Section: .. / 0507-advisories /
| /// File Name: |
glsa-200507-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-04 - RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Versions less than 10.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3253 | | Related CVE(s): | CAN-2005-1766 | | Last Modified: | Jul 7 10:20:19 2005 |
| MD5 Checksum: | e45232a06ea075709e916ddec19cecb5 |
|
| /// File Name: |
glsa-200507-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-05 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed deflate data stream to overrun a buffer. Versions less than 1.2.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3316 | | Related CVE(s): | CAN-2005-2096 | | Last Modified: | Jul 7 10:21:04 2005 |
| MD5 Checksum: | 69d1f1db4f025b262739ec8591d026e7 |
|
| /// File Name: |
glsa-200507-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-06 - TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Versions less than 1.8.5-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2594 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 7 10:51:43 2005 |
| MD5 Checksum: | eb96b1ef4bc4f78be8de2e692003feea |
|
| /// File Name: |
glsa-200507-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-07 - phpWebSite fails to sanitize input sent to the XML-RPC server using the POST method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Versions less than 0.10.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2762 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 12 16:20:46 2005 |
| MD5 Checksum: | 0d8171b5d6fb0009c95e447adf808ec0 |
|
| /// File Name: |
glsa-200507-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-08 - The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the POST method. Versions less than 0.9.16.006 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3091 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 12 16:27:30 2005 |
| MD5 Checksum: | 0f323fd38a350e39009397d836279631 |
|
| /// File Name: |
glsa-200507-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-09 - A buffer overflow has been discovered in the UnixAppOpenFilePerform() function, which is called when Adobe Acrobat Reader tries to open a file with the \Filespec tag. Versions less than or equal to 5.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2874 | | Related CVE(s): | CAN-2005-1625 | | Last Modified: | Jul 12 16:42:33 2005 |
| MD5 Checksum: | 8e73681c04f3da92848f2808d8b80e06 |
|
| /// File Name: |
glsa-200507-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-11 - Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request (CAN-2005-1174). He also discovered that the same request could lead to a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered that krb5_recvauth() function of MIT Kerberos 5 might try to double-free memory (CAN-2005-1689). Versions less than 1.4.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3458 | | Related CVE(s): | CAN-2005-1174, CAN-2005-1175, CAN-2005-1689 | | Last Modified: | Jul 13 08:52:52 2005 |
| MD5 Checksum: | 052e264a3f340deaae419d4b7e9f62ae |
|
| /// File Name: |
glsa-200507-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-12 - Bugzilla allows any user to modify the flags of any bug (CAN-2005-2173). Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race condition (CAN-2005-2174). Versions less than 2.18.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3040 | | Related CVE(s): | CAN-2005-2173, CAN-2005-2174 | | Last Modified: | Jul 14 08:00:26 2005 |
| MD5 Checksum: | bd222c90ef9d2a19afe2363aba263912 |
|
| /// File Name: |
glsa-200507-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-13 - Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the ssl start_tls ldap.conf setting. Versions less than 239-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3379 | | Related CVE(s): | CAN-2005-2069 | | Last Modified: | Jul 15 07:23:51 2005 |
| MD5 Checksum: | 93f4108556b7a42d38c62c4455cb042f |
|
| /// File Name: |
glsa-200507-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-14 - Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leak. Versions less than 1.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4959 | | Last Modified: | Jul 15 18:25:05 2005 |
| MD5 Checksum: | f55bab1ae1d310e80b691f1654e128c4 |
|
| /// File Name: |
glsa-200507-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-15 - James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an eval() statement. Versions less than 4.4.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3405 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 15 18:27:17 2005 |
| MD5 Checksum: | e5678e67bf38f46776e76ca1cb9e55f6 |
|
| /// File Name: |
glsa-200507-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-16 - infamous42md discovered that dhcpcd can be tricked to read past the end of the supplied DHCP buffer. As a result, this might lead to a crash of the daemon. Versions less than 1.3.22_p4-r11 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2593 | | Related CVE(s): | CAN-2005-1848 | | Last Modified: | Jul 16 11:05:37 2005 |
| MD5 Checksum: | 00382a8448322276046bd8b0bd3e4793 |
|
| /// File Name: |
glsa-200507-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-17 - Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leak. Versions less than 1.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4291 | | Related CVE(s): | CAN-2005-0989 | | Last Modified: | Jul 19 16:26:36 2005 |
| MD5 Checksum: | 0a63346ec652a62550b6b040f406b571 |
|
| /// File Name: |
glsa-200507-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-18 - MediaWiki fails to escape a parameter in the page move template correctly. Versions less than 1.4.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2585 | | Last Modified: | Jul 21 07:57:23 2005 |
| MD5 Checksum: | 64ffb993408d32b9a868c37fd8cf431c |
|
| /// File Name: |
glsa-200507-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-19 - zlib improperly handles invalid data streams which could lead to a buffer overflow. Versions less than 1.2.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3025 | | Related CVE(s): | CAN-2005-1849 | | Last Modified: | Jul 22 09:10:54 2005 |
| MD5 Checksum: | d133450db2b845e69b8e76303789730d |
|
| /// File Name: |
glsa-200507-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-20 - Shorewall fails to enforce security policies if configured with MACLIST_DISPOSITION set to ACCEPT or MACLIST_TTL set to a value greater or equal to 0. Versions less than 2.4.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3258 | | Related CVE(s): | CAN-2005-2317 | | Last Modified: | Jul 22 09:11:13 2005 |
| MD5 Checksum: | 4db84af73320fc582f340f12d1081730 |
|
| /// File Name: |
glsa-200507-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-21 - fetchmail does not properly validate UIDs coming from a POP3 mail server. The UID is placed in a fixed length buffer on the stack, which can be overflown. Versions less than 6.2.5.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2701 | | Related CVE(s): | CAN-2005-2335 | | Last Modified: | Jul 28 07:51:51 2005 |
| MD5 Checksum: | 8dc31d9667f9a16608485901c38ebd87 |
|
| /// File Name: |
glsa-200507-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-22 - The Gentoo Linux Security Audit Team discovered that the sandbox utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use) file creation race conditions. Versions less than 1.2.11 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2355 | | Last Modified: | Jul 28 07:52:12 2005 |
| MD5 Checksum: | d714908c4e980e691f90b3f29352f347 |
|
| /// File Name: |
glsa-200507-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-23 - Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in libgadu. Versions less than 3.4.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3161 | | Related CVE(s): | CAN-2005-1852 | | Last Modified: | Jul 28 07:52:38 2005 |
| MD5 Checksum: | 80d4a5d16ae62b0fcc165725ece0ccd0 |
|
| /// File Name: |
glsa-200507-24.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-24 - Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to information leakage. Versions less than 1.7.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4666 | | Last Modified: | Jul 28 08:27:49 2005 |
| MD5 Checksum: | 16e6b46c85bd8d2cddb3efc3df1322c0 |
|
| /// File Name: |
glsa-200507-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-25 - Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats. Versions less than 0.86.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2808 | | Last Modified: | Jul 28 08:29:14 2005 |
| MD5 Checksum: | 03a476cb27b0196cd4aa907828b438c9 |
|
| /// File Name: |
glsa-200507-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-26 - GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow. Versions less than 2.2.6-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3964 | | Related CVE(s): | CAN-2005-1852 | | Last Modified: | Jul 28 08:37:09 2005 |
| MD5 Checksum: | ab1052b856beb7d0d10837f8a7590396 |
|
| /// File Name: |
glsa-200507-28.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-28 - Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Versions less than 2.2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3119 | | Related CVE(s): | CAN-2005-1849, CAN-2005-2096 | | Last Modified: | Aug 5 07:50:52 2005 |
| MD5 Checksum: | 3f77347d96c2f73b5e43b01a21f6bf23 |
|
| /// File Name: |
glsa-200507-29.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-29 - Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Versions less than 1.8g-r1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2580 | | Last Modified: | Aug 5 07:57:25 2005 |
| MD5 Checksum: | 5cc93bfca53ae8b32a433ef8ca3de8e0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
