Gentoo 2508 Published by

The following updates has been released for Gentoo Linux: [ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities, [ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities, [ GLSA 201201-12 ] Tor: Multiple vulnerabilities, [ GLSA 201201-11 ] Firewall Builder: Privilege escalation, [ GLSA 201201-09 ] FreeType: Multiple vulnerabilities, and [ GLSA 201201-10 ] JasPer: User-assisted execution of arbitrary code



[ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MIT Kerberos 5 Applications: Multiple vulnerabilities
Date: January 23, 2012
Bugs: #374229, #396137
ID: 201201-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MIT Kerberos 5
Applications, the most severe of which may allow execution of arbitrary
code.

Background
==========

A suite of applications that implement the Kerberos 5 network protocol
from MIT.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-crypt/mit-krb5-appl < 1.0.2-r1 >= 1.0.2-r1

Description
===========

Multiple vulnerabilities have been discovered in MIT Kerberos 5
Applications:

* An error in the FTP daemon prevents it from dropping its initial
effective group identifier (CVE-2011-1526).
* A boundary error in the telnet daemon and client could cause a buffer
overflow (CVE-2011-4862).

Impact
======

An unauthenticated remote attacker may be able to execute arbitrary
code with the privileges of the user running the telnet daemon or
client. Furthermore, an authenticated remote attacker may be able to
read or write files owned by the same group as the effective group of
the FTP daemon.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MIT Kerberos 5 Applications users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot -v ">=app-crypt/mit-krb5-appl-1.0.2-r1"

References
==========

[ 1 ] CVE-2011-1526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1526
[ 2 ] CVE-2011-4862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4862

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-14.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: MIT Kerberos 5: Multiple vulnerabilities
Date: January 23, 2012
Bugs: #303723, #308021, #321935, #323525, #339866, #347369,
#352859, #359129, #363507, #387585, #393429
ID: 201201-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MIT Kerberos 5, the most
severe of which may allow remote execution of arbitrary code.

Background
==========

MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-crypt/mit-krb5 < 1.9.2-r1 >= 1.9.2-r1

Description
===========

Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attacker may be able to execute arbitrary code with the
privileges of the administration daemon or the Key Distribution Center
(KDC) daemon, cause a Denial of Service condition, or possibly obtain
sensitive information. Furthermore, a remote attacker may be able to
spoof Kerberos authorization, modify KDC responses, forge user data
messages, forge tokens, forge signatures, impersonate a client, modify
user-visible prompt text, or have other unspecified impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MIT Kerberos 5 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.9.2-r1"

References
==========

[ 1 ] CVE-2009-3295
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3295
[ 2 ] CVE-2009-4212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4212
[ 3 ] CVE-2010-0283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0283
[ 4 ] CVE-2010-0629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0629
[ 5 ] CVE-2010-1320
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1320
[ 6 ] CVE-2010-1321
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1321
[ 7 ] CVE-2010-1322
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1322
[ 8 ] CVE-2010-1323
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1323
[ 9 ] CVE-2010-1324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1324
[ 10 ] CVE-2010-4020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4020
[ 11 ] CVE-2010-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4021
[ 12 ] CVE-2010-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4022
[ 13 ] CVE-2011-0281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0281
[ 14 ] CVE-2011-0282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0282
[ 15 ] CVE-2011-0283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0283
[ 16 ] CVE-2011-0284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0284
[ 17 ] CVE-2011-0285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0285
[ 18 ] CVE-2011-1527
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1527
[ 19 ] CVE-2011-1528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1528
[ 20 ] CVE-2011-1529
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1529
[ 21 ] CVE-2011-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1530
[ 22 ] CVE-2011-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4151

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201201-12 ] Tor: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Tor: Multiple vulnerabilities
Date: January 23, 2012
Bugs: #388769, #394969
ID: 201201-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Tor, the most severe of
which may allow a remote attacker to execute arbitrary code.

Background
==========

Tor is an implementation of second generation Onion Routing, a
connection-oriented anonymizing communication service.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/tor < 0.2.2.35 >= 0.2.2.35

Description
===========

Multiple vulnerabilities have been discovered in Tor:

* When configured as client or bridge, Tor uses the same TLS
certificate chain for all outgoing connections (CVE-2011-2768).
* When configured as a bridge, Tor relays can distinguish incoming
bridge connections from client connections (CVE-2011-2769).
* An error in or/buffers.c could result in a heap-based buffer overflow
(CVE-2011-2778).

Impact
======

A remote attacker could possibly execute arbitrary code or cause a
Denial of Service. Furthermore, a remote relay the user is directly
connected to may be able to disclose anonymous information about that
user or enumerate bridges in the user's connection.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Tor users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.2.35"

References
==========

[ 1 ] CVE-2011-2768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768
[ 2 ] CVE-2011-2769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2769
[ 3 ] CVE-2011-2778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2778

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201201-11 ] Firewall Builder: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Firewall Builder: Privilege escalation
Date: January 23, 2012
Bugs: #235809, #285861
ID: 201201-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Insecure temporary file usage in Firewall Builder could allow attackers
to overwrite arbitrary files.

Background
==========

Firewall Builder is a GUI for easy management of multiple firewall
platforms.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-firewall/fwbuilder < 3.0.7 >= 3.0.7

Description
===========

Two vulnerabilities in Firewall Builder allow the iptables and
fwb_install scripts to use temporary files insecurely.

Impact
======

A local attacker could possibly overwrite arbitrary files with the
privileges of the user running Firewall Builder.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Firewall Builder users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since March 09, 2010. It is likely that your system is
already no longer affected by this issue.

References
==========

[ 1 ] CVE-2008-4956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4956
[ 2 ] CVE-2009-4664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4664

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201201-09 ] FreeType: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: FreeType: Multiple vulnerabilities
Date: January 23, 2012
Bugs: #332701, #342121, #345843, #377143, #387535, #390623
ID: 201201-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in FreeType, allowing remote
attackers to possibly execute arbitrary code or cause a Denial of
Service.

Background
==========

FreeType is a high-quality and portable font engine.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/freetype < 2.4.8 >= 2.4.8

Description
===========

Multiple vulnerabilities have been discovered in FreeType. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could entice a user to open a specially crafted font,
possibly resulting in the remote execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All FreeType users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"

References
==========

[ 1 ] CVE-2010-1797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797
[ 2 ] CVE-2010-2497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497
[ 3 ] CVE-2010-2498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498
[ 4 ] CVE-2010-2499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499
[ 5 ] CVE-2010-2500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500
[ 6 ] CVE-2010-2519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519
[ 7 ] CVE-2010-2520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520
[ 8 ] CVE-2010-2527
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527
[ 9 ] CVE-2010-2541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541
[ 10 ] CVE-2010-2805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805
[ 11 ] CVE-2010-2806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806
[ 12 ] CVE-2010-2807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807
[ 13 ] CVE-2010-2808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808
[ 14 ] CVE-2010-3053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053
[ 15 ] CVE-2010-3054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054
[ 16 ] CVE-2010-3311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311
[ 17 ] CVE-2010-3814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814
[ 18 ] CVE-2010-3855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855
[ 19 ] CVE-2011-0226
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226
[ 20 ] CVE-2011-3256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256
[ 21 ] CVE-2011-3439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201201-10 ] JasPer: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: JasPer: User-assisted execution of arbitrary code
Date: January 23, 2012
Bugs: #394879
ID: 201201-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple memory management errors in JasPer could result in execution
of arbitrary code or a Denial of Service.

Background
==========

The JasPer Project is an open-source initiative to provide a free
software-based reference implementation of the codec specified in the
JPEG-2000 Part-1 (jpeg2k) standard.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/jasper < 1.900.1-r4 >= 1.900.1-r4

Description
===========

Two vulnerabilities have been found in JasPer:

* The jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c contains
an error that could overwrite certain callback pointers, possibly
causing a heap-based buffer overflow (CVE-2011-4516).
* The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c uses an
incorrect data type, possibly causing a heap-based buffer overflow
(CVE-2011-4517).

Impact
======

A remote attacker could entice a user or automated system to process
specially crafted JPEG-2000 files with an application using JasPer,
possibly resulting in the execution of arbitrary code with the
privileges of the application, or a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All JasPer users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r4"

References
==========

[ 1 ] CVE-2011-4516
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4516
[ 2 ] CVE-2011-4517
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4517

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-10.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5