Linux Compatible - Gentoo (Page 13)

GLSA 200412-05: mirrorselect

Gentoo 2529 Published 2004-12-07 14:00 by Philipp Esselbach 0

A mirrorselect security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-05:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mirrorselect: Insecure temporary file creation
Date: December 07, 2004
Updated: December 07, 2004
Bugs: #73545
ID: 200412-05:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200412-04: Perl: Insecure temporary file creation

Gentoo 2529 Published 2004-12-07 06:10 by Philipp Esselbach 0

A Perl security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Perl: Insecure temporary file creation
Date: December 07, 2004
Bugs: #66360
ID: 200412-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Perl is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200412-03: imlib: Buffer overflows in image decoding

Gentoo 2529 Published 2004-12-06 11:10 by Philipp Esselbach 0

An imlib security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: imlib: Buffer overflows in image decoding
Date: December 06, 2004
Bugs: #72681
ID: 200412-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple overflows have been found in the imlib library image decoding routines, potentially allowing execution of arbitrary code.

GLSA 200412-02: PDFlib: Multiple overflows in the included

Gentoo 2529 Published 2004-12-05 17:44 by Philipp Esselbach 0

A PDFLib security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: PDFlib: Multiple overflows in the included TIFF library
Date: December 05, 2004
Bugs: #69043
ID: 200412-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

PDFlib is vulnerable to multiple overflows, which can potentially lead to the execution of arbitrary code.

GLSA 200412-01: rssh, scponly

Gentoo 2529 Published 2004-12-03 13:59 by Philipp Esselbach 0

A rssh security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: rssh, scponly: Unrestricted command execution
Date: December 03, 2004
Bugs: #72815, #72816
ID: 200412-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell.

GLSA 200411-38: Sun and Blackdown Java

Gentoo 2529 Published 2004-11-29 17:14 by Philipp Esselbach 0

A security update for Sun and Blackdown Java is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-38
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Sun and Blackdown Java: Applet privilege escalation
Date: November 29, 2004
Bugs: #72172, #72221
ID: 200411-38

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

GLSA 200411-37: Open DC Hub: Remote code execution

Gentoo 2529 Published 2004-11-28 17:50 by Philipp Esselbach 0

An Open DC Hub security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Open DC Hub: Remote code execution
Date: November 28, 2004
Bugs: #72371
ID: 200411-37

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Open DC Hub contains a buffer overflow that can be exploited to allow remote code execution.

GLSA 200411-36: phpMyAdmin: Multiple XSS vulnerabilities

Gentoo 2529 Published 2004-11-27 12:55 by Philipp Esselbach 0

A phpMyAdmin security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: phpMyAdmin: Multiple XSS vulnerabilities
Date: November 27, 2004
Bugs: #71819
ID: 200411-36

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpMyAdmin is vulnerable to cross-site scripting attacks.

GLSA 200411-35: phpWebSite

Gentoo 2529 Published 2004-11-26 16:47 by Philipp Esselbach 0

A phpWebSite security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-35:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: phpWebSite: HTTP response splitting vulnerability
Date: November 26, 2004
Updated: November 26, 2004
Bugs: #71502
ID: 200411-35:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpWebSite is vulnerable to possible HTTP response splitting attacks.

GLSA 200411-34: Cyrus IMAP Server

Gentoo 2529 Published 2004-11-25 07:21 by Philipp Esselbach 0

A Cyrus IMAP server security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Cyrus IMAP Server: Multiple remote vulnerabilities
Date: November 25, 2004
Bugs: #72194
ID: 200411-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Cyrus IMAP Server contains multiple vulnerabilities which could lead to remote execution of arbitrary code.

GLSA 200411-33: TWiki: Arbitrary command execution

Gentoo 2529 Published 2004-11-24 04:30 by Philipp Esselbach 0

A TWiki security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: TWiki: Arbitrary command execution
Date: November 24, 2004
Bugs: #71035
ID: 200411-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A bug in the TWiki search function allows an attacker to execute arbitrary commands with the permissions of the user running TWiki.

GLSA 200411-32: phpBB: Remote command execution

Gentoo 2529 Published 2004-11-24 04:29 by Philipp Esselbach 0

A phpbb security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpBB: Remote command execution
Date: November 24, 2004
Bugs: #71681
ID: 200411-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpBB contains a vulnerability which allows a remote attacker to execute arbitrary commands with the rights of the web server user.

GLSA 200411-31: ProZilla: Multiple vulnerabilities

Gentoo 2529 Published 2004-11-23 11:25 by Philipp Esselbach 0

A ProZilla security update has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ProZilla: Multiple vulnerabilities
Date: November 23, 2004
Bugs: #70090
ID: 200411-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ProZilla contains several buffer overflow vulnerabilities that can be exploited by a malicious server to execute arbitrary code with the rights of the user running ProZilla.

GLSA 200411-30: pdftohtml: Vulnerabilities in included Xpdf

Gentoo 2529 Published 2004-11-23 06:02 by Philipp Esselbach 0

A pdftohtml security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: pdftohtml: Vulnerabilities in included Xpdf
Date: November 23, 2004
Bugs: #69019
ID: 200411-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.

GLSA 200411-29: unarj: Long filenames buffer overflow

Gentoo 2529 Published 2004-11-19 19:14 by Philipp Esselbach 0

An unarj security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: unarj: Long filenames buffer overflow and a path traversal vulnerability
Date: November 19, 2004
Bugs: #70966
ID: 200411-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

unarj contains a buffer overflow and a directory traversal vulnerability. This could lead to overwriting of arbitrary files or the execution of arbitrary code.

GLSA 200411-28: X.Org, XFree86: libXpm vulnerabilities

Gentoo 2529 Published 2004-11-19 19:13 by Philipp Esselbach 0

A X.Org security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: X.Org, XFree86: libXpm vulnerabilities
Date: November 19, 2004
Bugs: #68544
ID: 200411-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

libXpm contains several vulnerabilities that could lead to a Denial of Service and arbitrary code execution.

GLSA 200411-27: Fcron: Multiple vulnerabilities

Gentoo 2529 Published 2004-11-18 17:38 by Philipp Esselbach 0

A Fcron security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Fcron: Multiple vulnerabilities
Date: November 18, 2004
Bugs: #71311
ID: 200411-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in Fcron can allow a local user to potentially cause a Denial of Service.

GLSA 200411-26: GIMPS, SETI@home, ChessBrain: Insecure installation

Gentoo 2529 Published 2004-11-17 19:10 by Philipp Esselbach 0

Security update for GIMPS, SETI@home, ChessBrain are now available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: GIMPS, SETI@home, ChessBrain: Insecure installation
Date: November 17, 2004
Bugs: #69868
ID: 200411-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Improper file ownership allows user-owned files to be run with root privileges by init scripts.

GLSA 200411-25: SquirrelMail: Encoded text XSS vulnerability

Gentoo 2529 Published 2004-11-17 04:59 by Philipp Esselbach 0

A SquirrelMail security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: SquirrelMail: Encoded text XSS vulnerability
Date: November 17, 2004
Bugs: #70739
ID: 200411-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts.

GLSA 200411-24: BNC: Buffer overflow vulnerability

Gentoo 2529 Published 2004-11-16 05:27 by Philipp Esselbach 0

A BNC security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: BNC: Buffer overflow vulnerability
Date: November 16, 2004
Bugs: #70674
ID: 200411-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.