Linux Compatible - Gentoo (Page 2)

GLSA 200404-12: Scorched 3D

Gentoo 2529 Published 2004-04-09 10:50 by Philipp Esselbach 0

A Scorched 3D update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Scorched 3D server chat box format string vulnerability

Date: April 09, 2004
Bugs: #39302
ID: 200404-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code.

GLSA 200404-10: iproute

Gentoo 2529 Published 2004-04-09 10:47 by Philipp Esselbach 0

An iproute update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: iproute local Denial of Service vulnerability

Date: April 09, 2004
Bugs: #34294
ID: 200404-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The iproute package allows local users to cause a denial of service.

GLSA 200404-09: Cross-realm trust vulnerability in Heimdal

Gentoo 2529 Published 2004-04-09 10:44 by Philipp Esselbach 0

A Heimdal update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Cross-realm trust vulnerability in Heimdal

Date: April 09, 2004
Bugs: #46590
ID: 200404-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.

GLSA 200404-08: GNU Automake symbolic link vulnerability

Gentoo 2529 Published 2004-04-08 14:52 by Philipp Esselbach 0

An automake update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: GNU Automake symbolic link vulnerability

Date: April 08, 2004
Bugs: #45646
ID: 200404-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges.

GLSA 200404-07: ClamAV RAR Archive Remote Denial Of Service

Gentoo 2529 Published 2004-04-08 05:06 by Philipp Esselbach 0

A ClamAV update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ClamAV RAR Archive Remote Denial Of Service Vulnerability

Date: April 07, 2004

Bugs: #45357
ID: 200404-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

ClamAV is vulnerable to a denial of service attack when processing certain RAR archives.

GLSA 200404-06: Util-linux login may leak sensitive data

Gentoo 2529 Published 2004-04-08 05:02 by Philipp Esselbach 0

An util-linux updated has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Util-linux login may leak sensitive data

Date: April 07, 2004

Bugs: #46422
ID: 200404-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The login program included in util-linux could leak sensitive information under certain conditions.

GLSA 200404-05: ipsec-tools contains an X.509 certificates

Gentoo 2529 Published 2004-04-07 11:40 by Philipp Esselbach 0

An ipsec-tools update for Gentoo Linux has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ipsec-tools contains an X.509 certificates vulnerability.

Date: April 07, 2004

Bugs: #47013
ID: 200404-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates.

GLSA 200404-04: Multiple vulnerabilities in sysstat

Gentoo 2529 Published 2004-04-07 06:16 by Philipp Esselbach 0

A sysstat update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Multiple vulnerabilities in sysstat
Date: April 06, 2004

Bugs: #45159
ID: 200404-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files

GLSA 200404-03: Tcpdump Vulnerabilities in ISAKMP Parsing

Gentoo 2529 Published 2004-04-07 05:52 by Philipp Esselbach 0

A Tcpdump for Gentoo Linux has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Tcpdump Vulnerabilities in ISAKMP Parsing
Date: March 31, 2004

Bugs: #38206, #46258
ID: 200404-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

There are multiple vulnerabilities in tcpdump and libpcap related to parsing of ISAKMP packets.

GLSA 200404-02: KDE Personal Information Management Suite

Gentoo 2529 Published 2004-04-06 16:05 by Philipp Esselbach 0

A KDE Personal Information Management Suite update for Gentoo Linux is available

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: KDE Personal Information Management Suite Remote Buffer
Overflow Vulnerability
Date: April 06, 2004
Bugs: #38256
ID: 200404-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.

GLSA 200404-01: Insecure sandbox temporary lockfile vulnerabilities

Gentoo 2529 Published 2004-04-06 15:58 by Philipp Esselbach 0

A Portage update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~ http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

~ Severity: Normal
~ Title: Insecure sandbox temporary lockfile vulnerabilities in
~ Portage
~ Date: April 04, 2004
~ Bugs: #21923
~ ID: 200404-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system.

Gentoo Linux: Your Friendly Quick Installation Guide

Gentoo 2529 Published 2004-04-04 05:44 by Philipp Esselbach 0

OSNews has published a Gentoo Linux quick installation guide

GLSA 200403-14: Multiple Security Vulnerabilities in Monit

Gentoo 2529 Published 2004-03-31 11:29 by Philipp Esselbach 0

The Gentoo Security team has released another update for Gentoo Linux.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Multiple Security Vulnerabilities in Monit
Date: March 31, 2004
Bugs: #43967
ID: 200403-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A denial of service and a buffer overflow vulnerability have been found in Monit.

GLSA 200403-13: Remote buffer overflow in MPlayer

Gentoo 2529 Published 2004-03-31 08:03 by Philipp Esselbach 0

A MPlayer update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Remote buffer overflow in MPlayer
Date: March 31, 2004
Bugs: #46246
ID: 200403-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MPlayer contains a remotely exploitable buffer overflow in the HTTP parser that may allow attackers to run arbitrary code on a user's computer.

GLSA 200403-12: OpenLDAP DoS Vulnerability

Gentoo 2529 Published 2004-03-31 08:01 by Philipp Esselbach 0

An OpenLDAP updated has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: OpenLDAP DoS Vulnerability
Date: March 31, 2004
Bugs: #26728
ID: 200403-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A failed password operation can cause the OpenLDAP slapd server, if it is using the back-ldbm backend, to free memory that was never allocated.

GLSA 200403-09: Buffer overflow in Midnight Commander

Gentoo 2529 Published 2004-03-31 07:57 by Philipp Esselbach 0

A Midnight Commander update for Gentoo Linux has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Buffer overflow in Midnight Commander
Date: March 29, 2004
Bugs: #45957
ID: 200403-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary code to be run on a user's computer

GLSA 200403-11: Squid ACL [url_regex] bypass vulnerability

Gentoo 2529 Published 2004-03-31 03:53 by Philipp Esselbach 0

An update for Squid is now available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Squid ACL [url_regex] bypass vulnerability
Date: March 30, 2004
Bugs: #45273
ID: 200403-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circumstances; the url_regex ACL may not properly detect the malicious URL, allowing the attacker to effectively bypass the ACL.

GLSA 200403-10: Fetchmail 6.2.5 fixes a remote DoS

Gentoo 2529 Published 2004-03-31 03:51 by Philipp Esselbach 0

A new Fetchmail update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Fetchmail 6.2.5 fixes a remote DoS
Date: March 30, 2004
Bugs: #37717
ID: 200403-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.

GLSA 200403-08: oftpd DoS vulnerability

Gentoo 2529 Published 2004-03-29 10:45 by Philipp Esselbach 0

An oftpd security update for Gentoo Linux has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: oftpd DoS vulnerability
Date: March 29, 2004
Bugs: #45738
ID: 200403-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A remotely-exploitable overflow exists in oftpd, allowing an attacker to crash the oftpd daemon.

GLSA 200403-07: Ethereal

Gentoo 2529 Published 2004-03-29 06:24 by Philipp Esselbach 0

An Ethereal update for Gentoo Linux has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Multiple remote overflows and vulnerabilities in Ethereal
Date: March 28, 2004
Bugs: #45543
ID: 200403-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Mulitple overflows and vulnerabilities exist in Ethereal which may allow an attacker to crash the program or run arbitrary code.