GLSA 200409-12: ImageMagick, imlib, imlib2

Gentoo 2529 Published by Philipp Esselbach 0

ImageMagick, imlib, imlib2 security updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick, imlib, imlib2: BMP decoding buffer overflows
Date: September 08, 2004
Bugs: #62309, #62487
ID: 200409-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

ImageMagick, imlib and imlib2 contain exploitable buffer overflow vulnerabilities in the BMP image processing code.

GLSA 200409-11: star: Suid root vulnerability

Gentoo 2529 Published by Philipp Esselbach 0

A star security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: star: Suid root vulnerability
Date: September 07, 2004
Bugs: #61797
ID: 200409-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

star contains a suid root vulnerability which could potentially grant unauthorized root access to an attacker.

GLSA 200409-10: multi-gnome-terminal: Information leak

Gentoo 2529 Published by Philipp Esselbach 0

A multi-gnome-terminal update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: multi-gnome-terminal: Information leak
Date: September 06, 2004
Bugs: #62322
ID: 200409-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Active keystroke logging in multi-gnome-terminal has been discovered in potentially world-readable files. This could allow any authorized user on the system to read sensitive data, including passwords.

GLSA 200409-09: MIT krb5: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A MIT krb5 security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: MIT krb5: Multiple vulnerabilities
Date: September 06, 2004
Bugs: #62417
ID: 200409-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MIT krb5 contains several double-free vulnerabilities, potentially allowing the execution of arbitrary code, as well as a denial of service vulnerability.

GLSA 200409-08: Ruby: CGI::Session creates files insecurely

Gentoo 2529 Published by Philipp Esselbach 0

A Ruby security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Ruby: CGI::Session creates files insecurely
Date: September 03, 2004
Bugs: #60525
ID: 200409-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

When used for CGI scripting, Ruby creates session files in /tmp with the permissions of the default umask. Depending on that umask, local users may be able to read sensitive data stored in session files.

GLSA 200409-07: xv: Buffer overflows in image handling

Gentoo 2529 Published by Philipp Esselbach 0

An updated xv package has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: xv: Buffer overflows in image handling
Date: September 03, 2004
Bugs: #61619
ID: 200409-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

xv contains multiple exploitable buffer overflows in the image handling code.

UPDATE: GLSA 200408-22: Mozilla, Firefox, Thunderbird

Gentoo 2529 Published by Philipp Esselbach 0

Updated versions of Mozilla, Firefox, Thunderbird, Galeon, and Epiphany are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New
releases fix vulnerabilities
Date: August 23, 2004
Bugs: #57380, #59419
ID: 200408-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

New releases of Mozilla, Epiphany, Galeon, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including remote DoS and buffer overflows.

GLSA 200409-06: eGroupWare: Multiple XSS vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

An eGroupWare security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: eGroupWare: Multiple XSS vulnerabilities
Date: September 02, 2004
Bugs: #61510
ID: 200409-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The eGroupWare software contains multiple cross site scripting vulnerabilities.

GLSA 200409-05: Gallery: Arbitrary command execution

Gentoo 2529 Published by Philipp Esselbach 0

A Gallery security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Gallery: Arbitrary command execution
Date: September 02, 2004
Bugs: #60742
ID: 200409-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The Gallery image upload code contains a temporary file handling vulnerability which could lead to execution of arbitrary commands.

GLSA 200409-04: Squid: Denial of service when using NTLM

Gentoo 2529 Published by Philipp Esselbach 0

A Squid security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Squid: Denial of service when using NTLM authentication
Date: September 02, 2004
Bugs: #61280
ID: 200409-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squid is vulnerable to a denial of service attack which could crash its NTLM helpers.

GLSA 200409-03: Python 2.2: Buffer overflow in getaddrinfo

Gentoo 2529 Published by Philipp Esselbach 0

A Python 2.2 security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Python 2.2: Buffer overflow in getaddrinfo()
Date: September 02, 2004
Bugs: #62440
ID: 200409-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().

GLSA 200409-02: MySQL: Insecure temporary file creation

Gentoo 2529 Published by Philipp Esselbach 0

A MySQL security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Insecure temporary file creation in mysqlhotcopy
Date: September 01, 2004
Bugs: #60744
ID: 200409-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data.

GLSA 200409-01: vpopmail: Multiple vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A vpopmail security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: vpopmail: Multiple vulnerabilities
Date: September 01, 2004
Bugs: #60844
ID: 200409-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.

GLSA 200408-27: Gaim: New vulnerabilities

Gentoo 2529 Published by Philipp Esselbach 0

A Gaim update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Gaim: New vulnerabilities
Date: August 27, 2004
Bugs: #61457
ID: 200408-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Gaim contains several security issues that might allow an attacker to execute arbitrary code or commands.

GLSA 200408-26: zlib: Denial of service vulnerability

Gentoo 2529 Published by Philipp Esselbach 0

A zlib update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: zlib: Denial of service vulnerability
Date: August 27, 2004
Bugs: #61749
ID: 200408-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The zlib library contains a Denial of Service vulnerability.

GLSA 200408-25: MoinMoin: Group ACL bypass

Gentoo 2529 Published by Philipp Esselbach 0

A MoinMoin update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MoinMoin: Group ACL bypass
Date: August 26, 2004
Bugs: #57913
ID: 200408-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.

GLSA 200408-24: Linux Kernel: Multiple information leaks

Gentoo 2529 Published by Philipp Esselbach 0

A kernel update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Linux Kernel: Multiple information leaks
Date: August 25, 2004
Bugs: #59378, #59905, #59769
ID: 200408-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple information leaks have been found in the Linux kernel, allowing an attacker to obtain sensitive data which may be used for further exploitation of the system.

ERRATA: GLSA 200406-14: aspell

Gentoo 2529 Published by Philipp Esselbach 0

An aspell security patch is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: aspell: Buffer overflow in word-list-compress
Date: August 23, 2004
Bugs: #53389
ID: 200406-14:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Errata
=====

The previous security patch intended to fix this vulnerability was apparently incorrect in that it counted the words rather than characters. This revision fixes that. This was brought to our attention by by Ludwig Nussel ludwig.nussel@suse.de

GLSA 200408-22: Mozilla, Firefox, Thunderbird: New releases

Gentoo 2529 Published by Philipp Esselbach 0

Mozilla, Firefox, and Thunderbird updates are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla, Firefox, Thunderbird: New releases fix
vulnerabilities
Date: August 23, 2004
Bugs: #57380, #59419
ID: 200408-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

New releases of Mozilla, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including remote DoS and buffer overflows.

GLSA 200408-21: Cacti: SQL injection vulnerability

Gentoo 2529 Published by Philipp Esselbach 0

A Cacti update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Cacti: SQL injection vulnerability
Date: August 23, 2004
Bugs: #60630
ID: 200408-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

With special configurations of Cacti it is possible to change passwords via a SQL injection attack.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...