GLSA 200504-23: Kommander: Insecure remote script execution

Gentoo 2529 Published by Philipp Esselbach 0

A Kommander security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Kommander: Insecure remote script execution
Date: April 22, 2005
Bugs: #89092
ID: 200504-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Kommander executes remote scripts without confirmation, potentially resulting in the execution of arbitrary code.

GLSA 200504-22: KDE kimgio: PCX handling buffer overflow

Gentoo 2529 Published by Philipp Esselbach 0

A KDE kimgio security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KDE kimgio: PCX handling buffer overflow
Date: April 22, 2005
Bugs: #88862
ID: 200504-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

KDE fails to properly validate input when handling PCX images, potentially resulting in the execution of arbitrary code.

GLSA 200504-21: RealPlayer, Helix Player: Buffer overflow

Gentoo 2529 Published by Philipp Esselbach 0

RealPlayer, Helix Player security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: RealPlayer, Helix Player: Buffer overflow vulnerability
Date: April 22, 2005
Bugs: #89862
ID: 200504-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

RealPlayer and Helix Player are vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

GLSA 200410-10: gettext: Insecure temporary file

Gentoo 2529 Published by Philipp Esselbach 0

A gettext security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200410-10:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: gettext: Insecure temporary file handling
Date: October 10, 2004
Updated: April 21, 2005
Bugs: #66355
ID: 200410-10:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

gettext version 0.14.1 reintroduced an old vulnerability by failing to apply the proper patch.

The updated sections appear below.

GLSA 200504-16: CVS: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

Another CVS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200504-16:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: CVS: Multiple vulnerabilities
Date: April 18, 2005
Updated: April 21, 2005
Bugs: #86476
ID: 200504-16:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

The initial version did not fix several DoS vulnerabilities and one instance of arbitrary code execution. The arbitrary code execution was only possible under very specific circumstances.

The updated sections appear below.

GLSA 200504-20: openMosixview

Gentoo 2529 Published by Philipp Esselbach 0

An openMosixview security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: openMosixview: Insecure temporary file creation
Date: April 21, 2005
Bugs: #86686
ID: 200504-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

openMosixview and the openMosixcollector daemon are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

GLSA 200504-19: MPlayer: Two heap overflow vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A MPlayer security update has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MPlayer: Two heap overflow vulnerabilities
Date: April 20, 2005
Bugs: #89277
ID: 200504-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two vulnerabilities have been found in MPlayer which could lead to the remote execution of arbitrary code.

GLSA 200504-18: Mozilla Firefox, Mozilla Suite

Gentoo 2529 Published by Philipp Esselbach 0

Mozilla security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities
Date: April 19, 2005
Bugs: #89303, #89305
ID: 200504-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

New Mozilla Firefox and Mozilla Suite releases fix new security vulnerabilities, including memory disclosure and various ways of executing JavaScript code with elevated privileges.

GLSA 200504-17: XV: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A XV security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: XV: Multiple vulnerabilities
Date: April 19, 2005
Bugs: #88742
ID: 200504-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple vulnerabilities have been discovered in XV, potentially resulting in the execution of arbitrary code.

GLSA 200504-16: CVS: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A CVS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: CVS: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #86476
ID: 200504-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several serious vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server or cause a DoS.

GLSA 200504-15: PHP: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A PHP security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PHP: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #87517
ID: 200504-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities were found and fixed in PHP image handling functions, potentially resulting in Denial of Service conditions or the remote execution of arbitrary code.

GLSA 200504-14: monkeyd: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A monkeyd security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: monkeyd: Multiple vulnerabilities
Date: April 15, 2005
Bugs: #87916
ID: 200504-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Format string and Denial of Service vulnerabilities have been discovered in the monkeyd HTTP server, potentially resulting in the execution of arbitrary code.

GLSA 200504-13: OpenOffice.Org: DOC document Heap Overflow

Gentoo 2529 Published by Philipp Esselbach 0

An OpenOffice.Org security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: OpenOffice.Org: DOC document Heap Overflow
Date: April 15, 2005
Bugs: #88863
ID: 200504-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

OpenOffice.Org is vulnerable to a heap overflow when processing DOC documents, which could lead to arbitrary code execution.

GLSA 200504-12: rsnapshot: Local privilege escalation

Gentoo 2529 Published by Philipp Esselbach 0

A rsnapshot security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: rsnapshot: Local privilege escalation
Date: April 13, 2005
Bugs: #88681
ID: 200504-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

rsnapshot allow a local user to take ownership of local files, resulting in privilege escalation.

GLSA 200504-11: JunkBuster: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A JunkBuster security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: JunkBuster: Multiple vulnerabilities
Date: April 13, 2005
Bugs: #88537
ID: 200504-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

JunkBuster is vulnerable to a heap corruption vulnerability, and under certain configurations may allow an attacker to modify settings.

GLSA 200504-10: Gld: Remote execution of arbitrary code

Gentoo 2529 Published by Philipp Esselbach 0

A gld security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Gld: Remote execution of arbitrary code
Date: April 13, 2005
Bugs: #88904
ID: 200504-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gld contains several serious vulnerabilities, potentially resulting in the execution of arbitrary code as the root user.

GLSA 200504-09: Axel: Vulnerability in HTTP redirection handling

Gentoo 2529 Published by Philipp Esselbach 0

An Axel security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Axel: Vulnerability in HTTP redirection handling
Date: April 12, 2005
Bugs: #88264
ID: 200504-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow vulnerability has been found in Axel which could lead to the execution of arbitrary code.

GLSA 200504-08: phpMyAdmin: Cross-site scripting

Gentoo 2529 Published by Philipp Esselbach 0

A phpMyAdmin update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: phpMyAdmin: Cross-site scripting vulnerability
Date: April 11, 2005
Bugs: #87952
ID: 200504-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpMyAdmin is vulnerable to a cross-site scripting attack.

UPDATE: GLSA 200503-35: Smarty: Template vulnerability

Gentoo 2529 Published by Philipp Esselbach 0

A Smarty security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200503-35:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Smarty: Template vulnerability
Date: March 30, 2005
Updated: April 09, 2005
Bugs: #86488
ID: 200503-35:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

New ways of bypassing Smarty's "Template security" were found and fixed in Smarty. Users making use of that feature are encouraged to upgrade to version 2.6.9.

The updated sections appear below.

GLSA 200504-07: GnomeVFS, libcdaudio: CDDB response overflow

Gentoo 2529 Published by Philipp Esselbach 0

A GnomeVFS security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GnomeVFS, libcdaudio: CDDB response overflow
Date: April 08, 2005
Bugs: #84936
ID: 200504-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...