Home · Compatibility Lists · Support Forums · FAQ · News Archive · Articles · Submit News/Upcoming News

Linux Compatible

advertisement

Latest Linux News

Wine 1.1.9
Fedora 11 Proposed Schedule
CESA-2008:0972 Important ...
CESA-2008:0972 Important ...
RHSA-2008:0976-01 Moderat...
USN-674-1: HPLIP vulnerab...
Exciting Features For Ubu...
DSA 1667-1: New python2.4...
RHSA-2008:0972-01 Importa...
CESA-2008:0977 Critical C...

Latest Threads

AMD Phenom II, Dragon Pla...
IN WIN Na eSATA & USB 2.0...
Far Cry 2 Hardware Perfor...
[Security Announce] [ MDV...
Top Holiday Games of 2008...
advanced bios help
Return to Krondor & Betra...
Antec Signature 650 Power...
[Security Announce] [ MDV...
Running Windows 3.1 in Do...

Latest Web News

Sleek-Audio Custom Earpho...
SpeedFan 4.37
Slim Browser 4.11 Build 018
Wise Registry Cleaner 3.81
The HP Mini 1000 - 2nd Ge...
GTX 260 V Radeon 4870 (dr...
2008 Holiday ANTI-Shoppin...
Eagle iNeo I-NA303USUE 3....
ASUS Rampage II Extreme X...
Cyber Snipa PC Game Pad 2...

Latest Mac News

Apple, Palm taking differ...
iPhone Update Soups Up St...
Apple updates Final Cut P...
EasyBatch 1.0
Apple releases iPhone Sof...
Mac Bloggers Dig Psystar'...
Apple iTunes 8.0.2
Apple Pro Applications Up...
Apple iPhone Update (via ...
Vuze (was Azureus) 4.0.0.4

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Advertisement

Topics

Linux
Reviews
Guides
GNOME
KDE
Red Hat
Debian
Mandriva
Ubuntu
CentOS
Gentoo
SUSE
Slackware
General

News Feeds

Handheld/PDA
XML News Feeds
View Sidebar
Mozilla Sidebar

Appearance

Default
Default Bold
Wide
Wide Bold

Links

HDTV.Esselbach.at
Links Page

GLSA 200807-15 Pan: User-assisted execution of arbitrary code
Posted by Bob on: 2008-07-31 20:45:02 [ Print | Permalink ]

A new security update has been released for Gentoo Linux - Pan: User-assisted execution of arbitrary code. Here the announcement:

"Gentoo Linux Security Advisory GLSA 200807-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/=

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Pan: User-assisted execution of arbitrary code
Date: July 31, 2008
Bugs: #224051
ID: 200807-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A buffer overflow vulnerability in Pan may allow remote attacker to
execute arbitrary code.

Background
==========

Pan is a newsreader for the GNOME desktop.

Affected packages
=================

-------------------------------------------------------------------=

Package / Vulnerable / Unaffected
-------------------------------------------------------------------=

1 net-nntp/pan < 0.132-r3 >= 0.132-r=
3
*>= 0.14.2.91-r=
2
== 0.1=
4.2

Description
===========

Pavel Polischouk reported a boundary error in the PartsBatch class when
processing .nzb files.

Impact
======

A remote attacker could entice a user to open a specially crafted .nzb
file, possibly resulting in the remote execution of arbitrary code with
the privileges of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Pan users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nntp/pan-0.132-r3"

References
==========

[ 1 ] CVE-2008-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200807-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
"

Digg it!

Slashdot

Del.icio.us

Technorati

Fark it!

Binklist

Furl

Newsvine

Windows Live

Netscape

Google Bookmarks

Reddit!

LinkaGoGo

Tailrank

Wink

Dzone

Simpy

Spurl

Yahoo! MyWeb

NetVouz

RawSugar

Smarking

Scuttle

Magnolia

BlogMarks

Nowpublic

FeedMeLinks

Wists

Onlywire

Connotia

Shadows

Co.mments

News Source: Gentoo

Related Stories

- GLSA 200811-05 PHP: Multiple vulnerabilities (11/16/2008 05:15 pm)
- GLSA 200811-04 Graphviz: User-assisted execution of arbitrary code (11/09/2008 10:15 pm)
- GLSA 200811-03 FAAD2: User-assisted execution of arbitrary code (11/09/2008 10:10 pm)
- GLSA 200811-02 Gallery: Multiple vulnerabilities (11/09/2008 10:05 pm)
- GLSA 200811-01 Opera: Multiple vulnerabilities (11/03/2008 08:05 pm)
- GLSA 200810-03 libspf2: DNS response buffer overflow (10/30/2008 11:25 pm)
- GLSA 200810-01 WordNet: Execution of arbitrary code (10/09/2008 08:10 pm)
- GLSA 200810-02 Portage: Untrusted search path local root vulnerability (10/09/2008 08:00 pm)
- GLSA 200809-18 ClamAV: Multiple Denials of Service (09/25/2008 11:30 pm)
- GLSA 200809-17 Wireshark: Multiple Denials of Service (09/25/2008 11:20 pm)
- GLSA 200809-16 Git: User-assisted execution of arbitrary code (09/25/2008 11:15 pm)
- GLSA 200809-15 GNU ed: User-assisted execution of arbitrary code (09/24/2008 12:05 am)
- GLSA 200809-14 BitlBee: Security bypass (09/23/2008 11:40 pm)
- GLSA 200809-13 R: Insecure temporary file creation (09/22/2008 10:20 pm)
- GLSA 200809-12 Newsbeuter: User-assisted execution of arbitrary code (09/22/2008 10:15 pm)
- GLSA 200809-11 HAVP: Denial of Service (09/21/2008 07:40 pm)
- GLSA 200809-10 Mantis: Multiple vulnerabilities (09/21/2008 07:30 pm)
- GLSA 200809-09 Postfix: Denial of Service (09/19/2008 10:15 pm)
- GLSA 200809-08 Amarok: Insecure temporary file creation (09/08/2008 08:15 pm)
- GLSA 200809-07 libTIFF: User-assisted execution of arbitrary code (09/08/2008 08:05 pm)
- GLSA 200809-06 VLC: Multiple vulnerabilities (09/07/2008 09:30 pm)

Related Threads

- [gentoo-announce] [ GLSA 200811-05 ] PHP: Multiple vulnerabilities (11/16/2008 05:21 pm)
- [gentoo-announce] [ GLSA 200811-04 ] Graphviz: User-assisted execution of arbitrary code (11/09/2008 10:21 pm)
- [gentoo-announce] [ GLSA 200811-02 ] Gallery: Multiple vulnerabilities (11/09/2008 10:07 pm)
- [gentoo-announce] [ GLSA 200811-01 ] Opera: Multiple vulnerabilities (11/03/2008 08:07 pm)
- [gentoo-announce] [ GLSA 200810-03 ] libspf2: DNS response buffer overflow (10/30/2008 11:21 pm)
- [gentoo-announce] [ GLSA 200810-01 ] WordNet: Execution of arbitrary code (10/09/2008 08:14 pm)
- [gentoo-announce] [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability (10/09/2008 08:00 pm)
- [gentoo-announce] [ GLSA 200809-18 ] ClamAV: Multiple Denials of Service (09/25/2008 11:28 pm)
- [gentoo-announce] [ GLSA 200809-17 ] Wireshark: Multiple Denials of Service (09/25/2008 11:21 pm)
- [gentoo-announce] [ GLSA 200809-16 ] Git: User-assisted execution of arbitrary code (09/25/2008 11:14 pm)
- [gentoo-announce] [ GLSA 200809-15 ] GNU ed: User-assisted execution of arbitrary code (09/24/2008 12:00 am)
- [gentoo-announce] [ GLSA 200809-14 ] BitlBee: Security bypass (09/23/2008 11:42 pm)
- [gentoo-announce] [ GLSA 200809-13 ] R: Insecure temporary file creation (09/22/2008 10:21 pm)
- [gentoo-announce] [ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrary code (09/22/2008 10:14 pm)
- [gentoo-announce] [ GLSA 200809-11 ] HAVP: Denial of Service (09/21/2008 07:42 pm)
- [gentoo-announce] [ GLSA 200809-10 ] Mantis: Multiple vulnerabilities (09/21/2008 07:35 pm)
- [gentoo-announce] [ GLSA 200809-09 ] Postfix: Denial of Service (09/19/2008 10:21 pm)
- [gentoo-announce] [ GLSA 200809-08 ] Amarok: Insecure temporary file creation (09/08/2008 08:14 pm)
- [gentoo-announce] [ GLSA 200809-07 ] libTIFF: User-assisted execution of arbitrary code (09/08/2008 08:07 pm)
- [gentoo-announce] [ GLSA 200809-06 ] VLC: Multiple vulnerabilities (09/07/2008 09:28 pm)

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2008 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Website powered by Esselbach Storyteller CMS System