Linux Compatible - Gentoo (Page 22)

UPDATE: GLSA 200504-23: Kommander: Insecure remote script execution

Gentoo 2529 Published 2005-05-20 09:24 by Philipp Esselbach 0

A Kommander update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200504-23:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Kommander: Insecure remote script execution
Date: April 22, 2005
Updated: May 20, 2005
Bugs: #89092
ID: 200504-23:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

The fixed ebuild proposed in the original version of this Security Advisory did not address all the vulnerabilities.

The updated sections appear below.

GLSA 200505-14: Cheetah: Untrusted module search path

Gentoo 2529 Published 2005-05-19 15:47 by Philipp Esselbach 0

A Cheetah security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Cheetah: Untrusted module search path
Date: May 19, 2005
Bugs: #92926
ID: 200505-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Cheetah contains a vulnerability in the module importing code that can allow a local user to gain escalated privileges.

GLSA 200505-13: FreeRADIUS: Buffer overflow and SQL injection

Gentoo 2529 Published 2005-05-17 14:56 by Philipp Esselbach 0

A FreeRADIUS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: FreeRADIUS: Buffer overflow and SQL injection vulnerability
Date: May 17, 2005
Bugs: #91736
ID: 200505-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The FreeRADIUS server is vulnerable to a buffer overflow and an SQL injection attack, possibly allowing the compromise of the system.

GLSA 200505-12: PostgreSQL: Multiple vulnerabilities

Gentoo 2529 Published 2005-05-15 06:21 by Philipp Esselbach 0

A PostgreSQL security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: PostgreSQL: Multiple vulnerabilities
Date: May 15, 2005
Bugs: #91231
ID: 200505-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

PostgreSQL is vulnerable to Denial of Service attacks and possibly allows unprivileged users to gain administrator rights.

GLSA 200505-10: phpBB: Cross-Site Scripting Vulnerability

Gentoo 2529 Published 2005-05-15 06:07 by Philipp Esselbach 0

A phpBB security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: phpBB: Cross-Site Scripting Vulnerability
Date: May 14, 2005
Bugs: #90213
ID: 200505-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpBB is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution.

GLSA 200505-09: Gaim: Denial of Service and buffer overflow

Gentoo 2529 Published 2005-05-12 03:55 by Philipp Esselbach 0

A gaim security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Gaim: Denial of Service and buffer overflow vulnerabilties
Date: May 12, 2005
Bugs: #91862
ID: 200505-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gaim contains two vulnerabilities, potentially resulting in the execution of arbitrary code or Denial of Service.

GLSA 200505-08: HT Editor: Multiple buffer overflows

Gentoo 2529 Published 2005-05-10 16:15 by Philipp Esselbach 0

A HT Editor security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: HT Editor: Multiple buffer overflows
Date: May 10, 2005
Bugs: #91569
ID: 200505-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two vulnerabilities have been discovered in HT Editor, potentially leading to the execution of arbitrary code.

GLSA 200505-07: libTIFF: Buffer overflow

Gentoo 2529 Published 2005-05-10 16:13 by Philipp Esselbach 0

A libTIFF security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: libTIFF: Buffer overflow
Date: May 10, 2005
Bugs: #91584
ID: 200505-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The libTIFF library is vulnerable to a buffer overflow, potentially resulting in the execution of arbitrary code.

GLSA 200505-06: TCPDump: Decoding routines Denial of Service

Gentoo 2529 Published 2005-05-09 15:47 by Philipp Esselbach 0

A TCPDump security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: TCPDump: Decoding routines Denial of Service vulnerability
Date: May 09, 2005
Bugs: #90541
ID: 200505-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw in the decoding of network packets renders TCPDump vulnerable to a remote Denial of Service attack.

GLSA 200505-05: gzip: Multiple vulnerabilities

Gentoo 2529 Published 2005-05-09 15:43 by Philipp Esselbach 0

A gzip security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: gzip: Multiple vulnerabilities
Date: May 09, 2005
Bugs: #89946, #90626
ID: 200505-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

gzip contains multiple vulnerabilities potentially allowing an attacker to execute arbitrary commands.

GLSA 200505-04: GnuTLS: Denial of Service vulnerability

Gentoo 2529 Published 2005-05-09 05:33 by Philipp Esselbach 0

A GnuTLS security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GnuTLS: Denial of Service vulnerability
Date: May 09, 2005
Bugs: #90726
ID: 200505-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The GnuTLS library is vulnerable to Denial of Service attacks.

GLSA 200505-03: Ethereal: Numerous vulnerabilities

Gentoo 2529 Published 2005-05-06 15:50 by Philipp Esselbach 0

An Ethereal security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Ethereal: Numerous vulnerabilities
Date: May 06, 2005
Bugs: #90539
ID: 200505-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination.

GLSA 200505-02: Oops!: Remote code execution

Gentoo 2529 Published 2005-05-06 04:53 by Philipp Esselbach 0

A Oops! security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Oops!: Remote code execution
Date: May 05, 2005
Bugs: #91303
ID: 200505-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Oops! proxy server contains a remotely exploitable format string vulnerability, which could potentially lead to the execution of arbitrary code.

GLSA 200505-01: Horde Framework: Multiple XSS vulnerabilitity

Gentoo 2529 Published 2005-05-01 12:12 by Philipp Esselbach 0

A Horde Framework security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Horde Framework: Multiple XSS vulnerabilities
Date: May 01, 2005
Bugs: #90365
ID: 200505-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Various modules of the Horde Framework are vulnerable to multiple cross-site scripting (XSS) vulnerabilities.

GLSA 200504-30: phpMyAdmin: Insecure SQL script installation

Gentoo 2529 Published 2005-04-30 17:05 by Philipp Esselbach 0

A phpMyAdmin security update has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: phpMyAdmin: Insecure SQL script installation
Date: April 30, 2005
Bugs: #88831
ID: 200504-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpMyAdmin leaves the SQL install script with insecure permissions, potentially leading to a database compromise.

GLSA 200504-24: eGroupWare: XSS and SQL injection vulnerabity

Gentoo 2529 Published 2005-04-30 11:10 by Philipp Esselbach 0

An eGroupWare security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: eGroupWare: XSS and SQL injection vulnerabilities
Date: April 25, 2005
Bugs: #89517
ID: 200504-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

eGroupWare is affected by several SQL injection and cross-site scripting (XSS) vulnerabilities.

GLSA 200504-29: Pound: Buffer overflow vulnerability

Gentoo 2529 Published 2005-04-30 11:08 by Philipp Esselbach 0

A Pound security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Pound: Buffer overflow vulnerability
Date: April 30, 2005
Bugs: #90851
ID: 200504-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Pound is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code.

GLSA 200504-28: Heimdal: Buffer overflow vulnerabilities

Gentoo 2529 Published 2005-04-28 15:23 by Philipp Esselbach 0

A Heimdal update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Heimdal: Buffer overflow vulnerabilities
Date: April 28, 2005
Bugs: #89861
ID: 200504-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Buffer overflow vulnerabilities have been found in the telnet client in Heimdal which could lead to execution of arbitrary code.

GLSA 200504-26: Convert-UUlib: Buffer overflow

Gentoo 2529 Published 2005-04-26 16:39 by Philipp Esselbach 0

A Convert-UUlib security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Convert-UUlib: Buffer overflow
Date: April 26, 2005
Bugs: #89501
ID: 200504-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow has been reported in Convert-UUlib, potentially resulting in the execution of arbitrary code.

GLSA 200504-25: Rootkit Hunter: Insecure temporary file

Gentoo 2529 Published 2005-04-26 16:34 by Philipp Esselbach 0

A Rootkit Hunter security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Rootkit Hunter: Insecure temporary file creation
Date: April 26, 2005
Bugs: #90007
ID: 200504-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.