Linux Compatible - Gentoo (Page 16)

GLSA 200501-40: ngIRCd: Buffer overflow

Gentoo 2529 Published 2005-01-28 17:44 by Philipp Esselbach 0

A ngIRCd security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-40
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ngIRCd: Buffer overflow
Date: January 28, 2005
Bugs: #79705
ID: 200501-40

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ngIRCd is vulnerable to a buffer overflow that can be used to crash the daemon and possibly execute arbitrary code.

GLSA 200501-39: SquirrelMail: Multiple vulnerabilities

Gentoo 2529 Published 2005-01-28 15:43 by Philipp Esselbach 0

New SquirellMail packages are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-39
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: SquirrelMail: Multiple vulnerabilities
Date: January 28, 2005
Bugs: #78116
ID: 200501-39

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

SquirrelMail fails to properly sanitize user input, which could lead to arbitrary code execution and compromise webmail accounts.

GLSA 200501-38: Perl: rmtree and DBI tmpfile vulnerabilitie

Gentoo 2529 Published 2005-01-27 05:25 by Philipp Esselbach 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-38
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Perl: rmtree and DBI tmpfile vulnerabilities
Date: January 26, 2005
Bugs: #78634, #75696
ID: 200501-38

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Perl DBI library and File::Path::rmtree function are vulnerable to symlink attacks.

Background
=========

Perl is a cross platform programming language. The DBI is the standard database interface module for Perl.

GLSA 200501-37: GraphicsMagick: PSD decoding heap overflow

Gentoo 2529 Published 2005-01-27 05:24 by Philipp Esselbach 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GraphicsMagick: PSD decoding heap overflow
Date: January 26, 2005
Bugs: #79336
ID: 200501-37

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

GraphicsMagick is vulnerable to a heap overflow when decoding Photoshop Document (PSD) files, which could lead to arbitrary code execution.

GLSA 200501-36: AWStats: Remote code execution

Gentoo 2529 Published 2005-01-26 03:07 by Philipp Esselbach 0

Updated AWStats packages are available for Debian GNU/Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: AWStats: Remote code execution
Date: January 25, 2005
Bugs: #77963
ID: 200501-36

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

AWStats fails to validate certain input, which could lead to the remote execution of arbitrary code.

GLSA 200501-35: Evolution: Integer overflow in camel-lock-helper

Gentoo 2529 Published 2005-01-25 03:18 by Philipp Esselbach 0

An Evolution security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Evolution: Integer overflow in camel-lock-helper
Date: January 24, 2005
Bugs: #79183
ID: 200501-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

An overflow in the camel-lock-helper application can be exploited by an attacker to execute arbitrary code with elevated privileges.

GLSA 200501-34: Konversation: Various vulnerabilities

Gentoo 2529 Published 2005-01-24 09:59 by Philipp Esselbach 0

A Konversation security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Konversation: Various vulnerabilities
Date: January 24, 2005
Bugs: #78712
ID: 200501-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Konversation contains multiple vulnerabilities that could lead to remote command execution or information leaks.

GLSA 200501-33: MySQL: Insecure temporary file creation

Gentoo 2529 Published 2005-01-23 17:41 by Philipp Esselbach 0

A MySQL security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Insecure temporary file creation
Date: January 23, 2005
Bugs: #77805
ID: 200501-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MySQL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200501-32: KPdf, KOffice: Stack overflow in included X

Gentoo 2529 Published 2005-01-23 14:52 by Philipp Esselbach 0

KPdf, KOffice updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KPdf, KOffice: Stack overflow in included Xpdf code
Date: January 23, 2005
Bugs: #78619, #78620
ID: 200501-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.

GLSA 200501-31: teTeX, pTeX, CSTeX

Gentoo 2529 Published 2005-01-23 08:42 by Philipp Esselbach 0

teTeX, pTeX, CSTeX updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: teTeX, pTeX, CSTeX: Multiple vulnerabilities
Date: January 23, 2005
Bugs: #75801
ID: 200501-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues.

GLSA 200501-29: Mailman: Cross-site scripting vulnerability

Gentoo 2529 Published 2005-01-22 04:24 by Philipp Esselbach 0

A mailman security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Mailman: Cross-site scripting vulnerability
Date: January 22, 2005
Bugs: #77524
ID: 200501-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Mailman is vulnerable to cross-site scripting attacks.

[ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::make

Gentoo 2529 Published 2005-01-21 17:12 by Philipp Esselbach 0

A Xpdf, GPdf security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
Date: January 21, 2005
Bugs: #77888, #78128
ID: 200501-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue.

[ GLSA 200501-27 ] Ethereal: Multiple vulnerabilities

Gentoo 2529 Published 2005-01-21 05:31 by Philipp Esselbach 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: January 20, 2005
Bugs: #78559
ID: 200501-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

[ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflow

Gentoo 2529 Published 2005-01-21 05:09 by Philipp Esselbach 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick: PSD decoding heap overflow
Date: January 20, 2005
Bugs: #77932
ID: 200501-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ImageMagick is vulnerable to a heap overflow when decoding Photoshop Document (PSD) files, which could lead to arbitrary code execution.

GLSA 200501-25: Squid: Multiple vulnerabilities

Gentoo 2529 Published 2005-01-16 17:19 by Philipp Esselbach 0

A Squiad security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Squid: Multiple vulnerabilities
Date: January 16, 2005
Bugs: #77934, #77521
ID: 200501-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squid contains vulnerabilities in the the code handling NTLM (NT Lan Manager), Gopher to HTML and WCCP (Web Cache Communication Protocol) which could lead to denial of service and arbitrary code execution.

GLSA 200501-24: tnftp: Arbitrary file overwriting

Gentoo 2529 Published 2005-01-14 04:17 by Philipp Esselbach 0

A tnftp security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: tnftp: Arbitrary file overwriting
Date: January 14, 2005
Bugs: #74704
ID: 200501-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

tnftp fails to validate filenames when downloading files, making it vulnerable to arbitrary file overwriting.

GLSA 200501-23: Exim: Two buffer overflows

Gentoo 2529 Published 2005-01-12 17:30 by Philipp Esselbach 0

An Exim security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Exim: Two buffer overflows
Date: January 12, 2005
Bugs: #76893
ID: 200501-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim.

GLSA 200412-25: CUPS: Multiple vulnerabilities

Gentoo 2529 Published 2005-01-12 05:44 by Philipp Esselbach 0

A CUPS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200412-25:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 28, 2004
Updated: January 12, 2005
Bugs: #74479, #75197, #77023
ID: 200412-25:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

CUPS was vulnerable to multiple vulnerabilities and as a fix we recommended upgrading to version 1.1.23_rc1. This version is affected by a remote Denial Of Service, so we now recommend upgrading to the final 1.1.23 release which does not have any known vulnerability.

The updated sections appear below.

GLSA 200501-22: poppassd_pam: Unauthorized password changin

Gentoo 2529 Published 2005-01-11 16:06 by Philipp Esselbach 0

A poppassd_pam security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: poppassd_pam: Unauthorized password changing
Date: January 11, 2005
Bugs: #75820
ID: 200501-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

poppassd_pam allows anyone to change any user's password without authenticating the user first.

GLSA 200501-20: o3read: Buffer overflow

Gentoo 2529 Published 2005-01-11 15:54 by Philipp Esselbach 0

An o3read security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: o3read: Buffer overflow during file conversion
Date: January 11, 2005
Bugs: #74478
ID: 200501-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.