|
|
 Up |
|
|
  |
Author: Raphael MarichezRaphael Marichez
Date: Aug 14, 2008 15:50
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Postfix: Local privilege escalation vulnerability
Date: August 14, 2008
Bugs: #232642
ID: 200808-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Postfix incorrectly checks the ownership of a mailbox, allowing, in
certain circumstances, to append data to arbitrary files on a local
system with root privileges.
Background
==========
|
| Show full article (5.97Kb) |
|
| |
no comments
|
|
|
Author: Pierre-Yves RofesPierre-Yves Rofes
Date: Aug 11, 2008 11:50
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: UUDeview: Insecure temporary file creation
Date: August 11, 2008
Bugs: #222275, #224193
ID: 200808-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability in UUDeview may allow local attackers to conduct
symlink attacks.
Background
==========
|
| Show full article (3.29Kb) |
|
| |
no comments
|
|
|
Author: Robert BuchholzRobert Buchholz
Date: Aug 9, 2008 16:00
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Reader: User-assisted execution of arbitrary code
Date: August 09, 2008
Bugs: #233383
ID: 200808-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Adobe Reader is vulnerable to execution of arbitrary code via a crafted
PDF.
Background
==========
Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
reader.
|
| Show full article (3.41Kb) |
|
no comments
|
|
|
Author: Raphael MarichezRaphael Marichez
Date: Aug 8, 2008 10:40
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: OpenLDAP: Denial of Service vulnerability
Date: August 08, 2008
Bugs: #230269
ID: 200808-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A flaw in OpenLDAP allows remote unauthenticated attackers to cause a
Denial of Service.
Background
==========
OpenLDAP Software is an open source implementation of the Lightweight
Directory Access Protocol.
|
| Show full article (3.08Kb) |
|
no comments
|
|
|
Author: Raphael MarichezRaphael Marichez
Date: Aug 8, 2008 10:30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: stunnel: Security bypass
Date: August 08, 2008
Bugs: #222805
ID: 200808-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
stunnel does not properly prevent the authentication of a revoked
certificate which would be published by OCSP.
Background
==========
|
| Show full article (3.23Kb) |
|
no comments
|
|
|
Author: Raphael MarichezRaphael Marichez
Date: Aug 8, 2008 10:20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: ClamAV: Multiple Denials of Service
Date: August 08, 2008
Bugs: #204340, #227351
ID: 200808-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in ClamAV may result in a Denial of Service.
Background
==========
Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
especially for e-mail scanning on mail gateways.
|
| Show full article (3.56Kb) |
|
no comments
|
|
|
Author: Christian HoffmannChristian Hoffmann
Date: Aug 8, 2008 08:40
Heya,
it's August 8th, which is the date of official discontinuation of any
work on php-4 (even security-related) on upstream-side [1] [2].
On gentoo, =dev-lang/php-4* has already been masked for security reasons
since Oct 19th 2007, along with everything which depends on it. Removal
from our tree was initially announced for Jan 1st 2008, but we decided
to postpone it until today to give users even more time to migrate.
That means, I'm going to remove all php-4-related things today:
* dev-php4/ (will be done by infra)
* dev-lang/php/php-4*
Basically: Everything explicitly listed in package.mask because of php-4.
Also, several adjustments to ebuilds, which are still referring to
dev-php4/* names (e.g. because of blocks or "|| ( a b )" deps), will be
made by me today.
If you (or your company) have still not upgraded (you probably should
not run such a setup anyway, at least if it's publicly accessible), you
might be interested in the yet to be created php4 overlay [3], which
will be accessible using layman once it is available.
|
| Show full article (1.62Kb) |
|
no comments
|
|
|
Author: Tobias HeinleinTobias Heinlein
Date: Aug 6, 2008 13:30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ISC DHCP: Denial of Service
Date: August 06, 2008
Bugs: #227135
ID: 200808-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A Denial of Service vulnerability was discovered in ISC DHCP.
Background
==========
ISC DHCP is ISC's reference implementation of all aspects of the
Dynamic Host Configuration Protocol.
|
| Show full article (2.73Kb) |
|
no comments
|
|
|
Author: Tobias HeinleinTobias Heinlein
Date: Aug 6, 2008 13:30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxslt: Execution of arbitrary code
Date: August 06, 2008
Bugs: #232172
ID: 200808-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
libxslt is affected by a heap-based buffer overflow, possibly leading
to the execution of arbitrary code.
Background
==========
libxslt is the XSLT C library developed for the GNOME project. XSLT is
an XML language to define transformations for XML.
|
| Show full article (3.02Kb) |
|
no comments
|
|
|
|
|
|
Author: Robert BuchholzRobert Buchholz
Date: Aug 5, 2008 18:00
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Wireshark: Denial of Service
Date: August 06, 2008
Bugs: #230411, #231587
ID: 200808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple Denial of Service vulnerabilities have been discovered in
Wireshark.
Background
==========
Wireshark is a network protocol analyzer with a graphical front-end.
|
| Show full article (4.07Kb) |
|
no comments
|
|
|
|
|
|
|
