A libxml2 security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: libxml2: Remotely exploitable buffer overflow
Date: November 02, 2004
Bugs: #69154
ID: 200411-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
libxml2 contains multiple buffer overflows which could lead to the execution of arbitrary code.
A ppp security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: ppp: No denial of service vulnerability
Date: November 01, 2004
Bugs: #69152
ID: 200411-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
pppd contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
An updated Speedtouch USB driver has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Speedtouch USB driver: Privilege escalation vulnerability
Date: November 02, 2004
Bugs: #68436
ID: 200411-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges.
An Apache security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Apache 1.3: Buffer overflow vulnerability in mod_include
Date: November 02, 2004
Bugs: #68564
ID: 200411-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A buffer overflow vulnerability exists in mod_include which could possibly allow a local attacker to gain escalated privileges.
A Cherokee update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Cherokee: Format string vulnerability
Date: November 01, 2004
Bugs: #67667
ID: 200411-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code.
A ppp security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ppp: Remote denial of service vulnerability
Date: November 01, 2004
Bugs: #69152
ID: 200411-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
pppd contains a vulnerability that may allow an attacker to crash the server.
An Archive::Zip update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Archive::Zip: Virus detection evasion
Date: October 29, 2004
Bugs: #68616
ID: 200410-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Email virus scanning software relying on Archive::Zip can be fooled into thinking a ZIP attachment is empty while it contains a virus, allowing detection evasion.
GPdf, KPDF, and KOffice security updates are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
Date: October 28, 2004
Bugs: #68558, #68665, #68571
ID: 200410-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF files, making them vulnerable to execution of arbitrary code upon viewing a malicious PDF file.
A PuTTY security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PuTTY: Pre-authentication buffer overflow
Date: October 27, 2004
Bugs: #69123
ID: 200410-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
PuTTY contains a vulnerability allowing an SSH server to execute arbitrary code on the connecting client.
A rssh security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: rssh: Format string vulnerability
Date: October 27, 2004
Bugs: #66988
ID: 200410-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
rssh is vulnerable to a format string vulnerability that allows arbitrary execution of code with the rights of the connected user, thereby bypassing rssh restrictions.
A mpg123 security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: mpg123: Buffer overflow vulnerabilities
Date: October 27, 2004
Bugs: #68343
ID: 200410-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Buffer overflow vulnerabilities have been found in mpg123 which could lead to execution of arbitrary code.
A socat security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: socat: Format string vulnerability
Date: October 25, 2004
Bugs: #68547
ID: 200410-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
socat contains a format string vulnerability that can potentially lead to remote or local execution of arbitrary code with the privileges of the socat process.
A Netatalk security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Netatalk: Insecure tempfile handling in etc2ps.sh
Date: October 25, 2004
Bugs: #66370
ID: 200410-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
A MIT krb5 security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MIT krb5: Insecure temporary file use in send-pr.sh
Date: October 25, 2004
Bugs: #66359
ID: 200410-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
The send-pr.sh script, included in the mit-krb5 package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
A Gaim security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Gaim: Multiple vulnerabilities
Date: October 24, 2004
Bugs: #68271
ID: 200410-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application, or possibly execute arbitrary code.
A MySQL security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: MySQL: Multiple vulnerabilities
Date: October 24, 2004
Bugs: #67062
ID: 200410-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in MySQL.
An Apache 2 security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
Date: October 21, 2004
Bugs: #66807
ID: 200410-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl.
Xpdf and CUPS security updates are available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xpdf, CUPS: Multiple integer overflows
Date: October 21, 2004
ID: 200410-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple integer overflows were discovered in Xpdf, potentially resulting in execution of arbitrary code upon viewing a malicious PDF file. CUPS includes Xpdf code and therefore is vulnerable to the same issues.
A glibc security update for Gentoo Linux is now available
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: glibc: Insecure tempfile handling in catchsegv script
Date: October 21, 2004
Bugs: #66358
ID: 200410-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.
A Ghostscript security update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ghostscript: Insecure temporary file use in multiple
scripts
Date: October 20, 2004
Bugs: #66357
ID: 200410-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple scripts in the Ghostscript package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.
