glsa-200804-03.txt
Gentoo Linux Security Advisory GLSA 200804-03 - Two flaws have been discovered in OpenSSH which could allow local attackers to escalate their privileges. Versions less than 4.7_p1-r6 are affected.
Related Files:
Gentoo Linux Security Advisory GLSA 200711-34 - Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 2.0.2-r2 are affected. Homepage: http://security.gentoo.org
Gentoo Linux Security Advisory GLSA 200712-08 - The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28). Versions less than 20071114-r2 are affected. Homepage: http://security.gentoo.org
Tavis Ormandy has discovered a vulnerability in esearch for Gentoo Linux, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the eupdatedb utility creating the temporary file /tmp/esearchdb.py.tmp insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user invoking the utility. Homepage: http://www.gentoo.org/security/en/glsa/glsa-200407-01.xml.
Gentoo Linux Security Advisory GLSA 200509-19 - PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Versions less than 4.4.0-r1 are affected. Related CVE Numbers: CAN-2005-2491,CAN-2005-2498. Homepage: http://security.gentoo.org
Gentoo Linux Security Advisory GLSA 200701-27 - Teemu Salmela discovered an error in the validation code of smb:// URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Versions less than 0.11.2 are affected. Homepage: http://security.gentoo.org
Gentoo Linux Security Advisory GLSA 200510-17 - Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Versions less than 2.2.11 are affected. Related CVE Numbers: CAN-2005-2972. Homepage: http://security.gentoo.org
Gentoo Linux Security Advisory GLSA 200507-06 - TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Versions less than 1.8.5-r1 are affected. Related CVE Numbers: CAN-2005-1921. Homepage: http://security.gentoo.org
Gentoo Linux Security Advisory GLSA 200612-21 - The read_multipart function of the CGI library shipped with Ruby (cgi.rb) does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12. Versions less than 1.8.5_p2 are affected. Homepage: http://security.gentoo.org
Gentoo Linux Security Advisory GLSA 200710-14 - Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Versions less than 2.6-r1 are affected. Related CVE Numbers: CVE-2007-4323. Homepage: http://security.gentoo.org
Gentoo Linux Security Advisory GLSA 200506-06 - Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors. Versions less than 0.5.0 are affected. Related CVE Numbers: CAN-2005-0064. Homepage: http://security.gentoo.org