Home · Compatibility Lists · Support Forums · FAQ · News Archive · Articles · Submit News/Upcoming News
Linux Compatible
advertisement


Latest Linux News

ATI Radeon HD 4870 On Linux
CESA-2008:0521-03: Low Ce...
CESA-2008:0547-01: Critic...
RHSA-2008:0549-01 Critica...
RHSA-2008:0510-01 Moderat...
RHSA-2008:0569-01 Critica...
RHSA-2008:0505-01 Moderat...
RHSA-2008:0547-01 Critica...
USN-619-1: Firefox vulner...
Intel Core 2 Duo E8400 Li...

Latest Threads

[Security Announce] [ MDV...
News - Crucial Ballistix ...
Point of View GeForce GTX...
Digit-Life Review: AMD 78...
Celeron, Pentium Dual Cor...
Marware announces Sportfo...
Sudden Strike 3: Arms for...
Marware announces Sportfo...
XTracPads Micro @ Tech-Re...
BIOS REVIEW: MSI P45 Neo3...

Latest Web News

32bit Web Browser 08.07.01
Undelete Plus 2.95
XTracPads Micro Review
MSI P45 Neo3 Motherboard ...
ECS Factory Tour
Noiseblocker BlackSilent ...
Iconix eMail ID 3.57.1.4
Driver Magician Lite 3.40
Alchemy Eye 9.3
Stickman 5.2.7

Latest Mac News

Synchronize! X Pro 6.0.2
DiskCatalogMaker X 5.0
FilePathCM 1.0.8
iDefrag 1.6.6
Secrets 1.0.5
Apple lops $500 off the p...
UK Entrepreneurs Eye iPod...
Apple accidently ships Mo...
Challenges ahead as Apple...
Purify 2.1.1

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Advertisement

Topics

Linux
Reviews
Guides
GNOME
KDE
Red Hat
Debian
Mandriva
Ubuntu
CentOS
Gentoo
SUSE
Slackware
General

News Feeds

Handheld/PDA
XML News Feeds
View Sidebar
Mozilla Sidebar

Appearance

Default
Default Bold
Wide
Wide Bold

Links

HDTV.Esselbach.at
Links Page

GLSA 200805-11 Chicken: Multiple vulnerabilities
Posted by Bob on: 2008-05-12 23:25:02 [ Print | Permalink ]

A new security update has been released for Gentoo Linux - Chicken: Multiple vulnerabilities. Here the announcement:

"Gentoo Linux Security Advisory GLSA 200805-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Chicken: Multiple vulnerabilities
Date: May 12, 2008
Bugs: #198979
ID: 200805-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in Chicken could result in the execution of
arbitrary code.

Background
==========

Chicken is a Scheme interpreter and native Scheme to C compiler.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-scheme/chicken < 3.1.0 >= 3.1.0

Description
===========

Chicken includes a copy of PCRE which is vulnerable to multiple buffer
overflows and memory corruption vulnerabilities (GLSA 200711-30).

Impact
======

An attacker could entice a user to process specially crafted regular
expressions with Chicken, which could possibly lead to the execution of
arbitrary code, a Denial of Service or the disclosure of sensitive
information.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chicken users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-scheme/chicken-3.1.0"

References
==========

[ 1 ] GLSA 200711-30
http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200805-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
"

Digg it! Slashdot Del.icio.us Technorati Fark it! Binklist Furl Newsvine Windows Live Netscape Google Bookmarks Reddit! LinkaGoGo Tailrank Wink Dzone Simpy Spurl Yahoo! MyWeb NetVouz RawSugar Smarking Scuttle Magnolia BlogMarks Nowpublic FeedMeLinks Wists Onlywire Connotia Shadows Co.mments
News Source: Gentoo

Related Stories RSS

- GLSA 200807-02 Motion: Execution of arbitrary code (07/01/2008 02:15 pm)
- GLSA 200807-01 Python: Multiple integer overflows (07/01/2008 02:00 pm)
- GLSA 200806-11 IBM JDK/JRE: Multiple vulnerabilities (06/25/2008 12:45 pm)
- GLSA 200806-10 FreeType: User-assisted execution of arbitrary code (06/24/2008 02:10 am)
- GLSA 200806-09 libvorbis: Multiple vulnerabilities (06/24/2008 01:30 am)
- GLSA 200806-08 OpenSSL: Denial of Service (06/24/2008 12:55 am)
- GLSA 200806-07 X.Org X server: Multiple vulnerabilities (06/19/2008 08:15 pm)
- GLSA 200806-06 Evolution: User-assisted execution of arbitrary code (06/16/2008 11:05 pm)
- GLSA 200806-05 cbrPager: User-assisted execution of arbitrary code (06/16/2008 10:50 pm)
- GLSA 200806-04 rdesktop: Multiple vulnerabilities (06/14/2008 09:20 pm)
- GLSA 200806-03 Imlib 2: User-assisted execution of arbitrary code (06/08/2008 10:15 pm)
- GLSA 200806-02 libxslt: Execution of arbitrary code (06/03/2008 08:40 pm)
- GLSA 200806-01 mtr: Stack-based buffer overflow (06/03/2008 06:00 pm)
- GLSA 200805-23 Samba: Heap-based buffer overflow (05/29/2008 05:05 pm)
- GLSA 200805-22 MPlayer: User-assisted execution of arbitrary code (05/29/2008 04:55 pm)
- GLSA 200805-21 Roundup: Permission bypass (05/27/2008 11:55 pm)
- GLSA 200805-20 GnuTLS: Execution of arbitrary code (05/22/2008 12:15 am)
- GLSA 200805-19 ClamAV: Multiple vulnerabilities (05/21/2008 12:25 am)
- GLSA 200805-18 Mozilla products: Multiple vulnerabilities (05/20/2008 11:45 pm)
- GLSA 200805-17 Perl: Execution of arbitrary code (05/20/2008 10:00 pm)
- GLSA 200805-16 OpenOffice.org: Multiple vulnerabilities (05/14/2008 08:30 pm)

Related Threads RSS

- [gentoo-announce] [ GLSA 200807-02 ] Motion: Execution of arbitrary code (07/01/2008 02:14 pm)
- [gentoo-announce] [ GLSA 200807-01 ] Python: Multiple integer overflows (07/01/2008 02:07 pm)
- [gentoo-announce] [ GLSA 200806-11 ] IBM JDK/JRE: Multiple vulnerabilities (06/25/2008 12:42 pm)
- [gentoo-announce] [ GLSA 200806-10 ] FreeType: User-assisted execution of arbitrary code (06/24/2008 02:14 am)
- [gentoo-announce] [ GLSA 200806-09 ] libvorbis: Multiple vulnerabilities (06/24/2008 01:35 am)
- [gentoo-announce] [ GLSA 200806-08 ] OpenSSL: Denial of Service (06/24/2008 12:56 am)
- [gentoo-announce] [ GLSA 200806-07 ] X.Org X server: Multiple vulnerabilities (06/19/2008 08:14 pm)
- [gentoo-announce] [ GLSA 200806-06 ] Evolution: User-assisted execution of arbitrary code (06/16/2008 11:00 pm)
- [gentoo-announce] [ GLSA 200806-05 ] cbrPager: User-assisted execution of arbitrary code (06/16/2008 10:49 pm)
- [gentoo-announce] [ GLSA 200806-04 ] rdesktop: Multiple vulnerabilities (06/14/2008 09:21 pm)
- [gentoo-announce] [ GLSA 200806-03 ] Imlib 2: User-assisted execution of arbitrary code (06/08/2008 10:14 pm)
- [gentoo-announce] [ GLSA 200806-02 ] libxslt: Execution of arbitrary code (06/03/2008 08:42 pm)
- [gentoo-announce] [ GLSA 200806-01 ] mtr: Stack-based buffer overflow (06/03/2008 06:00 pm)
- [gentoo-announce] [ GLSA 200805-23 ] Samba: Heap-based buffer overflow (05/29/2008 05:07 pm)
- [gentoo-announce] [ GLSA 200805-22 ] MPlayer: User-assisted execution of arbitrary code (05/29/2008 04:56 pm)
- [gentoo-announce] [ GLSA 200805-21 ] Roundup: Permission bypass (05/27/2008 11:56 pm)
- [gentoo-announce] [ GLSA 200805-20 ] GnuTLS: Execution of arbitrary code (05/22/2008 12:14 am)
- [gentoo-announce] [ GLSA 200805-19 ] ClamAV: Multiple vulnerabilities (05/21/2008 12:21 am)
- [gentoo-announce] [ GLSA 200805-18 ] Mozilla products: Multiple vulnerabilities (05/20/2008 11:42 pm)
- [gentoo-announce] [ GLSA 200805-17 ] Perl: Execution of arbitrary code (05/20/2008 09:56 pm)

Post New Comment
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2008 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Website powered by Esselbach Storyteller CMS System