + Antiword: User-assisted execution of arbitrary code + A buffer overflow vulnerability in Antiword could result in + execution of arbitrary code or Denial of Service. + + antiword + February 07, 2015 + February 07, 2015: 1 + 531404 + remote + + + 0.37-r1 + 0.37-r1 + + + +

Antiword is a free MS Word reader.

+ + +

A buffer overflow vulnerability has been found in wordole.c in Antiword.

+ + +

A remote attacker could entice a user to open a specially crafted + document using Antiword, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Antiword users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/antiword-0.37-r1" + + + + CVE-2014-8123 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-10.xml new file mode 100644 index 0000000000..47912c3c6b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-10.xml @@ -0,0 +1,82 @@ + + + + libpng: User-assisted execution of arbitrary code + Two vulnerabilities have been found in libpng, possibly resulting + in execution of arbitrary code. + + libpng + February 15, 2015 + June 06, 2015: 2 + 531264 + 533358 + local, remote + + + 1.6.16 + 1.5.21 + 1.2.52 + 1.2.53 + 1.2.54 + 1.2.55 + 1.2.56 + 1.5.22 + 1.5.23 + 1.5.24 + 1.5.25 + 1.6.16 + + + +

libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +

+ + +

Two vulnerabilities have been discovered in libpng:

+ +
    +
  • The png_user_version_check function contains an out-of-bounds memory + access error (libpng 1.6.15 Release Notes) +
    • +
  • The png_combine_row function contains an integer overflow error, + which could result in a heap-based buffer overflow (CVE-2014-9495) +
    • +
+ + +

A context-dependent attacker could entice a user to open a specially + crafted PNG file using an application linked against libpng, possibly + resulting in execution of arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All libpng 1.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.16" + + +

All libpng 1.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.21" + + + + CVE-2014-9495 + + libpng 1.6.15 Release Notes + + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-11.xml new file mode 100644 index 0000000000..54b1202262 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-11.xml @@ -0,0 +1,59 @@ + + + + GNU cpio: Multiple vulnerabilities + Two vulnerabilities have been found in GNU cpio, the worst of which + could result in execution of arbitrary code. + + cpio + February 15, 2015 + February 15, 2015: 1 + 530512 + 536010 + remote + + + 2.11-r3 + 2.11-r3 + + + +

GNU cpio copies files into or out of a cpio or tar archive.

+ + +

Two vulnerabilities have been discovered in GNU cpio:

+ +
    +
  • The list_file function in GNU cpio contains a heap-based buffer + overflow vulnerability (CVE-2014-9112) +
    • +
  • A directory traversal vulnerability has been found in GNU cpio + (CVE-2015-1197) +
    • +
+ + +

A remote attacker may be able to entice a user to open a specially + crafted archive using GNU cpio, possibly resulting in execution of + arbitrary code, a Denial of Service condition, or overwriting arbitrary + files. +

+ + +

There is no known workaround at this time.

+ + +

All GNU cpio users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.11-r3" + + + + CVE-2014-9112 + CVE-2015-1197 + + ackle + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-12.xml new file mode 100644 index 0000000000..82dc636f45 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-12.xml @@ -0,0 +1,162 @@ + + + + Oracle JRE/JDK: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oracle's Java SE + Development Kit and Runtime Environment, the worst of which could lead to + execution of arbitrary code. + + oracle jre, oracle jdk + February 15, 2015 + February 15, 2015: 1 + 507798 + 508716 + 517220 + 525464 + remote + + + 1.7.0.71 + 1.7.0.71 + + + 1.7.0.71 + 1.7.0.71 + + + 1.7.0.71 + 1.7.0.71 + + + +

Oracle’s Java SE Development Kit and Runtime Environment

+ + +

Multiple vulnerabilities have been discovered in Oracle’s Java SE + Development Kit and Runtime Environment. Please review the CVE + identifiers referenced below for details. +

+ + +

A context-dependent attacker may be able to execute arbitrary code, + disclose, update, insert, or delete certain data. +

+ + +

There is no known workaround at this time.

+ + +

All Oracle JRE 1.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jre-bin-1.7.0.71" + + +

All Oracle JDK 1.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jdk-bin-1.7.0.71" + + +

All users of the precompiled 32-bit Oracle JRE should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/emul-linux-x86-java-1.7.0.71" + + + + CVE-2014-0429 + CVE-2014-0432 + CVE-2014-0446 + CVE-2014-0448 + CVE-2014-0449 + CVE-2014-0451 + CVE-2014-0452 + CVE-2014-0453 + CVE-2014-0454 + CVE-2014-0455 + CVE-2014-0456 + CVE-2014-0457 + CVE-2014-0458 + CVE-2014-0459 + CVE-2014-0460 + CVE-2014-0461 + CVE-2014-0463 + CVE-2014-0464 + CVE-2014-2397 + CVE-2014-2398 + CVE-2014-2401 + CVE-2014-2402 + CVE-2014-2403 + CVE-2014-2409 + CVE-2014-2410 + CVE-2014-2412 + CVE-2014-2413 + CVE-2014-2414 + CVE-2014-2420 + CVE-2014-2421 + CVE-2014-2422 + CVE-2014-2423 + CVE-2014-2427 + CVE-2014-2428 + CVE-2014-2483 + CVE-2014-2490 + CVE-2014-4208 + CVE-2014-4209 + CVE-2014-4216 + CVE-2014-4218 + CVE-2014-4219 + CVE-2014-4220 + CVE-2014-4221 + CVE-2014-4223 + CVE-2014-4227 + CVE-2014-4244 + CVE-2014-4247 + CVE-2014-4252 + CVE-2014-4262 + CVE-2014-4263 + CVE-2014-4264 + CVE-2014-4265 + CVE-2014-4266 + CVE-2014-4268 + CVE-2014-4288 + CVE-2014-6456 + CVE-2014-6457 + CVE-2014-6458 + CVE-2014-6466 + CVE-2014-6468 + CVE-2014-6476 + CVE-2014-6485 + CVE-2014-6492 + CVE-2014-6493 + CVE-2014-6502 + CVE-2014-6503 + CVE-2014-6504 + CVE-2014-6506 + CVE-2014-6511 + CVE-2014-6512 + CVE-2014-6513 + CVE-2014-6515 + CVE-2014-6517 + CVE-2014-6519 + CVE-2014-6527 + CVE-2014-6531 + CVE-2014-6532 + CVE-2014-6558 + CVE-2014-6562 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-13.xml new file mode 100644 index 0000000000..6d140932b6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-13.xml @@ -0,0 +1,91 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium, the worst of + which can allow remote attackers to cause Denial of Service or gain + escalated privileges. + + chromium + February 17, 2015 + February 17, 2015: 1 + 537366 + 539094 + remote + + + 40.0.2214.111 + 40.0.2214.111 + + + +

Chromium is an open-source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service condition, + gain privileges via a filesystem: URI, or have other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-40.0.2214.111" + + + + + CVE-2014-7923 + CVE-2014-7924 + CVE-2014-7925 + CVE-2014-7926 + CVE-2014-7927 + CVE-2014-7928 + CVE-2014-7929 + CVE-2014-7930 + CVE-2014-7931 + CVE-2014-7932 + CVE-2014-7933 + CVE-2014-7934 + CVE-2014-7935 + CVE-2014-7936 + CVE-2014-7937 + CVE-2014-7938 + CVE-2014-7939 + CVE-2014-7940 + CVE-2014-7941 + CVE-2014-7942 + CVE-2014-7943 + CVE-2014-7944 + CVE-2014-7945 + CVE-2014-7946 + CVE-2014-7947 + CVE-2014-7948 + CVE-2014-9646 + CVE-2014-9647 + CVE-2014-9648 + CVE-2015-1205 + CVE-2015-1209 + CVE-2015-1210 + CVE-2015-1211 + CVE-2015-1212 + CVE-2015-1346 + CVE-2015-1359 + CVE-2015-1360 + CVE-2015-1361 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-14.xml new file mode 100644 index 0000000000..b268af8c78 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-14.xml @@ -0,0 +1,47 @@ + + + + grep: Denial of Service + A vulnerability in grep could result in Denial of Service. + grep,dos + February 25, 2015 + February 25, 2015: 1 + 537046 + local + + + 2.21-r1 + 2.21-r1 + + + +

grep is the GNU regular expression matcher.

+ + +

A heap buffer overrun has been fixed in the bmexec_trans function in + kwset.c. +

+ + +

A local user can cause Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All grep users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.21-r1" + + + + + CVE-2015-1345 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-15.xml new file mode 100644 index 0000000000..dd57e80f99 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-15.xml @@ -0,0 +1,68 @@ + + + + Samba: Multiple vulnerabilities + Multiple vulnerabilities have been found in Samba, the worst of + which allowing a context-dependent attacker to bypass intended file + restrictions, cause a Denial of Service or execute arbitrary code. + + samba + February 25, 2015 + February 25, 2015: 1 + 479868 + 491070 + 493664 + 504494 + 511764 + 514676 + 541182 + local, remote + + + 3.6.25 + 3.6.25 + + + +

Samba is a suite of SMB and CIFS client/server programs.

+ + +

Multiple vulnerabilities have been discovered in Samba. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker may be able to execute arbitrary code, + cause a Denial of Service condition, bypass intended file restrictions, + or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Samba users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-3.6.25" + + + + CVE-2012-6150 + CVE-2013-4124 + CVE-2013-4408 + CVE-2013-4475 + CVE-2013-4476 + CVE-2013-4496 + CVE-2014-0178 + CVE-2014-0239 + CVE-2014-0244 + CVE-2014-3493 + CVE-2015-0240 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-01.xml new file mode 100644 index 0000000000..a52da44a28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-01.xml @@ -0,0 +1,57 @@ + + + + JasPer: Multiple Vulnerabilities + Multiple vulnerabilities have been found in JasPer, the worst of + which could could allow an attacker to execute arbitrary code. + + jasper + March 06, 2015 + March 06, 2015: 1 + 531688 + 533744 + 537530 + remote + + + 1.900.1-r9 + 1.900.1-r9 + + + +

JasPer is a software-based implementation of the codec specified in the + JPEG-2000 Part-1 standard. +

+ + +

Multiple vulnerabilities have been discovered in JasPer. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted file + using JasPer, possibly resulting in execution of arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All jasper users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r9" + + + + + CVE-2014-8137 + CVE-2014-8138 + CVE-2014-8157 + CVE-2014-8158 + CVE-2014-9029 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-02.xml new file mode 100644 index 0000000000..61eb02b425 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-02.xml @@ -0,0 +1,49 @@ + + + + D-Bus: Denial of Service + A vulnerability has been found in D-Bus, possibly resulting in + local Denial of Service. + + dbus + March 07, 2015 + March 07, 2015: 1 + 539482 + local + + + 1.8.16 + 1.8.16 + + + +

D-Bus is a message bus system, a simple way for applications to talk to + one another. +

+ + +

D-Bus doesn’t validate the source of ActivationFailure signals.

+ + +

A local attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All D-Bus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.8.16" + + + + + CVE-2015-0245 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-03.xml new file mode 100644 index 0000000000..bb2b2e6755 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-03.xml @@ -0,0 +1,82 @@ + + + + PHP: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in PHP, the worst of + which could lead to remote execution of arbitrary code. + + + March 08, 2015 + August 22, 2015: 2 + 530820 + 532914 + 533998 + remote + + + 5.5.21 + 5.4.37 + 5.4.38 + 5.4.39 + 5.4.40 + 5.4.41 + 5.4.42 + 5.4.43 + 5.4.44 + 5.4.45 + 5.5.21 + + + +

PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +

+ + +

Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker can leverage these vulnerabilities to execute + arbitrary code or cause Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All PHP 5.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.21" + + +

All PHP 5.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.37" + + +

All PHP 5.3 users should upgrade to the latest version. This branch is + currently past the end of life and it will no longer receive security + fixes. All PHP 5.3 users are strongly recommended to upgrade to the + current stable version of PHP 5.5 or previous stable version of PHP 5.4, + which are supported till at least 2016 and 2015 respectively. +

+ + + CVE-2014-3710 + CVE-2014-8142 + CVE-2014-9425 + CVE-2014-9427 + CVE-2015-0231 + CVE-2015-0232 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-04.xml new file mode 100644 index 0000000000..1c1d0c557c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-04.xml @@ -0,0 +1,83 @@ + + + + GNU C Library: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNU C Library, the + worst of which allowing a local attacker to execute arbitrary code or cause + a Denial of Service . + + glibc + March 08, 2015 + March 08, 2015: 1 + 431218 + 434408 + 454862 + 464634 + 477330 + 480734 + 484646 + 488084 + 489234 + 501196 + 513090 + 521930 + 537990 + remote + + + 2.19-r1 + 2.19-r1 + + + +

The GNU C library is the standard C library used by Gentoo Linux + systems. +

+ + +

Multiple vulnerabilities have been discovered in the GNU C Library. + Please review the CVE identifiers referenced below for details. +

+ + +

A local attacker may be able to execute arbitrary code or cause a Denial + of Service condition,. +

+ + +

There is no known workaround at this time.

+ + +

All glibc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.19-r1" + + + + + CVE-2012-3404 + CVE-2012-3405 + CVE-2012-3406 + CVE-2012-3480 + CVE-2012-4412 + CVE-2012-4424 + CVE-2012-6656 + CVE-2013-0242 + CVE-2013-1914 + CVE-2013-2207 + CVE-2013-4237 + CVE-2013-4332 + CVE-2013-4458 + CVE-2013-4788 + CVE-2014-4043 + CVE-2015-0235 + + + BlueKnight + + + creffett + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-05.xml new file mode 100644 index 0000000000..bb3443d2fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-05.xml @@ -0,0 +1,69 @@ + + + + FreeType: Multiple vulnerabilities + Multiple vulnerabilities have been found in FreeType, possibly + resulting in Denial of Service. + + freetype + March 08, 2015 + March 08, 2015: 1 + 532152 + 539796 + remote + + + 2.5.5 + 2.5.5 + + + +

FreeType is a high-quality and portable font engine.

+ + +

Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All FreeType users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.5.5" + + + + + CVE-2014-9656 + CVE-2014-9657 + CVE-2014-9658 + CVE-2014-9659 + CVE-2014-9660 + CVE-2014-9661 + CVE-2014-9662 + CVE-2014-9663 + CVE-2014-9664 + CVE-2014-9665 + CVE-2014-9666 + CVE-2014-9667 + CVE-2014-9668 + CVE-2014-9669 + CVE-2014-9670 + CVE-2014-9671 + CVE-2014-9672 + CVE-2014-9673 + CVE-2014-9674 + CVE-2014-9675 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-06.xml new file mode 100644 index 0000000000..be076ed6ed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-06.xml @@ -0,0 +1,55 @@ + + + + ICU: Multiple Vulnerabilities + Multiple vulnerabilities have been found in ICU, possibly resulting + in Denial of Service. + + icu + March 14, 2015 + March 14, 2015: 1 + 537560 + 539108 + remote + + + 54.1-r1 + 54.1-r1 + + + +

ICU is a mature, widely used set of C/C++ and Java libraries providing + Unicode and Globalization support for software applications. +

+ + +

Multiple vulnerabilities have been discovered in ICU. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All ICU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/icu-54.1-r1" + + + + + CVE-2014-7923 + CVE-2014-7926 + CVE-2014-7940 + CVE-2014-9654 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-07.xml new file mode 100644 index 0000000000..4214e35f1c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-07.xml @@ -0,0 +1,54 @@ + + + + hivex: User-assisted execution of arbitrary code + An out-of-bounds error in hivex may result in execution of + arbitrary code or Denial of Service. + + hivex + March 14, 2015 + March 14, 2015: 1 + 490990 + local, remote + + + 1.3.11 + 1.3.11 + + + +

hivex is a library for reading and writing Windows Registry ‘hive’ + binary files. +

+ + +

Manipulating a short or truncated hive file may trigger an out-of-bounds + read or write in hivex. +

+ + +

A context-dependent attacker could cause an application linked against + hivex to pass a short or truncated hive file, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All hivex users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/hivex-1.3.11" + + + + CVE-2014-9273 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-08.xml new file mode 100644 index 0000000000..5d2ece8cea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-08.xml @@ -0,0 +1,54 @@ + + + + file: Denial of Service + Vulnerabilities in file could allow a context-dependent attack to + create a Denial of Service condition. + + file,Dos + March 16, 2015 + March 16, 2015: 1 + 503582 + 532768 + local, remote + + + 5.22 + 5.22 + + + +

The file utility attempts to identify a file’s format by scanning + binary data for patterns. +

+ + +

Multiple issues with the ELF parser used by the file utility have been + detected and fixed. +

+ + +

A context-dependent attacker can cause Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All file users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/file-5.22" + + + + + CVE-2014-2270 + CVE-2014-9620 + CVE-2014-9621 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-09.xml new file mode 100644 index 0000000000..e485df5d26 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-09.xml @@ -0,0 +1,63 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + flash,ACE,DoS + March 16, 2015 + March 16, 2015: 1 + 543112 + remote + + + 11.2.202.451 + 11.2.202.451 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or bypass + security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All adobe-flash users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.451" + + + + + CVE-2015-0332 + CVE-2015-0333 + CVE-2015-0334 + CVE-2015-0335 + CVE-2015-0336 + CVE-2015-0337 + CVE-2015-0338 + CVE-2015-0339 + CVE-2015-0340 + CVE-2015-0341 + CVE-2015-0342 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-10.xml new file mode 100644 index 0000000000..d37ba8281c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-10.xml @@ -0,0 +1,78 @@ + + + + Python: Multiple vulnerabilities + Multiple vulnerabilities have been found in Python, the worst of + which could lead to arbitrary code execution. + + python + March 18, 2015 + June 17, 2015: 2 + 495224 + 500518 + 505068 + 506084 + 514686 + 523792 + 532232 + local, remote + + + 3.3.5-r1 + 2.7.9-r1 + 2.7.10 + 2.7.11 + 2.7.12 + 2.7.13 + 2.7.14 + 2.7.15 + 3.3.5-r1 + + + +

Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

Multiple vulnerabilities have been discovered in Python. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker may be able to execute arbitrary code or + cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Python 3.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1" + + +

All Python 2.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1" + + + + CVE-2013-1752 + CVE-2013-7338 + CVE-2014-1912 + CVE-2014-2667 + CVE-2014-4616 + CVE-2014-7185 + CVE-2014-9365 + + K_F + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-11.xml new file mode 100644 index 0000000000..676e30f5ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-11.xml @@ -0,0 +1,116 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSL that can result + in either Denial of Service or information disclosure. + + openssl + March 19, 2015 + June 06, 2015: 2 + 543552 + remote + + + 1.0.1l-r1 + 0.9.8z_p5 + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.1l-r1 + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been found in OpenSSL. Please review the + CVE identifiers and the upstream advisory referenced below for details: +

+ +
    +
  • RSA silently downgrades to EXPORT_RSA [Client] (Reclassified) + (CVE-2015-0204) +
    • +
  • Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
    • +
  • ASN.1 structure reuse memory corruption (CVE-2015-0287)
    • +
  • X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
    • +
  • PKCS7 NULL pointer dereferences (CVE-2015-0289)
    • +
  • Base64 decode (CVE-2015-0292)
    • +
  • DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
    • +
  • Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
    • +
+ +

The following issues affect OpenSSL 1.0.2 only which is not part of the + supported Gentoo stable tree: +

+ +
    +
  • OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
    • +
  • Multiblock corrupted pointer (CVE-2015-0290)
    • +
  • Segmentation fault in DTLSv1_listen (CVE-2015-0207)
    • +
  • Segmentation fault for invalid PSS parameters (CVE-2015-0208)
    • +
  • Empty CKE with client auth and DHE (CVE-2015-1787)
    • +
  • Handshake with unseeded PRNG (CVE-2015-0285)
    • +
+ + +

A remote attacker can utilize multiple vectors to cause Denial of + Service or Information Disclosure. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL 1.0.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1l-r1" + + +

All OpenSSL 0.9.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p5-r1" + + +

Packages which depend on the OpenSSL library need to be restarted for + the upgrade to take effect. Some packages may need to be recompiled. + Tools such as revdep-rebuild may assist in identifying some of these + packages. +

+ + + CVE-2015-0204 + CVE-2015-0207 + CVE-2015-0208 + CVE-2015-0209 + CVE-2015-0285 + CVE-2015-0287 + CVE-2015-0288 + CVE-2015-0289 + CVE-2015-0290 + CVE-2015-0291 + CVE-2015-0292 + CVE-2015-0293 + CVE-2015-1787 + OpenSSL Security + Advisory [19 Mar 2015] + + + a3li + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-12.xml new file mode 100644 index 0000000000..663d347e4e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-12.xml @@ -0,0 +1,70 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium, the worst of + which can allow remote attackers to cause Denial of Service or bypass + security restrictions. + + chromimu + March 22, 2015 + March 22, 2015: 1 + 542090 + remote + + + 41.0.2272.76 + 41.0.2272.76 + + + +

Chromium is an open-source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to cause a Denial of Service condition, + bypass security restrictions, or have other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-41.0.2272.76" + + + + + CVE-2015-1213 + CVE-2015-1214 + CVE-2015-1215 + CVE-2015-1216 + CVE-2015-1217 + CVE-2015-1218 + CVE-2015-1219 + CVE-2015-1220 + CVE-2015-1221 + CVE-2015-1222 + CVE-2015-1223 + CVE-2015-1224 + CVE-2015-1225 + CVE-2015-1226 + CVE-2015-1227 + CVE-2015-1228 + CVE-2015-1229 + CVE-2015-1230 + CVE-2015-1231 + CVE-2015-1232 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-13.xml new file mode 100644 index 0000000000..7602aa6218 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-13.xml @@ -0,0 +1,58 @@ + + + + BusyBox: Multiple vulnerabilities + Multiple vulnerabilities have been found in BusyBox, allowing + context dependent attackers to load arbitrary kernel modules, execute + arbitrary files, or cause a Denial of Service condition. + + busybox + March 29, 2015 + March 29, 2015: 1 + 515254 + 537978 + local, remote + + + 1.23.1 + 1.23.1 + + + +

BusyBox is set of tools for embedded systems and is a replacement for + GNU Coreutils. +

+ + +

Multiple vulnerabilities have been discovered in BusyBox. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker can load kernel modules without privileges + by nullifying enforced module + prefixes. Execution of arbitrary files or a Denial of Service can be + caused through the included vulnerable LZO library. +

+ + +

There is no known workaround at this time.

+ + +

All BusyBox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.23.1" + + + + + CVE-2014-4607 + CVE-2014-9645 + + K_F + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-01.xml new file mode 100644 index 0000000000..0373a7abe6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-01.xml @@ -0,0 +1,305 @@ + + + + Mozilla Products: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, + Thunderbird, and SeaMonkey, the worst of which may allow user-assisted + execution of arbitrary code. + + firefox thunderbird seamonkey + April 07, 2015 + April 08, 2015: 2 + 489796 + 491234 + 493850 + 500320 + 505072 + 509050 + 512896 + 517876 + 522020 + 523652 + 525474 + 531408 + 536564 + 541316 + 544056 + remote + + + 31.5.3 + 31.5.3 + + + 31.5.3 + 31.5.3 + + + 31.5.0 + 31.5.0 + + + 31.5.0 + 31.5.0 + + + 2.33.1 + 2.33.1 + + + 2.33.1 + 2.33.1 + + + 4.10.6 + 4.10.6 + + + +

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an + open-source email client, both from the Mozilla Project. The SeaMonkey + project is a community effort to deliver production-quality releases of + code derived from the application formerly known as the ‘Mozilla + Application Suite’. +

+ + +

Multiple vulnerabilities have been discovered in Firefox, Thunderbird, + and SeaMonkey. Please review the CVE identifiers referenced below for + details. +

+ + +

A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. Furthermore, a remote attacker may be able + to perform Man-in-the-Middle attacks, obtain sensitive information, spoof + the address bar, conduct clickjacking attacks, bypass security + restrictions and protection mechanisms, or have other unspecified + impact. +

+ + +

There are no known workarounds at this time.

+ + +

All firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3" + + +

All firefox-bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3" + + +

All thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0" + + +

All thunderbird-bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-31.5.0" + + +

All seamonkey users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1" + + +

All seamonkey-bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.33.1" + + +

All nspr users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6" + + + + + CVE-2013-1741 + CVE-2013-2566 + CVE-2013-5590 + CVE-2013-5591 + CVE-2013-5592 + CVE-2013-5593 + CVE-2013-5595 + CVE-2013-5596 + CVE-2013-5597 + CVE-2013-5598 + CVE-2013-5599 + CVE-2013-5600 + CVE-2013-5601 + CVE-2013-5602 + CVE-2013-5603 + CVE-2013-5604 + CVE-2013-5605 + CVE-2013-5606 + CVE-2013-5607 + CVE-2013-5609 + CVE-2013-5610 + CVE-2013-5612 + CVE-2013-5613 + CVE-2013-5614 + CVE-2013-5615 + CVE-2013-5616 + CVE-2013-5618 + CVE-2013-5619 + CVE-2013-6671 + CVE-2013-6672 + CVE-2013-6673 + CVE-2014-1477 + CVE-2014-1478 + CVE-2014-1479 + CVE-2014-1480 + CVE-2014-1481 + CVE-2014-1482 + CVE-2014-1483 + CVE-2014-1485 + CVE-2014-1486 + CVE-2014-1487 + CVE-2014-1488 + CVE-2014-1489 + CVE-2014-1490 + CVE-2014-1491 + CVE-2014-1492 + CVE-2014-1493 + CVE-2014-1494 + CVE-2014-1496 + CVE-2014-1497 + CVE-2014-1498 + CVE-2014-1499 + CVE-2014-1500 + CVE-2014-1502 + CVE-2014-1504 + CVE-2014-1505 + CVE-2014-1508 + CVE-2014-1509 + CVE-2014-1510 + CVE-2014-1511 + CVE-2014-1512 + CVE-2014-1513 + CVE-2014-1514 + CVE-2014-1518 + CVE-2014-1519 + CVE-2014-1520 + CVE-2014-1522 + CVE-2014-1523 + CVE-2014-1524 + CVE-2014-1525 + CVE-2014-1526 + CVE-2014-1529 + CVE-2014-1530 + CVE-2014-1531 + CVE-2014-1532 + CVE-2014-1533 + CVE-2014-1534 + CVE-2014-1536 + CVE-2014-1537 + CVE-2014-1538 + CVE-2014-1539 + CVE-2014-1540 + CVE-2014-1541 + CVE-2014-1542 + CVE-2014-1543 + CVE-2014-1544 + CVE-2014-1545 + CVE-2014-1547 + CVE-2014-1548 + CVE-2014-1549 + CVE-2014-1550 + CVE-2014-1551 + CVE-2014-1552 + CVE-2014-1553 + CVE-2014-1554 + CVE-2014-1555 + CVE-2014-1556 + CVE-2014-1557 + CVE-2014-1558 + CVE-2014-1559 + CVE-2014-1560 + CVE-2014-1561 + CVE-2014-1562 + CVE-2014-1563 + CVE-2014-1564 + CVE-2014-1565 + CVE-2014-1566 + CVE-2014-1567 + CVE-2014-1568 + CVE-2014-1574 + CVE-2014-1575 + CVE-2014-1576 + CVE-2014-1577 + CVE-2014-1578 + CVE-2014-1580 + CVE-2014-1581 + CVE-2014-1582 + CVE-2014-1583 + CVE-2014-1584 + CVE-2014-1585 + CVE-2014-1586 + CVE-2014-1587 + CVE-2014-1588 + CVE-2014-1589 + CVE-2014-1590 + CVE-2014-1591 + CVE-2014-1592 + CVE-2014-1593 + CVE-2014-1594 + CVE-2014-5369 + CVE-2014-8631 + CVE-2014-8632 + CVE-2014-8634 + CVE-2014-8635 + CVE-2014-8636 + CVE-2014-8637 + CVE-2014-8638 + CVE-2014-8639 + CVE-2014-8640 + CVE-2014-8641 + CVE-2014-8642 + CVE-2015-0817 + CVE-2015-0818 + CVE-2015-0819 + CVE-2015-0820 + CVE-2015-0821 + CVE-2015-0822 + CVE-2015-0823 + CVE-2015-0824 + CVE-2015-0825 + CVE-2015-0826 + CVE-2015-0827 + CVE-2015-0828 + CVE-2015-0829 + CVE-2015-0830 + CVE-2015-0831 + CVE-2015-0832 + CVE-2015-0833 + CVE-2015-0834 + CVE-2015-0835 + CVE-2015-0836 + + + BlueKnight + + ackle + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-02.xml new file mode 100644 index 0000000000..efce2169cb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-02.xml @@ -0,0 +1,49 @@ + + + + sudo: Information disclosure + A vulnerability in sudo could allow a local attacker to read + arbitrary files or bypass security restrictions. + + sudo + April 11, 2015 + April 11, 2015: 1 + 539532 + local + + + 1.8.12 + 1.8.12 + + + +

sudo allows a system administrator to give users the ability to run + commands as other users. Access to commands may also be granted on a + range to hosts. +

+ + +

sudo does not handle the TZ environment variable properly.

+ + +

A local attacker may be able to read arbitrary files or information from + device special files. +

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.12" + + + + CVE-2014-9680 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-03.xml new file mode 100644 index 0000000000..9024130b22 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-03.xml @@ -0,0 +1,58 @@ + + + + Apache: Multiple vulnerabilities + Multiple vulnerabilities have been found in Apache HTTP Server, the + worst of which could lead to arbitrary code execution. + + apache + April 11, 2015 + April 19, 2015: 2 + 535948 + remote + + + 2.2.29 + 2.2.29 + + + +

Apache HTTP Server is one of the most popular web servers on the + Internet. +

+ + +

Multiple vulnerabilities have been discovered in Apache HTTP Server. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Apache users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.29" + + + + + CVE-2013-5704 + CVE-2014-0118 + CVE-2014-0226 + CVE-2014-0231 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-04.xml new file mode 100644 index 0000000000..6439afb7e3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-04.xml @@ -0,0 +1,89 @@ + + + + Xen: Multiple vulnerabilities + Multiple vulnerabilities have been found in Xen, the worst of which + can allow remote attackers to cause a Denial of Service condition. + + xen + April 11, 2015 + April 11, 2015: 1 + 478280 + 482138 + 512294 + 519800 + 530182 + 530980 + 532030 + 536220 + 542266 + 543304 + 545144 + local + + + 4.4.2-r1 + 4.2.5-r8 + 4.4.2-r1 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +

+ + +

A local attacker could possibly cause a Denial of Service condition or + obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Xen 4.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.4.2-r1" + + +

All Xen 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.5-r8" + + + + CVE-2013-2212 + CVE-2013-3495 + CVE-2014-3967 + CVE-2014-3968 + CVE-2014-5146 + CVE-2014-5149 + CVE-2014-8594 + CVE-2014-8595 + CVE-2014-8866 + CVE-2014-8867 + CVE-2014-9030 + CVE-2014-9065 + CVE-2014-9066 + CVE-2015-0361 + CVE-2015-2044 + CVE-2015-2045 + CVE-2015-2152 + CVE-2015-2751 + CVE-2015-2752 + CVE-2015-2756 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-05.xml new file mode 100644 index 0000000000..4482ce493d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-05.xml @@ -0,0 +1,76 @@ + + + + MySQL and MariaDB: Multiple vulnerabilities + Multiple vulnerabilities have been found in MySQL and MariaDB, the + worst of which can allow remote attackers to cause a Denial of Service + condition. + + mysql mariadb + April 11, 2015 + April 11, 2015: 1 + 537216 + 537262 + remote + + + 5.6.22 + 5.6.22 + + + 10.0.16 + 10.0.16 + + + +

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +

+ + +

Multiple vulnerabilities have been discovered in MySQL and MariaDB. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could exploit vulnerabilities to possibly cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MySQL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.22" + + +

All MariaDB users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.16" + + + + + CVE-2014-6568 + CVE-2015-0374 + CVE-2015-0381 + CVE-2015-0382 + CVE-2015-0385 + CVE-2015-0391 + CVE-2015-0409 + CVE-2015-0411 + CVE-2015-0432 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-06.xml new file mode 100644 index 0000000000..60dfb6e1dd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-06.xml @@ -0,0 +1,68 @@ + + + + X.Org X Server: Multiple vulnerabilities + Multiple vulnerabilities have been found in X.Org X Server, + allowing attackers to execute arbitrary code or cause a Denial of Service + condition. + + xorg-server + April 17, 2015 + April 17, 2015: 2 + 532086 + 539692 + remote + + + 1.12.4-r4 + 1.12.4-r4 + + + +

The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

Multiple vulnerabilities have been discovered in X.Org X Server. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All X.Org X Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.12.4-r4" + + + + + CVE-2014-8091 + CVE-2014-8092 + CVE-2014-8093 + CVE-2014-8094 + CVE-2014-8095 + CVE-2014-8096 + CVE-2014-8097 + CVE-2014-8098 + CVE-2014-8099 + CVE-2014-8100 + CVE-2014-8101 + CVE-2014-8102 + CVE-2014-8103 + CVE-2015-0255 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-07.xml new file mode 100644 index 0000000000..ae46af1cc8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201504-07.xml @@ -0,0 +1,73 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + April 17, 2015 + April 17, 2015: 1 + 546706 + remote + + + 11.2.202.457 + 11.2.202.457 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.457" + + + + + CVE-2015-0346 + CVE-2015-0347 + CVE-2015-0348 + CVE-2015-0349 + CVE-2015-0350 + CVE-2015-0351 + CVE-2015-0352 + CVE-2015-0353 + CVE-2015-0354 + CVE-2015-0355 + CVE-2015-0356 + CVE-2015-0357 + CVE-2015-0358 + CVE-2015-0359 + CVE-2015-0360 + CVE-2015-3038 + CVE-2015-3039 + CVE-2015-3040 + CVE-2015-3041 + CVE-2015-3042 + CVE-2015-3043 + CVE-2015-3044 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-01.xml new file mode 100644 index 0000000000..39ca97310d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-01.xml @@ -0,0 +1,58 @@ + + + + Ettercap: Multiple vulnerabilities + Multiple vulnerabilities have been found in Ettercap, the worst of + which allows remote attackers to execute arbitrary code. + + ettercap + May 13, 2015 + May 13, 2015: 1 + 532764 + remote + + + 0.8.2 + 0.8.2 + + + +

Ettercap is a comprehensive suite for man in the middle attacks.

+ + +

Multiple vulnerabilities have been discovered in Ettercap. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Ettercap users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/ettercap-0.8.2" + + + + + CVE-2014-6395 + CVE-2014-6396 + CVE-2014-9376 + CVE-2014-9377 + CVE-2014-9378 + CVE-2014-9379 + CVE-2014-9380 + CVE-2014-9381 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-02.xml new file mode 100644 index 0000000000..7e1d698a88 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-02.xml @@ -0,0 +1,70 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + May 31, 2015 + May 31, 2015: 1 + 549388 + remote + + + 11.2.202.460 + 11.2.202.460 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.460" + + + + + CVE-2015-3044 + CVE-2015-3077 + CVE-2015-3078 + CVE-2015-3079 + CVE-2015-3080 + CVE-2015-3081 + CVE-2015-3082 + CVE-2015-3083 + CVE-2015-3084 + CVE-2015-3085 + CVE-2015-3086 + CVE-2015-3087 + CVE-2015-3088 + CVE-2015-3089 + CVE-2015-3090 + CVE-2015-3091 + CVE-2015-3092 + CVE-2015-3093 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-03.xml new file mode 100644 index 0000000000..e06a9e460f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201505-03.xml @@ -0,0 +1,80 @@ + + + + phpMyAdmin: Multiple vulnerabilities + Multiple vulnerabilities have been found in phpMyAdmin, the worst + of which could lead to arbitrary code execution. + + phpMyAdmin + May 31, 2015 + May 14, 2016: 2 + 517858 + 522844 + 530054 + remote + + + 4.2.13 + 4.1.14.7 + 4.0.10.6 + 4.0.10.15 + 4.0.10.16 + 4.0.10.17 + 4.0.10.18 + 4.2.13 + + + +

phpMyAdmin is a web-based management tool for MySQL databases.

+ + +

Multiple vulnerabilities have been discovered in phpMyAdmin. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote authenticated attacker could exploit these vulnerabilities to + include and execute arbitrary local files via a crafted parameter, inject + SQL code, or to conduct Cross-Site Scripting attacks. +

+ + +

There is no known workaround at this time.

+ + +

All phpMyAdmin 4.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.2.13" + + +

All phpMyAdmin 4.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.1.14.7" + + +

All phpMyAdmin 4.0 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.10.6" + + + + + CVE-2014-4986 + CVE-2014-4987 + CVE-2014-6300 + CVE-2014-8958 + CVE-2014-8959 + CVE-2014-8960 + CVE-2014-8961 + + K_F + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-01.xml new file mode 100644 index 0000000000..ed466e889b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-01.xml @@ -0,0 +1,68 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + + June 21, 2015 + June 21, 2015: 1 + 551658 + remote + + + 11.2.202.466 + 11.2.202.466 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.466" + + + + + CVE-2015-3096 + CVE-2015-3097 + CVE-2015-3098 + CVE-2015-3099 + CVE-2015-3100 + CVE-2015-3101 + CVE-2015-3102 + CVE-2015-3103 + CVE-2015-3104 + CVE-2015-3105 + CVE-2015-3106 + CVE-2015-3107 + CVE-2015-3108 + CVE-2015-4472 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-02.xml new file mode 100644 index 0000000000..a3cd389e0d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-02.xml @@ -0,0 +1,74 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSL that can result + in either Denial of Service or information disclosure. + + dos + June 22, 2015 + February 26, 2016: 2 + 551832 + remote + + + 1.0.1o + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.1o + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + and Transport Layer Security as well as a general purpose cryptography + library. +

+ + +

Multiple vulnerabilities have been found in OpenSSL. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause Denial of Service and information + disclosure. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL 1.0.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o" + + +

All OpenSSL 0.9.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7" + + + + + CVE-2014-8176 + CVE-2015-1788 + CVE-2015-1789 + CVE-2015-1790 + CVE-2015-1791 + CVE-2015-1792 + CVE-2015-4000 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-03.xml new file mode 100644 index 0000000000..2419378bef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-03.xml @@ -0,0 +1,53 @@ + + + + GnuTLS: Multiple vulnerabilities + Multiple vulnerabilities have been fixed in GnuTLS, the worst of + which can cause Denial of Service + + gnutls + June 22, 2015 + June 22, 2015: 1 + 546760 + 548636 + local, remote + + + 3.3.15 + 3.3.15 + + + +

GnuTLS is an Open Source implementation of the TLS and SSL protocols.

+ + +

Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers and external references below for details. +

+ + +

A context-dependent attacker can cause a denial of service condition.

+ + +

There is no known workaround at this time.

+ + +

All GnuTLS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.3.15" + + + + + CVE-2015-3308 + + GNUTLS-SA-2015-2 + + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-04.xml new file mode 100644 index 0000000000..58beb41088 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201506-04.xml @@ -0,0 +1,84 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been fixed in Chromium, the worst of + which can cause arbitrary remote code execution. + + + June 23, 2015 + June 23, 2015: 1 + 545300 + 546728 + 548108 + 549944 + remote + + + 43.0.2357.65 + 43.0.2357.65 + + + +

Chromium is an open-source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause arbitrary remote code execution, Denial of + Service or bypass of security mechanisms. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-43.0.2357.65" + + + + + CVE-2015-1233 + CVE-2015-1234 + CVE-2015-1235 + CVE-2015-1236 + CVE-2015-1237 + CVE-2015-1238 + CVE-2015-1240 + CVE-2015-1241 + CVE-2015-1242 + CVE-2015-1243 + CVE-2015-1244 + CVE-2015-1245 + CVE-2015-1246 + CVE-2015-1247 + CVE-2015-1248 + CVE-2015-1250 + CVE-2015-1251 + CVE-2015-1252 + CVE-2015-1253 + CVE-2015-1254 + CVE-2015-1255 + CVE-2015-1256 + CVE-2015-1257 + CVE-2015-1258 + CVE-2015-1259 + CVE-2015-1260 + CVE-2015-1262 + CVE-2015-1263 + CVE-2015-1264 + CVE-2015-1265 + + + BlueKnight + + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-01.xml new file mode 100644 index 0000000000..2b6996a540 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-01.xml @@ -0,0 +1,53 @@ + + + + chrony: Multiple vulnerabilities + Multiple vulnerabilities have been found in chrony, the worst of + which can cause arbitrary code execution. + + chrony + July 05, 2015 + July 05, 2015: 1 + 545918 + remote + + + 1.31.1 + 1.31.1 + + + +

chrony is a versatile implementation of the Network Time Protocol (NTP).

+ + +

Multiple vulnerabilities have been discovered in chrony. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker can cause arbitrary remote code execution or Denial of + service condition. +

+ + +

There is no known workaround at this time.

+ + +

All chrony users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/chrony-1.31.1" + + + + + CVE-2015-1821 + CVE-2015-1822 + CVE-2015-1853 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-02.xml new file mode 100644 index 0000000000..1c042d7141 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-02.xml @@ -0,0 +1,58 @@ + + + + Tor: Denial of Service + Two vulnerabilities have been found in Tor, the worst of which can + allow remote attackers to cause a Denial of Service condition. + + tor + July 06, 2015 + July 06, 2015: 1 + 545940 + remote + + + 0.2.6.7 + 0.2.6.7 + + + +

Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. +

+ + +

Tor does not handle data correctly when specifically crafted data is + sent, and also fails to properly verify a descriptor provided by a hidden + service directory. +

+ + +

A remote attacker could cause a Denial of Service condition in both a + Tor client or a Tor server. +

+ + +

There is no known workaround at this time.

+ + +

All Tor users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.6.7" + + + + + CVE-2015-2928 + CVE-2015-2929 + + Upstream announcement + + + + keytoaster + + stanley + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-03.xml new file mode 100644 index 0000000000..1787063c09 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-03.xml @@ -0,0 +1,51 @@ + + + + Exiv2: Denial of Service + A vulnerability in Exiv2 could lead to Denial of Service condition. + exiv2 + July 07, 2015 + July 07, 2015: 1 + 534608 + remote + + + 0.24-r1 + 0.24-r1 + + + +

Exiv2 is a C++ library and a command line utility to manage image + metadata. +

+ + +

Exiv2 has a buffer overflow in the RiffVideo::infoTagsHandler function + in riffvideo.cpp. +

+ + +

A remote attacker could possibly cause a Denial of Service condition via + a specially crafted AVI file with IKEY INFO tag. +

+ + +

There is no known workaround at this time.

+ + +

All Exiv2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.24-r1" + + + + + CVE-2014-9449 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-04.xml new file mode 100644 index 0000000000..e0ad92a4fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-04.xml @@ -0,0 +1,59 @@ + + + + International Components for Unicode: Multiple vulnerabilities + Multiple vulnerabilities have been found in International + Components for Unicode, allowing attackers to execute arbitrary code or + cause a Denial of Service condition. + + icu + July 07, 2015 + July 07, 2015: 1 + 546156 + remote + + + 55.1 + 55.1 + + + +

International Components for Unicode is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +

+ + +

Multiple vulnerabilities have been discovered in International + Components for Unicode. Please review the CVE identifiers referenced + below for details. +

+ + +

A remote attacker could execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All International Components for Unicode users should upgrade to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/icu-55.1" + + + + + CVE-2014-8146 + CVE-2014-8147 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-05.xml new file mode 100644 index 0000000000..5aceef16fd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-05.xml @@ -0,0 +1,53 @@ + + + + SQLite: Multiple vulnerabilities + Multiple vulnerabilities have been found in SQLite, allowing + context-dependent attackers to cause a Denial of Service condition. + + sqlite + July 07, 2015 + July 07, 2015: 1 + 546626 + local, remote + + + 3.8.9 + 3.8.9 + + + +

SQLite is a C library that implements an SQL database engine.

+ + +

Multiple vulnerabilities have been discovered in SQLite. Please review + the CVE identifiers referenced below for details. +

+ + +

A context-dependent attacker could possibly cause a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All SQLite users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.8.9" + + + + + CVE-2015-3414 + CVE-2015-3415 + CVE-2015-3416 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-06.xml new file mode 100644 index 0000000000..10b90d0d5d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-06.xml @@ -0,0 +1,54 @@ + + + + UnRTF: Multiple vulnerabilities + Multiple vulnerabilities have been found in UnRTF, the worst of + which may result in execution of arbitrary code. + + unrtf + July 07, 2015 + July 07, 2015: 1 + 531544 + remote + + + 0.21.9 + 0.21.9 + + + +

UnRTF is a command-line program which converts RTF documents to other + formats. +

+ + +

Multiple vulnerabilities have been discovered in UnRTF. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All UnRTF users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/unrtf-0.21.9" + + + + + CVE-2014-9274 + CVE-2014-9275 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-07.xml new file mode 100644 index 0000000000..8ba1c2d66c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-07.xml @@ -0,0 +1,57 @@ + + + + LibVNCServer: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibVNCServer, the worst + of which could result in execution of arbitrary code or Denial of Service. + + libvncserver + July 07, 2015 + July 07, 2015: 1 + 523590 + remote + + + 0.9.10-r1 + 0.9.10-r1 + + + +

LibVNCServer is a cross-platform C library that allows you to easily + implement VNC server functionality in your program. +

+ + +

Multiple vulnerabilities have been discovered in LibVNCServer. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All LibVNCServer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.9.10-r1" + + + + + CVE-2014-6051 + CVE-2014-6052 + CVE-2014-6053 + CVE-2014-6054 + CVE-2014-6055 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-08.xml new file mode 100644 index 0000000000..d3e3d76465 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-08.xml @@ -0,0 +1,51 @@ + + + + libxml2: Denial of Service + A vulnerability in libxml2 allows a remote attacker to cause Denial + of Service. + + libxml2 + July 07, 2015 + July 07, 2015: 1 + 546720 + remote + + + 2.9.2-r1 + 2.9.2-r1 + + + +

libxml2 is the XML C parser and toolkit developed for the Gnome project.

+ + +

libxml2 returns the empty string when the allocation limit is + encountered while constructing the attribute value string. +

+ + +

A remote attacker may be able to cause Denial of Service via a specially + crafted XML file. +

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.2-r1" + + + + + CVE-2015-1819 + + + keytoaster + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-09.xml new file mode 100644 index 0000000000..87c7cb791e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-09.xml @@ -0,0 +1,51 @@ + + + + PyPAM: Arbitrary code execution + A double free vulnerability in PyPAM could result in execution of + arbitrary code or Denial of Service. + + pypam + July 09, 2015 + July 09, 2015: 1 + 407603 + remote + + + 0.5.0-r3 + 0.5.0-r3 + + + +

PyPAM is a PAM binding for Python.

+ + +

PyPAM does not handle passwords correctly if there is NULL byte in the + string. +

+ + +

A remote attacker could possibly execute arbitrary code or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All PyPAM users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/pypam-0.5.0-r3" + + + + + CVE-2012-1502 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-10.xml new file mode 100644 index 0000000000..e34eaac002 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-10.xml @@ -0,0 +1,51 @@ + + + + t1utils: Arbitrary code execution + A buffer overflow in t1utils could result in execution of arbitrary + code or Denial of Service. + + t1utils + July 10, 2015 + July 10, 2015: 1 + 548638 + remote + + + 1.39 + 1.39 + + + +

t1utils is a collection of simple Type 1 font manipulation programs.

+ + +

t1utils has a buffer overflow in the set_cs_start function in + t1disasm.c. +

+ + +

A remote attacker could cause a denial of service and possibly execute + arbitrary code via a crafted font file. +

+ + +

There is no known workaround at this time.

+ + +

All t1utils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/t1utils-1.39" + + + + + CVE-2015-3905 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-11.xml new file mode 100644 index 0000000000..5ccf39c541 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-11.xml @@ -0,0 +1,49 @@ + + + + Perl: Denial of Service + A vulnerability in Perl allows a remote attacker to cause Denial of + Service. + + perl + July 10, 2015 + July 10, 2015: 1 + 216671 + remote + + + 5.20.1-r4 + 5.20.1-r4 + + + +

Perl is a highly capable, feature-rich programming language.

+ + +

S_regmatch() function lacks proper checks before passing arguments to + atoi() +

+ + +

A remote attacker could send a specially crafted input, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Perl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.20.1-r4" + + + + + CVE-2013-7422 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-12.xml new file mode 100644 index 0000000000..957562bcef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-12.xml @@ -0,0 +1,55 @@ + + + + libCapsiNetwork: Denial of Service + A buffer overflow in libcapsinetwork might allow remote attackers + to cause a Denial of Service condition. + + libcapsinetwork + July 10, 2015 + July 11, 2015: 2 + 544324 + remote + + + 0.3.0-r2 + + + +

libCapsiNetwork is a C++ network library to allow fast development of + server daemon processes. +

+ + +

An off-by-one buffer overflow in libcapsinetwork network handling code + is discovered. +

+ + +

A remote attacker could send a specially crafted request to application, + that is linked with libcapsinetwork, possibly resulting in a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo discontinued support for libCapsiNetwork. + We recommend that users unmerge it: +

+ + + # emerge --unmerge "net-libs/libcapsinetwork" + + + + CVE-2015-0841 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-13.xml new file mode 100644 index 0000000000..0a38ae2b50 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-13.xml @@ -0,0 +1,90 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + ACE,DoS,flash + July 10, 2015 + July 10, 2015: 1 + 552946 + 554220 + 554250 + remote + + + 11.2.202.481 + 11.2.202.481 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.481" + + + + + CVE-2014-0578 + CVE-2015-3113 + CVE-2015-3114 + CVE-2015-3115 + CVE-2015-3116 + CVE-2015-3117 + CVE-2015-3118 + CVE-2015-3119 + CVE-2015-3120 + CVE-2015-3121 + CVE-2015-3122 + CVE-2015-3123 + CVE-2015-3124 + CVE-2015-3125 + CVE-2015-3126 + CVE-2015-3127 + CVE-2015-3128 + CVE-2015-3129 + CVE-2015-3130 + CVE-2015-3131 + CVE-2015-3132 + CVE-2015-3133 + CVE-2015-3134 + CVE-2015-3135 + CVE-2015-3136 + CVE-2015-3137 + CVE-2015-4428 + CVE-2015-4429 + CVE-2015-4430 + CVE-2015-4431 + CVE-2015-4432 + CVE-2015-4433 + CVE-2015-5116 + CVE-2015-5117 + CVE-2015-5118 + CVE-2015-5119 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-14.xml new file mode 100644 index 0000000000..042ead7228 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-14.xml @@ -0,0 +1,100 @@ + + + + Oracle JRE/JDK: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oracle JRE/JDK, + allowing both local and remote attackers to compromise various Java + components. + + oracle-jre oracle-jdk + July 10, 2015 + July 11, 2015: 2 + 537214 + local, remote + + + 1.8.0.31 + 1.7.0.76 + 1.8.0.31 + 1.7.0.76 + + + 1.8.0.31 + 1.7.0.76 + 1.8.0.31 + 1.7.0.76 + + + +

The Oracle Java Development Kit (JDK) and the Oracle Java Runtime + Environment (JRE) provide the Oracle Java platform. +

+ + +

Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please + review the CVE identifiers referenced below for details. +

+ + +

An context-dependent attacker may be able to influence the + confidentiality, integrity, and availability of Java + applications/runtime. +

+ + +

There is no workaround at this time.

+ + +

All Oracle JRE 8 users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.31 + + +

All Oracle JDK 8 users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.31 + + +

All Oracle JRE 7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.7.0.76 + + +

All Oracle JDK 7 users should upgrade to the latest stable version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.7.0.76 + + + + CVE-2014-3566 + CVE-2014-6549 + CVE-2014-6585 + CVE-2014-6587 + CVE-2014-6591 + CVE-2014-6593 + CVE-2014-6601 + CVE-2015-0383 + CVE-2015-0395 + CVE-2015-0400 + CVE-2015-0403 + CVE-2015-0406 + CVE-2015-0407 + CVE-2015-0408 + CVE-2015-0410 + CVE-2015-0412 + CVE-2015-0413 + CVE-2015-0421 + + + BlueKnight + + stanley + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-15.xml new file mode 100644 index 0000000000..b7d24b08d5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-15.xml @@ -0,0 +1,66 @@ + + + + OpenSSL: Alternate chains certificate forgery + Certain checks on untrusted certificates can be bypassed. + openssl + July 10, 2015 + February 26, 2016: 3 + 554172 + remote + + + 1.0.1p + 0.9.8z_p6 + 0.9.8z_p7 + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.1p + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

During certificate verification, OpenSSL attempts to find an alternative + certificate chain if the first attempt to build such a chain fails. +

+ + +

A remote attacker could cause certain checks on untrusted + certificates to be bypassed, such as the CA flag, enabling them to use a + valid leaf certificate to act as a CA and “issue” an invalid + certificate. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1p" + + + + + CVE-2015-1793 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-16.xml new file mode 100644 index 0000000000..6949d4bd73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-16.xml @@ -0,0 +1,49 @@ + + + + Portage: Man-in-the-middle attack + A vulnerability in Portage's urlopen function could allow a remote + attacker to conduct a man-in-the-middle attack. + + portage + July 10, 2015 + July 10, 2015: 2 + 469888 + remote + + + 2.1.12.2 + 2.1.12.2 + + + +

Portage is the package management and distribution system for Gentoo.

+ + +

Portage does not verify X.509 SSL certificates properly if HTTPS is + used. +

+ + +

A remote attacker can spoof servers and modify binary package lists via + specially crafted certificates. +

+ + +

There is no known workaround at this time.

+ + +

All Portage users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.12.2" + + + + + CVE-2013-2100 + + K_F + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-17.xml new file mode 100644 index 0000000000..ba4833048f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-17.xml @@ -0,0 +1,50 @@ + + + + SNMP: Denial of Service + A vulnerability in SNMP could lead to a Denial of Service + condition. + + net-snmp + July 10, 2015 + July 10, 2015: 2 + 522062 + remote + + + 5.7.3_pre5-r1 + 5.7.3_pre5-r1 + + + +

SNMP is a widely used protocol for monitoring the health and welfare of + network equipment. +

+ + +

A specially crafted trap message triggers a conversion to an erroneous + variable type when the -OQ option is used. +

+ + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All SNMP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-analyzer/net-snmp-5.7.3_pre5-r1" + + + + + CVE-2014-3565 + + K_F + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-18.xml new file mode 100644 index 0000000000..857e5eb5cc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-18.xml @@ -0,0 +1,51 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium allowing + remote attackers to bypass security restrictions. + + chromium + July 10, 2015 + July 10, 2015: 1 + 552904 + remote + + + 43.0.2357.130 + 43.0.2357.130 + + + +

Chromium is an open-source web browser project.

+ + +

Multiple vulnerabilities have been discovered in Chromium. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could bypass security restrictions.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-43.0.2357.130" + + + + + CVE-2015-1266 + CVE-2015-1267 + CVE-2015-1268 + CVE-2015-1269 + + K_F + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-19.xml new file mode 100644 index 0000000000..7a52329ef7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-19.xml @@ -0,0 +1,80 @@ + + + + MySQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in MySQL, allowing + attackers to execute arbitrary code or cause Denial of Service. + + mysql + July 10, 2015 + July 10, 2015: 1 + 546722 + remote + + + 5.5.43 + 5.6.24 + 5.6.24 + + + +

MySQL is a fast, multi-threaded, multi-user SQL database server.

+ + +

Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send a specially crafted request, possibly + resulting in execution of arbitrary code with the privileges of the + application or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MySQL 5.5.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.43" + + +

All MySQL 5.6.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.24" + + + + + CVE-2015-0405 + CVE-2015-0423 + CVE-2015-0433 + CVE-2015-0438 + CVE-2015-0439 + CVE-2015-0441 + CVE-2015-0498 + CVE-2015-0499 + CVE-2015-0500 + CVE-2015-0501 + CVE-2015-0503 + CVE-2015-0505 + CVE-2015-0506 + CVE-2015-0507 + CVE-2015-0508 + CVE-2015-0511 + CVE-2015-2566 + CVE-2015-2567 + CVE-2015-2568 + CVE-2015-2571 + CVE-2015-2573 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-20.xml new file mode 100644 index 0000000000..1572d9e6a9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-20.xml @@ -0,0 +1,106 @@ + + + + PostgreSQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in PostgreSQL, the worst + of which could result in execution of arbitrary code or privilege + escalation. + + postgresql + July 18, 2015 + August 22, 2015: 2 + 539018 + 550172 + remote + + + 9.0.21 + 9.1.17 + 9.2.12 + 9.3.8 + 9.4.3 + 9.0.22 + 9.0.23 + 9.0.24 + 9.1.18 + 9.1.19 + 9.1.20 + 9.2.13 + 9.2.14 + 9.2.15 + 9.3.9 + 9.3.10 + 9.3.11 + 9.4.3 + + + +

PostgreSQL is an open source object-relational database management + system. +

+ + +

Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition or + escalate privileges. +

+ + +

There is no known workaround at this time.

+ + +

All PostgreSQL 9.0.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.0.21" + + +

All PostgreSQL 9.1.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.1.17" + + +

All PostgreSQL 9.2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.12" + + +

All PostgreSQL 9.3.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.8" + + +

All PostgreSQL 9.4.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.3" + + + + CVE-2014-8161 + CVE-2015-0241 + CVE-2015-0242 + CVE-2015-0243 + CVE-2015-0244 + CVE-2015-3165 + CVE-2015-3166 + CVE-2015-3167 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-21.xml new file mode 100644 index 0000000000..e3e2d10db5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-21.xml @@ -0,0 +1,61 @@ + + + + libXfont: Multiple vulnerabilities + Multiple vulnerabilities have been found in libXfont, the worst of + which could result in execution of arbitrary code or Denial of Service. + + libXfont + July 22, 2015 + July 22, 2015: 1 + 543620 + remote + + + 1.4.9 + 1.5.1 + 1.5.1 + + + +

libXfont is an X11 font rasterisation library.

+ + +

Multiple vulnerabilities have been discovered in libXfont. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libXfont 1.4.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.9" + + +

All libXfont 1.5.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.1" + + + + + CVE-2015-1802 + CVE-2015-1803 + CVE-2015-1804 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-22.xml new file mode 100644 index 0000000000..3537adbc5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-22.xml @@ -0,0 +1,51 @@ + + + + e2fsprogs: Arbitrary code execution + A heap-based buffer overflow in e2fsprogs could result in execution + of arbitrary code. + + e2fsprogs + July 23, 2015 + July 23, 2015: 1 + 540536 + local + + + 1.42.13 + 1.42.13 + + + +

e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 + file systems. +

+ + +

e2fsprogs has a heap-based buffer overflow in closefs.c in the libext2fs + library. +

+ + +

A local attacker could execute arbitrary code via a specially crafted + block group descriptor. +

+ + +

There is no known workaround at this time.

+ + +

All e2fsprogs users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/e2fsprogs-1.42.13" + + + + + CVE-2015-1572 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-01.xml new file mode 100644 index 0000000000..9819660548 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-01.xml @@ -0,0 +1,93 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + flash,ACE,DoS + August 15, 2015 + August 15, 2015: 1 + 554882 + 557342 + remote + + + 11.2.202.508 + 11.2.202.508 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.508" + + + + CVE-2015-3107 + CVE-2015-5122 + CVE-2015-5123 + CVE-2015-5124 + CVE-2015-5125 + CVE-2015-5127 + CVE-2015-5129 + CVE-2015-5130 + CVE-2015-5131 + CVE-2015-5132 + CVE-2015-5133 + CVE-2015-5134 + CVE-2015-5539 + CVE-2015-5540 + CVE-2015-5541 + CVE-2015-5544 + CVE-2015-5545 + CVE-2015-5546 + CVE-2015-5547 + CVE-2015-5548 + CVE-2015-5549 + CVE-2015-5550 + CVE-2015-5551 + CVE-2015-5552 + CVE-2015-5553 + CVE-2015-5554 + CVE-2015-5555 + CVE-2015-5556 + CVE-2015-5557 + CVE-2015-5558 + CVE-2015-5559 + CVE-2015-5560 + CVE-2015-5561 + CVE-2015-5562 + CVE-2015-5563 + CVE-2015-5564 + CVE-2015-5965 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-02.xml new file mode 100644 index 0000000000..a467ae4ce5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-02.xml @@ -0,0 +1,66 @@ + + + + libgadu: Multiple vulnerabilities + Multiple vulnerabilities have been found in libgadu, the worst of + which may result in execution of arbitrary code. + + libgadu + August 15, 2015 + August 15, 2015: 1 + 490238 + 505558 + 510714 + remote + + + 1.12.0 + 1.12.0 + + + +

libgadu is a library that implements the client side of the Gadu-Gadu + protocol. +

+ + +

libgadu contains multiple vulnerabilities:

+ +
    +
  • X.509 certificates are not properly validated (CVE-2013-4488)
    • +
  • A integer overflow error could lead to a buffer overflow + (CVE-2013-6487) +
    • +
  • Malformed responses from a Gadu-Gadu file relay server are not + properly handled (CVE-2014-3775) +
    • +
+ + +

A remote attacker may be able to execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or spoof + servers. +

+ + +

There is no known workaround at this time.

+ + +

All libgadu users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libgadu-1.12.0" + + + + + CVE-2013-4488 + CVE-2013-6487 + CVE-2014-3775 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-03.xml new file mode 100644 index 0000000000..30e3a1b02b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201508-03.xml @@ -0,0 +1,53 @@ + + + + Icecast: Denial of Service + A bug in the Icecast code handling source client URL authentication + causes a Denial of Service condition. + + icecast + August 15, 2015 + August 15, 2015: 1 + 545968 + remote + + + 2.4.2 + 2.4.2 + + + +

Icecast is an open source alternative to shoutcast that supports mp3, + ogg (vorbis/theora) and aac streaming. +

+ + +

When stream_auth handler is defined for URL authentication and a request + is sent without login credentials, a Denial of Service condition can + occur. +

+ + + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

Users of affected versions can change stream_auth mountpoints to use + password authentication instead. +

+ + +

All icecast users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.2" + + + + + CVE-2015-3026 + + K_F + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-01.xml new file mode 100644 index 0000000000..bcab847fae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-01.xml @@ -0,0 +1,54 @@ + + + + NTP: Multiple vulnerablities + Multiple vulnerabilities have been found in NTP, the worst of which + could lead to arbitrary code execution. + + ntp + September 24, 2015 + September 24, 2015: 1 + 545836 + 553682 + remote + + + 4.2.8_p3 + 4.2.8_p3 + + + +

NTP contains software for the Network Time Protocol.

+ + +

Multiple vulnerabilities have been discovered in NTP. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All NTP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p3" + + + + + CVE-2015-1798 + CVE-2015-1799 + CVE-2015-5146 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-02.xml new file mode 100644 index 0000000000..af3c3f8f43 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-02.xml @@ -0,0 +1,57 @@ + + + + cURL: Multiple vulnerabilities + Multiple vulnerabilities have been found in cURL, the worst of + which can allow remote attackers to cause Denial of Service condition. + + curl + September 24, 2015 + September 24, 2015: 1 + 547376 + 552618 + remote + + + 7.43.0 + 7.43.0 + + + +

cURL is a tool and libcurl is a library for transferring data with URL + syntax. +

+ + +

Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly obtain sensitive information, or cause + a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All cURL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0" + + + + + CVE-2015-3143 + CVE-2015-3144 + CVE-2015-3145 + CVE-2015-3148 + CVE-2015-3236 + CVE-2015-3237 + + Zlogene + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-03.xml new file mode 100644 index 0000000000..a381f43a46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-03.xml @@ -0,0 +1,61 @@ + + + + Cacti: Multiple vulnerabilities + Multiple vulnerabilities have been found in Cacti, the worst of + which could lead to arbitrary code execution. + + cacti + September 24, 2015 + September 24, 2015: 1 + 506356 + 515108 + 554758 + remote + + + 0.8.8d + 0.8.8d + + + +

Cacti is a complete frontend to rrdtool

+ + +

Multiple vulnerabilities have been discovered in cacti. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Cacti users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8d" + + + + + CVE-2014-2326 + CVE-2014-2327 + CVE-2014-2328 + CVE-2014-2708 + CVE-2014-2709 + CVE-2014-4002 + CVE-2014-5025 + CVE-2014-5026 + CVE-2015-2967 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-04.xml new file mode 100644 index 0000000000..c1fdfab325 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-04.xml @@ -0,0 +1,53 @@ + + + + libtasn1: Multiple vulnerabilities + Multiple vulnerabilities have been found in libtasn1, the worst of + which could lead to arbitrary code execution. + + libtasn1 + September 24, 2015 + September 24, 2015: 1 + 544922 + 548252 + remote + + + 1.4.5 + 1.4.5 + + + +

libtasn1 is an ASN.1 library

+ + +

Multiple vulnerabilities have been discovered in libtasn1. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libtasn1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-1.4.5" + + + + + CVE-2015-2806 + CVE-2015-3622 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-05.xml new file mode 100644 index 0000000000..0c1fcdc587 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-05.xml @@ -0,0 +1,55 @@ + + + + NetworkManager: Denial of Service + Improper handling of Router Advertisements in NetworkManager could + cause a Denial of Service condition in IPv6 network stacks. + + networkmanager + September 24, 2015 + September 24, 2015: 1 + 545980 + remote + + + 1.0.2 + 1.0.2 + + + +

NetworkManager is an universal network configuration daemon for laptops, + desktops, servers and virtualization hosts. +

+ + +

IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a + low hop limit causes a Denial of Service by lowering the hop limit on + existing IPv6 routes in NetworkManager. +

+ + + +

A remote attacker on the same network segment could cause a Denial of + Service condition in NetworkManager +

+ + +

There is no known workaround at this time.

+ + +

All NetworkManager users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/networkmanager-1.0.2" + + + + + CVE-2015-2924 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-06.xml new file mode 100644 index 0000000000..9c07e67dbe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-06.xml @@ -0,0 +1,72 @@ + + + + Git: Arbitrary command execution + An attacker could execute arbitrary commands via Git repositories + in a case-insensitive or case-normalizing filesystem. + + git + September 24, 2015 + September 24, 2015: 1 + 532984 + remote + + + 1.8.5.6 + 1.9.5 + 2.0.5 + 2.0.5 + + + +

Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +

+ + +

A vulnerability in Git causing Git-compatible clients that access + case-insensitive or case-normalizing filesystems to overwrite the + .git/config when cloning or checking out a repository, leading to + execution of arbitrary commands. +

+ + +

An attacker can execute arbitrary commands on a client machine that + clones a crafted malicious Git tree. +

+ + +

There is no known workaround at this time.

+ + +

All Git 1.8.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.8.5.6" + + +

All Git 1.9.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.9.5" + + +

All Git 2.0.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.0.5" + + + + + CVE-2014-9390 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-07.xml new file mode 100644 index 0000000000..b2d3ff1679 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201509-07.xml @@ -0,0 +1,80 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + ACE,DoS,flash + September 25, 2015 + September 25, 2015: 1 + 561076 + remote + + + 11.2.202.521 + 11.2.202.521 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.521" + + + + CVE-2015-5567 + CVE-2015-5568 + CVE-2015-5570 + CVE-2015-5571 + CVE-2015-5572 + CVE-2015-5573 + CVE-2015-5574 + CVE-2015-5575 + CVE-2015-5576 + CVE-2015-5577 + CVE-2015-5578 + CVE-2015-5579 + CVE-2015-5580 + CVE-2015-5581 + CVE-2015-5582 + CVE-2015-5584 + CVE-2015-5587 + CVE-2015-5588 + CVE-2015-6676 + CVE-2015-6677 + CVE-2015-6678 + CVE-2015-6679 + CVE-2015-6680 + CVE-2015-6681 + CVE-2015-6682 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-01.xml new file mode 100644 index 0000000000..2f65e1fe51 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-01.xml @@ -0,0 +1,56 @@ + + + + BIND: Denial of Service + A vulnerability in BIND could lead to a Denial of Service + condition. + + bind + October 18, 2015 + October 18, 2015: 1 + 540640 + 553584 + 556150 + 559462 + remote + + + 9.10.2_p4 + 9.10.2_p4 + + + +

BIND (Berkeley Internet Name Domain) is a Name Server.

+ + +

A vulnerability has been discovered in BIND’s named utility leading to + a Denial of Service condition. +

+ + +

A remote attacker may be able to cause Denial of Service condition via + specially constructed zone data. +

+ + +

There is no known workaround at this time.

+ + +

All BIND users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.2_p4" + + + + + CVE-2015-1349 + CVE-2015-4620 + CVE-2015-5477 + CVE-2015-5722 + CVE-2015-5986 + + Zlogene + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-02.xml new file mode 100644 index 0000000000..2741780c81 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-02.xml @@ -0,0 +1,55 @@ + + + + QEMU: Arbitrary code execution + A heap-based buffer overflow in QEMU could result in execution of + arbitrary code. + + qemu + October 31, 2015 + October 31, 2015: 1 + 551752 + 555680 + 556050 + 556052 + local, remote + + + 2.3.0-r4 + 2.3.0-r4 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Heap-based buffer overflow has been found in QEMU’s PCNET controller.

+ + +

A remote attacker could execute arbitrary code via a specially crafted + packets. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.3.0-r4" + + + + + CVE-2015-3209 + CVE-2015-3214 + CVE-2015-5154 + CVE-2015-5158 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-03.xml new file mode 100644 index 0000000000..b9e960ff83 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-03.xml @@ -0,0 +1,69 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark, allowing + attackers to cause Denial of Service condition. + + wireshark + October 31, 2015 + October 31, 2015: 1 + 536034 + 542206 + 548898 + 549432 + 552434 + 557522 + remote + + + 1.12.7 + 1.12.7 + + + +

Wireshark is a network protocol analyzer formerly known as ethereal.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.12.7" + + + + + CVE-2015-2187 + CVE-2015-2188 + CVE-2015-2189 + CVE-2015-2190 + CVE-2015-2191 + CVE-2015-2192 + CVE-2015-3182 + CVE-2015-3808 + CVE-2015-3809 + CVE-2015-3810 + CVE-2015-3811 + CVE-2015-3812 + CVE-2015-3813 + CVE-2015-3814 + CVE-2015-3815 + CVE-2015-3906 + CVE-2015-4651 + CVE-2015-4652 + + K_F + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-04.xml new file mode 100644 index 0000000000..71feec6906 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-04.xml @@ -0,0 +1,55 @@ + + + + tcpdump: Multiple vulnerabilities + Multiple vulnerabilities have been found in tcpdump, the worst of + which can allow remote attackers to cause Denial of Service condition or + executive arbitrary code. + + tcpdump + October 31, 2015 + October 31, 2015: 1 + 552632 + remote + + + 4.7.4 + 4.7.4 + + + +

tcpdump is a Tool for network monitoring and data acquisition.

+ + +

Multiple vulnerabilities have been discovered in tcpdump. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All tcpdump users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.7.4" + + + + + CVE-2015-0261 + CVE-2015-2153 + CVE-2015-2154 + CVE-2015-2155 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-05.xml new file mode 100644 index 0000000000..17c6fc896b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-05.xml @@ -0,0 +1,91 @@ + + + + MediaWiki: Multiple vulnerabilities + Multiple vulnerabilities have been found in MediaWiki, the worst of + which may allow remote attackers to cause a Denial of Service. + + mediawiki + October 31, 2015 + October 31, 2015: 1 + 545944 + 557844 + remote + + + 1.25.2 + 1.24.3 + 1.23.10 + 1.25.2 + + + +

MediaWiki is a collaborative editing software used by large projects + such as Wikipedia. +

+ + +

Multiple vulnerabilities have been discovered in MediaWiki. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to create a Denial of Service condition, + obtain sensitive information, bypass security restrictions, and inject + arbitrary web script or HTML. +

+ + +

There is no known workaround at this time.

+ + +

All MediaWiki 1.25 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.25.2" + + +

All MediaWiki 1.24 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.24.3" + + +

All MediaWiki 1.23 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.10" + + + + CVE-2015-2931 + CVE-2015-2932 + CVE-2015-2933 + CVE-2015-2934 + CVE-2015-2935 + CVE-2015-2936 + CVE-2015-2937 + CVE-2015-2938 + CVE-2015-2939 + CVE-2015-2940 + CVE-2015-2941 + CVE-2015-2942 + CVE-2015-6728 + CVE-2015-6729 + CVE-2015-6730 + CVE-2015-6731 + CVE-2015-6732 + CVE-2015-6733 + CVE-2015-6734 + CVE-2015-6735 + CVE-2015-6736 + CVE-2015-6737 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-06.xml new file mode 100644 index 0000000000..7e47d69bb6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-06.xml @@ -0,0 +1,78 @@ + + + + Django: Multiple vulnerabilities + Multiple vulnerabilities have been found in Django, the worst of + which may allow a remote attacker to cause Denial of Service. + + django + October 31, 2015 + October 31, 2015: 1 + 554864 + remote + + + 1.8.3 + 1.7.9 + 1.4.21 + 1.8.3 + + + +

Django is a Python-based web framework.

+ + +

Multiple vulnerabilities have been found in Django:

+ +
    +
  • Session backends create a new record anytime request.session was + accessed (CVE-2015-5143) +
    • +
  • Built-in validators in Django do not properly sanitize input + (CVE-2015-5144) +
    • +
  • URL validation included a regular expression that was extremely slow + (CVE-2015-5145) +
    • +
+ + +

A remote attacker may be able cause a Denial of Service condition, + inject arbitrary headers, and conduct HTTP response splitting attacks. +

+ + +

There is no known workaround at this time.

+ + +

All Django 1.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.8.3" + + +

All Django 1.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.7.9" + + +

All Django 1.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-1.4.21" + + + + CVE-2015-5143 + CVE-2015-5144 + CVE-2015-5145 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-07.xml new file mode 100644 index 0000000000..1d6dd4c22b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-07.xml @@ -0,0 +1,52 @@ + + + + CUPS: Multiple vulnerabilities + Multiple vulnerabilities have been found in CUPS, the worst of + which could lead to arbitrary code execution. + + cups + October 31, 2015 + October 31, 2015: 1 + 551846 + remote + + + 2.0.3 + 2.0.3 + + + +

CUPS, the Common Unix Printing System, is a full-featured print server.

+ + +

Multiple vulnerabilities have been discovered in cups. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All CUPS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-2.0.3" + + + + + CVE-2015-1158 + CVE-2015-1159 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-08.xml new file mode 100644 index 0000000000..7ffe94efd0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201510-08.xml @@ -0,0 +1,54 @@ + + + + cups-filters: Multiple vulnerabilities + Multiple vulnerabilities have been found in cups-filters, the worst + of which could lead to arbitrary code execution. + + cups-filters + October 31, 2015 + October 31, 2015: 1 + 553644 + 553836 + remote + + + 1.0.71 + 1.0.71 + + + +

cups-filters is an OpenPrinting CUPS Filters.

+ + +

Multiple vulnerabilities have been discovered in cups-filters. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted print + job using cups-filters, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All cups-filters users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.0.71" + + + + + CVE-2015-3258 + CVE-2015-3279 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-01.xml new file mode 100644 index 0000000000..9743c1e24e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-01.xml @@ -0,0 +1,57 @@ + + + + MirBSD Korn Shell: Arbitrary code execution + An attacker who already had access to the environment could so + append values to parameters passed through programs. + + + November 02, 2015 + November 02, 2015: 2 + 524414 + local + + + 50c + 50c + + + +

MirBSD Korn Shell is an actively developed free implementation of the + Korn Shell programming language and a successor to the Public Domain Korn + Shell. +

+ + +

Improper sanitation of environment import allows for appending of values + to passed parameters. +

+ + +

An attacker who already had access to the environment could so append + values to parameters passed through programs (including sudo(8) or + setuid) to shell scripts, including indirectly, after those programs + intended to sanitise the environment, e.g. invalidating the last $PATH + component. +

+ + +

There is no known workaround at this time.

+ + +

All mksh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/mksh-50c" + + + + + + mksh R50c released, security fix + + + K_F + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-02.xml new file mode 100644 index 0000000000..5118dc08b8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201511-02.xml @@ -0,0 +1,88 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + November 17, 2015 + November 17, 2015: 1 + 563014 + 563172 + 565318 + remote + + + 11.2.202.548 + 11.2.202.548 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.548" + + + + + CVE-2015-5569 + CVE-2015-7625 + CVE-2015-7626 + CVE-2015-7627 + CVE-2015-7628 + CVE-2015-7629 + CVE-2015-7630 + CVE-2015-7631 + CVE-2015-7632 + CVE-2015-7633 + CVE-2015-7634 + CVE-2015-7643 + CVE-2015-7644 + CVE-2015-7645 + CVE-2015-7646 + CVE-2015-7647 + CVE-2015-7648 + CVE-2015-7651 + CVE-2015-7652 + CVE-2015-7653 + CVE-2015-7654 + CVE-2015-7655 + CVE-2015-7656 + CVE-2015-7657 + CVE-2015-7658 + CVE-2015-7659 + CVE-2015-7660 + CVE-2015-7661 + CVE-2015-7662 + CVE-2015-7663 + CVE-2015-8042 + CVE-2015-8043 + CVE-2015-8044 + CVE-2015-8046 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-01.xml new file mode 100644 index 0000000000..2644755f7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-01.xml @@ -0,0 +1,53 @@ + + + + Dnsmasq: Denial of Service + A vulnerability in Dnsmasq can lead to a Denial of Service + condition. + + dnsmasq + December 17, 2015 + December 17, 2015: 1 + 547966 + remote + + + 2.72-r2 + 2.72-r2 + + + +

Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP + server. +

+ + +

An out-of-bounds read vulnerability has been found in the tcp_request + function in Dnsmasq. +

+ + +

A remote attacker could send a specially crafted DNS request, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Dnsmasq users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.72-r2" + + + + + CVE-2015-3294 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-02.xml new file mode 100644 index 0000000000..7e12a0f2e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-02.xml @@ -0,0 +1,49 @@ + + + + IPython: User-assisted execution of arbitrary code + A vulnerability in IPython could result in execution of arbitrary + JavaScript. + + ipython + December 17, 2015 + December 17, 2015: 1 + 560708 + remote + + + 3.2.1-r1 + 3.2.1-r1 + + + +

IPython is an advanced interactive shell for Python.

+ + +

IPython does not properly check the MIME type of a file.

+ + +

A remote attacker could entice a user to open a specially crafted text + file using IPython, possibly resulting in execution of arbitrary + JavaScript with the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All IPython users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/ipython-3.2.1-r1" + + + + CVE-2015-7337 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-03.xml new file mode 100644 index 0000000000..d61b21a43c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-03.xml @@ -0,0 +1,63 @@ + + + + GRUB: Authentication bypass + GRUB's authentication prompt can be bypassed by entering a sequence + of backspace characters. + + grub + December 19, 2015 + December 19, 2015: 1 + 568326 + local + + + 2.02_beta2-r8 + 0.97 + 2.02_beta2-r8 + + + +

GNU GRUB is a multiboot boot loader used by most Linux systems.

+ + +

An integer underflow in GRUB’s username/password authentication code + has been discovered. +

+ + +

An attacker with access to the system console may bypass the username + prompt by entering a sequence of backspace characters, allowing them e.g. + to get full access to GRUB’s console or to load a customized kernel. +

+ + +

There is no known workaround at this time.

+ + +

All GRUB 2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.02_beta2-r8" + + +

After upgrading, make sure to run the grub2-install command with options + appropriate for your system. See the GRUB2 Quick Start guide in the + references below for examples. Your system will be vulnerable until this + action is performed. +

+ + + CVE-2015-8370 + GRUB2 Quick + Start guide + + + + keytoaster + + + keytoaster + + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-04.xml new file mode 100644 index 0000000000..d50b71bcae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-04.xml @@ -0,0 +1,56 @@ + + + + OpenSSH: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSH, the worst of + which could lead to arbitrary code execution, or cause a Denial of Service + condition. + + openssh + December 20, 2015 + December 21, 2015: 4 + 553724 + 555518 + 557340 + remote + + + 7.1_p1-r2 + 7.1_p1-r2 + + + +

OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSH. Please review + the CVE identifiers referenced below for details. +

+ + + + + +

There is no known workaround at this time.

+ + +

All openssh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.1_p1-r2" + + + + + CVE-2015-5352 + CVE-2015-5600 + CVE-2015-6563 + CVE-2015-6564 + CVE-2015-6565 + + Zlogene + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-05.xml new file mode 100644 index 0000000000..7a650cfade --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-05.xml @@ -0,0 +1,61 @@ + + + + gdk-pixbuf: Multiple Vulnerabilities + Multiple buffer overflow vulnerabilities in gdk-pixbuf may allow + remote attackers to execute arbitrary code or cause Denial of Service. + + gdk-pixbuf + December 21, 2015 + December 21, 2015: 1 + 556314 + 562878 + 562880 + remote + + + 2.32.1 + 2.32.1 + + + +

gdk-pixbuf is an image loading library for GTK+.

+ + +

Three heap-based buffer overflow vulnerabilities have been discovered in + gdk-pixbuf. Please review the CVE identifiers referenced below for + details. +

+ + +

A remote attacker could entice a user to open a specially crafted image + file with an application linked against gdk-pixbuf, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All gdk-pixbuf users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.32.1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying these packages. +

+ + + CVE-2015-4491 + CVE-2015-7673 + CVE-2015-7674 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-06.xml new file mode 100644 index 0000000000..11bf2a9bde --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-06.xml @@ -0,0 +1,53 @@ + + + + MPFR: User-assisted execution of arbitrary code + A buffer overflow vulnerability in MPFR could allow remote + attackers to execute arbitrary code or cause Denial of Service. + + mpfr + December 30, 2015 + December 30, 2015: 1 + 532028 + remote + + + 3.1.3_p4 + 3.1.3_p4 + + + +

MPFR is a library for multiple-precision floating-point computations + with exact rounding. +

+ + +

MPFR fails to adequately check user-supplied input, which could lead to + a buffer overflow. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MPFR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/mpfr-3.1.3_p4" + + + + + CVE-2014-9474 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-07.xml new file mode 100644 index 0000000000..425328a8b8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-07.xml @@ -0,0 +1,58 @@ + + + + GStreamer: User-assisted execution of arbitrary code + A buffer overflow in GStreamer could allow remote attackers to + execute arbitrary code or cause Denial of Service. + + gstreamer + December 30, 2015 + February 09, 2016: 3 + 553742 + remote + + + 1.4.5 + 0.10.36-r2 + 1.4.5 + + + 0.10.23-r3 + 0.10.23-r3 + + + +

GStreamer is an open source multimedia framework.

+ + +

A buffer overflow vulnerability has been found in the parsing of H.264 + formatted video. +

+ + +

A remote attacker could entice a user to open a specially crafted H.264 + formatted video using an application linked against GStreamer, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GStreamer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.4.5" + + + + + CVE-2015-0797 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-08.xml new file mode 100644 index 0000000000..cdae042505 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-08.xml @@ -0,0 +1,59 @@ + + + + ClamAV: Multiple vulnerabilities + Multiple vulnerabilities have been found in ClamAV, possibly + resulting in Denial of Service. + + clamav + December 30, 2015 + December 30, 2015: 1 + 538084 + 548066 + local + + + 0.98.7 + 0.98.7 + + + +

ClamAV is a GPL virus scanner.

+ + +

Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause ClamAV to scan a specially crafted file, + possibly resulting in a Denial of Service condition or other unspecified + impact. +

+ + +

There is no known workaround at this time.

+ + +

All ClamAV users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98.7" + + + + CVE-2014-9328 + CVE-2015-1461 + CVE-2015-1462 + CVE-2015-1463 + CVE-2015-2170 + CVE-2015-2221 + CVE-2015-2222 + CVE-2015-2668 + + + BlueKnight + + ackle + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-09.xml new file mode 100644 index 0000000000..d1664156d2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-09.xml @@ -0,0 +1,54 @@ + + + + encfs: Multiple vulnerabilities + Multiple vulnerabilities have been found in encfs, the worst of + which can allow remote attackers to execute arbitrary code or cause a + Denial of Service condition. + + encfs + December 30, 2015 + December 30, 2015: 1 + 510290 + local + + + 1.7.5 + 1.7.5 + + + +

Encfs is an implementation of encrypted filesystem in user-space using + FUSE. +

+ + +

Multiple vulnerabilities have been discovered in encfs. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker can utilize a possible buffer overflow in the + encodeName method of StreamNameIO and BlockNameIO to execute arbitrary + code or cause a Denial of Service. Also multiple weak cryptographics + practices have been found in encfs. +

+ + +

There is no known workaround at this time.

+ + +

All encfs users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/encfs-1.7.5" + + + + + CVE-2014-3462 + + K_F + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-10.xml new file mode 100644 index 0000000000..d05e896bdb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-10.xml @@ -0,0 +1,178 @@ + + + + Mozilla Products: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox and + Thunderbird, the worst of which may allow user-assisted execution of + arbitrary code. + + thunderbird firefox + December 30, 2015 + December 31, 2015: 2 + 545232 + 554036 + 556942 + 564818 + 567298 + 568376 + remote + + + 38.5.0 + 38.5.0 + + + 38.5.0 + 38.5.0 + + + 38.5.0 + 38.5.0 + + + 38.5.0 + 38.5.0 + + + +

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an + open-source email client, both from the Mozilla Project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox and + Mozilla Thunderbird. Please review the CVE identifiers referenced below + for details. +

+ + +

A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0" + + +

All Firefox-bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0" + + +

All Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0" + + +

All Thunderbird-bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-38.5.0" + + + + + CVE-2015-0798 + CVE-2015-0799 + CVE-2015-0801 + CVE-2015-0802 + CVE-2015-0803 + CVE-2015-0804 + CVE-2015-0805 + CVE-2015-0806 + CVE-2015-0807 + CVE-2015-0808 + CVE-2015-0810 + CVE-2015-0811 + CVE-2015-0812 + CVE-2015-0813 + CVE-2015-0814 + CVE-2015-0815 + CVE-2015-0816 + CVE-2015-2706 + CVE-2015-2721 + CVE-2015-2722 + CVE-2015-2724 + CVE-2015-2725 + CVE-2015-2726 + CVE-2015-2727 + CVE-2015-2728 + CVE-2015-2729 + CVE-2015-2730 + CVE-2015-2731 + CVE-2015-2733 + CVE-2015-2734 + CVE-2015-2735 + CVE-2015-2736 + CVE-2015-2737 + CVE-2015-2738 + CVE-2015-2739 + CVE-2015-2740 + CVE-2015-2741 + CVE-2015-2742 + CVE-2015-2743 + CVE-2015-2808 + CVE-2015-4000 + CVE-2015-4153 + CVE-2015-4495 + CVE-2015-4513 + CVE-2015-4514 + CVE-2015-4515 + CVE-2015-4518 + CVE-2015-7181 + CVE-2015-7182 + CVE-2015-7183 + CVE-2015-7187 + CVE-2015-7188 + CVE-2015-7189 + CVE-2015-7191 + CVE-2015-7192 + CVE-2015-7193 + CVE-2015-7194 + CVE-2015-7195 + CVE-2015-7196 + CVE-2015-7197 + CVE-2015-7198 + CVE-2015-7199 + CVE-2015-7200 + CVE-2015-7201 + CVE-2015-7202 + CVE-2015-7203 + CVE-2015-7204 + CVE-2015-7205 + CVE-2015-7207 + CVE-2015-7208 + CVE-2015-7210 + CVE-2015-7211 + CVE-2015-7212 + CVE-2015-7213 + CVE-2015-7214 + CVE-2015-7215 + CVE-2015-7216 + CVE-2015-7217 + CVE-2015-7218 + CVE-2015-7219 + CVE-2015-7220 + CVE-2015-7221 + CVE-2015-7222 + CVE-2015-7223 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-11.xml new file mode 100644 index 0000000000..821694d24e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-11.xml @@ -0,0 +1,58 @@ + + + + Firebird: Buffer Overflow + A buffer overflow in Firebird might allow remote attackers to + execute arbitrary code. + + firebird + December 30, 2015 + December 30, 2015: 1 + 460780 + remote + + + 2.5.3.26780.0-r3 + 2.5.3.26780.0-r3 + + + +

Firebird is a multi-platform, open source relational database.

+ + +

The vulnerability is caused due to an error when processing requests + from remote clients. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Firebird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-db/firebird-2.5.3.26780.0-r3" + + +

NOTE: Firebird package was moved to the testing branch (unstable) of + Gentoo. There is currently no stable version of Firebird, and there will + be no further GLSAs for this package. +

+ + + CVE-2013-2492 + + + pinkbyte + + + pinkbyte + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-12.xml new file mode 100644 index 0000000000..e6c9ac71ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-12.xml @@ -0,0 +1,53 @@ + + + + KDE Systemsettings: Privilege escalation + Data validation in KDE Systemsettings could lead to local privilege + escalation. + + systemsettings + December 30, 2015 + December 30, 2015: 1 + 528468 + local + + + 4.11.13-r1 + 4.11.13-r1 + + + +

KDE workspace configuration module for setting the date and time has a + helper program + which runs as root for performing actions. +

+ + +

KDE Systemsettings fails to properly validate user input before passing + it as argument in context of higher privilege. +

+ + +

A local attacker could gain privileges via a crafted ntpUtility (ntp + utility name) argument. +

+ + +

Add a polkit rule to disable the org.kde.kcontrol.kcmclock.save action.

+ + +

All KDE Systemsettings users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=kde-base/systemsettings-4.11.13-r1" + + + + + CVE-2014-8651 + + Zlogene + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-13.xml new file mode 100644 index 0000000000..66778c4d33 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201512-13.xml @@ -0,0 +1,56 @@ + + + + InspIRCd: Multiple vulnerabilities + Multiple vulnerabilities have been found in InspIRCd, the worst + allowing remote attackers to execute arbitrary code. + + inspircd + December 30, 2015 + December 30, 2015: 1 + 545034 + 570244 + remote + + + 2.0.20 + 2.0.20 + + + +

InspIRCd is a modular Internet Relay Chat (IRC) server written in C++ + which was created from scratch to be stable, modern and lightweight. +

+ + +

Multiple vulnerabilities have been discovered in InspIRCd. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All InspIRCd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/inspircd-2.0.20" + + + + + CVE-2012-6697 + CVE-2015-6674 + CVE-2015-8702 + + + BlueKnight + + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-01.xml new file mode 100644 index 0000000000..f5ce4ed994 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-01.xml @@ -0,0 +1,66 @@ + + + + OpenSSH: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSH, allowing + attackers to leak client memory to a server, including private keys. + + openssh + January 16, 2016 + January 16, 2016: 1 + 571892 + remote + + + 7.1_p2 + 7.1_p2 + + + +

OpenSSH is a complete SSH protocol implementation that includes SFTP + client and server support. +

+ + +

Qualys have reported two issues in the “roaming” code included in + the OpenSSH client, which provides undocumented, experimental support for + resuming SSH connections. An OpenSSH client could be tricked into leaking + parts of its memory to a malicious server. Furthermore, a buffer overflow + can be exploited by a malicious server, but its exploitation requires + non-default options and is mitigated due to another bug. +

+ + +

A remote attacker could entice a user to connect to a specially crafted + OpenSSH server, possibly resulting in the disclosure of the user’s + private keys. Users with private keys that are not protected by a + passphrase are advised to generate new keys if they have connected to an + SSH server they don’t fully trust. +

+ +

Note that no special configuration is required to be vulnerable as the + roaming feature is enabled by default on the client. +

+ + +

The issues can be worked around by disabling the roaming code. To do so, + add “UseRoaming no” to the SSH client configuration, or specify “-o + ‘UseRoaming no’” on the command line. +

+ + +

All OpenSSH users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.1_p2" + + + + + CVE-2016-0777 + CVE-2016-0778 + + a3li + a3li + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-02.xml new file mode 100644 index 0000000000..962bf0a2fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-02.xml @@ -0,0 +1,67 @@ + + + + WebKitGTK+: Multiple vulnerabilities + Multiple vulnerabilities have been found in WebKitGTK+, allowing + remote attackers to execute arbitrary code or cause a Denial of Service + condition. + + webkit-gtk + January 26, 2016 + January 26, 2016: 1 + 536234 + remote + + + 2.4.9 + 2.4.9 + + + +

WebKitGTK+ is a full-featured port of the WebKit rendering engine.

+ + +

Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attack can use multiple vectors to execute arbitrary code or + cause a denial of service condition. +

+ + +

There is no known workaround at this time.

+ + +

All WebKitGTK+ 3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3" + + +

All WebKitGTK+ 2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-libs/webkit-gtk-2.4.9-r200:2" + + + + + CVE-2014-1344 + CVE-2014-1384 + CVE-2014-1385 + CVE-2014-1386 + CVE-2014-1387 + CVE-2014-1388 + CVE-2014-1389 + CVE-2014-1390 + + + BlueKnight + + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-03.xml new file mode 100644 index 0000000000..2cc5c4a8d5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-03.xml @@ -0,0 +1,152 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe flash + January 26, 2016 + January 26, 2016: 1 + 567838 + 570040 + remote + + + 11.2.202.559 + 11.2.202.559 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.559" + + + + + CVE-2015-8045 + CVE-2015-8047 + CVE-2015-8048 + CVE-2015-8049 + CVE-2015-8050 + CVE-2015-8055 + CVE-2015-8056 + CVE-2015-8057 + CVE-2015-8058 + CVE-2015-8059 + CVE-2015-8060 + CVE-2015-8061 + CVE-2015-8062 + CVE-2015-8063 + CVE-2015-8064 + CVE-2015-8065 + CVE-2015-8066 + CVE-2015-8067 + CVE-2015-8068 + CVE-2015-8069 + CVE-2015-8070 + CVE-2015-8071 + CVE-2015-8401 + CVE-2015-8402 + CVE-2015-8403 + CVE-2015-8404 + CVE-2015-8405 + CVE-2015-8406 + CVE-2015-8407 + CVE-2015-8408 + CVE-2015-8409 + CVE-2015-8410 + CVE-2015-8411 + CVE-2015-8412 + CVE-2015-8413 + CVE-2015-8414 + CVE-2015-8415 + CVE-2015-8416 + CVE-2015-8417 + CVE-2015-8418 + CVE-2015-8419 + CVE-2015-8420 + CVE-2015-8421 + CVE-2015-8422 + CVE-2015-8423 + CVE-2015-8424 + CVE-2015-8425 + CVE-2015-8426 + CVE-2015-8427 + CVE-2015-8428 + CVE-2015-8429 + CVE-2015-8430 + CVE-2015-8431 + CVE-2015-8432 + CVE-2015-8433 + CVE-2015-8434 + CVE-2015-8435 + CVE-2015-8436 + CVE-2015-8437 + CVE-2015-8438 + CVE-2015-8439 + CVE-2015-8440 + CVE-2015-8441 + CVE-2015-8442 + CVE-2015-8443 + CVE-2015-8443 + CVE-2015-8445 + CVE-2015-8446 + CVE-2015-8447 + CVE-2015-8448 + CVE-2015-8449 + CVE-2015-8450 + CVE-2015-8451 + CVE-2015-8452 + CVE-2015-8453 + CVE-2015-8454 + CVE-2015-8455 + CVE-2015-8459 + CVE-2015-8460 + CVE-2015-8635 + CVE-2015-8636 + CVE-2015-8638 + CVE-2015-8639 + CVE-2015-8640 + CVE-2015-8641 + CVE-2015-8642 + CVE-2015-8643 + CVE-2015-8644 + CVE-2015-8645 + CVE-2015-8646 + CVE-2015-8647 + CVE-2015-8648 + CVE-2015-8649 + CVE-2015-8650 + CVE-2015-8651 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-04.xml new file mode 100644 index 0000000000..8d4f797987 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-04.xml @@ -0,0 +1,49 @@ + + + + OpenSMTPD: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSMTPD, the worst + allowing remote attackers to execute arbitrary code. + + opensmtpd + January 27, 2016 + January 27, 2016: 1 + 562034 + 562290 + remote + + + 5.7.3_p1 + 5.7.3_p1 + + + +

OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD.

+ + +

Multiple vulnerabilities have been discovered in OpenSMTPD. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSMTPD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/opensmtpd-5.7.3_p1" + + + + + + mrueg + mrueg + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-05.xml new file mode 100644 index 0000000000..69223e829d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201601-05.xml @@ -0,0 +1,80 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSL, allowing + remote attackers to disclose sensitive information and complete weak + handshakes. + + openssl + January 29, 2016 + February 26, 2016: 3 + 572854 + remote + + + 1.0.2f + 1.0.1r + 1.0.1s + 1.0.1t + 0.9.8z_p8 + 0.9.8z_p9 + 0.9.8z_p10 + 0.9.8z_p11 + 0.9.8z_p12 + 0.9.8z_p13 + 0.9.8z_p14 + 0.9.8z_p15 + 1.0.2f + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL. Please review + the upstream advisory and CVE identifiers referenced below for details. + Note that the list includes CVE identifiers for an older OpenSSL Security + Advisory (3 Dec 2015) for which we have not issued a GLSA before. +

+ + +

A remote attacker could disclose a server’s private DH exponent, or + complete SSLv2 handshakes using ciphers that have been disabled on the + server. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2f" + + + + + CVE-2015-1794 + CVE-2015-3193 + CVE-2015-3194 + CVE-2015-3195 + CVE-2015-3196 + CVE-2015-3197 + CVE-2016-0701 + OpenSSL Security + Advisory [28th Jan 2016] + + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-01.xml new file mode 100644 index 0000000000..c23826c70d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-01.xml @@ -0,0 +1,93 @@ + + + + QEMU: Multiple vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which may allow a remote attacker to cause a Denial of Service or gain + elevated privileges from a guest VM. + + qemu + February 04, 2016 + February 04, 2016: 1 + 544328 + 549404 + 557206 + 558416 + 559656 + 560422 + 560550 + 560760 + 566792 + 567144 + 567828 + 567868 + 568214 + 568226 + 568246 + 569646 + 570110 + 570988 + 571562 + 571564 + 571566 + local, remote + + + 2.5.0-r1 + 2.5.0-r1 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker might cause a Denial of Service or gain escalated + privileges from a guest VM. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.5.0-r1" + + + + + CVE-2015-1779 + CVE-2015-3456 + CVE-2015-5225 + CVE-2015-5278 + CVE-2015-5279 + CVE-2015-5745 + CVE-2015-6815 + CVE-2015-6855 + CVE-2015-7295 + CVE-2015-7504 + CVE-2015-7512 + CVE-2015-7549 + CVE-2015-8345 + CVE-2015-8504 + CVE-2015-8556 + CVE-2015-8558 + CVE-2015-8567 + CVE-2015-8568 + CVE-2015-8666 + CVE-2015-8701 + CVE-2015-8743 + CVE-2015-8744 + CVE-2015-8745 + CVE-2016-1568 + + K_F + K_F + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-02.xml new file mode 100644 index 0000000000..2336c9d4da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-02.xml @@ -0,0 +1,116 @@ + + + + GNU C Library: Multiple vulnerabilities + Multiple vulnerabilities have been found in the GNU C library, the + worst allowing for remote execution of arbitrary code. + + glibc + February 17, 2016 + February 17, 2016: 1 + 516884 + 517082 + 521932 + 529982 + 532874 + 538090 + 538814 + 540070 + 541246 + 541542 + 547296 + 552692 + 574880 + local, remote + + + 2.21-r2 + 2.21-r2 + + + +

The GNU C library is the standard C library used by Gentoo Linux + systems. +

+ + +

Multiple vulnerabilities have been discovered in the GNU C Library:

+ +
    +
  • The Google Security Team and Red Hat discovered a stack-based buffer + overflow in the send_dg() and send_vc() functions due to a buffer + mismanagement when getaddrinfo() is called with AF_UNSPEC + (CVE-2015-7547). +
    • +
  • The strftime() function access invalid memory when passed + out-of-range data, resulting in a crash (CVE-2015-8776). +
    • +
  • An integer overflow was found in the __hcreate_r() function + (CVE-2015-8778). +
    • +
  • Multiple unbounded stack allocations were found in the catopen() + function (CVE-2015-8779). +
    • +
+ +

Please review the CVEs referenced below for additional vulnerabilities + that had already been fixed in previous versions of sys-libs/glibc, for + which we have not issued a GLSA before. +

+ + +

A remote attacker could exploit any application which performs host name + resolution using getaddrinfo() in order to execute arbitrary code or + crash the application. The other vulnerabilities can possibly be + exploited to cause a Denial of Service or leak information. +

+ + +

A number of mitigating factors for CVE-2015-7547 have been identified. + Please review the upstream advisory and references below. +

+ + +

All GNU C Library users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.21-r2" + + +

It is important to ensure that no running process uses the old glibc + anymore. The easiest way to achieve that is by rebooting the machine + after updating the sys-libs/glibc package. +

+ +

Note: Should you run into compilation failures while updating, please + see bug 574948. +

+ + + CVE-2013-7423 + CVE-2014-0475 + CVE-2014-0475 + CVE-2014-5119 + CVE-2014-6040 + CVE-2014-7817 + CVE-2014-8121 + CVE-2014-9402 + CVE-2015-1472 + CVE-2015-1781 + CVE-2015-7547 + CVE-2015-8776 + CVE-2015-8778 + CVE-2015-8779 + + Google Online Security Blog: "CVE-2015-7547: glibc getaddrinfo + stack-based buffer overflow" + + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-03.xml new file mode 100644 index 0000000000..bf7e97ac3d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201602-03.xml @@ -0,0 +1,61 @@ + + + + libwmf: Multiple vulnerabilities + Multiple vulnerabilities have been found in libwmf allowing remote + attackers to execute arbitrary code or cause Denial of Service. + + + February 27, 2016 + February 27, 2016: 3 + 551144 + 553818 + remote + + + 0.2.8.4-r6 + 0.2.8.4-r6 + + + +

libwmf is a library for converting WMF files.

+ + +

Multiple vulnerabilities have been discovered in libwmf. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause Denial of Service. +

+ + +

There is no known work around at this time.

+ + +

All libwmf users should upgrade to the latest version:

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r6" + + + + + CVE-2015-0848 + + + CVE-2015-4588 + + + CVE-2015-4695 + + + CVE-2015-4696 + + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-01.xml new file mode 100644 index 0000000000..db97228982 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-01.xml @@ -0,0 +1,62 @@ + + + + GIMP: Multiple vulnerabilities + GIMP is vulnerable to multiple buffer overflows which could result + in the execution of arbitrary code or Denial of Service. + + gimp + March 06, 2016 + May 04, 2016: 2 + 434582 + 493372 + remote + + + 2.8.0 + 2.8.0 + + + +

GIMP is a cross-platform image editor available for GNU/Linux, OS X, + Windows and more operating systems. +

+ + +

GIMP’s network server, scriptfu, is vulnerable to the remote execution + of arbitrary code via the python-fu-eval command due to not requiring + authentication. Additionally, the X Window Dump (XWD) plugin is + vulnerable to multiple buffer overflows possibly allowing the remote + execution of arbitrary code or Denial of Service. The XWD plugin is + vulnerable due to not validating large color entries. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process due or perform a Denial of Service. +

+ + +

There is no known work around at this time.

+ + +

All GIMP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.8.0" + + + + + CVE-2012-4245 + + CVE-2013-1913 + + + CVE-2013-1978 + + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-02.xml new file mode 100644 index 0000000000..5463f57ab2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-02.xml @@ -0,0 +1,48 @@ + + + + OSC: Shell command injection + OSC is vulnerable to the remote execution of arbitrary code. + + March 06, 2016 + March 06, 2016: 1 + 553606 + remote + + + 0.152.0 + 0.152.0 + + + +

OSC is the command line tool and API for the Open Build Service.

+ + +

A vulnerability has been discovered that may allow remote attackers to + execute arbitrary commands via shell metacharacters in a _service file. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process. +

+ + +

There is no known work around at this time.

+ + +

All OSC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/osc-0.152.0" + + + + CVE-2015-0778 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-03.xml new file mode 100644 index 0000000000..d3beb902ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-03.xml @@ -0,0 +1,60 @@ + + + + Roundcube: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Roundcube allowing + remote authenticated users to execute arbitrary code, inject arbitrary web + scripts, and perform cross-site scripting (XSS). + + roundcube + March 09, 2016 + March 09, 2016: 1 + 554866 + 564476 + 570336 + remote + + + 1.1.4 + 1.1.4 + + + +

Free and open source webmail software for the masses, written in PHP.

+ + +

Remote authenticated users with certain permissions can read arbitrary + files or possibly execute arbitrary code via .. in the _skin parameter to + index.php. Additionally, a cross-site scripting (XSS) vulnerability in + program/js/app.js allows remote authenticated users to inject arbitrary + web script or HTML via the file name in a drag-n-drop file upload. +

+ + +

A remote authenticated user could possibly execute arbitrary code with + the privileges of the process, inject arbitrary web scripts or HTML, read + arbitrary files, or perform XSS. +

+ + +

There is no known workaround at this time.

+ + +

All Roundcube users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/roundcube-1.1.4” + + + + + CVE-2015-8105 + + + CVE-2015-8770 + + + K_F + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-04.xml new file mode 100644 index 0000000000..9415916f96 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-04.xml @@ -0,0 +1,59 @@ + + + + FUSE: incorrect filtering of environment variables leading to + privilege escalation + + The fusermount binary in FUSE does not properly clear the + environment before invoking mount or umount as root that allows a local + user to overwrite arbitrary files. + + fuse + March 09, 2016 + March 09, 2016: 1 + 550152 + local + + + 2.9.4 + 2.9.4 + + + +

FUSE provides an interface for filesystems implemented in userspace.

+ + +

The fusermount binary calls setuid(geteuid()) to reset the RUID when it + invokes /bin/mount so that it can use privileged mount options that are + normally restricted if RUID != EUID. FUSE does not properly clear + environment variables before invoking mount or umount as root allowing + this to be passed to operations using elevated privileges such as + LIBMOUNT_MTAB that is used by the mount commands debugging feature. +

+ + +

The FUSE vulnerability allows a local, unprivileged user to overwrite + arbitrary files on the system. +

+ + +

There is no known work around at this time.

+ + +

All FUSE users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/fuse-2.9.4" + + + + + CVE-2015-3202 + + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-05.xml new file mode 100644 index 0000000000..1d39ac04a3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-05.xml @@ -0,0 +1,100 @@ + + + + LibreOffice, OpenOffice: Multiple vulnerabilities + Multiple vulnerabilities have been found in both LibreOffice and + OpenOffice allowing remote attackers to execute arbitrary code or cause + Denial of Service. + + + March 09, 2016 + March 09, 2016: 1 + 521136 + 522060 + 528438 + 534684 + 547880 + 547900 + 565028 + remote + + + 4.4.2 + 4.4.2 + + + 4.4.2 + 4.4.2 + + + 4.4.2 + 4.4.2 + + + 4.1.2 + 4.1.2 + + + +

Apache OpenOffice is the leading open-source office software suite for + word processing, spreadsheets, presentations, graphics, databases and + more. +

+ +

LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. +

+ + +

Multiple vulnerabilities were found in both LibreOffice and OpenOffice + that allow the remote execution of arbitrary code and potential Denial of + Service. These vulnerabilities may be exploited through multiple vectors + including crafted documents, link handling, printer setup in ODF document + types, DOC file formats, and Calc spreadsheets. Please review the + referenced CVE’s for specific information regarding each. +

+ + +

A remote attacker could entice a user to open a specially crafted file + using the LibreOffice or OpenOffice suite of software. Execution of + these attacks could possibly result in the execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known work around at this time.

+ + +

All LibreOffice users should upgrade their respective packages to the + latest version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.4.2" + # emerge --ask --oneshot --verbose + ">=app-office/libreoffice-bin-4.4.2"# emerge --ask --oneshot --verbose + ">=app-office/libreoffice-bin-debug-4.4.2" + + +

All OpenOffice users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2" + + + + CVE-2014-3524 + CVE-2014-3575 + CVE-2014-3693 + CVE-2014-9093 + CVE-2015-1774 + CVE-2015-4551 + CVE-2015-5212 + CVE-2015-5213 + CVE-2015-5214 + + K_F + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-06.xml new file mode 100644 index 0000000000..64b0718465 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-06.xml @@ -0,0 +1,124 @@ + + + + FFmpeg: Multiple vulnerabilities + Multiple vulnerabilities have been found in FFmpeg, the worst of + which could lead to arbitrary code execution or Denial of Service + condition. + + ffmpeg + March 12, 2016 + March 12, 2016: 1 + 485228 + 486692 + 488052 + 492742 + 493452 + 494038 + 515282 + 520132 + 536218 + 537558 + 548006 + 553734 + remote + + + 2.6.3 + 2.6.3 + + + +

FFmpeg is a complete, cross-platform solution to record, convert and + stream audio and video. +

+ + +

Multiple vulnerabilities have been discovered in FFmpeg. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All FFmpeg users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.6.3" + + + + CVE-2013-0860 + CVE-2013-0861 + CVE-2013-0862 + CVE-2013-0863 + CVE-2013-0864 + CVE-2013-0865 + CVE-2013-0866 + CVE-2013-0867 + CVE-2013-0868 + CVE-2013-0872 + CVE-2013-0873 + CVE-2013-0874 + CVE-2013-0875 + CVE-2013-0876 + CVE-2013-0877 + CVE-2013-0878 + CVE-2013-4263 + CVE-2013-4264 + CVE-2013-4265 + CVE-2013-7008 + CVE-2013-7009 + CVE-2013-7010 + CVE-2013-7011 + CVE-2013-7012 + CVE-2013-7013 + CVE-2013-7014 + CVE-2013-7015 + CVE-2013-7016 + CVE-2013-7017 + CVE-2013-7018 + CVE-2013-7019 + CVE-2013-7020 + CVE-2013-7021 + CVE-2013-7022 + CVE-2013-7023 + CVE-2013-7024 + CVE-2014-2097 + CVE-2014-2098 + CVE-2014-2263 + CVE-2014-5271 + CVE-2014-5272 + CVE-2014-7937 + CVE-2014-8541 + CVE-2014-8542 + CVE-2014-8543 + CVE-2014-8544 + CVE-2014-8545 + CVE-2014-8546 + CVE-2014-8547 + CVE-2014-8548 + CVE-2014-8549 + CVE-2014-9316 + CVE-2014-9317 + CVE-2014-9318 + CVE-2014-9319 + CVE-2014-9602 + CVE-2014-9603 + CVE-2014-9604 + CVE-2015-3395 + + + BlueKnight + + + BlueKnight + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-07.xml new file mode 100644 index 0000000000..0e607902ac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-07.xml @@ -0,0 +1,96 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + + March 12, 2016 + March 12, 2016: 1 + 574284 + 576980 + remote + + + 11.2.202.577 + 11.2.202.577 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.577" + + + + CVE-2016-0960 + CVE-2016-0961 + CVE-2016-0962 + CVE-2016-0963 + CVE-2016-0964 + CVE-2016-0965 + CVE-2016-0966 + CVE-2016-0967 + CVE-2016-0968 + CVE-2016-0969 + CVE-2016-0970 + CVE-2016-0971 + CVE-2016-0972 + CVE-2016-0973 + CVE-2016-0974 + CVE-2016-0975 + CVE-2016-0976 + CVE-2016-0977 + CVE-2016-0978 + CVE-2016-0979 + CVE-2016-0980 + CVE-2016-0981 + CVE-2016-0982 + CVE-2016-0983 + CVE-2016-0984 + CVE-2016-0985 + CVE-2016-0986 + CVE-2016-0987 + CVE-2016-0988 + CVE-2016-0989 + CVE-2016-0990 + CVE-2016-0991 + CVE-2016-0992 + CVE-2016-0993 + CVE-2016-0994 + CVE-2016-0995 + CVE-2016-0996 + CVE-2016-0997 + CVE-2016-0998 + CVE-2016-0999 + CVE-2016-1000 + CVE-2016-1001 + CVE-2016-1002 + CVE-2016-1005 + CVE-2016-1010 + + K_F + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-08.xml new file mode 100644 index 0000000000..26391272f4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-08.xml @@ -0,0 +1,92 @@ + + + + VLC: Multiple vulnerabilities + Multiple vulnerabilities have been found in VLC allowing remote + attackers to execute arbitrary code or cause Denial of Service. + + + March 12, 2016 + March 12, 2016: 1 + 534532 + 537154 + 542222 + 558418 + remote + + + 2.2.1-r1 + 2.2.1-r1 + + + +

VLC is a cross-platform media player and streaming server.

+ + +

Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +

+ + +

Remote attackers could possibly execute arbitrary code or cause Denial + of Service. +

+ + +

There is no known work around at this time.

+ + +

All VLC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.1-r1" + + + + CVE-2014-1684 + + CVE-2014-6440 + + + CVE-2014-9597 + + + CVE-2014-9598 + + + CVE-2014-9625 + + + CVE-2014-9626 + + + CVE-2014-9627 + + + CVE-2014-9628 + + + CVE-2014-9629 + + + CVE-2014-9630 + + + CVE-2015-1202 + + + CVE-2015-1203 + + + CVE-2015-5949 + + + CVE-2015-5949 + + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-09.xml new file mode 100644 index 0000000000..3d90e1d8b2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-09.xml @@ -0,0 +1,168 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in the Chromium web + browser, the worst of which allows remote attackers to execute arbitrary + code. + + + March 12, 2016 + March 12, 2016: 1 + 555640 + 559384 + 561448 + 563098 + 565510 + 567308 + 567870 + 568396 + 572542 + 574416 + 575434 + 576354 + 576858 + remote + + + 49.0.2623.87 + 49.0.2623.87 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ + +

Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-49.0.2623.87" + + + + CVE-2015-1270 + CVE-2015-1271 + CVE-2015-1272 + CVE-2015-1273 + CVE-2015-1274 + CVE-2015-1275 + CVE-2015-1276 + CVE-2015-1277 + CVE-2015-1278 + CVE-2015-1279 + CVE-2015-1280 + CVE-2015-1281 + CVE-2015-1282 + CVE-2015-1283 + CVE-2015-1284 + CVE-2015-1285 + CVE-2015-1286 + CVE-2015-1287 + CVE-2015-1288 + CVE-2015-1289 + CVE-2015-1291 + CVE-2015-1292 + CVE-2015-1293 + CVE-2015-1294 + CVE-2015-1295 + CVE-2015-1296 + CVE-2015-1297 + CVE-2015-1298 + CVE-2015-1299 + CVE-2015-1300 + CVE-2015-1302 + CVE-2015-1303 + CVE-2015-1304 + CVE-2015-6755 + CVE-2015-6756 + CVE-2015-6757 + CVE-2015-6758 + CVE-2015-6759 + CVE-2015-6760 + CVE-2015-6761 + CVE-2015-6762 + CVE-2015-6763 + CVE-2015-6764 + CVE-2015-6765 + CVE-2015-6766 + CVE-2015-6767 + CVE-2015-6768 + CVE-2015-6769 + CVE-2015-6770 + CVE-2015-6771 + CVE-2015-6772 + CVE-2015-6773 + CVE-2015-6774 + CVE-2015-6775 + CVE-2015-6776 + CVE-2015-6777 + CVE-2015-6778 + CVE-2015-6779 + CVE-2015-6780 + CVE-2015-6781 + CVE-2015-6782 + CVE-2015-6783 + CVE-2015-6784 + CVE-2015-6785 + CVE-2015-6786 + CVE-2015-6787 + CVE-2015-6788 + CVE-2015-6789 + CVE-2015-6790 + CVE-2015-6791 + CVE-2015-6792 + CVE-2015-8126 + CVE-2016-1612 + CVE-2016-1613 + CVE-2016-1614 + CVE-2016-1615 + CVE-2016-1616 + CVE-2016-1617 + CVE-2016-1618 + CVE-2016-1619 + CVE-2016-1620 + CVE-2016-1621 + CVE-2016-1622 + CVE-2016-1623 + CVE-2016-1624 + CVE-2016-1625 + CVE-2016-1626 + CVE-2016-1627 + CVE-2016-1628 + CVE-2016-1629 + CVE-2016-1630 + CVE-2016-1631 + CVE-2016-1632 + CVE-2016-1633 + CVE-2016-1634 + CVE-2016-1635 + CVE-2016-1636 + CVE-2016-1637 + CVE-2016-1638 + CVE-2016-1639 + CVE-2016-1640 + CVE-2016-1641 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-10.xml new file mode 100644 index 0000000000..60f735d519 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-10.xml @@ -0,0 +1,64 @@ + + + + QtGui: Multiple vulnerabilities + Multiple vulnerabilities have been found in QtGui allowing remote + attackers to execute arbitrary code or cause Denial of Service. + + + March 12, 2016 + March 12, 2016: 2 + 546174 + remote + + + 5.4.1-r1 + 4.8.6-r4 + 4.8.7 + 5.4.1-r1 + + + +

QtGui is the GUI module and platform plugins for the Qt framework

+ + +

Multiple buffer overflow vulnerabilities have been discovered in QtGui. + It is possible for remote attackers to construct specially crafted BMP, + ICO, or GIF images that lead to buffer overflows. After successfully + overflowing the buffer the remote attacker can then cause a Denial of + Service or execute arbitrary code. +

+ + +

A remote attacker could possibly execute arbitrary code or cause Denial + of Service. +

+ + +

There is no known work around at this time.

+ + +

All QtGui 4.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.6-r4" + + +

All QtGui 5.4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.4.1-r1" + + + + CVE-2015-1858 + CVE-2015-1859 + CVE-2015-1860 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-11.xml new file mode 100644 index 0000000000..7be2e078d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-11.xml @@ -0,0 +1,161 @@ + + + + Oracle JRE/JDK: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oracle's JRE and JDK + software suites allowing remote attackers to remotely execute arbitrary + code, obtain information, and cause Denial of Service. + + + March 12, 2016 + March 12, 2016: 1 + 525472 + 540054 + 546678 + 554886 + 563684 + 572432 + remote + + + 1.8.0.72 + 1.8.0.72 + + + 1.8.0.72 + 1.8.0.72 + + + +

Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +

+ + +

Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please + review the referenced CVE’s for additional information. +

+ + +

Remote attackers could gain access to information, remotely execute + arbitrary code, and cause Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All Oracle JRE Users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jre-bin-1.8.0.72" + + +

All Oracle JDK Users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jdk-bin-1.8.0.72" + + + + CVE-2015-0437 + CVE-2015-0437 + CVE-2015-0458 + CVE-2015-0459 + CVE-2015-0460 + CVE-2015-0469 + CVE-2015-0470 + CVE-2015-0477 + CVE-2015-0478 + CVE-2015-0480 + CVE-2015-0484 + CVE-2015-0486 + CVE-2015-0488 + CVE-2015-0491 + CVE-2015-0492 + CVE-2015-2590 + CVE-2015-2601 + CVE-2015-2613 + CVE-2015-2619 + CVE-2015-2621 + CVE-2015-2625 + CVE-2015-2627 + CVE-2015-2628 + CVE-2015-2632 + CVE-2015-2637 + CVE-2015-2638 + CVE-2015-2659 + CVE-2015-2664 + CVE-2015-4000 + CVE-2015-4729 + CVE-2015-4731 + CVE-2015-4732 + CVE-2015-4733 + CVE-2015-4734 + CVE-2015-4734 + CVE-2015-4736 + CVE-2015-4748 + CVE-2015-4760 + CVE-2015-4803 + CVE-2015-4803 + CVE-2015-4805 + CVE-2015-4805 + CVE-2015-4806 + CVE-2015-4806 + CVE-2015-4810 + CVE-2015-4810 + CVE-2015-4835 + CVE-2015-4835 + CVE-2015-4840 + CVE-2015-4840 + CVE-2015-4842 + CVE-2015-4842 + CVE-2015-4843 + CVE-2015-4843 + CVE-2015-4844 + CVE-2015-4844 + CVE-2015-4860 + CVE-2015-4860 + CVE-2015-4868 + CVE-2015-4868 + CVE-2015-4871 + CVE-2015-4871 + CVE-2015-4872 + CVE-2015-4872 + CVE-2015-4881 + CVE-2015-4881 + CVE-2015-4882 + CVE-2015-4882 + CVE-2015-4883 + CVE-2015-4883 + CVE-2015-4893 + CVE-2015-4893 + CVE-2015-4901 + CVE-2015-4901 + CVE-2015-4902 + CVE-2015-4902 + CVE-2015-4903 + CVE-2015-4903 + CVE-2015-4906 + CVE-2015-4906 + CVE-2015-4908 + CVE-2015-4908 + CVE-2015-4911 + CVE-2015-4911 + CVE-2015-4916 + CVE-2015-4916 + CVE-2015-7840 + CVE-2015-7840 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-12.xml new file mode 100644 index 0000000000..02adf0d45a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-12.xml @@ -0,0 +1,77 @@ + + + + FlightGear, SimGear: Multiple vulnerabilities + Multiple vulnerabilities have been found in FlightGear and SimGear + allowing remote attackers to cause Denial of Service and possibly execute + arbitrary code. + + flightgear, simgear + March 12, 2016 + March 12, 2016: 1 + 426502 + 468106 + remote + + + 3.4.0 + 3.4.0 + + + 3.4.0 + 3.4.0 + + + +

FlightGear is an open-source flight simulator. It supports a variety of + popular platforms (Windows, Mac, Linux, etc.) and is developed by skilled + volunteers from around the world. Source code for the entire project is + available and licensed under the GNU General Public License. +

+ +

SimGear is a set of open-source libraries designed to be used as + building blocks for quickly assembling 3d simulations, games, and + visualization applications. +

+ + +

Multiple format string vulnerabilities in FlightGear and SimGear allow + user-assisted remote attackers to cause a denial of service and possibly + execute arbitrary code via format string specifiers in certain data chunk + values in an aircraft xml model. +

+ + +

Remote attackers could possibly execute arbitrary code or cause Denial + of Service. +

+ + +

There is no known workaround at this time.

+ + +

All Flightgear users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=games-simulation/flightgear-3.4.0" + + +

All Simgear users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-simulation/simgear-3.4.0" + + + + + CVE-2012-2090 + CVE-2012-2091 + + + pinkbyte + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-13.xml new file mode 100644 index 0000000000..03a3682cd7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-13.xml @@ -0,0 +1,57 @@ + + + + Libreswan: Multiple Vulnerabilities + Multiple vulnerabilities have been found in libreSwan possibly + resulting in Denial of Service. + + + March 12, 2016 + March 12, 2016: 1 + 550974 + 558692 + remote + + + 3.15 + 3.15 + + + +

Libreswan is a free software implementation of the most widely supported + and standarized VPN protocol based on (“IPsec”) and the Internet Key + Exchange (“IKE”). +

+ + +

The pluto IKE daemon in Libreswan, when built with NSS, allows remote + attackers to cause a Denial of Service (assertion failure and daemon + restart) via a zero DH g^x value in a KE payload in a IKE packet. + Additionally, remote attackers could cause a Denial of Service (daemon + restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC + DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. +

+ + +

Remote attackers could possibly cause Denial of Service.

+ + +

There is no known workaround at this time.

+ + +

All Libreswan users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/libreswan-3.15" + + + + CVE-2015-3204 + CVE-2015-3240 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-14.xml new file mode 100644 index 0000000000..273b8f1992 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-14.xml @@ -0,0 +1,137 @@ + + + + IcedTea: Multiple vulnerabilities + Multiple vulnerabilities have been found in IcedTea allowing remote + attackers to affect confidentiality, integrity, and availability through + various vectors. + + + March 12, 2016 + April 19, 2016: 2 + 537940 + 559532 + 565842 + 567850 + 572716 + remote + + + 7.2.6.4 + 6.1.13.9 + 6 + 7.2.6.4 + + + 7.2.6.4 + 6.1.13.9 + 6 + 7.2.6.4 + + + +

IcedTea’s aim is to provide OpenJDK in a form suitable for easy + configuration, compilation and distribution with the primary goal of + allowing inclusion in GNU/Linux distributions. +

+ + +

Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, + Libraries, and JAXP, exist which allows remote attackers to affect the + confidentiality, integrity, and availability of vulnerable systems. This + includes the possibility of remote execution of arbitrary code, + information disclosure, or Denial of Service. Many of the + vulnerabilities can only be exploited through sandboxed Java Web Start + applications and java applets. Please reference the CVEs listed for + specific details. +

+ + +

Remote attackers may remotely execute arbitrary code, compromise + information, or cause Denial of Service. +

+ + +

There is no known work around at this time.

+ + +

IcedTea 7.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.4" + + +

IcedTea bin 7.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.4" + + +

IcedTea 6.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/icedtea-6.1.13.9" + + +

IcedTea bin 6.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.9" + + + + CVE-2014-6585 + CVE-2014-6587 + CVE-2014-6591 + CVE-2014-6593 + CVE-2014-6601 + CVE-2015-0383 + CVE-2015-0395 + CVE-2015-0400 + CVE-2015-0407 + CVE-2015-0408 + CVE-2015-0412 + CVE-2015-2590 + CVE-2015-2601 + CVE-2015-2613 + CVE-2015-2621 + CVE-2015-2625 + CVE-2015-2628 + CVE-2015-2632 + CVE-2015-4731 + CVE-2015-4732 + CVE-2015-4733 + CVE-2015-4734 + CVE-2015-4748 + CVE-2015-4749 + CVE-2015-4760 + CVE-2015-4803 + CVE-2015-4805 + CVE-2015-4806 + CVE-2015-4835 + CVE-2015-4840 + CVE-2015-4842 + CVE-2015-4843 + CVE-2015-4844 + CVE-2015-4860 + CVE-2015-4871 + CVE-2015-4872 + CVE-2015-4881 + CVE-2015-4882 + CVE-2015-4883 + CVE-2015-4893 + CVE-2015-4903 + CVE-2015-4911 + CVE-2016-0402 + CVE-2016-0448 + CVE-2016-0466 + CVE-2016-0483 + CVE-2016-0494 + + K_F + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-15.xml new file mode 100644 index 0000000000..f2f0afd685 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201603-15.xml @@ -0,0 +1,81 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSL, the worst + allowing remote attackers to decrypt TLS sessions. + + openssl + March 20, 2016 + March 20, 2016: 1 + 575548 + remote + + + 1.0.2g-r2 + 1.0.2g-r2 + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL, the worst + being a cross-protocol attack called DROWN that could lead to the + decryption of TLS sessions. Please review the CVE identifiers referenced + below for details. +

+ + +

A remote attacker could decrypt TLS sessions by using a server + supporting SSLv2 and EXPORT cipher suites as a + Bleichenbacher RSA padding oracle, cause a Denial of Service condition, + obtain sensitive information from memory and (in rare circumstances) + recover RSA keys. +

+ + +

A workaround for DROWN is disabling the SSLv2 protocol on all SSL/TLS + servers. +

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2g-r2" + + +

Please note that beginning with OpenSSL 1.0.2, in order to mitigate the + DROWN attack, the OpenSSL project disables SSLv2 by default at + build-time. As this change would cause severe issues with some Gentoo + packages that depend on OpenSSL, Gentoo still ships OpenSSL with SSLv2 + enabled at build-time. Note that this does not mean that you are still + vulnerable to DROWN because the OpenSSL project has taken further + precautions and applications would need to explicitly request SSLv2. We + are working on a migration path to phase out SSLv2 that ensures that no + user-facing issues occur. Please reference bug 576128 for further details + on how this decision was made. +

+ + + CVE-2016-0702 + CVE-2016-0703 + CVE-2016-0704 + CVE-2016-0705 + CVE-2016-0797 + CVE-2016-0798 + CVE-2016-0799 + CVE-2016-0800 + + + keytoaster + + + keytoaster + + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-01.xml new file mode 100644 index 0000000000..568ca4e21f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-01.xml @@ -0,0 +1,69 @@ + + + + QEMU: Multiple vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which could lead to arbitrary code execution, or cause a Denial of Service + condition. + + QEMU + April 02, 2016 + April 02, 2016: 1 + 569118 + 569300 + 571560 + 572082 + 572412 + 572454 + 573280 + 573314 + 574902 + 575492 + 576420 + local + + + 2.5.0-r2 + 2.5.0-r2 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

Local users within a guest QEMU environment can execute arbitrary code + within the host or a cause a Denial of Service condition of the QEMU + guest process. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.5.0-r2" + + + + CVE-2015-8613 + CVE-2015-8619 + CVE-2016-1714 + CVE-2016-1922 + CVE-2016-1981 + CVE-2016-2197 + CVE-2016-2198 + CVE-2016-2392 + CVE-2016-2538 + CVE-2016-2858 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-02.xml new file mode 100644 index 0000000000..e73c072d47 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-02.xml @@ -0,0 +1,54 @@ + + + + Xalan-Java: Arbitrary code execution + Insufficient constraints in Apache's Xalan-Java might allow remote + attackers to execute arbitrary code and load arbitrary classes. + + xalan-java + April 02, 2016 + April 02, 2016: 1 + 505602 + remote + + + 2.7.2 + 2.7.2 + + + +

Xalan-Java is an XSLT processor for transforming XML documents into + HTML, text, or other XML document types. +

+ + +

The TransformerFactory in Apache Xalan-Java does not properly restrict + access to certain properties when FEATURE_SECURE_PROCESSING is enabled. + This can also be exploited via a Java property that is bound to the XSLT + 1.0 system-property function. +

+ + +

A remote attacker could inject specially crafted XSLT properties + resulting in the execution of arbitrary code with the privileges of the + process. +

+ + +

There is no known work around at this time.

+ + +

All Xalan-Java users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/xalan-2.7.2" + + + + + CVE-2014-0107 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-03.xml new file mode 100644 index 0000000000..f593a0f557 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-03.xml @@ -0,0 +1,159 @@ + + + + Xen: Multiple vulnerabilities + Multiple vulnerabilities have been found in Xen, the worst of which + cause a Denial of Service. + + xen + April 05, 2016 + April 05, 2016: 1 + 445254 + 513832 + 547202 + 549200 + 549950 + 550658 + 553664 + 553718 + 555532 + 556304 + 561110 + 564472 + 564932 + 566798 + 566838 + 566842 + 567962 + 571552 + 571556 + 574012 + local + + + 4.6.0-r9 + 4.5.2-r5 + 4.6.0-r9 + + + 4.6.0 + + + 4.6.0-r9 + 4.5.2-r5 + 4.6.0-r9 + + + 4.6.0 + 4.5.2 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +

+ + +

A local attacker could possibly cause a Denial of Service condition or + obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Xen 4.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5" + + +

All Xen 4.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9" + + +

All Xen tools 4.5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.5.2-r5" + + +

All Xen tools 4.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.6.0-r9" + + +

All Xen pvgrub users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0" + + + + CVE-2012-3494 + CVE-2012-3495 + CVE-2012-3496 + CVE-2012-3497 + CVE-2012-3498 + CVE-2012-3515 + CVE-2012-4411 + CVE-2012-4535 + CVE-2012-4536 + CVE-2012-4537 + CVE-2012-4538 + CVE-2012-4539 + CVE-2012-6030 + CVE-2012-6031 + CVE-2012-6032 + CVE-2012-6033 + CVE-2012-6034 + CVE-2012-6035 + CVE-2012-6036 + CVE-2015-2151 + CVE-2015-3209 + CVE-2015-3259 + CVE-2015-3340 + CVE-2015-3456 + CVE-2015-4103 + CVE-2015-4104 + CVE-2015-4105 + CVE-2015-4106 + CVE-2015-4163 + CVE-2015-4164 + CVE-2015-5154 + CVE-2015-7311 + CVE-2015-7504 + CVE-2015-7812 + CVE-2015-7813 + CVE-2015-7814 + CVE-2015-7835 + CVE-2015-7871 + CVE-2015-7969 + CVE-2015-7970 + CVE-2015-7971 + CVE-2015-7972 + CVE-2015-8339 + CVE-2015-8340 + CVE-2015-8341 + CVE-2015-8550 + CVE-2015-8551 + CVE-2015-8552 + CVE-2015-8554 + CVE-2015-8555 + CVE-2016-2270 + CVE-2016-2271 + + K_F + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-04.xml new file mode 100644 index 0000000000..0c61a70b85 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-04.xml @@ -0,0 +1,60 @@ + + + + libksba: Multiple vulnerabilities + Multiple vulnerabilities have been found in libksba, allowing a + possible Denial of Service and unspecified other vectors through integer + overflows. + + libksba + April 26, 2016 + April 26, 2016: 1 + 546464 + remote + + + 1.3.3 + 1.3.3 + + + +

Libksba is a X.509 and CMS (PKCS#7) library.

+ + +

libksba is vulnerable to two integer overflows and a Denial of Service + vulnerability. Please read the references for additional details. +

+ + +

Remote attackers could cause Denial of Service or unspecified other + vectors through various integer overflows. +

+ + +

There is no known workaround at this time.

+ + +

All libksba users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.3.3" + + + + + + Denial of Service due to stack overflow in src/ber-decoder.c + + + Integer overflow in the BER decoder src/ber-decoder.c + + + Integer overflow in the DN decoder src/dn.c + + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-05.xml new file mode 100644 index 0000000000..5293801892 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201604-05.xml @@ -0,0 +1,93 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark, allowing + local attackers to escalate privileges and remote attackers to cause Denial + of Service. + + + April 26, 2016 + April 26, 2016: 1 + 570564 + 575780 + local, remote + + + 2.0.2 + 2.0.2 + + + +

Wireshark is a network protocol analyzer formerly known as ethereal.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

Remote attackers could cause Denial of Service and local attackers could + escalate privileges. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-2.0.2" + + + + CVE-2015-8711 + CVE-2015-8712 + CVE-2015-8713 + CVE-2015-8714 + CVE-2015-8715 + CVE-2015-8716 + CVE-2015-8717 + CVE-2015-8718 + CVE-2015-8719 + CVE-2015-8720 + CVE-2015-8721 + CVE-2015-8722 + CVE-2015-8723 + CVE-2015-8724 + CVE-2015-8725 + CVE-2015-8726 + CVE-2015-8727 + CVE-2015-8728 + CVE-2015-8729 + CVE-2015-8730 + CVE-2015-8731 + CVE-2015-8732 + CVE-2015-8733 + CVE-2015-8734 + CVE-2015-8735 + CVE-2015-8736 + CVE-2015-8737 + CVE-2015-8738 + CVE-2015-8739 + CVE-2015-8740 + CVE-2015-8741 + CVE-2015-8742 + CVE-2016-2521 + CVE-2016-2522 + CVE-2016-2523 + CVE-2016-2524 + CVE-2016-2525 + CVE-2016-2526 + CVE-2016-2527 + CVE-2016-2528 + CVE-2016-2529 + CVE-2016-2530 + CVE-2016-2531 + CVE-2016-2532 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-01.xml new file mode 100644 index 0000000000..343e5b0dc1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-01.xml @@ -0,0 +1,66 @@ + + + + Git: Multiple vulnerabilities + Git contains multiple vulnerabilities that allow for the remote + execution of arbitrary code. + + + May 02, 2016 + May 02, 2016: 1 + 562884 + 577482 + remote + + + 2.7.3-r1 + 2.7.3-r1 + + + +

Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +

+ + +

Git is vulnerable to the remote execution of arbitrary code by cloning + repositories with large filenames or a large number of nested trees. + Additionally, some protocols within Git, such as git-remote-ext, can + execute arbitrary code found within URLs. These URLs that submodules use + may come from arbitrary sources (e.g., .gitmodules files in a remote + repository), and can effect those who enable recursive fetch. Restrict + the allowed protocols to well known and safe ones. +

+ + +

Remote attackers could execute arbitrary code on both client and server.

+ + +

There is no known workaround at this time.

+ + +

All Git users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.7.3-r1" + + + + Buffer overflow in all + git versions before 2.7.1 + + CVE-2015-7545 + + CVE-2016-2315 + + + CVE-2016-2324 + + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-02.xml new file mode 100644 index 0000000000..a2a670edae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-02.xml @@ -0,0 +1,83 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in the Chromium web + browser, the worst of which allows remote attackers to execute arbitrary + code. + + + May 14, 2016 + May 14, 2016: 1 + 578200 + 579954 + 581524 + 582828 + remote + + + 50.0.2661.102 + 50.0.2661.102 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ + +

Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-50.0.2661.102" + + + + + CVE-2016-1646 + CVE-2016-1647 + CVE-2016-1648 + CVE-2016-1649 + CVE-2016-1650 + CVE-2016-1651 + CVE-2016-1652 + CVE-2016-1653 + CVE-2016-1654 + CVE-2016-1655 + CVE-2016-1656 + CVE-2016-1657 + CVE-2016-1658 + CVE-2016-1659 + CVE-2016-1660 + CVE-2016-1661 + CVE-2016-1662 + CVE-2016-1663 + CVE-2016-1664 + CVE-2016-1665 + CVE-2016-1666 + + CVE-2016-1667 + + CVE-2016-1668 + CVE-2016-1669 + CVE-2016-1670 + CVE-2016-1671 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk new file mode 100644 index 0000000000..50b50e6704 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -0,0 +1 @@ +Tue, 17 May 2016 17:40:45 +0000