Linux Compatible - Gentoo (Page 12)

GLSA 200411-23: Ruby: Denial of Service issue

Gentoo 2529 Published 2004-11-16 05:25 by Philipp Esselbach 0

A ruby security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Ruby: Denial of Service issue
Date: November 16, 2004
Bugs: #69985
ID: 200411-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition.

Gentoo Linux 2004.3

Gentoo 2529 Published 2004-11-15 09:07 by Philipp Esselbach 0

Gentoo Linux 2004.3 has been released

GLSA 200411-22: Davfs2, lvm-user: Insecure tempfile handling

Gentoo 2529 Published 2004-11-11 17:33 by Philipp Esselbach 0

Security updates for Davfs2, lvm-user are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Davfs2, lvm-user: Insecure tempfile handling
Date: November 11, 2004
Bugs: #68406, #69149
ID: 200411-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them.

GLSA 200411-21: Samba: Remote Denial of Service

Gentoo 2529 Published 2004-11-11 17:31 by Philipp Esselbach 0

A Samba security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Samba: Remote Denial of Service
Date: November 11, 2004
Bugs: #70429
ID: 200411-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

An input validation flaw in Samba may allow a remote attacker to cause a Denial of Service by excessive consumption of CPU cycles.

GLSA 200411-20: ez-ipupdate: Format string vulnerability

Gentoo 2529 Published 2004-11-11 11:21 by Philipp Esselbach 0

An ez-ipupdate security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ez-ipupdate: Format string vulnerability
Date: November 11, 2004
Bugs: #69658
ID: 200411-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ez-ipupdate contains a format string vulnerability that could lead to execution of arbitrary code.

GLSA 200411-19: Pavuk: Multiple buffer overflows

Gentoo 2529 Published 2004-11-10 19:13 by Philipp Esselbach 0

A Pavuk security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Pavuk: Multiple buffer overflows
Date: November 10, 2004
Bugs: #70516
ID: 200411-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Pavuk contains multiple buffer overflows that can allow a remote attacker to run arbitrary code.

GLSA 200411-18: Apache 2.0: Denial of Service

Gentoo 2529 Published 2004-11-10 16:19 by Philipp Esselbach 0

An Apache 2.0 security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Apache 2.0: Denial of Service by memory consumption
Date: November 10, 2004
Bugs: #70138
ID: 200411-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of Service.

Tenshi 0.3.2

Gentoo 2529 Published 2004-11-09 17:58 by Philipp Esselbach 0

Tenshi 0.3.2 has been released. This is a bugfix release.

Tenshi was formerly known as wasabi. The name was changed to tenshi after we were informed that wasabi is a registered trademark relating to another piece of software.

The updated ebuild is available in portage at app-admin/tenshi.

Here's the Changelog:

- added X-tenshi-version, X-tenshi-hostname, X-tenshi-report-start headers
- fixed orphan tail process problem, filehandle is now closed on shutdown
- fixed bug in cron specs handling
- LC_TIME locale is internally set to "C" now for compliant Date header
- mail address specification allows local part only
- added foreground mode

GLSA 200411-17: mtink: Insecure tempfile handling

Gentoo 2529 Published 2004-11-09 17:56 by Philipp Esselbach 0

A mtink security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mtink: Insecure tempfile handling
Date: November 09, 2004
Bugs: #70310
ID: 200411-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200411-16: zip: Path name buffer overflow

Gentoo 2529 Published 2004-11-09 17:55 by Philipp Esselbach 0

A zip security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: zip: Path name buffer overflow
Date: November 09, 2004
Bugs: #70227
ID: 200411-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code.

GLSA 200411-15: OpenSSL, Groff: Insecure tempfile handling

Gentoo 2529 Published 2004-11-08 07:26 by Philipp Esselbach 0

An OpenSSL security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: OpenSSL, Groff: Insecure tempfile handling
Date: November 08, 2004
Bugs: #68404, #68407
ID: 200411-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200411-14: Kaffeine, gxine

Gentoo 2529 Published 2004-11-07 17:48 by Philipp Esselbach 0

A Kaffeine, gxine security update has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-14:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Kaffeine, gxine: Remotely exploitable buffer overflow
Date: November 07, 2004
Bugs: #69663, #70055
ID: 200411-14:01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Kaffeine and gxine both contain a buffer overflow that can be exploited when accessing content from a malicious HTTP server with specially crafted headers.

GLSA 200411-13: Portage, Gentoolkit

Gentoo 2529 Published 2004-11-07 17:47 by Philipp Esselbach 0

A Portage, Gentoolkit security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-13:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Portage, Gentoolkit: Temporary file vulnerabilities
Date: November 07, 2004
Bugs: #68846, #69147
ID: 200411-13:01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

GLSA 200411-12: zgv: Multiple buffer overflows

Gentoo 2529 Published 2004-11-07 17:34 by Philipp Esselbach 0

A zgv security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-12:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: zgv: Multiple buffer overflows
Date: November 07, 2004
Bugs: #69150
ID: 200411-12:01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

zgv contains multiple buffer overflows that can potentially lead to the execution of arbitrary code.

GLSA 200411-11: ImageMagick: EXIF buffer overflow

Gentoo 2529 Published 2004-11-06 20:43 by Philipp Esselbach 0

An ImageMagick security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-11:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick: EXIF buffer overflow
Date: November 06, 2004
Bugs: #69825
ID: 200411-11:01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ImageMagick contains an error in boundary checks when handling EXIF information, which could lead to arbitrary code execution.

GLSA 200411-10: Gallery: Cross-site scripting vulnerability

Gentoo 2529 Published 2004-11-06 20:41 by Philipp Esselbach 0

A Gallery security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-10:01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Gallery: Cross-site scripting vulnerability
Date: November 06, 2004
Bugs: #69904
ID: 200411-10:01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Gallery is vulnerable to cross-site scripting attacks.

GLSA 200411-09: shadow: Unauthorized modification of account

Gentoo 2529 Published 2004-11-04 15:49 by Philipp Esselbach 0

A shadow security update has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: shadow: Unauthorized modification of account information
Date: November 04, 2004
Bugs: #69212
ID: 200411-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw in the chfn and chsh utilities might allow modification of account properties by unauthorized users.

GLSA 200411-08: GD: Integer overflow

Gentoo 2529 Published 2004-11-04 12:04 by Philipp Esselbach 0

A GD security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GD: Integer overflow
Date: November 03, 2004
Bugs: #69070
ID: 200411-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The PNG image decoding routines in the GD library contain an integer overflow that may allow execution of arbitrary code with the rights of the program decoding a malicious PNG image.

GLSA 200411-07: Proxytunnel: Format string vulnerability

Gentoo 2529 Published 2004-11-04 11:21 by Philipp Esselbach 0

A Proxytunnel security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Proxytunnel: Format string vulnerability
Date: November 03, 2004
Bugs: #69379
ID: 200411-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Proxytunnel is vulnerable to a format string vulnerability, potentially allowing a remote server to execute arbitrary code with the rights of the Proxytunnel process.

GLSA 200411-06: MIME-tools: Virus detection evasion

Gentoo 2529 Published 2004-11-02 16:56 by Philipp Esselbach 0

A MIME-tools security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: MIME-tools: Virus detection evasion
Date: November 02, 2004
Bugs: #69181
ID: 200411-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent some virus-scanning programs which use MIME-tools from detecting certain viruses.