Linux Compatible - Gentoo (Page 3)

GLSA 200405-09: ProFTPD

Gentoo 2529 Published 2004-05-19 11:28 by Philipp Esselbach 0

A ProFTPD update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ProFTPD Access Control List bypass vulnerability
Date: May 19, 2004
Bugs: #49496
ID: 200405-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based Access Control Lists (ACLs) to be treated as "AllowAll", thereby allowing remote users full access to files available to the FTP daemon.

GLSA 200405-08: Pound format string vulnerability

Gentoo 2529 Published 2004-05-19 03:47 by Philipp Esselbach 0

A Pound update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Pound format string vulnerability
Date: May 18, 2004
Bugs: #50421
ID: 200405-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There is a format string flaw in Pound, allowing remote execution of arbitrary code with the rights of the Pound process.

GLSA 200405-07: Exim verify=header_syntax buffer overflow

Gentoo 2529 Published 2004-05-15 03:52 by Philipp Esselbach 0

An Exim securty update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Exim verify=header_syntax buffer overflow
Date: May 14, 2004
Bugs: #50217
ID: 200405-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

When the verify=header_syntax option is set, there is a buffer overflow in Exim that allows remote execution of arbitrary code.

GLSA 200405-06: libpng denial of service vulnerability

Gentoo 2529 Published 2004-05-15 03:50 by Philipp Esselbach 0

A libpng security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: libpng denial of service vulnerability
Date: May 14, 2004
Bugs: #49887
ID: 200405-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A bug in the libpng library can be abused to crash programs making use of that library to decode PNG images.

GLSA 200405-05: Utempter symlink vulnerability

Gentoo 2529 Published 2004-05-14 03:08 by Philipp Esselbach 0

An Utempter package has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Utempter symlink vulnerability
Date: May 13, 2004
Bugs: #49536
ID: 200405-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack.

GLSA 200405-04: OpenOffice.org vulnerability when using DAV

Gentoo 2529 Published 2004-05-12 04:46 by Philipp Esselbach 0

An OpenOffice update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: OpenOffice.org vulnerability when using DAV servers
Date: May 11, 2004
Bugs: #47926
ID: 200405-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several format string vulnerabilities are present in the Neon library included in OpenOffice.org, allowing remote execution of arbitrary code when connected to an untrusted WebDAV server.

GLSA 200405-03: ClamAV VirusEvent parameter vulnerability

Gentoo 2529 Published 2004-05-12 04:44 by Philipp Esselbach 0

A ClamAV update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: ClamAV VirusEvent parameter vulnerability
Date: May 11, 2004
Bugs: #46264
ID: 200405-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

With a specific configuration (using %f in the VirusEvent parameter), Clam AntiVirus is vulnerable to an attack allowing execution of arbitrary commands.

GLSA 200405-02: Multiple vulnerabilities in LHa

Gentoo 2529 Published 2004-05-09 14:40 by Philipp Esselbach 0

A LHa update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Multiple vulnerabilities in LHa
Date: May 09, 2004
Bugs: #49961
ID: 200405-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two stack-based buffer overflows and two directory traversal problems have been found in LHa. These vulnerabilities can be used to execute arbitrary code or as a denial of service attack.

GLSA 200405-01: neon

Gentoo 2529 Published 2004-05-09 14:39 by Philipp Esselbach 0

A neon update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Multiple format string vulnerabilities in neon 0.24.4 and
earlier
Date: May 09, 2004
Bugs: #48448
ID: 200405-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code.

GLSA 200404-21: Multiple Vulnerabilities in Samba

Gentoo 2529 Published 2004-04-29 17:10 by Philipp Esselbach 0

A samba update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Multiple Vulnerabilities in Samba
Date: April 29, 2004
Bugs: #41800, #45965
ID: 200404-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There is a bug in smbfs which may allow local users to gain root via a setuid file on a mounted Samba share. Also, there is a tmpfile symlink vulnerability in the smbprint script distributed with Samba.

Gentoo Linux 2004.1

Gentoo 2529 Published 2004-04-28 04:57 by Philipp Esselbach 0

Gentoo Linux 2004.1 has been released

GLSA 200404-20: Multiple vulnerabilities in xine

Gentoo 2529 Published 2004-04-27 04:27 by Philipp Esselbach 0

A Xine update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Multiple vulnerabilities in xine
Date: April 27, 2004
Bugs: #45448, #48107, #48108
ID: 200404-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several vulnerabilities have been found in xine-ui and xine-lib, potentially allowing an attacker to overwrite files with the rights of the user.

Background
=========

xine is a multimedia player allowing to play back CDs, DVDs, and VCDs and decoding multimedia files like AVI, MOV, WMV, and MP3 from local disk drives, and displays multimedia streamed over the Internet. It is available in Gentoo as a reusable library (xine-lib) with a standard user interface (xine-ui).

GLSA 200404-19: LCDproc

Gentoo 2529 Published 2004-04-27 04:25 by Philipp Esselbach 0

A LCDproc update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Buffer overflows and format string vulnerabilities in
LCDproc
Date: April 27, 2004
Bugs: #47340
ID: 200404-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple remote vulnerabilities have been found in the LCDd server, allowing execution of arbitrary code with the rights of the LCDd user.

Background
=========

LCDproc is a program that displays various bits of real-time system information on an LCD. It makes use of a local server (LCDd) to collect information to display on the LCD.

The Future of Gentoo Linux

Gentoo 2529 Published 2004-04-27 04:21 by Philipp Esselbach 0

From Gentoo Technologies:

GLSA 200404-18: Multiple Vulnerabilities in ssmtp

Gentoo 2529 Published 2004-04-27 04:16 by Philipp Esselbach 0

A ssmtp update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Multiple Vulnerabilities in ssmtp
Date: April 26, 2004
Bugs: #47918, #48435
ID: 200404-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There are multiple format string vulnerabilities in the SSMTP package, which may allow an attacker to run arbitrary code with ssmtp's privileges (potentially root).

Background
=========

SSMTP is a very simple mail transfer agent (MTA) that relays mail from the local machine to another SMTP host. It is not designed to function as a full mail server; its sole purpose is to relay mail.

GLSA 200404-17: ipsec-tools and iputils

Gentoo 2529 Published 2004-04-24 04:48 by Philipp Esselbach 0

An ipsec-tools and iputils update for Gentoo Linux has been released

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal

Title: ipsec-tools and iputils contain a remote DoS vulnerability

Date: April 24, 2004
Bugs: #48847
ID: 200404-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

racoon, which is included in the ipsec-tools and iputils packages in Portage, does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resoources, causing a Denial of Service.

GLSA 200404-14: cadaver

Gentoo 2529 Published 2004-04-19 07:38 by Philipp Esselbach 0

A cadaver update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Multiple format string vulnerabilities in cadaver

Date: April 19, 2004
Bugs: #47799
ID: 200404-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There are multiple format string vulnerabilities in the neon library used in cadaver, possibly leading to execution of arbitrary code when connected to a malicious server.

GLSA 200404-15: XChat 2.0.x SOCKS5 Vulnerability

Gentoo 2529 Published 2004-04-19 07:36 by Philipp Esselbach 0

A XChat update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: XChat 2.0.x SOCKS5 Vulnerability

Date: April 19, 2004
Bugs: #46856
ID: 200404-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

XChat is vulnerable to a stack overflow that may allow a remote attacker to run arbitrary code.

GLSA 200404-16: monit

Gentoo 2529 Published 2004-04-19 07:34 by Philipp Esselbach 0

Updated monit packages are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Multiple new security vulnerabilities in monit

Date: April 19, 2004
Bugs: #47631
ID: 200404-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Two new vulnerabilities have been found in the HTTP interface of monit, possibly leading to denial of service or execution of arbitrary code.

GLSA 200404-13: CVS Server and Client Vulnerabilities

Gentoo 2529 Published 2004-04-15 04:00 by Philipp Esselbach 0

A CVS update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: CVS Server and Client Vulnerabilities

Date: April 14, 2004
Bugs: #47800
ID: 200404-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

There are two vulnerabilities in CVS; one in the server and one in the client. These vulnerabilities allow the reading and writing of arbitrary files on both client and server.