UPDATE: GLSA 200503-35: Smarty: Template vulnerability

Gentoo 2531 Published by Philipp Esselbach 0

A Smarty security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200503-35:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Smarty: Template vulnerability
Date: March 30, 2005
Updated: April 09, 2005
Bugs: #86488
ID: 200503-35:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

New ways of bypassing Smarty's "Template security" were found and fixed in Smarty. Users making use of that feature are encouraged to upgrade to version 2.6.9.

The updated sections appear below.

GLSA 200504-07: GnomeVFS, libcdaudio: CDDB response overflow

Gentoo 2531 Published by Philipp Esselbach 0

A GnomeVFS security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GnomeVFS, libcdaudio: CDDB response overflow
Date: April 08, 2005
Bugs: #84936
ID: 200504-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code.

GLSA 200504-06: sharutils: Insecure temporary file creation

Gentoo 2531 Published by Philipp Esselbach 0

A sharutils security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: sharutils: Insecure temporary file creation
Date: April 06, 2005
Bugs: #87939
ID: 200504-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The unshar utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200504-05: Gaim: Denial of Service issues

Gentoo 2531 Published by Philipp Esselbach 0

A Gaim security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Gaim: Denial of Service issues
Date: April 06, 2005
Updated: April 06, 2005
Bugs: #87903
ID: 200504-05:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gaim contains multiple vulnerabilities that can lead to a Denial of Service.

GLSA 200504-04: mit-krb5: Multiple buffer overflows in telnet

Gentoo 2531 Published by Philipp Esselbach 0

A mit-krb5 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mit-krb5: Multiple buffer overflows in telnet client
Date: April 06, 2005
Bugs: #87145
ID: 200504-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The mit-krb5 telnet client is vulnerable to two buffer overflows, which could allow a malicious telnet server operator to execute arbitrary code.

GLSA 200504-03: Dnsmasq: Poisoning and Denial of Service

Gentoo 2531 Published by Philipp Esselbach 0

A Dnsmasq security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Dnsmasq: Poisoning and Denial of Service vulnerabilities
Date: April 04, 2005
Bugs: #86718
ID: 200504-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Dnsmasq is vulnerable to DNS cache poisoning attacks and a potential Denial of Service from the local network.

GLSA 200504-02: Sylpheed, Sylpheed-claws: Buffer overflow

Gentoo 2531 Published by Philipp Esselbach 0

A Sylpheed, Sylpheed-claws security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Sylpheed, Sylpheed-claws: Buffer overflow on message
display
Date: April 02, 2005
Bugs: #86541
ID: 200504-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered when displaying messages with specially crafted attachments.

GLSA 200504-01: telnet-bsd: Multiple buffer overflows

Gentoo 2531 Published by Philipp Esselbach 0

A telnet-bsd security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: telnet-bsd: Multiple buffer overflows
Date: April 01, 2005
Bugs: #87019
ID: 200504-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The telnet-bsd telnet client is vulnerable to two buffer overflows, which could allow a malicious telnet server operator to execute arbitrary code.

GLSA 200503-37: LimeWire: Disclosure of sensitive informati

Gentoo 2531 Published by Philipp Esselbach 0

A LimeWare security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: LimeWire: Disclosure of sensitive information
Date: March 31, 2005
Bugs: #85380
ID: 200503-37

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two vulnerabilities in LimeWire can be exploited to disclose sensitive information.

GLSA 200503-36: netkit-telnetd: Buffer overflow

Gentoo 2531 Published by Philipp Esselbach 0

A netkit-telnetd security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: netkit-telnetd: Buffer overflow
Date: March 31, 2005
Bugs: #87211
ID: 200503-36

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The netkit-telnetd telnet client is vulnerable to a buffer overflow, which could allow a malicious telnet server operator to execute arbitrary code.

GLSA 200503-35: Smarty: Template vulnerability

Gentoo 2531 Published by Philipp Esselbach 0

A Smarty ecurity update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Smarty: Template vulnerability
Date: March 30, 2005
Bugs: #86488
ID: 200503-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Smarty's "Template security" feature can be bypassed, potentially allowing a remote attacker to execute arbitrary PHP code.

GLSA 200503-34: mpg321: Format string vulnerability

Gentoo 2531 Published by Philipp Esselbach 0

A mpg321 security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: mpg321: Format string vulnerability
Date: March 28, 2005
Bugs: #86033
ID: 200503-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw in the processing of ID3 tags in mpg321 could potentially lead to the execution of arbitrary code.

GLSA 200503-33: IPsec-Tools: racoon Denial of Service

Gentoo 2531 Published by Philipp Esselbach 0

An IPsec-Tools security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: IPsec-Tools: racoon Denial of Service
Date: March 25, 2005
Bugs: #84479
ID: 200503-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability.

GLSA 200503-29: GnuPG: OpenPGP protocol attack

Gentoo 2531 Published by Philipp Esselbach 0

A GnuPG security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: GnuPG: OpenPGP protocol attack
Date: March 24, 2005
Bugs: #85547
ID: 200503-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Automated systems using GnuPG may leak plaintext portions of an encrypted message.

GLSA 200503-28: Sun Java: Web Start argument injection

Gentoo 2531 Published by Philipp Esselbach 0

A Sun Java security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Sun Java: Web Start argument injection vulnerability
Date: March 24, 2005
Bugs: #85804
ID: 200503-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Java Web Start JNLP files can be abused to evade sandbox restriction and execute arbitrary code.

GLSA 200503-27: Xzabite dyndnsupdate: Multiple vulnerabilities

Gentoo 2531 Published by Philipp Esselbach 0

A Xzabite dyndnsupdate security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Xzabite dyndnsupdate: Multiple vulnerabilities
Date: March 21, 2005
Bugs: #84659
ID: 200503-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Xzabite's dyndnsupdate software suffers from multiple vulnerabilities, potentially resulting in the remote execution of arbitrary code.

GLSA 200503-26: Sylpheed, Sylpheed-claws

Gentoo 2531 Published by Philipp Esselbach 0

Sylpheed, Sylpheed-claws security update are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Sylpheed, Sylpheed-claws: Message reply overflow
Date: March 20, 2005
Bugs: #84056
ID: 200503-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered when replying to specially crafted messages.

GLSA 200503-24: LTris: Buffer overflow

Gentoo 2531 Published by Philipp Esselbach 0

A LTris security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: LTris: Buffer overflow
Date: March 20, 2005
Bugs: #85770
ID: 200503-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

LTris is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

GLSA 200503-23: rxvt-unicode: Buffer overflow

Gentoo 2531 Published by Philipp Esselbach 0

A rxvt-unicode security update is availalble for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: rxvt-unicode: Buffer overflow
Date: March 20, 2005
Bugs: #84680
ID: 200503-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

rxvt-unicode is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...