Section: .. / 0804-advisories /
| /// File Name: |
glsa-200804-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-03 - Two flaws have been discovered in OpenSSH which could allow local attackers to escalate their privileges. Versions less than 4.7_p1-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3251 | | Related CVE(s): | CVE-2008-1483, CVE-2008-1657 | | Last Modified: | Apr 8 00:48:31 2008 |
| MD5 Checksum: | d4f2e87f1dbc63781bc654d9051bc4eb |
|
| /// File Name: |
glsa-200804-05-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-05:02 - Multiple integer overflow and buffer overflow vulnerabilities have been discovered in the X.Org X server as shipped by NX and NX Node (vulnerabilities 1-4 in GLSA 200801-09). Versions less than 3.1.0-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3169 | | Last Modified: | Apr 8 00:49:05 2008 |
| MD5 Checksum: | 19b40b26bffd8be163d7613f65f67ace |
|
| /// File Name: |
glsa-200804-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-06 - Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using invalid buffers, which can lead to a double free. Versions less than 5.52-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2610 | | Related CVE(s): | CVE-2008-0888 | | Last Modified: | Apr 8 00:49:42 2008 |
| MD5 Checksum: | 058d9faef5946602b8eebe9472251e64 |
|
| /// File Name: |
glsa-200804-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-07 - Daniel Papasian discovered a stack-based buffer overflow in the apc_search_paths() function in the file apc.c when processing long filenames. Versions less than 3.0.16-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2565 | | Related CVE(s): | CVE-2008-1488 | | Last Modified: | Apr 10 10:10:40 2008 |
| MD5 Checksum: | dc1269be607bb75edc00a86f3c893ae5 |
|
| /// File Name: |
glsa-200804-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-08 - Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the nobody user's $HOME is / (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531). Versions less than 1.4.19-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2945 | | Related CVE(s): | CVE-2008-1270, CVE-2008-1531 | | Last Modified: | Apr 10 17:17:25 2008 |
| MD5 Checksum: | 4849c526152349264a79a8774c701b82 |
|
| /// File Name: |
glsa-200804-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-09 - Tavis Ormandy discovered that, when creating temporary files, the 'expn' utility does not check whether the file already exists. Versions less than 6.1.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2985 | | Related CVE(s): | CVE-2008-1078 | | Last Modified: | Apr 10 17:17:41 2008 |
| MD5 Checksum: | 43fcddc54780075286e471f4c82cc4fb |
|
| /// File Name: |
glsa-200804-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-11 - Chris Howells reported that policyd-weight creates and uses the /tmp/.policyd-weight/ directory in an insecure manner. Versions less than 0.1.14.17 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2796 | | Related CVE(s): | CVE-2008-1569 | | Last Modified: | Apr 11 14:58:10 2008 |
| MD5 Checksum: | 5762e629bb6bd67552b174bf0aeb900e |
|
| /// File Name: |
glsa-200804-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-12 - gnome-screensaver incorrectly handles the results of the getpwuid() function in the file src/setuid.c when using directory servers (like NIS) during a network outage, a similar issue to GLSA 200705-14. Versions less than 2.20.0-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2764 | | Related CVE(s): | CVE-2008-0887 | | Last Modified: | Apr 11 14:58:35 2008 |
| MD5 Checksum: | ab6bc79e8b70fbf6f2ad14079d573777 |
|
| /// File Name: |
glsa-200804-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-13 - Multiple vulnerabilities have been found in Asterisk allowing for SQL injection, session hijacking and unauthorized usage. Versions less than 1.2.27 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3318 | | Related CVE(s): | CVE-2007-6170, CVE-2007-6430, CVE-2008-1332 | | Last Modified: | Apr 14 19:00:49 2008 |
| MD5 Checksum: | 8b5069d31ac6bad4492d0e424adcf705 |
|
| /// File Name: |
glsa-200804-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-14 - Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website (CVE-2008-1761) as well as when processing HTML CANVAS elements to use scaled images (CVE-2008-1762). Additionally, an unspecified weakness related to keyboard handling of password inputs has been reported (CVE-2008-1764). Versions less than 9.27 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2884 | | Related CVE(s): | CVE-2008-1761, CVE-2008-1762, CVE-2008-1764 | | Last Modified: | Apr 14 19:01:08 2008 |
| MD5 Checksum: | cdff51a23bd1d6da8785cf4224586c64 |
|
| /// File Name: |
glsa-200804-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-15 - Tavis Ormandy of the Google Security Team discovered that libpng does not handle zero-length unknown chunks in PNG files correctly, which might lead to memory corruption in applications that call png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks(). Versions less than 1.2.26-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2859 | | Related CVE(s): | CVE-2008-1382 | | Last Modified: | Apr 15 13:23:42 2008 |
| MD5 Checksum: | e635114ddc8d6feceebe6b7970ef6481 |
|
| /// File Name: |
glsa-200804-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-16 - Sebastian Krahmer of SUSE reported an integer overflow in the expand_item_list() function in the file util.c which might lead to a heap-based buffer overflow when extended attribute (xattr) support is enabled. Versions less than 2.6.9-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3082 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 17 12:59:36 2008 |
| MD5 Checksum: | 98c38477401727430caa10b51ec9bb66 |
|
| /// File Name: |
glsa-200804-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-17 - oCERT reported that the Speex library does not properly validate the mode value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player applications. Within Gentoo, xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins, vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found to be vulnerable. Versions less than 1.2_beta3_p2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2862 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | Apr 17 12:59:49 2008 |
| MD5 Checksum: | ee288931bf1cd9a812264b858cb2b855 |
|
| /// File Name: |
glsa-200804-18-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-18:02 - Kees Cook from the Ubuntu Security Team reported that the CairoFont::create() function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before dereferencing a function pointer from it. Versions less than 0.6.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2767 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 13:00:06 2008 |
| MD5 Checksum: | 612bdd38fe87f5366161e2398640c274 |
|
| /// File Name: |
glsa-200804-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-19 - Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the tr command, which could convert the -D PHP5 argument in the APACHE2_OPTS setting in the file /etc/conf.d/apache2 to lower case. Versions less than 1.0.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2948 | | Related CVE(s): | CVE-2008-1734 | | Last Modified: | Apr 18 14:14:31 2008 |
| MD5 Checksum: | 33029e9ba6643772603880fb8e1f1e6c |
|
| /// File Name: |
glsa-200804-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-20 - Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). Versions less than 1.6.0.05 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 9092 | | Related CVE(s): | CVE-2007-2435, CVE-2007-2788, CVE-2007-2789, CVE-2007-3655, CVE-2007-5232, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5273, CVE-2007-5274, CVE-2007-5689, CVE-2008-0628, CVE-2008-0657, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196 | | Last Modified: | Apr 18 14:14:48 2008 |
| MD5 Checksum: | 01e6a6b4b0d7ecdd0ebf50e52afe05db |
|
| /// File Name: |
glsa-200804-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-22 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers. Versions less than 3.1.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2541 | | Related CVE(s): | CVE-2008-1637 | | Last Modified: | Apr 18 14:15:35 2008 |
| MD5 Checksum: | d95dde0c7ec1fd6b71cb4a5e6db0d8cf |
|
| /// File Name: |
glsa-200804-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-23 - Thomas Pollet reported a possible integer overflow vulnerability in the PNG image handling in the file filter/image-png.c. Versions less than 1.2.12-r8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2649 | | Related CVE(s): | CVE-2008-1722 | | Last Modified: | Apr 18 20:46:10 2008 |
| MD5 Checksum: | f5a253ce5790652bd643d860e18a7cf8 |
|
| /// File Name: |
glsa-200804-24.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-24 - A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by vugluskr. When passing a zero length password to the module, it tries to bind anonymously to the LDAP server. If the LDAP server allows anonymous binds, this bind succeeds and results in a successful authentication to DBMail. Versions less than 2.2.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2755 | | Related CVE(s): | CVE-2007-6714 | | Last Modified: | Apr 18 20:46:17 2008 |
| MD5 Checksum: | 2edb54c08de10fad088f964f33d07e1a |
|
| /// File Name: |
glsa-200804-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-26 - Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Versions less than 3.5.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2474 | | Related CVE(s): | CVE-2008-1728 | | Last Modified: | Apr 23 12:42:32 2008 |
| MD5 Checksum: | 418e35338a4169d1724c64bfebdbc461 |
|
| /// File Name: |
glsa-200804-27.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 4182 | | Related CVE(s): | CVE-2008-1227, CVE-2008-1429, CVE-2008-1552 | | Last Modified: | Apr 24 16:25:59 2008 |
| MD5 Checksum: | 22e5a4d1c293c8e431da1d01bd9d9ee2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
