Gentoo 2478 Published by

The following 4 security updates has been released for Gentoo Linux: [ GLSA 201309-16 ] Chromium, V8: Multiple vulnerabilities, [ GLSA 201309-15 ] ProFTPD: Multiple vulnerabilities, [ GLSA 201309-14 ] MoinMoin: Multiple vulnerabilities, and [ GLSA 201309-13 ] GNU ZRTP: Multiple vulnerabilities



[ GLSA 201309-16 ] Chromium, V8: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Chromium, V8: Multiple vulnerabilities
Date: September 24, 2013
Bugs: #442096, #444826, #445246, #446944, #451334, #453610,
#458644, #460318, #460776, #463426, #470920, #472350,
#476344, #479048, #481990
ID: 201309-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code.

Background
==========

Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57
2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.

Impact
======

A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other,
unspecified, impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57"

All V8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"

References
==========

[ 1 ] CVE-2012-5116
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116
[ 2 ] CVE-2012-5117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117
[ 3 ] CVE-2012-5118
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118
[ 4 ] CVE-2012-5119
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119
[ 5 ] CVE-2012-5120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120
[ 6 ] CVE-2012-5121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121
[ 7 ] CVE-2012-5122
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122
[ 8 ] CVE-2012-5123
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123
[ 9 ] CVE-2012-5124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124
[ 10 ] CVE-2012-5125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125
[ 11 ] CVE-2012-5126
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126
[ 12 ] CVE-2012-5127
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127
[ 13 ] CVE-2012-5128
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128
[ 14 ] CVE-2012-5130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130
[ 15 ] CVE-2012-5132
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132
[ 16 ] CVE-2012-5133
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133
[ 17 ] CVE-2012-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135
[ 18 ] CVE-2012-5136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136
[ 19 ] CVE-2012-5137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137
[ 20 ] CVE-2012-5138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138
[ 21 ] CVE-2012-5139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139
[ 22 ] CVE-2012-5140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140
[ 23 ] CVE-2012-5141
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141
[ 24 ] CVE-2012-5142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142
[ 25 ] CVE-2012-5143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143
[ 26 ] CVE-2012-5144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
[ 27 ] CVE-2012-5145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145
[ 28 ] CVE-2012-5146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146
[ 29 ] CVE-2012-5147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147
[ 30 ] CVE-2012-5148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148
[ 31 ] CVE-2012-5149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149
[ 32 ] CVE-2012-5150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150
[ 33 ] CVE-2012-5151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151
[ 34 ] CVE-2012-5152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152
[ 35 ] CVE-2012-5153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153
[ 36 ] CVE-2012-5154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154
[ 37 ] CVE-2013-0828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828
[ 38 ] CVE-2013-0829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829
[ 39 ] CVE-2013-0830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830
[ 40 ] CVE-2013-0831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831
[ 41 ] CVE-2013-0832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832
[ 42 ] CVE-2013-0833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833
[ 43 ] CVE-2013-0834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834
[ 44 ] CVE-2013-0835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835
[ 45 ] CVE-2013-0836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836
[ 46 ] CVE-2013-0837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837
[ 47 ] CVE-2013-0838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838
[ 48 ] CVE-2013-0839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839
[ 49 ] CVE-2013-0840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840
[ 50 ] CVE-2013-0841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841
[ 51 ] CVE-2013-0842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842
[ 52 ] CVE-2013-0879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879
[ 53 ] CVE-2013-0880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880
[ 54 ] CVE-2013-0881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881
[ 55 ] CVE-2013-0882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882
[ 56 ] CVE-2013-0883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883
[ 57 ] CVE-2013-0884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884
[ 58 ] CVE-2013-0885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885
[ 59 ] CVE-2013-0887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887
[ 60 ] CVE-2013-0888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888
[ 61 ] CVE-2013-0889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889
[ 62 ] CVE-2013-0890
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890
[ 63 ] CVE-2013-0891
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891
[ 64 ] CVE-2013-0892
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892
[ 65 ] CVE-2013-0893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893
[ 66 ] CVE-2013-0894
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894
[ 67 ] CVE-2013-0895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895
[ 68 ] CVE-2013-0896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896
[ 69 ] CVE-2013-0897
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897
[ 70 ] CVE-2013-0898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898
[ 71 ] CVE-2013-0899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899
[ 72 ] CVE-2013-0900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900
[ 73 ] CVE-2013-0902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902
[ 74 ] CVE-2013-0903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903
[ 75 ] CVE-2013-0904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904
[ 76 ] CVE-2013-0905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905
[ 77 ] CVE-2013-0906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906
[ 78 ] CVE-2013-0907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907
[ 79 ] CVE-2013-0908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908
[ 80 ] CVE-2013-0909
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909
[ 81 ] CVE-2013-0910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910
[ 82 ] CVE-2013-0911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911
[ 83 ] CVE-2013-0912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912
[ 84 ] CVE-2013-0916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916
[ 85 ] CVE-2013-0917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917
[ 86 ] CVE-2013-0918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918
[ 87 ] CVE-2013-0919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919
[ 88 ] CVE-2013-0920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920
[ 89 ] CVE-2013-0921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921
[ 90 ] CVE-2013-0922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922
[ 91 ] CVE-2013-0923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923
[ 92 ] CVE-2013-0924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924
[ 93 ] CVE-2013-0925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925
[ 94 ] CVE-2013-0926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926
[ 95 ] CVE-2013-2836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836
[ 96 ] CVE-2013-2837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837
[ 97 ] CVE-2013-2838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838
[ 98 ] CVE-2013-2839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839
[ 99 ] CVE-2013-2840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840
[ 100 ] CVE-2013-2841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841
[ 101 ] CVE-2013-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842
[ 102 ] CVE-2013-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843
[ 103 ] CVE-2013-2844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844
[ 104 ] CVE-2013-2845
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845
[ 105 ] CVE-2013-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846
[ 106 ] CVE-2013-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847
[ 107 ] CVE-2013-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848
[ 108 ] CVE-2013-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849
[ 109 ] CVE-2013-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853
[ 110 ] CVE-2013-2855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855
[ 111 ] CVE-2013-2856
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856
[ 112 ] CVE-2013-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857
[ 113 ] CVE-2013-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858
[ 114 ] CVE-2013-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859
[ 115 ] CVE-2013-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860
[ 116 ] CVE-2013-2861
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861
[ 117 ] CVE-2013-2862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862
[ 118 ] CVE-2013-2863
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863
[ 119 ] CVE-2013-2865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865
[ 120 ] CVE-2013-2867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867
[ 121 ] CVE-2013-2868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868
[ 122 ] CVE-2013-2869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869
[ 123 ] CVE-2013-2870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870
[ 124 ] CVE-2013-2871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871
[ 125 ] CVE-2013-2874
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874
[ 126 ] CVE-2013-2875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875
[ 127 ] CVE-2013-2876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876
[ 128 ] CVE-2013-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
[ 129 ] CVE-2013-2878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878
[ 130 ] CVE-2013-2879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879
[ 131 ] CVE-2013-2880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880
[ 132 ] CVE-2013-2881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881
[ 133 ] CVE-2013-2882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882
[ 134 ] CVE-2013-2883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883
[ 135 ] CVE-2013-2884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884
[ 136 ] CVE-2013-2885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885
[ 137 ] CVE-2013-2886
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886
[ 138 ] CVE-2013-2887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887
[ 139 ] CVE-2013-2900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900
[ 140 ] CVE-2013-2901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901
[ 141 ] CVE-2013-2902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902
[ 142 ] CVE-2013-2903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903
[ 143 ] CVE-2013-2904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904
[ 144 ] CVE-2013-2905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905
[ 145 ] Release Notes 23.0.1271.64

http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
[ 146 ] Release Notes 23.0.1271.91

http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
[ 147 ] Release Notes 23.0.1271.95

http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-16.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201309-15 ] ProFTPD: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ProFTPD: Multiple vulnerabilities
Date: September 24, 2013
Bugs: #305343, #343389, #348998, #354080, #361963, #390075,
#450746, #484614
ID: 201309-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in ProFTPD, the worst of which
leading to remote execution of arbitrary code.

Background
==========

ProFTPD is an advanced and very configurable FTP server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-ftp/proftpd < 1.3.4d >= 1.3.4d

Description
===========

Multiple vulnerabilities have been discovered in ProFTPD. Please review
the CVE identifiers referenced below for details.

Impact
======

A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process, perform man-in-the-middle attacks to
spoof arbitrary SSL servers, cause a Denial of Service condition, or
read and modify arbitrary files.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ProFTPD users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d"

References
==========

[ 1 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 2 ] CVE-2010-3867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3867
[ 3 ] CVE-2010-4221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4221
[ 4 ] CVE-2010-4652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4652
[ 5 ] CVE-2011-1137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1137
[ 6 ] CVE-2011-4130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130
[ 7 ] CVE-2012-6095
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6095
[ 8 ] CVE-2013-4359
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4359

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201309-14 ] MoinMoin: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: MoinMoin: Multiple vulnerabilities
Date: September 24, 2013
Bugs: #449314
ID: 201309-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in MoinMoin, the worst of
which may allow execution of arbitrary code.

Background
==========

MoinMoin is a Python WikiEngine.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/moinmoin < 1.9.6 >= 1.9.6

Description
===========

Multiple vulnerabilities have been discovered in MoinMoin. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attacker may be able to execute arbitrary code with the
privileges of the process, overwrite arbitrary files, or conduct
Cross-Site Scripting (XSS) attacks.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MoinMoin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.6"

References
==========

[ 1 ] CVE-2012-6080
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6080
[ 2 ] CVE-2012-6081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6081
[ 3 ] CVE-2012-6082
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6082
[ 4 ] CVE-2012-6495
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6495

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-14.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201309-13 ] GNU ZRTP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GNU ZRTP: Multiple vulnerabilities
Date: September 24, 2013
Bugs: #481228
ID: 201309-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in GNU ZRTP, some of which may
allow execution of arbitrary code.

Background
==========

GNU ZRTP is a C++ implementation of the ZRTP protocol.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/libzrtpcpp < 2.3.4 >= 2.3.4

Description
===========

Multiple vulnerabilities have been discovered in GNU ZRTP. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
obtain sensitive information.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GNU ZRTP users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libzrtpcpp-2.3.4"

References
==========

[ 1 ] CVE-2013-2221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2221
[ 2 ] CVE-2013-2222
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2222
[ 3 ] CVE-2013-2223
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2223

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5