Linux Compatible - Gentoo (Page 14)

GLSA 200412-24: Xpdf, GPdf: New integer overflows

Gentoo 2529 Published 2004-12-28 18:15 by Philipp Esselbach 0

New Xpdf, GPdf security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Xpdf, GPdf: New integer overflows
Date: December 28, 2004
Bugs: #75191, #75201
ID: 200412-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

New integer overflows were discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issues.

GLSA 200412-23: Zwiki: XSS vulnerability

Gentoo 2529 Published 2004-12-22 04:11 by Philipp Esselbach 0

A Zwiki security update is available for Gento Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Zwiki: XSS vulnerability
Date: December 21, 2004
Bugs: #72315
ID: 200412-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Zwiki is vulnerable to cross-site scripting attacks.

GLSA 200412-22: mpg123: Playlist buffer overflow

Gentoo 2529 Published 2004-12-21 17:14 by Philipp Esselbach 0

A mpg123 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mpg123: Playlist buffer overflow
Date: December 21, 2004
Bugs: #74692
ID: 200412-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.

GLSA 200412-21: MPlayer: Multiple overflows

Gentoo 2529 Published 2004-12-20 16:41 by Philipp Esselbach 0

A MPlayer security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MPlayer: Multiple overflows
Date: December 20, 2004
Bugs: #74473
ID: 200412-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code.

GLSA 200412-20: NASM: Buffer overflow vulnerability

Gentoo 2529 Published 2004-12-20 09:10 by Philipp Esselbach 0

A NASM security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: NASM: Buffer overflow vulnerability
Date: December 20, 2004
Bugs: #74477
ID: 200412-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

NASM is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious object file.

GLSA 200410-12: WordPress: HTTP response splitting

Gentoo 2529 Published 2004-12-19 18:37 by Philipp Esselbach 0

Another WordPress security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200410-12:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: WordPress: HTTP response splitting and XSS vulnerabilities
Date: October 14, 2004
Updated: December 19, 2004
Bugs: #65798
ID: 200410-12:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

Thomas Waldegger, who discovered these vulnerabilities, reported that these issues were not fixed in version 1.2.1. After notifying the developers, they released 1.2.2 to fix these flaws.

GLSA 200412-19: phpMyAdmin: Multiple vulnerabilities

Gentoo 2529 Published 2004-12-19 18:31 by Philipp Esselbach 0

A phpMyAdmin security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpMyAdmin: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74303
ID: 200412-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpMyAdmin contains multiple vulnerabilities which could lead to file disclosure or command execution.

GLSA 200412-18: abcm2ps: Buffer overflow vulnerability

Gentoo 2529 Published 2004-12-19 18:29 by Philipp Esselbach 0

An abcm2ps security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-18:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: abcm2ps: Buffer overflow vulnerability
Date: December 19, 2004
Updated: December 19, 2004
Bugs: #74702
ID: 200412-18:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

abcm2ps is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

GLSA 200412-17: kfax: Multiple overflows

Gentoo 2529 Published 2004-12-19 18:28 by Philipp Esselbach 0

A kfax security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: kfax: Multiple overflows in the included TIFF library
Date: December 19, 2004
Bugs: #73795
ID: 200412-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

kfax contains several buffer overflows potentially leading to execution of arbitrary code.

GLSA 200412-16: kdelibs, kdebase: Multiple vulnerabilities

Gentoo 2529 Published 2004-12-19 18:22 by Philipp Esselbach 0

kdebase/libs security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: kdelibs, kdebase: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #72804, #73869
ID: 200412-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.

GLSA 200412-15: Ethereal: Multiple vulnerabilities

Gentoo 2529 Published 2004-12-19 18:20 by Philipp Esselbach 0

An Ethereal security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74443
ID: 200412-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

GLSA 200412-14: PHP: Multiple vulnerabilities

Gentoo 2529 Published 2004-12-19 18:17 by Philipp Esselbach 0

A PHP security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PHP: Multiple vulnerabilities
Date: December 19, 2004
Bugs: #74547
ID: 200412-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code.

GLSA 200412-13: Samba: Integer overflow

Gentoo 2529 Published 2004-12-18 08:04 by Philipp Esselbach 0

A Samba security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Samba: Integer overflow
Date: December 17, 2004
Bugs: #73943
ID: 200412-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Samba contains a bug that could lead to remote execution of arbitrary code.

GLSA 200412-11: Cscope: Insecure creation of temporary file

Gentoo 2529 Published 2004-12-16 19:47 by Philipp Esselbach 0

A Cscope security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Linux Security Advisory GLSA 200412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Cscope: Insecure creation of temporary files
Date: December 16, 2004
Bugs: #71595
ID: 200412-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200412-12: Adobe Acrobat Reader

Gentoo 2529 Published 2004-12-16 19:44 by Philipp Esselbach 0

An Adobe Acrobat Reader secuity update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Adobe Acrobat Reader: Buffer overflow vulnerability
Date: December 16, 2004
Bugs: #74406
ID: 200412-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

GLSA 200412-10: Vim, gVim: Vulnerable options in modelines

Gentoo 2529 Published 2004-12-15 09:30 by Philipp Esselbach 0

A Vim/gVip secuity update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Vim, gVim: Vulnerable options in modelines
Date: December 15, 2004
Bugs: #73715
ID: 200412-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges.

GLSA 200412-09: ncpfs: Buffer overflow in ncplogin and ncpm

Gentoo 2529 Published 2004-12-15 05:14 by Philipp Esselbach 0

A ncpfs security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ncpfs: Buffer overflow in ncplogin and ncpmap
Date: December 15, 2004
Bugs: #72820
ID: 200412-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ncpfs is vulnerable to a buffer overflow that could lead to local execution of arbitrary code with elevated privileges.

GLSA 200412-08: nfs-utils: Multiple remote vulnerabilities

Gentoo 2529 Published 2004-12-14 06:23 by Philipp Esselbach 0

A nfs-utils security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: nfs-utils: Multiple remote vulnerabilities
Date: December 14, 2004
Bugs: #72113
ID: 200412-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities have been discovered in nfs-utils that could lead to a Denial of Service, or the execution of arbitrary code.

GLSA 200412-07: file: Arbitrary code execution

Gentoo 2529 Published 2004-12-14 05:46 by Philipp Esselbach 0

A file security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: file: Arbitrary code execution
Date: December 13, 2004
Bugs: #72521
ID: 200412-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The code for parsing ELF headers in file contains a flaw which may allow an attacker to execute arbitrary code.

GLSA 200412-06: PHProjekt: setup.php vulnerability

Gentoo 2529 Published 2004-12-13 05:27 by Philipp Esselbach 0

A PHProjekt security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: PHProjekt: setup.php vulnerability
Date: December 10, 2004
Bugs: #73021
ID: 200412-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

PHProjekt contains a vulnerability in the setup procedure allowing remote users without admin rights to change the configuration.